Programming Languages and Compilers Commons^™

Macruby: User Defined Macro Support For Ruby, Arushi Singh

Master's Projects

Ruby does not have a way to create custom syntax outside what the language already offers. Macros allow custom syntax creation. They achieve this by code generation that transforms a small set of instructions into a larger set of instructions. This gives programmers the opportunity to extend the language based on their own custom needs.

Macros are a form of meta-programming that helps programmers in writing clean and concise code. MacRuby is a hygienic macro system. It works by parsing the Abstract Syntax Tree(AST) and replacing macro references with expanded Ruby code. MacRuby offers an intuitive way to declare macro …

Static Taint Analysis Via Type-Checking In Typescript, Abhijn Chadalawada

Master's Projects

With the widespread use of web applications across the globe, and the ad- vancements in web technologies in recent years, these applications have grown more ubiquitous and sophisticated than ever before. Modern web applications face the constant threat of numerous web security risks given their presence on the internet and the massive influx of data from external sources. This paper presents a novel method for analyzing taint through type-checking and applies it to web applications in the context of preventing online security threats. The taint analysis technique is implemented in TypeScript using its built-in type-checking features, and then integrated into …

Jparsec - A Parser Combinator For Javascript, Sida Zhong

Master's Projects

Parser combinators have been a popular parsing approach in recent years. Compared with traditional parsers, a parser combinator has both readability and maintenance advantages.

This project aims to construct a lightweight parser construct library for Javascript called Jparsec. Based on the modular nature of a parser combinator, the implementation uses higher-order functions. JavaScript provides a friendly and simple way to use higher-order functions, so the main construction method of this project will use JavaScript's lambda functions. In practical applications, a parser combinator is mainly used as a tool, such as parsing JSON files.

In order to verify the utility of …

The Impact Of Programming Language’S Type On Probabilistic Machine Learning Models, Sherif Elsaid

Master's Projects

Software development is an expensive and difficult process. Mistakes can be easily made, and without extensive review process, those mistakes can make it to the production code and may have unintended disastrous consequences.

This is why various automated code review services have arisen in the recent years. From AWS’s CodeGuro and Microsoft’s Code Analysis to more integrated code assistants, like IntelliCode and auto completion tools. All of which are designed to help and assist the developers with their work and help catch overlooked bugs.

Thanks to recent advances in machine learning, these services have grown tremen- dously in sophistication to …

Markdown To Question & Test Interoperability, Su Kim

Master's Projects

As the classroom setting shifted to a virtual one as a result of Covid-19, numerous software are readily available to accommodate for the change, including Canvas, the online course management system. Canvas has a core feature that allows teachers to generate and administer quizzes for students through their interface, but it does not fully utilize the potential with online exams. The first step to exploring this potential is this project, known as Markdown to Question & Test Interoperability (M2QTI). Based on the QTI specifications, this tool lets users to plan and write quizzes in Markdown format. Combined with Canvas’s ability …

Asynchronous Validations Using Programming Contracts In Java, Rahul Shukla

Master's Projects

Design by Contract is a software development methodology based on the idea of having contracts between two software components. Programming contracts are invariants specified as pre-conditions and post-conditions. The client component must ensure that all the pre-conditions are satisfied before calling the server component. The server component must guarantee the post-conditions are met before the call returns to the client component. Current work in Design by Contract in Java focuses on writing shorthand contracts using annotations that are processed serially.

Modern software systems require a lot of business rules validations on complicated domain objects. Often, such validations are in the …

Declassification Of Faceted Values In Javascript, Shreya Gangishetty

Master's Projects

This research addresses the issues with protecting sensitive information at the language level using information flow control mechanisms (IFC). Most of the IFC mechanisms face the challenge of releasing sensitive information in a restricted or limited manner. This research uses faceted values, an IFC mechanism that has shown promising flexibility for downgrading the confidential information in a secure manner, also called declassification.

In this project, we introduce the concept of first-class labels to simplify the declassification of faceted values. To validate the utility of our approach we show how the combination of faceted values and first-class labels can build various …

Pantry: A Macro Library For Python, Derek Pang

Master's Projects

Python lacks a simple way to create custom syntax and constructs that goes outside of its own syntax rules. A paradigm that allows for these possibilities to exist within languages is macros. Macros allow for a shorter set of syntax to expand into a longer set of instructions at compile-time. This gives the capability to evolve the language to fit personal needs.

Pantry, implements a hygienic text-substitution macro system for Python. Pantry achieves this through the introduction of an additional preparsing step that utilizes parsing and lexing of the source code. Pantry proposes a way to simply declare a pattern …

Policy-Agnostic Programming On The Client-Side, Kushal Palesha

Master's Projects

Browser security has become a major concern especially due to web pages becoming more complex. These web applications handle a lot of information, including sensitive data that may be vulnerable to attacks like data exfiltration, cross-site scripting (XSS), etc. Most modern browsers have security mechanisms in place to prevent such attacks but they still fall short in preventing more advanced attacks like evolved variants of data exfiltration. Moreover, there is no standard that is followed to implement security into the browser.

A lot of research has been done in the field of information flow security that could prove to be …

Dynamic Information Flow Analysis In Ruby, Vigneshwari Chandrasekaran

Master's Projects

With the rapid increase in usage of the internet and online applications, there is a huge demand for applications to handle data privacy and integrity. Applications are already complex with business logic; adding the data safety logic would make them more complicated. The more complex the code becomes, the more possibilities it opens for security-critical bugs. To solve this conundrum, we can push this data safety handling feature to the language level rather than the application level. With a secure language, developers can write their application without having to worry about data security.

This project introduces dynamic information flow analysis …

Library For Writing Contracts For Java Programs Using Prolog, Yogesh Dixit

Master's Projects

Today many large and complex software systems are being developed in Java. Although, software always has bugs, it is very important that these developed systems are more reliable despite these bugs.

One way that we can help achieve this is the Design by Contract (DbC) paradigm, which was first introduced by Bertrand Meyer, the creator of Eiffel. The concept of DbC was introduced for software developers so that they can produce more reliable software systems with a little extra cost. Using programming contracts allows developer to specify details such as input conditions and expected output conditions. Doing this makes it …

Implementing Dynamic Coarse & Fine Grained Taint Analysis For Rhino Javascript, Tejas Saoji

Master's Projects

Web application systems today are at great risk from attackers. They use methods like cross-site scripting, SQL injection, and format string attacks to exploit vulnerabilities in an application. Standard techniques like static analysis, code audits seem to be inadequate in successfully combating attacks like these. Both the techniques point out the vulnerabilities before an application is run. However, static analysis may result in a higher rate of false positives, and code audits are time-consuming and costly. Hence, there is a need for reliable detection mechanisms.

Dynamic taint analysis offers an alternate solution — it marks the incoming data from the …

Secure Declassification In Faceted Javascript, Tam Wing

Master's Projects

Information leaks currently represent a major security vulnerability. Malicious code, when injected into a trusted environment and executed in the context of the victim’s privileges, often results in the loss of sensitive information. To address this security issue, this paper focuses on the idea of information flow control using faceted execution [3]. This mechanism allows the interpreter to efficiently keep track of variables across multiple security levels, achieving termination-insensitive non-interference (TINI). With TINI, a program can only leak one bit of data, caused by the termination of a program. One key benefit of having faceted execution is that flow policy …

Taint And Information Flow Analysis Using Sweet.Js Macros, Prakasam Kannan

Master's Projects

JavaScript has been the primary language for application development in browsers and with the advent of JIT compilers, it is increasingly becoming popular on server side development as well. However, JavaScript suffers from vulnerabilities like cross site scripting and malicious advertisement code on the the client side and on the server side from SQL injection.

In this paper, we present a dynamic approach to efficiently track information flow and taint detection to aid in mitigation and prevention of such attacks using JavaScript based hygienic macros. We use Sweet.js and object proxies to override built-in JavaScript operators to track information flow …

Introducing Faceted Exception Handling For Dynamic Information Flow, Sri Tej Narala

Master's Projects

JavaScript is most commonly used as a part of web browsers, especially client- side scripts interacting with the user. JavaScript is also the source of many security problems, which includes cross-site scripting attacks. The primary challenge is that code from untrusted sources run with full privileges on the client side, thus lead- ing to security breaches. This paper develops information flow controls with proper exception handling to prevent violations of data confidentiality and integrity.

Faceted values are a mechanism to handle dynamic information flow security in a way that overcomes the limitations caused by dynamic execution, but previous work has …

Adding Syntax Parameters To The Sweet.Js Macro Library For Javascript, Vimal Kumar

Master's Projects

Lisp and Scheme have demonstrated the power of macros to enable programmers to evolve and craft languages. A macro is a rule or pattern that specifies how a certain input sequence should be mapped to an output sequence according to some defined procedure. Using a macro system a programmer can introduce new syntactic elements to the programming language. Macros found in a program are expanded by a macro expander and allow a programmer to enable code reuse. Mozilla Sweet.JS provides a way for developers to enrich their JavaScript code by adding new syntax to the language through the use of …

Operational Semantics For Featherweight Lua, Hanshu Lin

Master's Projects

Lua is a small, embedded language to provide scripting in other languages. De- spite a clean, minimal syntax, it is still too complex for formal reasoning because of some syntactic sugar or specific syntax structures in Lua.

This thesis develops Featherweight Lua (FWLua), following the tradition of lan- guages like Featherweight Java[1] and Featherweight JavaScript[2]. The goal is to develop a core of language features that, while remaining simple enough for formal reasoning, also remain faithful to the central characteristics of the language. Specifi- cally for Lua, the core features that are essential for our modeling include:

∙ First-class functions …

Model-Controller Interfacing Using Struts-Based Web Application, Deepti Bhardwaj

Master's Projects

StrutsHib IDE is an IDE for interfacing the model and controller of a MVC architecture based applications. It is developed using Java-based technologies such as the Struts framework, Hibernate and jQuery. The StrutsHib IDE is a web application. This project implements the part of StrutsHib IDE that makes it easy to create model and controller components. Moreover, it automates the process of database creation for web applications which means the user does not have to be a database expert when dealing with databases. Finally, StrutsHib IDE takes all the advantages of a web-based application and provides lot of flexibility to …

Decompiler For Pseudo Code Generation, Ankit Patel

Master's Projects

Decompiling is an area of interest for researchers in the field of software reverse engineering. When the source code from a high-level programming language is compiled, it loses a great deal of information, including code structure, syntax, and punctuation.
The purpose of this research is to develop an algorithm that can efficiently decompile assembly language into pseudo C code. There are tools available that claim to extract high-level code from an executable file, but the results of these tools tend to be inaccurate and unreadable.
Our proposed algorithm can decompile assembly code to recover many basic high-level programming structures, including …

An Executable Packer, Neel Bavishi

Master's Projects

This thesis addresses the topic of development and advancement of the Packer technology. It aims to prove that with the implementation of advanced code encryption and cryptographic techniques in conjunction with standard packing
methods, testing binaries with anti-virus will become increasingly difficult.
Study on this topic reveals that the idea of encoding data has already been established, but it is still not fully incorporated into a technique to pack an executable file. There are some noticeable defects as un-packer tools have also made a great advancement in the field of dynamic analysis. The addition of new capability to recognize emulation …

Jshield: A Java Anti-Reversing Tool, Deepti Kundu

Master's Projects

Java is a platform independent language. Java programs can be executed on any machine, irrespective of its hardware or the operating system, as long as a Java virtual machine for that platform is available. A Java compiler converts the source code into „bytecode‟ instead of native binary machine code. This bytecode contains a lot of information from and about the source code, which makes it easy to decompile, and hence, vulnerable to „reverse engineering attacks‟. In addition to the obvious security implications, businesses and the wider software engineering community also risk widespread IP theft - proprietary algorithms, for example, that …

Automatic Execution Path Finding Tool, Fan Yang

Master's Projects

Today, there are many hackers trying to break software using reverse engineering tech- niques. To better protect software, we need to understand reverse engineering methods. This project presents a tool that automatically analyzes executable code in a manner simi- lar to the way an attack might analyze code.

Using reverse engineering techniques, executables can be disassembled to yield an as- sembly code representation of the program. Assembly code is much more human reada- ble than binary code. With assembly code, an attacker can attempt to modify the program to do something other than what was intended by the developer.

The …