My research is at the boundary of Programming Languages and Software Engineering, with particular focus on tools for improving software quality and programmer productivity. Below is an overview of some current projects.
Modern software needs to accommodate asynchrony in situations such as web-based user-interfaces, communicating with servers
through HTTP requests, and non-blocking I/O. Event-based programming is the most popular approach for managing asynchrony,
but is highly error-prone due to problems such as event races, inadequate support for error handling, and unintuitive, deeply
nested control flow ("callback hell"). Other mechanisms for managing asynchrony such as promises/futures pose their own set of
challenges to programmers. We are developing static and dynamic program analysis techniques that are capable
of reasoning precisely about asynchrony, and tools that assist programmers with detecting and
repairing errors in asynchronous applications.
More info:
[OOPSLA15],
[ICSE16],
[OOPSLA17a],
[OOPSLA17b],
[OOPSLA18a],
[ECOOP21],
[OOPSLA21]
Previous dynamic taint analysis tools for JavaScript are implemented directly in a browser or JavaScript engine,
limiting their applicability to a single platform and requiring ongoing maintenance as platforms evolve,
or they require nontrivial program transformations. We developed an approach that relies on instrumentation
to encode taint propagation as instructions for an abstract machine. Our approach has two key advantages: it is
platform-independent and can be used with any existing JavaScript engine, and it can track taint on primitive
values without requiring the introduction of wrapper objects. We implemented the technique for the ECMAScript 5
language in a tool called Ichnaea, on top of the Jalangi 2
instrumentation framework. Ichnaea was evaluated on 22 NPM modules containing several types of injection vulnerabilities,
including 4 modules containing vulnerabilities that were not previously discovered and reported.
On these modules, run-time overheads range from 3.17x to 38.42x.
We recently released Augur, a clean-room reimplementation of the technique that was developed
at Northeastern University, on top of
NodeProf, an efficient instrumentation and profiling framework
for Graal. Using this infrastructure, we are currently
exploring several applications of dynamic taint analysis.
More info:
[IEEE TSE 2018],
[Augur open-source release]
Applications that rely on third-party libraries often include significant amounts of code that they do not use. This is undesirable because
security vulnerabilities may exist in included modules. There has been a long history of research on feature reduction based on static program
analysis, in which call graph construction and pointer analysis are used to identify functions that are unreachable from a program's main routine
so that they can be removed prior to deployment. Unfortunately, modern software has several characteristics that render such static analysis ineffective
including dynamic features such as "eval", native functions for which the code is unavailable for analysis, and event-driven control flow
and other mechanisms for asynchrony that cannot be analyzed precisely using current techniques.
We are interested in developing techniques that use a combination of static and dynamic analysis to remove features that are definitely unused,
and replace features that are likely to be unused with stubs that load and execute such code dynamically, subject to additional security checks as needed.
More info:
[OOPSLA00],
[ACM TOPLAS02],
[SAS15],
[ACM TOSEM15]
My group is currently working on several projects that focus on the development of tools
for assisting JavaScript programmers with various development tasks. This includes work
on refactorings for "upgrading" JavaScript applications to use recently introduced features
such as async/await and ECMAScript modules. We are also working on feedback-directed
test generation for JavaScript programs that use higher-order functions, including
callbacks that are invoked asynchronously, and we are developing a profiling tool for detecting
performance bottlenecks in asynchronous applications.
More info:
[OOPSLA11],
[OOPSLA18b],
[ECOOP21],
[OOPSLA21]