My research is at the boundary of Programming Languages and Software Engineering, with particular focus on tools for improving software quality and programmer productivity. Below is an overview of some current projects.

Program Analysis for Asynchronous Software

Modern software needs to accommodate asynchrony in situations such as web-based user-interfaces, communicating with servers through HTTP requests, and non-blocking I/O. Event-based programming is the most popular approach for managing asynchrony, but is highly error-prone due to problems such as event races, inadequate support for error handling, and unintuitive, deeply nested control flow ("callback hell"). Other mechanisms for managing asynchrony such as promises/futures pose their own set of challenges to programmers. We are developing static and dynamic program analysis techniques that are capable of reasoning precisely about asynchrony, and tools that assist programmers with detecting and repairing errors in asynchronous applications.

More info: [OOPSLA15], [ICSE16], [OOPSLA17a], [OOPSLA17b], [OOPSLA18a], [ECOOP21], [OOPSLA21]

Dynamic Taint Analysis for JavaScript

Previous dynamic taint analysis tools for JavaScript are implemented directly in a browser or JavaScript engine, limiting their applicability to a single platform and requiring ongoing maintenance as platforms evolve, or they require nontrivial program transformations. We developed an approach that relies on instrumentation to encode taint propagation as instructions for an abstract machine. Our approach has two key advantages: it is platform-independent and can be used with any existing JavaScript engine, and it can track taint on primitive values without requiring the introduction of wrapper objects. We implemented the technique for the ECMAScript 5 language in a tool called Ichnaea, on top of the Jalangi 2 instrumentation framework. Ichnaea was evaluated on 22 NPM modules containing several types of injection vulnerabilities, including 4 modules containing vulnerabilities that were not previously discovered and reported. On these modules, run-time overheads range from 3.17x to 38.42x. We recently released Augur, a clean-room reimplementation of the technique that was developed at Northeastern University, on top of NodeProf, an efficient instrumentation and profiling framework for Graal. Using this infrastructure, we are currently exploring several applications of dynamic taint analysis.

More info: [IEEE TSE 2018], [Augur open-source release]

Feature Reduction for Dynamic Software

Applications that rely on third-party libraries often include significant amounts of code that they do not use. This is undesirable because security vulnerabilities may exist in included modules. There has been a long history of research on feature reduction based on static program analysis, in which call graph construction and pointer analysis are used to identify functions that are unreachable from a program's main routine so that they can be removed prior to deployment. Unfortunately, modern software has several characteristics that render such static analysis ineffective including dynamic features such as "eval", native functions for which the code is unavailable for analysis, and event-driven control flow and other mechanisms for asynchrony that cannot be analyzed precisely using current techniques. We are interested in developing techniques that use a combination of static and dynamic analysis to remove features that are definitely unused, and replace features that are likely to be unused with stubs that load and execute such code dynamically, subject to additional security checks as needed.

More info: [OOPSLA00], [ACM TOPLAS02], [SAS15], [ACM TOSEM15]

Refactoring, Testing, and Profiling JavaScript Applications

My group is currently working on several projects that focus on the development of tools for assisting JavaScript programmers with various development tasks. This includes work on refactorings for "upgrading" JavaScript applications to use recently introduced features such as async/await and ECMAScript modules. We are also working on feedback-directed test generation for JavaScript programs that use higher-order functions, including callbacks that are invoked asynchronously, and we are developing a profiling tool for detecting performance bottlenecks in asynchronous applications.

More info: [OOPSLA11], [OOPSLA18b], [ECOOP21], [OOPSLA21]