The Experts below are selected from a list of 4947 Experts worldwide ranked by ideXlab platform
Alex Aiken - One of the best experts on this subject based on the ideXlab platform.
-
static detection of security vulnerabilities in Scripting Languages
USENIX Security Symposium, 2006Co-Authors: Yichen Xie, Alex AikenAbstract:We present a static analysis algorithm for detecting security vulnerabilities in PHP, a popular server-side Scripting language for building web applications. Our analysis employs a novel three-tier architecture to capture information at decreasing levels of granularity at the intrablock, intraprocedural, and interprocedural level. This architecture enables us to handle dynamic features of Scripting Languages that have not been adequately addressed by previous techniques. We demonstrate the effectiveness of our approach on six popular open source PHP code bases, finding 105 previously unknown security vulnerabilities, most of which we believe are remotely exploitable.
David Gregg - One of the best experts on this subject based on the ideXlab platform.
-
dynamic interpretation for dynamic Scripting Languages
Symposium on Code Generation and Optimization, 2010Co-Authors: Kevin Williams, Jason Mccandless, David GreggAbstract:Dynamic Scripting Languages offer programmers increased flexibility by allowing properties of programs to be defined at run-time. Typically, program execution begins with an interpreter where type checks are implemented using conditional statements. Recent JIT compilers have begun removing run-time checks by specializing native code to program properties discovered at JIT time. This paper presents a novel intermediate representation for Scripting Languages that explicitly encodes types of variables. The dynamic representation is a flow graph, where each node is a specialized virtual instruction and each edge directs program flow based on control and type changes in the program. The interpreter thus performs specialized execution of whole programs. We present techniques for the efficient interpretation of our representation showing speed-ups of greater than 2x over static interpretation, with an average speed-up of approximately 1.3x.
-
portable just in time specialization of dynamically typed Scripting Languages
Languages and Compilers for Parallel Computing, 2009Co-Authors: Kevin Williams, Jason Mccandless, David GreggAbstract:In this paper, we present a portable approach to JIT compilation for dynamically typed Scripting Languages. At runtime we generate ANSI C code and use the system's native C compiler to compile this code. The C compiler runs on a separate thread to the interpreter allowing program execution to continue during JIT compilation. Dynamic Languages have variables which may change type at any point in execution. Our interpreter profiles variable types at both whole method and partial method granularity. When a frequently executed region of code is discovered, the compilation thread generates a specialized version of the region based on the profiled types. In this paper, we evaluate the level of instruction specialization achieved by our profiling scheme as well as the overall performance of our JIT.
-
Static analysis of dynamic Scripting Languages
2009Co-Authors: Paul Biggar, David GreggAbstract:Scripting Languages, such as PHP, are among the most widely used and fastest growing programming Languages, particularly for web applications. Static analysis is an important tool for detecting security flaws, finding bugs, and improving compilation of programs. However, static analysis of Scripting Languages is difficult due to features found in Languages such as PHP. These features include run-time code generation, dynamic weak typing, dynamic aliasing, implicit object and array creation, and overloading of simple operators. We find that as a result, simple analysis techniques such as SSA and def-use chains are not straight-forward to use, and that a single unconstrained variable can ruin our analysis. In this paper we describe a static analyser for PHP, and show how classical static analysis techniques can be extended to analyse PHP. In particular our analysis combines alias analysis, type-inference and constantpropagation for PHP, computing results that are essential for other analyses and optimizations. We find that this combination of techniques allows the generation of meaningful and useful results from our static analysis. 1. Motivation In recent years the importance of dynamic Scripting Languages — such as PHP, Python, Ruby and Javascript — has grown as they are used for an increasing amount of software development. Scripting Languages provide high-level language features, a fast compilemodify-test environment for rapid prototyping, strong integration with database and web development systems, and extensive standard libraries. PHP powers many of the most popular web applications such as Facebook, Wikipedia and Yahoo. In general, there is a trend towards writing an increasing amount of an application in a Scripting language rather than in a traditional programming language, not least to avoid the complexity of crossing between
Peter Thiemann - One of the best experts on this subject based on the ideXlab platform.
-
Scripting Languages and Frameworks: Analysis and Verification (Dagstuhl Seminar 14271)
2014Co-Authors: Fritz Henglein, Shriram Krishnamurthi, Ranjit Jhala, Peter ThiemannAbstract:This report documents the program and the outcomes of Dagstuhl Seminar 14271 "Scripting Languages and Frameworks: Analysis and Verification". The seminar brought together a broad spectrum of researchers working on the semantics, analysis and verification of Scripting Languages. In addition to talks describing the latest problems and research on the key issues, split roughly into four overarching themes: semantics, types, analysis, contracts, Languages, and security, the seminar had breakout sessions devoted to crosscutting topics that were of broad interest across the community, including, how to create shared analysis infrastructure, how to think about the semantics of contracts and blame, and the role of soundness in analyzing real world Languages, as well as several "tutorial" sessions explaining various new tools and techniques.
-
recency types for analyzing Scripting Languages
European Conference on Object-Oriented Programming, 2010Co-Authors: Phillip Heidegger, Peter ThiemannAbstract:With the current surge of Scripting technologies, large programs are being built with dynamically typed Languages. As these programs grow in size, semantics-based tools gain importance for detecting programming errors as well as for program understanding.As a basis for such tools, we propose a descriptive type system for an imperative call-by-value lambda calculus with objects. The calculus models essential features of JavaScript, a widely used dynamically-typed language: first-class functions, objects as property maps, and prototypes.Our type system infers precise singleton object types for recently allocated objects. These object types are handled flow-sensitively and change during the objects' initialization phase. The notion of recency provides an automatic criterion to subsume these precise object types to summary object types, which are handled flow-insensitively. The criterion applies on a per-object basis. Thus, the type system identifies a generalized initialization phase for each object during which the change of its value is precisely reflected in the change of its type. Unlike with linear types, summary types may refer to singleton types and vice versa.We prove the soundness of the type system and present a constraintbased inference algorithm. An implementation is available on the web.
Tamiya Onodera - One of the best experts on this subject based on the ideXlab platform.
-
performance comparison of php and jsp as server side Scripting Languages
ACM IFIP USENIX international conference on Middleware, 2008Co-Authors: Scott Trent, Michiaki Tatsubori, Toyotaro Suzumura, Akihiko Tozawa, Tamiya OnoderaAbstract:The dynamic Scripting language PHP has become enormously popular for implementing lightweight web applications, and is widely used as a server-side Scripting language for web servers. To contrast the performance of PHP and JSP for this purpose, we used the SPECweb2005 benchmark, which provides three application scenarios implemented in both PHP and JSP. This paper describes and contrasts the results of SPECweb2005 performance benchmark testing performed on different configurations of PHP and JSP using the popular web servers Apache and Lighttpd. Despite the execution overhead of interpretation in PHP engines observed in micro benchmarks, the experimental result of SPECweb2005 benchmark yields valuable performance data for web server implementers. The efficiency of Scripting language runtimes still matters for the end-to-end performance. However, once carefully architected and tuned, the language runtime is less of a bottleneck than the web server performance itself.
Albert Shaqiri - One of the best experts on this subject based on the ideXlab platform.
-
a provably correct compilation of functional Languages into Scripting Languages
Scientific Annals of Computer Science, 2017Co-Authors: Paola Giannini, Albert ShaqiriAbstract:In this paper we consider the problem of translating core F#, a typed functional language including mutable variables, into Scripting Languages such as JavaScript or Python. In previous work, we abstracted the most significant characteristics of Scripting Languages in an intermediate language (IL for short), which is an imperative language with definition of names (variables and functions) done in blocks and where a definition of a name does not have to statically precede its use. We define a big-step operational semantics for core F# and for IL and formalise the translation of F# expressions into IL. The main contribution of the paper is the proof of correctness of the given translation, which is done by showing that the evaluation of a well-typed F# program converges to a primitive value if and only if the evaluation of its translation into IL converges to the same value. For this proof is crucial the type soundness of core F# which is proved by giving a coinductive formalization of the divergence predicate and proving that well-typed expressions either converge to a value or diverge and so they are never stuck.
-
A Provably Correct Compilation of Functional Languages into Scripting Languages
Alexandru Ioan Cuza University of Iasi, 2017Co-Authors: Paola Giannini, Albert ShaqiriAbstract:In this paper we consider the problem of translating core F#, a typed functional language including mutable variables and exception handling, into Scripting Languages such as JavaScript or Python. In previous work, we abstracted the most significant characteristics of Scripting Languages in an intermediate language (IL for short). IL is a block-structured imperative language in which a definition of a name does not have to statically precede its use. We define a bigstep operational semantics for core F# and for IL and formalise the translation of F# expressions into IL. The main contribution of the paper is the proof of correctness of the given translation, which is done by showing that the evaluation of a well-typed F# program converges to a primitive value if and only if the evaluation of its translation into IL converges to the same value
-
compiling functional to Scripting Languages
International Conference on Software Technologies, 2013Co-Authors: Paola Giannini, Albert ShaqiriAbstract:In this paper we consider the problem of translating a core typed functional language, F#(including mutable variables), into Scripting Languages such as JavaScript or Python. We abstract the most significant characteristics of such Scripting Languages in an intermediate language (IL for short), which is an imperative language, with constructs for handling safely pieces of code containing free variables. We define an operational semantics for IL and highlight the proof of correctness of the translation.
