SHF: Small: Practical Dynamic Program Reasoning Across Language Boundaries

SHF：小：跨语言边界的实用动态程序推理

• 批准号: 2146233
• 负责人: Haipeng Cai
• 金额: $ 48.58万
• 依托单位: Washington State University
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2022
• 资助国家: 美国
• 起止时间: 2022-06-01 至 2025-05-31
• 项目状态: 未结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=2146233&HistoricalAwards=false
• 关键词: SHF; Small; Practical; Dynamic; Program

Given the different and complementary strengths of various programming languages, it is well justified to combine multiple languages in developing a software system, which has become a norm in today's software practice. In fact, the vast majority (over 80%) of modern software systems are multi-language software. Meanwhile, software failures are known to be costly, and a common methodology for preventing these failures and reducing the cost is to reason about run-time behaviors of software (i.e., dynamic program reasoning). However, extant software-quality assurance support based on dynamic program reasoning still focuses on, and is limited to, software developed in single languages, largely dismissing what happens at and across language boundaries. As a result, cross-language behaviors are left unattended and holistic quality assurance of multi-language systems is critically lacking. This project aims to advance the state of knowledge about software-quality assurance by enabling practical dynamic program reasoning across language boundaries. The research will result in a new foundation of dynamic analysis and a series of application tools to diagnose cross-language correctness and security issues, which will help produce multi-language systems of improved quality. Moreover, this project will have an industrial impact realized through collaborations with and result disseminations via industrial partners, and will broaden the participation in computing of underrepresented minorities. The technical aims of the project are divided into three thrusts. First, multi-language code-construction mechanisms and their effects on the resulting software’s behavior and quality will be characterized. This will produce new knowledge about how modern multi-language software is constructed in terms of language selection and interoperation. Then, in the second thrust, practically scalable and cost-effective analyses for holistic cross-language dependence reasoning will be developed, as informed by the knowledge and insights gained from the characterization study. The key principle is to model and reason about cross-language code dependencies in a way that not only overcomes semantics disparities caused by language heterogeneity but also readily accommodates new/additional languages. The third thrust will build on the cross-language dependence reasoning to develop practically efficient and precise cross-language information flow reasoning, which will then provide immediate support for diagnosing program faults regarding functionality bugs and security vulnerabilities across language boundaries. This project will validate the generated new knowledge and techniques through extensive evaluation against real-world, complex multi-language systems in terms of scalability, cost-effectiveness, and capabilities in practical applications.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

鉴于各种编程语言的不同且互补的优势，在开发软件系统时结合多种语言是完全合理的，这已成为当今软件实践中的常态，事实上，绝大多数（超过80％）都是如此。同时，软件系统是多语言软件，众所周知，软件故障的成本很高，防止这些故障并降低成本的常见方法是对软件的运行时行为进行推理（即动态程序推理）。现有软件-基于动态的质量保证支持程序推理仍然关注并仅限于以单一语言开发的软件，很大程度上忽略了跨语言边界发生的情况，因此，跨语言行为无人关注，并且严重缺乏多语言系统的整体质量保证。该项目旨在通过跨语言边界的实用动态程序推理来提高软件质量保证的知识水平。该研究将为动态分析奠定新的基础，并提供一系列用于诊断跨语言正确性和安全性的应用工具。问题，这将有助于产生质量更高的多语言系统。此外，该项目将通过与工业合作伙伴的合作和成果传播来实现工业影响，并将扩大代表性不足的少数群体对计算的参与。该项目的技术目标分为三个重点：第一，多语言代码。构建机制及其对最终软件的行为和质量的影响将被描述，这将产生关于如何在语言选择和互操作方面构建现代多语言软件的新知识。有效的整体分析根据从表征研究中获得的知识和见解，将开发跨语言依赖推理，关键原则是对跨语言代码依赖关系进行建模和推理，不仅克服语言异质性引起的语义差异，而且能够克服这种差异。第三个重点将建立在跨语言依赖推理的基础上，以开发实用有效且精确的跨语言信息流推理，从而为诊断有关功能错误和安全性的程序故障提供即时支持。该项目将通过对现实世界中复杂的多语言系统在可扩展性、成本效益和实际应用功能方面的广泛评估来验证所生成的新知识和技术。该奖项反映了 NSF 的法定使命和通过使用基金会的智力优点和更广泛的影响审查标准进行评估，该项目被认为值得支持。

项目成果

PolyFax: a toolkit for characterizing multi-language software

PolyFax：用于表征多语言软件的工具包

• DOI: 10.1145/3540250.3558925
• 发表时间: 2022
• 期刊: Proceedings of the 30th ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering
• 作者: Li, Wen;Li, Li;Cai, Haipeng
• 通讯作者: Cai, Haipeng

Language-agnostic dynamic analysis of multilingual code: promises, pitfalls, and prospects

与语言无关的多语言代码动态分析：承诺、陷阱和前景

• DOI: 10.1145/3540250.3560880
• 发表时间: 2022
• 期刊: Proceedings of the 30th ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering
• 作者: Yang, Haoran;Li, Wen;Cai, Haipeng
• 通讯作者: Cai, Haipeng

PolyCruise: A Cross-Language Dynamic Information Flow Analysis

PolyCruise：跨语言动态信息流分析

• 发表时间: 2022
• 期刊: Proceedings of the 31st USENIX Security Symposium
• 作者: Wen Li, Jiang Ming

Understanding Language Selection in Multi-language Software Projects on GitHub

了解 GitHub 上多语言软件项目中的语言选择

• DOI: 10.1109/icse-companion52605.2021.00119
• 发表时间: 2021
• 期刊: IEEE/ACM 43rd International Conference on Software Engineering: Companion Proceedings (ICSE-Companion
• 作者: Li, Wen;Meng, Na;Li, Li;Cai, Haipeng
• 通讯作者: Cai, Haipeng

On the vulnerability proneness of multilingual code

多语言代码的漏洞倾向

• DOI: 10.1145/3540250.3549173
• 发表时间: 2022
• 期刊: Proceedings of the 30th ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering
• 作者: Li, Wen;Li, Li;Cai, Haipeng
• 通讯作者: Cai, Haipeng