How Compiler Construction Remains Relevant (part 3)
Previously, in part 2, I arrived at the conclusion that the compilers class should focus on the design patterns and software engineering involved in constructing a compiler. I believe that our students would benefit more if the compiler is treated…
How Compiler Construction Remains Relevant (part 2)
At the end of part 1, I said that we, as educators, should “consider requiring a software engineering class that gives students practice with larger code bases, before allowing enrollment in compilers.” I’d now like to rescind that suggest in…
How Compiler Construction Remains Relevant (part 1)
Many students struggle with the compiler construction class here at UCI. I’d like to change that. Let me first lay down some groundwork, by giving some observations that I’ve made about the general lack of software engineering skills. Our students…
Higher-Order Functions in Java
This Summer I’ve been teaching Intro to Computer Languages. It’s a really awesome class, with alot of good material in it. Last week, my students got back the results of their midterms, and were disappointed in their scores. Immediately, I…
A language should be focused on writing Internal DSLs
I’ve been reading Martin Fowler’s book, Domain-Specific Languages, this weekend. He covered a number of ways in which you can structure your code to achieve what he terms an Internal DSL. Quite a bit is focused on the discussion of…
Considerations of Programming Language Design
Reddit modded up a nice review of Considerations When Designing your Own Programming/Scripting Language (it’s worth following the links provided there to Clementson’s Blog, to get a larger picture of the issue). There’s really a ton of stuff to think…
Comparison between Object Capabilities and Information Flow
Augmenting the Capability Model with Information Flows I’ve already convinced myself that labels are best implemented as tags on primitive values and references. In JavaScript, it is sometimes useful to view an object as a heterogeneous hash table, mapping field…
Approaches to JavaScript Security
This is, as best as I can give right now, an exhaustive enumeration of all the different approaches to JavaScript security. Source Translation. Does a source-to-source translation of JS into a secure subset. The technique is used to jail an…
Security Typing for JavaScript
Devil in the details. I’d like to repeat an example (given my Mark Miller in his work on E), of two different ways to copy a file, and the security implications of each. First, shell$ cp foo.txt bar.txt This command…
The Wrapper Conundrum
In my information flow research, we have the objective of attaching a security label to every object/value within the running system of a JavaScript VM. Two approaches are immediately evident: Fat Values. We can extend the native encoding of values…