Modern web applications are built atop the integration of programs written in diverse programming languages and distributed by multiple parties. While such a development model provides maximum modularity and flexibility, it raises unique challenges to traditional software-engineering principles. When web applications fail to behave as intended, developers often need to analyze code components written in various languages independently due to the lack of cross-language analysis support. Dynamically including source code from multiple parties makes it challenging to identify the root causes of errors because developers do not have access to third-party internals. Diverse languages and the use of third parties create technical boundaries that prevent web developers from obtaining a comprehensive understanding of the heterogeneous code on the client side. This project addresses the challenges of the technical boundaries existing in complex web applications and the creation of a scientific foundation for understanding, analyzing, and debugging web applications involving diverse languages and multiple parties. The project will support web-application reliability, increase web development productivity, and provide critical assurance for web users by shielding them from common web issues.
The project plans to build a policy-specification language that enables web developers to compose specification policies to regulate many aspects of their code execution, such as enforcing control flow of critical events, securing web pages in the presence of unknown third-party services, and ensuring user experience. Based on these policies, novel program analyses and runtime techniques will be developed to expose possible violations (for problem identification) and automatic policy enforcement (for problem fixing), respectively. The policy specification and enforcement will provide assurance for web developers and enable them to control the code executed on their websites, which is lacking with current technologies. Approaches that support a cross-language analysis will be developed to handle interactions between diverse programming languages, including WebAssembly and JavaScript. Together, these activities will deepen the scientific understanding of the technical boundaries in complex web applications and create new program-analysis techniques to support more efficient web development.
This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.
