Faculty Host: Daniel Jimenez

Abstract:

Despite many advances in compiler research, traditional compilers continue to suffer from one significant limitation: they only recognize the low-level primitive constructs of their languages. In contrast, programmers increasingly benefit from higher level software components, which implement a variety of specialized domains---everything from basic file access to 3D graphics and parallel programming. The result is a marked difference between the level of abstraction in software development and the level of abstraction in compilation.

In this talk I present an overview of Broadway, a new kind of compiler called a library-level compiler, that supports domain-specific compilation by extending the benefits of compiler support to software libraries. The key to our approach is a separate annotation language that conveys domain-specific information about libraries to our compiler, allowing it to perform library-level program analysis and apply library-level optimizations.

Our recent work focuses on using Broadway to detect library-level programming errors, including unsafe and insecure uses of library routines. In this context we use the annotation language to specify safety properties that users of the library interface must satisfy. A significant challenge in checking these properties is the scalability of the underlying program analysis. We address this challenge using our new client-driven pointer analysis algorithm, which automatically adjusts its precision to match the needs of the particular program and error detection problem. We show that our compiler is an effective tool for detecting a range of library-level errors, including several real-world security vulnerabilities.