Abstract:

Source code combines two channels: a formal, algorithmic language (AL) channel and a natural language (NL) channel of identifiers and comments. To date, most work has focused exclusively on one of these two channels. This is a missed opportunity because the two channels interact: the NL channel often explains, imposes assumptions on, or summarizes the AL channel, while semantic facts in the AL likewise constrain interpretations of the NL channel. Thus, information in one channel can be used to improve analyses of the other channel. In the absence of explicit security annotations, identifier names can implicitly identify secrets. As an extremal example, consider an identifier named “secret”; printing it to the console at least merits investigation. Here, we have a discrepancy between a name in the NL channel and its use in the AL channel. Dual channel analysis finds such discrepancies. To do so, dual channel analysis must overcome two challenges: find cross-channel synchronisation points and handle noise in the form of ambiguity in the NL channel and imprecision due to modelling the AL channel. Thus, dual channel analysis is a natural fit for machine learning. I will present two dual channel analyses: RefiNym, which refines imprecise program types, and DeepTyper, which suggests type annotations for projects migrating from JavaScript to TypeScript.

Bio: Earl Barr is a senior lecturer (associate professor) at the University College London. He received his Ph.D. at UC Davis in 2009. Earl's research interests include dual channel program analysis, testing and analysis, game theory, and computer security. His recent work focuses on automated software transplantation, applying game theory to software process, and using machine learning to solve programming problems. Earl dodges vans and taxis on his bike commute in London.