BURRITO: Wrapping Your Lab Notebook in Computational Infrastructure

Researchers in fields such as bioinformatics, CS, finance, and applied math have trouble managing the numerous code and data files generated by their computational experiments, comparing the results of trials executed with different parameters, and keeping up-to-date notes on what they learned from past successes and failures. We created a Linux-based system called BURRITO that automates aspects of this tedious experiment organization and notetaking process, thus freeing researchers to focus on more substantive work. BURRITO automatically captures a researcher's computational activities and provides user interfaces to annotate the captured provenance with notes and then make queries such as, "Which script versions and command-line parameters generated the output graph that this note refers to?"Engineering and Applied Science

A Direct Manipulation Language for Explaining Algorithms

Instructors typically explain algorithms in computer science by tracing their behavior, often on blackboards, sometimes with algorithm visualizations. Using blackboards can be tedious because they do not facilitate manipulation of the drawing, while visualizations often operate at the wrong level of abstraction or must be laboriously hand-coded for each algorithm. In response, we present a direct manipulation (DM) language for explaining algorithms by manipulating visualized data structures. The language maps DM gestures onto primitive program behaviors that occur in commonly taught algorithms. We performed an initial evaluation of the DM language on teaching assistants of an undergraduate algorithms class, who found the language easier to use and more helpful for explaining algorithms than a standard drawing application (GIMP)

Tight Kernel Bounds for Problems on Graphs with Small Degeneracy

In this paper we consider kernelization for problems on d-degenerate graphs, i.e. graphs such that any subgraph contains a vertex of degree at most $d$. This graph class generalizes many classes of graphs for which effective kernelization is known to exist, e.g. planar graphs, H-minor free graphs, and H-topological-minor free graphs. We show that for several natural problems on d-degenerate graphs the best known kernelization upper bounds are essentially tight.Comment: Full version of ESA 201

Modeling programming knowledge for mentoring at scale

In large programming classes, MOOCs or online communities, it is challenging to find peers and mentors to help with learning specific programming concepts. In this paper we present first steps towards an automated, scalable system for matching learners with Python programmers who have expertise in different areas. The learner matching system builds a knowledge model for each programmer by analyzing their authored code and extracting features that capture domain knowledge and style. We demonstrate the feasibility of a simple model that counts the references to modules from the standard library and Python Package Index in a programmers' code. We also show that programmers exhibit self-selection using which we can extract the modules a programmer is best at, even though we may not have all of their code. In our future work we aim to extend the model to encapsulate more features, and apply it for skill matching in a programming class as well as personalizing answers on StackOverflow.Massachusetts Institute of Technology. Undergraduate Research Opportunities Progra

Automatic Creation of SQL Injection and Cross-Site Scripting Attacks

We present a technique for finding security vulnerabilitiesin Web applications. SQL Injection (SQLI) and cross-sitescripting (XSS) attacks are widespread forms of attackin which the attacker crafts the input to the application toaccess or modify user data and execute malicious code. Inthe most serious attacks (called second-order, or persistent,XSS), an attacker can corrupt a database so as to causesubsequent users to execute malicious code.This paper presents an automatic technique for creatinginputs that expose SQLI and XSS vulnerabilities. The techniquegenerates sample inputs, symbolically tracks taintsthrough execution (including through database accesses),and mutates the inputs to produce concrete exploits. Oursis the first analysis of which we are aware that preciselyaddresses second-order XSS attacks.Our technique creates real attack vectors, has few falsepositives, incurs no runtime overhead for the deployed application,works without requiring modification of applicationcode, and handles dynamic programming-languageconstructs. We implemented the technique for PHP, in a toolArdilla. We evaluated Ardilla on five PHP applicationsand found 68 previously unknown vulnerabilities (23 SQLI,33 first-order XSS, and 12 second-order XSS)

HAMPI: A Solver for String Constraints

Many automatic testing, analysis, and verification techniques for programs can be effectively reduced to a constraint-generation phase followed by a constraint-solving phase. This separation of concerns often leads to more effective and maintainable tools. The increasing efficiency of off-the-shelf constraint solvers makes this approach even more compelling. However, there are few, if any, effective and sufficiently expressive off-the-shelf solvers for string constraints generated by analysis techniques for string-manipulating programs. We designed and implemented Hampi, a solver for string constraints over bounded string variables. Hampi constraints express membership in regular languages and bounded context-free languages. Hampi constraints may contain context-free-language definitions, regular-language definitions and operations, and the membership predicate. Given a set of constraints, Hampi outputs a string that satisfies all the constraints, or reports that the constraints are unsatisfiable. Hampi is expressive and efficient, and can be successfully applied to testing and analysis of real programs. Our experiments use Hampi in: static and dynamic analyses for finding SQL injection vulnerabilities in Web applications; automated bug finding in C programs using systematic testing; and compare Hampi with another string solver. Hampi's source code, documentation, and the experimental data are available at http://people.csail.mit.edu/akiezun/hampi

Achievement, motivation, and educational choices : A longitudinal study of expectancy and value using a multiplicative perspective

Drawing on the expectancy-value model, the present study explored individual and gender differences in university entry and selection of educational pathway (e.g., science, technology, engineering, and mathematics [STEM] course selection). In particular, we examined the multiplicative effects of expectancy and task values on educational outcomes during the transition into early adulthood. Participants were from a nationally representative longitudinal sample of 15-year-old Australian youths (N = 10,370). The results suggest that (a) both math self-concept and intrinsic value interact in predicting advanced math course selection, matriculation results, entrance into university, and STEM fields of study; (b) prior reading achievement has negative effects on advanced math course selection and STEM fields through math motivational beliefs; and (c) gender differences in educational outcomes are mediated by gender differences in motivational beliefs and prior academic achievement, while the processes underlying choice of educational pathway were similar for males and females

Wait-learning: Leveraging conversational dead time for second language education

Second-language learners are often unable to find time for language practice due to constraints in their daily lives. In this paper, we examine how brief moments of waiting during a person's existing social conversations can be leveraged for second language practice, even if the conversation is exchanged in the first language. We present an instant messaging (IM) prototype, WaitChatter, that supports the notion of wait-learning by displaying contextually relevant foreign language vocabulary and micro-quizzes while the user awaits a response from her conversant. The foreign translations are displayed just-in-time in the context of the conversation to promote incidental learning. In a preliminary study of WaitChatter, we found that participants were able to integrate second language learning into their existing instant messaging activities, and that a particularly opportune time to embed foreign language elements may be immediately after the learner sends a chat message.Lincoln Laborator