Type-based Dependency Analysis for JavaScript

Dependency analysis is a program analysis that determines potential data flow between program points. While it is not a security analysis per se, it is a viable basis for investigating data integrity, for ensuring confidentiality, and for guaranteeing sanitization. A noninterference property can be stated and proved for the dependency analysis. We have designed and implemented a dependency analysis for JavaScript. We formalize this analysis as an abstraction of a tainting semantics. We prove the correctness of the tainting semantics, the soundness of the abstraction, a noninterference property, and the termination of the analysis.Comment: Technical Repor

Efficient Dynamic Access Analysis Using JavaScript Proxies

JSConTest introduced the notions of effect monitoring and dynamic effect inference for JavaScript. It enables the description of effects with path specifications resembling regular expressions. It is implemented by an offline source code transformation. To overcome the limitations of the JSConTest implementation, we redesigned and reimplemented effect monitoring by taking advantange of JavaScript proxies. Our new design avoids all drawbacks of the prior implementation. It guarantees full interposition; it is not restricted to a subset of JavaScript; it is self-maintaining; and its scalability to large programs is significantly better than with JSConTest. The improved scalability has two sources. First, the reimplementation is significantly faster than the original, transformation-based implementation. Second, the reimplementation relies on the fly-weight pattern and on trace reduction to conserve memory. Only the combination of these techniques enables monitoring and inference for large programs.Comment: Technical Repor

TreatJS: Higher-Order Contracts for JavaScript

TreatJS is a language embedded, higher-order contract system for JavaScript which enforces contracts by run-time monitoring. Beyond providing the standard abstractions for building higher-order contracts (base, function, and object contracts), TreatJS's novel contributions are its guarantee of non-interfering contract execution, its systematic approach to blame assignment, its support for contracts in the style of union and intersection types, and its notion of a parameterized contract scope, which is the building block for composable run-time generated contracts that generalize dependent function contracts. TreatJS is implemented as a library so that all aspects of a contract can be specified using the full JavaScript language. The library relies on JavaScript proxies to guarantee full interposition for contracts. It further exploits JavaScript's reflective features to run contracts in a sandbox environment, which guarantees that the execution of contract code does not modify the application state. No source code transformation or change in the JavaScript run-time system is required. The impact of contracts on execution speed is evaluated using the Google Octane benchmark.Comment: Technical Repor

Questioning Development Orthodoxy

This paper traces the history and current state of international economic development through its institutions and attempts to reassess these institutions and their processes in a heterodox manner. There are many stereotypes and clichés to the foreign assistance industry: that it takes from the poor in rich countries and gives to the rich in poor countries; that it provides laboratories for economists and other social scientists to apply theories abroad that they would never attempt at home (the most obvious examples of these are population control programs and the privatization of pension funds); and that development creates “brain drain” from indigenous 2 institutions to the very institutions of development itself. Although a brief summary of the major research programs in development is given, the paper does not attempt to falsify or confirm any of these or other research programs and their corresponding policy recommendations. The purpose of the paper is to question the very nature of international economic development itself through an historical and philosophical re-examination of its institutional constructs. The Hegelian dialectical method of analysis is applied to the institutions of economic development and is used to ask, “what next and why

Market-based but state-led: The role of public development banks in shaping market-based finance in the European Union

This paper examines the European Union’s strategy of governing the economy through financial markets by focusing on the largely unacknowledged role of public development banks, including the multilateral European Investment Bank. It argues that these state-owned financial institutions have moved into a key position in the recent evolution of the European financial system and economic governance. Since the crisis, policy makers have used them to address the intrinsic volatility and excess liquidity of contemporary financial markets, as well as offset the constraints on public investment imposed by institutionalized fiscal austerity. The paper provides evidence for this claim through an analysis of the emergent policy nexus between the Investment Plan for Europe and the Action Plan on Building a Capital Markets Union. Based on official documents and interview data, it specifically traces the risk-sharing devices for small- and medium-sized enterprise and infrastructure finance set up by development banks within these initiatives. Equipped with public guarantees, they have been instrumental for the promotion of securitization markets and public–private partnerships through increased multilevel collaborations among development banks. The anchor role of such quasi-fiscal state actors in shaping capital markets, the paper concludes, has profound political implications, and therefore warrants further scholarly attention

The European Investment Bank is becoming increasingly politicised

Over the past two decades, the European Investment Bank (EIB) has become the world’s largest multilateral financial institution. In 1999, the EU member states’ ‘policy-driven’ bank counted around 1,000 staff members. This number is now close to 3,000. In 1999, the EIB’s balance sheet stood at 200 billion euros. It now stands at 550 billion euros. While this has given the bank an enormous push in its organisational capabilities, it has also come with higher visibility, calls for transparency and accountability, and mounting political tensions. This process of politicisation is characteristic for the post-crisis evolution of the European Union, and apparently does not stop at the European Commission’s door or the European Central Bank (ECB). Three recent episodes in particular highlight why more attention should be focused on the EIB

Symbolic Solving of Extended Regular Expression Inequalities

This paper presents a new solution to the containment problem for extended regular expressions that extends basic regular expressions with intersection and complement operators and consider regular expressions on infinite alphabets based on potentially infinite character sets. Standard approaches deciding the containment do not take extended operators or character sets into account. The algorithm avoids the translation to an expression-equivalent automaton and provides a purely symbolic term rewriting systems for solving regular expressions inequalities. We give a new symbolic decision procedure for the containment problem based on Brzozowski's regular expression derivatives and Antimirov's rewriting approach to check containment. We generalize Brzozowski's syntactic derivative operator to two derivative operators that work with respect to (potentially infinite) representable character sets.Comment: Technical Repor