Popular:
Virtualization DNS security formal verification reachability analysis compiler errors macro conflict web extension development framework Bitmap Graphics API inconsistencies All Tags

Unleashing End-User Programmable AI: Introducing Universalis

2025-08-10

This paper introduces Universalis, a new programming language designed to empower knowledge workers to harness the power of AI without extensive programming expertise. Universalis prioritizes code readability, optimized for execution on the neural computer Automind, and complemented by a suite of analytical tools. Inspired by Leibniz's vision of a universal science, it blends natural language with code, making it accessible even to users familiar only with basic Excel formulas. Supporting advanced features like conditionals, bulk processing, and query comprehensions, Universalis incorporates pre- and post-conditions for robust AI safety, ensuring logical correctness and ethical compliance.

Read more
(queue.acm.org)
AI AI programming language

WebAssembly and DOM Support: The Future of Glue Code

2025-07-23

The question of whether WebAssembly (Wasm) is truly production-ready for web applications, given its need to integrate with web pages and APIs like the DOM, is addressed. The article argues that direct DOM access in Wasm isn't necessary; existing JavaScript APIs and compiler-generated glue code provide seamless integration. While a mechanism for directly calling web APIs might be added in the future, it would require significant effort. Currently, Wasm leverages JavaScript function imports (e.g., `console.log`) and cleverly uses JavaScript object array indices to manage object references, enabling flexible interaction with JavaScript. This approach, while not purely Wasm, effectively boosts performance. Ongoing improvements in exception handling, blocking I/O, and garbage collection are further optimizing Wasm-JavaScript integration efficiency. The author concludes that Wasm's focus should be on improving program performance, not eliminating JavaScript entirely. The future of WebAssembly involves refining the component model and toolchains to enhance interoperability with JavaScript without sacrificing performance or code size.

Read more
(queue.acm.org)
Development

Your Mouse is a Database: Asynchronous Data Streams and Rx

2025-04-10

This article explores using Rx (Reactive Extensions) to handle asynchronous data streams. The author argues that modern web and mobile applications heavily rely on asynchronous and real-time data streams, and Rx provides an elegant way to coordinate and orchestrate these streams. By comparing traditional database technologies with Rx, the article explains how Rx treats asynchronous computations as first-class citizens and uses a fluent API for efficient data stream composition and transformation. Finally, the author demonstrates Rx's power with a simple Ajax autocomplete example and briefly touches on Rx's relationship to Monads.

Read more
(queue.acm.org)
Development

50 Years of Open Source Software Supply Chain Security: From Multics to the xz Attack

2025-04-07

This article explores the challenges of open source software supply chain security over the past five decades. From potential backdoors identified in a 1974 Multics security evaluation to the 2024 xz compression library backdoor attack, the problem persists. Russ Cox, a core developer of the Go programming language, draws on personal experience and industry examples to discuss definitions of supply chain attacks and vulnerabilities, the complexity of software supply chains, and methods for strengthening defenses. These include software authentication, reproducible builds, rapid vulnerability discovery and patching, and vulnerability prevention strategies. The article highlights the underfunding of open source software, leaving projects vulnerable to malicious actors, illustrated by the xz attack. Ultimately, the author calls for increased funding and improved security practices in open source to address evolving threats.

Read more
(queue.acm.org)
Tech Vulnerabilities

AWS's Systems Correctness: A Multifaceted Approach

2025-04-01

Amazon Web Services (AWS) employs a robust system correctness strategy combining formal and semi-formal methods to deliver reliable services. Initially relying on TLA+ for modeling critical systems, AWS identified and eliminated subtle bugs early in development. The introduction of the P programming language, a more developer-friendly state machine language, further enhanced their approach, playing a crucial role in migrations like Amazon S3's move to strong consistency. Lightweight methods such as property-based testing, deterministic simulation, and fuzzing are also widely used. AWS further bolstered resilience with the launch of FIS (Fault Injection Service). For critical security boundaries, formal proofs, as seen in the development of Cedar and Firecracker, guarantee correctness. This multifaceted approach not only ensures reliability but also drives performance optimization and cost reduction.

Read more
(queue.acm.org)
Development System Correctness Formal Methods