Sites Inria

Version française

Scientific award

Françoise Breton - 29/05/2013

Laying the theoretical foundations for web programming

Mobile video. Hi-res digitally generated image. © Cybrain #23311646 © Cybrain

A researcher at the French National Centre for Scientific Research (CNRS) and a member of the TYREX team, Pierre Genevès has been awarded the CNRS Bronze Medal for his applied theoretical work designed to improve the performance and reliability of web applications.

What are the stakes of your research?

Nowadays, human beings are doing more and more things online, be it booking flights, checking bank balances, paying taxes or managing hospitals. These applications affect a very large number of people and use technologies that are not totally mature from a security standpoint. These characteristics make them "critical". Indeed, with applications such as Facebook, which has over a billion users and exponential mobile use, failures in these systems could be devastating. To give just a few examples, in 2011, Citibank in the USA reported a leak of banking information concerning 200,000 customers, and in 2012, the social network LinkedIn had 6.5 million passwords stolen!

My goal is to improve the verification techniques for web applications in order to reduce bugs and improve reliability, but, above all—and this is what is new—I have designed a computational logic that allows programmers to better understand what the application does, and particularly to know what information it accesses and how it uses that information. (see inset)

Which aspects of your work attracted the attention of the judges who awarded you this bronze medal?

The judges appreciated the vertical aspect of my research, which goes from the theoretical contribution to the creation and implementation of programs, as well as the fact that the logic solver I designed works in concrete cases. Their decision was also influenced by the fact that my results are applicable in a number of fields, from the web to software engineering, to programming languages and artificial intelligence. What's more, the solver is really quick, which means it can be applied to problems that have remained unresolved for 6 or 7 years. It's removed a real technological barrier.

In your view, what are the next big scientific challenges in this field?

The web is becoming more dynamic, with growing use of data sent directly to the browser. This trend is accelerating following the development of sensors that supply data continuously (temperature, weather data, stock market ratings, etc.). The main difficulty in this case is that we don't know all the data: only one window is available, with a limited memory of past data. It is vital to develop theoretical foundations to allow us to understand and better design programs that manipulate these data flows, as current programming techniques remain quite unsuitable for doing so properly. It's a long-term research project.

Computational logic for understanding programs

Web technologies have developed much more quickly than the theoretical aspects. For example, the most widely used web programming language, Javascript, was created under severe time constraints and is no longer sufficient to ensure properties such as security in current web applications. Today, it is necessary to develop new methods or new languages whereby a calculation could be performed in advance to check that there are no bugs, regardless of the user or the use that is made of the application, in the same way that an engineer performs strength calculations when building a bridge.

Pierre Genevès has designed such an algorithm to analyse what a program does in XQuery, a new language for making queries on websites and processing this information. This algorithm uses the source code to determine whether, for example, the program accesses confidential data in all possible usage conditions. It's a difficult problem from a computational viewpoint: we have to be able to deal effectively with a potentially infinite set of web documents, since we don't know at the start what the input data for the program will be. "I have designed a logic that makes it possible to consider the particular structure of web page data (finite, ordered trees), explains the researcher. This logic offers good theoretical properties, but also good practical ones. It can be used to formulate all query problems and to resolve them very quickly. "It is thus possible to determine whether or not a program accesses confidential data. If it does, the logic solver is capable of generating the data set for a counter-example, enabling the programmer to better identify and understand the cause of the bug.

Keywords: Pierre Genevès TYREX team CNRS Medal Web Programming