An example system and method for securing computer code of a dynamic Domain Specific Language (DSL) that leverages a General Purpose Language (GPL). An example method includes enhancing compile-time security enforcement functionality for computer code written using the DSL, in part by using a compiler to perform static analysis on the DSL computer code. The static analysis includes referencing a security policy defining one or more unacceptable program behaviors; and indicating when execution of the computer code would result in performance of the one or more unacceptable program behaviors based on results of the static analysis.

A method comprises receiving a source code having a data set with a processor, opening the data set and identifying compile stage dependencies and run stage dependencies in the data set, determining whether a compile stage dependency has been identified, determining whether the identified compile stage dependency is accessible responsive to determining that the compile stage dependency has been identified, retrieving the compile stage dependency responsive to determining that the identified compile stage dependency is accessible, and compiling the source code and saving the compiled source code in a memory using the retrieved compile stage dependency responsive to determining that no run stage dependencies have been identified.

A grading system and method for grading a user solution to a computing assignment are presented. The method includes receiving a program code submitted by a user, wherein the received program code is the user solution to the computing assignment; activating at least one code processing engine, wherein each code processing engine is a secured isolated execution environment; executing the program code in the at least one activated code processing engine to produce an answer; determining a grade for the answer based on an expected answer and an approximate grading function, wherein the approximate grading function is determined based on a type of the computing assignment; and returning the grade to the user.

Build-time resolution and type-enforcing of corresponding references in different code that references the same value. In response to detecting a directive within the code itself that a first reference in first code is to be correlated with a second reference in second code, and in response to detection that the types of the references are the same, a code generation tool generates correlation code that is interpretable to a compiler as allowing a value of a type of the first reference of a compiled-form of the first code to be passed as the same value of the same type of the second reference of a compiled-form of the second code. The first code, the second code, and the generated correlation code may then be compiled. If compilation is successful, this means that the first and second references are already properly resolved as referring to the same value and type-enforced.

A method for developing software in which the software comprises a plurality of programs. A change to a program is received. A data structure checking procedure may then be invoked. The changed program is parsed for a reference to a data structure. Other instances of the data structure are located in other programs within the software. The referenced data structure is compared to the located other instances of the data structure. A predefined action (such as notifying a programmer or correcting the inconsistencies) is performed in response to any detected differences between the referenced data structure and the located other instances of the data structure. These steps are repeated for all data structures within the changed program.

A system and method for multiple parameter based composite rule data validation includes receiving a request to validate target data of a target object based on constituent parameters, identifying the data type of the target data, suggesting validation rules based on the data type of the target object, generating a set of composite validation queries, identifying at least one composite validation query in the set of composite validation queries corresponding to the constituent parameters and values, validating the target data of the target object against the at least one composite validation query, and returning a validation result for the target data.

Embodiments are directed to assigning a home memory location for a function call parameter. A method may include determining whether a caller is configured to allocate a memory location for a parameter passed to a callee. The caller is a module that includes a function call to the callee and the callee is a function. The method may include inserting instructions in the callee to allocate a home memory location for the parameter in response to determining that the caller is not configured to allocate a memory location for the parameter. In addition, the method may include inserting instructions in the callee to set the memory location as a home location for the parameter in response to determining that the caller is configured to allocate a memory location for the parameter.

An approach is presented to enhancing the optimization process in a polyhedral compiler by introducing compile-time versioning, i.e., the production of several versions of optimized code under varying assumptions on its run-time parameters. We illustrate this process by enabling versioning in the polyhedral processor placement pass. We propose an efficient code generation method and validate that versioning can be useful in a polyhedral compiler by performing benchmarking on a small set of deep learning layers defined for dynamically-sized tensors.

A method, a system, and a computer program product for automatically mitigating vulnerabilities in a source code of an application are provided. The method includes the following steps. First, a path graph is built according to the source code, where the path graph includes multiple paths, and each of the paths includes multiple nodes. Multiple tainted paths are identified, where each of the tainted paths corresponds to a vulnerability. A same target node in multiple intersecting tainted paths among the tainted paths is located based on an existence of a tainted object, and multiple vulnerabilities in the target node are mitigated automatically.

A technique is described for evaluating code at a local computing device before deploying the code to a cloud computing platform to be compiled. In an example embodiment, class files including the code in a programming language associated with the cloud computing environment are loaded by a local computer system, for example, associated with a software developer. The local computer system then parses the code to identify elements in the code and checks the identified elements. Errors in the code are identified based on the checking and are displayed to a user (e.g., the developer), for example, via a graphical user interface of a code editor application.