Wyvern Programming Language Leverages Data Types to Specify Sublanguages

Loraine Lawson
Slide Show

Four Ways Security Analytics Can Improve Business Performance

How would it change data and integration if a programming language could differentiate between other languages, based on data type?

This week, Carnegie Mellon University unveiled the first stage of Wyvern, an open source programming language that does just that.

Wyvern is news for two reasons:


  1. It received funding from the U.S. National Security Agency.
  2. It’s designed to make mobile and Web applications more secure.

Wyvern increases security by allowing coders to use multiple languages within the same program. According to the press release, Wyvern supports a “variety of targeted, domain-specific languages, such as SQL for querying databases or HTML for constructing Web pages, as sublanguages, rather than writing the entire program using a general purpose language.”

Wyvern allows you to add new languages “without worrying about composition,” according to Cyrus Omar, a Ph.D. student in the Computer Science department and the lead designer of Wyvern's type-specific language approach. Because it can accommodate multiple languages, Wyvern eliminates the workarounds programmers would otherwise use, experts told SD Times. These workarounds can cause bottlenecks and introduce security vulnerabilities, including code injection attacks, cross-site scripting attacks and SQL injection attacks.

That sounds awesome, but what piqued my interest is the way Wyvern identifies languages.

“Wyvern determines which sublanguage is being used within the program based on the type of data that the programmer is manipulating,” the press release states. “Types specify the format of data, such as alphanumeric characters, floating-point numbers or more complex data structures, such as Web pages and database queries.”

These types provide the context, which allows Wyvern to identify the sublanguage.

“Wyvern is like a skilled international negotiator who can smoothly switch between languages to get a whole team of people to work together," said Jonathan Aldrich, associate professor in the Institute for Software Research (ISR) and head of Wyvern’s research team. "Such a person can be extremely effective and, likewise, I think our new approach can have a big impact on building software systems."

At this point, it’s worth reiterating that the intended use is for Web and mobile apps, according to Aldrich. That said, he also pointed out to SD Times that while Wyvern isn’t targeted at systems programming, it’s possible someone could use Wyvern’s language extension ideas and build a systems programming language.

So what does this mean for data and integration use? That hasn’t been part of the discussion yet, but documentation shows data and integration is on the minds of the Wyvern team. Wyvern documentation notes that one strategy used by Wyvern is “High-level abstractions for architecture and data.” It also notes in the “motivation for Wyvern” section that “integration should not be supported only on the server side, as with Ruby on Rails, but across the client and server.”

Wyvern is not the first programming language to understand other languages. What’s unique here is that Wyvern combines two features that previously didn’t exist in one language:

  • It is not limited in its ability to determine which embedded language is used.
  • It does not limit which embedded language programmers can use.

Lifehacker has a research paper excerpt that explains this in developer-ese, if you’re interested.

Although it’s not fully developed, the language and supporting documentation is available on GitHub to would-be contributors.

Loraine Lawson is a veteran technology reporter and blogger. She currently writes the Integration blog for IT Business Edge, which covers all aspects of integration technology, including data governance and best practices. She has also covered IT/Business Alignment and IT Security for IT Business Edge. Before becoming a freelance writer, Lawson worked at TechRepublic as a site editor and writer, covering mobile, IT management, IT security and other technology trends. Previously, she was a webmaster at the Kentucky Transportation Cabinet and a newspaper journalist. Follow Lawson at Google+ and on Twitter.



Add Comment      Leave a comment on this blog post

Post a comment

 

 

 

 


(Maximum characters: 1200). You have 1200 characters left.

 

null
null

 

Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.