How Studying Programming Languages Can Make Software Error-Free and Secure

Danfeng Zhang

Danfeng Zhang is a new associate research professor of Computer Science. Joining Duke from Penn State, Zhang’s research focuses on programming languages and on techniques that identify and correct potentially damaging software vulnerabilities.

Can you tell us about your current research projects and expertise?

My first research project is on data privacy. With cloud computing and big data, personal data is at risk of exposure and abuse by third parties. When you use an app, you have to consent and say, “Well, I allow them to collect my data and use it for whatever reason.” So there's not too much transparency there. We have to put a lot of trust in those companies. That's very concerning.

That brings me to my expertise, which is programming languages. My research is in an area called program verification. The idea is that those apps are written in programming languages, and we can look at the behavior of the program and use some formal methods to prove that it is actually protecting my data. We look at the implementation of those algorithms and analyze whether they actually provide privacy guarantees, as they claim.

The second area I’m researching is building trust in distributed computing.

It's very common for multiple parties to work on data in the cloud. One example is medical records. Hospitals or different health providers all want to look at your health data. One big challenge is: how can I ensure that my data only goes to the parties I specifically designate?

Part of the challenge is that computation usually involves multiple parties and multiple steps. Maybe two parties will contribute to one step and where it will flow to next. You can think of this as what we call an "information flow problem" in computer science. Part of my ongoing research is to look at the whole picture: where your information comes from, where it goes, and use program verification techniques to prove that it only goes to the allowed parties.

What courses are you looking forward to teaching at Duke?

I look forward to designing new courses in programming languages. A lot of CS undergraduates know how to program, but likely they only know a few programming languages to use. They don't necessarily know:

  • the similarities between different languages;
  • the kinds of programming languages available on the market;
  • their pros and cons; and
  • how those languages are implemented all the way down to the hardware.

I will also teach a graduate-level class, which will be more research-oriented. The focus there will be on more advanced methods like other verification techniques I use in my research, and how those techniques can be applied in real-world scenarios like how to protect privacy and how to guarantee that your programs are bug free, those kinds of topics.

What do you hope students will take from your classes?

Hopefully, the students will be excited about the area and, if they choose to go into industry, will immediately understand the choices in the market.

Nowadays, it's more and more important to think of the correctness of a computer program. When you write a program, it's not just to make it work. It's more “make it work even on corner cases” — that's what we call software engineering and testing.

Another question is: How can I write this program in a secure way? There are thousands of ways to make it functionally correct, but a lot of them are not secure. An attacker can easily exploit them. So, I will also touch on these topics in my classes and make sure the students are ready to write not just software, but high-quality software.

What do you hope to achieve at Duke?

First, my plan is to introduce topics that are not available right now at Duke and to help students understand programming languages and techniques, so that they can use them in the future to answer real-world questions.

I hope to create a culture of writing high-quality software, instead of just writing down software that works and instilling that idea into the student's mind.

I also want to encourage undergraduates to pursue graduate school because, to be honest, programming languages are a very deep concept. Undergraduate students will likely only see the surface of programming languages research, so I will encourage them to dive deeper into the topic and explore the really exciting areas in the field — like the areas I'm working on — that require more training.

For graduate students, I plan to work with them to explore — not just the areas I'm looking at, but also new areas. Programming languages are a very important tool, and studying them is essential because every software is written in those languages. I will also encourage graduate students to explore this research area and become leaders in their subdomains.

What are you most looking forward to when it comes to working at Duke?

I would like to collaborate with other professors at Duke, especially in computer science and adjacent areas. A lot of great ideas start from collaboration.

With my expertise in programming languages, I would like to share that knowledge by establishing collaborations with my colleagues and creating new research areas that could benefit other fields. My long-term goal is to grow the programming languages research area at Duke.

Meet Danfeng Zhang