Compile-time Security Analysis and Optimization of Sensitive String Producers

Mike Samuel; Robert Grayson; Shaw Summa; Tom Palmer

arxiv: 2605.16561 · v1 · pith:35W2EIGPnew · submitted 2026-05-15 · 💻 cs.PL · cs.CR

Compile-time Security Analysis and Optimization of Sensitive String Producers

Mike Samuel , Tom Palmer , Shaw Summa , Robert Grayson This is my paper

Pith reviewed 2026-05-19 21:19 UTC · model grok-4.3

classification 💻 cs.PL cs.CR

keywords secure content compositioncompile-time security analysisstring expression syntaxcontent composition vulnerabilitiesprogramming language designstatic analysisdeveloper diagnostics

0 comments

The pith

A general framework for secure content composition integrates into general-purpose languages through small changes to string syntax.

A machine-rendered reading of the paper's core claim, the machinery that carries it, and where it could break.

The paper introduces a framework that allows secure ways to combine content, like HTML or SQL, directly in everyday programming languages by slightly changing how strings are expressed. This minimizes the difference between safe and unsafe code so developers can use secure options almost as easily as insecure ones. The system supports static checks at compile time that catch security issues based on the meaning of the code at runtime, while keeping the running code nearly as fast as simple string joining. It shifts security work to library authors who define safe primitives, letting developers and AI tools pick the right one and get clear error messages from the compiler.

Core claim

By defining a language design goal of minimizing the lexical distance between secure and insecure idioms, the authors show that practical compilation strategies exist: static analyses specified in terms of dynamic semantics, runtime performance approaching naive string concatenation, and developer-facing diagnostics surfaced as compile-time errors or warnings. This enables security engineers to encode composition hazards in libraries, developers to implement features correctly without specialist knowledge, and compilers to provide feedback for both humans and AI agents.

What carries the argument

Additive changes to string expression syntax that support a general framework for secure content composition across languages.

Load-bearing premise

That practical compilation strategies exist which achieve static analyses specified in terms of dynamic semantics while delivering runtime performance approaching naive string concatenation and useful developer diagnostics.

What would settle it

A working implementation that compiles secure string expressions to code running within a small constant factor of naive concatenation speed, while statically detecting all encoded composition hazards and reporting them as errors at specific source locations.

Figures

Figures reproduced from arXiv: 2605.16561 by Mike Samuel, Robert Grayson, Shaw Summa, Tom Palmer.

**Figure 3.** Figure 3: An accumulator is an object that knows how to compose fixed, trusted parts and untrusted interpolations. It typically owns a collector, like the StringBuilder from [PITH_FULL_IMAGE:figures/full_fig_p002_3.png] view at source ↗

**Figure 2.** Figure 2: A tagged block expression using the cackle tag. Lines whose leftmost margin character is " contribute literal runs and interpolations to the output; lines whose leftmost margin character is : contribute balanced statement fragments that govern control flow. let tag = cackle; let accumulator = tag.newAccumulator(); accumulator.appendFixed("I am the "); accumulator.appendUnsafe(title); accumulator.appendFix… view at source ↗

**Figure 3.** Figure 3: Desugaring of the tagged block expression in Fig [PITH_FULL_IMAGE:figures/full_fig_p003_3.png] view at source ↗

**Figure 4.** Figure 4: Representative HTML automaton transition rules. Each row matches on the current context fields (column 1), a regular [PITH_FULL_IMAGE:figures/full_fig_p006_4.png] view at source ↗

**Figure 5.** Figure 5: HTML buffer string with internationalization meta [PITH_FULL_IMAGE:figures/full_fig_p007_5.png] view at source ↗

**Figure 6.** Figure 6: A tagged block expression generating an HTML [PITH_FULL_IMAGE:figures/full_fig_p007_6.png] view at source ↗

**Figure 7.** Figure 7: Desugared accumulator-based form of Figure 6. [PITH_FULL_IMAGE:figures/full_fig_p008_7.png] view at source ↗

**Figure 9.** Figure 9: Optimized output after accumulator erasure. The [PITH_FULL_IMAGE:figures/full_fig_p009_9.png] view at source ↗

read the original abstract

Content composition vulnerabilities remain among the most prevalent and persistent classes of security weakness in deployed software. Prior mitigations, including developer training, static analysis tools, and domain-specific template languages, each face diminishing returns; AI code generation inherits these limitations and introduces new ones, reproducing insecure patterns from training data and lacking reliable context for self-correction. This paper introduces a general framework for secure content composition that extends across content languages and integrates directly into general-purpose programming languages via additive changes to string expression syntax. We define a language design goal of minimizing the lexical distance between secure and insecure idioms, and show that this goal admits practical compilation strategies: static analyses specified in terms of dynamic semantics, runtime performance approaching na\"ive string concatenation, and developer-facing diagnostics surfaced as compile-time errors or warnings. The approach enables an effective division of labor: security engineers encode composition hazards in libraries once; developers and AI coding agents select the appropriate library primitive to implement features correctly without needing to internalize specialist security knowledge; compiler diagnostics provide objective, position-keyed feedback that grounds both human review and iterative AI self-correction; and security responders focus on keeping libraries current rather than auditing ad-hoc security decisions distributed across a codebase.

Editorial analysis

A structured set of objections, weighed in public.

Desk editor's note, referee report, simulated authors' rebuttal, and a circularity audit. Tearing a paper down is the easy half of reading it; the pith above is the substance, this is the friction.

Desk Editor's Note private letter to a colleague

The paper sketches a syntax change for strings that tries to make secure composition the low-effort default, but the abstract gives no concrete syntax, analysis rules, or measurements to judge whether the performance and diagnostic claims actually work.

read the letter

The main thing here is a proposal to add a small amount of syntax to string expressions in ordinary languages so that library authors can mark composition hazards once and the compiler can catch problems at build time while keeping the source text close to plain concatenation. The stated goal of minimizing lexical distance between safe and unsafe idioms is the clearest new angle; it directly targets both human developers and AI code generators that currently reproduce insecure patterns. The division of labor—security people maintain the library encodings, everyone else just picks the right primitive—follows logically from that syntax choice and addresses a real maintenance problem. The paper also correctly notes that separate static tools and training have hit diminishing returns, and it ties the diagnostics to dynamic semantics rather than ad-hoc rules. That framing is coherent and timely given the rise of generated code. What the work does well is lay out a consistent story for how compile-time feedback could ground both human review and AI self-correction without requiring developers to learn security details. The claims about runtime cost staying near naive concatenation and diagnostics appearing as ordinary errors are the parts that would matter most if they hold. The soft spots are straightforward. The text stays at the level of goals and high-level strategies; there are no syntax examples, no formal rules for the static analysis, and no performance numbers or diagnostic quality data. Without those, it is impossible to tell whether the promised compilation strategies exist or whether they introduce hidden costs or false positives. The extension across content languages is also left as a claim rather than shown with any hazard-encoding details. This is the kind of paper that language and security researchers would discuss in a reading group to see if the minimal-distance idea can be made concrete. It is not yet a result one would cite for a specific technique, but the problem framing is solid enough that a serious editor should send it out for review so the authors can supply the missing implementation and evaluation pieces.

Referee Report

2 major / 1 minor

Summary. The paper introduces a general framework for secure content composition that extends across content languages and integrates directly into general-purpose programming languages via additive changes to string expression syntax. It defines a language design goal of minimizing lexical distance between secure and insecure idioms and claims this admits practical compilation strategies delivering static analyses specified in terms of dynamic semantics, runtime performance approaching naive string concatenation, and developer-facing diagnostics as compile-time errors or warnings. The approach shifts security work to library authors who encode hazards, while developers and AI agents select primitives, with compilers providing position-keyed feedback.

Significance. If the central claims hold, the work could meaningfully advance mitigation of content composition vulnerabilities by embedding security into everyday string handling with minimal developer overhead. The proposed division of labor, cross-language applicability, and support for AI code generation self-correction represent a coherent response to limitations of training, static tools, and domain-specific languages. Explicit strengths include the focus on additive syntax changes and objective compiler diagnostics.

major comments (2)

Abstract and high-level description: the central claim that the minimal-lexical-distance design goal 'admits practical compilation strategies' for static analyses from dynamic semantics plus near-naive performance is load-bearing yet unsupported by any derivation, algorithm sketch, or feasibility argument in the provided text; without this, the practicality assertion cannot be evaluated.
Abstract: the assertion that runtime performance approaches naive string concatenation is presented without any cost model, transformation rules, or benchmark outline, which is required to substantiate the optimization claim that underpins adoption arguments.

minor comments (1)

Abstract: the phrase 'additive changes to string expression syntax' would benefit from a brief example of the proposed syntax delta to clarify the lexical-distance claim for readers.

Simulated Author's Rebuttal

2 responses · 0 unresolved

We thank the referee for their constructive feedback, which identifies opportunities to better substantiate the central claims. We address each major comment below and will revise the manuscript accordingly to strengthen the presentation of practicality and performance arguments.

read point-by-point responses

Referee: Abstract and high-level description: the central claim that the minimal-lexical-distance design goal 'admits practical compilation strategies' for static analyses from dynamic semantics plus near-naive performance is load-bearing yet unsupported by any derivation, algorithm sketch, or feasibility argument in the provided text; without this, the practicality assertion cannot be evaluated.

Authors: We acknowledge that the abstract and high-level description would benefit from a more self-contained feasibility argument. While the full manuscript derives the static analyses from dynamic semantics and outlines the compilation approach in later sections, we agree that an explicit sketch would make the claim more readily evaluable. In revision we will add a concise algorithm outline and derivation summary to the abstract and introduction. revision: yes
Referee: Abstract: the assertion that runtime performance approaches naive string concatenation is presented without any cost model, transformation rules, or benchmark outline, which is required to substantiate the optimization claim that underpins adoption arguments.

Authors: We agree that the abstract should reference the supporting material to substantiate the performance claim. The manuscript presents a cost model, transformation rules, and benchmark results in Section 4 demonstrating performance approaching naive concatenation. We will revise the abstract to include a brief reference to the cost model and benchmark outline. revision: yes

Circularity Check

0 steps flagged

No circularity; descriptive framework proposal without derivations or self-referential reductions

full rationale

The manuscript presents a language design goal of minimizing lexical distance between secure and insecure string idioms and claims this admits practical compilation strategies for static analyses from dynamic semantics, near-naive runtime performance, and compile-time diagnostics. No equations, fitted parameters, uniqueness theorems, or self-citations appear in the provided text. The division of labor between security engineers encoding hazards in libraries and developers selecting primitives follows directly from the stated additive syntax changes without any reduction of outputs to inputs by construction. The paper is a descriptive proposal for a general framework rather than a derivation chain that collapses to its own premises.

Axiom & Free-Parameter Ledger

0 free parameters · 1 axioms · 0 invented entities

Based on abstract only; the framework rests on unstated assumptions about the feasibility of dynamic-semantics-based static analysis and low-overhead compilation.

axioms (1)

domain assumption Static analyses for string composition hazards can be specified in terms of dynamic semantics while remaining practical for compilation.
Invoked to support compile-time diagnostics and performance claims.

pith-pipeline@v0.9.0 · 5740 in / 1073 out tokens · 34024 ms · 2026-05-19T21:19:17.117335+00:00 · methodology

discussion (0)

Lean theorems connected to this paper

Citations machine-checked in the Pith Canon. Every link opens the source theorem in the public Lean library.

IndisputableMonolith/Cost/FunctionalEquation.lean washburn_uniqueness_aczel unclear

?

unclear
Relation between the paper passage and the cited Recognition theorem.

The accumulator interface and the transition table together form a complete, purely functional specification of the library’s runtime semantics.
IndisputableMonolith/Foundation/RealityFromDistinction.lean reality_from_one_distinction unclear

?

unclear
Relation between the paper passage and the cited Recognition theorem.

We define a language design goal of minimizing the lexical distance between secure and insecure idioms

What do these tags mean?

matches: The paper's claim is directly supported by a theorem in the formal canon.
supports: The theorem supports part of the paper's argument, but the paper may add assumptions or extra steps.
extends: The paper goes beyond the formal theorem; the theorem is a base layer rather than the whole result.
uses: The paper appears to rely on the theorem as machinery.
contradicts: The paper's claim conflicts with a theorem or certificate in the canon.
unclear: Pith found a possible connection, but the passage is too broad, indirect, or ambiguous to say the theorem truly supports the claim.

Reference graph

Works this paper leans on

24 extracted references · 24 canonical work pages · 1 internal anchor

[1]

Anonymous Authors. 2011. Self-citation omitted for double-blind review. In Proceedings of ...Details omitted for double-blind review

work page 2011
[2]

Anonymous Authors. 2019. Self-citation omitted for double-blind review. anonymized, https://example.com/anonymized. Accessed: 2026-03-19

work page 2019
[3]

Jim Baker. 2024. PEP 750 – Template Strings. Python Enhancement Proposals, https://peps.python.org/pep-0750/. Accepted 2025-04-10. Accessed: 2026-04-23

work page 2024
[4]

Jad S. Boutros. 2009. Reducing {XSS} by Way of Automatic Context-Aware Escaping in Template Systems. Google Online Security Blog, https://security. googleblog.com/2009/03/reducing-xss-by-way-of-automatic.html. Accessed: 2026-03-19

work page 2009
[5]

2026.GNU get- text utilities(0.26 ed.)

Ulrich Drepper, Jim Meyering, François Pinard, and Bruno Haible. 2026.GNU get- text utilities(0.26 ed.). Free Software Foundation. https://www.gnu.org/software/ gettext/manual/gettext.html#Special-Comments-preceding-Keywords Section: Special Comments preceding Keywords

work page 2026
[6]

2005.ECMAScript for XML (E4X) Specification(2nd ed.)

Ecma International. 2005.ECMAScript for XML (E4X) Specification(2nd ed.). Technical Report ECMA-357. Ecma International. https://ecma-international. org/publications-and-standards/standards/ecma-357/ Withdrawn 2021

work page 2005
[7]

Finifter, A

M. Finifter, A. Mettler, N. Sastry, and D. Wagner. 2008. Verifiable functional purity in Java. In15th ACM Conference on Computer and Communications Security (CCS’08). 161–175. https://people.eecs.berkeley.edu/~daw/papers/pure-ccs08.pdf

work page 2008
[8]

2024.An Overview of Google’s Commitment to Secure by Design

Google. 2024.An Overview of Google’s Commitment to Secure by Design. White Paper. Google. https://static.googleusercontent.com/media/publicpolicy.google/ en//resources/google_commitment_secure_by_design_overview.pdf Accessed: 2026-03-19

work page 2024
[9]

Google LLC. 2025. lit-html. npm, https://www.npmjs.com/package/lit-html. Accessed: 2026-03-19

work page 2025
[10]

Christoph Kern. 2014. Securing the Tangled Web.Commun. ACM57, no. 9 (2014), 38–47. http://dx.doi.org/10.1145/2643134

work page doi:10.1145/2643134 2014
[11]

Geunwoo Kim, Pierre-Louis Poirion, Minsu Park, Dong-Gi Lee, Byungkwon Choi, Donghyun Kang, and Jiyong Jang. 2023. Language Models can Solve Computer Tasks. InAdvances in Neural Information Processing Systems (NeurIPS ’23). https: //arxiv.org/abs/2303.17491

work page internal anchor Pith review Pith/arXiv arXiv 2023
[12]

2024.Trusted Types

Krzysztof Kotowicz and Mike West. 2024.Trusted Types. W3C Working Draft. World Wide Web Consortium (W3C). https://www.w3.org/TR/trusted-types/ Accessed: 2026-03-19

work page 2024
[13]

Jim Laskey. 2020. JEP 378: Text Blocks. OpenJDK Java Enhancement Proposal, https://openjdk.org/jeps/378. Finalized in JDK 15. Accessed: 2026-03-19

work page 2020
[14]

Meta Platforms, Inc. [n. d.]. JSX in React – Introducing JSX. https://react.dev/ learn/writing-markup-with-jsx. Accessed: 2026-03-19

work page 2026
[15]

Meta Platforms, Inc. 2019. React v16.9.0 and the Roadmap Update. React Blog, https://legacy.reactjs.org/blog/2019/08/08/react-v16.9.0.html. Accessed: 2026-03- 19

work page 2019
[16]

Meta Platforms, Inc. 2025. React CHANGELOG. https://github.com/facebook/ react/blob/main/CHANGELOG.md. Accessed: 2026-03-19

work page 2025
[17]

MITRE Corporation. 2025. 2025 CWE Top 25 Most Dangerous Software Weak- nesses. https://cwe.mitre.org/top25/archive/2025/2025_cwe_top25.html. Ac- cessed: 2026-03-19

work page 2025
[18]

Morris, Jr

James H. Morris, Jr. 1973. Protection in Programming Languages.Commun. ACM 16, 1 (Jan. 1973), 15–21. doi:10.1145/361932.361937

work page doi:10.1145/361932.361937 1973
[19]

Claudia Negri-Ribalta, Rémi Geraud-Stewart, Anastasia Sergeeva, and Gabriele Lenzini. 2024. A systematic literature review on the impact of AI models on the security of code generation.Frontiers in Big DataVolume 7 - 2024 (2024). doi:10.3389/fdata.2024.1386720

work page doi:10.3389/fdata.2024.1386720 2024
[20]

Eric S. Raymond. 2003.The Art of Unix Programming. Addison-Wesley. Rule of Least Surprise: http://www.catb.org/~esr/writings/taoup/html/ch01s06.html

work page 2003
[21]

Eric V. Smith. 2015. PEP 498 – Literal String Interpolation. Python Enhancement Proposals, https://peps.python.org/pep-0498/. Accepted 2016-08-08. Accessed: 2026-03-19

work page 2015
[22]

2026.2026 State of Software Security: Pri- oritize, Protect, Prove

Tischler, Natalie and Ariganello, Joe. 2026.2026 State of Software Security: Pri- oritize, Protect, Prove. Technical Report. Veracode. https://www.veracode.com/ resources/state-of-software-security Data analysis by David Severski and Wade Baker (Cyentia Institute)

work page arXiv 2026
[23]

2023.Deriving Syntax Highlighting Grammars from Character- Level Context-Free Grammars: Algorithm Development, Analysis, and Future Direc- tions

Tar van Krieken. 2023.Deriving Syntax Highlighting Grammars from Character- Level Context-Free Grammars: Algorithm Development, Analysis, and Future Direc- tions. Master’s thesis. Eindhoven University of Technology. https://homepages. cwi.nl/~jurgenv/theses/TarVanKrieken.pdf Accessed: 2026-03-19

work page 2023
[24]

secure-composition/html

Vadim Zaytsev. 2019. Event-based parsing. InProceedings of the 6th ACM SIG- PLAN International Workshop on Reactive and Event-Based Languages and Systems (Athens, Greece)(REBLS 2019). Association for Computing Machinery, New York, NY, USA, 31–40. doi:10.1145/3358503.3361275 A Open Science The proof of concept of these ideas has been implemented in the Tem...

work page doi:10.1145/3358503.3361275 2019

[1] [1]

Anonymous Authors. 2011. Self-citation omitted for double-blind review. In Proceedings of ...Details omitted for double-blind review

work page 2011

[2] [2]

Anonymous Authors. 2019. Self-citation omitted for double-blind review. anonymized, https://example.com/anonymized. Accessed: 2026-03-19

work page 2019

[3] [3]

Jim Baker. 2024. PEP 750 – Template Strings. Python Enhancement Proposals, https://peps.python.org/pep-0750/. Accepted 2025-04-10. Accessed: 2026-04-23

work page 2024

[4] [4]

Jad S. Boutros. 2009. Reducing {XSS} by Way of Automatic Context-Aware Escaping in Template Systems. Google Online Security Blog, https://security. googleblog.com/2009/03/reducing-xss-by-way-of-automatic.html. Accessed: 2026-03-19

work page 2009

[5] [5]

2026.GNU get- text utilities(0.26 ed.)

Ulrich Drepper, Jim Meyering, François Pinard, and Bruno Haible. 2026.GNU get- text utilities(0.26 ed.). Free Software Foundation. https://www.gnu.org/software/ gettext/manual/gettext.html#Special-Comments-preceding-Keywords Section: Special Comments preceding Keywords

work page 2026

[6] [6]

2005.ECMAScript for XML (E4X) Specification(2nd ed.)

Ecma International. 2005.ECMAScript for XML (E4X) Specification(2nd ed.). Technical Report ECMA-357. Ecma International. https://ecma-international. org/publications-and-standards/standards/ecma-357/ Withdrawn 2021

work page 2005

[7] [7]

Finifter, A

M. Finifter, A. Mettler, N. Sastry, and D. Wagner. 2008. Verifiable functional purity in Java. In15th ACM Conference on Computer and Communications Security (CCS’08). 161–175. https://people.eecs.berkeley.edu/~daw/papers/pure-ccs08.pdf

work page 2008

[8] [8]

2024.An Overview of Google’s Commitment to Secure by Design

Google. 2024.An Overview of Google’s Commitment to Secure by Design. White Paper. Google. https://static.googleusercontent.com/media/publicpolicy.google/ en//resources/google_commitment_secure_by_design_overview.pdf Accessed: 2026-03-19

work page 2024

[9] [9]

Google LLC. 2025. lit-html. npm, https://www.npmjs.com/package/lit-html. Accessed: 2026-03-19

work page 2025

[10] [10]

Christoph Kern. 2014. Securing the Tangled Web.Commun. ACM57, no. 9 (2014), 38–47. http://dx.doi.org/10.1145/2643134

work page doi:10.1145/2643134 2014

[11] [11]

Geunwoo Kim, Pierre-Louis Poirion, Minsu Park, Dong-Gi Lee, Byungkwon Choi, Donghyun Kang, and Jiyong Jang. 2023. Language Models can Solve Computer Tasks. InAdvances in Neural Information Processing Systems (NeurIPS ’23). https: //arxiv.org/abs/2303.17491

work page internal anchor Pith review Pith/arXiv arXiv 2023

[12] [12]

2024.Trusted Types

Krzysztof Kotowicz and Mike West. 2024.Trusted Types. W3C Working Draft. World Wide Web Consortium (W3C). https://www.w3.org/TR/trusted-types/ Accessed: 2026-03-19

work page 2024

[13] [13]

Jim Laskey. 2020. JEP 378: Text Blocks. OpenJDK Java Enhancement Proposal, https://openjdk.org/jeps/378. Finalized in JDK 15. Accessed: 2026-03-19

work page 2020

[14] [14]

Meta Platforms, Inc. [n. d.]. JSX in React – Introducing JSX. https://react.dev/ learn/writing-markup-with-jsx. Accessed: 2026-03-19

work page 2026

[15] [15]

Meta Platforms, Inc. 2019. React v16.9.0 and the Roadmap Update. React Blog, https://legacy.reactjs.org/blog/2019/08/08/react-v16.9.0.html. Accessed: 2026-03- 19

work page 2019

[16] [16]

Meta Platforms, Inc. 2025. React CHANGELOG. https://github.com/facebook/ react/blob/main/CHANGELOG.md. Accessed: 2026-03-19

work page 2025

[17] [17]

MITRE Corporation. 2025. 2025 CWE Top 25 Most Dangerous Software Weak- nesses. https://cwe.mitre.org/top25/archive/2025/2025_cwe_top25.html. Ac- cessed: 2026-03-19

work page 2025

[18] [18]

Morris, Jr

James H. Morris, Jr. 1973. Protection in Programming Languages.Commun. ACM 16, 1 (Jan. 1973), 15–21. doi:10.1145/361932.361937

work page doi:10.1145/361932.361937 1973

[19] [19]

Claudia Negri-Ribalta, Rémi Geraud-Stewart, Anastasia Sergeeva, and Gabriele Lenzini. 2024. A systematic literature review on the impact of AI models on the security of code generation.Frontiers in Big DataVolume 7 - 2024 (2024). doi:10.3389/fdata.2024.1386720

work page doi:10.3389/fdata.2024.1386720 2024

[20] [20]

Eric S. Raymond. 2003.The Art of Unix Programming. Addison-Wesley. Rule of Least Surprise: http://www.catb.org/~esr/writings/taoup/html/ch01s06.html

work page 2003

[21] [21]

Eric V. Smith. 2015. PEP 498 – Literal String Interpolation. Python Enhancement Proposals, https://peps.python.org/pep-0498/. Accepted 2016-08-08. Accessed: 2026-03-19

work page 2015

[22] [22]

2026.2026 State of Software Security: Pri- oritize, Protect, Prove

Tischler, Natalie and Ariganello, Joe. 2026.2026 State of Software Security: Pri- oritize, Protect, Prove. Technical Report. Veracode. https://www.veracode.com/ resources/state-of-software-security Data analysis by David Severski and Wade Baker (Cyentia Institute)

work page arXiv 2026

[23] [23]

2023.Deriving Syntax Highlighting Grammars from Character- Level Context-Free Grammars: Algorithm Development, Analysis, and Future Direc- tions

Tar van Krieken. 2023.Deriving Syntax Highlighting Grammars from Character- Level Context-Free Grammars: Algorithm Development, Analysis, and Future Direc- tions. Master’s thesis. Eindhoven University of Technology. https://homepages. cwi.nl/~jurgenv/theses/TarVanKrieken.pdf Accessed: 2026-03-19

work page 2023

[24] [24]

secure-composition/html

Vadim Zaytsev. 2019. Event-based parsing. InProceedings of the 6th ACM SIG- PLAN International Workshop on Reactive and Event-Based Languages and Systems (Athens, Greece)(REBLS 2019). Association for Computing Machinery, New York, NY, USA, 31–40. doi:10.1145/3358503.3361275 A Open Science The proof of concept of these ideas has been implemented in the Tem...

work page doi:10.1145/3358503.3361275 2019