Laurent Christophe
Coen De Roover
Elisa Gonzalez Boix
ABSTRACT
Dynamic analyses are commonly implemented by instrumenting the program under analysis. Examples of such analyses for JavaScript range from checkers of user- defined invariants to concolic testers. For a full-stack JavaScript program, these analyses would benefit from reasoning about the state of the client-side and server-side processes it is comprised of. Lifting a dynamic analysis so that it supports full-stack programs can be challenging. It involves distributed communication to maintain the analysis state across all processes, which has to be deadlock-free. In this paper, we advocate maintaining distributed analysis state in a centralized analysis process instead — which is communicated with from the processes under analysis. The approach is supported by a dynamic analysis platform that provides abstractions for this communication. We evaluate the approach through a case study. We use the platform to build a distributed origin analysis, capable of tracking the expressions from which values originate from across process boundaries, and deploy it on collaborative drawing application. The results show that our approach greatly simplifies the lifting process at the cost of a computational overhead. We deem this overhead acceptable for analyses intended for use at development time.
- Saba Alimadadi, Ali Mesbah, and Karthik Pattabiraman. 2016. Understanding Asynchronous Interactions in Full-stack JavaScript. In Proceedings of the 38th International Conference on Software Engineering (ICSE16). Google Scholar
Digital Library
- Esben Andreasen, Liang Gong, Anders Møller, Michael Pradel, Marija Selakovic, Koushik Sen, and Cristian-Alexandru Staicu. 2017. A Survey of Dynamic Analysis and Test Generation for JavaScript. ACM Computing Surveys (CSUR) 50, 5 (2017). Google ScholarDigital Library
- Paul Barham, Rebecca Isaacs, Richard Mortier, and Dushyanth Narayanan. 2003. Magpie: Online Modelling and Performance-aware Systems.. In HotOS. 85–90. Google ScholarDigital Library
- Bas Cornelissen, Andy Zaidman, Arie Van Deursen, Leon Moonen, and Rainer Koschke. 2009. A systematic survey of program comprehension through dynamic analysis. IEEE Transactions on Software Engineering 35, 5 (2009), 684–702. Google ScholarDigital Library
- Monika Dhok, Murali Krishna Ramanathan, and Nishant Sinha. 2016. Type-aware Concolic Testing of JavaScript Programs. In Proceedings of the 38th International Conference on Software Engineering (ICSE16). 168–179. Google ScholarDigital Library
- Rodrigo Fonseca, George Porter, Randy H Katz, Scott Shenker, and Ion Stoica. 2007. X-trace: A pervasive network tracing framework. In Proceedings of the 4th USENIX conference on Networked systems design & implementation. USENIX Association, 20–20. Google ScholarDigital Library
- Liang Gong, Michael Pradel, and Koushik Sen. 2015. JITProf: Pinpointing JIT-unfriendly JavaScript Code. In Proceedings of the 2015 10th Joint Meeting on Foundations of Software Engineering (FSE15). Google ScholarDigital Library
- Liang Gong, Michael Pradel, Manu Sridharan, and Koushik Sen. 2015. DLint: Dynamically Checking Bad Coding Practices in JavaScript. In Proceedings of the 2015 International Symposium on Software Testing and Analysis (ISSTA15). Google ScholarDigital Library
- Wolfgang De Meuter Laurent Christophe, Elisa Gonzalez Boix and Coen De Roover. 2016. Linvail: A General-Purpose Platform for Shadow Execution of JavaScript. In Proceedings of the 23rd IEEE International Conference on Software Analysis, Evolution, and Reengineering (SANER 2016).Google Scholar
- Guodong Li, Esben Andreasen, and Indradeep Ghosh. 2014. SymJS: Automatic Symbolic Testing of JavaScript Web Applications. In Proceedings of the 22Nd ACM SIGSOFT International Symposium on Foundations of Software Engineering (FSE14). Google ScholarDigital Library
- Chi-Keung Luk, Robert Cohn, Robert Muth, Harish Patil, Artur Klauser, Geoff Lowney, Steven Wallace, Vijay Janapa Reddi, and Kim Hazelwood. 2005. Pin: building customized program analysis tools with dynamic instrumentation. In Acm sigplan notices, Vol. 40. ACM, 190–200. Google ScholarDigital Library
- Magnus Madsen, Frank Tip, Esben Andreasen, Koushik Sen, and Anders Møller. 2016. Crowdie: Feedback-directed Instrumentation for Deployed JavaScript Applications. In Proceedings of the 38th International Conference on Software Engineering (ICSE16). Google ScholarDigital Library
- Nicholas Nethercote and Julian Seward. 2007. Valgrind: a framework for heavyweight dynamic binary instrumentation. In ACM Sigplan notices, Vol. 42. ACM, 89–100. Google ScholarDigital Library
- James Newsome and Dawn Song. 2005. Dynamic taint analysis for automatic detection, analysis, and signature generation of exploits on commodity software. (2005).Google Scholar
- Jens Nicolay, Carlos Noguera, Coen De Roover, and Wolfgang De Meuter. 2015. Detecting Function Purity in JavaScript. In Proceedings of the 15th International Working Conference on Source Code Analysis and Manipulation (SCAM15).Google ScholarCross Ref
- Laure Philips, Joeri De Koster, Wolfgang De Meuter, and Coen De Roover. 2018. Search-based Tier Assignment for Optimising Offline Availability in Multi-tier Web Applications. The Art, Science, and Engineering of Programming 2, 2 (2018).Google Scholar
- Prateek Saxena, Devdatta Akhawe, Steve Hanna, Feng Mao, Stephen McCamant, and Dawn Song. 2010. A symbolic execution framework for javascript. In Security and Privacy (SP), 2010 IEEE Symposium on. IEEE, 513–528. Google ScholarDigital Library
- Koushik Sen and Gul Agha. 2006. CUTE and jCUTE: Concolic unit testing and explicit path model-checking tools. In International Conference on Computer Aided Verification. Springer, 419–423. Google ScholarDigital Library
- Koushik Sen, Swaroop Kalasapur, Tasneem Brutch, and Simon Gibbs. 2013. Jalangi: A Selective Record-replay and Dynamic Analysis Framework for JavaScript. In Proceedings of the 9th Joint Meeting on Foundations of Software Engineering (ESEC/FSE13). Google ScholarDigital Library
- Koushik Sen, George Necula, Liang Gong, and Wontae Choi. 2015. MultiSE: Multi-path symbolic execution using value summaries. In Proceedings of the 2015 10th Joint Meeting on Foundations of Software Engineering. ACM, 842–853. Google ScholarDigital Library
- Benjamin H Sigelman, Luiz Andre Barroso, Mike Burrows, Pat Stephenson, Manoj Plakal, Donald Beaver, Saul Jaspan, and Chandan Shanbhag. 2010. Dapper, a large-scale distributed systems tracing infrastructure. Technical Report. Technical report, Google, Inc.Google Scholar
- Haiyang Sun, Daniele Bonetta, Christian Humer, and Walter Binder. 2018. Efficient Dynamic Analysis for Node.Js. In Proceedings of the 27th International Conference on Compiler Construction (CC18). Google ScholarDigital Library
- Tom Van Cutsem and Mark S Miller. 2010. Proxies: design principles for robust object-oriented intercession APIs. In ACM Sigplan Notices, Vol. 45. ACM, 59–72. Google ScholarDigital Library
- Tom Van Cutsem and Mark S Miller. 2013. Trustworthy proxies. In European Conference on Object-Oriented Programming. Springer, 154– 178. Google ScholarDigital Library
- Xu Zhao, Yongle Zhang, David Lion, Muhammad Faizan Ullah, Yu Luo, Ding Yuan, and Michael Stumm. 2014. lprof: A non-intrusive request flow profiler for distributed systems. In OSDI, Vol. 14. 629–644. Google ScholarDigital Library
Index Terms
- Orchestrating dynamic analyses of distributed processes for full-stack JavaScript programs
Recommendations
Analysis of JavaScript Programs: Challenges and Research Trends
JavaScript has been a de facto standard language for client-side web programs, and now it is expanding its territory to general purpose programs. In this article, we classify the client-side JavaScript research for the last decade or so into six topics: ...
Jalangi: a selective record-replay and dynamic analysis framework for JavaScript
ESEC/FSE 2013: Proceedings of the 2013 9th Joint Meeting on Foundations of Software EngineeringJavaScript is widely used for writing client-side web applications and is getting increasingly popular for writing mobile applications. However, unlike C, C++, and Java, there are not that many tools available for analysis and testing of JavaScript ...
Orchestrating dynamic analyses of distributed processes for full-stack JavaScript programs
GPCE '18Dynamic analyses are commonly implemented by instrumenting the program under analysis. Examples of such analyses for JavaScript range from checkers of user- defined invariants to concolic testers. For a full-stack JavaScript program, these analyses ...
Comments