ABSTRACT
The rise of the software-as-a-service paradigm has led to the development of a new breed of sophisticated, interactive applications often called Web 2.0. While web applications have become larger and more complex, web application developers today have little visibility into the end-to-end behavior of their systems. This paper presents AjaxScope, a dynamic instrumentation platform that enables cross-user monitoring and just-in-time control of web application behavior on end-user desktops. AjaxScope is a proxy that performs on-the-fly parsing and instrumentation of JavaScript code as it is sent to users' browsers. AjaxScope provides facilities for distributed and adaptive instrumentation in order to reduce the client-side overhead, while giving fine-grained visibility into the code-level behavior of web applications. We present a variety of policies demonstrating the power of AjaxScope, ranging from simple error reporting and performance profiling to more complex memory leak detection and optimization analyses. We also apply our prototype to analyze the behavior of over 90 Web 2.0 applications and sites that use large amounts of JavaScript.
Supplemental Material
Available for Download
Supplemental material for AjaxScope: a platform for remotely monitoring the client-side behavior of web 2.0 applications
References
- String performance in Internet Explorer. http://therealcrisp.xs4all.nl/blog/2006/12/09/string-performance-in-internet-explorer/, December 2006.Google Scholar
- Marcos K. Aguilera, Jeffrey C. Mogul, Janet L. Wiener, Patrick Reynolds, and Athicha Muthitacharoen. Performance debugging for distributed systems of black boxes. In Proceedings of the Symposium on Operating Systems Principles, pages 74--89, October 2003. Google Scholar
Digital Library
- Richard Atterer, Monika Wnuk, and Albrecht Schmidt. Knowing the user's every move: user activity tracking for website usability evaluation and implicit interaction. In Proceedings of the International Conference on World Wide Web, pages 203--212, May 2006. Google Scholar
Digital Library
- Paul Barham, Austin Donnelly, Rebecca Isaacs, and Richard Mortier. Using Magpie for request extraction and workload modelling. In Proceedings of the Symposium on Operating Systems Design and Implementation, pages 259--272, December 2004. Google Scholar
Digital Library
- David Baron. Finding leaks in Mozilla. http://www. mozilla.org/performance/leak-brownbag.html, November 2001.Google Scholar
- Emery D. Berger and Benjamin G. Zorn. Diehard: probabilistic memory safety for unsafe languages. SIGPLAN Notes, 41(6):158--168, June 2006. Google Scholar
Digital Library
- Adam Bosworth. How to provide a Web API. http://www.sourcelabs.com/blogs/ajb/2006/08/how_to_provide_a_web_api.html, August 2006.Google Scholar
- Ryan Breen. Ajax performance. http://www.ajaxperformance.com, 2007.Google Scholar
- Ramesh Chandra, Nickolai Zeldovich, Constantine Sapuntzakis, and Monica S. Lam. The Collective: A cache-based system management architecture. In Proceedings of the Symposium on Networked Systems Design and Implementation, May 2005. Google Scholar
Digital Library
- Trishul M. Chilimbi and Ran Shaham. Cache-conscious coallocation of hot data streams. SIGPLAN Notes, 41(6):252--262, 2006. Google Scholar
Digital Library
- David A. Cohn, Zoubin Ghahramani, and Michael I. Jordan. Active learning with statistical models. Journal of Artificial Intelligence Research, 4:129--145, 1996. Google Scholar
Digital Library
- Crispan Cowan, Calton Pu, Dave Maier, Jonathan Walpole, Peat Bakke, Steve Beattie, Aaron Grier, Perry Wagle, Qian Zhang, and Heather Hinton. StackGuard: automatic adaptive detection and prevention of buffer-overflow attacks. In Proceedings of the Usenix Security Conference, pages 63--78, January 1998. Google Scholar
Digital Library
- ECMA. ECMAScript Language Specification 3rd Ed. http://www.ecma-international.org/publications/files/ECMA-ST/Ecma-262.pdf, December 1999.Google Scholar
- Vivek Haldar, Deepak Chandra, and Michael Franz. Dynamic taint propagation for Java. In Proceedings of the Annual Computer Security Applications Conference, pages 303--311, December 2005. Google Scholar
Digital Library
- Matthias Hauswirth and Trishul M. Chilimbi. Low--overhead memory leak detection using adaptive statistical profiling. In Proceedings of the International Conference on Architectural Support for Programming Languages and Operating Systems, pages 156--164, October 2004. Google Scholar
Digital Library
- Internet Explorer development team. IE+JavaScript performance recommendations part 2: JavaScript code inefficiencies. http://therealcrisp.xs4all.nl/blog/2006/12/09/string-performance-in-internet-explorer/.Google Scholar
- Ben Liblit, Mayur Naik, Alice X. Zheng, Alex Aiken, and Michael I. Jordan. Scalable statistical bug isolation. In Proceedings of the Conference on P.rogramming Language Design and Implementation, pages 15--26, June 2005. Google Scholar
Digital Library
- Chao Liu, Long Fei, Xifeng Yan, Jiawei Han, and Samuel P. Midkiff. Statistical debugging: A hypothesis testing-based approach. IEEE Transactions on Software Engineering, 32(10):831--848, 2006. Google Scholar
Digital Library
- Chao Liu and Jiawei Han. Failure proximity: a fault localization-based approach. In Proceedings of the International Symposium on Foundations of Software Engineering, pages 46--56, November 2006. Google Scholar
Digital Library
- Michael Martin, Benjamin Livshits, and Monica S. Lam. Finding application errors and security vulnerabilities using PQL: a program query language. In Proceedings of the Conference on Object--Oriented Programming, Systems, Languages, and Applications, October 2005. Google Scholar
Digital Library
- Michael Martin, Benjamin Livshits, and Monica S. Lam. SecuriFly: Runtime vulnerability protection for Web applications. Technical report, Stanford University, October 2006.Google Scholar
- Barton P. Miller, Mark D. Callaghan, Jonathan M. Cargille, Jeffrey K. Hollingsworth, R. Bruce Irvin, Karen L. Karavanic, Krishna Kunchithapadam, and Tia Newhall. The ParaDyn parallel performance measurement tool. IEEE Computer, 28(11):37--46, November 1995. Google Scholar
Digital Library
- Anh Nguyen-Tuong, Salvatore Guarnieri, Doug Greene, Jeff Shirley, and David Evans. Automatically hardening Web applications using precise tainting. In Proceedings of the IFIP International Information Security Conference, June 2005.Google Scholar
Cross Ref
- Charles Reis, John Dunagan, Helen J. Wang, Opher Dubrovsky, and Saher Esmeir. BrowserShield: Vulnerability-Driven Filtering of Dynamic HTML. InProceedings of the Symposium on Operating Systems Design and Implementation, December 2006. Google Scholar
Digital Library
- Steve Rider. Recent changes that may break your gadgets. http://microsoftgadgets.com/forums/1438/ShowPost.aspx, November 2005.Google Scholar
- Martin Rinard, Cristian Cadar, Daniel Dumitran, Daniel M. Roy, Tudor Leu, and Jr. William S. Beebee. Enhancing server availability and security through failure-oblivious computing. In Proceedings of the Symposium on Operating Systems Design and Implementation, pages 303--316, December 2004. Google Scholar
Digital Library
- Shai Rubin, Rastislav Bodik, and Trishul Chilimbi. An efficient profile-analysis framework for data-layout optimizations. SIGPLAN Notes, 37(1):140--153, 2002. Google Scholar
Digital Library
- Isaac Z. Schlueter. Memory leaks in Microsoft Internet Explorer. http://isaacschlueter.com/2006/10/msie-memory-leaks/, October 2006.Google Scholar
- Ran Shaham, Elliot K. Kolodner, and Mooly Sagiv. Estimating the impact of heap liveness information on space consumption in Java. In Proceedings of the the International Symposium on Memory Management, pages 64--75, June 2002. Google Scholar
Digital Library
- Joseph Tucek, Shan Lu, Chengdu Huang, Spiros Xanthos, and Yuanyuan Zhou. Automatic on-line failure diagnosis at the end-user site. In Proceedings of the Workshop on Hot Topics in System Dependability, November 2006. Google Scholar
Digital Library
- Larry Wall, Tom Christiansen, and Randal Schwartz. Programming Perl. O'Reilly and Associates, Sebastopol, CA, 1996. Google Scholar
Digital Library
- Dachuan Yu, Ajay Chander, Nayeem Islam, and Igor Serikov. JavaScript Instrumentation for Browser Security. In Proceedings of the Symposium on Principles of Programming Languages, pages 237--249, January 2007. Google Scholar
Digital Library
- Nicholas C. Zakas, Jeremy McPeak, and Joe Fawcett. Professional Ajax. Wrox, 2006.Google Scholar
Index Terms
AjaxScope: a platform for remotely monitoring the client-side behavior of web 2.0 applications






Comments