10.1145/1294261.1294264acmconferencesArticle/Chapter ViewAbstractPublication PagessospConference Proceedingsconference-collections
Article

AjaxScope: a platform for remotely monitoring the client-side behavior of web 2.0 applications

Online:14 October 2007Publication History

ABSTRACT

The rise of the software-as-a-service paradigm has led to the development of a new breed of sophisticated, interactive applications often called Web 2.0. While web applications have become larger and more complex, web application developers today have little visibility into the end-to-end behavior of their systems. This paper presents AjaxScope, a dynamic instrumentation platform that enables cross-user monitoring and just-in-time control of web application behavior on end-user desktops. AjaxScope is a proxy that performs on-the-fly parsing and instrumentation of JavaScript code as it is sent to users' browsers. AjaxScope provides facilities for distributed and adaptive instrumentation in order to reduce the client-side overhead, while giving fine-grained visibility into the code-level behavior of web applications. We present a variety of policies demonstrating the power of AjaxScope, ranging from simple error reporting and performance profiling to more complex memory leak detection and optimization analyses. We also apply our prototype to analyze the behavior of over 90 Web 2.0 applications and sites that use large amounts of JavaScript.

Supplemental Material

Video

References

  1. String performance in Internet Explorer. http://therealcrisp.xs4all.nl/blog/2006/12/09/string-performance-in-internet-explorer/, December 2006.Google ScholarGoogle Scholar
  2. Marcos K. Aguilera, Jeffrey C. Mogul, Janet L. Wiener, Patrick Reynolds, and Athicha Muthitacharoen. Performance debugging for distributed systems of black boxes. In Proceedings of the Symposium on Operating Systems Principles, pages 74--89, October 2003. Google ScholarGoogle ScholarDigital LibraryDigital Library
  3. Richard Atterer, Monika Wnuk, and Albrecht Schmidt. Knowing the user's every move: user activity tracking for website usability evaluation and implicit interaction. In Proceedings of the International Conference on World Wide Web, pages 203--212, May 2006. Google ScholarGoogle ScholarDigital LibraryDigital Library
  4. Paul Barham, Austin Donnelly, Rebecca Isaacs, and Richard Mortier. Using Magpie for request extraction and workload modelling. In Proceedings of the Symposium on Operating Systems Design and Implementation, pages 259--272, December 2004. Google ScholarGoogle ScholarDigital LibraryDigital Library
  5. David Baron. Finding leaks in Mozilla. http://www. mozilla.org/performance/leak-brownbag.html, November 2001.Google ScholarGoogle Scholar
  6. Emery D. Berger and Benjamin G. Zorn. Diehard: probabilistic memory safety for unsafe languages. SIGPLAN Notes, 41(6):158--168, June 2006. Google ScholarGoogle ScholarDigital LibraryDigital Library
  7. Adam Bosworth. How to provide a Web API. http://www.sourcelabs.com/blogs/ajb/2006/08/how_to_provide_a_web_api.html, August 2006.Google ScholarGoogle Scholar
  8. Ryan Breen. Ajax performance. http://www.ajaxperformance.com, 2007.Google ScholarGoogle Scholar
  9. Ramesh Chandra, Nickolai Zeldovich, Constantine Sapuntzakis, and Monica S. Lam. The Collective: A cache-based system management architecture. In Proceedings of the Symposium on Networked Systems Design and Implementation, May 2005. Google ScholarGoogle ScholarDigital LibraryDigital Library
  10. Trishul M. Chilimbi and Ran Shaham. Cache-conscious coallocation of hot data streams. SIGPLAN Notes, 41(6):252--262, 2006. Google ScholarGoogle ScholarDigital LibraryDigital Library
  11. David A. Cohn, Zoubin Ghahramani, and Michael I. Jordan. Active learning with statistical models. Journal of Artificial Intelligence Research, 4:129--145, 1996. Google ScholarGoogle ScholarDigital LibraryDigital Library
  12. Crispan Cowan, Calton Pu, Dave Maier, Jonathan Walpole, Peat Bakke, Steve Beattie, Aaron Grier, Perry Wagle, Qian Zhang, and Heather Hinton. StackGuard: automatic adaptive detection and prevention of buffer-overflow attacks. In Proceedings of the Usenix Security Conference, pages 63--78, January 1998. Google ScholarGoogle ScholarDigital LibraryDigital Library
  13. ECMA. ECMAScript Language Specification 3rd Ed. http://www.ecma-international.org/publications/files/ECMA-ST/Ecma-262.pdf, December 1999.Google ScholarGoogle Scholar
  14. Vivek Haldar, Deepak Chandra, and Michael Franz. Dynamic taint propagation for Java. In Proceedings of the Annual Computer Security Applications Conference, pages 303--311, December 2005. Google ScholarGoogle ScholarDigital LibraryDigital Library
  15. Matthias Hauswirth and Trishul M. Chilimbi. Low--overhead memory leak detection using adaptive statistical profiling. In Proceedings of the International Conference on Architectural Support for Programming Languages and Operating Systems, pages 156--164, October 2004. Google ScholarGoogle ScholarDigital LibraryDigital Library
  16. Internet Explorer development team. IE+JavaScript performance recommendations part 2: JavaScript code inefficiencies. http://therealcrisp.xs4all.nl/blog/2006/12/09/string-performance-in-internet-explorer/.Google ScholarGoogle Scholar
  17. Ben Liblit, Mayur Naik, Alice X. Zheng, Alex Aiken, and Michael I. Jordan. Scalable statistical bug isolation. In Proceedings of the Conference on P.rogramming Language Design and Implementation, pages 15--26, June 2005. Google ScholarGoogle ScholarDigital LibraryDigital Library
  18. Chao Liu, Long Fei, Xifeng Yan, Jiawei Han, and Samuel P. Midkiff. Statistical debugging: A hypothesis testing-based approach. IEEE Transactions on Software Engineering, 32(10):831--848, 2006. Google ScholarGoogle ScholarDigital LibraryDigital Library
  19. Chao Liu and Jiawei Han. Failure proximity: a fault localization-based approach. In Proceedings of the International Symposium on Foundations of Software Engineering, pages 46--56, November 2006. Google ScholarGoogle ScholarDigital LibraryDigital Library
  20. Michael Martin, Benjamin Livshits, and Monica S. Lam. Finding application errors and security vulnerabilities using PQL: a program query language. In Proceedings of the Conference on Object--Oriented Programming, Systems, Languages, and Applications, October 2005. Google ScholarGoogle ScholarDigital LibraryDigital Library
  21. Michael Martin, Benjamin Livshits, and Monica S. Lam. SecuriFly: Runtime vulnerability protection for Web applications. Technical report, Stanford University, October 2006.Google ScholarGoogle Scholar
  22. Barton P. Miller, Mark D. Callaghan, Jonathan M. Cargille, Jeffrey K. Hollingsworth, R. Bruce Irvin, Karen L. Karavanic, Krishna Kunchithapadam, and Tia Newhall. The ParaDyn parallel performance measurement tool. IEEE Computer, 28(11):37--46, November 1995. Google ScholarGoogle ScholarDigital LibraryDigital Library
  23. Anh Nguyen-Tuong, Salvatore Guarnieri, Doug Greene, Jeff Shirley, and David Evans. Automatically hardening Web applications using precise tainting. In Proceedings of the IFIP International Information Security Conference, June 2005.Google ScholarGoogle ScholarCross RefCross Ref
  24. Charles Reis, John Dunagan, Helen J. Wang, Opher Dubrovsky, and Saher Esmeir. BrowserShield: Vulnerability-Driven Filtering of Dynamic HTML. InProceedings of the Symposium on Operating Systems Design and Implementation, December 2006. Google ScholarGoogle ScholarDigital LibraryDigital Library
  25. Steve Rider. Recent changes that may break your gadgets. http://microsoftgadgets.com/forums/1438/ShowPost.aspx, November 2005.Google ScholarGoogle Scholar
  26. Martin Rinard, Cristian Cadar, Daniel Dumitran, Daniel M. Roy, Tudor Leu, and Jr. William S. Beebee. Enhancing server availability and security through failure-oblivious computing. In Proceedings of the Symposium on Operating Systems Design and Implementation, pages 303--316, December 2004. Google ScholarGoogle ScholarDigital LibraryDigital Library
  27. Shai Rubin, Rastislav Bodik, and Trishul Chilimbi. An efficient profile-analysis framework for data-layout optimizations. SIGPLAN Notes, 37(1):140--153, 2002. Google ScholarGoogle ScholarDigital LibraryDigital Library
  28. Isaac Z. Schlueter. Memory leaks in Microsoft Internet Explorer. http://isaacschlueter.com/2006/10/msie-memory-leaks/, October 2006.Google ScholarGoogle Scholar
  29. Ran Shaham, Elliot K. Kolodner, and Mooly Sagiv. Estimating the impact of heap liveness information on space consumption in Java. In Proceedings of the the International Symposium on Memory Management, pages 64--75, June 2002. Google ScholarGoogle ScholarDigital LibraryDigital Library
  30. Joseph Tucek, Shan Lu, Chengdu Huang, Spiros Xanthos, and Yuanyuan Zhou. Automatic on-line failure diagnosis at the end-user site. In Proceedings of the Workshop on Hot Topics in System Dependability, November 2006. Google ScholarGoogle ScholarDigital LibraryDigital Library
  31. Larry Wall, Tom Christiansen, and Randal Schwartz. Programming Perl. O'Reilly and Associates, Sebastopol, CA, 1996. Google ScholarGoogle ScholarDigital LibraryDigital Library
  32. Dachuan Yu, Ajay Chander, Nayeem Islam, and Igor Serikov. JavaScript Instrumentation for Browser Security. In Proceedings of the Symposium on Principles of Programming Languages, pages 237--249, January 2007. Google ScholarGoogle ScholarDigital LibraryDigital Library
  33. Nicholas C. Zakas, Jeremy McPeak, and Joe Fawcett. Professional Ajax. Wrox, 2006.Google ScholarGoogle Scholar

Index Terms

  1. AjaxScope: a platform for remotely monitoring the client-side behavior of web 2.0 applications

      Comments

      Login options

      Check if you have access through your login credentials or your institution to get full access on this article.

      Sign in
      • Published in

        ACM Conferences cover image
        SOSP '07: Proceedings of twenty-first ACM SIGOPS symposium on Operating systems principles
        October 2007
        378 pages
        ISBN:9781595935915
        DOI:10.1145/1294261
        • ACM SIGOPS Operating Systems Review cover image
          ACM SIGOPS Operating Systems Review  Volume 41, Issue 6
          SOSP '07
          December 2007
          363 pages
          ISSN:0163-5980
          DOI:10.1145/1323293
          Issue’s Table of Contents

        Copyright © 2007 ACM

        Publisher

        Association for Computing Machinery

        New York, NY, United States

        Publication History

        • Online: 14 October 2007

        Permissions

        Request permissions about this article.

        Request Permissions

        Qualifiers

        • Article

        Acceptance Rates

        Overall Acceptance Rate 58 of 303 submissions, 19%

      PDF Format

      View or Download as a PDF file.

      PDF

      eReader

      View online with eReader.

      eReader
      About Cookies On This Site

      We use cookies to ensure that we give you the best experience on our website.

      Learn more

      Got it!