Abstract
The rise of the software-as-a-service paradigm has led to the development of a new breed of sophisticated, interactive applications often called Web 2.0. While Web applications have become larger and more complex, Web application developers today have little visibility into the end-to-end behavior of their systems. This article presents AjaxScope, a dynamic instrumentation platform that enables cross-user monitoring and just-in-time control of Web application behavior on end-user desktops. AjaxScope is a proxy that performs on-the-fly parsing and instrumentation of JavaScript code as it is sent to users’ browsers. AjaxScope provides facilities for distributed and adaptive instrumentation in order to reduce the client-side overhead, while giving fine-grained visibility into the code-level behavior of Web applications. We present a variety of policies demonstrating the power of AjaxScope, ranging from simple error reporting and performance profiling to more complex memory leak detection and optimization analyses. We also apply our prototype to analyze the behavior of over 90 Web 2.0 applications and sites that use significant amounts of JavaScript.
- }}Aguilera, M. K., Mogul, J. C., Wiener, J. L., Reynolds, P., and Muthitacharoen, A. 2003. Performance debugging for distributed systems of black boxes. In Proceedings of the Symposium on Operating Systems Principles. 74--89. Google Scholar
Digital Library
- }}Anderson, C. and Giannini, P. 2004. Type checking for JavaScript. In Proceedings of the 2nd Workshop on Object-Oriented Development. http://www.binarylord.com/work/js0wood.pdf.Google Scholar
- }}Anderson, C., Giannini, P., and Drossopoulou, S. 2005. Towards type inference for JavaScript. In Proceedings of the European Conference on Object-Oriented Programming. 429--452. Google Scholar
Digital Library
- }}Atterer, R., Wnuk, M., and Schmidt, A. 2006. Knowing the user’s every move: user activity tracking for Website usability evaluation and implicit interaction. In Proceedings of the International Conference on World Wide Web. 203--212. Google Scholar
Digital Library
- }}Barham, P., Donnelly, A., Isaacs, R., and Mortier, R. 2004. Using Magpie for request extraction and workload modelling. In Proceedings of the Symposium on Operating Systems Design and Implementation. 259--272. Google Scholar
Digital Library
- }}Baron, D. 2001. Finding leaks in Mozilla. http://www.mozilla.org/performance/leak-brownbag.html.Google Scholar
- }}Berger, E. D. and Zorn, B. G. 2006. Diehard: Probabilistic memory safety for unsafe languages. SIGPLAN Notes 41, 6, 158--168. Google Scholar
Digital Library
- }}Bosworth, A. 2006. How to provide a Web API. http://www.sourcelabs.com/blogs/ajb/2006/08/how_to_provide_a_Web_api.html.Google Scholar
- }}Breen, R. 2007. Ajax performance. http://www.ajaxperformance.com.Google Scholar
- }}Brutlag, J. 2009. Speed matters for google Web search. http://code.google.com/speed/files/delayexp.pdf.Google Scholar
- }}Burtscher, M., Livshits, B., Sinha, G., and Zorn, B. G. 2010. Jszap: Compressing JavaScript code. In Proceedings of the USENIX Conference on Web Application Development. Google Scholar
Digital Library
- }}Cartwright, R. and Fagan, M. 2004. Soft typing. ACM SIGPLAN Notices 39, 4, 412--428. Google Scholar
Digital Library
- }}Chandra, R., Zeldovich, N., Sapuntzakis, C., and Lam, M. S. 2005. The Collective: A cache-based system management architecture. In Proceedings of the Symposium on Networked Systems Design and Implementation. Google Scholar
Digital Library
- }}Chilimbi, T. M. and Shaham, R. 2006. Cache-conscious coallocation of hot data streams. SIGPLAN Notes 41, 6, 252--262. Google Scholar
Digital Library
- }}Chugh, R., Meister, J. A., Jhala, R., and Lerner, S. 2009. Staged information flow for JavaScript. In Proceedings of the Conference on Programming Language Design and Implementation. Google Scholar
Digital Library
- }}Cohn, D. A., Ghahramani, Z., and Jordan, M. I. 1996. Active learning with statistical models. J. Artif. Intelli. Resear. 4, 129--145. Google Scholar
Digital Library
- }}Cowan, C., Pu, C., Maier, D., Walpole, J., Bakke, P., Beattie, S., Grier, A., Wagle, P., Zhang, Q., and Hinton, H. 1998. StackGuard: Automatic adaptive detection and prevention of buffer-overflow attacks. In Proceedings of the Usenix Security Conference. 63--78. Google Scholar
Digital Library
- }}Crisp. 2006. String performance in Internet Explorer. http://therealcrisp.xs4all.nl/blog/2006/12/09/string-performance-in-internet-explorer/.Google Scholar
- }}DeCandia, G., Hastorun, D., Jampani, M., Kakulapati, G., Lakshman, A., Pilchin, A., Sivasubramanian, S., Vosshall, P., and Vogels, W. 2007. Dynamo: Amazon’s highly available key-value store. In Proceedings of the 21st ACM SIGOPS Symposium on Operating Systems Principles (SOSP’07). ACM, New York, 205--220. Google Scholar
Digital Library
- }}Demsky, B., Ernst, M., Guo, P., McCamant, S., Perkins, J., and Rinard, M. 2006. Inference and enforcement of data structure consistency specifications. In Proceedings of the International Symposium on Software Testing and Analysis (ISSTA). Google Scholar
Digital Library
- }}ECMA. 1999. ECMAScript Language Specification 3rd Ed. http://www.ecma-international.org/publications/files/ECMA-ST/Ecma-262.pdf.Google Scholar
- }}Guarnieri, S. and Livshits, B. 2009. Gatekeeper: Mostly static enforcement of security and reliability policies for javascript code. In Proceedings of the Usenix Security Symposium. Google Scholar
Digital Library
- }}Guarnieri, S. and Livshits, B. 2010. Gulfstream: Incremental static analysis for streaming JavaScript applications. In Proceedings of the USENIX Conference on Web Application Development. Google Scholar
Digital Library
- }}Haeberlen, A., Kouznetsov, P., and Druschel, P. 2007. Peerreview: Practical accountability for distributed systems. In Proceedings of the 21st ACM SIGOPS Symposium on Operating Systems Principles (SOSP’07). ACM, New York, 175--188. Google Scholar
Digital Library
- }}Haldar, V., Chandra, D., and Franz, M. 2005. Dynamic taint propagation for Java. In Proceedings of the Annual Computer Security Applications Conference. 303--311. Google Scholar
Digital Library
- }}Hauswirth, M. and Chilimbi, T. M. 2004. Low-overhead memory leak detection using adaptive statistical profiling. In Proceedings of the International Conference on Architectural Support for Programming Languages and Operating Systems. 156--164. Google Scholar
Digital Library
- }}Internet Explorer development team. IE+JavaScript performance recommendations part 2: JavaScript code inefficiencies. http://therealcrisp.xs4all.nl/blog/2006/12/09/string-performance-in-internet-explorer/.Google Scholar
- }}Jensen, S. H., Møller, A., and Thiemann, P. 2009. Type analysis for JavaScript. In Proceedings of the 16th International Static Analysis Symposium (SAS’09). Lecture Notes in Computer Science, vol. 5673. Springer-Verlag. Google Scholar
Digital Library
- }}Lawrence, E. 2007. Fiddler: Web debugging proxy. http://www.fiddlertool.com/fiddler/.Google Scholar
- }}Liblit, B., Naik, M., Zheng, A. X., Aiken, A., and Jordan, M. I. 2005. Scalable statistical bug isolation. In Proceedings of the Conference on Programming Language Design and Implementation. 15--26. Google Scholar
Digital Library
- }}Liu, C., Fei, L., Yan, X., Han, J., and Midkiff, S. P. 2006. Statistical debugging: A hypothesis testing-based approach. IEEE Trans. Softw. Engin. 32, 10, 831--848. Google Scholar
Digital Library
- }}Liu, C. and Han, J. 2006. Failure proximity: A fault localization-based approach. In Proceedings of the International Symposium on Foundations of Software Engineering. 46--56. Google Scholar
Digital Library
- }}Livshits, B. and Ding, C. 2007. Code splitting for network bound Web 2.0 applications. Tech. rep., Microsoft Research.Google Scholar
- }}Livshits, B. and Kıcıman, E. 2008. Doloto: Code splitting for network-bound Web 2.0 applications. In Proceedings of the ACM SIGSOFT International Symposium on Foundations of Software Engineering. Google Scholar
Digital Library
- }}Martin, M., Livshits, B., and Lam, M. S. 2005. Finding application errors and security vulnerabilities using PQL: A program query language. In Proceedings of the Conference on Object-Oriented Programming, Systems, Languages, and Applications. Google Scholar
Digital Library
- }}Martin, M., Livshits, B., and Lam, M. S. 2006. SecuriFly: Runtime vulnerability protection for Web applications. Tech. rep., Stanford University.Google Scholar
- }}Meyerovich, L. and Livshits, B. 2010. ConScript: Specifying and enforcing fine-grained security policies for JavaScript in the browser. In Proceedings of the IEEE Symposium on Security and Privacy. Google Scholar
Digital Library
- }}Michalakis, N., Soule, R., and Grimm, R. 2007. Ensuring content integrity for untrusted peer-to-peer content distribution networks. In Proceedings of the 4th USENIX Symposium on Networked Systems Design and Implementation. 145--158. Google Scholar
Digital Library
- }}Microsoft Live Labs. 2008. Live Labs Websandbox. http://Websandbox.org.Google Scholar
- }}Microsystems, S. 2009. Dtrace. http://www.sun.com/bigadmin/content/dtrace/index.jsp.Google Scholar
- }}Miller, B. P., Callaghan, M. D., Cargille, J. M., Hollingsworth, J. K., Irvin, R. B., Karavanic, K. L., Kunchithapadam, K., and Newhall, T. 1995. The ParaDyn parallel performance measurement tool. IEEE Comput. 28, 11, 37--46. Google Scholar
Digital Library
- }}Miller, M. S. 2009. Is it possible to mix ExtJS and google-caja to enhance security. http://extjs.com/forum/showthread.php?p=268731#post268731.Google Scholar
- }}Miller, M. S., Samuel, M., Laurie, B., Awad, I., and Stay, M. 2007. Caja: Safe active content in sanitized JavaScript. http://google-caja.googlecode.com/files/caja-2007.pdf.Google Scholar
- }}Nguyen-Tuong, A., Guarnieri, S., Greene, D., Shirley, J., and Evans, D. 2005. Automatically hardening Web applications using precise tainting. In Proceedings of the IFIP International Information Security Conference.Google Scholar
- }}Reis, C., Dunagan, J., Wang, H. J., Dubrovsky, O., and Esmeir, S. 2006. BrowserShield: Vulnerability-driven filtering of dynamic HTML. In Proceedings of the Symposium on Operating Systems Design and Implementation. Google Scholar
Digital Library
- }}Rider, S. 2005. Recent changes that may break your gadgets. http://microsoftgadgets.com/forums/1438/ShowPost.aspx.Google Scholar
- }}Rinard, M., Cadar, C., Dumitran, D., Roy, D. M., Leu, T., and William S. Beebee, J. 2004. Enhancing server availability and security through failure-oblivious computing. In Proceedings of the Symposium on Operating Systems Design and Implementation. 303--316. Google Scholar
Digital Library
- }}Rubin, S., Bodik, R., and Chilimbi, T. 2002. An efficient profile-analysis framework for data-layout optimizations. SIGPLAN Notes 37, 1, 140--153. Google Scholar
Digital Library
- }}Schlueter, I. Z. 2006. Memory leaks in Microsoft Internet Explorer. http://isaacschlueter.com/2006/10/msie-memory-leaks/.Google Scholar
- }}Shaham, R., Kolodner, E. K., and Sagiv, M. 2002. Estimating the impact of heap liveness information on space consumption in Java. In Proceedings of the International Symposium on Memory Management. 64--75. Google Scholar
Digital Library
- }}Sirer, E. G., Grimm, R., Gregory, A. J., and Bershad, B. N. 1999. Design and implementation of a distributed virtual machine for networked computers. In Proceedings of the 17th ACM Symposium on Operating Systems Principles (SOSP’99). ACM, New York, 202--216. Google Scholar
Digital Library
- }}Squid Developers. 2006. Squid Web proxy cache. http://www.squid-cache.org.Google Scholar
- }}Thiemann, P. 2005. Towards a type system for analyzing JavaScript programs. In Proceedings of the European Symposium on Programming. Google Scholar
Digital Library
- }}Tucek, J., Lu, S., Huang, C., Xanthos, S., and Zhou, Y. 2006. Automatic on-line failure diagnosis at the end-user site. In Proceedings of the Workshop on Hot Topics in System Dependability. Google Scholar
Digital Library
- }}Wall, L., Christiansen, T., and Schwartz, R. 1996. Programming Perl. O’Reilly and Associates, Sebastopol, CA.Google Scholar
- }}Yu, D., Chander, A., Islam, N., and Serikov, I. 2007. JavaScript instrumentation for browser security. In Proceedings of the Symposium on Principles of Programming Languages. 237--249. Google Scholar
Digital Library
- }}Yue, C. and Wang, H. 2009. Characterizing insecure JavaScript practices on the Web. In Proceedings of the International World Wide Web Conference. Google Scholar
Digital Library
- }}Yumerefendi, A. R. and Chase, J. S. 2007. Strong accountability for network storage. In Proceedings of the 5th USENIX Conference on File and Storage Technologies. 77--92. Google Scholar
Digital Library
- }}Zakas, N. C., McPeak, J., and Fawcett, J. 2006. Professional Ajax. Wrox.Google Scholar
Index Terms
AjaxScope: A Platform for Remotely Monitoring the Client-Side Behavior of Web 2.0 Applications
Recommendations
AjaxScope: a platform for remotely monitoring the client-side behavior of web 2.0 applications
SOSP '07The rise of the software-as-a-service paradigm has led to the development of a new breed of sophisticated, interactive applications often called Web 2.0. While web applications have become larger and more complex, web application developers today have ...
AjaxScope: a platform for remotely monitoring the client-side behavior of web 2.0 applications
SOSP '07: Proceedings of twenty-first ACM SIGOPS symposium on Operating systems principlesThe rise of the software-as-a-service paradigm has led to the development of a new breed of sophisticated, interactive applications often called Web 2.0. While web applications have become larger and more complex, web application developers today have ...
On the existence of probe effect in multi-threaded embedded programs
EMSOFT '14: Proceedings of the 14th International Conference on Embedded SoftwareSoftware instrumentation has been a convenient and portable approach for dynamic analysis, debugging, or profiling of program execution. Unfortunately, instrumentation may change the temporal behavior of multi-threaded program execution and result in ...






Comments