Abstract
Dynamic analyses are commonly implemented by instrumenting the program under analysis. Examples of such analyses for JavaScript range from checkers of user- defined invariants to concolic testers. For a full-stack JavaScript program, these analyses would benefit from reasoning about the state of the client-side and server-side processes it is comprised of. Lifting a dynamic analysis so that it supports full-stack programs can be challenging. It involves distributed communication to maintain the analysis state across all processes, which has to be deadlock-free. In this paper, we advocate maintaining distributed analysis state in a centralized analysis process instead — which is communicated with from the processes under analysis. The approach is supported by a dynamic analysis platform that provides abstractions for this communication. We evaluate the approach through a case study. We use the platform to build a distributed origin analysis, capable of tracking the expressions from which values originate from across process boundaries, and deploy it on collaborative drawing application. The results show that our approach greatly simplifies the lifting process at the cost of a computational overhead. We deem this overhead acceptable for analyses intended for use at development time.
- Saba Alimadadi, Ali Mesbah, and Karthik Pattabiraman. 2016. Understanding Asynchronous Interactions in Full-stack JavaScript. In Proceedings of the 38th International Conference on Software Engineering (ICSE16). Google Scholar
Digital Library
- Esben Andreasen, Liang Gong, Anders Møller, Michael Pradel, Marija Selakovic, Koushik Sen, and Cristian-Alexandru Staicu. 2017. A Survey of Dynamic Analysis and Test Generation for JavaScript. ACM Computing Surveys (CSUR) 50, 5 (2017). Google Scholar
Digital Library
- Paul Barham, Rebecca Isaacs, Richard Mortier, and Dushyanth Narayanan. 2003. Magpie: Online Modelling and Performance-aware Systems.. In HotOS. 85–90. Google Scholar
Digital Library
- Bas Cornelissen, Andy Zaidman, Arie Van Deursen, Leon Moonen, and Rainer Koschke. 2009. A systematic survey of program comprehension through dynamic analysis. IEEE Transactions on Software Engineering 35, 5 (2009), 684–702. Google Scholar
Digital Library
- Monika Dhok, Murali Krishna Ramanathan, and Nishant Sinha. 2016. Type-aware Concolic Testing of JavaScript Programs. In Proceedings of the 38th International Conference on Software Engineering (ICSE16). 168–179. Google Scholar
Digital Library
- Rodrigo Fonseca, George Porter, Randy H Katz, Scott Shenker, and Ion Stoica. 2007. X-trace: A pervasive network tracing framework. In Proceedings of the 4th USENIX conference on Networked systems design & implementation. USENIX Association, 20–20. Google Scholar
Digital Library
- Liang Gong, Michael Pradel, and Koushik Sen. 2015. JITProf: Pinpointing JIT-unfriendly JavaScript Code. In Proceedings of the 2015 10th Joint Meeting on Foundations of Software Engineering (FSE15). Google Scholar
Digital Library
- Liang Gong, Michael Pradel, Manu Sridharan, and Koushik Sen. 2015. DLint: Dynamically Checking Bad Coding Practices in JavaScript. In Proceedings of the 2015 International Symposium on Software Testing and Analysis (ISSTA15). Google Scholar
Digital Library
- Wolfgang De Meuter Laurent Christophe, Elisa Gonzalez Boix and Coen De Roover. 2016. Linvail: A General-Purpose Platform for Shadow Execution of JavaScript. In Proceedings of the 23rd IEEE International Conference on Software Analysis, Evolution, and Reengineering (SANER 2016).Google Scholar
- Guodong Li, Esben Andreasen, and Indradeep Ghosh. 2014. SymJS: Automatic Symbolic Testing of JavaScript Web Applications. In Proceedings of the 22Nd ACM SIGSOFT International Symposium on Foundations of Software Engineering (FSE14). Google Scholar
Digital Library
- Chi-Keung Luk, Robert Cohn, Robert Muth, Harish Patil, Artur Klauser, Geoff Lowney, Steven Wallace, Vijay Janapa Reddi, and Kim Hazelwood. 2005. Pin: building customized program analysis tools with dynamic instrumentation. In Acm sigplan notices, Vol. 40. ACM, 190–200. Google Scholar
Digital Library
- Magnus Madsen, Frank Tip, Esben Andreasen, Koushik Sen, and Anders Møller. 2016. Crowdie: Feedback-directed Instrumentation for Deployed JavaScript Applications. In Proceedings of the 38th International Conference on Software Engineering (ICSE16). Google Scholar
Digital Library
- Nicholas Nethercote and Julian Seward. 2007. Valgrind: a framework for heavyweight dynamic binary instrumentation. In ACM Sigplan notices, Vol. 42. ACM, 89–100. Google Scholar
Digital Library
- James Newsome and Dawn Song. 2005. Dynamic taint analysis for automatic detection, analysis, and signature generation of exploits on commodity software. (2005).Google Scholar
- Jens Nicolay, Carlos Noguera, Coen De Roover, and Wolfgang De Meuter. 2015. Detecting Function Purity in JavaScript. In Proceedings of the 15th International Working Conference on Source Code Analysis and Manipulation (SCAM15).Google Scholar
Cross Ref
- Laure Philips, Joeri De Koster, Wolfgang De Meuter, and Coen De Roover. 2018. Search-based Tier Assignment for Optimising Offline Availability in Multi-tier Web Applications. The Art, Science, and Engineering of Programming 2, 2 (2018).Google Scholar
- Prateek Saxena, Devdatta Akhawe, Steve Hanna, Feng Mao, Stephen McCamant, and Dawn Song. 2010. A symbolic execution framework for javascript. In Security and Privacy (SP), 2010 IEEE Symposium on. IEEE, 513–528. Google Scholar
Digital Library
- Koushik Sen and Gul Agha. 2006. CUTE and jCUTE: Concolic unit testing and explicit path model-checking tools. In International Conference on Computer Aided Verification. Springer, 419–423. Google Scholar
Digital Library
- Koushik Sen, Swaroop Kalasapur, Tasneem Brutch, and Simon Gibbs. 2013. Jalangi: A Selective Record-replay and Dynamic Analysis Framework for JavaScript. In Proceedings of the 9th Joint Meeting on Foundations of Software Engineering (ESEC/FSE13). Google Scholar
Digital Library
- Koushik Sen, George Necula, Liang Gong, and Wontae Choi. 2015. MultiSE: Multi-path symbolic execution using value summaries. In Proceedings of the 2015 10th Joint Meeting on Foundations of Software Engineering. ACM, 842–853. Google Scholar
Digital Library
- Benjamin H Sigelman, Luiz Andre Barroso, Mike Burrows, Pat Stephenson, Manoj Plakal, Donald Beaver, Saul Jaspan, and Chandan Shanbhag. 2010. Dapper, a large-scale distributed systems tracing infrastructure. Technical Report. Technical report, Google, Inc.Google Scholar
- Haiyang Sun, Daniele Bonetta, Christian Humer, and Walter Binder. 2018. Efficient Dynamic Analysis for Node.Js. In Proceedings of the 27th International Conference on Compiler Construction (CC18). Google Scholar
Digital Library
- Tom Van Cutsem and Mark S Miller. 2010. Proxies: design principles for robust object-oriented intercession APIs. In ACM Sigplan Notices, Vol. 45. ACM, 59–72. Google Scholar
Digital Library
- Tom Van Cutsem and Mark S Miller. 2013. Trustworthy proxies. In European Conference on Object-Oriented Programming. Springer, 154– 178. Google Scholar
Digital Library
- Xu Zhao, Yongle Zhang, David Lion, Muhammad Faizan Ullah, Yu Luo, Ding Yuan, and Michael Stumm. 2014. lprof: A non-intrusive request flow profiler for distributed systems. In OSDI, Vol. 14. 629–644. Google Scholar
Digital Library
Index Terms
Orchestrating dynamic analyses of distributed processes for full-stack JavaScript programs
Recommendations
Analysis of JavaScript Programs: Challenges and Research Trends
JavaScript has been a de facto standard language for client-side web programs, and now it is expanding its territory to general purpose programs. In this article, we classify the client-side JavaScript research for the last decade or so into six topics: ...
Efficient dynamic analysis for Node.js
CC 2018: Proceedings of the 27th International Conference on Compiler ConstructionDue to its popularity, there is an urgent need for dynamic program-analysis tools for Node.js, helping developers find bugs, performance bottlenecks, and bad coding practices. Frameworks based on code-level instrumentation enable dynamic analyses close ...
Jalangi: a selective record-replay and dynamic analysis framework for JavaScript
ESEC/FSE 2013: Proceedings of the 2013 9th Joint Meeting on Foundations of Software EngineeringJavaScript is widely used for writing client-side web applications and is getting increasingly popular for writing mobile applications. However, unlike C, C++, and Java, there are not that many tools available for analysis and testing of JavaScript ...







Comments