Jalangi: a selective record-replay and dynamic analysis framework for JavaScript

@inproceedings{Sen2013JalangiAS,
  title={Jalangi: a selective record-replay and dynamic analysis framework for JavaScript},
  author={Koushik Sen and S. Kalasapur and T. Brutch and S. Gibbs},
  booktitle={ESEC/FSE 2013},
  year={2013}
}
JavaScript is widely used for writing client-side web applications and is getting increasingly popular for writing mobile applications. However, unlike C, C++, and Java, there are not that many tools available for analysis and testing of JavaScript applications. In this paper, we present a simple yet powerful framework, called Jalangi, for writing heavy-weight dynamic analyses. Our framework incorporates two key techniques: 1) selective record-replay, a technique which enables to record and to… Expand
Jalangi: a tool framework for concolic testing, selective record-replay, and dynamic analysis of JavaScript
TLDR
Jalangi incorporates two key techniques: 1) selective record-replay, a technique which enables to record and to faithfully replay a user-selected part of the program, and 2) shadow values and shadow execution, which enables easy implementation of heavy-weight dynamic analyses such as concolic testing and taint tracking. Expand
Efficient and Precise Dynamic Slicing for Client-Side JavaScript Programs
JavaScript is the de facto dominant programming language for developing web applications. Most popular websites are using JavaScript, especially to develop client-side features. Being syntacticallyExpand
Dynamic Analysis for JavaScript Code
TLDR
This work extends Jalangi, a dynamic analysis framework based on source code instrumentation, and develops NodeSec, which is a dynamic instrumentation framework that traces and sandboxes the interactions between a Node.js program and the operating system. Expand
Detecting and understanding JavaScript global identifier conflicts on the web
TLDR
This research developed a browser-based analysis framework, JSObserver, to collect and analyze the write operations to global memory locations by JavaScript code, and revealed that JavaScript global identifier conflicts are prevalent and could cause behavior deviation at run time. Expand
Industry Practice of JavaScript Dynamic Analysis on WeChat Mini-Programs
  • Y. Liu, Jinhui Xie, +5 authors Yepang Liu
  • Computer Science
  • 2020 35th IEEE/ACM International Conference on Automated Software Engineering (ASE)
  • 2020
TLDR
The experience of extending Jalangi, a dynamic analysis framework for JavaScript applications developed by academia, and applying the extended version, named WeJalangsi, to diagnose defects in WeChat Mini-Programs is reported. Expand
Static security evaluation of an industrial web application
TLDR
This paper proposes a novel approach to compare the precision, scalability and code coverage of two widely-used static analysis frameworks---WALA and SAFE---together with simplePack, which analyzer-agnostically bundles dependent modules, enabling a fair comparison. Expand
Automatic fault localization for client‐side JavaScript
TLDR
The approach is implemented in an open source tool called AUTOFLOX, and evaluation results indicate that it is capable of automatically localizing DOM‐related JAVASCRIPT faults with high accuracy (over 96%) and no false‐positives. Expand
Practical Analysis of the Dynamic Characteristics of JavaScript
TLDR
This work presents an analysis framework and several dataflow analyses that can handle dynamic features in JavaScript and designs and instantiation of the JSBAF, a generalpurpose and flexible framework that judiciously combines dynamic and static analyses. Expand
MemInsight : Platform-Independent Memory Profiling for JavaScript
JavaScript programs often su↵er from memory issues that can either hurt performance or eventually cause memory exhaustion. While existing snapshot-based profiling tools can be helpful, theExpand
MemInsight: platform-independent memory debugging for JavaScript
JavaScript programs often suffer from memory issues that can either hurt performance or eventually cause memory exhaustion. While existing snapshot-based profiling tools can be helpful, theExpand
...
1
2
3
4
5
...

References

SHOWING 1-10 OF 38 REFERENCES
Mugshot: Deterministic Capture and Replay for JavaScript Applications
TLDR
Mugshot is a system that captures every event in an executing JavaScript program, allowing developers to deterministically replay past executions of web applications, and is one of the first capture systems that is practical to deploy to every client and run in the common case. Expand
Correlation Tracking for Points-To Analysis of JavaScript
TLDR
In an experimental evaluation, it is found that correlation tracking often dramatically improved analysis scalability and precision on popular JavaScript frameworks, though in some cases scalability challenges remain. Expand
Automated construction of JavaScript benchmarks
TLDR
JSBench is described, a flexible tool for workload capture and benchmark generation, and its use in creating eight benchmarks based on popular sites is demonstrated, showing that workloads created by JSBench match the behavior of the original web applications. Expand
JSMeter: Comparing the Behavior of JavaScript Benchmarks with Real Web Applications
TLDR
This paper evaluates the behavior of JavaScript web applications from commercial web sites and compares this behavior with the benchmarks, finding that the benchmarks are not representative of many real web Sites and that conclusions reached from measuring the benchmarks may be misleading. Expand
Efficient construction of approximate call graphs for JavaScript IDE services
TLDR
This work presents a scalable field-based flow analysis for constructing call graphs, and shows that the analysis, while in principle unsound, produces highly accurate call graphs in practice. Expand
A Symbolic Execution Framework for JavaScript
TLDR
This paper builds an automatic end-to-end tool, Kudzu, and applies it to the problem of finding client-side code injection vulnerabilities, and designs a new language of string constraints and implements a solver for it. Expand
PinPlay: a framework for deterministic replay and reproducible analysis of parallel programs
TLDR
The design of PinPlay is described, which is an easy-to-use framework for capturing, deterministically replaying, and analyzing execution of large programs with reasonable runtime and disk usage. Expand
An analysis of the dynamic behavior of JavaScript programs
TLDR
An empirical study of the dynamic behavior of a corpus of widely-used JavaScript programs is performed, and how and why the dynamic features are used are analyzed. Expand
Towards Type Inference for JavaScript
TLDR
This work develops a formalism for an object based language, JS0 with features from Javascript, including dynamic addition of fields and updating of methods, and defines a type inference algorithm for JS0 that is sound with respect to the type system. Expand
JavaScript instrumentation for browser security
TLDR
A useful by-product of this work is an operational semantics of a core subset of JavaScript, where code embedded in (HTML) documents may generate further document pieces at runtime, yielding a form of self-modifying code. Expand
...
1
2
3
4
...