Jalangi: a selective record-replay and dynamic analysis framework for JavaScript

  title={Jalangi: a selective record-replay and dynamic analysis framework for JavaScript},
  author={Koushik Sen and Swaroop Kalasapur and Tasneem G. Brutch and Simon J. Gibbs},
  booktitle={ESEC/FSE 2013},
JavaScript is widely used for writing client-side web applications and is getting increasingly popular for writing mobile applications. However, unlike C, C++, and Java, there are not that many tools available for analysis and testing of JavaScript applications. In this paper, we present a simple yet powerful framework, called Jalangi, for writing heavy-weight dynamic analyses. Our framework incorporates two key techniques: 1) selective record-replay, a technique which enables to record and to… 

Figures and Tables from this paper

Jalangi: a tool framework for concolic testing, selective record-replay, and dynamic analysis of JavaScript

Jalangi incorporates two key techniques: 1) selective record-replay, a technique which enables to record and to faithfully replay a user-selected part of the program, and 2) shadow values and shadow execution, which enables easy implementation of heavy-weight dynamic analyses such as concolic testing and taint tracking.

Dynamic Analysis for JavaScript Code

This work extends Jalangi, a dynamic analysis framework based on source code instrumentation, and develops NodeSec, which is a dynamic instrumentation framework that traces and sandboxes the interactions between a Node.js program and the operating system.

Efficient and Precise Dynamic Slicing for Client-Side JavaScript Programs

JavaScript is the de facto dominant programming language for developing web applications. Most popular websites are using JavaScript, especially to develop client-side features. Being syntactically

Detecting and understanding JavaScript global identifier conflicts on the web

This research developed a browser-based analysis framework, JSObserver, to collect and analyze the write operations to global memory locations by JavaScript code, and revealed that JavaScript global identifier conflicts are prevalent and could cause behavior deviation at run time.

Industry Practice of JavaScript Dynamic Analysis on WeChat Mini-Programs

  • Yi LiuJinhui Xie Yepang Liu
  • Computer Science
    2020 35th IEEE/ACM International Conference on Automated Software Engineering (ASE)
  • 2020
The experience of extending Jalangi, a dynamic analysis framework for JavaScript applications developed by academia, and applying the extended version, named WeJalangsi, to diagnose defects in WeChat Mini-Programs is reported.

Static security evaluation of an industrial web application

This paper proposes a novel approach to compare the precision, scalability and code coverage of two widely-used static analysis frameworks---WALA and SAFE---together with simplePack, which analyzer-agnostically bundles dependent modules, enabling a fair comparison.

Practical Analysis of the Dynamic Characteristics of JavaScript

This work presents an analysis framework and several dataflow analyses that can handle dynamic features in JavaScript and designs and instantiation of the JSBAF, a generalpurpose and flexible framework that judiciously combines dynamic and static analyses.

MemInsight : Platform-Independent Memory Profiling for JavaScript

  • Simon
  • Computer Science
  • 2015
This work presents MemInsight, a tool that provides detailed, time-varying analysis of the memory behavior of JavaScript applications, including web applications, and describes several client analyses built into it, including detection of possible memory leaks and opportunities for stack allocation and object inlining.

Platform-Independent Dynamic Taint Analysis for JavaScript

This work implemented the technique for the ECMAScript 5 language in a tool called Ichnaea, and evaluated it on 22 NPM modules containing several types of injection vulnerabilities, including 4 modules containing vulnerabilities that were not previously discovered and reported.

Accelerating JavaScript static analysis via dynamic shortcuts

This paper presents dynamic shortcuts, a new technique to flexibly switch between abstract and concrete execution during JavaScript static analysis in a sound way that can significantly improve the analysis performance and precision by using highlyoptimized commercial JavaScript engines and lessen the modeling efforts for opaque code.



Mugshot: Deterministic Capture and Replay for JavaScript Applications

Mugshot is a system that captures every event in an executing JavaScript program, allowing developers to deterministically replay past executions of web applications, and is one of the first capture systems that is practical to deploy to every client and run in the common case.

Correlation Tracking for Points-To Analysis of JavaScript

In an experimental evaluation, it is found that correlation tracking often dramatically improved analysis scalability and precision on popular JavaScript frameworks, though in some cases scalability challenges remain.

Automated construction of JavaScript benchmarks

JSBench is described, a flexible tool for workload capture and benchmark generation, and its use in creating eight benchmarks based on popular sites is demonstrated, showing that workloads created by JSBench match the behavior of the original web applications.

JSMeter: Comparing the Behavior of JavaScript Benchmarks with Real Web Applications

This paper evaluates the behavior of JavaScript web applications from commercial web sites and compares this behavior with the benchmarks, finding that the benchmarks are not representative of many real web Sites and that conclusions reached from measuring the benchmarks may be misleading.

Efficient construction of approximate call graphs for JavaScript IDE services

This work presents a scalable field-based flow analysis for constructing call graphs, and shows that the analysis, while in principle unsound, produces highly accurate call graphs in practice.

A Symbolic Execution Framework for JavaScript

This paper builds an automatic end-to-end tool, Kudzu, and applies it to the problem of finding client-side code injection vulnerabilities, and designs a new language of string constraints and implements a solver for it.

PinPlay: a framework for deterministic replay and reproducible analysis of parallel programs

The design of PinPlay is described, which is an easy-to-use framework for capturing, deterministically replaying, and analyzing execution of large programs with reasonable runtime and disk usage.

An analysis of the dynamic behavior of JavaScript programs

An empirical study of the dynamic behavior of a corpus of widely-used JavaScript programs is performed, and how and why the dynamic features are used are analyzed.

Towards Type Inference for JavaScript

This work develops a formalism for an object based language, JS0 with features from Javascript, including dynamic addition of fields and updating of methods, and defines a type inference algorithm for JS0 that is sound with respect to the type system.

JavaScript instrumentation for browser security

A useful by-product of this work is an operational semantics of a core subset of JavaScript, where code embedded in (HTML) documents may generate further document pieces at runtime, yielding a form of self-modifying code.