Dynamics of JavaScript
This page chronicles and archives efforts to
- Analyze the dynamic behavior of JavaScript programs and its implications on analysis and security.
- Provide tools which help developers and implementors cope with JavaScript's dynamism.
- Design extensions to JavaScript which allow developers to reign in this behavior, without sacrificing expressibility.
The team working on this includes Gregor Richards, Jan Vitek, Francesco Zappa Nardelli, Adam Domurad and alumni Fadi Meawad, Christian Hammer, Brian Burg, and Sylvain Lebresne.
Concrete Types for TypeScript
As our first foray into TypeScript, our ECOOP 2015 paper Concrete Types for TypeScript describes language extensions which allow safe static typing in TypeScript, a system which previously had only unsound types.
More information on the system, StrongScript, can be found at its homepage.
Eval Begone! : Semi-Automated Removal of Eval from JavaScript Programs
As a followup to our study of the uses of eval, we have created a tool that profiles the dynamic usage of eval on any website, and suggests a replacement through a patch. The tool utilizes the JSBench framework.
- Evalorizer sources (2012-04-16)
JSBench: Automatically-Constructed Realistic JavaScript Benchmarks
The paper JSMeter: Comparing the Behavior of JavaScript Benchmarks with Real Web Applications (Web Apps 2010) as well as our own paper An Analysis of the Dynamic Behavior of JavaScript Programs (PLDI 2010) made clear that the current JavaScript benchmarks are poor representatives of real JavaScript programs. As such, we are working on creating more realistic benchmarks from first principles: By distilling benchmarks from real web pages, we hope to create benchmarks which faithfully reproduce the important parts of the original behavior, while also assuring correctness and repeatability.
- JSBench paper in OOPSLA 2011
- The JSBench software is implemented in JavaScript, and available under the terms of the simplified BSD license.
- A public suite of JSBench-generated benchmarks is available.
JSLocker: Security for JavaScript
Providing security guarantees for software systems built out of untrusted components requires the ability to enforce fine-grained access control policies. This is evident in Web 2.0 applications where JavaScript code from different origins is often combined on a single page, leading to well-known vulnerabilities. We are working on a security infrastructure which allows users and content providers to specify access control policies over delimited histories, subsets of JavaScript execution traces, allowing revocation of the history, and reversion to a safe state if a violation is detected.
Use of Eval
We have recently collected extensive data on the use of eval in popular JavaScript programs. The findings will be presented at ECOOP 2011.
Gregor Richards, Christian Hammer, Brian Burg, Jan Vitek : The Eval that Men Do – A Large-scale Study of the Use of Eval in JavaScript Applications. Accepted for publication at ECOOP 2011.
We are currently working on creating a tool that will allow web developers to check if eval on their sites is really needed, and if not, provide alternative solutions.
Dynamic Behavior
Our paper An Analysis of the Dynamic Behavior of JavaScript Programs was published in PLDI 2010. It used the following tools and data:
- The tracing infrastructure and tools
- The generated trace database
- The collected traces (as this file is extremely large, we ask that you spare our bandwidth by not downloading it unless you need it; the database above contains most of the information, albeit already processed)
- The generated charts, web-browsable, for all sites
- The generated charts, single tar.bz2, for all sites
Previous Work
The slides for Gregor's presentation on the dynamics of JavaScript at STOP 2009 are available: Presentation (4up)
Sponsorship
This work is sponsored by a Microsoft Research SEIF award, a fellowship from Mozilla Corporation, and Google.