Dynamics of JavaScript
This page is now retired. Information is preserved here for archival purposes.
This project intends to analyze the dynamic behavior of JavaScript programs and its implications on analyses and security. The team working on this has included Gregor Richards, Fadi Meawad, Jan Vitek, Christian Hammer, Brian Burg, and Sylvain Lebresne.
Eval Begone! : Semi-Automated Removal of Eval from JavaScript Programs
As a followup to our study of the uses of eval, we have created a tool that profiles the dynamic usage of eval on any website, and suggests a replacement through a patch. The tool utilizes the JSBench framework.
- Evalorizer sources (2012-04-16)
JSBench: Automatically-Constructed Realistic JavaScript Benchmarks
The paper JSMeter: Comparing the Behavior of JavaScript Benchmarks with Real Web Applications (Web Apps 2010) as well as our own paper An Analysis of the Dynamic Behavior of JavaScript Programs (PLDI 2010) made clear that the current JavaScript benchmarks are poor representatives of real JavaScript programs. As such, we are working on creating more realistic benchmarks from first principles: By distilling benchmarks from real web pages, we hope to create benchmarks which faithfully reproduce the important parts of the original behavior, while also assuring correctness and repeatability.
- JSBench paper in OOPSLA 2011
- The JSBench software is implemented in JavaScript, and available under the terms of the simplified BSD license.
- A public suite of JSBench-generated benchmarks is available.
JSLocker: Security for JavaScript
Providing security guarantees for software systems built out of untrusted components requires the ability to enforce fine-grained access control policies. This is evident in Web 2.0 applications where JavaScript code from different origins is often combined on a single page, leading to well-known vulnerabilities. We are working on a security infrastructure which allows users and content providers to specify access control policies over delimited histories, subsets of JavaScript execution traces, allowing revocation of the history, and reversion to a safe state if a violation is detected.
Use of Eval
We have recently collected extensive data on the use of eval in popular JavaScript programs. The findings will be presented at ECOOP 2011.
Gregor Richards, Christian Hammer, Brian Burg, Jan Vitek : The Eval that Men Do – A Large-scale Study of the Use of Eval in JavaScript Applications. Accepted for publication at ECOOP 2011.
We are currently working on creating a tool that will allow web developers to check if eval on their sites is really needed, and if not, provide alternative solutions.
Dynamic Behavior
Our paper An Analysis of the Dynamic Behavior of JavaScript Programs was published in PLDI 2010. It used the following tools and data:
- The tracing infrastructure and tools
- The generated trace database
- The collected traces (as this file is extremely large, we ask that you spare our bandwidth by not downloading it unless you need it; the database above contains most of the information, albeit already processed)
- The generated charts, web-browsable, for all sites
- The generated charts, single tar.bz2, for all sites
Previous Work
The slides for Gregor's presentation on the dynamics of JavaScript at STOP 2009 are available: Presentation (4up)
Sponsorship
This work is sponsored by a Microsoft Research SEIF award, a fellowship from Mozilla Corporation, and Google.