Oron: Towards a Dynamic Analysis Instrumentation Platform for AssemblyScript
Authors: 
Aäron Munsters, Angel Luis Scull Pupo, Jim Bauwens, 
Elisa Gonzalez BoixAuthors Info & Claims
Aäron Munsters, Angel Luis Scull Pupo, Jim Bauwens, Elisa Gonzalez BoixAuthors Info & ClaimsPages 6 - 13
Abstract
The dynamic nature of JavaScript may lead to challenges and issues regarding efficiency and security. Analysis tools can help developers tackle some of these issues. In the context of web applications, dynamic analyses are best suited for handling those dynamic features but may affect the programs execution performance. In a first experiment, we attempted to improve the performance of the Aran dynamic analysis platform for JavaScript by utilizing WebAssembly. The extension caused extra performance hits due to context switches between JavaScript and WebAssembly. Because these context switches are inevitable, we decided to refit our work for the analysis of AssemblyScript, a variant of TypeScript which compiles to WebAssembly (and therefore excluding context switches). In this work, we explore this approach in the form of a new source code instrumentation platform named Oron, which allows for the instrumentation of AssemblyScript code. The presented platform is evaluated and shows promising improvements which provide a solid basis for efficient dynamic analysis of AssemblyScript applications.
References
[1]
Esben Andreasen, Liang Gong, Anders Møller, Michael Pradel, Marija Selakovic, Koushik Sen, and Cristian-Alexandru Staicu. 2017. A survey of dynamic analysis and test generation for JavaScript. ACM Computing Surveys (CSUR) 50, 5 (2017), 1–36.
[2]
Gavin Bierman, Martín Abadi, and Mads Torgersen. 2014. Understanding TypeScript. In ECOOP 2014 – Object-Oriented Programming, Richard Jones (Ed.). Springer Berlin Heidelberg, Berlin, Heidelberg, 257–281. https://doi.org/10.1007/978-3-662-44202-9_11
[3]
Cristian Calude, Solomon Marcus, and Ionel Tevy. 1979. The first example of a recursive function which is not primitive recursive. Historia Mathematica 6, 4 (1979), 380–384.
[4]
Laurent Christophe. 2015. Aran. https://github.com/lachrist/aran. Last captured on 5th, January 2020.
[5]
Laurent Christophe, Elisa Gonzalez Boix, Wolfgang De Meuter, and Coen De Roover. 2016. Linvail: A general-purpose platform for shadow execution of JavaScript. In 2016 IEEE 23rd International Conference on Software Analysis, Evolution, and Reengineering (SANER), Vol. 1. IEEE, IEEE Computer Society, Suita, Osaka, Japan, 260–270. https://doi.org/10.1109/SANER.2016.91
[6]
Edsger W. Dijkstra. 1979. In honour of Fibonacci. Springer Berlin Heidelberg, Berlin, Heidelberg, 49–50. https://doi.org/10.1007/BFb0014655
[7]
Andreas Haas, Andreas Rossberg, Derek L. Schuff, Ben L. Titzer, Michael Holman, Dan Gohman, Luke Wagner, Alon Zakai, and JF Bastien. 2017. Bringing the Web up to Speed with WebAssembly. In Proceedings of the 38th ACM SIGPLAN Conference on Programming Language Design and Implementation (Barcelona, Spain) (PLDI 2017). Association for Computing Machinery, New York, NY, USA, 185–200. https://doi.org/10.1145/3062341.3062363
[8]
Erick Lavoie, Bruno Dufour, and Marc Feeley. 2014. Portable and Efficient Run-time Monitoring of JavaScript Applications Using Virtual Machine Layering. In ECOOP 2014 – Object-Oriented Programming, Richard Jones (Ed.). Springer Berlin Heidelberg, Berlin, Heidelberg, 541–566. https://doi.org/10.1007/978-3-662-44202-9_22
[9]
Daniel Lehmann and Michael Pradel. 2019. Wasabi: A Framework for Dynamically Analyzing WebAssembly. In Proceedings of the Twenty-Fourth International Conference on Architectural Support for Programming Languages and Operating Systems (Providence, RI, USA) (ASPLOS ’19). Association for Computing Machinery, New York, NY, USA, 1045–1058. https://doi.org/10.1145/3297858.3304068
[10]
V. Benjamin Livshits and Monica S. Lam. 2005. Finding Security Vulnerabilities in Java Applications with Static Analysis. In Proceedings of the 14th Conference on USENIX Security Symposium - Volume 14 (Baltimore, MD) (SSYM’05). USENIX Association, USA, 18.
[11]
J. McCarthy. 1979. An Interesting LISP Function. Lisp Bull.3 (Dec. 1979), 6–8. https://doi.org/10.1145/1411829.1411833
[12]
Koushik Sen, Swaroop Kalasapur, Tasneem Brutch, and Simon Gibbs. 2013. Jalangi: a selective record-replay and dynamic analysis framework for JavaScript. In Proceedings of the 2013 9th Joint Meeting on Foundations of Software Engineering. Association for Computing Machinery, New York, NY, USA, 488–498. https://doi.org/10.1145/2491411.2491447
[13]
Julian Seward and Nicholas Nethercote. 2005. Using Valgrind to Detect Undefined Value Errors with Bit-Precision. In Proceedings of the Annual Conference on USENIX Annual Technical Conference (Anaheim, CA) (ATEC ’05). USENIX Association, USA, 2.
[14]
Haiyang Sun, Daniele Bonetta, Christian Humer, and Walter Binder. 2018. Efficient Dynamic Analysis for Node.Js. In Proceedings of the 27th International Conference on Compiler Construction (Vienna, Austria) (CC 2018). Association for Computing Machinery, New York, NY, USA, 196–206. https://doi.org/10.1145/3178372.3179527
[15]
The AssemblyScript Project. 2020. AssemblyScript. https://www.assemblyscript.org/. Last captured on 9th, August 2020.
[16]
John Viega, Jon-Thomas Bloch, Yoshi Kohno, and Gary McGraw. 2000. ITS4: A Static Vulnerability Scanner for C and C++ Code. In Proceedings of the 16th Annual Computer Security Applications Conference(ACSAC ’00). IEEE Computer Society, USA, 257–267.
[17]
Thomas Würthinger, Christian Wimmer, Christian Humer, Andreas Wöß, Lukas Stadler, Chris Seaton, Gilles Duboscq, Doug Simon, and Matthias Grimmer. 2017. Practical Partial Evaluation for High-Performance Dynamic Language Runtimes. SIGPLAN Not. 52, 6 (June 2017), 662–676. https://doi.org/10.1145/3140587.3062381
[18]
Zhongxing Xu, Ted Kremenek, and Jian Zhang. 2010. A Memory Model for Static Analysis of C Programs. In Leveraging Applications of Formal Methods, Verification, and Validation, Tiziana Margaria and Bernhard Steffen (Eds.). Springer Berlin Heidelberg, Berlin, Heidelberg, 535–548. https://doi.org/10.1007/978-3-642-16558-0_44
Recommendations
Efficient dynamic analysis for Node.js
CC '18: Proceedings of the 27th International Conference on Compiler ConstructionDue to its popularity, there is an urgent need for dynamic program-analysis tools for Node.js, helping developers find bugs, performance bottlenecks, and bad coding practices. Frameworks based on code-level instrumentation enable dynamic analyses close ...
Supporting PHP dynamic analysis in PHP AiR
WODA 2015: Proceedings of the 13th International Workshop on Dynamic AnalysisThe PHP AiR framework is currently being developed to support software metrics, empirical software engineering, and program analysis for real-world PHP systems. While most of the work on program analysis has focused on static analysis, to help address ...
BoaSpect: An Expressive Instrumentation Platform for JavaScript
Programming '24: Companion Proceedings of the 8th International Conference on the Art, Science, and Engineering of ProgrammingInstrumentation platforms facilitate the development and deployment of dynamic analyses. The state-of-the-art instrumentation platforms for JavaScript rely on different weaving approaches for instrumentation, offering different levels of analysis ...
Comments
Information & Contributors
Information
Published In
March 2021
76 pages
Copyright © 2021 ACM.
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 21 August 2021
Check for updates
Author Tags
Qualifiers
- Research-article
- Research
- Refereed limited
Funding Sources
- FWO SB fellowship
Conference
<Programming> '21
<Programming> '21: 5th International Conference on the Art, Science, and Engineering of Programming
March 22 - 26, 2021
Cambridge, United Kingdom
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 97Total Downloads
- Downloads (Last 12 months)20
- Downloads (Last 6 weeks)0
Reflects downloads up to 02 Feb 2025
Other Metrics
Citations
Cited By
View allView Options
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign inFull Access
View options
View or Download as a PDF file.
PDFeReader
View online with eReader.
eReaderHTML Format
View this article in HTML Format.
HTML Format