BoaSpect: An Expressive Instrumentation Platform for JavaScript
Pages 47 - 51
Abstract
Instrumentation platforms facilitate the development and deployment of dynamic analyses. The state-of-the-art instrumentation platforms for JavaScript rely on different weaving approaches for instrumentation, offering different levels of analysis expressiveness. The main issue is that they are unable to observe and reason about abstract operations, i.e. operations that are not exposed as language constructs but are used within the runtime. However, abstract operations are pivotal to understanding JavaScript’s program behaviour. This paper demonstrates the importance of exposing the ToPrimitive abstract operation, which lies at the core of JavaScript’s type coercion. We introduce BoaSpect, an interpreter-based instrumentation platform for JavaScript, which provides increased expressiveness by exposing the ToPrimitive trap through the instrumentation interface. We demonstrate its potential by implementing a novel analysis in BoaSpect to identify a potential security exploit, and a taint analysis which can track information flows precisely in the presence of implicit type coercions.
References
[1]
Mark W. Aldrich, Alexi Turcotte, Matthew Blanco, and Frank Tip. [n. d.]. Augur: Dynamic Taint Analysis for Asynchronous JavaScript. In 37th IEEE/ACM International Conference on Automated Software Engineering (Rochester, MI, USA, 2023) (ASE22, 153). Association for Computing Machinery. https://doi.org/10.1145/3551349.3559522
[2]
Esben Andreasen, Liang Gong, Anders Møller, Michael Pradel, Marija Selakovic, Koushik Sen, and Cristian-Alexandru Staicu. [n. d.]. A Survey of Dynamic Analysis and Test Generation for JavaScript. 50, 66 ([n. d.]). https://doi.org/10.1145/3106739
[3]
Abhishek Bichhawat, Vineet Rajani, Deepak Garg, and Christian Hammer. [n. d.]. Information Flow Control in WebKit’s JavaScript Bytecode. In Principles of Security and Trust (2014), Martín Abadi and Steve Kremer (Eds.). Springer Berlin Heidelberg, 159–178.
[4]
Fraser Brown, Shravan Narayan, Riad S. Wahby, Dawson Engler, Ranjit Jhala, and Deian Stefan. [n. d.]. Finding and Preventing Bugs in JavaScript Bindings. In 2017 IEEE Symposium on Security and Privacy (SP) (2017). 559–578. https://doi.org/10.1109/SP.2017.68
[5]
Laurent Christophe, Elisa Gonzalez Boix, Wolfgang De Meuter, and Coen De Roover. [n. d.]. Linvail: A General-Purpose Platform for Shadow Execution of JavaScript. In 2016 IEEE 23rd International Conference on Software Analysis, Evolution, and Reengineering (SANER) (2016), Vol. 1. 260–270. https://doi.org/10.1109/SANER.2016.91
[6]
Liang Gong, Michael Pradel, and Koushik Sen. [n. d.]. JITProf: Pinpointing JIT-Unfriendly JavaScript Code. In Proceedings of the 2015 10th Joint Meeting on Foundations of Software Engineering (Bergamo, Italy, 2015) (ESEC/FSE 2015). Association for Computing Machinery, 357–368. https://doi.org/10.1145/2786805.2786831
[7]
Rezwana Karim, Frank Tip, Alena Sochůrková, and Koushik Sen. [n. d.]. Platform-Independent Dynamic Taint Analysis for JavaScript. 46, 12 ([n. d.]), 1364–1379. https://doi.org/10.1109/TSE.2018.2878020
[8]
Florent Marchand de Kerchove, Jacques Noyé, and Mario Südholt. [n. d.]. Towards Modular Instrumentation of Interpreters in JavaScript. In Companion Proceedings of the 14th International Conference on Modularity (Fort Collins, CO, USA, 2015) (MODULARITY Companion 2015). Association for Computing Machinery, 64–69. https://doi.org/10.1145/2735386.2736753
[9]
Veselin Raychev, Martin Vechev, and Manu Sridharan. 2013. Effective Race Detection for Event-Driven Programs. In Proceedings of the 2013 ACM SIGPLAN International Conference on Object Oriented Programming Systems Languages & Applications (Indianapolis, Indiana, USA) (OOPSLA ’13). Association for Computing Machinery, 151–166. https://doi.org/10.1145/2509136.2509538
[10]
Koushik Sen, Swaroop Kalasapur, Tasneem Brutch, and Simon Gibbs. [n. d.]. Jalangi: A Selective Record-Replay and Dynamic Analysis Framework for JavaScript. In Proceedings of the 2013 9th Joint Meeting on Foundations of Software Engineering (Saint Petersburg, Russia, 2013) (ESEC/FSE 2013). Association for Computing Machinery, 488–498. https://doi.org/10.1145/2491411.2491447
[11]
Haiyang Sun, Daniele Bonetta, Christian Humer, and Walter Binder. [n. d.]. Efficient Dynamic Analysis for Node.Js. In Proceedings of the 27th International Conference on Compiler Construction (Vienna, Austria, 2018) (CC 2018). Association for Computing Machinery, 196–206. https://doi.org/10.1145/3178372.3179527
Index Terms
- BoaSpect: An Expressive Instrumentation Platform for JavaScript
Recommendations
Efficient dynamic analysis for Node.js
CC 2018: Proceedings of the 27th International Conference on Compiler ConstructionDue to its popularity, there is an urgent need for dynamic program-analysis tools for Node.js, helping developers find bugs, performance bottlenecks, and bad coding practices. Frameworks based on code-level instrumentation enable dynamic analyses close ...
Towards modular instrumentation of interpreters in JavaScript
MODULARITY Companion 2015: Companion Proceedings of the 14th International Conference on ModularityWith an initial motivation based on the security of web applications written in JavaScript, we consider the instrumentation of an interpreter for a dynamic analysis as a crosscutting concern. We define the instrumentation problem — an extension to the ...
NodeMOP: runtime verification for Node.js applications
SAC '19: Proceedings of the 34th ACM/SIGAPP Symposium on Applied ComputingNode.js has become one of the most popular frameworks for general-purpose and server-side application development in JavaScript. However, due to its dynamic, asynchronous, event-driven programming model, Node.js applications are considered error-prone, ...
Comments
Information & Contributors
Information
Published In
Copyright © 2024 ACM.
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].
Sponsors
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 09 July 2024
Check for updates
Author Tags
Qualifiers
- Research-article
- Research
- Refereed limited
Conference
‹Programming› '24
Sponsor:
‹Programming› '24: 8th International Conference on the Art, Science, and Engineering of Programming
March 11 - 15, 2024
Lund, Sweden
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 10Total Downloads
- Downloads (Last 12 months)10
- Downloads (Last 6 weeks)7
Reflects downloads up to 13 Sep 2024
Other Metrics
Citations
View Options
Get Access
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign inFull Access
View options
View or Download as a PDF file.
PDFeReader
View online with eReader.
eReaderHTML Format
View this article in HTML Format.
HTML Format