Search Results: 1 - 10 of 100 matches for " "
All listed articles are free for downloading (OA Articles)
Page 1 /100
Display every page Item
Transparent Object Proxies for JavaScript  [PDF]
Matthias Keil,Sankha Narayan Guria,Andreas Schlegel,Manuel Geffken,Peter Thiemann
Computer Science , 2015,
Abstract: Proxies are the swiss army knives of object adaptation. They introduce a level of indirection to intercept select operations on a target object and divert them as method calls to a handler. Proxies have many uses like implementing access control, enforcing contracts, virtualizing resources. One important question in the design of a proxy API is whether a proxy object should inherit the identity of its target. Apparently proxies should have their own identity for security-related applications whereas other applications, in particular contract systems, require transparent proxies that compare equal to their target objects. We examine the issue with transparency in various use cases for proxies, discuss different approaches to obtain transparency, and propose two designs that require modest modifications in the JavaScript engine and cannot be bypassed by the programmer. We implement our designs in the SpiderMonkey JavaScript interpreter and bytecode compiler. Our evaluation shows that these modifications of have no statistically significant impact on the benchmark performance of the JavaScript engine. Furthermore, we demonstrate that contract systems based on wrappers require transparent proxies to avoid interference with program execution in realistic settings.
JavaScript Generators
Daniel Constantin Ghita
Studia Universitatis Babes-Bolyai : Series Informatica , 2010,
Abstract: The JavaScript language is used for client-side programing in web applications. JavaScript is sent as source code from the web server to the user's browser and executed locally. Because not all current browsers support the latest version of JavaScript, developers are limited to use only the features supported by the lowest common denominator. I propose an approach to solve this problem by using an intermediary compile step which transforms the code written by the user into code supported by all browsers. This allows web developers to use the latest version of JavaScript today, without having to wait until all major browsers implement all the features.
The Essence of JavaScript  [PDF]
Arjun Guha,Claudiu Saftoiu,Shriram Krishnamurthi
Computer Science , 2015, DOI: 10.1007/978-3-642-14107-2_7
Abstract: We reduce JavaScript to a core calculus structured as a small-step operational semantics. We present several peculiarities of the language and show that our calculus models them. We explicate the desugaring process that turns JavaScript programs into ones in the core. We demonstrate faithfulness to JavaScript using real-world test suites. Finally, we illustrate utility by defining a security property, implementing it as a type system on the core, and extending it to the full language.
Information Flow Control in WebKit's JavaScript Bytecode  [PDF]
Abhishek Bichhawat,Vineet Rajani,Deepak Garg,Christian Hammer
Computer Science , 2014,
Abstract: Websites today routinely combine JavaScript from multiple sources, both trusted and untrusted. Hence, JavaScript security is of paramount importance. A specific interesting problem is information flow control (IFC) for JavaScript. In this paper, we develop, formalize and implement a dynamic IFC mechanism for the JavaScript engine of a production Web browser (specifically, Safari's WebKit engine). Our IFC mechanism works at the level of JavaScript bytecode and hence leverages years of industrial effort on optimizing both the source to bytecode compiler and the bytecode interpreter. We track both explicit and implicit flows and observe only moderate overhead. Working with bytecode results in new challenges including the extensive use of unstructured control flow in bytecode (which complicates lowering of program context taints), unstructured exceptions (which complicate the matter further) and the need to make IFC analysis permissive. We explain how we address these challenges, formally model the JavaScript bytecode semantics and our instrumentation, prove the standard property of termination-insensitive non-interference, and present experimental results on an optimized prototype.
JSAI: Designing a Sound, Configurable, and Efficient Static Analyzer for JavaScript  [PDF]
Vineeth Kashyap,Kyle Dewey,Ethan A. Kuefner,John Wagner,Kevin Gibbons,John Sarracino,Ben Wiedermann,Ben Hardekopf
Computer Science , 2014,
Abstract: We describe JSAI, an abstract interpreter for JavaScript. JSAI uses novel abstract domains to compute a reduced product of type inference, pointer analysis, string analysis, integer and boolean constant propagation, and control-flow analysis. In addition, JSAI allows for analysis control-flow sensitivity (i.e., context-, path-, and heap-sensitivity) to be modularly configured without requiring any changes to the analysis implementation. JSAI is designed to be provably sound with respect to a specific concrete semantics for JavaScript, which has been extensively tested against existing production-quality JavaScript implementations. We provide a comprehensive evaluation of JSAI's performance and precision using an extensive benchmark suite. This benchmark suite includes real-world JavaScript applications, machine-generated JavaScript code via Emscripten, and browser addons. We use JSAI's configurability to evaluate a large number of analysis sensitivities (some well-known, some novel) and observe some surprising results. We believe that JSAI's configurability and its formal specifications position it as a useful research platform to experiment on novel sensitivities, abstract domains, and client analyses for JavaScript.
Semantics and Security Issues in JavaScript  [PDF]
Stéphane Ducasse,Nicolas Petton,Guillermo Polito,Damien Cassou
Computer Science , 2012,
Abstract: There is a plethora of research articles describing the deep semantics of JavaScript. Nevertheless, such articles are often difficult to grasp for readers not familiar with formal semantics. In this report, we propose a digest of the semantics of JavaScript centered around security concerns. This document proposes an overview of the JavaScript language and the misleading semantic points in its design. The first part of the document describes the main characteristics of the language itself. The second part presents how those characteristics can lead to problems. It finishes by showing some coding patterns to avoid certain traps and presents some ECMAScript 5 new features.
Speculative Staging for Interpreter Optimization  [PDF]
Stefan Brunthaler
Computer Science , 2013,
Abstract: Interpreters have a bad reputation for having lower performance than just-in-time compilers. We present a new way of building high performance interpreters that is particularly effective for executing dynamically typed programming languages. The key idea is to combine speculative staging of optimized interpreter instructions with a novel technique of incrementally and iteratively concerting them at run-time. This paper introduces the concepts behind deriving optimized instructions from existing interpreter instructions---incrementally peeling off layers of complexity. When compiling the interpreter, these optimized derivatives will be compiled along with the original interpreter instructions. Therefore, our technique is portable by construction since it leverages the existing compiler's backend. At run-time we use instruction substitution from the interpreter's original and expensive instructions to optimized instruction derivatives to speed up execution. Our technique unites high performance with the simplicity and portability of interpreters---we report that our optimization makes the CPython interpreter up to more than four times faster, where our interpreter closes the gap between and sometimes even outperforms PyPy's just-in-time compiler.
Interactive learning aided by JavaScript  [cached]
A. Wise
Research in Learning Technology , 1999, DOI: 10.3402/rlt.v7i2.11535
Abstract: In recent years, the use of information technology to support learning in nutrition education has moved from mainframe-based programs to PC and Internet-based systems (Wise, 1986,1998). Many lecturers are now exploring the use of the Internet and Intranets for education and this adds a new potential method for providing support to students. A search of the Internet for a technical term frequently links to pages containing notes for students. Some of these pages contain interactive elements that test whether students have learned the material. This paper is a case study that attempts to show how simple it is to build interactivity for students using JavaScript. Many programs can be written using the language Java, but the browser needs to be specially configured and considerable programming experience is required. Java is frequently confused with JavaScript, which is actually a language supported entirely within the browser itself. A browser will interpret code in JavaScript that is simply included within appropriate HTML tags on the page. JavaScript is used to provide simple interactivity and most people will have spotted its common features: buttons and text entry used on forms to provide feedback to the originators of Web pages. An advantage of JavaScript is that browsers are able to use this language, whatever the operating system, not only in Windows.
Pushdown Abstractions of JavaScript  [PDF]
David Van Horn,Matthew Might
Computer Science , 2011,
Abstract: We design a family of program analyses for JavaScript that make no approximation in matching calls with returns, exceptions with handlers, and breaks with labels. We do so by starting from an established reduction semantics for JavaScript and systematically deriving its intensional abstract interpretation. Our first step is to transform the semantics into an equivalent low-level abstract machine: the JavaScript Abstract Machine (JAM). We then give an infinite-state yet decidable pushdown machine whose stack precisely models the structure of the concrete program stack. The precise model of stack structure in turn confers precise control-flow analysis even in the presence of control effects, such as exceptions and finally blocks. We give pushdown generalizations of traditional forms of analysis such as k-CFA, and prove the pushdown framework for abstract interpretation is sound and computable.
Approaches to Interpreter Composition  [PDF]
Edd Barrett,Carl Friedrich Bolz,Laurence Tratt
Computer Science , 2014,
Abstract: In this paper, we compose six different Python and Prolog VMs into 4 pairwise compositions: one using C interpreters; one running on the JVM; one using meta-tracing interpreters; and one using a C interpreter and a meta-tracing interpreter. We show that programs that cross the language barrier frequently execute faster in a meta-tracing composition, and that meta-tracing imposes a significantly lower overhead on composed programs relative to mono-language programs.
Page 1 /100
Display every page Item

Copyright © 2008-2017 Open Access Library. All rights reserved.