Dissertation Talk: Dynamic Analysis for JavaScript Code

Seminar | April 18 | 1:30-2:30 p.m. | 540 Cory Hall

 Liang Gong

 Electrical Engineering and Computer Sciences (EECS)

JavaScript has become one of the most prevalent programming languages. It was originally designed as a simple language to enhance web front-end in the browser. Over the past two decades, JavaScript has evolved into a full-fledged programming language for developing in-browser, server-side, desktop, and mobile applications. Despite its great success, the language is known for its suboptimal design, which causes various pitfalls that developers should avoid. To effectively use JavaScript, lightweight static analyses, implemented in "lint-like" tools, are widely adopted to detect potential issues in JavaScript code. Unfortunately, the effectiveness of the static analysis techniques is often limited by JavaScript’s dynamic nature and the need to over-approximate runtime behaviors.

To address this challenge, we develop two dynamic analysis infrastructures called Jalangi and NodeSec, which analyze the actual runtime behavior for more precise detection. Based on the infrastructures, we research dynamic analysis techniques to detect potential issues in JavaScript code. We demonstrate the effectiveness of our technique by detecting dozens of bugs in the world's most popular websites, by finding hundreds of security issues in npm packages, and by pinpointing code patterns that prevent JavaScript engines to perform profitable optimization in well-known benchmarks.

Advisor: Koushik Sen

 CA 94704, gongliang13@cs.berkeley.edu, 510-9848707