Presentation is loading. Please wait.

Presentation is loading. Please wait.

Gulfstream Salvatore Guarnieri University of Washington Ben Livshits Microsoft Research Staged Static Analysis for Streaming JavaScript Applications.

Published byChristine Turner Modified over 8 years ago

Similar presentations

Presentation on theme: "Gulfstream Salvatore Guarnieri University of Washington Ben Livshits Microsoft Research Staged Static Analysis for Streaming JavaScript Applications."— Presentation transcript:

1 Gulfstream Salvatore Guarnieri University of Washington Ben Livshits Microsoft Research Staged Static Analysis for Streaming JavaScript Applications

2 1 Third Party Server Web application widget.js Web page

3 Safe Code Inclusion In JavaScript Runtime Enforcement Conscript [Oakland 10] BrowserShield [OSDI 06] Caja Static Analysis Gatekeeper [USENIX Sec 09] Staged Information flow for JavaScript [PLDI 09] 2 Whole program analysis approaches require the entire program

4 3

5 4 JavaScript programs are streaming

6 function foo(){...} var f = foo; function bar(){...} if (...) f = bar;... Script Creation 5 What does f refer to?

7 Incremental Loading in Facebook 6 71%

8 ✔ ✔ Gulfstream In Action 7 OfflineOnline ✔ ✔ ✔ ✔

9 Outline Motivation Implementation Evaluation Conclusions 8

10 Queries We want to determine something about the program Example – What does f() refer to – Detect alert calls – Does this program use setTimeout 9

11 Points-To Analysis Provides deep program understanding Can be used to construct call graphs Is the foundation of further analyses Answers a simple question: What heap locations does variable x point to 10

12 Points-To Example 11

13 Implementation Strategies Datalog with bddbddb + Fast for large programs + Highly tuned - Large startup cost - Difficult to implement in the browser Used in Gatekeeper [USENIX Sec 09] Graph-based flow analysis + Very small startup cost + Customized to work with Gulfstream - Does not scale well 12

14 Implementation Normalize JavaScript – Turn program into a series of simple statements – Introduce temporaries as necessary Create flow graph – Use normalized program to generate flow constraints Serialize flow graph – Encode the flow-graph so online analysis can use it to update results 13

15 Implementation Continued Perform points-to analysis – Traverse flow graph to find all aliases – Follow flow through method boundaries – Generate points-to map for queries to use Queries – Use points-to data and flow graph to answer queries 14

16 Evaluation Question – Is Gulfstream faster than non-staged analysis Benchmarks – Synthetically generated – Scraped from Google code – Scraped from Facebook Simulate diverse environments – CPU speed and network properties – Cell phone, laptop, desktop, etc. 15

17 Laptop Running Time Comparison 16 After 30KB of updates, Gulfstream is no longer faster

18 Simulated Devices Low power mobile High power 17

19 Lessons Learned Slow devices benefit from Gulfstream A slow network can negate the benefits of the staged analysis Large page updates don’t benefit from Gulfstream 18

20 Facebook Experiment Visit 4 pages – Home – Friends – Inbox – Profile Each page loads additional JavaScript 19

21 Gulfstream Savings: Slow Devices 20

22 Gulfstream Savings: Fast Devices 21 10 seconds saved

23 Conclusion Gulfstream, staged analysis for JavaScript Staged analysis – Offline on the server – Online in the browser Wide range of experiments – For small updates, Gulfstream is faster – Devices with slow CPU benefit most 22

24 The End Contact: salvatore.guarnieri@gmail.com 23

Download ppt "Gulfstream Salvatore Guarnieri University of Washington Ben Livshits Microsoft Research Staged Static Analysis for Streaming JavaScript Applications."

Similar presentations

www.dynamicsoft.com Fall IM 2000 Evfolution of Presence Based Networks Evolution of Presence Based Networks Jonathan Rosenberg Chief Scientist.

Fall IM 2000 Evfolution of Presence Based Networks Evolution of Presence Based Networks Jonathan Rosenberg Chief Scientist.
Cobalt: Separating content distribution from authorization in distributed file systems Kaushik Veeraraghavan Andrew Myrick Jason Flinn University of Michigan.

Cobalt: Separating content distribution from authorization in distributed file systems Kaushik Veeraraghavan Andrew Myrick Jason Flinn University of Michigan.
Java Script Session1 INTRODUCTION.

Java Script Session1 INTRODUCTION.
GATEKEEPER MOSTLY STATIC ENFORCEMENT OF SECURITY AND RELIABILITY PROPERTIES FOR JAVASCRIPT CODE Salvatore Guarnieri & Benjamin Livshits Presented by Michael.

GATEKEEPER MOSTLY STATIC ENFORCEMENT OF SECURITY AND RELIABILITY PROPERTIES FOR JAVASCRIPT CODE Salvatore Guarnieri & Benjamin Livshits Presented by Michael.
Presented by Vaibhav Rastogi.  Advent of Web 2.0 and Mashups  Inclusion of untrusted third party content a necessity  Need to restrict the functionality.

Presented by Vaibhav Rastogi.  Advent of Web 2.0 and Mashups  Inclusion of untrusted third party content a necessity  Need to restrict the functionality.
By Philipp Vogt, Florian Nentwich, Nenad Jovanovic, Engin Kirda, Christopher Kruegel, and Giovanni Vigna Network and Distributed System Security(NDSS ‘07)

By Philipp Vogt, Florian Nentwich, Nenad Jovanovic, Engin Kirda, Christopher Kruegel, and Giovanni Vigna Network and Distributed System Security(NDSS ‘07)
The Ant and The Grasshopper Fast and Accurate Pointer Analysis for Millions of Lines of Code Ben Hardekopf and Calvin Lin PLDI 2007 (Best Paper & Best.

The Ant and The Grasshopper Fast and Accurate Pointer Analysis for Millions of Lines of Code Ben Hardekopf and Calvin Lin PLDI 2007 (Best Paper & Best.
Gatekeeper : Mostly Static Enforcement of Security & Reliability Policies for JavaScript Code Ben Livshits Salvatore Guarnieri.

Gatekeeper : Mostly Static Enforcement of Security & Reliability Policies for JavaScript Code Ben Livshits Salvatore Guarnieri.
Working with JavaScript. 2 Objectives Introducing JavaScript Inserting JavaScript into a Web Page File Writing Output to the Web Page Working with Variables.

Working with JavaScript. 2 Objectives Introducing JavaScript Inserting JavaScript into a Web Page File Writing Output to the Web Page Working with Variables.
November 29, 2005Christopher Tuttle1 Linear Scan Register Allocation Massimiliano Poletto (MIT) and Vivek Sarkar (IBM Watson)

November 29, 2005Christopher Tuttle1 Linear Scan Register Allocation Massimiliano Poletto (MIT) and Vivek Sarkar (IBM Watson)
Speeding Up Dataflow Analysis Using Flow- Insensitive Pointer Analysis Stephen Adams, Tom Ball, Manuvir Das Sorin Lerner, Mark Seigle Westley Weimer Microsoft.

Speeding Up Dataflow Analysis Using Flow- Insensitive Pointer Analysis Stephen Adams, Tom Ball, Manuvir Das Sorin Lerner, Mark Seigle Westley Weimer Microsoft.
Reducing the Energy Usage of Office Applications Jason Flinn M. Satyanarayanan Carnegie Mellon University Eyal de Lara Dan S. Wallach Willy Zwaenepoel.

Reducing the Energy Usage of Office Applications Jason Flinn M. Satyanarayanan Carnegie Mellon University Eyal de Lara Dan S. Wallach Willy Zwaenepoel.
Multiple Tiers in Action

Multiple Tiers in Action
Staged Information Flow for JavaScript Ravi Chugh, Jeff Meister, Ranjit Jhala, Sorin Lerner UC San Diego.

Staged Information Flow for JavaScript Ravi Chugh, Jeff Meister, Ranjit Jhala, Sorin Lerner UC San Diego.
Generic Simulator for Users' Movements and Behavior in Collaborative Systems.

Generic Simulator for Users' Movements and Behavior in Collaborative Systems.
JSZap: Compressing JavaScript Code Martin Burtscher, UT Austin Ben Livshits & Ben Zorn, Microsoft Research Gaurav Sinha, IIT Kanpur.

JSZap: Compressing JavaScript Code Martin Burtscher, UT Austin Ben Livshits & Ben Zorn, Microsoft Research Gaurav Sinha, IIT Kanpur.
Web Design Basic Concepts.

Web Design Basic Concepts.
Linear Scan Register Allocation POLETTO ET AL. PRESENTED BY MUHAMMAD HUZAIFA (MOST) SLIDES BORROWED FROM CHRISTOPHER TUTTLE 1.

Linear Scan Register Allocation POLETTO ET AL. PRESENTED BY MUHAMMAD HUZAIFA (MOST) SLIDES BORROWED FROM CHRISTOPHER TUTTLE 1.
DESIGNING FOR MOBILE Lunch & Learn Series | February 20, 2014.

DESIGNING FOR MOBILE Lunch & Learn Series | February 20, 2014.
Intro to PHP Introduction to server-side scripts (It’s all good :D) © TAFE NSW 2013 1.

Intro to PHP Introduction to server-side scripts (It’s all good :D) © TAFE NSW

Similar presentations

Ads by Google