1. Introduction javascript(JS) is a language that is evolving. Some features proposed for JS arguably made it more complex and had to be abandoned (features in ECMAScript 4). Other efforts to evolve the language defin...
详细信息
ISBN:
(纸本)9781450315630
1. Introduction javascript(JS) is a language that is evolving. Some features proposed for JS arguably made it more complex and had to be abandoned (features in ECMAScript 4). Other efforts to evolve the language defined a subset of language that provides rigorous error checking and avoid error-prone constructs (ECMAScript 5). However, most of these attempts to include or exclude JS features were done without a scientific study of how the language features are used by developers. Advances in javascript have not been backed by largescale empirical studies on how people use JS features and how people react to the changes in javascript standards. Without this information, it is hard to determine how to evolve the language, which IDE features and refactorings to develop, how to optimize programs, how to teach developers good programming practices, etc. We perform an empirical study on a huge corpus of JS programs. The test corpus consists of more than a million scripts from well-known and not-so-well-known webpages, and from Firefox Addons. We studied various JS features. This paper describes two JS features: the way JS variables are declared in block scope and function scope, and the way for..in statements are used in programs.
In today's web applications asynchronous requests to remote services using callbacks or futures are omnipresent. The continuation of such a non-blocking task is represented as a callback function that will later b...
详细信息
ISBN:
(纸本)9781450344463
In today's web applications asynchronous requests to remote services using callbacks or futures are omnipresent. The continuation of such a non-blocking task is represented as a callback function that will later be called with the result of the request. This style of programming where the remainder of a computation is captured in a continuation function is called continuation-passing style (CPS). This style of programming can quickly lead to a phenomenon called "callback hell", which has a negative impact on the maintainability of applications that employ this style. Several alternatives to callbacks are therefore gaining traction within the web domain. For example, there are a number of frameworks that rely on automatically transforming sequential style code into the continuation-passing style. However, these frameworks often employ a conservative approach in which each function call is transformed into CPS. This conservative approach can sequentialise requests that could otherwise be run in parallel. So-called delimited continuations can remedy, but require special marks that have to be manually inserted in the code for marking the beginning and end of the continuation. In this paper we propose an alternative strategy in which we apply a delimited CPS transformation that operates on a Program Dependence Graph instead to find the limits of each continuation. We implement this strategy in javascript and demonstrate its applicability to various web programming scenarios.
Purpose - The purpose of this paper is to review the advantages of the javascript programming language for demonstration programs. A major disadvantage is the difficulty of exporting data from such programs, felt part...
详细信息
Purpose - The purpose of this paper is to review the advantages of the javascript programming language for demonstration programs. A major disadvantage is the difficulty of exporting data from such programs, felt particularly when graphical output is wanted. The paper describes and compares two ways of overcoming the difficulty. Design/methodology/approach - One of the methods depends on transferring data from the screen display via the "clipboard";the other involves transfer of data into e-mail messages. Findings - The "clipboard" method is the simpler and more intuitive of the two and was used by the author to produce graphs, but the e-mail method could be advantageous where larger amounts of data have to be transferred. Practical implications Both of the methods are extremely tedious in use, and where data has to be transferred repeatedly, for instance in studies where repeated inspection of results in graphical form is needed, the solution would almost certainly be to choose a programming language other than javascript. Originality/value - The paper discusses what is believed to be a novel method of transfer of data using e-mail.
Including javascript code from many different hosts is a popular practice in developing web applications. For example, to include a social plugin like the Facebook Like button, a web developer needs to only include a ...
详细信息
ISBN:
(纸本)9781450367479
Including javascript code from many different hosts is a popular practice in developing web applications. For example, to include a social plugin like the Facebook Like button, a web developer needs to only include a script from *** in her/his web page. However, in a web browser, all the identifiers (i.e., variable names and function names) in scripts loaded in the same frame share a single global namespace. Therefore, a script can overwrite any of the global variables and/or global functions defined in another script, causing unexpected behavior. In this work, we develop a browser-based dynamic analysis framework, that monitors and records any writes to javascript global variables and global functions. Our tool is able to cover all the code executed in the run time. We detected 778 conflicts across the Alexa top 1K websites. Our results show that global name conflicts can indeed expose web applications to security risks.
Inline caches and hidden classes are two essential components for closing the performance gap between static languages such as Java, Scheme, or ML and dynamic languages such as javascript or Python. They rely on the o...
详细信息
ISBN:
(纸本)9781450371209
Inline caches and hidden classes are two essential components for closing the performance gap between static languages such as Java, Scheme, or ML and dynamic languages such as javascript or Python. They rely on the observation that for a particular object access located at a particular point of the program, the shapes, usually referred to as the hidden classes, of accessed objects are likely to be the same. Taking benefit of that invariant, they replace the expensive lookup the semantics of these languages normally demand with one test, the inline cache, and a memory read indexed by an offset computed during the last cache miss. These optimizations are essential but they are not general enough to cope with javascript's proxies. In particular, when the property name is itself unknown statically, inline cache-based optimizations always take a slow path. In this paper, we show how to generalize inline caches to cope with an unknown property name. The paper first discusses the general principle of the extension and then presents the experimental results we collected using a modified version of the Hop javascript compiler, demonstrating how the optimization is crucial for improving the performance of proxy objects (as they naturally use dynamic property names extensively). The evaluation report shows that the modified Hop outperforms all other implementations of the language, including the most efficient commercial ones, by a factor ranging from 2x to 100x. Even better, our optimizations are applicable to existing compilers as they require only straightforward changes to runtime data structures;no complex analyses are required.
The *** runtime has become a major platform for developers building cloud, mobile, or IoT applications using javascript. Since the javascript language is single threaded, *** programs must make use of asynchronous cal...
详细信息
ISBN:
(纸本)9781450355261
The *** runtime has become a major platform for developers building cloud, mobile, or IoT applications using javascript. Since the javascript language is single threaded, *** programs must make use of asynchronous callbacks and event loops managed by the runtime to ensure applications remain responsive. While conceptually simple, this programming model contains numerous subtleties and behaviors that are defined implicitly by the current *** implementation. This paper presents the first comprehensive formalization of the *** asynchronous execution model and defines a high-level notion of async-contexts to formalize fundamental relationships between asynchronous events in an application. These formalizations provide a foundation for the construction of static or dynamic program analysis tools, support the exploration of alternative *** event loop implementations, and provide a high-level conceptual framework for reasoning about relationships between the execution of asynchronous callbacks in a *** application.
Complex graphical user interfaces (GUIs) that support a large amount of user interaction require a fast response time, a rich set of building blocks for an esthetic look-and-feel, and a development environment that su...
详细信息
Complex graphical user interfaces (GUIs) that support a large amount of user interaction require a fast response time, a rich set of building blocks for an esthetic look-and-feel, and a development environment that supports ongoing change. On the World Wide Web, client-side technologies offer more of these features than do server-side solutions. Java and javascript are the two most popular languages used for client-side GUI implementations. Java implementations require a user to download a plug-in that contains a virtual machine to execute the Java byte-code. The installation and maintenance of this plug-in is sometimes an unsurmountable barrier to using Java. javascript lacks some of the desirable features of Java, such as easy to use object-oriented features and having a GUI class Library, but does not require a plug-in, We have enhanced javascript by implementing a new language Object-javascript (OJS) and by providing an OJS library of GUI components, thus making it a viable alternative to Java. Copyright (C) 2000 John Wiley & Sons, Ltd.
Nowadays, there are more and more hybrid apps appearing in the app market which contain native code and Web pages. In order to enhance the ability of javascript in the WebView, these apps expose methods that can be in...
详细信息
ISBN:
(纸本)9781509032051
Nowadays, there are more and more hybrid apps appearing in the app market which contain native code and Web pages. In order to enhance the ability of javascript in the WebView, these apps expose methods that can be invoked by javascript. However, when we study the communication from javascript to native code, we find a security issue that if the exposed methods finally invoke sensitive methods, such as SEND_SMS, getLastKnownLocation, and these exposed methods are called via unsafe connections, malicious code can be injected to perform sensitive operations without the user's consent. To automatically detect this vulnerability, we provide a hybrid system that contains both static and dynamic analysis modules. The static analysis discerns potential vulnerable apps and gathers information to guide the dynamic analysis while the dynamic analysis executes the app to verify whether the app is vulnerable or not. We use this system to test 400 most popular apps in the Google Play market and find that 43 apps are vulnerable.
暂无评论