We present VeRA, a system for verifying the range analysis pass in browser just-in-time (JIT) compilers. Browser developers write range analysis routines in a subset of C++, and verification developers write infrastru...
详细信息
ISBN:
(纸本)9781450376136
We present VeRA, a system for verifying the range analysis pass in browser just-in-time (JIT) compilers. Browser developers write range analysis routines in a subset of C++, and verification developers write infrastructure to verify custom analysis properties. Then, VeRA automatically verifies the range analysis routines, which browser developers can integrate directly into the JIT. We use VeRA to translate and verify Firefox range analysis routines, and it detects a new, confirmed bug that has existed in the browser for six years.
Eval endows javascript developers with great power. It allows developers and end-users, by turning text into executable code, to seamlessly extend and customize the behavior of deployed applications as they are runnin...
详细信息
Eval endows javascript developers with great power. It allows developers and end-users, by turning text into executable code, to seamlessly extend and customize the behavior of deployed applications as they are running. With great power comes great responsibility, though not in our experience. In previous work we demonstrated through a large corpus study that programmers wield that power in rather irresponsible and arbitrary ways. We showed that most calls to eval fall into a small number of very predictable patterns. We argued that those patterns could easily be recognized by an automated algorithm and that they could almost always be replaced with safer javascript idioms. In this paper we set out to validate our claim by designing and implementing a tool, which we call Evalorizer, that can assist programmers in getting rid of their unneeded evals. We use the tool to remove eval from a real-world website and validated our approach over logs taken from the top 100 websites with a success rate over 97% under an open world assumption.
Existing static analyzers for javascript use constant propagation domains to analyze strings. The simplicity of these domains results in a huge loss of precision when dealing with features such as dynamic property acc...
详细信息
ISBN:
(纸本)9781450365734
Existing static analyzers for javascript use constant propagation domains to analyze strings. The simplicity of these domains results in a huge loss of precision when dealing with features such as dynamic property access. This paper presents a string analysis for the full javascript language based on abstract interpretation. The analysis uses finite state automata to track all possible strings a variable might hold during execution. We present an empirical performance and precision evaluation on some javascript benchmarks and show that the analysis achieves a higher level of precision especially when handling dynamic property access.
In order to solve the problems of post-maintenance and resource-sharing for traditional courseware, as well as extracting information and distribution storing data problems for HTML online courseware, this paper initi...
详细信息
ISBN:
(纸本)9783642274510
In order to solve the problems of post-maintenance and resource-sharing for traditional courseware, as well as extracting information and distribution storing data problems for HTML online courseware, this paper initially proposed a design method of multimedia online courseware based on XMUL/XSLT and javascript using XML technologies. This article firstly introduced its design, architecture and development process;then described in detail the implementation of the online courseware with an example;finally stated the key technologies in the process of development. The courseware is a typical application of online courseware for autonomous learning. and its design idea being used can be a reference to other online curriculum.
In recent years, Lattice-based cryptography has attracted a high degree of attention in the cryptologic research community. It is expected to be in wide use in the foreseeable future once large quantum computers are i...
详细信息
ISBN:
(纸本)9781467397971
In recent years, Lattice-based cryptography has attracted a high degree of attention in the cryptologic research community. It is expected to be in wide use in the foreseeable future once large quantum computers are in sight. In addition, javascript is a standard programming language for Web applications. It is now supported on a wide variety of computing platforms and devices with immense efficiency improvement in the past few years. In this paper, we present the results of our javascript implementation of several Latticebased encryption schemes and show the speed performance on four common Web browsers on PC. Furthermore, we also show the performance on two smaller computing platforms, namely, tablets running the Android operating system, as well as Tessel, an embedded system equipped with an ARM Cortex-M3grade microcontroller. Our results demonstrate that some of today's Lattice-based cryptosystems can already have efficient javascript implementations and hence are ready for use on a growing list of javascript-enabled computing platforms.
javascript injection is inserting unwanted javascript into Web pages with the intent on violating the security and privacy standards of the Web pages. There are a number of techniques that have been developed for the ...
详细信息
ISBN:
(纸本)9781479947744
javascript injection is inserting unwanted javascript into Web pages with the intent on violating the security and privacy standards of the Web pages. There are a number of techniques that have been developed for the detection and prevention of javascript injection, and all have performance costs. While the performance issues of the javascript injection detection techniques have been mainly studied in running systems, we propose a simulation approach using UML SPT and JavaSim. The new approach not only reduces the cost for such analysis but also provides a framework for modeling injection detection techniques and analyzing the performance implications of design decisions.
Behavioral researchers are increasingly using Web-based software such as javascript to conduct response time experiments. Although there has been some research on the accuracy and reliability of response time measurem...
详细信息
Behavioral researchers are increasingly using Web-based software such as javascript to conduct response time experiments. Although there has been some research on the accuracy and reliability of response time measurements collected using javascript, it remains unclear how well this method performs relative to standard laboratory software in psychologically relevant experimental manipulations. Here we present results from a visual search experiment in which we measured response time distributions with both Psychophysics Toolbox (PTB) and javascript. We developed a methodology that allowed us to simultaneously run the visual search experiment with both systems, interleaving trials between two independent computers, thus minimizing the effects of factors other than the experimental software. The response times measured by javascript were approximately 25 ms longer than those measured by PTB. However, we found no reliable difference in the variability of the distributions related to the software, and both software packages were equally sensitive to changes in the response times as a result of the experimental manipulations. We concluded that javascript is a suitable tool for measuring response times in behavioral research.
javascript has become the most popular programming language for web front-end development. With such popularity, there is a great demand for thorough testing of client-side javascript web applications. In this paper, ...
详细信息
ISBN:
(纸本)9783031308253;9783031308260
javascript has become the most popular programming language for web front-end development. With such popularity, there is a great demand for thorough testing of client-side javascript web applications. In this paper, we present a novel approach to concolic testing of front-end javascript web applications. This approach leverages widely used javascript testing frameworks such as Jest and Puppeteer and conducts concolic execution on javascript functions in web applications for unit testing. The seamless integration of concolic testing with these testing frameworks allows injection of symbolic variables within the native execution context of a javascript web function and precise capture of concrete execution traces of the function under test. Such concise execution traces greatly improve the effectiveness and efficiency of the subsequent symbolic analysis for test generation. We have implemented our approach on Jest and Puppeteer. The application of our Jest implementation on Metamask, one of the most popular Crypto wallets, has uncovered 3 bugs and 1 test suite improvement, whose bug reports have all been accepted by Metamask developers on Github. We also applied our Puppeteer implementation to 21 Github projects and detected 4 bugs.
The Book of javascript teaches readers how to add interactivity, animation, and other tricks to their web sites with javascript. Rather than provide a series of cut-and-paste scripts, thau! takes the reader through a ...
详细信息
ISBN:
(纸本)1593271069
The Book of javascript teaches readers how to add interactivity, animation, and other tricks to their web sites with javascript. Rather than provide a series of cut-and-paste scripts, thau! takes the reader through a series of real world javascript code with an emphasis on understanding. Each chapter focuses on a few important javascript features, shows how professional web sites incorporate them, and takes readers through examples of how they might add those features to their own web sites. This thoroughly updated 2nd edition includes new chapters on Ajax, revised appendices, and new examples throughout. Summary sections and assignments close each chapter, making the book perfect for use in college courses or independent study. CD includes code and images for every example, answers to assignments, script libraries for hard-to-program applications, and many useful software programs.
Internet of Things is gaining research attention as one of the important fields that will affect our daily life vastly. Today, around us this revolutionary technology is growing and evolving day by day. This technolog...
详细信息
ISBN:
(纸本)9781509007745
Internet of Things is gaining research attention as one of the important fields that will affect our daily life vastly. Today, around us this revolutionary technology is growing and evolving day by day. This technology offers certain benefits like automatic processing, improved logistics and device communication that would help us to improve our social life, health, living standards and infrastructure. However, due to their simple architecture and presence on wide variety of fields they pose serious concern to security. Due to the low end architecture there are many security issues associated with IoT network devices. In this paper, we try to address the security issue by proposing javascript sandbox as a method to execute IoT program. Using this sandbox we also implement the strategy to control the execution of the sandbox while the program is being executed on it.
暂无评论