This study proposes a graphics rendering technique based on an ultra-lightweight javascript engine for resource-constrained embedded devices such as ESP32. The technique achieves efficient image rendering by integrati...
详细信息
ISBN:
(纸本)9798350386783;9798350386776
This study proposes a graphics rendering technique based on an ultra-lightweight javascript engine for resource-constrained embedded devices such as ESP32. The technique achieves efficient image rendering by integrating generic low-level interfaces. The paper investigates and designs a modular system architecture that improves performance through interpreted execution of javascript, just-in-time ( JIT) compilation, and optimized memory management, while supporting high concurrency and asynchronous I/O scheduling. Experimental evaluation shows that compared to traditional techniques, the system demonstrates significant advantages in graphics rendering speed, various types of graphics display, and resource efficiency. This study bridges the gap between the demand for high-quality graphical user interfaces (GUIs) and resource constraints in Internet of Things (IoT) devices to some extent.
Distributed learning based on javascript-based frontends is typically implemented at the endpoint to maximize performance. Yet, javascript-based frontends often experience suboptimal performance. To reconcile these di...
详细信息
Distributed learning based on javascript-based frontends is typically implemented at the endpoint to maximize performance. Yet, javascript-based frontends often experience suboptimal performance. To reconcile these disparities in performance between EDGE and endpoint deployments, strategic optimization is essential, particularly for preserving privacy in distributed learning. Real-time streaming optimizations are imperative to align the performance of disparate components for smooth integration. The reliance on javascript for various web functionalities can lead to increased resource consumption and slower page loads. Thus, we introduce a streamlined javascript engine designed to optimize structural patterns in javascript code, with three key enhancements. Firstly, we reduce the computational burden of the javascript engine necessary for setting up the browser's runtime environment. Secondly, we refine the parsing process for specific code patterns, boosting the efficiency of our lightweight engine. Thirdly, we streamline the Inter-Process Communication (IPC) to maintain high performance, even with limited memory resources. Our evaluations demonstrate that our approach reduces the median Total Computation Time (TCT) by 45.2%, and surpasses existing leading solutions, Siploader and Prepack, with improvements ranging from 1.13x to 1.39x.
Mutation-based fuzzing effectively discovers defects in JS engines. High-quality mutations are key for the performance of mutation-based fuzzers. The choice of the underlying representation (e.g., a sequence of tokens...
详细信息
ISBN:
(纸本)9798400706363
Mutation-based fuzzing effectively discovers defects in JS engines. High-quality mutations are key for the performance of mutation-based fuzzers. The choice of the underlying representation (e.g., a sequence of tokens, an abstract syntax tree, or an intermediate representation) defines the possible mutation space and subsequently influences the design of mutation operators. Current program representations in JS engine fuzzers center around abstract syntax trees and customized bytecode-level intermediate languages. However, existing efforts struggle to generate semantically valid and meaningful mutations, limiting the discovery of defects in JS engines. Our proposed graph-based intermediate representation, FlowIR, directly represents the JS control flow and data flow as the mutation target. FlowIR is essential for the implementation of powerful semantic mutation. It supports mutation operators at the data flow and control flow level, thereby expanding the granularity of mutation operators. Experimental results show that our method is more effective in discovering new bugs. Our prototype, FuzzFlow, outperforms state-of-the-art fuzzers in generating valid test cases and exploring code coverage. In our evaluation, we detected 37 new defects in thoroughly tested mainstream JS engines.
javascript (JS) engines are a core component of a lot of software, such as web browsers, PDF readers and flash players. There has been much research on finding JS engine vulnerabilities. However, due to the fact that ...
详细信息
ISBN:
(纸本)9781665488105
javascript (JS) engines are a core component of a lot of software, such as web browsers, PDF readers and flash players. There has been much research on finding JS engine vulnerabilities. However, due to the fact that a JS engine's input space is infinite and the vulnerability triggering conditions are extremely strict, it is difficult to generate test cases that are able to trigger deep logic errors in fuzzing. This paper aims to explore an approach which incorporates the human experience into fuzzing. We propose a Key-Operation-based Fuzzer (KOP-Fuzzer), to explore the type confusion vulnerabilities in JS engines. Based on human knowledge, we summarize a trigger model and extract key operations for type confusion vulnerabilities in JS engines. We use clustering to extract the key-operation methods from the engine's source code and develop a fuzzing system for key-operation mutation. Our experimental results demonstrate that the KOP-Fuzzer generates valid test cases with 1.5x fewer runtime errors, while also improving the edge coverage (2.082%) and key-operation coverage (6.452%), when compared with the state-of-the-art JS engine fuzzers. The KOP-Fuzzer discovered a total of 21 new bugs in ChakraCore and javascriptCore, where 16 of them are caused by the engine's incorrect handling of key operations and 5 of them are caused by type confusions.
Context: javascript is a prototype-based dynamic type scripting language. The correct running of a javascript program depends on the correctness of both the program and the javascript ***: An in-depth understanding of...
详细信息
Context: javascript is a prototype-based dynamic type scripting language. The correct running of a javascript program depends on the correctness of both the program and the javascript ***: An in-depth understanding of the characteristics of bugs in javascript engines can help detect and fix ***: We conduct an empirical study on the bugs in three mainstream javascript engines: V8, SpiderMonkey, and Chakra. Such an empirical study involves 19,019 bug reports, 16,437 revisions, 805 test cases, and root causes of randomly selected 540 ***: (1) The Compiler and the DOM are the most buggy component in V8 and SpiderMonkey, respectively. Most of the source files contain only one bug. (2) The scales of the testing programs that reveal bugs are usually small. Most bug fixes involve only limited modifications since the number of modified source files and lines of code modified are small. (3) Most bugs can be fixed within half a year (80.33% for V8 and 91.9% for SpiderMonkey). Only 4.33% of SpiderMonkey bugs need more than a year to fix. Bugs in SpiderMonkey are usually fixed faster than bugs in V8. (4) High priority tends to be assigned to Infrastructure bugs in V8 and Release Automation bugs in SpiderMonkey. The duration of bugs is not strictly correlated with their priorities. (5) Semantic bugs are the most common root causes of bugs. And among semantic bugs, the processing bugs, missing features bugs and function call bugs are more than ***: This study deepens our understanding of bugs in javascript engines, and empirical results could indicate some potential problems during the detecting and fixing of bugs in javascript engines, assist developers of javascript engines in improving their development quality, assist maintainers in detecting and fixing bugs more effectively, and suggest users of javascript evade potential risks.
javascript has significantly evolved, broadening its capabilities. However, the uptake of tail call optimization (TCO) remains limited, largely due to concerns about debugging difficulties and the potential increase i...
详细信息
javascript has significantly evolved, broadening its capabilities. However, the uptake of tail call optimization (TCO) remains limited, largely due to concerns about debugging difficulties and the potential increase in overall complexity. This paper highlights the compelling importance of tail calls within web applications, advocating for TCO as a means to boost performance and enhance memory efficiency. We present an innovative TCO technique that leverages the native stack within javascript engines, capitalizing on the native stack's inherent benefits over heap memory. This technique is carefully crafted to comply with diverse TCO standards, prioritizing simplicity and providing debugging features. We tackle the inherent challenges of TCO and successfully deploy our method in a lightweight javascript engine. Our approach is rigorously evaluated, proving its effectiveness and practicality. Notably, our implementation facilitates considerable memory savings for web applications, comparable to the maximum Resident Set Size (RSS), and achieves an average performance improvement of approximately 19.8% for algorithms that are heavily recursive. This research not only demonstrates the versatility and efficiency of our TCO strategy but also makes a significant contribution to the wider adoption and comprehension of TCO, thereby improving javascript engines' performance and memory management efficiency.
Reducing the loading time of a web app is important for better user experience. The loading time includes a large amount of javascript execution, often composed of the execution of the global code in the script tags f...
详细信息
ISBN:
(纸本)9781450362771
Reducing the loading time of a web app is important for better user experience. The loading time includes a large amount of javascript execution, often composed of the execution of the global code in the script tags followed by the execution of event handlers. One approach to accelerate the app loading is saving the already-loaded execution state of javascript objects in a file called the snapshot in advance. Then, we start an app by copying the objects in the snapshot to the javascript heap directly, instead of executing javascript code to create them. Unfortunately, existing works save only the execution state of the global code in the snapshot, not that of the event handlers. Also, the javascript code whose execution may change the DOM (Document Object Model) tree is not saved in the snapshot, limiting the coverage of the snapshot. In this paper, we introduce snapshot+, an extended version of the snapshot where we save the execution state of the event handlers as well as that of the global code. Unlike the global code whose execution order is statically determined, the event handlers have a more dynamic execution order, depending on the triggering order of the events and the registration order of the event handlers. This makes it somewhat complicated to decide when to create and restore the snapshot. Snapshot+ provides a new API for the app developer to specify and register the event handlers eligible for snapshot so that the browser can create and restore the snapshot at the right place automatically. Also, snapshot+ can save a changed DOM tree in a serialized HTML string and restore it during app loading, allowing the DOM-changing javascript executions to be saved in the snapshot. Our experimental results show that snapshot+ can improve the app loading time by 52% (AngularJS apps), 42% (Ext JS apps), 48% (jQuery apps), and 18% (MooTools apps), compared to the original snapshot.
javascript execution is heavily used during the loading of web apps, taking a substantial portion of the app loading time. To accelerate javascript execution, snapshot-based app loading has been proposed [5, 17]. We t...
详细信息
ISBN:
(纸本)9781450366748
javascript execution is heavily used during the loading of web apps, taking a substantial portion of the app loading time. To accelerate javascript execution, snapshot-based app loading has been proposed [5, 17]. We take a snapshot of the javascript objects in the heap at some point during app loading (which we call snapshot point) and save them in a file in advance. Then, we start app loading by copying the objects in the snapshot to the heap directly, skipping javascript execution to create those objects. One issue is that the javascript execution state at the snapshot point should be the same at every app loading. If javascript execution included in the snapshot is involved with some nondeterminism (e.g., use random function or current time/location), snapshot-based app loading might be inapplicable since the loaded state might differ each time. In this paper, we perform an empirical study for the nondeterministic behavior of web apps during app loading. The result shows that nondeterminism is used frequently, but its impact is small from the user's perspectives. Based on this observation, we propose two techniques that can increase the applicability of snapshot. First, we propose two types of snapshot point, which allows saving as much execution state as possible in the snapshot, just before the nondeterministic execution affects the user's perception. Second, we develop a tool to identify those snapshot points by static and dynamic analysis, so that the developer can easily identify them. Our experimental results show that the techniques can accelerate the app loading by 1.81 times, by applying the snapshot that would otherwise be inapplicable, achieving a performance comparable to that of a snapshot that completely ignores the nondeterminism issues.
javascript is a core language of web applications. As the most frequently used web language, it is used in more than 90% of web pages around the world. As a result, the performance of javascript engines becomes an imp...
详细信息
javascript is a core language of web applications. As the most frequently used web language, it is used in more than 90% of web pages around the world. As a result, the performance of javascript engines becomes an important issue. In order to increase the execution speed of web applications, many javascript engines are embedded in JIT (Just-in-time) Compiler. However, JIT compilers are required to execute and compile applications at the same time. Therefore, this technique has been hardly applicable to embedded systems, in which system resources are limited. In this paper, we present a reusing technique of JIT compiled code in the javascript engine to reduce compilation overhead. In order to reuse JIT compiled code, problems for runtime dependency in JIT compiled binary code must be resolved. We used a direct binary code patching method on Squirrel FisheXtreme (SFX) javascript engine of WebKit for the experiment. Through the experiment, we showed that the total compilation time of the modified SFX javascript engine was slightly increased up to 9.4% by saving codes, but the time was reduced up to 49%, averagely 44%, depending on web services when the code was reused.
Cross-Site Scripting (XSS) is one of the most common web application vulnerabilities. It is therefore sometimes referred to as the "buffer overflow of the web." Drawing a parallel from the current state of p...
详细信息
Cross-Site Scripting (XSS) is one of the most common web application vulnerabilities. It is therefore sometimes referred to as the "buffer overflow of the web." Drawing a parallel from the current state of practice in preventing unauthorized native code execution (the typical goal in a code injection), we propose a script whitelisting approach to tame javascript-driven XSS attacks. Our scheme involves a transparent script interception layer placed in the browser's javascript engine. This layer is designed to detect every script that reaches the browser, from every possible route, and compare it to a list of valid scripts for the site or page being accessed;scripts not on the list are prevented from executing. To avoid the false positives caused by minor syntactic changes (e.g., due to dynamic code generation), our layer uses the concept of contextual fingerprints when comparing scripts. Contextual fingerprints are identifiers that represent specific elements of a script and its execution context. Fingerprints can be easily enriched with new elements, if needed, to enhance the proposed method's robustness. The list can be populated by the website's administrators or a trusted third party. To verify our approach, we have developed a prototype and tested it successfully against an extensive array of attacks that were performed on more than 50 real-world vulnerable web applications. We measured the browsing performance overhead of the proposed solution on eight websites that make heavy use of javascript. Our mechanism imposed an average overhead of 11.1% on the execution time of the javascript engine. When measured as part of a full browsing session, and for all tested websites, the overhead introduced by our layer was less than 0.05%. When script elements are altered or new scripts are added on the server side, a new fingerprint generation phase is required. To examine the temporal aspect of contextual fingerprints, we performed a short-term and a long-term experiment
暂无评论