检索结果-内蒙古大学图书馆

REUSE OF JIT COMPILED CODE BASED ON BINARY CODE PATCHING IN javascript engine

JOURNAL OF WEB engineERING 2012年第4期11卷 337-349页

作者： Jeon, Sanghoon Choi, Jaeyoung KT Innotz Seoul South Korea Soongsil Univ Seoul South Korea

javascript is a core language of web applications. As the most frequently used web language, it is used in more than 90% of web pages around the world. As a result, the performance of javascript engines becomes an important issue. In order to increase the execution speed of web applications, many javascript engines are embedded in JIT (Just-in-time) Compiler. However, JIT compilers are required to execute and compile applications at the same time. Therefore, this technique has been hardly applicable to embedded systems, in which system resources are limited. In this paper, we present a reusing technique of JIT compiled code in the javascript engine to reduce compilation overhead. In order to reuse JIT compiled code, problems for runtime dependency in JIT compiled binary code must be resolved. We used a direct binary code patching method on Squirrel FisheXtreme (SFX) javascript engine of WebKit for the experiment. Through the experiment, we showed that the total compilation time of the modified SFX javascript engine was slightly increased up to 9.4% by saving codes, but the time was reduced up to 49%, averagely 44%, depending on web services when the code was reused.

关键词： javascript engine JIT compiler binary code patching

来源：评论

学校读者我要写书评

暂无评论

Research and Design of Graphic Display Technology for Embedded Devices Based on Ultra-Lightweight javascript engine 5

Research and Design of Graphic Display Technology for Embedd...

引用

5th International Conference on Computer engineering and Application (ICCEA)

作者： Hu, Hongfei Xu, Yimei Liu, Yongheng Wan, Huijing Xian Eurasia Univ Sch Informat Technol Xian Peoples R China South China Univ Technol Sch Comp Sci & Engn Guangzhou Peoples R China

ISBN: (纸本)9798350386783;9798350386776

This study proposes a graphics rendering technique based on an ultra-lightweight javascript engine for resource-constrained embedded devices such as ESP32. The technique achieves efficient image rendering by integrating generic low-level interfaces. The paper investigates and designs a modular system architecture that improves performance through interpreted execution of javascript, just-in-time ( JIT) compilation, and optimized memory management, while supporting high concurrency and asynchronous I/O scheduling. Experimental evaluation shows that compared to traditional techniques, the system demonstrates significant advantages in graphics rendering speed, various types of graphics display, and resource efficiency. This study bridges the gap between the demand for high-quality graphical user interfaces (GUIs) and resource constraints in Internet of Things (IoT) devices to some extent.

关键词： Embedded Devices javascript engine Graphic Image Display Ultra-lightweight Generic Low-level Interface

来源：评论

学校读者我要写书评

暂无评论

Accelerating page loads via streamlining javascript engine for distributed learning

引用

INFORMATION SCIENCES 2024年 675卷

作者： Liang, Chen Wang, Guoyu Li, Ning Wang, Zuo Zeng, Weihong Xiao, Fu-an Tan, Yu-an Li, Yuanzhang Beijing Informat Sci & Technol Univ Sch Informat Management Beijing 102206 Peoples R China Beijing Inst Technol Sch Comp Sci Technol Beijing 100081 Peoples R China Wuhan Univ Sch Comp Sci Wuhan 430072 Peoples R China Guangzhou Univ Inst Artificial Intelligence Guangzhou 510006 Peoples R China

Distributed learning based on javascript-based frontends is typically implemented at the endpoint to maximize performance. Yet, javascript-based frontends often experience suboptimal performance. To reconcile these disparities in performance between EDGE and endpoint deployments, strategic optimization is essential, particularly for preserving privacy in distributed learning. Real-time streaming optimizations are imperative to align the performance of disparate components for smooth integration. The reliance on javascript for various web functionalities can lead to increased resource consumption and slower page loads. Thus, we introduce a streamlined javascript engine designed to optimize structural patterns in javascript code, with three key enhancements. Firstly, we reduce the computational burden of the javascript engine necessary for setting up the browser's runtime environment. Secondly, we refine the parsing process for specific code patterns, boosting the efficiency of our lightweight engine. Thirdly, we streamline the Inter-Process Communication (IPC) to maintain high performance, even with limited memory resources. Our evaluations demonstrate that our approach reduces the median Total Computation Time (TCT) by 45.2%, and surpasses existing leading solutions, Siploader and Prepack, with improvements ranging from 1.13x to 1.39x.

关键词： javascript engine Optimization Page loads

来源：评论

学校读者我要写书评

暂无评论

Fuzzing javascript engines with a Graph-based IR 24

Fuzzing JavaScript Engines with a Graph-based IR

引用

31st Conference on Computer and Communications Security

作者： Xu, Haoran Jiang, Zhiyuan Wang, Yongjun Fan, Shuhui Xu, Shenglin Xie, Peidai Fu, Shaojing Payer, Mathias NUDT Changsha Peoples R China Ecole Polytech Fed Lausanne Lausanne Switzerland

ISBN: (纸本)9798400706363

Mutation-based fuzzing effectively discovers defects in JS engines. High-quality mutations are key for the performance of mutation-based fuzzers. The choice of the underlying representation (e.g., a sequence of tokens, an abstract syntax tree, or an intermediate representation) defines the possible mutation space and subsequently influences the design of mutation operators. Current program representations in JS engine fuzzers center around abstract syntax trees and customized bytecode-level intermediate languages. However, existing efforts struggle to generate semantically valid and meaningful mutations, limiting the discovery of defects in JS engines. Our proposed graph-based intermediate representation, FlowIR, directly represents the JS control flow and data flow as the mutation target. FlowIR is essential for the implementation of powerful semantic mutation. It supports mutation operators at the data flow and control flow level, thereby expanding the granularity of mutation operators. Experimental results show that our method is more effective in discovering new bugs. Our prototype, FuzzFlow, outperforms state-of-the-art fuzzers in generating valid test cases and exploring code coverage. In our evaluation, we detected 37 new defects in thoroughly tested mainstream JS engines.

关键词： fuzzing javascript engine mutation control flow data flow

来源：评论

学校读者我要写书评

暂无评论

KOP-Fuzzer: A Key-Operation-based Fuzzer for Type Confusion Bugs in javascript engines 46

KOP-Fuzzer: A Key-Operation-based Fuzzer for Type Confusion ...

引用

46th Annual IEEE-Computer-Society International Computers, Software, and Applications Conference (COMPSAC) - Computers, Software, and Applications in an Uncertain World

作者： Sun, Lili Wu, Chenggang Wang, Zhe Kang, Yan Tang, Bowen Chinese Acad Sci Inst Comp Technol State Key Lab Comp Architecture Beijing Peoples R China Univ Chinese Acad Sci Beijing Peoples R China

ISBN: (纸本)9781665488105

javascript (JS) engines are a core component of a lot of software, such as web browsers, PDF readers and flash players. There has been much research on finding JS engine vulnerabilities. However, due to the fact that a JS engine's input space is infinite and the vulnerability triggering conditions are extremely strict, it is difficult to generate test cases that are able to trigger deep logic errors in fuzzing. This paper aims to explore an approach which incorporates the human experience into fuzzing. We propose a Key-Operation-based Fuzzer (KOP-Fuzzer), to explore the type confusion vulnerabilities in JS engines. Based on human knowledge, we summarize a trigger model and extract key operations for type confusion vulnerabilities in JS engines. We use clustering to extract the key-operation methods from the engine's source code and develop a fuzzing system for key-operation mutation. Our experimental results demonstrate that the KOP-Fuzzer generates valid test cases with 1.5x fewer runtime errors, while also improving the edge coverage (2.082%) and key-operation coverage (6.452%), when compared with the state-of-the-art JS engine fuzzers. The KOP-Fuzzer discovered a total of 21 new bugs in ChakraCore and javascriptCore, where 16 of them are caused by the engine's incorrect handling of key operations and 5 of them are caused by type confusions.

关键词： fuzzing software testing type confusion javascript engine

来源：评论

学校读者我要写书评

暂无评论

An empirical study on bugs in javascript engines

引用

INFORMATION AND SOFTWARE TECHNOLOGY 2023年 155卷

作者： Wang, Ziyuan Bu, Dexin Wang, Nannan Yu, Sijie Gou, Shanyi Sun, Aiyue Nanjing Univ Posts & Telecommun Sch Comp Sci & Technol Nanjing 210023 Peoples R China

Context: javascript is a prototype-based dynamic type scripting language. The correct running of a javascript program depends on the correctness of both the program and the javascript ***: An in-depth understanding of the characteristics of bugs in javascript engines can help detect and fix ***: We conduct an empirical study on the bugs in three mainstream javascript engines: V8, SpiderMonkey, and Chakra. Such an empirical study involves 19,019 bug reports, 16,437 revisions, 805 test cases, and root causes of randomly selected 540 ***: (1) The Compiler and the DOM are the most buggy component in V8 and SpiderMonkey, respectively. Most of the source files contain only one bug. (2) The scales of the testing programs that reveal bugs are usually small. Most bug fixes involve only limited modifications since the number of modified source files and lines of code modified are small. (3) Most bugs can be fixed within half a year (80.33% for V8 and 91.9% for SpiderMonkey). Only 4.33% of SpiderMonkey bugs need more than a year to fix. Bugs in SpiderMonkey are usually fixed faster than bugs in V8. (4) High priority tends to be assigned to Infrastructure bugs in V8 and Release Automation bugs in SpiderMonkey. The duration of bugs is not strictly correlated with their priorities. (5) Semantic bugs are the most common root causes of bugs. And among semantic bugs, the processing bugs, missing features bugs and function call bugs are more than ***: This study deepens our understanding of bugs in javascript engines, and empirical results could indicate some potential problems during the detecting and fixing of bugs in javascript engines, assist developers of javascript engines in improving their development quality, assist maintainers in detecting and fixing bugs more effectively, and suggest users of javascript evade potential risks.

关键词： Empirical study javascript engine Software bug SpiderMonkey Chakra V8

来源：评论

学校读者我要写书评

暂无评论

Tail Call Optimization Tailored for Native Stack Utilization in javascript Runtimes

引用

IEEE ACCESS 2024年 12卷 111801-111817页

作者： Park, Hyukwoo Kim, Seonghyun Samsung Seoul Res & Dev Campus Samsung Res Seoul 06765 South Korea

javascript has significantly evolved, broadening its capabilities. However, the uptake of tail call optimization (TCO) remains limited, largely due to concerns about debugging difficulties and the potential increase in overall complexity. This paper highlights the compelling importance of tail calls within web applications, advocating for TCO as a means to boost performance and enhance memory efficiency. We present an innovative TCO technique that leverages the native stack within javascript engines, capitalizing on the native stack's inherent benefits over heap memory. This technique is carefully crafted to comply with diverse TCO standards, prioritizing simplicity and providing debugging features. We tackle the inherent challenges of TCO and successfully deploy our method in a lightweight javascript engine. Our approach is rigorously evaluated, proving its effectiveness and practicality. Notably, our implementation facilitates considerable memory savings for web applications, comparable to the maximum Resident Set Size (RSS), and achieves an average performance improvement of approximately 19.8% for algorithms that are heavily recursive. This research not only demonstrates the versatility and efficiency of our TCO strategy but also makes a significant contribution to the wider adoption and comprehension of TCO, thereby improving javascript engines' performance and memory management efficiency.

关键词： Tail engines Runtime Optimization Standards Codes Memory management Code optimization compiler interpreter javascript javascript engine tail call optimization

来源：评论

学校读者我要写书评

暂无评论

How to Train Your Browser: Preventing XSS Attacks Using Contextual Script Fingerprints

引用

ACM TRANSACTIONS ON PRIVACY AND SECURITY 2016年第1期19卷 1–31页

作者： Mitropoulos, Dimitris Stroggylos, Konstantinos Spinellis, Diomidis Keromytis, Angelos D. Columbia Univ Dept Comp Sci 1214 Amsterdam Ave New York NY 10027 USA Athens Univ Econ & Business Dept Management Sci & Technol Patision 76 Athens 10434 Greece

Cross-Site Scripting (XSS) is one of the most common web application vulnerabilities. It is therefore sometimes referred to as the "buffer overflow of the web." Drawing a parallel from the current state of practice in preventing unauthorized native code execution (the typical goal in a code injection), we propose a script whitelisting approach to tame javascript-driven XSS attacks. Our scheme involves a transparent script interception layer placed in the browser's javascript engine. This layer is designed to detect every script that reaches the browser, from every possible route, and compare it to a list of valid scripts for the site or page being accessed;scripts not on the list are prevented from executing. To avoid the false positives caused by minor syntactic changes (e.g., due to dynamic code generation), our layer uses the concept of contextual fingerprints when comparing scripts. Contextual fingerprints are identifiers that represent specific elements of a script and its execution context. Fingerprints can be easily enriched with new elements, if needed, to enhance the proposed method's robustness. The list can be populated by the website's administrators or a trusted third party. To verify our approach, we have developed a prototype and tested it successfully against an extensive array of attacks that were performed on more than 50 real-world vulnerable web applications. We measured the browsing performance overhead of the proposed solution on eight websites that make heavy use of javascript. Our mechanism imposed an average overhead of 11.1% on the execution time of the javascript engine. When measured as part of a full browsing session, and for all tested websites, the overhead introduced by our layer was less than 0.05%. When script elements are altered or new scripts are added on the server side, a new fingerprint generation phase is required. To examine the temporal aspect of contextual fingerprints, we performed a short-term and a long-term experiment

关键词： Protection mechanisms javascript XSS javascript engine

来源：评论

学校读者我要写书评

暂无评论

Performance and Resource Analysis on the javascript Runtime for IoT Devices 16th

Performance and Resource Analysis on the JavaScript Runtime ...

引用

16th International Conference on Computational Science and Its Applications (ICCSA)

作者： Sin, Dongig Shin, Dongkun Sungkyunkwan Univ Dept Elect & Comp Engn Suwon South Korea

ISBN: (纸本)9783319420851

The light-weight javascript frameworks such as IoT. js, DukServer, and Smart. js provide the asynchronous event-driven javascript runtime for lowend IoT device. These frameworks are designed for memory-constrained systems such as IoT devices. To evaluate the performance of these frameworks, existing javascript benchmarks are not suitable considering that the use cases of IoT device are mainly to execute a simple task generating sensor and network I/O requests. In this paper, we propose several IoT workloads to evaluate the performance and memory overhead of IoT systems, and evaluate several light-weight javascript frameworks. In addition, we evaluated the effectiveness of multi-core system for javascript framework.

关键词： javascript engine Internet of Things Low-memory Server-side javascript framework Iot platform

来源：评论

学校读者我要写书评

暂无评论

Accelerating Web Application Loading with Snapshot of Event and DOM Handling 2019

Accelerating Web Application Loading with Snapshot of Event ...

引用

28th International Conference on Compiler Construction (CC)

作者： Yeo, JiHwan Oh, JinSeok Moon, Soo-Mook Seoul Natl Univ Seoul South Korea

ISBN: (纸本)9781450362771

Reducing the loading time of a web app is important for better user experience. The loading time includes a large amount of javascript execution, often composed of the execution of the global code in the script tags followed by the execution of event handlers. One approach to accelerate the app loading is saving the already-loaded execution state of javascript objects in a file called the snapshot in advance. Then, we start an app by copying the objects in the snapshot to the javascript heap directly, instead of executing javascript code to create them. Unfortunately, existing works save only the execution state of the global code in the snapshot, not that of the event handlers. Also, the javascript code whose execution may change the DOM (Document Object Model) tree is not saved in the snapshot, limiting the coverage of the snapshot. In this paper, we introduce snapshot+, an extended version of the snapshot where we save the execution state of the event handlers as well as that of the global code. Unlike the global code whose execution order is statically determined, the event handlers have a more dynamic execution order, depending on the triggering order of the events and the registration order of the event handlers. This makes it somewhat complicated to decide when to create and restore the snapshot. Snapshot+ provides a new API for the app developer to specify and register the event handlers eligible for snapshot so that the browser can create and restore the snapshot at the right place automatically. Also, snapshot+ can save a changed DOM tree in a serialized HTML string and restore it during app loading, allowing the DOM-changing javascript executions to be saved in the snapshot. Our experimental results show that snapshot+ can improve the app loading time by 52% (AngularJS apps), 42% (Ext JS apps), 48% (jQuery apps), and 18% (MooTools apps), compared to the original snapshot.

关键词： javascript engine Web framework Snapshot

来源：评论

学校读者我要写书评

暂无评论

建议与咨询留下您的常用邮箱和电话号码，以便我们向您反馈解决方案和替代方法

时间限定

文献类型

馆藏选择

核心期刊

语言

文献类型

帮助

文字说明：

检索规则说明：

检索范例：

分类表

所选分类

限定检索结果

文献类型

馆藏范围

日期分布

学科分类号

主题

机构

作者

语言

请选择保存的检索档案：

请选择收藏分类：

通借通还

建议与咨询 留下您的常用邮箱和电话号码，以便我们向您反馈解决方案和替代方法

时间限定

文献类型

馆藏选择

核心期刊

语言

文献类型

帮助

文字说明：

检索规则说明：

检索范例：

分类表

所选分类

限定检索结果

文献类型

馆藏范围

日期分布

学科分类号

主题

机构

作者

语言

请选择保存的检索档案： 新增检索档案 确定 取消

请选择收藏分类： 新增自定义分类 确定 取消

通借通还

建议与咨询留下您的常用邮箱和电话号码，以便我们向您反馈解决方案和替代方法

请选择保存的检索档案：

请选择收藏分类：