This study proposes a graphics rendering technique based on an ultra-lightweight javascript engine for resource-constrained embedded devices such as ESP32. The technique achieves efficient image rendering by integrati...
详细信息
ISBN:
(纸本)9798350386783;9798350386776
This study proposes a graphics rendering technique based on an ultra-lightweight javascript engine for resource-constrained embedded devices such as ESP32. The technique achieves efficient image rendering by integrating generic low-level interfaces. The paper investigates and designs a modular system architecture that improves performance through interpreted execution of javascript, just-in-time ( JIT) compilation, and optimized memory management, while supporting high concurrency and asynchronous I/O scheduling. Experimental evaluation shows that compared to traditional techniques, the system demonstrates significant advantages in graphics rendering speed, various types of graphics display, and resource efficiency. This study bridges the gap between the demand for high-quality graphical user interfaces (GUIs) and resource constraints in Internet of Things (IoT) devices to some extent.
Distributed learning based on javascript-based frontends is typically implemented at the endpoint to maximize performance. Yet, javascript-based frontends often experience suboptimal performance. To reconcile these di...
详细信息
Distributed learning based on javascript-based frontends is typically implemented at the endpoint to maximize performance. Yet, javascript-based frontends often experience suboptimal performance. To reconcile these disparities in performance between EDGE and endpoint deployments, strategic optimization is essential, particularly for preserving privacy in distributed learning. Real-time streaming optimizations are imperative to align the performance of disparate components for smooth integration. The reliance on javascript for various web functionalities can lead to increased resource consumption and slower page loads. Thus, we introduce a streamlined javascript engine designed to optimize structural patterns in javascript code, with three key enhancements. Firstly, we reduce the computational burden of the javascript engine necessary for setting up the browser's runtime environment. Secondly, we refine the parsing process for specific code patterns, boosting the efficiency of our lightweight engine. Thirdly, we streamline the Inter-Process Communication (IPC) to maintain high performance, even with limited memory resources. Our evaluations demonstrate that our approach reduces the median Total Computation Time (TCT) by 45.2%, and surpasses existing leading solutions, Siploader and Prepack, with improvements ranging from 1.13x to 1.39x.
javascript is a core language of web applications. As the most frequently used web language, it is used in more than 90% of web pages around the world. As a result, the performance of javascript engines becomes an imp...
详细信息
javascript is a core language of web applications. As the most frequently used web language, it is used in more than 90% of web pages around the world. As a result, the performance of javascript engines becomes an important issue. In order to increase the execution speed of web applications, many javascript engines are embedded in JIT (Just-in-time) Compiler. However, JIT compilers are required to execute and compile applications at the same time. Therefore, this technique has been hardly applicable to embedded systems, in which system resources are limited. In this paper, we present a reusing technique of JIT compiled code in the javascript engine to reduce compilation overhead. In order to reuse JIT compiled code, problems for runtime dependency in JIT compiled binary code must be resolved. We used a direct binary code patching method on Squirrel FisheXtreme (SFX) javascript engine of WebKit for the experiment. Through the experiment, we showed that the total compilation time of the modified SFX javascript engine was slightly increased up to 9.4% by saving codes, but the time was reduced up to 49%, averagely 44%, depending on web services when the code was reused.
javascript (JS) engines are a core component of a lot of software, such as web browsers, PDF readers and flash players. There has been much research on finding JS engine vulnerabilities. However, due to the fact that ...
详细信息
ISBN:
(纸本)9781665488105
javascript (JS) engines are a core component of a lot of software, such as web browsers, PDF readers and flash players. There has been much research on finding JS engine vulnerabilities. However, due to the fact that a JS engine's input space is infinite and the vulnerability triggering conditions are extremely strict, it is difficult to generate test cases that are able to trigger deep logic errors in fuzzing. This paper aims to explore an approach which incorporates the human experience into fuzzing. We propose a Key-Operation-based Fuzzer (KOP-Fuzzer), to explore the type confusion vulnerabilities in JS engines. Based on human knowledge, we summarize a trigger model and extract key operations for type confusion vulnerabilities in JS engines. We use clustering to extract the key-operation methods from the engine's source code and develop a fuzzing system for key-operation mutation. Our experimental results demonstrate that the KOP-Fuzzer generates valid test cases with 1.5x fewer runtime errors, while also improving the edge coverage (2.082%) and key-operation coverage (6.452%), when compared with the state-of-the-art JS engine fuzzers. The KOP-Fuzzer discovered a total of 21 new bugs in ChakraCore and javascriptCore, where 16 of them are caused by the engine's incorrect handling of key operations and 5 of them are caused by type confusions.
Mutation-based fuzzing effectively discovers defects in JS engines. High-quality mutations are key for the performance of mutation-based fuzzers. The choice of the underlying representation (e.g., a sequence of tokens...
详细信息
ISBN:
(纸本)9798400706363
Mutation-based fuzzing effectively discovers defects in JS engines. High-quality mutations are key for the performance of mutation-based fuzzers. The choice of the underlying representation (e.g., a sequence of tokens, an abstract syntax tree, or an intermediate representation) defines the possible mutation space and subsequently influences the design of mutation operators. Current program representations in JS engine fuzzers center around abstract syntax trees and customized bytecode-level intermediate languages. However, existing efforts struggle to generate semantically valid and meaningful mutations, limiting the discovery of defects in JS engines. Our proposed graph-based intermediate representation, FlowIR, directly represents the JS control flow and data flow as the mutation target. FlowIR is essential for the implementation of powerful semantic mutation. It supports mutation operators at the data flow and control flow level, thereby expanding the granularity of mutation operators. Experimental results show that our method is more effective in discovering new bugs. Our prototype, FuzzFlow, outperforms state-of-the-art fuzzers in generating valid test cases and exploring code coverage. In our evaluation, we detected 37 new defects in thoroughly tested mainstream JS engines.
Context: javascript is a prototype-based dynamic type scripting language. The correct running of a javascript program depends on the correctness of both the program and the javascript ***: An in-depth understanding of...
详细信息
Context: javascript is a prototype-based dynamic type scripting language. The correct running of a javascript program depends on the correctness of both the program and the javascript ***: An in-depth understanding of the characteristics of bugs in javascript engines can help detect and fix ***: We conduct an empirical study on the bugs in three mainstream javascript engines: V8, SpiderMonkey, and Chakra. Such an empirical study involves 19,019 bug reports, 16,437 revisions, 805 test cases, and root causes of randomly selected 540 ***: (1) The Compiler and the DOM are the most buggy component in V8 and SpiderMonkey, respectively. Most of the source files contain only one bug. (2) The scales of the testing programs that reveal bugs are usually small. Most bug fixes involve only limited modifications since the number of modified source files and lines of code modified are small. (3) Most bugs can be fixed within half a year (80.33% for V8 and 91.9% for SpiderMonkey). Only 4.33% of SpiderMonkey bugs need more than a year to fix. Bugs in SpiderMonkey are usually fixed faster than bugs in V8. (4) High priority tends to be assigned to Infrastructure bugs in V8 and Release Automation bugs in SpiderMonkey. The duration of bugs is not strictly correlated with their priorities. (5) Semantic bugs are the most common root causes of bugs. And among semantic bugs, the processing bugs, missing features bugs and function call bugs are more than ***: This study deepens our understanding of bugs in javascript engines, and empirical results could indicate some potential problems during the detecting and fixing of bugs in javascript engines, assist developers of javascript engines in improving their development quality, assist maintainers in detecting and fixing bugs more effectively, and suggest users of javascript evade potential risks.
javascript has significantly evolved, broadening its capabilities. However, the uptake of tail call optimization (TCO) remains limited, largely due to concerns about debugging difficulties and the potential increase i...
详细信息
javascript has significantly evolved, broadening its capabilities. However, the uptake of tail call optimization (TCO) remains limited, largely due to concerns about debugging difficulties and the potential increase in overall complexity. This paper highlights the compelling importance of tail calls within web applications, advocating for TCO as a means to boost performance and enhance memory efficiency. We present an innovative TCO technique that leverages the native stack within javascript engines, capitalizing on the native stack's inherent benefits over heap memory. This technique is carefully crafted to comply with diverse TCO standards, prioritizing simplicity and providing debugging features. We tackle the inherent challenges of TCO and successfully deploy our method in a lightweight javascript engine. Our approach is rigorously evaluated, proving its effectiveness and practicality. Notably, our implementation facilitates considerable memory savings for web applications, comparable to the maximum Resident Set Size (RSS), and achieves an average performance improvement of approximately 19.8% for algorithms that are heavily recursive. This research not only demonstrates the versatility and efficiency of our TCO strategy but also makes a significant contribution to the wider adoption and comprehension of TCO, thereby improving javascript engines' performance and memory management efficiency.
Cross-Site Scripting (XSS) is one of the most common web application vulnerabilities. It is therefore sometimes referred to as the "buffer overflow of the web." Drawing a parallel from the current state of p...
详细信息
Cross-Site Scripting (XSS) is one of the most common web application vulnerabilities. It is therefore sometimes referred to as the "buffer overflow of the web." Drawing a parallel from the current state of practice in preventing unauthorized native code execution (the typical goal in a code injection), we propose a script whitelisting approach to tame javascript-driven XSS attacks. Our scheme involves a transparent script interception layer placed in the browser's javascript engine. This layer is designed to detect every script that reaches the browser, from every possible route, and compare it to a list of valid scripts for the site or page being accessed;scripts not on the list are prevented from executing. To avoid the false positives caused by minor syntactic changes (e.g., due to dynamic code generation), our layer uses the concept of contextual fingerprints when comparing scripts. Contextual fingerprints are identifiers that represent specific elements of a script and its execution context. Fingerprints can be easily enriched with new elements, if needed, to enhance the proposed method's robustness. The list can be populated by the website's administrators or a trusted third party. To verify our approach, we have developed a prototype and tested it successfully against an extensive array of attacks that were performed on more than 50 real-world vulnerable web applications. We measured the browsing performance overhead of the proposed solution on eight websites that make heavy use of javascript. Our mechanism imposed an average overhead of 11.1% on the execution time of the javascript engine. When measured as part of a full browsing session, and for all tested websites, the overhead introduced by our layer was less than 0.05%. When script elements are altered or new scripts are added on the server side, a new fingerprint generation phase is required. To examine the temporal aspect of contextual fingerprints, we performed a short-term and a long-term experiment
javascript is a dynamic language mainly used as a client-side web script. Nowadays, web is evolving into an application platform with its web apps, and javascript increasingly undertakes complex computations and inter...
详细信息
javascript is a dynamic language mainly used as a client-side web script. Nowadays, web is evolving into an application platform with its web apps, and javascript increasingly undertakes complex computations and interactive user interfaces, requiring a high-performance javascript engine. There have been many optimizations for efficient javascript engines, but one component that has not been optimized much is javascript parsing. A javascript function needs to be parsed before being executed, and the parsing overhead takes a substantial portion of javascript execution time for web apps, especially during app loading. This article proposes concurrent parsing of javascript, which performs the parsing of javascript functions in advance on different threads, while the main thread is executing the parsed javascript functions. This can hide the parsing overhead from the main execution thread, reducing the javascript execution time, thus reducing the overall app loading time. More specifically, we separated javascript parsing and made it run on different threads without violating the execution semantics of javascript. We also designed an efficient multi-threaded parsing architecture, which reduces the synchronization overhead and schedules the parsing requests appropriately. Finally, we explored two methods of choosing the target functions for concurrent parsing: one based on profiled information and the other based on speculative heuristics. We performed experiments on theWebKit browser with the JSC engine for real web apps. The result shows that the proposed concurrent parsing can improve the javascript performance during app loading by as much as 64% and by 39.7% on average. This improves the whole app loading performance tangibly, by as much as 32.7% and by 18.2%, on average.
The light-weight javascript frameworks such as IoT. js, DukServer, and Smart. js provide the asynchronous event-driven javascript runtime for lowend IoT device. These frameworks are designed for memory-constrained sys...
详细信息
ISBN:
(纸本)9783319420851
The light-weight javascript frameworks such as IoT. js, DukServer, and Smart. js provide the asynchronous event-driven javascript runtime for lowend IoT device. These frameworks are designed for memory-constrained systems such as IoT devices. To evaluate the performance of these frameworks, existing javascript benchmarks are not suitable considering that the use cases of IoT device are mainly to execute a simple task generating sensor and network I/O requests. In this paper, we propose several IoT workloads to evaluate the performance and memory overhead of IoT systems, and evaluate several light-weight javascript frameworks. In addition, we evaluated the effectiveness of multi-core system for javascript framework.
暂无评论