Industry widely uses unstructured merge tools that rely on textual analysis to detect and resolve conflicts between code contributions. Semistructured merge tools go further by partially exploring the syntactic struct...
详细信息
ISBN:
(纸本)9781728125084
Industry widely uses unstructured merge tools that rely on textual analysis to detect and resolve conflicts between code contributions. Semistructured merge tools go further by partially exploring the syntactic structure of code artifacts, and, as a consequence, obtaining significant merge accuracy gains for Java-like languages. To understand whether semistructured merge and the observed gains generalize to other kinds of languages, we implement two semistructured merge tools for javascript, and compare them to an unstructured tool. We find that current semistructured merge algorithms and frameworks are not directly applicable for scripting languages like javascript. By adapting the algorithms, and studying 10,345 merge scenarios from 50 javascript projects on GitHub, we find evidence that our javascript tools report fewer spurious conflicts than unstructured merge, without compromising the correctness of the merging process. The gains, however, are much smaller than the ones observed for Java-like languages, suggesting that semistructured merge advantages might be limited for languages that allow both commutative and non-commutative declarations at the same syntactic level.
Over the last few years, the complexity of web applications has increased to provide more dynamic web applications to users. The drawback of this complexity is the growing number of errors in the front-end application...
详细信息
Over the last few years, the complexity of web applications has increased to provide more dynamic web applications to users. The drawback of this complexity is the growing number of errors in the front-end applications. In this paper, we present an approach to provide self-healing for the web. We implemented this approach in two different tools: (i) BikiniProxy, an HTTP repair proxy, and (ii) BugBlock, a browser extension. They use five self-healing strategies to rewrite the buggy HTML and javascript code to handle errors in web pages. We evaluate BikiniProxy and BugBlock with a new benchmark of 555 reproducible javascript errors of which 31.76% can be automatically self-healed by BikiniProxy and 15.67% by BugBlock.
A key characteristic of modem web applications is their heavy reliance on client-side javascript libraries. They use the libraries to achieve interactivity, reactivity, and service composition. Instead of writing thei...
详细信息
A key characteristic of modem web applications is their heavy reliance on client-side javascript libraries. They use the libraries to achieve interactivity, reactivity, and service composition. Instead of writing their own, modem web applications developers, typically, use several third party javascript libraries to achieve such level of engagement. This poses a security risk of leaking private information to illegal channels. Tracking information flow is one known technique to address such concern. This paper presents a framework that inlines a hybrid flow sensitive security monitor for javascript. To our knowledge, our framework is the first in the literature to propose a hybrid flow-sensitive approach that targets javascript. Our approach operates as a source-to-source compiler (a transpiler), in which, the input is javascript source and the output is an instrumented version with the flow-sensitive security monitor inlined. Hence the output of our approach is portable javascript code that is not tied to a particular javascript engine. We start by presenting the hybrid flow-sensitive security monitor and its noninterference security property. Then we present the formalization of our inlining transpiler with respect to the hybrid monitor. We prove that the inlined version of the security monitor is observationally equivalent to the original version. Finally, we present and discuss the implementation of the inlining transpiler and assess empirically its security effectiveness and its efficiency with respect to un-instrumented code and to other implementations in the literature. (C) 2018 Elsevier Ltd. All rights reserved.
The increasing popularity of javascript has led to a variety of javascript frameworks that aim to help developers to address programming tasks. However, the number of javascript frameworks has risen rapidly to thousan...
详细信息
The increasing popularity of javascript has led to a variety of javascript frameworks that aim to help developers to address programming tasks. However, the number of javascript frameworks has risen rapidly to thousands of versions. It is challenging for practitioners to identify the frameworks that best fit their needs and to develop new ones which fit such needs. Furthermore, there is a lack of knowledge regarding what drives developers toward the choice. This paper explores the factors and actors that lead to the choice of a javascript framework. We conducted a qualitative interpretive study of semi-structured interviews. We interviewed 18 decision makers regarding the javascript framework selection, up to reaching theoretical saturation. Through coding of the interview responses, we offer a model of desirable javascript framework adoption factors. The factors are grouped into categories that are derived via the Unified Theory of Acceptance and Use of Technology. The factors are performance expectancy (performance, size), effort expectancy (automatization, learnability, complexity, understandability), social influence (competitor analysis, collegial advice, community size, community responsiveness), facilitating conditions (suitability, updates, modularity, isolation, extensibility), and price value. A combination of four actors, which are customer, developer, team, and team leader, leads to the choice. Our model contributes to the body of knowledge related to the adoption of technology by software engineers. As a practical implication, our model is useful for decision makers when evaluating javascript frameworks, as well as for developers for producing desirable frameworks.
The attacker injects malicious javascript into web pages to achieve the purpose of implanting Trojan horses, spreading viruses, phishing, and obtaining secret information. By analyzing the existing researches on malic...
详细信息
The attacker injects malicious javascript into web pages to achieve the purpose of implanting Trojan horses, spreading viruses, phishing, and obtaining secret information. By analyzing the existing researches on malicious javascript detection, a malicious javascript detection model based on LSTM (Long Short-Term Memory) is proposed. Features are extracted from the semantic level of bytecode, and the method of word vector is optimized. It can distinguish malicious javascript code and combat obfuscated code effectively. Experiments showed that the accuracy of detection model based on LSTM is 99.51%, and the F1-score is 98.37%, which is better than the existing model based on Random Forest and SVM algorithm.
暂无评论