javascript程序的動(dòng)態(tài)行為分析外文翻譯(節(jié)選)_第1頁(yè)
已閱讀1頁(yè),還剩12頁(yè)未讀, 繼續(xù)免費(fèi)閱讀

下載本文檔

版權(quán)說明:本文檔由用戶提供并上傳,收益歸屬內(nèi)容提供方,若內(nèi)容存在侵權(quán),請(qǐng)進(jìn)行舉報(bào)或認(rèn)領(lǐng)

文檔簡(jiǎn)介

1、<p>  1800單詞,1萬英文字符,3600漢字</p><p>  出處:Richards G, Lebresne S, Burg B, et al. An analysis of the dynamic behavior of JavaScript programs[C]// Acm Sigplan Conference on Programming Language Design &

2、Implementation. ACM, 2010:1-12.</p><p>  An Analysis of the Dynamic Behavior of JavaScript Programs</p><p>  Gregor Richards Sylvain Lebresne Brian Burg Jan Vitek</p><p><b>

3、;  Abstract</b></p><p>  The JavaScript programming language is widely used for web programming and, increasingly, for general purpose computing. As such, improving the correctness, security and perfor

4、mance of JavaScript applications has been the driving force for research in type systems, static analysis and compiler techniques for this language. Many of these techniques aim to reign in some of the most dynamic featu

5、res of the language, yet little seems to be known about how programmers actually utilize the language or</p><p>  Keywords:Dynamic Behavior, Execution Tracing, Dynamic Metrics, Program Analysis, JavaScript&l

6、t;/p><p>  1. Introduction</p><p>  JavaScript is an object-oriented language designed in 1995 by Brendan Eich at Netscape to allow non-programmers to extend web sites with client-side executable c

7、ode. Unlike more traditional languages such as Java, C# or even Smalltalk, it does not have classes, and does not encourage encapsulation or even structured programming. Instead JavaScript strives to maximize flexibility

8、. JavaScript’s success is undeniable. As a data point, it is used by 97 out of the web’s 100 most popular sites.2 The l</p><p>  2. Motivation and Related Work</p><p>  The original impetus for

9、our interest in JavaScript was to assess the feasibility of a static type system able to successfully and meaningfully type check existing JavaScript programs. Other dynamic languages such as Scheme have had recent succe

10、ss introducing gradual typing systems, but they have stopped short of type checking object-oriented extensions (implemented by macros in Scheme). For JavaScript, Anderson et al. proposed a type system with definite and p

11、otential types, while Heidegger and</p><p>  Common Assumptions about the dynamic behavior of JavaScript.</p><p>  We proceed to enumerate the explicit and implicit assumptions that are commonly

12、 found in the literature and in implementations. </p><p>  1. The prototype hierarchy is invariant. The assumption that the prototype hierarchy does not change after an object is created is so central to the

13、 type system work that chose to not even model prototypes. Research on static analysis typically does not mention prototype updates. Yet, any modification to the prototype hierarchy can potentially impact the control flo

14、w graph of the application just as well as the types of affected objects.</p><p>  2. Properties are added at object initialization. Folklore holds that there is something akin to an “initialization phase” i

15、n dynamic languages where most of the dynamic activity occurs and after which the application is mostly static. For JavaScript this is embodied by the assumption that most changes to the fields and methods of objects occ

16、ur at initialization, and thus that it is reasonable to assign an almost complete type to objects at creation, leaving a small number of properties as poten</p><p>  3. Properties are rarely deleted. Removal

17、 of methods or fields is difficult to ccommodate in a type system as it permits nonmonotonic evolution of types that breaks subtyping guarantees usually enforced in modern typed languages. If deletion is an exceptional o

18、ccurrence (and one that can be predicted), one could use potential types for properties that may be deleted in the future. But, this would reduce the benefits of having a type.</p><p>  system in the first p

19、lace, which is probably why related work chooses to forbid it. Static analysis approaches are usually a bit more tolerant to imprecision and can handle deletes, but we have not found any explanation of its handling in ex

20、isting data flow analysis techniques. </p><p>  4. The use of eval is infrequent and does not affect semantics. The use of eval on arbitrary strings has the potential of invalidating any results obtained by

21、static analysis or static type checking. Thus many works simply ignore it, while other assume that uses are either trivial or related to deserialization using the JSON protocol . </p><p>  5. Declared functi

22、on signatures are indicative of types. Type systems for JavaScript typically assume that the declared arity of a function is representative of the way it will be invoked. This is not necessarily the case because JavaScri

23、pt allows</p><p>  calls with different arities.</p><p>  6. Program size is modest. Some papers justify very expensive analyses with the explicit assumption that handwritten JavaScript programs

24、 are small, and others implicitly rely on this as they present analyses which would not scale to large systems.</p><p>  7. Call-site dynamism is low. Some JavaScript implementations such as Google V8 rely o

25、n well-known implementation techniques to optimize JavaScript programs such as creating classes (in the Java sense) for objects and inline caches. These techniques will lead to good performance only if the behavior of Ja

26、vaScript is broadly similar to that of other object-oriented languages</p><p>  8. Execution time is dominated by hot loops. Trace-based Justin-time compilers such as Trace Monkey rely on the traditional ass

27、umption that execution time is dominated by small loops.</p><p>  9. Industry benchmarks are representative of JavaScript workloads. Standard enchmark suites such as SunSpider, Dromaeo and V8, are used to tu

28、ne and compare JavaScript implementations and to evaluate the accuracy of static analysis techniques. But conclusions obtained from use of those benchmarks are only meaningful if they accurately represent the range of Ja

29、vaScript workloads in the wild.</p><p>  The goal of this paper is to provide supporting evidence to either confirm or invalidate these assumptions. We are not disputing the validity of previous research, as

30、 even if a couple of the above assumptions proved to be unfounded, previous work can still serve as a useful starting point for handling full JavaScript. But we do want to highlight limitations to widespread adoption of

31、existing techniques and point to challenges that should be addressed in future research.</p><p>  Related Work. Until now, to the best of our knowledge, there has been no study of the dynamic behavior of Jav

32、aScript programs of comparable depth or breadth. Ratanaworabhan et al. have performed a similar study concurrently to our own, and its results are similar to ours. There have been studies of JavaScript’s dynamic behavior

33、 as it applies to security, but the behaviors studied were restricted to those particularly relevant to security. We conducted a small scale study of JavaScript and report</p><p>  3. Tracing and Analysis In

34、frastructure</p><p>  The tracing infrastructure developed for this paper is based on an instrumented version of the WebKit web browser engine integrated into Apple’s Safari browser. While there are standalo

35、ne interpreters available, they would not be able to deal with the mixture of DOM and AJAX that is commonplace in most Java Scriptenabled sites. For flexibility, analysis is performed offline. Our instrumented browser re

36、cords a trace containing most operations performed by the interpreter (reads, writes, deletes, </p><p>  4. Conclusion</p><p>  This paper has provided the first large-scale study of the runtime

37、 behavior of JavaScript programs. We have identified a set of representative real-world programs ranging in size from hundreds of kilobytes to megabytes, using an instrumented interpreter we have recorded multiple traces

38、 per site, and then with an offline analysis</p><p>  tool we have extracted behavioral information from the traces. We use this information to evaluate a list of nine commonly made assumptions about JavaScr

39、ipt programs. </p><p>  JavaScript程序的動(dòng)態(tài)行為分析</p><p><b>  摘要</b></p><p>  JavaScript編程語言是廣泛用于web編程的語言,也越來越多地用于特定目的的計(jì)算。因此,如何提高正確性、安全性和JavaScript應(yīng)用程序的性能就成為了推動(dòng)類型系統(tǒng)分析,靜態(tài)分析和編譯技

40、術(shù)研究等領(lǐng)域發(fā)展的動(dòng)力之一。許多這些技術(shù)都旨在研究在一些最具有動(dòng)態(tài)特性的語言,然而很少人會(huì)清楚的知道程序員是如何利用語言的這些特性。在本文中,我們將研究一些廣泛使用JavaScript程序的動(dòng)態(tài)行為,并分析如何以及為什么使用這些動(dòng)態(tài)特性。我們將根據(jù)這些JavaScript程序得出具體的動(dòng)態(tài)程度,并與目前參考文獻(xiàn)中使用的假定數(shù)據(jù)和通用工業(yè)標(biāo)準(zhǔn)中的數(shù)據(jù)進(jìn)行比較。</p><p>  關(guān)鍵詞:動(dòng)態(tài)行為;執(zhí)行跟蹤;動(dòng)態(tài)指

41、標(biāo);程序分析;JavaScript</p><p><b>  1、介紹 </b></p><p>  JavaScript是一種面向?qū)ο蟮恼Z言,它可以通過客戶端的可執(zhí)行代碼讓用戶實(shí)現(xiàn)和網(wǎng)站的交互,它是在1995年由Netscape公司的Brendan Eich設(shè)計(jì)出的。它不同于Java、C?;騍malltalk這些傳統(tǒng)語言,它不具有類,也不鼓勵(lì)封裝,甚至是結(jié)構(gòu)化

42、編程。與之對(duì)應(yīng)的是,JavaScript十分強(qiáng)調(diào)編程語言的靈活性。JavaScript的成功是不可否認(rèn)的。據(jù)相關(guān)數(shù)據(jù)顯示,當(dāng)前最流行的100個(gè)網(wǎng)站中有97個(gè)都使用了它.同時(shí),JavaScript語言還成為了許多辦公應(yīng)用、瀏覽器應(yīng)用以及開發(fā)環(huán)境等的通用計(jì)算平臺(tái)。它一直被譽(yù)為互聯(lián)網(wǎng)界的“匯編語言”,和Java以及Scheme語言類似,JavaScript需要代碼生成工具的解釋。由于這種成功,JavaScript的已經(jīng)贏得了學(xué)術(shù)界的重視和尊重

43、,而研究人員也開始將目光都集中在三個(gè)主要問題:安全性,正確性和性能。安全性可以說是JavaScript所要解決的最緊迫的問題:到目前為止,已經(jīng)發(fā)生了一些利用語言的動(dòng)態(tài)性能進(jìn)行惡意攻擊的案例(主要是能夠利用JavaScript訪問和修改共享文件的特點(diǎn),通過eval函數(shù)植入惡意代碼)。研究人員已經(jīng)提出</p><p><b>  2、動(dòng)機(jī)及相關(guān)工作</b></p><p>

44、;  我們最初研究JavaScript的動(dòng)力在于評(píng)估一個(gè)靜態(tài)類型的系統(tǒng)是否能成功的驗(yàn)證現(xiàn)有的JavaScript程序。其他動(dòng)態(tài)語言,如Scheme語言就成功的逐步應(yīng)用到了類型系統(tǒng)中,但是其他方面的進(jìn)展就相對(duì)有些停滯,比如缺乏有關(guān)面向?qū)ο蟮臄U(kuò)展的類型檢查(Scheme中用宏來實(shí)現(xiàn))。對(duì)于JavaScript,Anderson等人提出了一種具有明確類型和潛在類型的類型系統(tǒng),而Heidegger和Thiemann等人則把他們之前的工作向前推進(jìn)

45、了一步,加入了一些最新的類型,F(xiàn)urr等人則為DRuby提出了一種相關(guān)的系統(tǒng)。所有這些類型系統(tǒng)都可以接受目標(biāo)語言的一些簡(jiǎn)單的簡(jiǎn)化,但是他們要依靠相當(dāng)類似假設(shè)。舉例來說,Thiemann寫道:“通常情況下,在初始化后幾不會(huì)再定義其他的類型了,而且對(duì)象的類型也基本不會(huì)發(fā)生變化?!?lt;/p><p>  常見的關(guān)于JavaScript的動(dòng)態(tài)行為的假設(shè)。我們將在下文中繼續(xù)列舉一些被公開發(fā)表或約定俗成的假設(shè),這些假設(shè)已經(jīng)在參

46、考文獻(xiàn)和具體程序中得到了廣泛的應(yīng)用。</p><p>  1.prototype對(duì)象的層次結(jié)構(gòu)是不變的。在創(chuàng)建一個(gè)新對(duì)象時(shí),Prototype層次的結(jié)構(gòu)不會(huì)改變的假設(shè)對(duì)于一個(gè)類型系統(tǒng)的運(yùn)行是非常重要的,因此我們甚至不會(huì)選擇給出prototype對(duì)象的模型。關(guān)于靜態(tài)分析的研究很典型,通常它們不涉及到prototype的更新或變化,然而,任何關(guān)于prototype層次結(jié)構(gòu)的改變都有可能影響到應(yīng)用程序的控制流程,而那些

47、受到影響的對(duì)象的類型也會(huì)出現(xiàn)變數(shù)。</p><p>  2.在對(duì)象初始化時(shí)屬性被添加。大家一般都認(rèn)為,對(duì)于動(dòng)態(tài)語言來說,存在一個(gè)類似于“初始化階段”的時(shí)段,大部分的動(dòng)態(tài)行為在這個(gè)時(shí)段發(fā)生,而在這個(gè)時(shí)段后應(yīng)用程序大多都是靜態(tài)的。那么具體到JavaScript的情形,就是假設(shè)作用域和對(duì)象方法的大部分變化都是在初始化階段完成的,因此在創(chuàng)建對(duì)象時(shí)就已經(jīng)確定類型的大部分,只留有一小部分屬性待定這樣的方法就顯得合情合理了。&

48、lt;/p><p>  3.屬性很少被刪除。在一個(gè)類型系統(tǒng)中刪除方法或作用域是很難的,因?yàn)檫@樣一來就等于它允許了類型的發(fā)展非單調(diào),這會(huì)破壞現(xiàn)代類型語言中默認(rèn)執(zhí)行的子類型化保證。如果刪除的是一個(gè)特殊的情況(一個(gè)可以預(yù)測(cè)的情況),人們可以對(duì)這些未來可能被刪除的屬性使用一些潛在的類型。但是,這樣做會(huì)減少我們使用類型系統(tǒng)所帶來的好處,這可能是為什么一些相關(guān)的研究禁止這種做法的原因。靜態(tài)分析方法通常更能接受這種不嚴(yán)密的做法,也

49、可以對(duì)刪除做出處理,但我們到目前還沒有發(fā)現(xiàn)任何關(guān)于現(xiàn)有數(shù)據(jù)流分析技術(shù)的解釋。</p><p>  4.使用eval函數(shù)是罕見的而且不影響語義。Eval函數(shù)通常被用來計(jì)算任意字符串,它有可能使靜態(tài)分析或靜態(tài)類型檢查得到結(jié)果是無效的。因此,很多文獻(xiàn)就直接忽視了它,而另一些文獻(xiàn)則假定這些使用的影響是微不足道的,或者使用這些參考了JSON反序列化協(xié)議。</p><p>  5.已聲明函數(shù)的特征能夠

50、說明其類型。JavaScript 里的類型系統(tǒng)已經(jīng)聲明的函數(shù)的元數(shù)能夠說明它在調(diào)用時(shí)所使用的方法,當(dāng)然這種情況不是必須的,因?yàn)镴avaScript允許不同元數(shù)的調(diào)用。</p><p>  6.程序的大小是合適的。很多論文都花費(fèi)大量筆墨明確指出,他們假定所研究的JavaScript程序是一些小型的程序,而且另一些則暗示了這一點(diǎn),因?yàn)樗麄兿虼蠹医榻B說現(xiàn)有的理論分析不能擴(kuò)展到大型系統(tǒng)中去。</p><

51、;p>  7.調(diào)用現(xiàn)場(chǎng)的動(dòng)態(tài)行為很少。一些出色的JavaScript程序的完善和優(yōu)化,如谷歌的V8 ,需要依賴一些已經(jīng)成名的實(shí)現(xiàn)技術(shù),比如對(duì)象創(chuàng)建類(就像Java一樣)和內(nèi)聯(lián)緩存。如果JavaScript的行為大致類似于其它面向?qū)ο蟮恼Z言,這些技術(shù)會(huì)帶來良好的性能和使用效果。</p><p>  8.執(zhí)行時(shí)間主要由循環(huán)決定。一些基于跟蹤的即時(shí)編譯器,比如TraceMonkey等,它們工作的基礎(chǔ)就建立在程序的

52、執(zhí)行時(shí)間主要由小循環(huán)決定這個(gè)傳統(tǒng)的假設(shè)上。</p><p>  9.行業(yè)基準(zhǔn)能夠反映JavaScript的工作負(fù)荷。如SunSpider,Dromaeo和V8這樣的基準(zhǔn)測(cè)試平臺(tái)是用來評(píng)價(jià)和比較JavaScript的實(shí)現(xiàn)性能和計(jì)算靜態(tài)分析技術(shù)的準(zhǔn)確性的。但是,從使用這些基準(zhǔn)測(cè)試平臺(tái)得到的結(jié)論只有在一種情況下是有意義的,那就是它們能夠準(zhǔn)確地反映出在現(xiàn)實(shí)世界中運(yùn)行的JavaScript程序的工作負(fù)荷區(qū)間。</p&

53、gt;<p>  本文的目的是提供支持或否定以上假設(shè)的證據(jù)。我們不是要質(zhì)疑以前的研究成果的準(zhǔn)確性,即使上述假設(shè)的一部分是被證明毫無依據(jù)的,以前的研究成果仍然可以為我們研究JavaScript提供一個(gè)有用的基礎(chǔ)和出發(fā)點(diǎn)。但是我們想要強(qiáng)調(diào)這些已經(jīng)廣泛采用的現(xiàn)有技術(shù)的限制,并且指出在今后的研究中要面臨的挑戰(zhàn)。</p><p>  相關(guān)工作。到目前為止,據(jù)我們所知,還沒有可以在深度和廣度上具有相當(dāng)規(guī)模的Ja

54、vaScript程序的動(dòng)態(tài)行為的研究。Ratanaworabhan等人已經(jīng)進(jìn)行過和我們類似的研究,其最終結(jié)果也是和我們相似的。以前在javascript應(yīng)用到安全領(lǐng)域時(shí)也確實(shí)有一些關(guān)于其動(dòng)態(tài)行為的研究,但是那些研究只側(cè)重于和安全性緊密相關(guān)的部分。我們也曾進(jìn)行過一些小規(guī)模的JavaScript研究,并得出了一些初步結(jié)果Harland,這些結(jié)果與這里提出的最新研究結(jié)果也是相吻合的。Holkner和也曾就Python語言動(dòng)態(tài)特性的應(yīng)用進(jìn)行過研

55、究(添加和刪除作用域和方法),它們的研究重點(diǎn)集中在一系列小的程序上面,并得出了它們之間存在明確區(qū)別的結(jié)論。他們的研究表明,動(dòng)態(tài)特性中的大部分都出現(xiàn)在程序的初始化階段,而在程序的主要運(yùn)算階段,動(dòng)態(tài)行為就逐漸減少了。我們的研究結(jié)果表明,在應(yīng)用方面,JavaScript比Python更加動(dòng)態(tài)化。關(guān)于面向?qū)ο笳Z言在實(shí)時(shí)運(yùn)行中的特性研究也有很多,比如Garret等人研究了Self語言中信息發(fā)送的動(dòng)態(tài)程度,Calder等人則分析了C和C++程序運(yùn)行

56、中的差異,Temporo等人研究了Java中</p><p>  3、跟蹤和分析技術(shù)基礎(chǔ)</p><p>  本文對(duì)基礎(chǔ)結(jié)構(gòu)和跟蹤的研究是基于WebKit的網(wǎng)頁(yè)瀏覽器引擎的一個(gè)可以測(cè)量數(shù)據(jù)的版本,這個(gè)引擎現(xiàn)在被應(yīng)用到了Apple的Safari瀏覽器上。雖然有可用的獨(dú)立解釋程序,他們卻無法處理目前在大部分支持JavaScript的網(wǎng)站常見的DOM和AJAX技術(shù)。為了提高實(shí)驗(yàn)的靈活性,我們的分

57、析是在離線狀態(tài)下進(jìn)行的。我們的瀏覽器記錄下由解釋程序帶來的大部分操作(讀,寫,刪除,調(diào)用,定義等),同樣作為垃圾收集和源文件加載的事件也會(huì)被跟蹤。Eval函數(shù)觸發(fā)一個(gè)特定事件的情形和源文件加載的情形是相似的,而經(jīng)過計(jì)算的字符串也將被保存,并像程序執(zhí)行時(shí)的其他部分一樣被追蹤分析。已經(jīng)追蹤到的痕跡被壓縮并存儲(chǔ)到磁盤中。雖然它在執(zhí)行時(shí)有一些額外的開銷,但是我們用來測(cè)試的工具在運(yùn)行交互應(yīng)用時(shí)的速度并沒有受到影響,并且我們的用戶也沒有對(duì)性能有任何

58、的抱怨。然后我們?cè)陔x線狀態(tài)下分析了這些數(shù)據(jù),并將結(jié)果存儲(chǔ)在一個(gè)數(shù)據(jù)庫(kù)中進(jìn)行數(shù)據(jù)挖掘。離線痕跡分析組件實(shí)質(zhì)上是對(duì)抽象流的解釋。它是能夠重現(xiàn)這些痕跡的,并為相應(yīng)的JavaScript程序得出一個(gè)關(guān)于堆狀態(tài)的抽象解釋。痕跡分析儀中把包括了關(guān)于程序動(dòng)態(tài)行為的豐富的和可定制的歷史信息,比</p><p><b>  4、結(jié)論</b></p><p>  本文提供了第一個(gè)大規(guī)模的

溫馨提示

  • 1. 本站所有資源如無特殊說明,都需要本地電腦安裝OFFICE2007和PDF閱讀器。圖紙軟件為CAD,CAXA,PROE,UG,SolidWorks等.壓縮文件請(qǐng)下載最新的WinRAR軟件解壓。
  • 2. 本站的文檔不包含任何第三方提供的附件圖紙等,如果需要附件,請(qǐng)聯(lián)系上傳者。文件的所有權(quán)益歸上傳用戶所有。
  • 3. 本站RAR壓縮包中若帶圖紙,網(wǎng)頁(yè)內(nèi)容里面會(huì)有圖紙預(yù)覽,若沒有圖紙預(yù)覽就沒有圖紙。
  • 4. 未經(jīng)權(quán)益所有人同意不得將文件中的內(nèi)容挪作商業(yè)或盈利用途。
  • 5. 眾賞文庫(kù)僅提供信息存儲(chǔ)空間,僅對(duì)用戶上傳內(nèi)容的表現(xiàn)方式做保護(hù)處理,對(duì)用戶上傳分享的文檔內(nèi)容本身不做任何修改或編輯,并不能對(duì)任何下載內(nèi)容負(fù)責(zé)。
  • 6. 下載文件中如有侵權(quán)或不適當(dāng)內(nèi)容,請(qǐng)與我們聯(lián)系,我們立即糾正。
  • 7. 本站不保證下載資源的準(zhǔn)確性、安全性和完整性, 同時(shí)也不承擔(dān)用戶因使用這些下載資源對(duì)自己和他人造成任何形式的傷害或損失。

最新文檔

評(píng)論

0/150

提交評(píng)論