Gulfstream Staged Static Analysis for Streaming Java Script
![Safe Code Inclusion In Java. Script Runtime Enforcement Static Analysis • Conscript [Oakland 10]](https://slidetodoc.com/presentation_image_h2/7c9f1ebe71ba227dd1b399eaa1b97791/image-3.jpg "Safe Code Inclusion In Java. Script Runtime Enforcement Static Analysis • Conscript [Oakland 10]")
- Slides: 24
Gulfstream Staged Static Analysis for Streaming Java. Script Applications Salvatore Guarnieri University of Washington Ben Livshits Microsoft Research
Web application Web page Third Party Server widget. js 1
Safe Code Inclusion In Java. Script Runtime Enforcement Static Analysis • Conscript [Oakland 10] • Browser. Shield [OSDI 06] • Caja • Gatekeeper [USENIX Sec 09] • Staged Information flow for Java. Script [PLDI 09] Whole program analysis approaches require the entire program 2
3
Java. Script programs are streaming 4
Script Creation <HTML> <HEAD> <SCRIPT> function foo(){. . . } var f = foo; </SCRIPT> <SCRIPT> What does f function bar(){. . . } refer to? if (. . . ) f = bar; </SCRIPT> </HEAD> <BODY onclick="f(); ">. . . </BODY> </HTML> 5
Incremental Loading in Facebook 250 200 13 20 29 Profile 150 KB Inbox Friends 100 157 71% Home 50 0 6
Gulfstream In Action ✔ Offline ✔ Online 7
Outline • • Motivation Implementation Evaluation Conclusions 8
Queries • We want to determine something about the program • Example – What does f() refer to – Detect alert calls – Does this program use set. Timeout 9
Points-To Analysis • Provides deep program understanding • Can be used to construct call graphs • Is the foundation of further analyses • Answers a simple question: What heap locations does variable x point to 10
Points-To Example 11
Implementation Strategies Datalog with bddbddb Graph-based flow analysis + Fast for large programs + Highly tuned - Large startup cost - Difficult to implement in the browser + Very small startup cost + Customized to work with Gulfstream - Does not scale well • Used in Gatekeeper [USENIX Sec 09] 12
Implementation • Normalize Java. Script – Turn program into a series of simple statements – Introduce temporaries as necessary • Create flow graph – Use normalized program to generate flow constraints • Serialize flow graph – Encode the flow-graph so online analysis can use it to update results 13
Implementation Continued • Perform points-to analysis – Traverse flow graph to find all aliases – Follow flow through method boundaries – Generate points-to map for queries to use • Queries – Use points-to data and flow graph to answer queries 14
Evaluation • Question – Is Gulfstream faster than non-staged analysis • Benchmarks – Synthetically generated – Scraped from Google code – Scraped from Facebook • Simulate diverse environments – CPU speed and network properties – Cell phone, laptop, desktop, etc. 15
Laptop Running Time Comparison Gulfstream Full Analysis bddbddb 8 After 30 KB of updates, Gulfstream is no longer faster 7 Seconds 6 5 4 3 2 1 0 30 35 40 45 50 Total Page Size (KB) 55 60 65 16
Simulated Devices • Low power mobile • High power 17
Lessons Learned • Slow devices benefit from Gulfstream • A slow network can negate the benefits of the staged analysis • Large page updates don’t benefit from Gulfstream 18
Facebook Experiment • Visit 4 pages – Home – Friends – Inbox – Profile • Each page loads additional Java. Script 19
Gulfstream Savings: Slow Devices 350 300 Seconds 250 200 150 profile inbox friends home 100 50 0 20
Gulfstream Savings: Fast Devices 12 10 seconds saved 10 Seconds 8 6 4 profile inbox friends home 2 0 21
Conclusion • Gulfstream, staged analysis for Java. Script • Staged analysis – Offline on the server – Online in the browser • Wide range of experiments – For small updates, Gulfstream is faster – Devices with slow CPU benefit most 22
The End • Contact: salvatore. guarnieri@gmail. com 23