Gulfstream Staged Static Analysis for Streaming Java Script

Gulfstream Staged Static Analysis for Streaming Java. Script Applications Salvatore Guarnieri University of Washington Ben Livshits Microsoft Research

Web application Web page Third Party Server widget. js 1

Safe Code Inclusion In Java. Script Runtime Enforcement Static Analysis • Conscript [Oakland 10] • Browser. Shield [OSDI 06] • Caja • Gatekeeper [USENIX Sec 09] • Staged Information flow for Java. Script [PLDI 09] Whole program analysis approaches require the entire program 2

3

Java. Script programs are streaming 4

Script Creation <HTML> <HEAD> <SCRIPT> function foo(){. . . } var f = foo; </SCRIPT> <SCRIPT> What does f function bar(){. . . } refer to? if (. . . ) f = bar; </SCRIPT> </HEAD> <BODY onclick="f(); ">. . . </BODY> </HTML> 5

Incremental Loading in Facebook 250 200 13 20 29 Profile 150 KB Inbox Friends 100 157 71% Home 50 0 6

Gulfstream In Action ✔ Offline ✔ Online 7

Outline • • Motivation Implementation Evaluation Conclusions 8

Queries • We want to determine something about the program • Example – What does f() refer to – Detect alert calls – Does this program use set. Timeout 9

Points-To Analysis • Provides deep program understanding • Can be used to construct call graphs • Is the foundation of further analyses • Answers a simple question: What heap locations does variable x point to 10

Points-To Example 11

Implementation Strategies Datalog with bddbddb Graph-based flow analysis + Fast for large programs + Highly tuned - Large startup cost - Difficult to implement in the browser + Very small startup cost + Customized to work with Gulfstream - Does not scale well • Used in Gatekeeper [USENIX Sec 09] 12

Implementation • Normalize Java. Script – Turn program into a series of simple statements – Introduce temporaries as necessary • Create flow graph – Use normalized program to generate flow constraints • Serialize flow graph – Encode the flow-graph so online analysis can use it to update results 13

Implementation Continued • Perform points-to analysis – Traverse flow graph to find all aliases – Follow flow through method boundaries – Generate points-to map for queries to use • Queries – Use points-to data and flow graph to answer queries 14

Evaluation • Question – Is Gulfstream faster than non-staged analysis • Benchmarks – Synthetically generated – Scraped from Google code – Scraped from Facebook • Simulate diverse environments – CPU speed and network properties – Cell phone, laptop, desktop, etc. 15

Laptop Running Time Comparison Gulfstream Full Analysis bddbddb 8 After 30 KB of updates, Gulfstream is no longer faster 7 Seconds 6 5 4 3 2 1 0 30 35 40 45 50 Total Page Size (KB) 55 60 65 16

Simulated Devices • Low power mobile • High power 17

Lessons Learned • Slow devices benefit from Gulfstream • A slow network can negate the benefits of the staged analysis • Large page updates don’t benefit from Gulfstream 18

Facebook Experiment • Visit 4 pages – Home – Friends – Inbox – Profile • Each page loads additional Java. Script 19

Gulfstream Savings: Slow Devices 350 300 Seconds 250 200 150 profile inbox friends home 100 50 0 20

Gulfstream Savings: Fast Devices 12 10 seconds saved 10 Seconds 8 6 4 profile inbox friends home 2 0 21

Conclusion • Gulfstream, staged analysis for Java. Script • Staged analysis – Offline on the server – Online in the browser • Wide range of experiments – For small updates, Gulfstream is faster – Devices with slow CPU benefit most 22

The End • Contact: salvatore. guarnieri@gmail. com 23