Jalangi: a tool framework for concolic testing, selective record-replay, and dynamic analysis of JavaScript

Authors:
Koushik Sen;Swaroop Kalasapur;Tasneem Brutch;Simon Gibbs
Affiliations:
UC Berkeley, USA;Samsung Research, USA;Samsung Research, USA;Samsung Research, USA
Venue:
Proceedings of the 2013 9th Joint Meeting on Foundations of Software Engineering
Year:
2013

Citing 7
Cited 0

DART: directed automated random testing

Proceedings of the 2005 ACM SIGPLAN conference on Programming language design and implementation
CUTE: a concolic unit testing engine for C

Proceedings of the 10th European software engineering conference held jointly with 13th ACM SIGSOFT international symposium on Foundations of software engineering
Tracking bad apples: reporting the origin of null and undefined value errors

Proceedings of the 22nd annual ACM SIGPLAN conference on Object-oriented programming systems and applications
Ripley: automatically securing web 2.0 applications through replicated execution

Proceedings of the 16th ACM conference on Computer and communications security
Mugshot: deterministic capture and replay for Javascript applications

NSDI'10 Proceedings of the 7th USENIX conference on Networked systems design and implementation
Automated construction of JavaScript benchmarks

Proceedings of the 2011 ACM international conference on Object oriented programming systems languages and applications
Jalangi: a selective record-replay and dynamic analysis framework for JavaScript

Proceedings of the 2013 9th Joint Meeting on Foundations of Software Engineering

Quantified Score

Hi-index	0.00

Visualization

Abstract

We describe a tool framework, called Jalangi, for dynamic analysis and concolic testing of JavaScript programs. The framework is written in JavaScript and allows implementation of various heavy-weight dynamic analyses for JavaScript. Jalangi incorporates two key techniques: 1) selective record-replay, a technique which enables to record and to faithfully replay a user-selected part of the program, and 2) shadow values and shadow execution, which enables easy implementation of heavy-weight dynamic analyses such as concolic testing and taint tracking. Jalangi works through source-code instrumentation which makes it portable across platforms. Jalangi is available at https://github.com/SRA-SiliconValley/jalangi under Apache 2.0 license. Our evaluation of Jalangi on the SunSpider benchmark suite and on five web applications shows that Jalangi has an average slowdown of 26X during recording and 30X slowdown during replay and analysis. The slowdowns are comparable with slowdowns reported for similar tools, such as PIN and Valgrind for x86 binaries.