Factors and actors leading to the adoption of a JavaScript framework

The increasing popularity of JavaScript has led to a variety of JavaScript frameworks that aim to help developers to address programming tasks. However, the number of JavaScript frameworks has risen rapidly to thousands of versions. It is challenging for practitioners to identify the frameworks that best fit their needs and to develop new ones which fit such needs. Furthermore, there is a lack of knowledge regarding what drives developers toward the choice. This paper explores the factors and actors that lead to the choice of a JavaScript framework. We conducted a qualitative interpretive study of semi-structured interviews. We interviewed 18 decision makers regarding the JavaScript framework selection, up to reaching theoretical saturation. Through coding of the interview responses, we offer a model of desirable JavaScript framework adoption factors. The factors are grouped into categories that are derived via the Unified Theory of Acceptance and Use of Technology. The factors are performance expectancy (performance, size), effort expectancy (automatization, learnability, complexity, understandability), social influence (competitor analysis, collegial advice, community size, community responsiveness), facilitating conditions (suitability, updates, modularity, isolation, extensibility), and price value. A combination of four actors, which are customer, developer, team, and team leader, leads to the choice. Our model contributes to the body of knowledge related to the adoption of technology by software engineers. As a practical implication, our model is useful for decision makers when evaluating JavaScript frameworks, as well as for developers for producing desirable frameworks.     

Lightweight migration for web applications with framework separation

Web applications (apps) are programs created by web technologies such as HTML, CSS, and JavaScript. Web apps can be executed on any platform that supports a web browser. Such portability allows an interesting user experience called app migration, which can save an app's execution state to a file called snapshot, transmit it to another device, and continue the execution using the snapshot. However, existing approaches save all the states of the current app, regardless of its relevance to an app's state, making the snapshot size and snapshot creation time infeasibly large. For example, web apps are often programmed using web frameworks such as jQuery, which are libraries written in JavaScript to support app developments. We found that most objects created by frameworks during their initialization are not relevant to an app's state. Hence, one idea to reduce the snapshot size is not saving those framework objects in the snapshot but creating them after migration via re‐initialization. Unfortunately, this is not always straightforward since the framework objects are intermingled with the app objects in the heap, possibly pointing to each other. To resolve this, we separated app objects that are attached to framework objects by monitoring app's execution and saved them to the snapshot. This paper proposes such a framework separated migration technique, with optimization to reduce the overhead, especially related to monitoring app's execution. With our approach, we could reduce the snapshot size by 89.1% on average and shorten the migration time by 47.6%, increasing the feasibility of app migration.     

A multi-tier semantics for Hop

Hop is a multi-tier programming language where the behavior of interacting servers and clients are expressed by a single program. Hop adheres to the standard web programming style where servers elaborate HTML pages containing JavaScript code. This JavaScript code responds locally to user’s interactions but also (following the so-called Ajax style) requests services from remote servers. These services bring back new HTML fragments containing additional JavaScript code replacing or modifying the state of the client. This paper presents a continuation-based denotational semantics for a sequential subset of Hop. Though restricted to a single server and a single client, this semantics takes into account the key feature of Hop namely that the server elaborates client code to be run in the client’s browser. This new client-code dynamically requests services from the server which, again, elaborate new client code to be run in the client’s browser. This semantics details the programming model advocated by Hop and provides a sound basis for future studies such as security of web applications and web continuations.     

Detection of shellcodes in drive-by attacks using kernel machines

In this paper, we propose a light-weight framework using kernel machines for the detection of shellcodes used in drive-by download attacks. As the shellcodes are passed in webpages as JavaScript strings, we studied the effectiveness of the proposed approach on about 9850 shellcodes and 10000 JavaScript strings collected from the wild. Our analysis shows that the trained SVMs (Support Vector Machines) classified with an accuracy of over 99 %. Our evaluation of the trained SVM models with different proportions of training datasets proved to perform consistently with an average accuracy of 99.51 % and the proposed static approach proved to be effective against detecting even the polymorphic shellcode variants. The performance of our approach was compared to an emulation based approach and observed that our approach performed with slightly better accuracies by consuming about 33 % of the time consumed by the emulation based approach.     

Static analysis of JavaScript libraries in a scalable and precise way using loop sensitivity

Statically analyzing JavaScript applications often requires an analysis of JavaScript libraries because many JavaScript applications use libraries. However, static analysis techniques for JavaScript are not yet ready for analyzing libraries in a scalable and precise manner. Simply loading JavaScript libraries uses various dynamic features of JavaScript, which cause static analyzers to suffer from mutually intermingled problems of scalability and imprecision. In this paper, we present a loop‐sensitive analysis (LSA) technique, which can improve the analysis scalability when analyzing JavaScript libraries by enhancing the analysis precision of loops. The LSA technique distinguishes loop iterations when loop conditions can be determined to be either true or false precisely. We formalize LSA in the abstract interpretation framework in the presence of tricky language features such as exceptions and prove its soundness and precision theorems using Coq. We evaluate our LSA implementation with the analysis results of programs that use 5 JavaScript libraries and show that LSA significantly improves the analysis scalability and precision of an existing JavaScript static analyzer when analyzing JavaScript libraries. In addition, using the configurability of LSA, we experimentally show the correlation between scalability and precision in the analysis of JavaScript libraries. We found that even the analysis of simple programs that just load jQuery, which is the most popular JavaScript library, in a scalable way requires distinguishing not only the last 4 functions being called but also 40 iterations in each loop with 2‐level nested loops at least. Both the mechanization and implementation of LSA are publicly available.     

子树类型敏感的JavaScript引擎灰盒测试技术

JavaScript引擎是浏览器的重要组成部分,很多攻击都针对JavaScript引擎发起,业界对面向JavaScript引擎的漏洞挖掘技术一直展现出强烈的需求.本文提出一种面向JavaScript引擎的子树类型敏感灰盒测试技术,并且实现了系统ILS,在路径反馈的模糊测试框架上,通过对JavaScript代码的语法分析...     

A core stateless bandwidth broker architecture for scalable support of guaranteed services

We present a novel bandwidth broker architecture for scalable support of guaranteed services that decouples the QoS control plane from the packet forwarding plane. More specifically, under this architecture, core routers do not maintain any QoS reservation states, whether per-flow or aggregate. Instead, the QoS reservation states are stored at and managed by a bandwidth broker. There are several advantages of such a bandwidth broker architecture. Among others, it avoids the problem of inconsistent QoS states faced by the conventional hop-by-hop, distributed admission control approach. Furthermore, it allows us to design efficient admission control algorithms without incurring any overhead at core routers. The proposed bandwidth broker architecture is designed based on a core stateless virtual time reference system developed recently. This virtual time reference system provides a unifying framework to characterize, in terms of their abilities to support delay guarantees, both the per-hop behaviors of core routers and the end-to-end properties of their concatenation. We focus on the design of efficient admission control algorithms under the proposed bandwidth broker architecture. We consider both per-flow end-to-end guaranteed delay services and class-based guaranteed delay services with flow aggregation. Using our bandwidth broker architecture, we demonstrate how admission control can be done on a per domain basis instead of on a "hop-by-hop" basis. Such an approach may significantly reduce the complexity of the admission control algorithms. In designing class-based admission control algorithms, we investigate the problem of dynamic flow aggregation in providing guaranteed delay services and devise a new apparatus to effectively circumvent this problem. We conduct detailed analyses to provide theoretical underpinning for our schemes as well as to establish their correctness. Simulations are also performed to demonstrate the efficacy of our schemes.     

JavaScript框架jQuery和ExtJS的对比研究

随着Web 2.0时代的到来,Web应用程序越来越强调丰富的用户体验。而这恰恰主要通过客户端大量的JavaScript来提供友好的交互,于是如何选择一个方便有效的JavaScript框架进行开发便成为一个大家关注的问题。通过比较目前流行的两种JavaScript框架(jQuery和ExtJS),分析各自优缺点,以期为Web开发者选择合适的JavaScript框架提供帮助。     

JavaScript框架jQuery和ExtJS的对比研究

随着Web 2.0时代的到来,Web应用程序越来越强调丰富的用户体验。而这恰恰主要通过客户端大量的JavaScript来提供友好的交互,于是如何选择一个方便有效的JavaScript框架进行开发便成为一个大家关注的问题。通过比较目前流行的两种JavaScript框架（jQuery和ExtJS）,分析各自优缺点,以期为Web开发者选择合适的JavaScript框架提供帮助。     

Scalable framework for parsing: from Fortress to JavaScript

Programming languages grow over time that requires frequent changes in language manipulations such as compilation, interpretation, and analysis. Because the very first step of most language manipulations is parsing, whether parsing can adapt to changes easily, quickly, and correctly, it affects the scalability of language manipulations. Even though various parsing techniques have been well studied theoretically, their practical experiences in scalable frameworks have not been available. In this paper, we present our experiences with parsing in scalable frameworks. We first describe our trials and errors using various parsing techniques in developing parsers for the Fortress programming language. Because Fortress was a scientific language under development, its mathematical and growable syntax introduced new challenges in parsing. We summarize the lessons learned from parsing Fortress, and we share our experience of applying the lessons to parsing the JavaScript programming language. While JavaScript is one of the most widely used languages, JavaScript itself and its diverse variants keep extending its syntax, and the extremely dynamic features of JavaScript also add new challenges in parsing. Using automatic generation tools and methods like staged parsing and automatic extraction and testing of examples in language specifications, our methodology for scalable parsing has shown to be very effective in practice. Copyright © 2015 John Wiley & Sons, Ltd.     

Byte code level cross-compilation for developing web applications

JavaScript provides the technological foundation of Web 2.0 applications. AJAX (Asynchronous JavaScript And XML) applications have received wide-spread attention as a new way to develop highly interactive web applications. Breaking with the complete-page-reload paradigm of traditional web applications, AJAX applications rival desktop applications in their look-and-feel. But AJAX places a high burden on a web developer requiring extensive JavaScript knowledge as well as other advanced client-side technologies. In this paper, we introduce a technique that allows a developer to implement an application in Java or any.NET language and then automatically cross-compile it to an AJAX-enabled web application.     

Weakly sensitive analysis for JavaScript object-manipulating programs

While JavaScript programs have become pervasive in web applications, they remain hard to reason about. In this context, most static analyses for JavaScript programs require precise call graph information, since the presence of large numbers of spurious callees significantly deteriorates precision. One of the most challenging JavaScript features that complicate the inference of precise static call graph information is read/write accesses to object fields, the names of which are computed at runtime. JavaScript framework libraries often exploit this facility to build objects from other objects, as a way to simulate sophisticated high-level programming constructions. Such code patterns are difficult to analyze precisely, due to weak updates and limitations of unrolling techniques. In this paper, we observe that precise field origination relations can be inferred by locally reasoning about object copies, both regarding to the object and to the program structure, and we propose an abstraction that allows to separately reason about field read/write access patterns working on different fields and to carefully handle the sets of JavaScript object fields. We formalize and implement an analysis based on this technique. We evaluate the performance and precision of the analysis on the computation of call graph information for examples from jQuery tutorials.     

一种基于REST的分布式地理资源聚合系统

Mashup是一种新型Web应用,指多种不同类型资源的组合重用。针对此,提出采用REST(Representational State Trans-fer)风格面向服务架构,结合JavaScript API、AJAX技术,实现分布式地理资源的Mashup,并构建了上海市绿地社会服务功能分析原型系统。研究表明,该方法可为用户提供良好的分布式地理资源在线聚合体验,更重要的是将简单地理处理资源组合为资源链完成复杂地理处理功能,节约了开发成本。     

Estimating the coverage of the framework application reusable cluster-based test cases

Object-oriented frameworks support both software code and design reusability. In addition, it is found that providing class-based tests with the framework reduces considerably the class-based testing time and effort of the applications developed using the frameworks. Similarly, reusable cluster-based test cases can be generated using the framework hooks, and they, too, can be provided with the framework to reduce the cluster testing time and effort of the framework applications.In this paper, we introduce a methodology to estimate the possible coverage of the cluster-based reusable test cases for framework applications prior to suggesting and applying a specific technique to produce the test cases. An experimental case study is conducted to demonstrate the practical issues in applying the introduced methodology and to give insights on the possible coverage of the framework reusable cluster-based test cases. The results of applying the methodology on five framework applications show that, on average, the reusable cluster-based test cases cover at least one-third of the cluster testing areas of the interface classes created during the framework application engineering stage.     

Implementing a performant scheme interpreter for the web in asm.js

This paper presents the implementation of an efficient interpreter for a Scheme-like language using manually written asm.js code. The asm.js specification defines an optimizable subset of JavaScript that has already served well as a compilation target for web applications where performance is critical. However, its usage as a human-writable language that can be integrated into existing projects to improve performance has remained largely unexplored. We therefore apply this strategy to optimize the implementation of an interpreter. We also discuss the feasibility of this approach, as writing asm.js by hand is generally not its recommended use-case. We therefore present a macro system to solve the challenges we encounter. The resulting interpreter is compared to the original C implementation and its compiled equivalent in asm.js. This way, we evaluate whether manual integration with asm.js provides the necessary performance to bring larger applications and runtimes to the web. We also refactor our implementation to assess how more JavaScript code can cohabit with asm.js code, improving maintainability of the implementation while preserving near-native performance. In the case of our interpreter, this improved maintainability enables adding more complex optimizations. We investigate the addition of function inlining, for which we validate the performance gain.     

Portable and Efficient Implementation of CRYSTALS-Kyber Based on WebAssembly

With the rapid development of quantum computers capable of realizing Shor’s algorithm, existing public key-based algorithms face a significant security risk. Crystals-Kyber has been selected as the only key encapsulation mechanism (KEM) algorithm in the National Institute of Standards and Technology (NIST) Post-Quantum Cryptography (PQC) competition. In this study, we present a portable and efficient implementation of a Crystals-Kyber post-quantum KEM based on WebAssembly (Wasm), a recently released portable execution framework for high-performance web applications. Until now, most Kyber implementations have been developed with native programming languages such as C and Assembly. Although there are a few previous Kyber implementations based on JavaScript for portability, their performance is significantly lower than that of implementations based on native programming languages. Therefore, it is necessary to develop a portable and efficient Kyber implementation to secure web applications in the quantum computing era. Our Kyber software is based on JavaScript and Wasm to provide portability and efficiency while ensuring quantum security. Namely, the overall software is written in JavaScript, and the performance core parts (secure hash algorithm-3-based operations and polynomial multiplication) are written in Wasm. Furthermore, we parallelize the number theoretic transform (NTT)-based polynomial multiplication using single instruction multiple data (SIMD) functionality, which is available in Wasm. The three steps in the NTT-based polynomial multiplication have been parallelized with Wasm SIMD intrinsic functions. Our software outperforms the latest reference implementation of Kyber developed in JavaScript by ×4.02 (resp. ×4.32 and ×4.1), ×3.42 (resp. ×3.52 and ×3.44), and ×3.41 (resp. ×3.44 and ×3.38) in terms of key generation, encapsulation, and decapsulation on Google Chrome (resp. Firefox, and Microsoft Edge). As far as we know, this is the first software implementation of Kyber with Wasm technology in the web environment.     

Ahead-of-time compilation of JavaScript programs

Modern virtual machines for JavaScript use just-in-time (JIT) compilation to produce binary code. JIT compilers cannot perform complex optimizations. In contrast, static compilation has unlimited capabilities for complex optimizing transformations, but it cannot be efficiently applied to dynamic languages, such as JavaScript. In this paper, a general approach to the ahead-of-time compilation of programs in dynamic languages is proposed, and this approach is used for improving two virtual machines JavaScript- Core and V8. In the implementation of the improved JavaScriptCore engine with ahead-of-time compilation, the specifics of using JavaScript programs as a part of locally stored applications for the ARM platform were taken into account. In the V8 engine for the x86-64 platform, the ahead-of-time compilation is implemented by caching an optimized internal representation in a separate file.     

An algebraic approach to the design of compilers for object-oriented languages

In this paper we describe an algebraic approach to construct provably correct compilers for object-oriented languages; this is illustrated for programs written in a language similar to a sequential subset of Java. It includes recursive classes, inheritance, dynamic binding, recursion, type casts and test, assignment, and class-based visibility, but a copy semantics. In our approach, we tackle the problem of compiler correctness by reducing the task of compilation to that of program refinement. Compilation is identified with the reduction of a source program to a normal form that models the execution of object code. The normal form is generated by a series of correctness-preserving transformations that are proved sound from the basic laws of the language; therefore it is correct by construction. The main advantages of our approach are the characterisation of compilation within a uniform framework, where comparisons and translations between semantics are avoided, and the modularity and extensibility of the resulting compiler.     

Refinement,conformance and inheritance

This paper establishes a language-independent framework for class-based inheritance using a generic concept of refinement. The framework is then realised in the process algebra CSP. Class membership is expressed in terms of conformance to some relabelling of a distinguished process (the class template). The approach of the paper facilitates rigorous examination of informal concepts in object-oriented design, and suggests the possibility of introducing an appealing methodology into CSP.An earlier version of this paper was presented at a Workshop on the Theory and Practice of Refinement, Open University, 10–12 January 1989.     

Scalable services via egress admission control

Allocating resources for multimedia traffic flows with real-time performance requirements is an important challenge for future packet networks. However, in large-scale networks, individually managing each traffic flow on each of its traversed routers has fundamental scalability limitations, in both the control plane's requirements for signaling, state management, and admission control, and the data plane's requirements for per-flow scheduling mechanisms. In this paper, we develop a scalable architecture and algorithm for quality-of-service management termed egress admission control. In our approach, resource management and admission control are performed only at egress routers, without any coordination among backbone nodes or per-flow management. Our key technique is to develop a framework for admission control under a general “black box” model, which allows for cross traffic that cannot be directly measured, and scheduling policies that may be ill-described across many network nodes. By monitoring and controlling egress routers' class-based arrival and service envelopes, we show how network services can be provisioned via scalable control at the network edge. We illustrate the performance of our approach with a set of simulation experiments using highly bursty traffic flows and find that despite our use of distributed admission control, our approach is able to accurately control the system's admissible region under a wide range of conditions