Tuesday, July 02, 2013

Introducing Jalangi - for JavaScript developers

In the last few years, JavaScript has become the main tool to build rich web applications. But it has also shown some of its limitation. The nature of the language makes it so that very little tools have been provided to the developer for dynamic analysis.  Last September,  we started a research track to improve productivity of Javascript developers. Professor Koushik Sen from UC Berkeley has been working with our Lab team - to develop a framework to tackle this specific issue. The result is Jalangi. It is short for JAvascript LANguage INtelligence and it is also an Indian river which is a branch of the Ganges.

Jalangi is a framework that annotates and monitors JavaScript programs and can be used for running analysis dealing with validation/monitoring/debugging,etc...It provides a general framework that can be extended with plug-ins.
It is already implementing a few analysis tools such as selective record-and-play, taint analysis or the ability to infer likely types of objects fields and functions. More  interestingly, one of the plugin provides the first thorough implementation -as far as we know - of concolic testing for Javascript. Concolic testing is a mixture of  concrete execution (using particular concrete values as inputs) with symbolic execution - which treats program variables as symbolic variables. The symbolic execution piggy-backs on the concrete execution through instrumentalization of  the code. You basically identify through this method what are the concrete input values that allows you to comb through all the branches of the code. It provides a great tool to generate automatic test cases with high level coverage.

Bear in mind that all this is just the beginning, the idea of Jalangi is precisely to provide a framework to foster innovation in the area of JavaScript tools and productivity. There will be more things coming up. I will keep you posted. That is precisely why it has the architecture it has and why it is open source and can be found on github (https://github.com/SRA-SiliconValley/jalangi)

And since it is open source, you are welcome to join the fun and contribute! Send us feedback! Hope you like it.

PS: our team is presenting a paper on some aspects of Jalangi at ESEC/FSE 2013 in August in Saint Petersburg, Russia.

No comments: