Faculty of Informatics – Università della Svizzera italiana (USI)

Dynamic Analysis for Node.js Applications


NodeProf is an efficient dynamic analysis framework implemented for Graal.js based on the Truffle instrumentation framework. NodeProf extends the Truffle instrumentation framework and supports the same event set as Jalangi, a source-code instrumentation framework for JavaScript. NodeProf provides two programming models, i.e., 1) a JavaScript model which is compatible with existing Jalangi analyses in JavaScript, allowing developers to write new analyses directly in JavaScript, and 2) a Java API which can directly apply optimizations at the AST level (e.g., node specialization, node caching, and Graal compiler directives) and thus further benefits from the partial evaluation of the Graal compiler. With both APIs, our analyses can run up to three orders of magnitude faster than Jalangi. Moreover, the instrumentation can be dynamically switched on and off. Because of these new features, NodeProf enables many new dynamic analyses that are impossible to perform with other existing tools.

NodeProf has increasingly gained impact in both industry and academia. Several researchers from different organizations and research groups (e.g., Oracle Labs Australia, the research group of Prof. Frank Tip at Northeastern University, and the research group of Prof. Anders Moller at Aarhus University) are using NodeProf to develop new dynamic analyses for their research. Moreover, our research group has extensively used NodeProf: for developing AsyncG (a new debugging tool for the Node.js event loop) and for performing large-scale studies with NAB on the usage of promises and on the presence of JIT-unfriendly code patterns in open-source Node.js applications hosted on public repositories such as GitHub. Example tools that can be built with NodeProf include a security-related dynamic analysis tool used internally in Oracle, a taint analysis tool called Augur1 and a taint specification extraction tool2.

We have been providing support to NodeProf and we have actively extended it, adding new features (e.g., the support of endExpression, async/await, return, and for-loop event hooks), and improvements (e.g., advanced source filters to dynamically customize the scope of the instrumentation in the analysis) to help users implement new analysis tools.

NodeProf has been published at CC’18 [1] (candidate for the best-paper award) and was presented in the CGO Graal workshop [slides]. NodeProf has been released open-source on GitHub [A] and was selected as one of the demonstrating tools in Panathon’18, an hackathon targeting program analysis tools co-located with ECOOP’18.


Key Publications


[1] Haiyang Sun, Daniele Bonetta, Christian Humer, Walter Binder: Efficient Dynamic Analysis for Node.js. CC 2018: 196-206 [pdf][presentation at VMM’20 (video)]


Software


[A] See the software page


References


1 R. Karim, F. Tip, A. Sochurkova and K. Sen, “Platform-Independent Dynamic Taint Analysis for JavaScript , in IEEE Transactions on Software Engineering and ICSE 2019 Journal-First Papers. https://github.com/nuprl/augur
2 C. Staicu, M. T. Torp, M. Schäfer, A. Moller, and M. Pradel, “Extracting Taint Specifications for JavaScript Libraries”. ICSE 2020.