Hello all, I'm one of the maintainers of the Jalangi dynamic analysis framework for JavaScript:
https://github.com/SRA-SiliconValley/jalangi Jalangi works via source-to-source transformation, and we already have an implementation of many of the clients you listed (e.g., record/replay, taint analysis, NaN detection). One of our key pain points when analyzing web apps is trying to instrument all loaded code, so having a supported API to do so would be hugely helpful. We would find a source-to-source API most useful, and I agree with Rob that supporting S2S is a good way to go in terms of maximizing flexibility for tool builders. Apart from source-to-source transformation, it would be useful to us to have a supported way to load some scripts at initialization time (in our case, the Jalangi runtime libraries), so that instrumented code can call into those scripts. I will forward this thread to others who have worked on Jalangi to see if they have further feedback. We are highly supportive of this effort; I think a supported instrumentation API would make Firefox the browser of choice for those doing research on JavaScript dynamic analysis. Best, Manu ------------------------- Manu Sridharan Samsung Research America http://manu.sridharan.net On Wednesday, June 25, 2014 8:15:50 AM UTC-7, Jason Orendorff wrote: > We're considering building a JavaScript API for dynamic analysis of JS code. > > Here's the sort of thing you could do with it: > > > > - Gather code coverage information (useful for testing/release mgmt?) > > > > - Trace all object mutation and method calls (useful for devtools?) > > > > - Record/replay of JS execution (useful for devtools?) > > > > - Implement taint analysis (useful for the security team or devtools?) > > > > - Detect when a mathematical operation returns NaN (useful for game > > developers?) > > > > Note that the API would not directly offer all these features. Instead, it > > would offer some powerful but mind-boggling way of instrumenting all JS > > code. It would be up to you, the user, to configure the instrumentation, get > > useful data out of it, and display or analyze it. There would be some > > overhead > > when you turn this on; we don't know how much yet. > > > > We would present a detailed example of how to use the proposed API, but > > we are > > so early in the process that we're not even sure what it would look like. > > There are several possibilities. > > > > We need to know how to prioritize this work. We need to know what kind > > of API > > we should build. So we're looking for early adopters. If that's you, please > > speak up and tell us how you'd like to instrument JS code. > > > > -- > > Nicolas B. Pierron > > Jason Orendorff > > (JavaScript engine developers) _______________________________________________ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform
