SlideShare a Scribd company logo

Transparent Object Proxies for JavaScript

Matthias Keil
Matthias Keil

February 24, 2016, Software Engineering-Konferenz, SE 2016 Vienna, Austria

Technology
1 of 41
Download to read offline
Transparent Object Proxies for JavaScript Matthias Keil1 , Omer Farooq1 , Sankha Narayan Guria2 , Andreas Schlegel1 , Manuel Geffken1 , Peter Thiemann1 1 University of Freiburg, Germany, 2 Indian Institute of Technology Jodhpur, India February 24, 2016, Software Engineering-Konferenz, SE 2016 Vienna, Austria
Motivation 92.8 % of all web sites use JavaScript1 1 according to http://w3techs.com/, status of February 2016 Keil et al. Transparent Object Proxies February 24, 2016 2 / 18
Motivation 92.8 % of all web sites use JavaScript1 Most important client-side language for web sites JavaScript programs are composed of third-party libraries (e.g. for calendars, maps, social networks) 1 according to http://w3techs.com/, status of February 2016 Keil et al. Transparent Object Proxies February 24, 2016 2 / 18
JavaScript Issues Executed code is a mix from different origins Code is accumulated by dynamic loading (e.g. eval, mashups) JavaScript has no security awareness Problems 1 Side effects may cause unexpected behavior 2 Program understanding and maintenance is difficult 3 Libraries may get access to sensitive data Keil et al. Transparent Object Proxies February 24, 2016 3 / 18
Challanges of JavaScript Developers All-or-nothing choice when including code Some scripts must have access the application state or are allowed to change it Some JavaScript fragments are ill-behaved Key Challenges 1 Manage untrusted JavaScript Code 2 Control the use of data by included scripts 3 Reason about effects of included scripts Keil et al. Transparent Object Proxies February 24, 2016 4 / 18
Possible Solutions CONTRACTS with RUN-TIME MONITORING Behavioral Contracts Assertions, pre-/postconditions, higher-order contracts [Findler & Felleisen 2002] [Keil & Thiemann 2015] Access Permission Contracts Monitor and control access paths [Keil & Thiemann 2013] Security Policies Monitor and enforce object behavior [Agten et al. 2012] Preserve Integrity Membranes, Revocable References [Van Cutsem & Miller 2010] Keil et al. Transparent Object Proxies February 24, 2016 5 / 18
Implementation of Contracts: JavaScript Proxies [Keil & Thiemann 2015] Handler Proxy Target Shadow Meta-Level Base-Level Keil et al. Transparent Object Proxies February 24, 2016 6 / 18
Implementation of Contracts: JavaScript Proxies [Keil & Thiemann 2015] Handler Proxy Target Shadow Proxy.x; Meta-Level Base-Level Keil et al. Transparent Object Proxies February 24, 2016 6 / 18
Implementation of Contracts: JavaScript Proxies [Keil & Thiemann 2015] Handler Proxy Target Shadow Proxy.x; Handler.get(Target, ’x’, Proxy); Meta-Level Base-Level Keil et al. Transparent Object Proxies February 24, 2016 6 / 18
Implementation of Contracts: JavaScript Proxies [Keil & Thiemann 2015] Handler Proxy Target Shadow Proxy.x; Handler.get(Target, ’x’, Proxy); Target[’x’]; Meta-Level Base-Level Keil et al. Transparent Object Proxies February 24, 2016 6 / 18
Implementation of Contracts: JavaScript Proxies [Keil & Thiemann 2015] Handler Proxy Target Shadow Proxy.x; Proxy.y=1; ... Handler.get(Target, ’x’, Proxy); Handler.set(Target, ’y’, 1, Proxy); ... Target[’x’]; Target[’y’]=1; ... Meta-Level Base-Level Keil et al. Transparent Object Proxies February 24, 2016 6 / 18
The Twist A Maintenance Scenario A programmer adds contracts to sensitive objects (e.g. to the arguments of a function) Program execution ends up in a mix of objects with and without contract The same object may appear with and without contract The original object may be compared with its contracted counterpart (e.g. by using ===) What happens? Keil et al. Transparent Object Proxies February 24, 2016 7 / 18
Opaque Proxies Proxies and Equality 1 var target = { /∗ some object ∗/ }; 2 var contracted = new Proxy (target, contractHandler); 3 // ... 4 target === contracted // evaluates to false Keil et al. Transparent Object Proxies February 24, 2016 8 / 18
Opaque Proxies Proxies and Equality 1 var target = { /∗ some object ∗/ }; 2 var contracted = new Proxy (target, contractHandler); 3 // ... 4 target === contracted // evaluates to false Consequence If a program uses object equality, then adding contracts may change the behaviour of well-behaved programs Keil et al. Transparent Object Proxies February 24, 2016 8 / 18
Does this happen in practice? Research Question 1 Does the contract implementation based on opaque proxies affect the meaning of realistic programs? Keil et al. Transparent Object Proxies February 24, 2016 9 / 18
Does this happen in practice? Research Question 1 Does the contract implementation based on opaque proxies affect the meaning of realistic programs? The Experiment Instrument the JavaScript engine to count and classify proxy-object comparisons Subject programs are taken from the Google Octane 2.0 Benchmark Suite Recursive object wrapper simulates a simple contract system by wrapping the arguments of a function Identity preserving membrane M maintains aliasing: M(t1) = M(t2) ⇒ t1 = t2 Keil et al. Transparent Object Proxies February 24, 2016 9 / 18
Classification of Proxy-Object Comparisons Type I: M1(t1) = t2 or M1(t1) = M2(t2) I-a. If t1 = t2, then result should be false. Same result for all implementations. I-b. If t1 = t2, then result should be true. False with JS proxies Type II: M(t1) = M(t2) II-a. If t1 = t2, then result should be false. Same result for all implementations. II-b. If t1 = t2, then result should be true. May be false with JS proxies if membrane not identity preserving Keil et al. Transparent Object Proxies February 24, 2016 10 / 18
Numbers of Comparisons involving Proxies Type-I Type-II Benchmark 2 Total I-a I-b II-a II-b DeltaBlue 144126 29228 1411 33789 79698 RayTrace 1075606 0 0 722703 352903 EarleyBoyer 87211 8651 6303 53389 18868 TypeScript 801436 599894 151297 20500 29745 2 The remaining benchmarks don’t do any proxy-object comparisons. Keil et al. Transparent Object Proxies February 24, 2016 11 / 18
Numbers of Comparisons involving Proxies Type-I Type-II Benchmark 2 Total I-a I-b II-a II-b DeltaBlue 144126 29228 1411 33789 79698 RayTrace 1075606 0 0 722703 352903 EarleyBoyer 87211 8651 6303 53389 18868 TypeScript 801436 599894 151297 20500 29745 Result Yes, it happens! A significant number of object comparisons fail when mixing opaque proxies and their target objects. 2 The remaining benchmarks don’t do any proxy-object comparisons. Keil et al. Transparent Object Proxies February 24, 2016 11 / 18
Transparent Proxies Transparent Proxies When comparing two objects for equality, a transparent proxy is (recursively) replaced by its target object. Suggested Use Implement projections, e.g. projection contracts Contracts become invisible Keil et al. Transparent Object Proxies February 24, 2016 12 / 18
Performance Research Question 2 Does the introduction of the transparent proxies affect the performance of non-proxy code? Keil et al. Transparent Object Proxies February 24, 2016 13 / 18
Performance Research Question 2 Does the introduction of the transparent proxies affect the performance of non-proxy code? The Testing Procedure Google Octane 2.0 Benchmark Suite IonMonkey turned off / baseline JIT turned off One run in each configuration Scores: Bigger is better Keil et al. Transparent Object Proxies February 24, 2016 13 / 18
Scores Origin Transparent Benchmark JIT Interpreter JIT Interpreter DeltaBlue 453 82.5 466 79.6 RayTrace 462 182 462 174 EarleyBoyer 909 275 913 270 ... ... ... ... ... TypeScript 3708 1241 3666 1203 Total Score 1594 456 1610 445 Keil et al. Transparent Object Proxies February 24, 2016 14 / 18
Scores Origin Transparent Benchmark JIT Interpreter JIT Interpreter DeltaBlue 453 82.5 466 79.6 RayTrace 462 182 462 174 EarleyBoyer 909 275 913 270 ... ... ... ... ... TypeScript 3708 1241 3666 1203 Total Score 1594 456 1610 445 Answer There is no measurable difference. The difference is within the range of measurement accuracy. Keil et al. Transparent Object Proxies February 24, 2016 14 / 18
The User Level Transparent Proxy Just a new Proxy Constructor 1 var proxy = new TransparentProxy (target, handler); 2 proxy === target // evaluates to true Caveat Transparent proxies are slippery! Library code may want to break the transparency (e.g. for efficiency reasons) Hard to manipulate because they have no identity Keil et al. Transparent Object Proxies February 24, 2016 15 / 18
The User Level Identity Realms Consists of a constructor for transparent proxies Provides an equals function revealing proxies of that realm Provides constructors for realm-aware data structures (e.g. Map, Set, WeakMap, WeakSet) Identity Realm 1 var realm = TransparentProxy.createRealm(); 2 var proxy = realm.Proxy (target, handler); 1 proxy === target; // evaluates to true 2 realm.equals(proxy, target); // evaluates to false Keil et al. Transparent Object Proxies February 24, 2016 16 / 18
In the Paper Discussion of different use cases of proxies with respect to the requirements on proxy transparency Discussion of the programmer’s expectations from an equality operator Discussion of alternative designs to obtain transparency Two different APIs for creating transparent proxies Draft implementation of an observer proxy that guarantee projection contracts Keil et al. Transparent Object Proxies February 24, 2016 17 / 18
Conclusion A significant number of object comparisons fail when mixing opaque proxies and their target objects Implementing contract systems with opaque proxies changes the semantics of contract-abiding programs Transparent proxies are a viable alternative Neither the transparent nor the opaque implementation is appropriate for all use cases To preserve programmer expectations, transparent proxies should be used as observer proxies (cf. Chaperones vs. Impersonators in Racket) Keil et al. Transparent Object Proxies February 24, 2016 18 / 18
The User Level Maps, Sets, and other Data Structures Data structures depending on object equality needs to handle transparent proxies If obj1==obj2 then map.get(obj1)==map.get(obj2) Normal Map 1 var realm = TransparentProxy.createRealm(); 2 var tproxy1 = realm.Proxy (target, handler); 3 var tproxy2 = realm.Proxy (target, handler); 1 var map = new Map(); 2 map.add(tproxy1, 1); // map : [#target −> (tproxy1, 1)] 3 map.add(tproxy2, 2); // map : [#target −> (tproxy2, 2)] Keil et al. Transparent Object Proxies February 24, 2016 1 / 5
The User Level Maps, Sets, and other Data Structures Realm-aware Map 1 var realm = TransparentProxy.createRealm(); 2 var tproxy1 = realm.Proxy (target, handler); 3 var tproxy2 = realm.Proxy (target, handler); 1 var map = realm.Map(); 2 map.add(tproxy1, 1); // map : [#tproxy1 −> (tproxy1, 1)] 3 map.add(tproxy2, 2); // map : [..., #tproxy2 −> (tproxy2, 2)] Keil et al. Transparent Object Proxies February 24, 2016 2 / 5
An Example Proxies and Equality Let x, f, g be some global elements: 1 var x = { /∗ some object ∗/ }; 2 var f = function (y) { return x===y } 3 var g = function (f, x) { return f(x) } Keil et al. Transparent Object Proxies February 24, 2016 3 / 5
An Example Proxies and Equality Let x, f, g be some global elements: 1 var x = { /∗ some object ∗/ }; 2 var f = function (y) { return x===y } 3 var g = function (f, x) { return f(x) } Let C, D be two contracts implemented by proxies: 1 var h = g @ ([(C −> Any), D] −> Any) Keil et al. Transparent Object Proxies February 24, 2016 3 / 5
An Example Proxies and Equality Let x, f, g be some global elements: 1 var x = { /∗ some object ∗/ }; 2 var f = function (y) { return x===y } 3 var g = function (f, x) { return f(x) } Let C, D be two contracts implemented by proxies: 1 var h = g @ ([(C −> Any), D] −> Any) The execution ends up in: 1 new Proxy(x, C Handler)) === new Proxy(x, D Handler)) Keil et al. Transparent Object Proxies February 24, 2016 3 / 5
An Example Proxies and Equality Let x, f, g be some global elements: 1 var x = { /∗ some object ∗/ }; 2 var f = function (y) { return x===y } 3 var g = function (f, x) { return f(x) } Let C, D be two contracts implemented by proxies: 1 var h = g @ ([(C −> Any), D] −> Any) The execution ends up in: 1 new Proxy(x, C Handler)) === new Proxy(x, D Handler)) Execution ends up in false instead of true! Keil et al. Transparent Object Proxies February 24, 2016 3 / 5
Identity Preserving Membrane [Van Cutsem & Miller 2010] ProxyA ?ProxyB ProxyC TargetA TargetB TargetC Keil et al. Transparent Object Proxies February 24, 2016 4 / 5
Identity Preserving Membrane [Van Cutsem & Miller 2010] ProxyA ?ProxyB ProxyC TargetA TargetB TargetC x Keil et al. Transparent Object Proxies February 24, 2016 4 / 5
Identity Preserving Membrane [Van Cutsem & Miller 2010] ProxyA ?ProxyB ProxyC TargetA TargetB TargetC x x Keil et al. Transparent Object Proxies February 24, 2016 4 / 5
Identity Preserving Membrane [Van Cutsem & Miller 2010] ProxyA ?ProxyB ProxyC TargetA TargetB TargetC x x Keil et al. Transparent Object Proxies February 24, 2016 4 / 5
Identity Preserving Membrane [Van Cutsem & Miller 2010] ProxyA ?ProxyB ProxyC TargetA TargetB TargetC x y x y Keil et al. Transparent Object Proxies February 24, 2016 4 / 5
Identity Preserving Membrane [Van Cutsem & Miller 2010] ProxyA ?ProxyB ProxyC TargetA TargetB TargetC x z y x z y Keil et al. Transparent Object Proxies February 24, 2016 4 / 5
Origin Transparent Benchmark No-Ion No-JIT No-Ion No-JIT Richards 505 64.8 509 64.3 DeltaBlue 453 82.5 466 79.6 Crypto 817 111 793 109 RayTrace 462 182 462 174 EarleyBoyer 909 275 913 270 RegExp 853 371 871 365 Splay 802 409 857 409 SplayLatency 1172 1336 1231 1338 NavierStokes 841 155 834 148 pdf.js 2759 704 2793 691 Mandreel 691 82.5 688 78.5 MandreelLatency 3803 526 3829 503 Gameboy Emulator 4275 556 4382 540 Code loading 9063 9439 9114 9502 Box2DWeb 1726 289 1736 282 zlib 28981 29052 28909 29108 TypeScript 3708 1241 3666 1203 Keil et al. Transparent Object Proxies February 24, 2016 5 / 5

Recommended

Introduction to R2DBC
Introduction to R2DBCIntroduction to R2DBC
Introduction to R2DBCRob Hedgpeth
 
Where are yours vertexes and what are they talking about?
Where are yours vertexes and what are they talking about?Where are yours vertexes and what are they talking about?
Where are yours vertexes and what are they talking about?Roberto Franchini
 
The relationship between test and production code quality (@ SIG)
The relationship between test and production code quality (@ SIG)The relationship between test and production code quality (@ SIG)
The relationship between test and production code quality (@ SIG)Maurício Aniche
 
What the hell is your software doing at runtime?
What the hell is your software doing at runtime?What the hell is your software doing at runtime?
What the hell is your software doing at runtime?Roberto Franchini
 
Keeping up a Competitive Ceph/RadosGW S3 API (Cephalocon Barcelona 2019)
Keeping up a Competitive Ceph/RadosGW S3 API (Cephalocon Barcelona 2019)Keeping up a Competitive Ceph/RadosGW S3 API (Cephalocon Barcelona 2019)
Keeping up a Competitive Ceph/RadosGW S3 API (Cephalocon Barcelona 2019)Igalia
 
SVR17: Data-Intensive Computing on Windows HPC Server with the ...
SVR17: Data-Intensive Computing on Windows HPC Server with the ...SVR17: Data-Intensive Computing on Windows HPC Server with the ...
SVR17: Data-Intensive Computing on Windows HPC Server with the ...butest
 
Viber katarzyna kołodziej
Viber katarzyna kołodziejViber katarzyna kołodziej
Viber katarzyna kołodziejkasiczek23
 
основные направления_метод._работы_2015-2016_етстсо_
основные направления_метод._работы_2015-2016_етстсо_ основные направления_метод._работы_2015-2016_етстсо_
основные направления_метод._работы_2015-2016_етстсо_vikaevp
 

Recommended

Introduction to R2DBC
Introduction to R2DBCIntroduction to R2DBC
Introduction to R2DBCRob Hedgpeth
 
Where are yours vertexes and what are they talking about?
Where are yours vertexes and what are they talking about?Where are yours vertexes and what are they talking about?
Where are yours vertexes and what are they talking about?Roberto Franchini
 
The relationship between test and production code quality (@ SIG)
The relationship between test and production code quality (@ SIG)The relationship between test and production code quality (@ SIG)
The relationship between test and production code quality (@ SIG)Maurício Aniche
 
What the hell is your software doing at runtime?
What the hell is your software doing at runtime?What the hell is your software doing at runtime?
What the hell is your software doing at runtime?Roberto Franchini
 
Keeping up a Competitive Ceph/RadosGW S3 API (Cephalocon Barcelona 2019)
Keeping up a Competitive Ceph/RadosGW S3 API (Cephalocon Barcelona 2019)Keeping up a Competitive Ceph/RadosGW S3 API (Cephalocon Barcelona 2019)
Keeping up a Competitive Ceph/RadosGW S3 API (Cephalocon Barcelona 2019)Igalia
 
SVR17: Data-Intensive Computing on Windows HPC Server with the ...
SVR17: Data-Intensive Computing on Windows HPC Server with the ...SVR17: Data-Intensive Computing on Windows HPC Server with the ...
SVR17: Data-Intensive Computing on Windows HPC Server with the ...butest
 
Viber katarzyna kołodziej
Viber katarzyna kołodziejViber katarzyna kołodziej
Viber katarzyna kołodziejkasiczek23
 
основные направления_метод._работы_2015-2016_етстсо_
основные направления_метод._работы_2015-2016_етстсо_ основные направления_метод._работы_2015-2016_етстсо_
основные направления_метод._работы_2015-2016_етстсо_vikaevp
 
Europa
EuropaEuropa
Europatrixi nicolas
 
Technikwürze - Vorstellung und Hintergründe zum Podcast für Webentwickler
Technikwürze - Vorstellung und Hintergründe zum Podcast für WebentwicklerTechnikwürze - Vorstellung und Hintergründe zum Podcast für Webentwickler
Technikwürze - Vorstellung und Hintergründe zum Podcast für WebentwicklerDavid Maciejewski
 
Spelling
SpellingSpelling
SpellingJelena Majkic
 
África
África África
África trixi nicolas
 
Research methods
Research methodsResearch methods
Research methodsArfan rai
 
Desarrollo sostenible
Desarrollo sostenibleDesarrollo sostenible
Desarrollo sostenibleMariaezquivel
 
Dna sequencing
Dna sequencingDna sequencing
Dna sequencingNeeraj Sharma
 
MentalHealthParity
MentalHealthParityMentalHealthParity
MentalHealthParityTim Rozelle
 
Icelandic-Fish-and-Seafood-Catalogue_English (1)
Icelandic-Fish-and-Seafood-Catalogue_English (1)Icelandic-Fish-and-Seafood-Catalogue_English (1)
Icelandic-Fish-and-Seafood-Catalogue_English (1)Thuc To
 
key concepts of marketing 1
key concepts of marketing 1key concepts of marketing 1
key concepts of marketing 1Neeraj Sharma
 
Baisse de concentration suite à interruption
Baisse de concentration suite à interruptionBaisse de concentration suite à interruption
Baisse de concentration suite à interruptionaproposdelles
 
Notes how to work with variables, constants and do calculations
Notes how to work with variables, constants and do calculationsNotes how to work with variables, constants and do calculations
Notes how to work with variables, constants and do calculationsWilliam Olivier
 
Pmilq colloque 2018 b. monla intelligence artificielle appliquee a l analyse ...
Pmilq colloque 2018 b. monla intelligence artificielle appliquee a l analyse ...Pmilq colloque 2018 b. monla intelligence artificielle appliquee a l analyse ...
Pmilq colloque 2018 b. monla intelligence artificielle appliquee a l analyse ...PMI Lévis-Québec
 
Glasswall Wardley Maps & Services
Glasswall Wardley Maps & ServicesGlasswall Wardley Maps & Services
Glasswall Wardley Maps & ServicesSteve Purkis
 
A Decade of Comment Quality Assessment: A Systematic Literature Review
A Decade of Comment Quality Assessment: A Systematic Literature ReviewA Decade of Comment Quality Assessment: A Systematic Literature Review
A Decade of Comment Quality Assessment: A Systematic Literature ReviewPooja Rani
 
Analytics of Performance and Data Quality for Mobile Edge Cloud Applications
Analytics of Performance and Data Quality for Mobile Edge Cloud ApplicationsAnalytics of Performance and Data Quality for Mobile Edge Cloud Applications
Analytics of Performance and Data Quality for Mobile Edge Cloud ApplicationsHong-Linh Truong
 
Qtp interview questions
Qtp interview questionsQtp interview questions
Qtp interview questionsRamu Palanki
 
Qtp interview questions
Qtp interview questionsQtp interview questions
Qtp interview questionsRamu Palanki
 
Icsm08a.ppt
Icsm08a.pptIcsm08a.ppt
Icsm08a.pptYann-Gaël Guéhéneuc
 
Runtime Behavior of JavaScript Programs
Runtime Behavior of JavaScript ProgramsRuntime Behavior of JavaScript Programs
Runtime Behavior of JavaScript ProgramsIRJET Journal
 
apidays LIVE London 2021 - API Security in Highly Volatile Threat Landscapes ...
apidays LIVE London 2021 - API Security in Highly Volatile Threat Landscapes ...apidays LIVE London 2021 - API Security in Highly Volatile Threat Landscapes ...
apidays LIVE London 2021 - API Security in Highly Volatile Threat Landscapes ...apidays
 
Lecture08 computer applicationsie1_dratifshahzad
Lecture08 computer applicationsie1_dratifshahzadLecture08 computer applicationsie1_dratifshahzad
Lecture08 computer applicationsie1_dratifshahzadAtif Shahzad
 

More Related Content

Viewers also liked

Technikwürze - Vorstellung und Hintergründe zum Podcast für Webentwickler
Technikwürze - Vorstellung und Hintergründe zum Podcast für WebentwicklerTechnikwürze - Vorstellung und Hintergründe zum Podcast für Webentwickler
Technikwürze - Vorstellung und Hintergründe zum Podcast für WebentwicklerDavid Maciejewski
 
Research methods
Research methodsResearch methods
Research methodsArfan rai
 
Desarrollo sostenible
Desarrollo sostenibleDesarrollo sostenible
Desarrollo sostenibleMariaezquivel
 
MentalHealthParity
MentalHealthParityMentalHealthParity
MentalHealthParityTim Rozelle
 
Icelandic-Fish-and-Seafood-Catalogue_English (1)
Icelandic-Fish-and-Seafood-Catalogue_English (1)Icelandic-Fish-and-Seafood-Catalogue_English (1)
Icelandic-Fish-and-Seafood-Catalogue_English (1)Thuc To
 
key concepts of marketing 1
key concepts of marketing 1key concepts of marketing 1
key concepts of marketing 1Neeraj Sharma
 
Baisse de concentration suite à interruption
Baisse de concentration suite à interruptionBaisse de concentration suite à interruption
Baisse de concentration suite à interruptionaproposdelles
 
Notes how to work with variables, constants and do calculations
Notes how to work with variables, constants and do calculationsNotes how to work with variables, constants and do calculations
Notes how to work with variables, constants and do calculationsWilliam Olivier
 

Viewers also liked (12)

Europa
EuropaEuropa
Europa
 
Technikwürze - Vorstellung und Hintergründe zum Podcast für Webentwickler
Technikwürze - Vorstellung und Hintergründe zum Podcast für WebentwicklerTechnikwürze - Vorstellung und Hintergründe zum Podcast für Webentwickler
Technikwürze - Vorstellung und Hintergründe zum Podcast für Webentwickler
 
Spelling
SpellingSpelling
Spelling
 
África
África África
África
 
Research methods
Research methodsResearch methods
Research methods
 
Desarrollo sostenible
Desarrollo sostenibleDesarrollo sostenible
Desarrollo sostenible
 
Dna sequencing
Dna sequencingDna sequencing
Dna sequencing
 
MentalHealthParity
MentalHealthParityMentalHealthParity
MentalHealthParity
 
Icelandic-Fish-and-Seafood-Catalogue_English (1)
Icelandic-Fish-and-Seafood-Catalogue_English (1)Icelandic-Fish-and-Seafood-Catalogue_English (1)
Icelandic-Fish-and-Seafood-Catalogue_English (1)
 
key concepts of marketing 1
key concepts of marketing 1key concepts of marketing 1
key concepts of marketing 1
 
Baisse de concentration suite à interruption
Baisse de concentration suite à interruptionBaisse de concentration suite à interruption
Baisse de concentration suite à interruption
 
Notes how to work with variables, constants and do calculations
Notes how to work with variables, constants and do calculationsNotes how to work with variables, constants and do calculations
Notes how to work with variables, constants and do calculations
 

Similar to Transparent Object Proxies for JavaScript

Pmilq colloque 2018 b. monla intelligence artificielle appliquee a l analyse ...
Pmilq colloque 2018 b. monla intelligence artificielle appliquee a l analyse ...Pmilq colloque 2018 b. monla intelligence artificielle appliquee a l analyse ...
Pmilq colloque 2018 b. monla intelligence artificielle appliquee a l analyse ...PMI Lévis-Québec
 
Glasswall Wardley Maps & Services
Glasswall Wardley Maps & ServicesGlasswall Wardley Maps & Services
Glasswall Wardley Maps & ServicesSteve Purkis
 
A Decade of Comment Quality Assessment: A Systematic Literature Review
A Decade of Comment Quality Assessment: A Systematic Literature ReviewA Decade of Comment Quality Assessment: A Systematic Literature Review
A Decade of Comment Quality Assessment: A Systematic Literature ReviewPooja Rani
 
Analytics of Performance and Data Quality for Mobile Edge Cloud Applications
Analytics of Performance and Data Quality for Mobile Edge Cloud ApplicationsAnalytics of Performance and Data Quality for Mobile Edge Cloud Applications
Analytics of Performance and Data Quality for Mobile Edge Cloud ApplicationsHong-Linh Truong
 
Qtp interview questions
Qtp interview questionsQtp interview questions
Qtp interview questionsRamu Palanki
 
Qtp interview questions
Qtp interview questionsQtp interview questions
Qtp interview questionsRamu Palanki
 
Runtime Behavior of JavaScript Programs
Runtime Behavior of JavaScript ProgramsRuntime Behavior of JavaScript Programs
Runtime Behavior of JavaScript ProgramsIRJET Journal
 
apidays LIVE London 2021 - API Security in Highly Volatile Threat Landscapes ...
apidays LIVE London 2021 - API Security in Highly Volatile Threat Landscapes ...apidays LIVE London 2021 - API Security in Highly Volatile Threat Landscapes ...
apidays LIVE London 2021 - API Security in Highly Volatile Threat Landscapes ...apidays
 
Lecture08 computer applicationsie1_dratifshahzad
Lecture08 computer applicationsie1_dratifshahzadLecture08 computer applicationsie1_dratifshahzad
Lecture08 computer applicationsie1_dratifshahzadAtif Shahzad
 
USING CATEGORICAL FEATURES IN MINING BUG TRACKING SYSTEMS TO ASSIGN BUG REPORTS
USING CATEGORICAL FEATURES IN MINING BUG TRACKING SYSTEMS TO ASSIGN BUG REPORTSUSING CATEGORICAL FEATURES IN MINING BUG TRACKING SYSTEMS TO ASSIGN BUG REPORTS
USING CATEGORICAL FEATURES IN MINING BUG TRACKING SYSTEMS TO ASSIGN BUG REPORTSijseajournal
 
OpenWhisk - A platform for cloud native, serverless, event driven apps
OpenWhisk - A platform for cloud native, serverless, event driven appsOpenWhisk - A platform for cloud native, serverless, event driven apps
OpenWhisk - A platform for cloud native, serverless, event driven appsDaniel Krook
 
Technical Validation through Automated Testing
Technical Validation through Automated TestingTechnical Validation through Automated Testing
Technical Validation through Automated TestingMartin Chapman
 
STATICMOCK : A Mock Object Framework for Compiled Languages
STATICMOCK : A Mock Object Framework for Compiled Languages STATICMOCK : A Mock Object Framework for Compiled Languages
STATICMOCK : A Mock Object Framework for Compiled Languages ijseajournal
 
Cloud-Native Fundamentals: Accelerating Development with Continuous Integration
Cloud-Native Fundamentals: Accelerating Development with Continuous IntegrationCloud-Native Fundamentals: Accelerating Development with Continuous Integration
Cloud-Native Fundamentals: Accelerating Development with Continuous IntegrationVMware Tanzu
 
On Contracts and Sandboxes for JavaScript
On Contracts and Sandboxes for JavaScriptOn Contracts and Sandboxes for JavaScript
On Contracts and Sandboxes for JavaScriptMatthias Keil
 
Live Coding 12 Factor App
Live Coding 12 Factor AppLive Coding 12 Factor App
Live Coding 12 Factor AppEmily Jiang
 
Partial Object Detection in Inclined Weather Conditions
Partial Object Detection in Inclined Weather ConditionsPartial Object Detection in Inclined Weather Conditions
Partial Object Detection in Inclined Weather ConditionsIRJET Journal
 

Similar to Transparent Object Proxies for JavaScript (20)

Pmilq colloque 2018 b. monla intelligence artificielle appliquee a l analyse ...
Pmilq colloque 2018 b. monla intelligence artificielle appliquee a l analyse ...Pmilq colloque 2018 b. monla intelligence artificielle appliquee a l analyse ...
Pmilq colloque 2018 b. monla intelligence artificielle appliquee a l analyse ...
 
Glasswall Wardley Maps & Services
Glasswall Wardley Maps & ServicesGlasswall Wardley Maps & Services
Glasswall Wardley Maps & Services
 
A Decade of Comment Quality Assessment: A Systematic Literature Review
A Decade of Comment Quality Assessment: A Systematic Literature ReviewA Decade of Comment Quality Assessment: A Systematic Literature Review
A Decade of Comment Quality Assessment: A Systematic Literature Review
 
Analytics of Performance and Data Quality for Mobile Edge Cloud Applications
Analytics of Performance and Data Quality for Mobile Edge Cloud ApplicationsAnalytics of Performance and Data Quality for Mobile Edge Cloud Applications
Analytics of Performance and Data Quality for Mobile Edge Cloud Applications
 
Qtp interview questions
Qtp interview questionsQtp interview questions
Qtp interview questions
 
Qtp interview questions
Qtp interview questionsQtp interview questions
Qtp interview questions
 
Icsm08a.ppt
Icsm08a.pptIcsm08a.ppt
Icsm08a.ppt
 
Runtime Behavior of JavaScript Programs
Runtime Behavior of JavaScript ProgramsRuntime Behavior of JavaScript Programs
Runtime Behavior of JavaScript Programs
 
apidays LIVE London 2021 - API Security in Highly Volatile Threat Landscapes ...
apidays LIVE London 2021 - API Security in Highly Volatile Threat Landscapes ...apidays LIVE London 2021 - API Security in Highly Volatile Threat Landscapes ...
apidays LIVE London 2021 - API Security in Highly Volatile Threat Landscapes ...
 
Lecture08 computer applicationsie1_dratifshahzad
Lecture08 computer applicationsie1_dratifshahzadLecture08 computer applicationsie1_dratifshahzad
Lecture08 computer applicationsie1_dratifshahzad
 
C04701019027
C04701019027C04701019027
C04701019027
 
USING CATEGORICAL FEATURES IN MINING BUG TRACKING SYSTEMS TO ASSIGN BUG REPORTS
USING CATEGORICAL FEATURES IN MINING BUG TRACKING SYSTEMS TO ASSIGN BUG REPORTSUSING CATEGORICAL FEATURES IN MINING BUG TRACKING SYSTEMS TO ASSIGN BUG REPORTS
USING CATEGORICAL FEATURES IN MINING BUG TRACKING SYSTEMS TO ASSIGN BUG REPORTS
 
OpenWhisk - A platform for cloud native, serverless, event driven apps
OpenWhisk - A platform for cloud native, serverless, event driven appsOpenWhisk - A platform for cloud native, serverless, event driven apps
OpenWhisk - A platform for cloud native, serverless, event driven apps
 
Integrating vert.x v2
Integrating vert.x v2Integrating vert.x v2
Integrating vert.x v2
 
Technical Validation through Automated Testing
Technical Validation through Automated TestingTechnical Validation through Automated Testing
Technical Validation through Automated Testing
 
STATICMOCK : A Mock Object Framework for Compiled Languages
STATICMOCK : A Mock Object Framework for Compiled Languages STATICMOCK : A Mock Object Framework for Compiled Languages
STATICMOCK : A Mock Object Framework for Compiled Languages
 
Cloud-Native Fundamentals: Accelerating Development with Continuous Integration
Cloud-Native Fundamentals: Accelerating Development with Continuous IntegrationCloud-Native Fundamentals: Accelerating Development with Continuous Integration
Cloud-Native Fundamentals: Accelerating Development with Continuous Integration
 
On Contracts and Sandboxes for JavaScript
On Contracts and Sandboxes for JavaScriptOn Contracts and Sandboxes for JavaScript
On Contracts and Sandboxes for JavaScript
 
Live Coding 12 Factor App
Live Coding 12 Factor AppLive Coding 12 Factor App
Live Coding 12 Factor App
 
Partial Object Detection in Inclined Weather Conditions
Partial Object Detection in Inclined Weather ConditionsPartial Object Detection in Inclined Weather Conditions
Partial Object Detection in Inclined Weather Conditions
 

More from Matthias Keil

On Contracts, Sandboxes, and Proxies for JavaScript
On Contracts, Sandboxes, and Proxies for JavaScriptOn Contracts, Sandboxes, and Proxies for JavaScript
On Contracts, Sandboxes, and Proxies for JavaScriptMatthias Keil
 
Blame Assignment for Higher-Order Contracts with Intersection and Union
Blame Assignment for Higher-Order Contracts with Intersection and UnionBlame Assignment for Higher-Order Contracts with Intersection and Union
Blame Assignment for Higher-Order Contracts with Intersection and UnionMatthias Keil
 
TreatJS: Higher-Order Contracts for JavaScripts
TreatJS: Higher-Order Contracts for JavaScriptsTreatJS: Higher-Order Contracts for JavaScripts
TreatJS: Higher-Order Contracts for JavaScriptsMatthias Keil
 
Symbolic Solving of Extended Regular Expression Inequalities
Symbolic Solving of Extended Regular Expression InequalitiesSymbolic Solving of Extended Regular Expression Inequalities
Symbolic Solving of Extended Regular Expression InequalitiesMatthias Keil
 
TreatJS: Higher-Order Contracts for JavaScript
TreatJS: Higher-Order Contracts for JavaScriptTreatJS: Higher-Order Contracts for JavaScript
TreatJS: Higher-Order Contracts for JavaScriptMatthias Keil
 
Efficient Dynamic Access Analysis Using JavaScript Proxies
Efficient Dynamic Access Analysis Using JavaScript ProxiesEfficient Dynamic Access Analysis Using JavaScript Proxies
Efficient Dynamic Access Analysis Using JavaScript ProxiesMatthias Keil
 
Type-based Dependency Analysis for JavaScript
Type-based Dependency Analysis for JavaScriptType-based Dependency Analysis for JavaScript
Type-based Dependency Analysis for JavaScriptMatthias Keil
 
Type-based Dependency Analysis
Type-based Dependency AnalysisType-based Dependency Analysis
Type-based Dependency AnalysisMatthias Keil
 

More from Matthias Keil (8)

On Contracts, Sandboxes, and Proxies for JavaScript
On Contracts, Sandboxes, and Proxies for JavaScriptOn Contracts, Sandboxes, and Proxies for JavaScript
On Contracts, Sandboxes, and Proxies for JavaScript
 
Blame Assignment for Higher-Order Contracts with Intersection and Union
Blame Assignment for Higher-Order Contracts with Intersection and UnionBlame Assignment for Higher-Order Contracts with Intersection and Union
Blame Assignment for Higher-Order Contracts with Intersection and Union
 
TreatJS: Higher-Order Contracts for JavaScripts
TreatJS: Higher-Order Contracts for JavaScriptsTreatJS: Higher-Order Contracts for JavaScripts
TreatJS: Higher-Order Contracts for JavaScripts
 
Symbolic Solving of Extended Regular Expression Inequalities
Symbolic Solving of Extended Regular Expression InequalitiesSymbolic Solving of Extended Regular Expression Inequalities
Symbolic Solving of Extended Regular Expression Inequalities
 
TreatJS: Higher-Order Contracts for JavaScript
TreatJS: Higher-Order Contracts for JavaScriptTreatJS: Higher-Order Contracts for JavaScript
TreatJS: Higher-Order Contracts for JavaScript
 
Efficient Dynamic Access Analysis Using JavaScript Proxies
Efficient Dynamic Access Analysis Using JavaScript ProxiesEfficient Dynamic Access Analysis Using JavaScript Proxies
Efficient Dynamic Access Analysis Using JavaScript Proxies
 
Type-based Dependency Analysis for JavaScript
Type-based Dependency Analysis for JavaScriptType-based Dependency Analysis for JavaScript
Type-based Dependency Analysis for JavaScript
 
Type-based Dependency Analysis
Type-based Dependency AnalysisType-based Dependency Analysis
Type-based Dependency Analysis
 

Recently uploaded

Introduction to use of FHIR Documents in ABDM
Introduction to use of FHIR Documents in ABDMIntroduction to use of FHIR Documents in ABDM
Introduction to use of FHIR Documents in ABDMKumar Satyam
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobeapidays
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxRustici Software
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...DianaGray10
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 
WSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering DevelopersWSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering DevelopersWSO2
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDropbox
 
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot ModelMcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot ModelDeepika Singh
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...apidays
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAndrey Devyatkin
 
Vector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptxVector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptxRemote DBA Services
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...apidays
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistandanishmna97
 
Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Zilliz
 
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)Samir Dash
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Orbitshub
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MIND CTI
 

Recently uploaded (20)

Introduction to use of FHIR Documents in ABDM
Introduction to use of FHIR Documents in ABDMIntroduction to use of FHIR Documents in ABDM
Introduction to use of FHIR Documents in ABDM
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
WSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering DevelopersWSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering Developers
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot ModelMcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..
 
Vector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptxVector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptx
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistan
 
Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)
 
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 

Transparent Object Proxies for JavaScript

  • 1. Transparent Object Proxies for JavaScript Matthias Keil1 , Omer Farooq1 , Sankha Narayan Guria2 , Andreas Schlegel1 , Manuel Geffken1 , Peter Thiemann1 1 University of Freiburg, Germany, 2 Indian Institute of Technology Jodhpur, India February 24, 2016, Software Engineering-Konferenz, SE 2016 Vienna, Austria
  • 2. Motivation 92.8 % of all web sites use JavaScript1 1 according to http://w3techs.com/, status of February 2016 Keil et al. Transparent Object Proxies February 24, 2016 2 / 18
  • 3. Motivation 92.8 % of all web sites use JavaScript1 Most important client-side language for web sites JavaScript programs are composed of third-party libraries (e.g. for calendars, maps, social networks) 1 according to http://w3techs.com/, status of February 2016 Keil et al. Transparent Object Proxies February 24, 2016 2 / 18
  • 4. JavaScript Issues Executed code is a mix from different origins Code is accumulated by dynamic loading (e.g. eval, mashups) JavaScript has no security awareness Problems 1 Side effects may cause unexpected behavior 2 Program understanding and maintenance is difficult 3 Libraries may get access to sensitive data Keil et al. Transparent Object Proxies February 24, 2016 3 / 18
  • 5. Challanges of JavaScript Developers All-or-nothing choice when including code Some scripts must have access the application state or are allowed to change it Some JavaScript fragments are ill-behaved Key Challenges 1 Manage untrusted JavaScript Code 2 Control the use of data by included scripts 3 Reason about effects of included scripts Keil et al. Transparent Object Proxies February 24, 2016 4 / 18
  • 6. Possible Solutions CONTRACTS with RUN-TIME MONITORING Behavioral Contracts Assertions, pre-/postconditions, higher-order contracts [Findler & Felleisen 2002] [Keil & Thiemann 2015] Access Permission Contracts Monitor and control access paths [Keil & Thiemann 2013] Security Policies Monitor and enforce object behavior [Agten et al. 2012] Preserve Integrity Membranes, Revocable References [Van Cutsem & Miller 2010] Keil et al. Transparent Object Proxies February 24, 2016 5 / 18
  • 7. Implementation of Contracts: JavaScript Proxies [Keil & Thiemann 2015] Handler Proxy Target Shadow Meta-Level Base-Level Keil et al. Transparent Object Proxies February 24, 2016 6 / 18
  • 8. Implementation of Contracts: JavaScript Proxies [Keil & Thiemann 2015] Handler Proxy Target Shadow Proxy.x; Meta-Level Base-Level Keil et al. Transparent Object Proxies February 24, 2016 6 / 18
  • 9. Implementation of Contracts: JavaScript Proxies [Keil & Thiemann 2015] Handler Proxy Target Shadow Proxy.x; Handler.get(Target, ’x’, Proxy); Meta-Level Base-Level Keil et al. Transparent Object Proxies February 24, 2016 6 / 18
  • 10. Implementation of Contracts: JavaScript Proxies [Keil & Thiemann 2015] Handler Proxy Target Shadow Proxy.x; Handler.get(Target, ’x’, Proxy); Target[’x’]; Meta-Level Base-Level Keil et al. Transparent Object Proxies February 24, 2016 6 / 18
  • 11. Implementation of Contracts: JavaScript Proxies [Keil & Thiemann 2015] Handler Proxy Target Shadow Proxy.x; Proxy.y=1; ... Handler.get(Target, ’x’, Proxy); Handler.set(Target, ’y’, 1, Proxy); ... Target[’x’]; Target[’y’]=1; ... Meta-Level Base-Level Keil et al. Transparent Object Proxies February 24, 2016 6 / 18
  • 12. The Twist A Maintenance Scenario A programmer adds contracts to sensitive objects (e.g. to the arguments of a function) Program execution ends up in a mix of objects with and without contract The same object may appear with and without contract The original object may be compared with its contracted counterpart (e.g. by using ===) What happens? Keil et al. Transparent Object Proxies February 24, 2016 7 / 18
  • 13. Opaque Proxies Proxies and Equality 1 var target = { /∗ some object ∗/ }; 2 var contracted = new Proxy (target, contractHandler); 3 // ... 4 target === contracted // evaluates to false Keil et al. Transparent Object Proxies February 24, 2016 8 / 18
  • 14. Opaque Proxies Proxies and Equality 1 var target = { /∗ some object ∗/ }; 2 var contracted = new Proxy (target, contractHandler); 3 // ... 4 target === contracted // evaluates to false Consequence If a program uses object equality, then adding contracts may change the behaviour of well-behaved programs Keil et al. Transparent Object Proxies February 24, 2016 8 / 18
  • 15. Does this happen in practice? Research Question 1 Does the contract implementation based on opaque proxies affect the meaning of realistic programs? Keil et al. Transparent Object Proxies February 24, 2016 9 / 18
  • 16. Does this happen in practice? Research Question 1 Does the contract implementation based on opaque proxies affect the meaning of realistic programs? The Experiment Instrument the JavaScript engine to count and classify proxy-object comparisons Subject programs are taken from the Google Octane 2.0 Benchmark Suite Recursive object wrapper simulates a simple contract system by wrapping the arguments of a function Identity preserving membrane M maintains aliasing: M(t1) = M(t2) ⇒ t1 = t2 Keil et al. Transparent Object Proxies February 24, 2016 9 / 18
  • 17. Classification of Proxy-Object Comparisons Type I: M1(t1) = t2 or M1(t1) = M2(t2) I-a. If t1 = t2, then result should be false. Same result for all implementations. I-b. If t1 = t2, then result should be true. False with JS proxies Type II: M(t1) = M(t2) II-a. If t1 = t2, then result should be false. Same result for all implementations. II-b. If t1 = t2, then result should be true. May be false with JS proxies if membrane not identity preserving Keil et al. Transparent Object Proxies February 24, 2016 10 / 18
  • 18. Numbers of Comparisons involving Proxies Type-I Type-II Benchmark 2 Total I-a I-b II-a II-b DeltaBlue 144126 29228 1411 33789 79698 RayTrace 1075606 0 0 722703 352903 EarleyBoyer 87211 8651 6303 53389 18868 TypeScript 801436 599894 151297 20500 29745 2 The remaining benchmarks don’t do any proxy-object comparisons. Keil et al. Transparent Object Proxies February 24, 2016 11 / 18
  • 19. Numbers of Comparisons involving Proxies Type-I Type-II Benchmark 2 Total I-a I-b II-a II-b DeltaBlue 144126 29228 1411 33789 79698 RayTrace 1075606 0 0 722703 352903 EarleyBoyer 87211 8651 6303 53389 18868 TypeScript 801436 599894 151297 20500 29745 Result Yes, it happens! A significant number of object comparisons fail when mixing opaque proxies and their target objects. 2 The remaining benchmarks don’t do any proxy-object comparisons. Keil et al. Transparent Object Proxies February 24, 2016 11 / 18
  • 20. Transparent Proxies Transparent Proxies When comparing two objects for equality, a transparent proxy is (recursively) replaced by its target object. Suggested Use Implement projections, e.g. projection contracts Contracts become invisible Keil et al. Transparent Object Proxies February 24, 2016 12 / 18
  • 21. Performance Research Question 2 Does the introduction of the transparent proxies affect the performance of non-proxy code? Keil et al. Transparent Object Proxies February 24, 2016 13 / 18
  • 22. Performance Research Question 2 Does the introduction of the transparent proxies affect the performance of non-proxy code? The Testing Procedure Google Octane 2.0 Benchmark Suite IonMonkey turned off / baseline JIT turned off One run in each configuration Scores: Bigger is better Keil et al. Transparent Object Proxies February 24, 2016 13 / 18
  • 23. Scores Origin Transparent Benchmark JIT Interpreter JIT Interpreter DeltaBlue 453 82.5 466 79.6 RayTrace 462 182 462 174 EarleyBoyer 909 275 913 270 ... ... ... ... ... TypeScript 3708 1241 3666 1203 Total Score 1594 456 1610 445 Keil et al. Transparent Object Proxies February 24, 2016 14 / 18
  • 24. Scores Origin Transparent Benchmark JIT Interpreter JIT Interpreter DeltaBlue 453 82.5 466 79.6 RayTrace 462 182 462 174 EarleyBoyer 909 275 913 270 ... ... ... ... ... TypeScript 3708 1241 3666 1203 Total Score 1594 456 1610 445 Answer There is no measurable difference. The difference is within the range of measurement accuracy. Keil et al. Transparent Object Proxies February 24, 2016 14 / 18
  • 25. The User Level Transparent Proxy Just a new Proxy Constructor 1 var proxy = new TransparentProxy (target, handler); 2 proxy === target // evaluates to true Caveat Transparent proxies are slippery! Library code may want to break the transparency (e.g. for efficiency reasons) Hard to manipulate because they have no identity Keil et al. Transparent Object Proxies February 24, 2016 15 / 18
  • 26. The User Level Identity Realms Consists of a constructor for transparent proxies Provides an equals function revealing proxies of that realm Provides constructors for realm-aware data structures (e.g. Map, Set, WeakMap, WeakSet) Identity Realm 1 var realm = TransparentProxy.createRealm(); 2 var proxy = realm.Proxy (target, handler); 1 proxy === target; // evaluates to true 2 realm.equals(proxy, target); // evaluates to false Keil et al. Transparent Object Proxies February 24, 2016 16 / 18
  • 27. In the Paper Discussion of different use cases of proxies with respect to the requirements on proxy transparency Discussion of the programmer’s expectations from an equality operator Discussion of alternative designs to obtain transparency Two different APIs for creating transparent proxies Draft implementation of an observer proxy that guarantee projection contracts Keil et al. Transparent Object Proxies February 24, 2016 17 / 18
  • 28. Conclusion A significant number of object comparisons fail when mixing opaque proxies and their target objects Implementing contract systems with opaque proxies changes the semantics of contract-abiding programs Transparent proxies are a viable alternative Neither the transparent nor the opaque implementation is appropriate for all use cases To preserve programmer expectations, transparent proxies should be used as observer proxies (cf. Chaperones vs. Impersonators in Racket) Keil et al. Transparent Object Proxies February 24, 2016 18 / 18
  • 29. The User Level Maps, Sets, and other Data Structures Data structures depending on object equality needs to handle transparent proxies If obj1==obj2 then map.get(obj1)==map.get(obj2) Normal Map 1 var realm = TransparentProxy.createRealm(); 2 var tproxy1 = realm.Proxy (target, handler); 3 var tproxy2 = realm.Proxy (target, handler); 1 var map = new Map(); 2 map.add(tproxy1, 1); // map : [#target −> (tproxy1, 1)] 3 map.add(tproxy2, 2); // map : [#target −> (tproxy2, 2)] Keil et al. Transparent Object Proxies February 24, 2016 1 / 5
  • 30. The User Level Maps, Sets, and other Data Structures Realm-aware Map 1 var realm = TransparentProxy.createRealm(); 2 var tproxy1 = realm.Proxy (target, handler); 3 var tproxy2 = realm.Proxy (target, handler); 1 var map = realm.Map(); 2 map.add(tproxy1, 1); // map : [#tproxy1 −> (tproxy1, 1)] 3 map.add(tproxy2, 2); // map : [..., #tproxy2 −> (tproxy2, 2)] Keil et al. Transparent Object Proxies February 24, 2016 2 / 5
  • 31. An Example Proxies and Equality Let x, f, g be some global elements: 1 var x = { /∗ some object ∗/ }; 2 var f = function (y) { return x===y } 3 var g = function (f, x) { return f(x) } Keil et al. Transparent Object Proxies February 24, 2016 3 / 5
  • 32. An Example Proxies and Equality Let x, f, g be some global elements: 1 var x = { /∗ some object ∗/ }; 2 var f = function (y) { return x===y } 3 var g = function (f, x) { return f(x) } Let C, D be two contracts implemented by proxies: 1 var h = g @ ([(C −> Any), D] −> Any) Keil et al. Transparent Object Proxies February 24, 2016 3 / 5
  • 33. An Example Proxies and Equality Let x, f, g be some global elements: 1 var x = { /∗ some object ∗/ }; 2 var f = function (y) { return x===y } 3 var g = function (f, x) { return f(x) } Let C, D be two contracts implemented by proxies: 1 var h = g @ ([(C −> Any), D] −> Any) The execution ends up in: 1 new Proxy(x, C Handler)) === new Proxy(x, D Handler)) Keil et al. Transparent Object Proxies February 24, 2016 3 / 5
  • 34. An Example Proxies and Equality Let x, f, g be some global elements: 1 var x = { /∗ some object ∗/ }; 2 var f = function (y) { return x===y } 3 var g = function (f, x) { return f(x) } Let C, D be two contracts implemented by proxies: 1 var h = g @ ([(C −> Any), D] −> Any) The execution ends up in: 1 new Proxy(x, C Handler)) === new Proxy(x, D Handler)) Execution ends up in false instead of true! Keil et al. Transparent Object Proxies February 24, 2016 3 / 5
  • 35. Identity Preserving Membrane [Van Cutsem & Miller 2010] ProxyA ?ProxyB ProxyC TargetA TargetB TargetC Keil et al. Transparent Object Proxies February 24, 2016 4 / 5
  • 36. Identity Preserving Membrane [Van Cutsem & Miller 2010] ProxyA ?ProxyB ProxyC TargetA TargetB TargetC x Keil et al. Transparent Object Proxies February 24, 2016 4 / 5
  • 37. Identity Preserving Membrane [Van Cutsem & Miller 2010] ProxyA ?ProxyB ProxyC TargetA TargetB TargetC x x Keil et al. Transparent Object Proxies February 24, 2016 4 / 5
  • 38. Identity Preserving Membrane [Van Cutsem & Miller 2010] ProxyA ?ProxyB ProxyC TargetA TargetB TargetC x x Keil et al. Transparent Object Proxies February 24, 2016 4 / 5
  • 39. Identity Preserving Membrane [Van Cutsem & Miller 2010] ProxyA ?ProxyB ProxyC TargetA TargetB TargetC x y x y Keil et al. Transparent Object Proxies February 24, 2016 4 / 5
  • 40. Identity Preserving Membrane [Van Cutsem & Miller 2010] ProxyA ?ProxyB ProxyC TargetA TargetB TargetC x z y x z y Keil et al. Transparent Object Proxies February 24, 2016 4 / 5
  • 41. Origin Transparent Benchmark No-Ion No-JIT No-Ion No-JIT Richards 505 64.8 509 64.3 DeltaBlue 453 82.5 466 79.6 Crypto 817 111 793 109 RayTrace 462 182 462 174 EarleyBoyer 909 275 913 270 RegExp 853 371 871 365 Splay 802 409 857 409 SplayLatency 1172 1336 1231 1338 NavierStokes 841 155 834 148 pdf.js 2759 704 2793 691 Mandreel 691 82.5 688 78.5 MandreelLatency 3803 526 3829 503 Gameboy Emulator 4275 556 4382 540 Code loading 9063 9439 9114 9502 Box2DWeb 1726 289 1736 282 zlib 28981 29052 28909 29108 TypeScript 3708 1241 3666 1203 Keil et al. Transparent Object Proxies February 24, 2016 5 / 5