Abstract: JavaScript is a popular language for developing web applications and is increasingly used for both client-side and server-side application logic. The JavaScript runtime is inherently event-driven and callbacks are a key language feature. Unfortunately, callbacks induce a non-linear control flow and can be deferred to execute asynchronously, declared anonymously, and may be nested to arbitrary levels. All of these features make callbacks difficult to understand and maintain. We perform an empirical study to characterize JavaScript callback usage across a representative corpus of 138 JavaScript programs, with over 5 million lines of JavaScript code. We find that on average, every 10th function definition takes a callback argument, and that over 43% of all callback-accepting function callsites are anonymous. Furthermore, the majority of callbacks are nested, more than half of all callbacks are asynchronous, and asynchronous callbacks, on average, appear more frequently in client-side code (72%) than server-side (55%). We also study three well-known solutions designed to help with the complexities associated with callbacks, including the error-first callback convention, Async.js library, and Promises. Our results inform the design of future JavaScript analysis and code comprehension tools.

Abstract: JavaScript programs often suffer from memory issues that can either hurt performance or eventually cause memory exhaustion. While existing snapshot-based profiling tools can be helpful, the information provided is limited to the coarse granularity at which snapshots can be taken. We present MemInsight, a tool that provides detailed, time-varying analysis of the memory behavior of JavaScript applications, including web applications. MemInsight is platform independent and runs on unmodified JavaScript engines. It employs tuned source-code instrumentation to generate a trace of memory allocations and accesses, and it leverages modern browser features to track precise information for DOM (document object model) objects. It also computes exact object lifetimes without any garbage collector assistance, and exposes this information in an easily-consumable manner for further analysis. We describe several client analyses built into MemInsight, including detection of possible memory leaks and opportunities for stack allocation and object inlining. An experimental evaluation showed that with no modifications to the runtime, MemInsight was able to expose memory issues in several real-world applications.

Abstract: Web applications (apps) are programmed using HTML5, CSS, and JavaScript, and are distributed in the source code format. Web apps can be executed on any devices where a web browser is installed, allowing one-source, multi-platform environment. We can exploit this advantage of platform independence for a new user experience called app migration, which allows migrating an app in the middle of execution seamlessly between smart devices. This paper proposes such a migration framework for web apps where we can save the current state of a running app and resume its execution on a different device by restoring the saved state. We save the web app's state in the form of a snapshot, which is actually another web app whose execution can restore the saved state. In the snapshot, the state of the JavaScript variables and DOM trees are saved using the JSON format. We solved some of the saving/restoring problems related to event handlers and closures by accessing the browser and the JavaScript engine internals. Our framework does not require instrumenting an app or changing its source code, but works for the original app. We implemented the framework on the Chrome browser with the V8 JavaScript engine and successfully migrated non-trivial sample apps with reasonable saving and restoring overhead. We also discuss other usage of the snapshot for optimizations and user experiences for the web platform.

Abstract: JavaScript is the de facto programming language for the Web. It is used to implement mail clients, office applications, or IDEs, that can weight hundreds of thousands of lines of code. The language itself is prototype based, but to master the complexity of their application, practitioners commonly rely on informal class abstractions. This practice has never been the target of empirical research in JavaScript. Yet, understanding it is key to adequately tuning programming environments and structure libraries such that they are accessible to programmers. In this paper we report on a large and in-depth study to understand how class emulation is employed in JavaScript applications. We propose a strategy to statically detect class-based abstractions in the source code of JavaScript systems. We used this strategy in a dataset of 50 popular JavaScript applications available from GitHub. We found four types of JavaScript software: class-free (systems that do not make any usage of classes), class-aware (systems that use classes, but marginally), class-friendly (systems that make a relevant usage of classes), and class-oriented (systems that have most of their data structures implemented as classes). The systems in these categories represent, respectively, 26%, 36%, 30%, and 8% of the systems we studied.

Abstract: Mixed Flash and JavaScript content has become increasingly prevalent; its purveyance of dynamic features unique to each platform has popularized it for myriad web development projects. Although Flash and JavaScript security has been examined extensively, the security of untrusted content that combines both has received considerably less attention. This article considers this fusion in detail, outlining several practical scenarios that threaten the security of web applications. The severity of these attacks warrants the development of new techniques that address the security of Flash-JavaScript content considered as a whole, in contrast to prior solutions that have examined Flash or JavaScript security individually. Toward this end, the article presents FlashJaX, a cross-platform solution that enforces fine-grained, history-based policies that span both Flash and JavaScript. Using in-lined reference monitoring, FlashJaX safely embeds untrusted JavaScript and Flash content in web pages without modifying browser clients or using special plug-ins. The architecture of FlashJaX, its design and implementation, and a detailed security analysis are exposited. Experiments with advertisements from popular ad networks demonstrate that FlashJaX is transparent to policy-compliant advertisement content, yet blocks many common attack vectors that exploit the fusion of these web platforms.

Abstract: In today's web applications, JavaScript code interacts with the Document Object Model (DOM) at runtime. This runtime interaction between JavaScript and the DOM is error-prone and challenging to test. In order to unit test a JavaScript function that has read/write DOM operations, a DOM instance has to be provided as a test fixture. This DOM fixture needs to be in the exact structure expected by the function under test. Otherwise, the test case can terminate prematurely due to a null exception. Generating these fixtures is challenging due to the dynamic nature of JavaScript and the hierarchical structure of the DOM. We present an automated technique, based on dynamic symbolic execution, which generates test fixtures for unit testing JavaScript functions. Our approach is implemented in a tool called ConFix. Our empirical evaluation shows that ConFix can effectively generate tests that cover DOM-dependent paths. We also find that ConFix yields considerably higher coverage compared to an existing JavaScript input generation technique.

Abstract: JavaScript is a flexible and expressive prototype-based scripting language that is used by developers to create interactive web applications. The language is interpreted, dynamic, weakly typed, and has first-class functions. It also interacts extensively with other web languages such as CSS and HTML at runtime. All these characteristics make JavaScript code particularly error-prone and challenging to analyze and test. In this chapter, we explore recent advances made in analysis and testing techniques geared toward JavaScript-based web applications. In particular, we look at recent empirical studies, testing techniques, test oracle automation approaches, test adequacy assessment methods, fault localization and repair, and Integrated Development Environment support to help programmers write better JavaScript code.

Abstract: Lattice-based cryptography has attracted a high degree of attention in the cryptologic research community. It is expected to be in wide use in the foreseeable future once large quantum computers are in sight. In addition, JavaScript is a standard programming language for Web applications. It is now supported on a wide variety of computing platforms and devices with immense efficiency improvement in the past few years. In this paper, we present the results of our JavaScript implementation of several Lattice-based encryption schemes and show the speed performance on four common Web browsers on PC. Furthermore, we also show the performance on two smaller computing platforms, namely, tablets running the Android operating system, as well as Tessel, an embedded system equipped with an ARM Cortex-M3-grade microcontroller. Our results demonstrate that some of today's Lattice-based cryptosystems can already have efficient JavaScript implementations and hence are ready for use on a growing list of JavaScript-enabled computing platforms.

Abstract: JavaScript has become the most popular language for client-side web applications. Due to JavaScript's highly-dynamic features and event-driven design, it is not easy to debug web application errors. Record-replay techniques are widely used to reproduce errors in web applications. However, the key events related to an error are hidden in the massive event trace collected during a long running. As a result, error diagnosis with the long event trace is exhausting and time-consuming. We present a tool JSTrace that can effectively cut down the web application error reproducing time and facilitate the diagnosis. Based on the dynamic dependencies of JavaScript and DOM instructions, we develop a novel dynamic slicing technique that can remove events irrelevant to the error reproducing. In this process, many events and related instructions are removed without losing the reproducing accuracy. Our evaluation shows that the reduced event trace can faithfully reproduce errors with an average reduction rate of 96%.

Abstract: An approach to creating a canonical representation of a JavaScript API. Objects associated with the JavaScript API are instantiated, creating entry points for analysis. A list of discovered objects is created based on parsing a document object model associated with the JavaScript API. The objects are instrumented and statically analyzed, creating an infrastructure associated with the JavaScript API. The infrastructure is updated based on analyzing the objects while the interface is being used and the objects are executing. A canonical representation, based on the updated infrastructure, is generated for further operations.

Abstract: Custom SharePoint Solutions with HTML and JavaScript shows you how to build and customize SharePoint solutions to suit a wide range of business needs. You don't need a background in Microsoft technologies; youll learn how to rapidly build and customize sites entirely on the front end, starting with out-of-the-box features and extending them with HTML and JavaScript code. The book starts with an introduction to working with SharePoint on the front end, and how this can help you avoid common pitfalls associated with deploying custom code on the server. Youll start by using SharePoints browser-based tools to place and manipulate out-of-the-box web parts on a page. Then learn to inject some simple HTML and JavaScript to manipulate these web parts, and use JSLink to rapidly style and manipulate data in the List web part. You'll also see examples of how to build your own custom web parts using HTML, JavaScript and CSS. For those who want to dive deeper into JavaScript on SharePoint, chapters cover working directly with built-in JavaScript methods and properties and the JavaScript object model (JSOM), and how to work with the powerful new REST API, which gives you the ultimate flexibility over what you do with your data. Whatever your background, whether it's web development, working with SharePoint on the server side, or if you're a SharePoint user looking to learn new skills, Custom SharePoint Solutions with HTML and JavaScript will show you how to get what you want from SharePoint, quickly and reliably. What youll learn Understand the advantages of working with SharePoint on the front end, using HTML and JavaScript. Use the Content Editor and Script Editor web parts to customize your front end directly in the browser. Work with SharePoint's built-in JavaScript methods and properties and the JavaScript object model. Access and manipulate data using the powerful REST API. Build your own custom web parts. Use JSLink to style and manipulate list data. Who this book is for Web or front end developers, .NET developers, and SharePoint users. No prior JavaScript experience is needed for many of the OOTB solutions, but a little is desirable if you want to make the most of what the customizations offer. Experienced JavaScript developers will additionally benefit from the deep dives into JavaScript features in Chapters 4-6.

Abstract: JavaScript Frameworks for Modern Web Dev is your guide to the wild, vast, and untamed frontier that is JavaScript development. The JavaScript tooling landscape has grown and matured drastically in the past several years. This book will serve as an introduction to both new and well established libraries, frameworks, and utilities that have gained popular traction and support from seasoned developers. It covers tools applicable to the entire development stack, both client- and server-side. While no single book can possibly cover every JavaScript library of value, JavaScript Frameworks for Modern Web Dev focuses on incredibly useful libraries and frameworks that production software uses. You will be treated to detailed analyses and sample code for tools that manage dependencies, structure code in a modular fashion, automate repetitive build tasks, create specialized servers, structure client side applications, facilitate horizontal scaling, and interacting with disparate data stores. The libraries and frameworks covered include Bower, Grunt, Yeoman, PM2, RequireJS, Browserify, Knockout, AngularJS, Kraken, Mach, Mongoose, Knex, Bookshelf, Faye, Q, Async.js, Underscore, and Lodash. Written from first-hand experience, you will benefit from the glorious victories and innumerable failures of two experienced professionals, gain quick insight into hurdles that aren't always explicitly mentioned in API documentation or Readmes, and quickly learn how to use JavaScript frameworks and libraries like a Pro. Enrich your development skills with JavaScript Frameworks for Modern Web Dev today. What youll learn How to manage your project's third-party dependencies. How to structure your project's code as a collection of tightly focused, independent modules that are easy to reason about and test. How to implement several popular client-side frameworks for creating complex single-page web applications. How to implement several popular server-side frameworks for creating REST APIs that your applications interact with. How to manage the complexity of interacting with document ("NoSQL") and relational ("RDBMS") data stores through the use of object mapping libraries, along with advice on which type of storage medium to choose. How to implement real-time communication between the web browser and your application server. How to manage the additional complexity that is inherent in asynchronous code with libraries such as "Q" and "async.js." How to implement a mechanism for logging important events that occur within your application, in a way that can grow with you as your architecture changes and scales. How to implement distributed, horizontal processing of work across multiple servers in a way that supports quickly shifting resource requirements. Who this book is for Pro JavaScript Frameworks for Modern Web Development is for the web developer confident with JavaScript but struggling to come to terms with the sheer number of options that exist for seemingly every problem. This book helps lift the fog, providing the reader with an in-depth guide to specific libraries and frameworks that well-known organizations are using right now, and with great success.

Abstract: Chemozart is a 3D Molecule editor and visualizer built on top of native web components. It offers an easy to access service, user-friendly graphical interface and modular design. It is a client centric web application which communicates with the server via a representational state transfer style web service. Both client-side and server-side application are written in JavaScript. A combination of JavaScript and HTML is used to draw three-dimensional structures of molecules. With the help of WebGL, three-dimensional visualization tool is provided. Using CSS3 and HTML5, a user-friendly interface is composed. More than 30 packages are used to compose this application which adds enough flexibility to it to be extended. Molecule structures can be drawn on all types of platforms and is compatible with mobile devices. No installation is required in order to use this application and it can be accessed through the internet. This application can be extended on both server-side and client-side by implementing modules in JavaScript. Molecular compounds are drawn on the HTML5 Canvas element using WebGL context. Chemozart is a chemical platform which is powerful, flexible, and easy to access. It provides an online web-based tool used for chemical visualization along with result oriented optimization for cloud based API (application programming interface). JavaScript libraries which allow creation of web pages containing interactive three-dimensional molecular structures has also been made available. The application has been released under Apache 2 License and is available from the project website https://chemozart.com .

Abstract: Web applications (apps) programmed using HTML, CSS, and JavaScript have advantages in portability and productivity, compared to Android or IOS apps. However, web apps are involved with some performance issue, due to JavaScript with its dynamic typing and prototypes which are difficult to execute efficiently. One popular way of accelerating JavaScript is using the just-in-time compilation (JITC), which translates the JavaScript source code to the machine code at runtime. Unfortunately, JavaScript JITC for web apps suffers from the parsing and compilation overhead seriously, which offsets the performance gain of executing the compiled code. In this paper, we propose ahead-of-time compilation (AOTC) of JavaScript at the client device. We save the code generated by the JITC at the first run of the web app, so that we can reuse the code in the next runs to remove the parsing and the compilation overhead. For the JavaScriptCore (JSC) engine of the WebKit, we developed three AOTCs. Bytecode-AOTC saves the bytecode, so we can omit the parsing overhead. Native-AOTC saves the machine code, so we can omit the compilation as well as the parsing overhead, yet with a higher space overhead. We also developed a selective-AOTC which selects between the two AOTC depending on the performance benefit and the space overhead of a target JavaScript function. We experimented with four web apps on a commercial smart TV. For the JavaScript portion of the app loading time, bytecode-AOTC and native- AOTC achieve 33.5% and 62.1% performance benefit, with a space overhead of 2.3 times and 15.4 times of the original JavaScript source code size, respectively. Selective-AOTC achieves a trade-off of 45.9% performance benefit and a space overhead of 4.7 times. Our evaluation on JavaScript benchmarks also shows a tangible performance gain, although it is lower than web apps. Finally, we compare to the AOTC for V8 engine and discuss some issues.

Abstract: JavaScript has become a language for programming complex Web applications, whose logic is deployed across both Web browsers and Web servers. Current software packaging mechanisms for JavaScript enable a basic level of modularity and reuse. However, they have not yet reached full maturity in terms of enabling system extensions with features contributed as third-party plugins, while encapsulating them adequately. In this paper we present a novel plugin system for JavaScript applications, which integrate Node.js modules with HTML5 Web Components. It provides abstractions for: real time and loosely coupled communication between front-end and back-end components, persistent state storage, and isomorphic usage of JavaScript. Plugins can use hooks and events to contribute functionality and embed it into the main application flow, while respecting the common asynchronous non-blocking programming paradigm of JavaScript. We demonstrate the expressiveness of the framework as it is used to build ASQ: an open, extensible educational Web platform.

Abstract: Modern JavaScript engines optimize hot functions using a JIT compiler along with type information gathered by an online profiler. However, the profiler's information can be unsound and when unexpected types are encountered the engine must recover using an expensive mechanism called deoptimization. In this paper we describe a method to significantly reduce the number of deoptimizations observed by client-side JavaScript engines by using ahead-of-time profiling on the server-side. Unlike previous work on ahead-of-time profiling for statically-typed languages such as Java, our technique must operate on a dynamically-typed language, which significantly changes the required insights and methods to make the technique effective. We implement our proposed technique using the SpiderMonkey JavaScript engine, and we evaluate our implementation using three different kinds of benchmarks: the industry-standard Octane benchmark suite, a set of JavaScript physics engines, and a set of real-world websites from the Membench50 benchmark suite. We show that using ahead-of-time profiling provides significant performance benefits over the baseline vanilla SpiderMonkey engine.

Abstract: Web browsers are very commonly used softwares and the modern ones provide various interactive contents from World Wide Web (WWW) Browsers internally use JavaScript engines to offer these functionalities Most of the websites specifies only the browser version as prerequisites but these browsers in turn depend on the underlying hardware The benchmark tests performed on the popular browsers revealed the strength and weakness and its hardware dependency It also calls for websites which provide complex contents to specified a recommended hardware

Abstract: John Resig discusses the birth of the JavaScript library jQuery and how it came to play a key role in the browser software ecosystem. The first Web extra at http://youtu.be/B7Aut4OUuvs is a video in which jQuery creator John Resig talks with Charles Severance about the birth of the JavaScript library jQuery and how it came to play a key role in the browser software ecosystem. The second Web extra at http://youtu.be/ZRxcFzSqatE is an audio recording of the Computing Conversations column in which Charles Severance discusses his interview with John Resig about the JavaScript library jQuery and how it came to play a key role in the browser software ecosystem.

Abstract: As modern browsers become more powerful with rich features, building full-blown web applications in JavaScript is not only feasible, but increasingly popular. Based on trends on HTTP Archive, deployed JavaScript code size has grown 45% over the course of the year. MVC offers architectural benefits over standard JavaScript — it helps you write better organized, and therefore more maintainable code. This pattern has been used and extensively tested over multiple languages and generations of programmers. It's no coincidence that many of the most popular web programming frameworks also encapsulate MVC principles: Django, Ruby on Rails, CakePHP, Struts, or Laravell.

Abstract: In this paper we present the incompatibility and complexity problems in Web development when using JavaScript. We also demonstrate the solution given by transcompilers and/or languages that compile to JavaScript, but we also highlight the respective problems. Thus, we present our proposal, i.e., a meta-transcompiler, that targets to harmonize JavaScript-oriented web development and tight the feedback loop between web standards' editors and web developers, even during the transition period of work-in-progress specifications, such as the upcoming ECMAScript 6 “Harmony” specification.

Abstract: Embodiments are directed to hooking a call for a malware monitoring logic into a JavaScript API engine interpreter. Upon JavaScript being placed into heap memory, the malware monitoring logic can initiate an evaluation or analysis of the heap spray to determine whether the JavaScript includes malware or other malicious agents prior to execution of the JavaScript shell code. Upon execution of the JavaScript within the sandbox, the malware monitoring logic can initiate monitoring of the JavaScript using malware analysis and/or execution profiling techniques. Inferences can be made of the presence of malware based on a start and end time of the JavaScript execution.

Abstract: As the Internet penetration rate continuously increases and web browsers show a substantial development, the web becomes a more general and ubiquitous application runtime platform, where the programming language on the client side exclusively is JavaScript. This is the reason why recently JavaScript is more often considered as the lingua franca of the web, or, from a dierent point of view, the universal virtual machine of the web. In addition, the JavaScript programming language appears in many other areas of informatics due to the wider usage of the HTML-based technology, and the embedded nature of the language. Consequently, in these days it is quite dicult to program without getting in touch with JavaScript in some way. In this article we are looking for answers to how the JavaScript language is suitable for being an introductory language in the programming related subjects of the higher education. First we revisit the dierent technologies that lead to and ensure the popularity of JavaScript. Following, current approaches using JavaScript as an introductory language are overviewed and analyzed. Next, a curriculum of an introductory programming course at the Eotvos Lorand University is presented, and a detailed investigation is given about how the JavaScript language would fit in the expectations and requirements of this programming course. Finally, the supported platforms and integrated development environments (IDEs) are also reviewed from the point of view of beginner programmers just started to programming.

Abstract: Web applications (apps) are programs created by web technologies such as HTML, CSS, and JavaScript. Web apps can be executed on any platform that supports a web browser. Such portability allows an interesting user experience called app migration [2, 4, 5], which can save app’s execution state information as a snapshot, transmit to another device, and continue its execution on the device. However, there is one feasibility issue in existing approaches because they save app’s state without separating the JavaScript framework state, resulting in both time and size overhead. JavaScript framework such as jQuery is a library written in JavaScript to support web app development, popularly used in web apps. So an app’s JavaScript heap is composed of app’s objects and framework objects, possibly intermingled with their pointers, and the app code can modify framework objects. In this paper, we propose framework separated migration, which can separate the framework objects during snapshot creation so that snapshot does not contain framework objects, but does contain the changes made to them as well as the app objects. After transmission, the browser loads the JavaScript framework first, loads the snapshot, and restores the original state of framework and app objects to continue execution. With our approach, we could reduce 40% of total migration time, resulting increased feasibility in a real situation.

Abstract: JavaScript is used on the web together with HTML and CSS, in many cases using frameworks for JavaScript such as jQuery and Backbone.js. This project is comparing the speed and memory allocation of the programming language JavaScript and its two most used frameworks as well as the language on its own. Since JavaScript is not very fast and it has some missing features or features that differ from browser to browser and frameworks solve this problem but at the cost of speed and memory allocation, the aim is to find out how well JavaScript and the two frameworks jQuery and Backbone.js are doing this on Google Chrome Canary. The results varied (mostly) between the implementations and show that the to-do application is a good enough example to use when comparing the results of heap allocation and CPU time of methods. The results where compared with their mean values and using ANOVA. JavaScript was the fastest, but it might not be enough for a developer to completely stop using frameworks. With JavaScript a developer can choose to create a custom framework, or use an existing one based on the results of this project.

Abstract: Modern JavaScript engines use just-in-time (JIT) compilation to produce a binary code. JIT compilers are limited in a complexity of optimizations they can perform at a runtime without delaying an execution. On the contrary, ahead-of-time (AOT) compilers don't have such limitations, but they are not well suited for compiling dynamic languages such as JavaScript. In the paper we discuss methods for augmenting multi-tiered JavaScript JIT with a capability for AOT compilation, so to reduce program startup time and to move complex optimizations to AOT phase. We have implemented saving of JavaScript programs as a binary package containing bytecode and native code in open-source WebKit library. Our implementation allows shipping of JavaScript programs not only as a source code, but also as application binary packages with a precompiled code. In addition, our approach does not require any language feature restrictions. This has resulted in performance gain for popular JavaScript benchmarks such as SunSpider and Kraken on ARM platform, however, at a cost of increased package size.