What is Jalangi ?
A dynamic analysis framework for both front-end and back-end JavaScript. It allows you to monitor every operation of a JavaScript program, write your own program analyses and tools like linters, style checkers, caching optimization, etc.
It was created by Koushik Sen and Liang Gong at Berkeley in 2013, supported by Samsung Research America, who wanted to remedy the lack of Tooling other popular languages like C++ or Java enjoyed [1].
Requirements
- Node v12 (v18 seems to be working well for me)
- Python 2.7 or higher and less than 3.0, but it's only needed for testing
Installation
Either download from npm:
npm install jalangi2
cd node_modules/jalangi2
Or clone the repository:
git clone https://github.com/Samsung/jalangi2
cd jalangi2
To check if everything works, run a sample analysis with the following (note you must be in jalangi2/ directory):
node src/js/commands/jalangi.js --inlineSource --analysis src/js/sample_analyses/dlint/CheckNaN.js src/js/sample_analyses/dlint/Utils.js
If everything went well this will have generated:
-
Utils_jalangi_.jswith the instrumented code -
Utils_jalangi_.jsonwith the analysis result.
How it works
It instruments JavaScriptsource code to provide a layer of abstraction and a simple API, which makes it much easier to implement heavy-weight analysis techniques.
The API lets you hook up function callbacks before and after almost every event or operation within your code.
Our own analysis
You can find every interceptable operation in the docs. We are going to start by hijacking console.log calls and modifying the output.
- Create an analysis.js file
(function (sandbox) {
J$.analysis = {
invokeFunPre: function (iid, f, base, args) {
args[0] = "You've been modyfied!";
if (f == console.log) {
return { f: f, base: base, args: args };
}
}
};
})(J$);
- Create a sample.js file to be analyzed
function annoyingLogger(msg) {
console.log(msg);
}
annoyingLogger("Hello World");
- Go to the terminal and run:
node src/js/commands/jalangi.js --inlineSource --analysis <analysis.js filepath> <sample.js filepath>
And it should only output You've been modyfied!
Tips and tricks
You can chain analyses with:
node src/js/commands/jalangi.js --inlineSource --analysis src/js/sample_analyses/ChainedAnalyses.js --analysis <analysis 1 filepath> --analysis <analysis 2 filepath> <target file>
For code location include the --inlineIID flag and use:
var iidToLocation = sandbox.iidToLocation;
var codeLine = iidToLocation(getGlobalIID(iid)).split(":")[2];
If you want to learn about more involved analyses use their online sandbox.
References
- Cover from slides by Prof. Michael Pradel
- [1]K. Sen, S. Kalasapur, T. Brutch, and S. Gibbs, doi
Top comments (0)