The latest articles on DEV Community by Beltrán Aceves (@beltran). https://dev.to/beltran https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F787483%2Fbb52a77f-180e-4edf-9102-28d6f0603d2a.png https://dev.to/beltran en Beltrán Aceves Thu, 10 Nov 2022 00:26:22 +0000 https://dev.to/beltran/getting-started-with-jalangi-2-1a3j https://dev.to/beltran/getting-started-with-jalangi-2-1a3j <h2> What is Jalangi ? </h2> <p>A dynamic analysis framework for both front-end and back-end JavaScript. It allows you to monitor every operation of a JavaScript program, write your own program analyses and tools like linters, style checkers, caching optimization, etc.</p> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fedxpbfhdyblmwgjqspq5.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fedxpbfhdyblmwgjqspq5.png" alt="Authors portrait photos"></a>It was created by <a href="https://people.eecs.berkeley.edu/~ksen/?rnd=1668034504513" rel="noopener noreferrer">Koushik Sen</a> and <a href="https://jacksongl.github.io/" rel="noopener noreferrer">Liang Gong</a> at Berkeley in 2013, supported by Samsung Research America, who wanted to remedy the lack of Tooling other popular languages like C++ or Java enjoyed [1].</p> <h3> Requirements </h3> <ul> <li>Node v12 (v18 seems to be working well for me)</li> <li>Python 2.7 or higher and less than 3.0, but it's only needed for testing</li> </ul> <h2> Installation </h2> <p>Either download from npm:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>npm <span class="nb">install </span>jalangi2 <span class="nb">cd </span>node_modules/jalangi2 </code></pre> </div> <p>Or clone the repository:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>git clone https://github.com/Samsung/jalangi2 <span class="nb">cd </span>jalangi2 </code></pre> </div> <p>To check if everything works, run a sample analysis with the following (note you must be in <code>jalangi2/</code> directory):<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>node src/js/commands/jalangi.js <span class="nt">--inlineSource</span> <span class="nt">--analysis</span> src/js/sample_analyses/dlint/CheckNaN.js src/js/sample_analyses/dlint/Utils.js </code></pre> </div> <p>If everything went well this will have generated:</p> <ul> <li> <code>Utils_jalangi_.js</code> with the instrumented code</li> <li> <code>Utils_jalangi_.json</code> with the analysis result.</li> </ul> <h2> How it works </h2> <p>It instruments JavaScriptsource code to provide a layer of abstraction and a simple API, which makes it much easier to implement heavy-weight analysis techniques. </p> <p>The API lets you hook up function callbacks before and after almost every event or operation within your code.</p> <h3> Our own analysis </h3> <p>You can find every interceptable operation in the <a href="https://jacksongl.github.io/files/demo/jalangiff/docs/MyAnalysis.html" rel="noopener noreferrer">docs</a>. We are going to start by hijacking console.log calls and modifying the output.</p> <ul> <li>Create an analysis.js file </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="p">(</span><span class="nf">function </span><span class="p">(</span><span class="nx">sandbox</span><span class="p">)</span> <span class="p">{</span> <span class="nx">J$</span><span class="p">.</span><span class="nx">analysis</span> <span class="o">=</span> <span class="p">{</span> <span class="na">invokeFunPre</span><span class="p">:</span> <span class="nf">function </span><span class="p">(</span><span class="nx">iid</span><span class="p">,</span> <span class="nx">f</span><span class="p">,</span> <span class="nx">base</span><span class="p">,</span> <span class="nx">args</span><span class="p">)</span> <span class="p">{</span> <span class="nx">args</span><span class="p">[</span><span class="mi">0</span><span class="p">]</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">You've been modyfied!</span><span class="dl">"</span><span class="p">;</span> <span class="k">if </span><span class="p">(</span><span class="nx">f</span> <span class="o">==</span> <span class="nx">console</span><span class="p">.</span><span class="nx">log</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="p">{</span> <span class="na">f</span><span class="p">:</span> <span class="nx">f</span><span class="p">,</span> <span class="na">base</span><span class="p">:</span> <span class="nx">base</span><span class="p">,</span> <span class="na">args</span><span class="p">:</span> <span class="nx">args</span> <span class="p">};</span> <span class="p">}</span> <span class="p">}</span> <span class="p">};</span> <span class="p">})(</span><span class="nx">J$</span><span class="p">);</span> </code></pre> </div> <ul> <li>Create a sample.js file to be analyzed </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">function</span> <span class="nf">annoyingLogger</span><span class="p">(</span><span class="nx">msg</span><span class="p">)</span> <span class="p">{</span> <span class="nx">console</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="nx">msg</span><span class="p">);</span> <span class="p">}</span> <span class="nf">annoyingLogger</span><span class="p">(</span><span class="dl">"</span><span class="s2">Hello World</span><span class="dl">"</span><span class="p">);</span> </code></pre> </div> <ul> <li>Go to the terminal and run: </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>node src/js/commands/jalangi.js <span class="nt">--inlineSource</span> <span class="nt">--analysis</span> &lt;analysis.js filepath&gt; &lt;sample.js filepath&gt; </code></pre> </div> <p>And it should only output <code>You've been modyfied!</code></p> <h3> Tips and tricks </h3> <p>You can chain analyses with:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>node src/js/commands/jalangi.js <span class="nt">--inlineSource</span> <span class="nt">--analysis</span> src/js/sample_analyses/ChainedAnalyses.js <span class="nt">--analysis</span> &lt;analysis 1 filepath&gt; <span class="nt">--analysis</span> &lt;analysis 2 filepath&gt; &lt;target file&gt; </code></pre> </div> <p>For code location include the <code>--inlineIID</code> flag and use:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">var</span> <span class="nx">iidToLocation</span> <span class="o">=</span> <span class="nx">sandbox</span><span class="p">.</span><span class="nx">iidToLocation</span><span class="p">;</span> <span class="kd">var</span> <span class="nx">codeLine</span> <span class="o">=</span> <span class="nf">iidToLocation</span><span class="p">(</span><span class="nf">getGlobalIID</span><span class="p">(</span><span class="nx">iid</span><span class="p">)).</span><span class="nf">split</span><span class="p">(</span><span class="dl">"</span><span class="s2">:</span><span class="dl">"</span><span class="p">)[</span><span class="mi">2</span><span class="p">];</span> </code></pre> </div> <p>If you want to learn about more involved analyses use their <a href="https://jacksongl.github.io/files/demo/jalangiff/demo_integrated.htm" rel="noopener noreferrer">online sandbox</a>.</p> <h3> References </h3> <ul> <li>Cover from slides by Prof. <a href="https://software-lab.org/people/Michael_Pradel.html" rel="noopener noreferrer">Michael Pradel</a> </li> <li>[1]K. Sen, S. Kalasapur, T. Brutch, and S. Gibbs, <a href="https://dl.acm.org/doi/10.1145/2491411.2491447" rel="noopener noreferrer">doi</a> </li> </ul> jalangi javascript tutorial computerscience