Practical dynamic program analysis for Node.js : the NodeProf framework and its applications
- Sun, Haiyang
- Binder, Walter (Degree supervisor)
- 2025
PhD: Università della Svizzera italiana
English
Node.js is an asynchronous, event-driven JavaScript runtime that enables developers to execute JavaScript on the server side, outside of the browser. Unlike traditional JavaScript environments for browsers, Node.js extends functionality to handle I/O operations, such as file and network access, making it well-suited for building scalable web applications. However, the dynamic and asynchronous nature of Node.js, combined with its complex event loop semantics, presents significant challenges for debugging, performance analysis, and ensuring code quality. Additionally, existing source-code instrumentation frameworks for JavaScript suffer from substantial overheads and difficulties in instrumenting the built-in module libraries of Node.js. This dissertation introduces NodeProf, an efficient dynamic analysis framework for Node.js. NodeProf significantly improves analysis performance while ensuring comprehensive code coverage by leveraging dynamic instrumentation of the JavaScript runtime and automatic partial evaluation to generate efficient machine code. Its integration with the underlying Just-in-Time (JIT) compiler also allows analyses to be dynamically (de)activated, incurring zero overhead when no analysis is active. Furthermore, NodeProf benefits from the language interoperability provided by the run time, enabling dynamic analyses to be written in both Java and JavaScript, with compatibility to Jalangi, a state-of-the-art source-code JavaScript instrumentation framework. This allows NodeProf to offer similar flexibility to traditional source-code instrumentation tools. To demonstrate NodeProf’s ability to empower new dynamic analysis tools, this dissertation presents AsyncG, a new dynamic analysis tool based on NodeProf. Thanks to NodeProf’s ability to instrument library code, low overheads and flexibility to define instrumentation logic, AsyncG can be used to identify bugs in real-world Node.js server applications by reasoning about all sources of asynchronous execution of an application, a task that is challenging with Jalangi due to its lack of coverage of system code, huge performance overhead and lack of latest language support. Through our evaluation and case study, we demonstrate that NodeProf overcomes the limitations of previous tools based on source-code instrumentation. The performance of dynamic analyses using NodeProf can be up to three orders of magnitude faster than Jalangi on GraalVM. The tool AsyncG further illustrates how NodeProf can be used to implement new dynamic analysis for real-world Node.js applications.
- Collections
- Language
-
- English
- Classification
- Computer science and technology
- License
- License undefined
- Open access status
- green
- Identifiers
-
- NDP-USI 2025INF008
- ARK ark:/12658/srd1332398
- URN urn:nbn:ch:rero-006-122989
- Persistent URL
- https://n2t.net/ark:/12658/srd1332398
Statistics
Document views: 26
File downloads:
- 2025INF008.pdf: 43