使用靜態分析偵測 JavaScript 應用程式中的 Race Condition

以作者查詢圖書館館藏

、以作者查詢臺灣博碩士

、以作者查詢全國書目

、勘誤回報

、線上人數：4

、訪客IP：18.224.0.25

姓名

楊盛傑(Sheng-Chieh Yang) 查詢紙本館藏

畢業系所

軟體工程研究所

論文名稱

使用靜態分析偵測 JavaScript 應用程式中的 Race Condition
(Detect Race Condition In JavaScript Application with Static Analysis)

相關論文

★ CRUnit - Capture / Replay Based Unit Testing	★ Locating Interested Code by Program Execution Paths with Debugger
★ An OpenStack Based Testing as a Service Platform	★ Visualize Ripple Effect with Analyzing Object-Oriented Design Relationship
★ Change History Tracing Tool for Arbitrary Programming Language	★ Virtual Objects for Program Visualization in xDIVA
★ Enhance Stress Testing Power by Synchronizing JMeter Test Scripts	★ 以 GDB 實作 XThreadDebugger-Linux(XTD-Linux)提供 Linux 平台之多執行緒除錯
★ 支援版本控制系統之文件撰寫工具	★ Korat: An O.S.-independent Capture/Replay Test Automation System
★ GUI Component Detection for Cross-Platform Applications–Using Input Device and Image Change Synergistic Detection Method	★ 應用設計模式於 RPA 軟體實作低維護成本的屬性面板自動修正功能
★ 基於物件導向與 Clean Code 概念進行 xDiva 重構與優化	★ 基於xDIVA之利用關鍵影格將3D物件動畫化與即時保存的視覺化工具
★ CoolPCB：以控制點為主的電路板切割成形繪製自動化方法	★ 利用軟體 UI 實現擴充功能突破原始碼限制的工具

檔案

[Endnote RIS 格式]

[Bibtex 格式]

[相關文章]

[文章引用]

[完整記錄]

[館藏目錄]

[檢視]

[下載]

本電子論文使用權限為同意立即開放。
已達開放權限電子全文僅授權使用者為學術研究之目的，進行個人非營利性質之檢索、閱讀、列印。
請遵守中華民國著作權法之相關規定，切勿任意重製、散佈、改作、轉貼、播送，以免觸法。

摘要(中)

隨著科技的演進，工程師和使用者不斷地嘗試在速度和效率上尋求突
破，為了達到這一個目的並行 (Concurrency) 這一個概念應運而生，但是也
因此造成了很多致命的問題，並因此危害到許多系統的執行，在這些問題中
就有一個是競爭條件 (Race Condition)。
在現今，人們會透過網路去取得各式各樣的資訊、購物、玩遊戲、交易
等，為了應付人們大量的請求與需求，讓網路程式支援並行這一功能勢在必
行，但是在享受並行所帶來的好處同時，也需要正視潛在的危害，這也正是
本篇論文希望探討並解決的。
儘管競爭問題一直被不斷地討論，並且提出一個又一個地有效並且準
確的方法，但是科技的進化與程式語言的迭代，而在 JavaScript 這一個單
執行緒 (Single-Threaded) 程式語言中，也出現了本不該存在的競爭問題，
但是作為目前被廣泛使用的客戶端語言，這無疑使得這一個問題無比重要。
在研究這項問題時，根據競爭條件 (Race Condition) 的特性，我們選用
了 Call Graph、抽象語法樹 (Abstract Syntax Tree) 以及靜態分析的技術，在
這些技術的幫助下我們有效並且輕鬆的找出潛在的競爭條件。
在以下的文章中，我們會詳細的說明並且解釋，我們選用這些技術的方
法和原因。

摘要(英)

With the evolution of technology, engineers and users are constantly trying
to seek breakthroughs in speed and efficiency. In order to achieve this goal, the
concept of Concurrency is brought out, but this concept also causes many fatal
problems, one of these problems is the race condition.
Nowadays, people use the Internet to obtain all kinds of information, shop,
play games, trade, etc. In order to handle lots of requests from systems and needs
of people, it is imperative for the web application to support the concurrent mech-
anism, but when we enjoy the benefit from concurrency, it is also necessary to
face up to the potential risk, which is exactly what this paper hopes to explore and
solve.
Although the race condition has been constantly discussed, and effective and
accurate solutions have been proposed one after another, this problem still occur
in JavaScript applications. Technology continuously evolves, and so do program-
ming languages, JavaScript, a single-threaded programming language, there are
also problems that should not exist. However, as the most commonly used client-
side language, this undoubtedly makes this issue extremely important.
In our research, we adopt techniques such as Call Graph, Abstract Syntax
Tree (AST), and static analysis to study and address race conditions. Leveraging
these techniques, we can effectively and easily identify potential race conditions.
In this paper, we will provide a detailed explanation of why we chose these
techniques and the methods we employed. We will explore the characteristics of
race conditions and demonstrate how Call Graph, Abstract Syntax Tree, and static
analysis help us identify potential race conditions.

關鍵字(中)

★ 競爭
★ 靜態分析

關鍵字(英)

論文目次

摘要 ........................................... i
Abstract ...................................... ii
目錄 ........................................... iii
圖目錄 ......................................... iv
表格目錄 ....................................... vi
第 1 章、緒論 .................................. 1
第 2 章、研究背景與相關研究 ....................... 5
2-1 程式分析方法比較 ............................. 5
2-1-1 動態分析 (Dynamic Analysis) ............... 5
2-1-2 靜態分析 (Static Analysis) ................ 6
2-1-3 差異比較 .................................. 6
2-2 抽象語法樹 (Abstract Syntax Tree) ........... 8
2-3 競爭條件 (Race Condition).................... 12
2-3-1 鎖 (Lock) ................................ 15
2-3-2 互斥鎖 (Mutex) ............................ 15
2-3-3 信號 (Semaphore) .......................... 15
2-4 Call Graph ................................. 16
2-5 JavaScript 的非同步功能相關研究 ............... 17
2-5-1 Event Queue .............................. 17
2-5-2 async/await 關鍵字 ........................ 19
2-5-3 Promise .................................. 20
第 3 章、 Race Condition 案例與分析 ............... 23
3-1 JavaScript 中的競爭條件 ...................... 23
3-2 競爭條件對 JavaScript 程式的影響 .............. 26
3-3 JavaScript 程式中競爭條件的解決方案 ............ 28
第 4 章、Race Condition 檢測方法 ................. 33
4-1 變數和函式的宣告和參照關係分析 .................. 35
4-2 Call Graph 的建立和使用 ...................... 39
4-3 合併 Call Graph 和參照關係圖 .................. 40
4-4 分析和識別潛在 Race Condition ................. 42
第 5 章、討論與評估 ............................... 45
5-1 偵測方法準確性的評估 ........................... 45
5-2 演算法與實作結果差異的討論 ...................... 48
第 6 章、結論與未來研究方向 ......................... 50
第 7 章、參考資料 ................................. 52

參考文獻

[1] E Mutlu, S Tasiran, B Livshits. “Detecting JavaScript Races that Matter”, in
Proc. ESEC/FSE, 2015
[2] M Madsen, F Tip, O Lhoták. “Static Analysis of Event-Driven Node.js Ja-
vaScript Ap-plications”, in Proc. ACM SIGPLAN Conference on Object-Ori-
ented Programming, Systems, Languages, and Applications (OOPSLA),
2015
[3] S Alimadadi, A Mesbah, K Pattabiraman. “Understanding Asynchronous In-
teractions in Full-Stack JavaScript”, in Proc. of 38th International Conference
on Software Engi-neering (ICSE), 2016
[4] S Park, W Xu, I Yun, D Jang. “Fuzzing JavaScript Engines with Aspect-pre-
serving Mutation”, in 2020 IEEE Symposium on Security and Privacy (SP),
2020
[5] C Flanagan, SN Freund. “Detecting Race Conditions in Large Programs”, in
Proceed-ings of the ACM SIGPLAN-SIGSOFT Workshop on Program Anal-
ysis for Software Tools and Engineering (PASTE’01), pages 90–96, 2001
[6] C Flanagan, SN Freund. “FastTrack: Efficient and Precise Dynamic Race De-
tection” Community ACM, Vol. 53, Issue 11, 2010
[7] J. Ide, R. Bodik, and D. Kimelman. “Concurrency Concerns in Rich Internet
Applica-tions”, In ECEC, 2009
[8] S Hong, Y Park, M Kim. “Detecting Concurrency Errors in Client-side Ja-
vaScript Web Applications” in Proc. of IEEE 7th International Conference on
Software Testing, Veri-fication and Validation, 2014
52[9] R. H. B. Netzer and B. P. Miller, “What are race conditions?: Some issues and
formalizations”, ACM Lett. Program. Languages Syst., vol. 1, no. 1, pages
74–88, 1992.
[10] D. Engler and K. Ashcraft, “RacerX: Effective, static detection of race condi-
tions and deadlocks”, in Proc. ACM Symp. Operating Syst. Principles, Bolton
Landing, NY, USA, pages 237–252, 2003.
[11] Y. Yu, T. Rodeheffer, and W. Chen. “Racetrack: Efficient detection of data
race conditions via adaptive tracking", In SOSP, 2005.
[12] Usage statistics of JavaScript as client-side programming language on web-
sites (https://w3techs.com/technologies/details/cp-javascript)
[13] How Many Websites Are There? – The Growth of The Web (1990–2022)
(https://firstsiteguide.com/how-many-websites/)
[14] NodeJS & Event Loop: Not So Single-Threaded (https://blog.bitsrc.io/node-
js-event-loop-and-multi-threading-e42e5fd16a77)
[15] K. Sen, “Race directed random testing of concurrent programs”, in Proc.
ACM Conf. Program. Language Design Implementation, pages 11–21, 2008
[16] Stefan Savage, Michael Burrows, Greg Nelson, Patrick Sobalvarro, and
Thomas Anderson. 1997. “Eraser: A dynamic data race detector for multi-
threaded programs”. ACM Transactions on Computer Systems (TOCS), Vol-
ume 15, Issue 4, pages 391–411, 1997.
[17] Polyvios Pratikakis, Jeffrey S. Foster, and Michael Hicks, “LOCKSMITH:
Practical static race detection for C”, ACM Transactions on Programming
Languages and Systems, Volume 33, Issue 1, pages 1-55, 2011
[18] Mayur Naik, Alex Aiken, John Whaley, “Effective static race detection for
Java”, In Proceedings of the 27th ACM SIGPLAN Conference on
53Programming Language Design and Implementation (Ottawa, Ontario, Can-
ada) (PLDI ’06). ACM, New York, NY, USA, 308–319, 2006.
[19] Cormac Flanagan, Stephen N. Freund, “Type-Based Race Detection for Java”,
In ACM SIGPLAN Conference on Programming Language Design and Im-
plementation (PLDI’00). ACM SIGPLAN Notices Volume 35, Issue 5, pages
219–232, 2000.
[20] JAVASCRIPT (https://www.w3.org/standards/webdesign/script)
[21] Atomics
(https://developer.mozilla.org/en-US/docs/Web/JavaScript/Refer-
ence/Global_Objects/Atomics)

指導教授

鄭永斌(Yung-Pin Cheng)

審核日期

2023-8-2

推文