{"id":13546861,"url":"https://github.com/Samsung/jalangi2","last_synced_at":"2025-04-02T19:32:11.831Z","repository":{"id":44970389,"uuid":"27174518","full_name":"Samsung/jalangi2","owner":"Samsung","description":"Dynamic analysis framework for JavaScript","archived":false,"fork":false,"pushed_at":"2024-02-13T18:37:23.000Z","size":25922,"stargazers_count":449,"open_issues_count":69,"forks_count":119,"subscribers_count":30,"default_branch":"master","last_synced_at":"2025-03-27T16:13:03.814Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Samsung.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE.txt","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2014-11-26T11:49:28.000Z","updated_at":"2025-03-15T10:54:23.000Z","dependencies_parsed_at":"2024-06-18T23:09:37.094Z","dependency_job_id":null,"html_url":"https://github.com/Samsung/jalangi2","commit_stats":{"total_commits":264,"total_committers":24,"mean_commits":11.0,"dds":0.5568181818181819,"last_synced_commit":"fef63515086ddd14fa33078b223eddab9014889c"},"previous_names":[],"tags_count":8,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Samsung%2Fjalangi2","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Samsung%2Fjalangi2/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Samsung%2Fjalangi2/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Samsung%2Fjalangi2/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Samsung","download_url":"https://codeload.github.com/Samsung/jalangi2/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":246880127,"owners_count":20848818,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-08-01T12:00:46.504Z","updated_at":"2025-04-02T19:32:06.821Z","avatar_url":"https://github.com/Samsung.png","language":"JavaScript","readme":"Jalangi2\n=======\n### Introduction\n\nJalangi2 is a framework for writing dynamic analyses for JavaScript.\nJalangi1 is still available at https://github.com/SRA-SiliconValley/jalangi, but we no longer plan to develop it.\nJalangi2 does not support the record/replay feature of Jalangi1.\nIn the Jalangi2 distribution you will find several analyses:\n\n  * an analysis to [track NaNs](src/js/sample_analyses/dlint/CheckNaN.js).\n  * an analysis to [check if an undefined is concatenated to a string](src/js/sample_analyses/dlint/ConcatUndefinedToString.js).\n  * [Memory analysis](https://github.com/Samsung/meminsight): a memory-profiler for JavaScript and HTML5.\n  * [DLint](https://github.com/ksen007/jalangi2analyses): a dynamic checker for JavaScript bad coding practices.\n  * [JITProf](https://github.com/ksen007/jalangi2analyses): a dynamic JIT-unfriendly code snippet detection tool.\n  * [analysisCallbackTemplate.js](src/js/runtime/analysisCallbackTemplate.js): a template for writing a dynamic analysis.\n  * and [more ...](src/js/sample_analyses/)\n\nSee [our tutorial slides](http://manu.sridharan.net/files/JalangiTutorial.pdf) for a detailed overview of Jalangi and some client analyses.\n\n### Requirements\n\nWe have tested Jalangi on Mac OS X with Chromium browser.  Jalangi should work on Mac OS\n10.7, Ubuntu 11.0 and higher and Windows 7 or higher. Jalangi will NOT work with IE.\n\n  * Node.js available at https://nodejs.org/en/download/releases/.  We primarily test Jalangi with the Node LTS version (currently v12).\n  * Chrome browser if you need to test web apps.\n  * Python (http://python.org) version 3.x.\n\nOn Windows you need the following extra dependencies:\n\n  * Install Microsoft Visual Studio 2010 (Free express version is fine).\n  * If on 64bit also install Windows 7 64-bit SDK.\n\nIf you have a fresh installation of Ubuntu, you can install all the requirements by invoking the following commands from a terminal\n(package names may be out of date).\n\n    sudo apt-get update\n    sudo apt-get install python-software-properties python g++ make\n    sudo add-apt-repository ppa:chris-lea/node.js\n    sudo apt-get update\n    sudo apt-get install nodejs\n    sudo apt-get update\n    sudo apt-get install chromium-browser\n\n### Installation\n\nClone the repository, and then run:\n\n    npm install\n\n### Run tests\n\n    python scripts/test.traceall.py\n    python scripts/test.analysis.py\n    python scripts/test.dlint.py\n\n### Usage\n\n**Analysis in node.js with on-the-fly instrumentation**\n\nAn analysis can be performed on a JavaScript file in node.js by issuing the following commands:\n\n    node src/js/commands/jalangi.js --inlineIID --inlineSource --analysis src/js/sample_analyses/ChainedAnalyses.js --analysis src/js/sample_analyses/dlint/Utils.js --analysis src/js/sample_analyses/dlint/CheckNaN.js --analysis src/js/sample_analyses/dlint/FunCalledWithMoreArguments.js --analysis src/js/sample_analyses/dlint/CompareFunctionWithPrimitives.js --analysis src/js/sample_analyses/dlint/ShadowProtoProperty.js --analysis src/js/sample_analyses/dlint/ConcatUndefinedToString.js --analysis src/js/sample_analyses/dlint/UndefinedOffset.js tests/octane/deltablue.js\n\nIn the above analysis, we chained several analyses by including *--analysis src/js/analyses/ChainedAnalyses.js* as the first analysis.\nThe command runs the following analyses\n\n    src/js/sample_analyses/dlint/CheckNaN.js\n    src/js/sample_analyses/dlint/FunCalledWithMoreArguments.js\n    src/js/sample_analyses/dlint/CompareFunctionWithPrimitives.js\n    src/js/sample_analyses/dlint/ShadowProtoProperty.js\n    src/js/sample_analyses/dlint/ConcatUndefinedToString.js\n    src/js/sample_analyses/dlint/UndefinedOffset.js\n\nThe implementation of an analysis requires the implementation of several callback functions. One can start writing\nan writing analysis using the template file [src/js/runtime/analysisCallbackTemplate.js](src/js/runtime/analysisCallbackTemplate.js).\nA documentation of these call back functions can be found at [docs/MyAnalysis.html](docs/MyAnalysis.html).\nA tutorial on writing a Jalangi analysis can be found at [docs/tutorial1.md](docs/tutorial1.md). While writing \nan analysis one could run [src/js/sample_analyses/pldi16/TraceAll.js](src/js/sample_analyses/pldi16/TraceAll.js) \nanalysis on a JavaScript file to print all the callback functions that got \ncalled during the execution of the file.  Such a trace is useful to see what callbacks get called during an \nexecution.  The following command runs the TraceAll.js analysis on the file [tests/octane/deltablue.js](tests/octane/deltablue.js).\n\n    node src/js/commands/jalangi.js --inlineIID --inlineSource --analysis src/js/sample_analyses/ChainedAnalyses.js --analysis src/js/runtime/SMemory.js --analysis src/js/sample_analyses/pldi16/TraceAll.js tests/octane/deltablue.js\n\n**Analysis in node.js with explicit one-file-at-a-time offline instrumentation**\n\nAn analysis can be performed on a JavaScript file in node.js by issuing the following commands:\n\n    node src/js/commands/esnstrument_cli.js --inlineIID --inlineSource tests/octane/deltablue.js\n    node src/js/commands/direct.js --analysis src/js/sample_analyses/ChainedAnalyses.js --analysis src/js/sample_analyses/dlint/Utils.js --analysis src/js/sample_analyses/dlint/CheckNaN.js --analysis src/js/sample_analyses/dlint/FunCalledWithMoreArguments.js --analysis src/js/sample_analyses/dlint/CompareFunctionWithPrimitives.js --analysis src/js/sample_analyses/dlint/ShadowProtoProperty.js --analysis src/js/sample_analyses/dlint/ConcatUndefinedToString.js --analysis src/js/sample_analyses/dlint/UndefinedOffset.js tests/octane/deltablue_jalangi_.js\n\nIn the above analysis, we chained several analyses by including *--analysis src/js/analyses/ChainedAnalyses.js*.\n\n**Analysis in a browser using offline instrumentation**\n\nAn analysis can be performed on a web app using the Chrome browser by issuing the following commands:\n\n    node src/js/commands/instrument.js --inlineIID --inlineSource -i --inlineJalangi --analysis src/js/sample_analyses/ChainedAnalyses.js --analysis src/js/sample_analyses/dlint/Utils.js --analysis src/js/sample_analyses/dlint/CheckNaN.js --analysis src/js/sample_analyses/dlint/FunCalledWithMoreArguments.js --analysis src/js/sample_analyses/dlint/CompareFunctionWithPrimitives.js --analysis src/js/sample_analyses/dlint/ShadowProtoProperty.js --analysis src/js/sample_analyses/dlint/ConcatUndefinedToString.js --analysis src/js/sample_analyses/dlint/UndefinedOffset.js --outputDir /tmp tests/tizen/annex\n    open file:///tmp/annex/index.html\n\nWhile performing analysis in a browser, one needs to press Alt-Shift-T to end the analysis and to print the analysis results in the console.\n\n**Analysis in a browser using a proxy and on-the-fly instrumentation**\n\nYou can also setup a proxy to instrument JavaScript files on-the-fly.\nTo do so, you need to install [mitmproxy](http://mitmproxy.org/).  We have tested mitmproxy version 7.0.\nOn Linux, you can follow\n[the standard installation instructions](http://docs.mitmproxy.org/en/stable/install.html),\nbut instead of running `sudo pip install mitmproxy`, run `sudo pip install mitmproxy==7.0.0` to get the tested version.  On Mac OS,\nthe easiest path we have found is to use [Homebrew](http://brew.sh/).\nWith Homebrew installed, you can install the right version by running:\n\n    brew install python\n    pip install -U pip\n    pip install mitmproxy==7.0.0\n\nNote that you might need to restart your shell afterward, to ensure\nthe python being used is `/usr/local/bin/python`.\n\nFor instrumenting code served over HTTPS, you will additionally need\nto set up a root certificate for mitmproxy.  See\n[their instructions](http://docs.mitmproxy.org/en/stable/certinstall.html)\nor [this document](https://github.com/ksen007/jalangi2analyses/blob/master/doc/mitmproxy-install.pdf).\n\nAfter installation, you can run the Jalangi instrumentation proxy by\nissuing the following command:\n\n    mitmdump --quiet --anticache -s \"scripts/proxy.py --inlineIID --inlineSource --analysis src/js/sample_analyses/ChainedAnalyses.js --analysis src/js/runtime/analysisCallbackTemplate.js\"\n\nIn your browser, the http and https proxy should be set to 127.0.0.1:8080.  Now if you load a website in your browser, all JavaScript files associated with the website will get instrumented on-the-fly.\n\nOn a Mac, the proxy can be set and launched automatically by issuing the following command:\n\n    ./scripts/mitmproxywrapper.py --toggle --auto-disable --quiet --anticache -s \"scripts/proxy.py --inlineIID --inlineSource --analysis src/js/sample_analyses/ChainedAnalyses.js --analysis src/js/runtime/analysisCallbackTemplate.js\"\n\nThe command starts mitmproxy if the proxy is not currently enabled, and disables it otherwise.\nThe `--auto-disable` option will automatically disable the proxy when the script is interrupted.\n\nJalangi2 caches the instrumented source files in `./cache/`.\nThe use of the cache can be disabled during development by passing the `--no-cache` flag to `scripts/proxy.py`.\n\n### Developing an analysis in Jalangi2\n\nRefer to [docs/index.html](docs/index.html) and [docs/commands.md](docs/commands.md) for further information.  A tutorial\non writing a Jalangi analysis can be found in [docs/tutorial1.md](docs/tutorial1.md).  \n\n### Supported ECMAScript versions\n\nJalangi2 supports ECMAScript 5.1.  Some ES6 features may work, but have not been tested.\n\nLicense\n-------\n\nJalangi2 is distributed under the [Apache License](http://www.apache.org/licenses/LICENSE-2.0.html).\n","funding_links":[],"categories":["JavaScript","Programming Languages","Tools"],"sub_categories":["JavaScript"],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FSamsung%2Fjalangi2","html_url":"https://awesome.ecosyste.ms/projects/github.com%2FSamsung%2Fjalangi2","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FSamsung%2Fjalangi2/lists"}