Practical Dynamic Program Analysis for Node.js - The NodeProf Framework and its Applications
Facoltà di scienze informatiche - Segreterie degli studi
Data: 22 luglio 2025 / 15:30 - 18:30
USI East Campus, Room D0.02
You are cordially invited to attend the PhD Dissertation Defence of Haiyang Sun on Tuesday 22 July 2025 at 15:30 in room D0.02.
Abstract:
Node.js is an asynchronous, event-driven JavaScript runtime that enables developers to execute JavaScript on the server side, outside of the browser. Unlike traditional JavaScript environments for browsers, Node.js extends functionality to handle I/O operations, such as file and network access, making it well-suited for building scalable web applications. However, the dynamic and asynchronous nature of Node.js, combined with its complex event loop semantics, presents significant challenges for debugging, performance analysis, and ensuring code quality. Additionally, existing source-code instrumentation frameworks for JavaScript suffer from substantial overhead and difficulties in instrumenting the built-in module libraries of Node.js. This dissertation introduces NodeProf, an efficient dynamic analysis framework for Node.js. NodeProf significantly improves analysis performance while ensuring comprehensive code coverage by leveraging dynamic instrumentation of the JavaScript runtime and automatic partial evaluation to generate efficient machine code. Its integration with the underlying Just-in-Time (JIT) compiler also allows analyses to be dynamically (de)activated, incurring zero overhead when no analysis is active. Furthermore, NodeProf benefits from the language interoperability provided by the runtime, enabling dynamic analyses to be written in both Java and JavaScript, with compatibility with Jalangi, a state-of-the-art source-code JavaScript instrumentation framework. This allows NodeProf to offer similar flexibility to traditional source-code instrumentation tools. To demonstrate NodeProf’s ability to empower new dynamic analysis tools, this dissertation presents AsyncG, a new dynamic analysis tool based on NodeProf. Thanks to NodeProf’s ability to instrument library code, its low overhead and flexibility in defining instrumentation logic, AsyncG can be used to identify bugs in real-world Node.js server applications by reasoning about all sources of asynchronous execution in an application— a task that is challenging with Jalangi due to its lack of system code coverage, high performance overhead, and limited support for the latest language features.
Dissertation Committee:
- Prof. Walter Binder, Università della Svizzera italiana, Switzerland (Research Advisor)
- Prof. Matthias Hauswirth, Università della Svizzera italiana, Switzerland (Internal Member)
- Prof. Mauro Pezzè, Università della Svizzera italiana, Switzerland (Internal Member)
- Prof. Andreas Krall, TU Wien, Austria (External Member)
- Prof. Petr Tuma, Charles University, Czech Republic (External Member)