ExpoSE: A Quick Start Guide

In this tutorial I explain how to use the ExpoSE dynamic symbolic execution (DSE) tool. First I run through how to use ExpoSE with some simple JavaScript test-cases and then explain how to interpret the results. More info
Tags: JavaScript, ExpoSE, Tutorials Created on: 10-08-2018

How to Instrument JavaScript in Chromium

When analyzing JavaScript software it is common to rewrite or instrument the program in some way in order to expose specific data during execution. Typically instrumentation of JavaScript in the browser is achieved by a proxy - a tool that rewrites JavaScript in network requests. In practice proxies typically do not perform well as there are often multiple entry points to a program and it can be hard to correctly rewrite all cases. Another alternative is modifying V8 to achieve the desired level of program instrumentation. Unfortunately, modern JavaScript interpreters are complex pieces of software and this often carries heavy technical and maintenance overheads. Instead we propose rewriting the JavaScript entry point within a browser to instrument source code, achieving a reasonable compromise between maintainability and development time. In this tutorial we are going to modify V8, the JavaScript interpreter used by Chromium, so that all JavaScript executed by Chromium can be rewritten by an instrumentation framework. More info
Tags: Chromium, Tutorials, JavaScript Created on: 09-08-2018

A Short Tutorial on Logging in ExpoSE

The concurrent execution of test-cases and JavaScript compilation process can make logging test-case output confusing in ExpoSE. In this short tutorial I explain how to enable test-case logging and give quick configurations. More info
Tags: JavaScript, Tutorials, ExpoSE Created on: 09-08-2018

Analyzing modern JavaScript with Jalangi2

As part of a recent piece of work with ExpoSE we found that Jalangi2 often fails to analyze JavaScript programs which use features from recent JavaScript standards. In particular, a common point of failure is the use of let or const keywords. As such, we were unable to analyze a large number of the libraries we downloaded from the NPM package manager. As we want to be able to execute ExpoSE on real-world software we had to find a modification of Jalangi2 that would permit analysis of such code. More info
Tags: Tutorials Created on: 09-08-2018