Detecting and Classifying Race Conditions in Web Applications

classifying race conditions in web applications n.w
1 / 18
Embed
Share

Explore a new method to automatically classify race conditions in web applications as harmful or harmless. Learn about the challenges of identifying race conditions, existing tools' limitations, and the contributions of the RClassify Library in detecting and categorizing these issues. Join the journey to enhance web application reliability and performance.

  • Web Development
  • Race Conditions
  • Web Applications
  • JavaScript Library
  • Performance
rayaanacharya
fier308 Follow

Uploaded on | 0 Views

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

You are allowed to download the files provided on this website for personal or commercial use, subject to the condition that they are used lawfully. All files are the property of their respective owners.

Download Presentation

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.

E N D

Presentation Transcript

  1. Classifying Race Conditions in Web Applications Lu Zhang Chao Wang 1

  2. Outline Overview Our method Experiments 3/18/2025 2

  3. Overview 3/18/2025 3

  4. Web Applications Event-driven model Event sources: Parsing User mouse/keyboard actions Asynchronous resource loading Ajax callbacks Timer callbacks Not free of race conditions, due to the extensive use of asynchronous events -> to be fast! 3/18/2025 4

  5. onclick Async JS Ajax HTML onload Timer f1() <image src= onload = f1() > a.js <script src= a.js async = true > f2() <script> </script> Ajax(url , f2) f3() <script> setTimeOut(f3, 1000); </script> f4() <button onclick= f4() > 3/18/2025 5

  6. Buggy interleaving onclick HTML f1() <image src= onload = f1() > a.js: function f4(){ } <script src= a.js async = true > f2() <script> </script> Ajax(url , f2) f3() <script> setTimeOut(f3, 1000); </script> f4() <button onclick= f4() > wire you 5 million dollars 3/18/2025 6

  7. Motivation Race conditions are hard to detect and diagnose Race condition: Two events access the same shared variable Can be re-ordered At least one is a write operation Existing tools report too many warnings, most of them are false positives Counter productive Filtered through heuristics Lack of proof Our new method: to help! Automatically classify the race conditions as harmful or harmless 3/18/2025 7

  8. Outline Overview Our method Experiments 3/18/2025 8

  9. Contributions RClassify Library Deterministically replay the web application with race conditions Automatically classify the race conditions to be harmful or harmless Implementation As a JavaScript library embedded into the web applications Browser/platform independent Experiments Benchmarks from race detection tools 70 web sites from the Fortune 500 companies 3/18/2025 9

  10. Why do we do? onclick HTML f1() <image src= onload = f1() > a.js: function f4(){ //wire you 5 million dollars } Execution 1 Compare <script src= a.js Async = true > Execution 2 f2() <script> </script> Ajax(url , f2) f3() <script> setTimeOut(f3, 1000); </script> f4() <button onclick= f4() > 3/18/2025 10

  11. Challenges How to monitor difference kinds of events How to monitor them in time How to delay them without blocking others How to record the program states What s the rules to classify the race conditions? How to filter the irrelevant fields? 3/18/2025 11

  12. Outline Overview Our method Experiments 3/18/2025 12

  13. Implementation RClassify.js library jQuery-like library, providing racing events monitoring and controlling, program state serialization and race classification mechanisms. Jsoup HTML scanning and source-to-source rewriting WebKit+EventRacer Provide races as our input Racing events processing and transforming 3/18/2025 13

  14. Experiments 3/18/2025 14

  15. Experiments 70 websites, 50 with races 1878 races 129 harmful races(7%) 1.5-2x slowdown depending on websites 3/18/2025 15

  16. Takeaways Web applications suffer from concurrency errors Existing methods often report too many race warnings, which is counter-productive We propose an automatic method to classify harmful and harmless races using deterministically re-execution Tested on benchmarks and real-world websites Effective and efficient 3/18/2025 16

  17. Thank You! 3/18/2025 17

  18. Overall Flow Phase 1: race detection Phase 2: race replay and classification 3/18/2025 18

Related


You Talk The Talk But Can you Walk The Walk?

You Talk The Talk But Can you Walk The Walk?

jaspercolin
How do I talk to a real person at Icelandair?

How do I talk to a real person at Icelandair?

Milton1
Microsoft Bookings Tech Talk: Enhance Customer Experience and Boost Business Efficiency

Microsoft Bookings Tech Talk: Enhance Customer Experience and Boost Business Efficiency

aaryan
Empower Students with Tech-Talk: Enhancing Skills for Success

Empower Students with Tech-Talk: Enhancing Skills for Success

karma
Mastering the Art of Writing a Compelling Talk/Speech

Mastering the Art of Writing a Compelling Talk/Speech

wrenlee
Assistive Technology in Occupational Therapy: Case Review & TED Talk Analysis

Assistive Technology in Occupational Therapy: Case Review & TED Talk Analysis

branwen
Health and Fitness Talk for Accountants Presented by Coach Chandy

Health and Fitness Talk for Accountants Presented by Coach Chandy

tom
Engaging Grammar Talk for Writing Pedagogy

Engaging Grammar Talk for Writing Pedagogy

hassan
Real-World Evaluation of Push-to-Talk Service for Public Safety Systems

Real-World Evaluation of Push-to-Talk Service for Public Safety Systems

cheyenne
The Art of Small Talk: Navigating Social Situations with Ease

The Art of Small Talk: Navigating Social Situations with Ease

perry
Demystifying Kernels: A Simplified Approach without Complicated Math

Demystifying Kernels: A Simplified Approach without Complicated Math

leonel
China Makes History in Tennis Mixed Doubles, Quan Shines in Diving

China Makes History in Tennis Mixed Doubles, Quan Shines in Diving

marlays
Enhancing Mental Skills in Youth Hockey: A Guide for Coaches

Enhancing Mental Skills in Youth Hockey: A Guide for Coaches

del_ran
Evolution of AI: Insights from Raj Reddy's Talk at Carnegie Mellon University

Evolution of AI: Insights from Raj Reddy's Talk at Carnegie Mellon University

mhed
Enhancing Communication Skills with T.E.A.M. Talk

Enhancing Communication Skills with T.E.A.M. Talk

kaon867
Enhancing Math Learning with Classroom Discussions

Enhancing Math Learning with Classroom Discussions

swasey_k
Movie Talk: A Powerful Technique for Language Acquisition

Movie Talk: A Powerful Technique for Language Acquisition

font_ams
Talk-Line: A Helpline for Students in Grades 3-5

Talk-Line: A Helpline for Students in Grades 3-5

fian643
Expert Tips for Delivering a 15-Minute Talk Effectively

Expert Tips for Delivering a 15-Minute Talk Effectively

acull
Small Talk in the Workplace

Small Talk in the Workplace

josephson_m
Effective Scientific Talk Presentation Tips

Effective Scientific Talk Presentation Tips

taon203
Probability with Dr. Zhang at Fordham University

Probability with Dr. Zhang at Fordham University

kadenle

More Related Content