ALP4IoT 2017

Towards Runtime Monitoring of Node.js and Its Application to the
Internet of Things Davide Ancona Luca Franceschini Giorgio Delzanno Maurizio Leotta Marina Ribaudo Filippo Ricca 1st workshop on Architectures, Languages and Paradigms for IoT September 18th, 2017, Turin, Italy University of Genoa, Italy

Node.js Node.js has become popular… but why? 1/16

Node.js Node.js has become popular… but why? • JavaScript based
1/16

• High performance 1/16

• High performance • Huge ecosystem 1/16

• High performance • Huge ecosystem … and now the Internet of Things! 1/16

Node.js & IoT Key features for the Internet of Things
• Large volume of data generated, a lot of requests → that’s what Node.js is good at! 2/16

• Large volume of data generated, a lot of requests • Devices are now able to run JavaScript and Node.js → Raspberry Pi, Intel Edison, Beaglebone, Arduino… 2/16

• Large volume of data generated, a lot of requests • Devices are now able to run JavaScript and Node.js • Growing number of modules and projects for IoT → Cylon.js, Node-RED, Johnny-Five, Azure IoT… 2/16

• Large volume of data generated, a lot of requests • Devices are now able to run JavaScript and Node.js • Growing number of modules and projects for IoT • No more C/C++ low-level programming → V8 runtime is written in C++ itself 2/16

Node.js and the event loop 3/16

Node.js hello world const http = require('http'); const server =
http.createServer( (req, res) => res.end('Hello World!') }); server.listen(8080); 4/16

Node.js and ﬁles const fs = require('fs'); const LIMIT =
2**8; fs.open('tmp.txt', 'w', (err, fd) => { if (!err) for (let i=0; i<LIMIT; i++) fs.write(fd, i+'\n', () => {}); fs.close(fd, console.log('bye')); }); 5/16

Node.js and ﬁles const fs = require('fs'); const LIMIT =
2**24; // a bit more... fs.open('tmp.txt', 'w', (err, fd) => { if (!err) for (let i=0; i<LIMIT; i++) fs.write(fd, i+'\n', () => {}); fs.close(fd, console.log('bye')); }); 6/16

FATAL ERROR: CALL_AND_RETRY_LAST Allocation failed - JavaScript heap out of
memory 6/16

Looking at the documentation 7/16

Looking at the documentation “Note that it is unsafe to
use fs.write multiple times on the same ﬁle without waiting for the callback. For this scenario, fs.createWriteStream is strongly recommended.” 8/16

Runtime Veriﬁcation Different approaches • Static analysis: not so easy
in such a dynamic language 9/16

in such a dynamic language • Testing: bugs like this can be hard to reproduce 9/16

in such a dynamic language • Testing: bugs like this can be hard to reproduce • Runtime veriﬁcation! 9/16

Monitoring Node.js code Things we need to monitor: • Function
calls (like fs.write) • Callback execution (and the operation from which they are triggered) 10/16

Code instrumentation with Jalangi Our approach Code instrumentation The tool
Jalangi (actually Jalangi2) The features we need Jalangi allows to run arbitrary code before and a ter every function call (and much more) 11/16

Speciﬁcation We use trace expressions to specify the expected behavior
File write speciﬁcation O = ε ∨ (open : W) W = (write : callback : W) ∨ (close : ε) 12/16

Speciﬁcation We use trace expressions to specify the expected behavior
File write speciﬁcation O = ε ∨ (open : W) W = (write : callback : W) ∨ (close : ε) Recursion: trace expressions can be cyclic! 12/16

Specification Trace expressions can also be parametric Multiple files specification
O = ε ∨ ⟨id; open(id) : (O′ | O)⟩ O′ = ⟨fd; callback(id, fd) : W⟩ W = ⟨id2; write(id2, fd) : callback(id2) : W⟩ ∨ C C = ⟨id3; close(id3, fd) : callback(id3) : ε⟩ 13/16

HTTP monitoring The http module has many unsafe behaviors as
well: • “Node.js does not check whether Content-Length and the length of the body which has been transmitted are equal or not” • “the 204 and 304 responses must not include a message body” • “The method, response.end(), MUST be called on each response” • “if a 'response' event handler is added, then the data from the response object must be consumed” • and more… 15/16

Conclusion and future work • This work is a ﬁrst
step towards runtime veriﬁcation of Node.js and Node-RED systems using trace expressions 16/16

step towards runtime veriﬁcation of Node.js and Node-RED systems using trace expressions • The speciﬁcation can also be used without any knowledge about trace expressions to verify correct use of libraries 16/16

step towards runtime veriﬁcation of Node.js and Node-RED systems using trace expressions • The speciﬁcation can also be used without any knowledge about trace expressions to verify correct use of libraries • Decentralized: a single monitor server can verify a distributed system 16/16

step towards runtime veriﬁcation of Node.js and Node-RED systems using trace expressions • The speciﬁcation can also be used without any knowledge about trace expressions to verify correct use of libraries • Decentralized: a single monitor server can verify a distributed system • Trace expressions are very expressive 16/16

step towards runtime veriﬁcation of Node.js and Node-RED systems using trace expressions • The speciﬁcation can also be used without any knowledge about trace expressions to verify correct use of libraries • Decentralized: a single monitor server can verify a distributed system • Trace expressions are very expressive • Still a lot to do! Real-world programs to test, more modules and libraries, performances and scalability… 16/16

Questions? 16/16

ALP4IoT 2017

ALP4IoT 2017

Luca Franceschini

More Decks by Luca Franceschini

Other Decks in Research

Featured

Transcript

Towards Runtime Monitoring of Node.js and Its Application to the

Node.js Node.js has become popular… but why? 1/16

Node.js Node.js has become popular… but why? • JavaScript based

Node.js Node.js has become popular… but why? • JavaScript based

Node.js Node.js has become popular… but why? • JavaScript based

Node.js Node.js has become popular… but why? • JavaScript based

Node.js & IoT Key features for the Internet of Things

Node.js & IoT Key features for the Internet of Things

Node.js & IoT Key features for the Internet of Things

Node.js & IoT Key features for the Internet of Things

Node.js and the event loop 3/16

Node.js hello world const http = require('http'); const server =

Node.js and ﬁles const fs = require('fs'); const LIMIT =

Node.js and ﬁles const fs = require('fs'); const LIMIT =

FATAL ERROR: CALL_AND_RETRY_LAST Allocation failed - JavaScript heap out of

Looking at the documentation 7/16

Looking at the documentation “Note that it is unsafe to

Runtime Veriﬁcation Different approaches • Static analysis: not so easy

Runtime Veriﬁcation Different approaches • Static analysis: not so easy

Runtime Veriﬁcation Different approaches • Static analysis: not so easy

Monitoring Node.js code Things we need to monitor: • Function

Code instrumentation with Jalangi Our approach Code instrumentation The tool

Speciﬁcation We use trace expressions to specify the expected behavior

Speciﬁcation We use trace expressions to specify the expected behavior

Specification Trace expressions can also be parametric Multiple files specification

14/16

HTTP monitoring The http module has many unsafe behaviors as

Conclusion and future work • This work is a ﬁrst

Conclusion and future work • This work is a ﬁrst

Conclusion and future work • This work is a ﬁrst

Conclusion and future work • This work is a ﬁrst

Conclusion and future work • This work is a ﬁrst

Questions? 16/16