DOCSLIB.ORG

Javascript: Skeletons in the Closet

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Javascript: Skeletons in the Closet JavaScript: Skeletons in the Closet Allen Wirfs-Brock @awbjs www.wirfs-brock.com/allen [email protected] JavaScript: the world’s most widely used programming language Stack Overflow 2019 Developer Survey: 69.7% of professional developers use JavaScript How a sidekick scripting language for Java, created at Netscape in a ten- day hack, ships first as a de facto Web standard and eventually becomes the world's most widely used programming language. JavaScript Prehistory Mosaic released Tim Berners-Lee’s first Web for Microsoft Production browser is completed Windows release of 11 November, 1993 25 December, 1990 Netscape’s browser Alpha release of (Navigator 1.0) Mosaic (Unix) December 15 1994 June 1993 1990 1991 1992 1993 1994 1995 September 1994 7 August, 1991 First public beta December 1992 Tim Berners-Lee public Marc Andreessen and of Netscape’s announcement of the Eric Bina start browser “WorldWideWeb” development of NCSA Mosaic browser April 1994 Jim Clark and Marc Andreessen found Netscape Communications Corp. 1995: JavaScript Year 0—Getting Started Netscape recruiting Brendan Eich to "Do Scheme in browser" Netscape strategizing about Scripting languages and Java Sun guerrilla marketing of Java Netscape announces licensing Java for browser 23 May Brendan Eich joins Netscape April 1995 01 02 03 04 05 06 07 08 09 10 11 12 April 1995 Java alpha release “Come put Scheme into the browser” ... but, does Netscape need scripting? April 1995 Planning for Netscape 2 beta in September 1995 Assuming Netscape would license Java Marc Andreessen Brendan Eich Microsoft is coming • Why was another language needed? • How to explain reason for two languages? • Did Netscape have the necessary skills? Bill Joy Mocha in 10 days May 6-15(??), 1995 • Brendan, go prove Netscape can do it! • What did Brendan actually build: – Parser – Bytecode interpreter – Decompiler – Basic library – Browser-hosted REPL interface 1995: JavaScript Year 0—Creating a Language Mocha prototype created in 10 days 6 May - 15 May Eich fixing beta Mocha/DOM bugs+Livewire integration Eich refining Mocha and developing DOM0 Microsoft explores reverse engineering LiveScript Mocha Netscape 2.0 beta Netscape/Sun demo 1 LiveScript & Java JavaScript PR 16? May 18 Sep 4 Dec 01 02 03 04 05 06 07 08 09 10 11 12 16 Aug 22 Nov Internet Explorer 1.0 IE 2.0 ships May 1995 ships for Win95 5 Dec Bill Gates Internet Microsoft announces Visual Tidal Wave memo Basic Scripting intent Features not in JavaScript 1.0 • A global binding for the identifier undefined • do-while statement • switch statement • try-catch-finally statement • labeled statements; break/continue to label • === operator • typeof , void, delete, in, and instanceof operators • Nested function declarations • Function expressions/anonymous functions More Features not in JavaScript 1.0 • Prototypal inheritance; no prototype property on functions and built-in constructors • Function call and apply methods • A distinct Array object type • Array literals • Object literals • Regular expressions • Garbage collection “Make it look like Java” Features actually came from • C • Java Date • AWK • (Perl) • (Scheme & Self) • (Python) Classes?? Brendan Eich 2016: “Sun (represented by Bill Joy) would not have accepted [in 1995] classes, as in Java’s nominal OO types, in JS. They wanted a sidekick language that did not include too much from Java itself.” https://www.quora.com/Why-didnt-JavaScript-adopt-the-object-oriented-model-adopted-by-C++-Java-when-it-was-designed/answer/Richard-Eng-1/ comment/25744373# Define objecting in JS 1. 0 Coercion and == Also coercion of empty string to 0 provided a default numeric value for empty fields of HTML forms. JavaScript 1.1/Netscape 3 (Shipped August 1996) • Added prototype inheritance including constructor prototype properties. • Fixed built-in constructors • Array class with special length property and join, reverse, sort methods • Object coercion protocol: toString and valueOf methods • Number constant methods: MIN_VALUE, MAX_VALUE, etc. JavaScript 1996—Competition Brendan Eich works completing Mocha as JavaScript 1.1 Brendan Eich disappears for 2 weeks and creates SpiderMonkey/JavaScript 1.2 Netscape 2.0 and Livewire Netscape 3.0 Server ship with ships with Netscape 4 beta 1 JavaScript 1.0 JavaScript 1.1 with SpiderMonkey 18 Mar 19 Aug December 1996 1995 01 02 03 04 05 06 07 08 09 10 11 12 1997 January 1996 29 May 13 Aug 21 Nov Internet Explorer 3.0 Jan 97 Java JDK 1.0 IE 3.0 ships Ecma TC39 release beta1 with JScript and with JScript 1.0 JScript VBScript JavaScript 2.0 standardization startup meeting SpiderMonkey/JS1.2 — Brendan’s 2nd Sprint Beta Dec 1996, Netscape 4 June 1997 How to do a standard? Netscape/Sun December 1996 press release1: “Netscape and Sun plan to propose JavaScript to the W3 Consortium (W3C) and the Internet Engineering Task Force (IETF) as an open Internet scripting language standard.” Robert Cailliau2: “I was convinced that we needed to build-in a programming language, but the developers, Tim [Berners- Lee] first, were very much opposed. It had to remain completely declarative.” 1: https://web.archive.org/web/19970614002809/http://home.netscape.com:80/newsref/pr/ newsrelease67.html 2: http://en.wikinews.org/wiki/Wikinews_interviews_World_Wide_Web_co-inventor_Robert_Cailliau Attendees Ecma International TC39 organizing meeting November 21-22, 1996 Base document contributions st Key decisions at 1 TC39 meeting • Use Microsoft specification as base document • Limit initial standard to JS 1.1 functionality • Focus on the language – no web feature • Finish within 6 months ES1 Core Technical Working Group Guy Steele Shon Katzenberger Brendan Eich What shall we call this langauge we are trying to standardize? JavaScript • Jan. 14-15, 1997 meeting – CoolScript, CoScript, Descartes,DeScript, DynaScript, Escript, EZScript, InfoScript, JScript JustScript, JSL, LiveScript, RadScript, ScriptJ, TranScript, W3Script, Wscript,wwwscript, Xpresso/Expresso/ Espresso – TC39: Sun/Netscape please let us use Java/LiveScript • Feb 19, 1997 meeting – Sun: nope. Netscape: maybe...nope (May) • June 1997 ECMA GA, what’s the name?!! • July 1997 —RDScript or ECMAScript?? • September 1997 — It’s ECMAScript ECMAScript 1–3 Timeline Exception Handling Alternatives Waldemar Horwat , March 1998: “At a bare minimum you should be able to write code that works in ECMAScript 1.0 and 2.0 [ES4]. Full backwards compatibility would be rather painful.” ECMAScript Phase 2 The Reformers Wander in the Desert Sep 1998–Jul 2003 Jun 2002–Dec 2005 Sep 2005–Jul 2008 ECMAScript 4 (attempt one) 1909–2003 JScript.NET JavaScript 2.0 Microsoft Netscape/AOL • Class-based nominal types • Class-based nominal types • Static type checking • Dynamic type checking • Lots of other stuff • Lots of other stuff ActionScript 2&3 Macromedia Flash • Really wanted Java • Class-based nominal types • Static type checking • Not Web compatible ECMAScript 4 (attempt two) 2005–2008 Macromedia/Adobe ECMAScript 4 (take 2) λ Academic CS Brendan Eich Researchers Browser Game Theory • Breaking-changes (even bug fixes) drive away users • New browsers must conform to what is already there • Innovation is wasteful if only present in one browser • First browser to try something new may actually lose market shareDon’t break the Web! ECMAScript Development Timeline AP Wire Story December 5, 1995 JS 1.0 Properties Access Oddity Brendan Eich–Q1 1996 I hope it [JavaScript] will be implemented by other vendors, based on the spec that Bill Joy and I are working on. I'd like to see it remain small, but become ubiquitous on the web as the favored way of gluing HTML elements and actions on them together with Java applets and other components. ... I haven't studied JavaScript usage rigorously. For all I know, the most common use is to make pages a little smarter and more live --- for instance, make a click on a link load a different URL depending on the time of day. Brendan Eich interview February 1996 JavaScript 1996 Brendan Eich works completing Mocha as JavaScript 1.1 Netscape 2.0 and Livewire Netscape 3.0 Server ship with ships with JavaScript 1.0 JavaScript 1.1 18 Mar 19 Aug 1995 01 02 03 04 05 06 07 08 09 10 11 12 1997 January 1996 29 May 13 Aug Java JDK 1.0 Internet Explorer 3.0 IE 3.0 ships Jan 97 release beta1 with JScript with JScript 1.0 JScript and VBScript 2.0 1998 TC39 Technical Working Group ES3 Features not in pre-1998 browsers • Global undefined • try-catch-finally and exception objects • instanceof and in operators • Object.prototype methods: hasInstance, hasOwnProperty, isPrototypeOf, propertyIsEnumerable • toFixed, toExponential, toPrecision • URL handling functions • Unicode characters in identifiers • Basic I18N methods, toLocaleString, localeCompare, toLocaleLowerCase, toLocaleUpperCase, Date toLocaleDateString, toLocaleTimeString Classes kept fighting to get back in Presented at 1st TC39 meeting, November 1996Draft for ECMAScript 1st Edition, February 1997 .
Load more

Recommended publications
  • Differential Fuzzing the Webassembly
    Master’s Programme in Security and Cloud Computing Differential Fuzzing the WebAssembly Master’s Thesis Gilang Mentari Hamidy MASTER’S THESIS Aalto University - EURECOM MASTER’STHESIS 2020 Differential Fuzzing the WebAssembly Fuzzing Différentiel le WebAssembly Gilang Mentari Hamidy This thesis is a public document and does not contain any confidential information. Cette thèse est un document public et ne contient aucun information confidentielle. Thesis submitted in partial fulfillment of the requirements for the degree of Master of Science in Technology. Antibes, 27 July 2020 Supervisor: Prof. Davide Balzarotti, EURECOM Co-Supervisor: Prof. Jan-Erik Ekberg, Aalto University Copyright © 2020 Gilang Mentari Hamidy Aalto University - School of Science EURECOM Master’s Programme in Security and Cloud Computing Abstract Author Gilang Mentari Hamidy Title Differential Fuzzing the WebAssembly School School of Science Degree programme Master of Science Major Security and Cloud Computing (SECCLO) Code SCI3084 Supervisor Prof. Davide Balzarotti, EURECOM Prof. Jan-Erik Ekberg, Aalto University Level Master’s thesis Date 27 July 2020 Pages 133 Language English Abstract WebAssembly, colloquially known as Wasm, is a specification for an intermediate representation that is suitable for the web environment, particularly in the client-side. It provides a machine abstraction and hardware-agnostic instruction sets, where a high-level programming language can target the compilation to the Wasm instead of specific hardware architecture. The JavaScript engine implements the Wasm specification and recompiles the Wasm instruction to the target machine instruction where the program is executed. Technically, Wasm is similar to a popular virtual machine bytecode, such as Java Virtual Machine (JVM) or Microsoft Intermediate Language (MSIL).
    [Show full text]
  • Oral History of Winifred Mitchell Baker
    ........ Computer • History Museum Oral History of Winifred Mitchell Baker Interviewed by: Marc Weber Recorded: December 10, 2014 Mountain View, California CHM Reference number: X7311.2015 © 2015 Computer History Museum Oral History of Winifred Mitchell Baker Marc Weber: I'm Marc Weber of the Computer History Museum. And I'm here with Mitchell Baker, Chairwoman of Mozilla. Thank you so much for doing this interview. Winifred Mitchell Baker: Thanks, Marc. I'm happy to be here. The museum has been a bright spot for a long time, so I'm honored as well. Weber: Thank you. As am I. So start with a bit of your background. What is your full name? And when and where were you born? Baker: My full name is Winifred Mitchell Baker. My mom was a little eccentric though, and she never wanted me to use Winifred. So it's my first name. But in her mind, I was always Mitchell. So that's what I go by. And I was born in Berkeley in California in 1959. Weber: And tell me a little bit about your family and where you grew up. Baker: I grew up in Oakland, so the East Bay across from San Francisco. It borders Berkeley. My parents were born and raised on the East Coast and moved west, as people did in the '50s, where it seemed [like] starting a new life. They were each eccentric. And each had their own view of their world and really clear opinions. And I think some of that has rubbed off actually. Weber: So eccentric in what way? What did they do? Baker: Well, my dad was a classic entrepreneur.
    [Show full text]
  • Rich Media Web Application Development I Week 1 Developing Rich Media Apps Today’S Topics
    IGME-330 Rich Media Web Application Development I Week 1 Developing Rich Media Apps Today’s topics • Tools we’ll use – what’s the IDE we’ll be using? (hint: none) • This class is about “Rich Media” – we’ll need a “Rich client” – what’s that? • Rich media Plug-ins v. Native browser support for rich media • Who’s in charge of the HTML5 browser API? (hint: no one!) • Where did HTML5 come from? • What are the capabilities of an HTML5 browser? • Browser layout engines • JavaScript Engines Tools we’ll use • Browsers: • Google Chrome - assignments will be graded on Chrome • Safari • Firefox • Text Editor of your choice – no IDE necessary • Adobe Brackets (available in the labs) • Notepad++ on Windows (available in the labs) • BBEdit or TextWrangler on Mac • Others: Atom, Sublime • Documentation: • https://developer.mozilla.org/en-US/docs/Web/API/Document_Object_Model • https://developer.mozilla.org/en-US/docs/Web/API/Canvas_API/Tutorial • https://developer.mozilla.org/en-US/docs/Web/JavaScript/Guide What is a “Rich Client” • A traditional “web 1.0” application needs to refresh the entire page if there is even the smallest change to it. • A “rich client” application can update just part of the page without having to reload the entire page. This makes it act like a desktop application - see Gmail, Flickr, Facebook, ... Rich Client programming in a web browser • Two choices: • Use a plug-in like Flash, Silverlight, Java, or ActiveX • Use the built-in JavaScript functionality of modern web browsers to access the native DOM (Document Object Model) of HTML5 compliant web browsers.
    [Show full text]
  • Flash Player and Linux
    Flash Player and Linux Ed Costello Engineering Manager Adobe Flash Player Tinic Uro Sr. Software Engineer Adobe Flash Player 2007 Adobe Systems Incorporated. All Rights Reserved. Overview . History and Evolution of Flash Player . Flash Player 9 and Linux . On the Horizon 2 2007 Adobe Systems Incorporated. All Rights Reserved. Flash on the Web: Yesterday 3 2006 Adobe Systems Incorporated. All Rights Reserved. Flash on the Web: Today 4 2006 Adobe Systems Incorporated. All Rights Reserved. A Brief History of Flash Player Flash Flash Flash Flash Linux Player 5 Player 6 Player 7 Player 9 Feb 2001 Dec 2002 May 2004 Jan 2007 Win/ Flash Flash Flash Flash Flash Flash Flash Mac Player 3 Player 4 Player 5 Player 6 Player 7 Player 8 Player 9 Sep 1998 Jun 1999 Aug 2000 Mar 2002 Sep 2003 Aug 2005 Jun 2006 … Vector Animation Interactivity “RIAs” Developers Expressive Performance & Video & Standards Simple Actions, ActionScript Components, ActionScript Filters, ActionScript 3.0, Movie Clips, 1.0 Video (H.263) 2.0 Blend Modes, New virtual Motion Tween, (ECMAScript High-!delity machine MP3 ed. 3), text, Streaming Video (ON2) video 5 2007 Adobe Systems Incorporated. All Rights Reserved. Widest Reach . Ubiquitous, cross-platform, rich media and rich internet application runtime . Installed on 98% of internet- connected desktops1 . Consistently reaches 80% penetration within 12 months of release2 . Flash Player 9 reached 80%+ penetration in <9 months . YUM-savvy updater to support rapid/consistent Linux penetration 1. Source: Millward-Brown September 2006. Mature Market data. 2. Source: NPD plug-in penetration study 6 2007 Adobe Systems Incorporated. All Rights Reserved.
    [Show full text]
  • Maelstrom Web Browser Free Download
    maelstrom web browser free download 11 Interesting Web Browsers (That Aren’t Chrome) Whether it’s to peruse GitHub, send the odd tweetstorm or catch-up on the latest Netflix hit — Chrome’s the one . But when was the last time you actually considered any alternative? It’s close to three decades since the first browser arrived; chances are it’s been several years since you even looked beyond Chrome. There’s never been more choice and variety in what you use to build sites and surf the web (the 90s are back, right?) . So, here’s a run-down of 11 browsers that may be worth a look, for a variety of reasons . Brave: Stopping the trackers. Brave is an open-source browser, co-founded by Brendan Eich of Mozilla and JavaScript fame. It’s hoping it can ‘save the web’ . Available for a variety of desktop and mobile operating systems, Brave touts itself as a ‘faster and safer’ web browser. It achieves this, somewhat controversially, by automatically blocking ads and trackers. “Brave is the only approach to the Web that puts users first in ownership and control of their browsing data by blocking trackers by default, with no exceptions.” — Brendan Eich. Brave’s goal is to provide an alternative to the current system publishers employ of providing free content to users supported by advertising revenue. Developers are encouraged to contribute to the project on GitHub, and publishers are invited to become a partner in order to work towards an alternative way to earn from their content. Ghost: Multi-session browsing.
    [Show full text]
  • Behavioural Analysis of Tracing JIT Compiler Embedded in the Methodical Accelerator Design Software
    Scuola Politecnica e delle Scienze di Base Corso di Laurea Magistrale in Ingegneria Informatica Tesi di laurea magistrale in Calcolatori Elettronici II Behavioural Analysis of Tracing JIT Compiler Embedded in the Methodical Accelerator Design Software Anno Accademico 2018/2019 CERN-THESIS-2019-152 //2019 relatori Ch.mo prof. Nicola Mazzocca Ch.mo prof. Pasquale Arpaia correlatore Ing. Laurent Deniau PhD candidato Dario d’Andrea matr. M63000695 Acknowledgements Firstly, I would like to thank my supervisor at CERN, Laurent Deniau, for his daily support and his useful suggestions throughout the work described in this thesis. I would like to express my gratitude to both my university supervisors, Nicola Mazzocca and Pasquale Arpaia, for their helpfulness during this work and for their support during the past years at university. I feel privileged of being allowed to work with such inspiring mentors. This thesis would not have been possible without the help from the community of the LuaJIT project including all the useful insights contained in its mailing list, specially by its author, Mike Pall, who worked for many years accomplishing an amazing job. A special acknowledgement should be addressed to my family. I thank my father Guido and my mother Leda who guided me with love during my education and my life. I am grateful to my brother Fabio, my grandmother Tina, and my uncle Nicola, for their support during the past years. I also want to remember my uncle Bruno who inspired me for my academic career. I wish to express my deepest gratitude to Alicia for her unconditional encour- agement.
    [Show full text]
  • Mozilla Source Tree Docs Release 50.0A1
    Mozilla Source Tree Docs Release 50.0a1 August 02, 2016 Contents 1 SSL Error Reporting 1 2 Firefox 3 3 Telemetry Experiments 11 4 Build System 17 5 WebIDL 83 6 Graphics 85 7 Firefox for Android 87 8 Indices and tables 99 9 Localization 101 10 mach 105 11 CloudSync 113 12 TaskCluster Task-Graph Generation 119 13 Crash Manager 133 14 Telemetry 137 15 Crash Reporter 207 16 Supbrocess Module 211 17 Toolkit modules 215 18 Add-on Manager 221 19 Linting 227 20 Indices and tables 233 21 Mozilla ESLint Plugin 235 i 22 Python Packages 239 23 Managing Documentation 375 24 Indices and tables 377 Python Module Index 379 ii CHAPTER 1 SSL Error Reporting With the introduction of HPKP, it becomes useful to be able to capture data on pin violations. SSL Error Reporting is an opt-in mechanism to allow users to send data on such violations to mozilla. 1.1 Payload Format An example report: { "hostname":"example.com", "port":443, "timestamp":1413490449, "errorCode":-16384, "failedCertChain":[ ], "userAgent":"Mozilla/5.0 (X11; Linux x86_64; rv:36.0) Gecko/20100101 Firefox/36.0", "version":1, "build":"20141022164419", "product":"Firefox", "channel":"default" } Where the data represents the following: “hostname” The name of the host the connection was being made to. “port” The TCP port the connection was being made to. “timestamp” The (local) time at which the report was generated. Seconds since 1 Jan 1970, UTC. “errorCode” The error code. This is the error code from certificate veri- fication. Here’s a small list of the most commonly-encountered errors: https://wiki.mozilla.org/SecurityEngineering/x509Certs#Error_Codes_in_Firefox In theory many of the errors from sslerr.h, secerr.h, and pkixnss.h could be encountered.
    [Show full text]
  • A Rustic Javascript Interpreter CIS Department Senior Design 2015-2016 1
    js.rs { A Rustic JavaScript Interpreter CIS Department Senior Design 2015-2016 1 Terry Sun Sam Rossi [email protected] [email protected] April 25, 2016 Abstract trol flow modifying statements. We aimed for correctness in any language feature that JavaScript is an incredibly widespread lan- we implemented. guage, running on virtually every modern computer and browser, and interpreters such This project aimed for breadth of coverage: as NodeJS allow JavaScript to be used as a Js.rs supports more common language fea- server-side language. Unfortunately, modern tures at the cost of excluding certain edge implementations of JavaScript engines are cases. Additionally, Js.rs does not focus on typically written in C/C++, languages re- achieving optimal performance nor memory liant on manual memory management. This usage, as it is a proof-of-concept project. results in countless memory leaks, bugs, and security vulnerabilities related to memory mis-management. 2 Background Js.rs is a prototype server-side JavaScript in- 2.1 Rust terpreter in Rust, a new systems program- ming language for building programs with Rust is a programming language spear- strong memory safety guarantees and speeds headed by Mozilla. It is a general-purpose comparable to C++. Our interpreter runs programming language emphasizing memory code either from source files or an interac- safety and speed concerns. Rust's initial sta- tive REPL (read-evaluate-print-loop), sim- ble release (version 1.0) was released in May ilar to the functionality of existing server- 2015. side JavaScript interpreters. We intend to demonstrate the viability of using Rust to Rust guarantees memory safety in a unique implement JavaScript by implementing a way compared to other commonly used pro- core subset of language features.
    [Show full text]
  • Comparing Javascript Engines
    Comparing Javascript Engines Xiang Pan, Shaker Islam, Connor Schnaith Background: Drive-by Downloads 1. Visiting a malicious website 2. Executing malicious javascript 3. Spraying the heap 4. Exploiting a certain vulnerability 5. Downloading malware 6. Executing malware Background: Drive-by Downloads 1. Visiting a malicious website 2. Executing malicious javascript 3. Spraying the heap 4. Exploiting a certain vulnerability 5. Downloading malware 6. Executing malware Background: Drive-by Downloads Background: Drive-by Downloads Setup: Making the prototype null while in the prototype creates a pointer to something random in the heap. Background: Drive-by Downloads Environment: gc( ) is a function call specific to Firefox, so the attacker would want to spray the heap with an exploit specific to firefox. Background: Drive-by Downloads Obfuscation: If the browser executing the javascript it firefox,the code will proceed to the return statement. Any other browser will exit with an error due to an unrecognized call to gc( ). Background: Drive-by Downloads Download: The return will be to a random location in the heap and due to heap-spraying it will cause shell code to be executed. Background: Goal of Our Project ● The goal is to decode obfuscated scripts by triggering javascript events ● The problem is when triggering events, some errors, resulting from disparity of different engines or some other reasons, may occur and terminate the progress ● We need to find ways to eliminate the errors and Ex 1therefore generate more de-obfuscated scripts <script> function f(){ //some codes gc(); var x=unescape(‘%u4149%u1982%u90 […]’)); eval(x); } </script> Ex 2 <script type="text/javascript" src="/includes/jquery/jquery.js"></script> Project Overview - Part One ● Modify WebKit engine so that it can generate error informations.
    [Show full text]
  • 1. with Examples of Different Programming Languages Show How Programming Languages Are Organized Along the Given Rubrics: I
    AGBOOLA ABIOLA CSC302 17/SCI01/007 COMPUTER SCIENCE ASSIGNMENT ​ 1. With examples of different programming languages show how programming languages are organized along the given rubrics: i. Unstructured, structured, modular, object oriented, aspect oriented, activity oriented and event oriented programming requirement. ii. Based on domain requirements. iii. Based on requirements i and ii above. 2. Give brief preview of the evolution of programming languages in a chronological order. 3. Vividly distinguish between modular programming paradigm and object oriented programming paradigm. Answer 1i). UNSTRUCTURED LANGUAGE DEVELOPER DATE Assembly Language 1949 FORTRAN John Backus 1957 COBOL CODASYL, ANSI, ISO 1959 JOSS Cliff Shaw, RAND 1963 BASIC John G. Kemeny, Thomas E. Kurtz 1964 TELCOMP BBN 1965 MUMPS Neil Pappalardo 1966 FOCAL Richard Merrill, DEC 1968 STRUCTURED LANGUAGE DEVELOPER DATE ALGOL 58 Friedrich L. Bauer, and co. 1958 ALGOL 60 Backus, Bauer and co. 1960 ABC CWI 1980 Ada United States Department of Defence 1980 Accent R NIS 1980 Action! Optimized Systems Software 1983 Alef Phil Winterbottom 1992 DASL Sun Micro-systems Laboratories 1999-2003 MODULAR LANGUAGE DEVELOPER DATE ALGOL W Niklaus Wirth, Tony Hoare 1966 APL Larry Breed, Dick Lathwell and co. 1966 ALGOL 68 A. Van Wijngaarden and co. 1968 AMOS BASIC FranÇois Lionet anConstantin Stiropoulos 1990 Alice ML Saarland University 2000 Agda Ulf Norell;Catarina coquand(1.0) 2007 Arc Paul Graham, Robert Morris and co. 2008 Bosque Mark Marron 2019 OBJECT-ORIENTED LANGUAGE DEVELOPER DATE C* Thinking Machine 1987 Actor Charles Duff 1988 Aldor Thomas J. Watson Research Center 1990 Amiga E Wouter van Oortmerssen 1993 Action Script Macromedia 1998 BeanShell JCP 1999 AngelScript Andreas Jönsson 2003 Boo Rodrigo B.
    [Show full text]
  • Understanding and Mitigating Attacks Targeting Web Browsers
    Understanding and Mitigating Attacks Targeting Web Browsers A Dissertation presented in partial fulfillment of the requirements for the degree of Doctor of Philosophy in the field of Information Assurance by Ahmet Salih Buyukkayhan Northeastern University Khoury College of Computer Sciences Boston, Massachusetts April 2019 To my family, teachers and mentors. i Contents List of Figures v List of Tables vii Acknowledgments viii Abstract of the Dissertation ix 1 Introduction 1 1.1 Structure of the Thesis . .2 2 Background 4 2.1 Browser Extensions . .4 2.1.1 Firefox Extensions . .5 2.1.2 Extension Security . .7 2.2 Vulnerabilities in Web Applications . .9 2.2.1 Vulnerability Reward Programs and Platforms . .9 2.2.2 XSS Vulnerabilities . 10 2.2.3 XSS Defenses . 12 3 CrossFire: Firefox Extension-Reuse Vulnerabilities 14 3.1 Overview . 14 3.2 Threat Model . 15 3.3 Design . 16 3.3.1 Vulnerability Analysis . 17 3.3.2 Exploit Generation . 19 3.3.3 Example Vulnerabilities . 20 3.4 Implementation . 23 3.5 Evaluation . 23 3.5.1 Vulnerabilities in Top Extensions . 23 3.5.2 Random Sample Study of Extensions . 25 3.5.3 Performance & Manual Effort . 27 ii 3.5.4 Case Study: Submitting an Extension to Mozilla Add-ons Repository . 28 3.5.5 Jetpack Extensions. 30 3.5.6 Implications on Extension Vetting Procedures . 31 3.6 Summary . 31 4 SENTINEL: Securing Legacy Firefox Extensions 33 4.1 Overview . 33 4.2 Threat Model . 34 4.3 Design . 35 4.3.1 Intercepting XPCOM Operations . 36 4.3.2 Intercepting XUL Document Manipulations .
    [Show full text]
  • A Little on V8 and Webassembly
    A Little on V8 and WebAssembly An V8 Engine Perspective Ben L. Titzer WebAssembly Runtime TLM Background ● A bit about me ● A bit about V8 and JavaScript ● A bit about virtual machines Some history ● JavaScript ⇒ asm.js (2013) ● asm.js ⇒ wasm prototypes (2014-2015) ● prototypes ⇒ production (2015-2017) This talk mostly ● production ⇒ maturity (2017- ) ● maturity ⇒ future (2019- ) WebAssembly in a nutshell ● Low-level bytecode designed to be fast to verify and compile ○ Explicit non-goal: fast to interpret ● Static types, argument counts, direct/indirect calls, no overloaded operations ● Unit of code is a module ○ Globals, data initialization, functions ○ Imports, exports WebAssembly module example header: 8 magic bytes types: TypeDecl[] ● Binary format imports: ImportDecl[] ● Type declarations funcdecl: FuncDecl[] ● Imports: tables: TableDecl[] ○ Types memories: MemoryDecl[] ○ Functions globals: GlobalVar[] ○ Globals exports: ExportDecl[] ○ Memory ○ Tables code: FunctionBody[] ● Tables, memories data: Data[] ● Global variables ● Exports ● Function bodies (bytecode) WebAssembly bytecode example func: (i32, i32)->i32 get_local[0] ● Typed if[i32] ● Stack machine get_local[0] ● Structured control flow i32.load_mem[8] ● One large flat memory else ● Low-level memory operations get_local[1] ● Low-level arithmetic i32.load_mem[12] end i32.const[42] i32.add end Anatomy of a Wasm engine ● Load and validate wasm bytecode ● Allocate internal data structures ● Execute: compile or interpret wasm bytecode ● JavaScript API integration ● Memory management
    [Show full text]