NAB is a novel, distributed infrastructure for massive dynamic program analysis (DPA) on code repositories hosting open-source projects, which may be implemented in different programming languages.
NAB resorts to containerization for efficient DPA parallelization (fundamental to obtain analysis results in
reasonable timeframes), sandboxing (to isolate buggy or malicious code) and for simplifying the deployment on clusters or in the Cloud. NAB features both crawler and analyzer components, which are deployed in lightweight containers that can be efficiently replicated. Moreover, NAB supports different build systems, testing frameworks, runtimes for multilanguage support, and can easily integrate existing DPA tools. To the best of our knowledge,
NAB is the first scalable, container-based infrastructure for automated, massive DPA on open-source projects, supporting multiple programming languages.
Downloads
An evaluation version of NAB is available here. The prototype also includes:
– DeepPromise: a DPA to analyze the usage of the Promise API in Node.js projects.
– A recast version of JITProf running on NodeProf: a DPA to detect the presence of JIT-unfriendly code patterns in Node.js projects.
Key Publications
[1] Alex Villazón, Haiyang Sun, Andrea Rosà, Eduardo Rosales, Daniele Bonetta, Isabella Defilippis, Sergio Oporto, Walter Binder: Automated Large-Scale Multi-Language Dynamic Program Analysis in the Wild. ECOOP 2019: 20:1-20:27 [pdf][video][slides]
Other Resources
[a] Poster presented at SPLASH’19