Skip to content
/ ExpoSE Public

A Dynamic Symbolic Execution (DSE) engine for JavaScript. ExpoSE is highly scalable, compatible with recent JavaScript standards, and supports symbolic modelling of strings and regular expressions.

License

MIT license
176 stars 32 forks Branches Tags Activity
Star
Notifications

ExpoSEJS/ExpoSE

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1,151 Commits

Analyser

Analyser

 
 

Browser

Browser

 
 

Distributor

Distributor

 
 

Tester

Tester

 
 

lib

lib

 
 

scripts

scripts

 
 

tests

tests

 
 

.dockerignore

.dockerignore

 
 

.eslintignore

.eslintignore

 
 

.eslintrc.json

.eslintrc.json

 
 

.gitignore

.gitignore

 
 

.npmrc

.npmrc

 
 

.nvmrc

.nvmrc

 
 

.travis.yml

.travis.yml

 
 

Dockerfile

Dockerfile

 
 

LICENSE.md

LICENSE.md

 
 

README.md

README.md

 
 

expoSE

expoSE

 
 

install

install

 
 

package.json

package.json

 
 

Repository files navigation

ExpoSE

ExpoSE is a dynamic symbolic execution engine for JavaScript, developed at Royal Holloway, University of London by Blake Loring, Duncan Mitchell, and Johannes Kinder (now at LMU Munich). ExpoSE supports symbolic execution of Node.js programs and JavaScript in the browser. ExpoSE is based on Jalangi2 and the Z3 SMT solver.

Requirements

Requires node version v14.16.1 (other versions may work but are not tested), npm, clang (with clang++), gnuplot (for coverage graphs), make, python (Python 3).

mitmproxy (Depends libxml2-dev, libxslt-dev, libssl-dev) is required for electron analysis.

Installation

Execute ./install inside the ExpoSE directory for a clean installation.

Complete instructions (including installing Node.js and NPM using fnm)

curl -fsSL https://fnm.vercel.app/install | bash
eval $(fnm env)
fnm install 14.16.1
fnm use 14.16.1
./install
./expoSE ./tests/numbers/infoflow

ExpoSE CLI

Alternatively, you can invoke ExpoSE directly via the expoSE command line interface.

Example:

$ expoSE ./tests/numbers/infoflow

Valid Options:

  • replay - Replay a test case with a specific input.
  • ahg - Automatically generate a generic test harness for a specified NPM library.

ExpoSE Browser Support

There is limited support for symbolic execution of webpages through a custom Electron based web browser. To execute ExpoSE on a website you use the same arguments as the CLI. Note: This also requires python3 and a modern version of mitmproxy to function correctly.

$ expoSE "https://google.com"

Configuration

ExpoSE is configured via environment variables. All work both with the ExpoSE GUI and ExpoSE CLI. Typically these can be set from a terminal by writing a command such as

$ EXPOSE_LOG_LEVEL=1 expoSE target/hello.js
  • EXPOSE_MAX_TIME - The time (in milliseconds) to limit the total execution
  • EXPOSE_TEST_TIMEOUT - The time (in milliseconds) a test case can run for before being timed out
  • EXPOSE_PRINT_COVERAGE - Print out the files checked by an analysis and show the lines which where explored by the analyzer
  • EXPOSE_PRINT_PATHS - Print the output of each test case to stdout
  • EXPOSE_LOG_LEVEL - Level from 0 (None) to 3 (High)
  • EXPOSE_MAX_CONCURRENT - The maximum number of test cases that can run concurrently
  • RECOMPILE - Force ExpoSE to rebuild before executing scripts

NOTE: To improve performance logging instructions are removed from the output at compile time and so will not be updated if NO_COMPILE is set.

Publications

About

A Dynamic Symbolic Execution (DSE) engine for JavaScript. ExpoSE is highly scalable, compatible with recent JavaScript standards, and supports symbolic modelling of strings and regular expressions.

Topics

javascript unit-testing symbolic-execution programming-languages program-analysis software-testing bug-fixing

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

176 stars

Watchers

10 watching

Forks

32 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 7

Languages