Library-oriented Dynamic Program Analysis for JavaScript

Mailing lists: Commits | Discussion

What's Lya?

Lya is a coarse-grained dynamic analysis framework that bolts onto a conventional production runtime as a library.
Coarse-grained means that analyses with less detail than conventional frameworks but operates at a much lower overhead—enabling always-on operation on production environments.
Despite operating at a coarser-than-typical granularity, it still allows for useful analyses.
Examples include identifying security vulnerabilities, highlighting performance bottlenecks, and applying corrective actions.

Who should be interested?

Programmers interested in Lya fall under two categories. The first is
programmers who want to use one of the available analyses to gain insight into
their application. These can install and configure Lya with an existing
analysis—for more information see how to use lya below.

The second is programmers who want to write their own analyses, achievable by
providing a few methods and parameters; in our experience, powerful analyses can
be expressed in only a few lines of code—for more info, see how to write an
analysis below.

Installation

Lya runs best with __Node v8.9.4__. You can use nvm (macOS/Linux)
to switch Node versions between different projects.

$3

``Shell
npm i @andromeda/lya --save-dev
`

If you want to install globally, so as to analyzing any program or library in the system, replace --save-dev with -g.

$3


`Shell
git clone https://github.com/andromeda/lya/
cd lya
npm install
`

$3

`Shell
docker run -it gntousakis/lya:1.0.0

Inside the container

cd home/lya/
`

Quick Start

#### How to Use Lya?

Then, add lya _as a first import at the top-level file_ in your project—that
is, almost always Lya has to be the first package to be loaded. One can
configure several parameters, including use any of the predefined list of
analyses. For example:

`JavaScript
let lya = require("@andromeda/lya");
let conf = {
analysis: lya.preset.ON_OFF,
saveResults: require("path").join(__dirname, "dynamic.json"),
};
lya.configRequire(require, conf);
require("./main.js");
`

The configuration above first configures running the ON_OFF analysis, and saves the results in ./dynamic.json.
For more configuration options and details, see the configuration docs.

#### How to Create a New Analysis?

Lya expects the developer of a new analysis to provide a few methods that Lya
will hook across all modules. It supports several methods, but a useful analysis
can be written with any subset of them. Example methods include sourceTransform, onImport, and onRead`.
Their details are provided in doc.

Docs

* ICFP Tutorial Material
* Configuring and Using Lya
* Developing Analyses
* Contributing