Favocado: Fuzzing The Binding Code Of JavaScript Engines .
Favocado: Fuzzing the Binding Code of JavaScriptEngines Using Semantically Correct Test CasesSung Ta Dinh , Haehyun Cho , Kyle Martin† , Adam Oest‡ , Kyle Zeng , Alexandros Kapravelos† , Gail-Joon Ahn § ,Tiffany Bao , Ruoyu Wang , Adam Doupé , and Yan Shoshitaishvili ArizonaState University, † North Carolina State University, ‡ PayPal, Inc., § Samsung Research {tdsung, haehyun, zengyhkyle, gahn, tbao, fishw, doupe, yans}@asu.edu† {kdmarti2, akaprav}@ncsu.edu, ‡ {aoest}@paypal.comAbstract—JavaScript runtime systems include some specialized programming interfaces, called binding layers. Bindinglayers translate data representations between JavaScript andunsafe low-level languages, such as C and C , by converting databetween different types. Due to the wide adoption of JavaScript(and JavaScript engines) in the entire computing ecosystem,discovering bugs in JavaScript binding layers is critical. Nonetheless, existing JavaScript fuzzers cannot adequately fuzz bindinglayers due to two major challenges: Generating syntactically andsemantically correct test cases and reducing the size of the inputspace for fuzzing.In this paper, we propose Favocado, a novel fuzzing approachthat focuses on fuzzing binding layers of JavaScript runtimesystems. Favocado can generate syntactically and semanticallycorrect JavaScript test cases through the use of extracted semanticinformation and careful maintaining of execution states. Thisway, test cases that Favocado generates do not raise unintendedruntime exceptions, which substantially increases the chance oftriggering binding code. Additionally, exploiting a unique feature (relative isolation) of binding layers, Favocado significantlyreduces the size of the fuzzing input space by splitting DOMobjects into equivalence classes and focusing fuzzing within eachequivalence class. We demonstrate the effectiveness of Favocadoin our experiments and show that Favocado outperforms a stateof-the-art DOM fuzzer. Finally, during the evaluation, we find 61previously unknown bugs in four JavaScript runtime systems(Adobe Acrobat Reader, Foxit PDF Reader, Chromium, andWebKit). 33 of these bugs are security vulnerabilities.I.I NTRODUCTIONThe use of JavaScript has expanded beyond web browsersinto the entire computing ecosystem as a general-purpose programming language. As a result, JavaScript engines are embedded in a variety of commercial software (e.g., Adobe Acrobatand Node.js). JavaScript engines often provide important functionality through a binding layer, which is usually implementedin unsafe languages such as C and C . While the JavaScriptengines are being heavily studied, fuzzed, and hardened, theirbinding layers are frequently overlooked. This is exemplifiedNetwork and Distributed Systems Security (NDSS) Symposium 202121-24 February 2021ISBN .23xxxwww.ndss-symposium.orgby the introduction of multiple JavaScript fuzzers over the pastfew years, none of which could be used to fuzz binding codein non-browser environments [24, 27, 29, 34, 37, 40, 41, 55, 56].However, due to the complexity in the implementation ofbinding layers in JavaScript engines, vulnerabilities in theselayers are not rare [11]. Therefore, there is a pressing needto design JavaScript fuzzers to efficiently fuzz JavaScript codeand effectively find bugs in these binding layers.Even without considering the binding layers, it is difficultto effectively fuzz JavaScript engines in the first place. Researchers found that for fuzzing JavaScript engines, the qualityof the initial fuzzing input (i.e., seeds) greatly impacts thefuzzing performance [44]. This is because JavaScript enginesdo not directly consume the user-provided JavaScript code.These engines will parse user input into an abstract syntax tree(AST) and then process the tree. User inputs that cannot betransformed into an AST are easily rejected. Hence, JavaScripttest cases generated by fuzzers that are unaware of JavaScriptspecifications are likely to be malformed and rejected beforebeing processed.To generate syntactically correct JavaScript code as testcases, modern JavaScript engine fuzzers use context-free grammars [8, 24, 29, 37, 57] or existing semantically correct testcases [27, 40, 55, 56]. However, only being syntactically correctis not enough for JavaScript engines to process a test case, asmany JavaScript statements have interdependent relationships.Failing to capture such relationships will lead to generatingsemantically incorrect code that raises runtime exceptionswhen being processed. While no JavaScript fuzzers generatefully semantically correct code as test cases, some fuzzers cangenerate test cases in a semantic-aware manner [27, 40, 56].However, the percentage of rejected test cases that are generated by these semantic-aware fuzzers is still a significantproblem.Unfortunately, existing fuzzers are likely to have a difficulttime generating test cases that can adequately fuzz JavaScriptbinding layers. As shown in Listing 1, a typical JavaScript testcase that triggers the execution of binding code once involvesat least two steps: (1) Creating the object and (2) setting aproperty of the object or calling a function of the object.Due to the excessive number of JavaScript exceptions thatrandomly generated test cases raise, it is practically impossiblefor existing fuzzers to generate legitimate JavaScript code that
12(e.g., Favocado is able to generate JavaScript statementsthat do not access previously deallocated objects).Reducing the size of the input space. Favocado excavatesrelations between binding objects from the collected semantic information. Then it separates all binding objectsinto multiple equivalence classes based on their relations.Finally, Favocado focuses on fuzzing JavaScript bindinglayer by each equivalence class.var cb Listing 1: An example JavaScript test case that triggers theexecution of binding code to check a checkbox.covers both steps. Not to mention, generating a sequence ofsuch snippets to execute binding code multiple times.To demonstrate the generality and effectiveness of Favocado,we thoroughly evaluate our prototype with different types ofbinding objects (PDF, Mojo, and DOM). These binding objectsare implemented in four different JavaScript runtime systems(Adobe Acrobat Reader, Foxit PDF Reader, Chromium, andWebKit). During our evaluation, Favocado finds 61 previouslyunknown bugs, which includes 33 severe security vulnerabilities. Our evaluation results show the effectiveness of Favocado,which outperforms the state-of-the-art DOM fuzzer, Domato.Another challenge for effectively fuzzing the binding layeris the enormous input space. There are many object types thatare accessible with JavaScript through the binding layer as aDocument Object Model (DOM) (e.g., in Chromium, there aremore than 1,000 DOM binding objects). Each DOM objectmay have a multitude of methods and properties, some ofwhich may require hard-to-satisfy arguments such as otherDOM objects. Creating all objects to enumerate all propertiesand manipulate all methods is simply infeasible. An effectivefuzzer that adequately fuzzes JavaScript binding code shouldbe aware of the unique features of this layer when generatingtest cases. With this embedded awareness built in, a fuzzer canoptimize test case generation by reducing the size of the inputspace.Contributions. This paper makes the following contributions: We propose Favocado, a novel approach for fuzzingbinding layers of JavaScript engines. Favocado generatessemantically correct JavaScript test cases based on extracted semantic information and tracking states mutation.Favocado also reduces the input space by being aware ofrelations between DOM objects. We implement a prototype of Favocado and thoroughlyevaluate it against real-world binding code in four different JavaScript runtime systems (Adobe Acrobat Reader,Foxit PDF Reader, Chromium, and WebKit) to demonstrate the effectiveness of Favocado. We also compareFavocado against Domato and show that Favocado outperforms Domato. We responsibly analyzed and disclosed all bugs found byFavocado that include 33 security vulnerabilities. By thetime of writing, 13 bugs have been assigned CVE entriesduring the responsible disclosure process.One unique feature of the JavaScript binding layer is therelative isolation of different DOM objects. Intuitively, different DOM objects (e.g., for Adobe Acrobat, spell.check()in its spell module and Net.HTTP.request() in itsNet.HTTP module) in the binding layer are implementedas separate native modules, unless an object defined inone module can be used by code in another module. AJavaScript test case that calls spell.check() beforeNet.HTTP.request() is essentially equivalent to anothertest case that calls the two methods in reverse order. We maydefine a DOM objects relation where an object can use anotherobject as a value to its properties or a parameter to its methods.Based on the relations between DOM objects, we may dividethe entire input space into equivalence classes. In our example, spell.check() and Net.HTTP.request() willfall into different equivalence classes. Object-relation-awarefuzzers may only mutate DOM objects within each equivalenceclass. This greatly reduces the size of the input space. ExistingJavaScript fuzzers are not aware of the isolation of differentDOM objects, which makes them unsuitable for adequatelyfuzzing the JavaScript binding layer.To foster further research, we open source the prototype ofFavocado that we developed as part of our research. Therepository is at In this section, we present the background of the JavaScriptbinding code fuzzing problem. We will introduce JavaScriptbinding code, the terms used in the paper, as well as previousrelated work on fuzzing JavaScript engines and the bindingcode.In this paper, we propose a novel fuzzing approach, codenamed Favocado, that focuses on finding vulnerabilities inthe binding layers of JavaScript engines. Favocado tackles theaforementioned challenges by (1) generating syntactically andsemantically correct test cases to eliminate runtime exceptionsand (2) generating object-relation-aware test cases to significantly reduce the large input space.A. Binding CodeJavaScript is a dynamic high-level programming languageinterpreted by JavaScript engines (e.g., Chrome V8, SpiderMonkey, and Chakra). Currently, the use of JavaScript is notlimited in implementing interactive web pages; it is also usedas a general-purpose programming language in both browsersand many software systems (e.g., Adobe Acrobat Reader).For example, applications such as Adobe Acrobat, Blink, andPDFium utilize JavaScript engines to provide dynamic/interactive content through JavaScript code embedded in PDFdocuments. Because JavaScript cannot be used to directlyimplement low-level functionalities (e.g., memory managementGenerating semantically correct test cases. Favocado collects semantic information of binding interfaces by analyzing existing JavaScript API references and Interface Definition Language (IDL) files. IDL files defineinterfaces within binding code that are accessible toJavaScript. Additionally, Favocado manages states duringmutation to ensure the following correctness in semantics:All generated JavaScript statements may only access objects, properties, and methods that are currently available2
JavaScriptJS Enginefinding vulnerabilities only within their scopes. On the otherhand, albeit fuzzing has been proven practical for discoveringvulnerabilities in software, existing JavaScript fuzzers are notpractical in terms of fuzzing binding code.Binding CodeB. TerminologyJS Runtime SystemThroughout this paper, we use the term semantics/semanticinformation of binding code to refer to static type signaturesof all methods and objects in binding code that JavaScriptcan access to. In addition, we use the term semanticallycorrect test case to refer to JavaScript statements that use (1)correct semantic information of binding code and (2) validlanguage semantics in the execution context (i.e., correctlyusing previously defined variables based on their types). Forexample, the Line 2 of Listing 1 is semantically correctbecause the cb variable is pointing to the CheckBox typeobject that has the checkThisBox method. Also, it uses thecorrect types of arguments for calling the method.Fig. 1: Binding code is used to extend functionalitiesof JavaScript by translating data representations betweenJavaScript and native code.and file access), those functions are implemented in unsafelanguages (e.g., C and C ) in JavaScript engines to enablethe extensive use.To use such additional functionalities, JavaScript runtimesystems have binding code, which is a native componentof JavaScript engines as shown in Figure 1. Binding codetranslates data representations: It creates and maps necessarydata types between JavaScript and native code. Native functions implemented in binding code provide JavaScript objectsby defining them through an interface definition language(IDL). When JavaScript creates such objects, binding codedynamically generates corresponding native data formats andtypes them with JavaScript variables. Then scripts can callnative functions or control data of native components. Forexample, in browsers, the DOM is a programming interfacefor controlling HTML documents (web pages). The DOMprovides DOM objects as a programming interface so thatJavaScript can easily manipulate the structures and styles ofa document and its elements. On the other hand, the DOMinternally implements logical data structures of a documentand functions in a low-level language that defines how adocument can be accessed and changed by JavaScript. However, unfortunately, during the translation process, type-, andmemory-safety features of JavaScript cannot be interpreted.Binding code is implemented in low-level unsafe languagesand vulnerabilities are not rare [11].C. Fuzzing JavaScript EnginesDue to the high severity of vulnerabilities in JavaScriptruntime environments, a number of research work have attempted to fuzz JavaScript engines for finding vulnerabilities [24, 27, 29, 34, 37, 40, 41, 55, 56]. For fuzzing JavaScriptengines, most research work have focused on generatingsyntactically valid JavaScript test cases [24, 29, 37, 41, 55].Despite their successful fuzzing efforts, they did not considerJavaScript semantics, and thus, could not generate test caseseffectively—many test cases merely end up as JavaScriptruntime errors [27, 56]. Skyfire [56] was proposed to generatetest cases through the probabilistic context-sensitive grammarthat defines syntax features and semantic rules by learningfrom existing samples. CodeAlchemist [27] was proposed togenerate semantically-aware JavaScript code by using smallcode blocks collected from a large corpus. Unfortunately, thereis no JavaScript engine fuzzer that can generate semanticallycorrect test cases all the time.Recently proposed JavaScript engine fuzzers tried to reducethe input space. DIE [40] has proposed two mutation strategies,structure-preserving mutation and type-preserving mutation.They, also, reduce the input space by utilizing known proofof concept (PoC) exploits or existing test cases. Montage [34]showed its outperformed efficacy by leveraging a neural network language model (NNLM) to generate test cases based oncode fragments of previously reported vulnerabilities, similarto DIE. Their (DIE and Montage) design choice allowed themto overcome the fundamental limitation of other JavaScriptengine fuzzers: simply producing generic test cases is notreally effective to find vulnerabilities in JavaScript enginesbecause of the huge search space.A vulnerability in binding code can be a serious security threat because “JavaScript is everywhere.” As an example, PDFium is a PDF document rendering module ofChrome browser and Foxit PDF reader, which is bound withV8 engine to support customizing PDF documents throughJavaScript code embedded in PDFs. If there exists an exploitable JavaScript binding bug within a PDF reader, thennot only is the standalone application vulnerable but also webbrowsers and other PDF readers that include this binding codeas a component. Therefore, binding code must execute thetranslation process with rigorous principles to prevent securityviolations which frequently happens and makes JavaScriptcode exploitable [11].D. Fuzzing the Binding Code of JavaScript Runtime SystemsWhile many research projects have been attempting to fuzzthe core of JavaScript engines for discovering vulnerabilities,the binding code area of JavaScript engines has not beenextensively explored yet in the context of fuzzing. A coupleof fuzzers such as Domato and DOMFuzz (deprecated) havebeen used for fuzzing the Document Object Model (DOM)which is a widely used programming interface (binding code)To detect security flaws in binding layers, many researchworks have been proposed [11, 12, 22, 33, 35, 36, 53, 54]. Theyhave focused on bugs that occur when binding code omitsnecessary checks, violates data translation rules, and mishandles exceptions through various static analysis approachesand a dynamic bug detector. However, these solutions havelimited applications and scopes, and thus, are limited in3
in browsers for accessing a document on the web fromJavaScript [21, 45].JavaScriptDomato revealed some severe vulnerabilities from DOMobjects of web browsers. However, it relied on manual development of a grammar, detail specifications for invokingeach method and assigning objects to properties of each object,to generate test cases. Therefore, Domato cannot avoid hugemanual efforts to create a grammar file for fuzzing eachbinding code (they implemented a grammar file for fuzzingDOM objects with 5.6K LoC). Additionally, Domato lacksthe ability to generate semantically correct test cases. Weneed a binding code fuzzer that can perform semanticallycorrect fuzzing and can minimize manual efforts for extractingcomplete semantics of targeted binding code so that it can beused for fuzzing any binding code in a general manner.SyntaxParserSource codeAbstract Syntax TreeStoreLoadExecutionExecution ContextFig. 2: JavaScript engines first parse source code to an AST.Then, they execute it, managing the execution context information dynamically.E. JavaScript Engine Fuzzers for Binding Code.JavaScript engine fuzzers such as DIE [40] and Montage [34] utilize PoCs of known vulnerabilities and regressiontest cases because such PoCs or test suite are specially designed for exploiting specific features of a JavaScript engine.Therefore, by utilizing them, fuzzers can effectively generatetest cases for exploring distinct and complex execution paths.However, for finding bugs in binding code, we need to testa series of various JavaScript statements setting propertiesand invoking APIs with correct semantics, which does notrequire complex syntactics or code patterns learned from testsuites. Thus, generating test cases syntactically similar tosuch existing PoC exploits is not an effective way to findvulnerabilities in binding code.with JavaScript code requires allocating (define) a bindingobject, assigning a specific value to a property, and calling amethod with correct-type arguments. Therefore, without accurate semantic information of targeted binding code, we cannotgenerate test cases for fuzzing binding code. Also, we needan automated approach that constructs semantic informationof targeted binding code to avoid manual development.Next, generating syntactically valid test cases is not only aprerequisite but we also need to generate semantically correcttest cases for maximizing the effectiveness of fuzzing againstbinding code. We note that semantically correct test cases standfor JavaScript statements that have valid semantics of targetedbinding code (e.g., correct use of method names, argumenttypes, and return type of binding code) as well as valid runtimesemantics (e.g., correct use of previously defined variablesand objects based on their types). Invalid test cases, whichcause runtime errors (syntax, reference, type, and range errors)in the middle of execution, seriously impede the progressof fuzzing. Unfortunately, state-of-the-art JavaScript enginefuzzers introduce high error rates of test cases [27, 34, 40, 45].Also, Domato, a binding code fuzzer leveraging context-freegrammars, cannot consistently generate semantically correcttest cases [21].CodeAlchemist [27], a state-of-the-art semantics-awarefuzzer, proposed an approach to create more semanticallyvalid test cases. However, their evaluation results showed thatonly less than 20% of test cases which have more than 5statements executed without raising any runtime error [27].We provide experimental results regarding the availability ofCodeAlchemist as a binding code fuzzer in Section V-B.On the other hand, mutational fuzzers using context-freegrammars such as Superion [57] and Nautilus [8] requires welldeveloped grammars. Therefore, those fuzzers have the samelimitations as the existing binding code fuzzers.III.Figure 2 illustrates how a JavaScript engine executesJavaScript code. To execute JavaScript code, JavaScript engines first generate an Abstract Syntax Tree (AST) by parsingthe source code through a syntax parser. If the syntax of thecode is not correct, it will not generate AST or execute thesource code. Then, the JavaScript engine starts to execute thecode within the execution context that controls the scope ofthe code and contains up-to-date information of the currentprogram state. The JavaScript engine dynamically manages theexecution context. If a statement accesses a variable that isout of the scope or an object that has been deallocated, theJavaScript engine raises a runtime error and stops executingthe code.OVERVIEWFuzzing JavaScript engine and binding code faces two major challenges: (1) generating semantically correct test cases,and (2) reducing the size of the input space. These challengesare not unique to fuzzing JavaScript engines. In fact, they areprevalent in fuzzers for programs that take highly structuredtest cases as input. In this section, we first describe thesechallenges in detail for fuzzing binding code. We then discusswhy they must be tackled (Section III-A) and provide a highlevel overview of how Favocado addresses these challenges(Section III-B).We should generate and execute JavaScript statementsincluding method calls for fuzzing binding code because eachbug in binding code can only be discovered by executinga series of JavaScript statements accessing binding objects.Hence, a fuzzer needs to input many JavaScript statementsA. Requirements for Fuzzing Binding Code1) Semantically Correct Test Cases: First of all, for fuzzingbinding code of JavaScript engines, we should have completesemantics of targeted binding code. Fuzzing binding code4
IDL filesinterface INTERFACE NAME {const unsigned long value 12345;attribute Node node;void func(long argument, .);};API referencesClass: DocMethod: addIconParameters:cName — The name of the new objecticon — The Icon object to addSemantic InformationBinding objects["object"] {"properties": {"prop1":{"read only":"None", "type": "boolean"}},"methods":{"func":[{"exception":0, "num arg":1,"args":{"arg0":"DOMString"},}],},"has parent":1,"p typename":"parent object type"}Test case Generator nContextinformationGenerate test cases obj. method (args)Execute test casesFuzzing: run fuzz.jsFig. 3: The overview of Favocado. After extracting semantic information of binding objects, Favocado starts to fuzz bindingcode inside the target JavaScript runtime system with syntactically and semantically correct test cases.at once as a basic testing unit for fuzzing. If a test casecontains a semantically incorrect statement, the test case hasto stop executing and retire—fuzzers cannot evaluate the testcase where security vulnerabilities may exist because of suchinvalid JavaScript statements. Consequently, to achieve highlyeffective fuzzing on JavaScript binding code, it is critical toprevent runtime errors by carefully generating semanticallycorrect JavaScript statements that do not transgress the execution context.starts fuzzing by executing the test case generator on a targetJavaScript runtime system. The test case generator randomlyselects a JavaScript statement format among predefined statement formats that include statements defining objects, callingmethods, assigning values to properties, and so forth as shownin Figure 5. It, then, uses the semantic information of bindingcode and context information of a fuzzing process (i.e., theruntime semantics of test cases such as a list of previouslydefined variables with their types) to complete a statement,preventing unexpected runtime errors. As an example, whenFavocado constructs a statement such as car.drive(man),Favocado checks whether the man object has been properlydefined or not. In addition, even though Favocado knows thatthe object has been previously defined, it checks whetherthe object is still alive and accessible. This is because, forexample, runtime errors can occur when a statement accessesan object after invoking a method that deallocates the objectsuch as removechild. If the object was deallocated by suchmethods, Favocado creates the object again and executes theconstructed statement, thus avoiding a runtime error. It alsoremembers the variable name pointing to the newly definedobject for later use. We discuss our test case generationmechanism in detail in Section IV-B.2) Reducing the Size of the Input Space: A large inputspace severely hinders the effectiveness of fuzzing. Thus,we need to reduce the size of the input space of bindingcode [34, 40]. Recent JavaScript engine fuzzers utilize existingtest cases or PoC exploits of previous vulnerabilities to learntheir syntax so that they can reduce the input space and quicklytraverse complex execution paths [27, 34, 40]. The input spaceof binding code is huge, but our goal is not only covering deepexecution paths. When fuzzing binding code, we need to focuson generating various method call sequences and changingarguments and properties of binding objects, which is moreimportant than exploring deep execution paths. Therefore, wedo not leverage an existing test suite or PoCs of previousvulnerabilities for reducing the input space similar to the recentJavaScript engine fuzzers.Furthermore, Favocado divides an input space to increasethe effectiveness of fuzzing binding code. Specifically, to dealwith the large input space, Favocado randomly selects severalbinding objects for a single fuzzing process to focus only onthem and runs multiple fuzzing instances concurrently. WhenFavocado selects binding objects, it considers relationships ofobjects so that objects related to each other can be fuzzedtogether (discussed in Section IV-B).B. Our ApproachOur goal is to achieve the two requirements discussed inSection III-A.Favocado first parses semantic information from the Interface Definition Language (IDL) files or API references.For constructing complete semantic information of targetedbinding code, Favocado parses IDL files when source codeis available. If source code is not publicly opened, we needto use API reference manuals (e.g., JavaScript for AcrobatAPI reference [7]). By parsing IDL files or API references,Favocado obtains semantic information of binding objects(their methods with arguments, and their properties), whichinclude exact types and possible values (discussed in Section IV-A). Extracted semantic information can directly beused for generating test cases.In summary, Favocado can fuzz any type of binding codein a general manner with syntactically and semantically correcttest cases, preventing runtime errors (not wasting any test case,except for when it is intentionally generating erroneous statements for finding bugs). It is worth noting that the design ofFavocado is not limited to fuzzing binding code of JavaScriptengines. We believe our approach can also be used for fuzzingbinding code of the other scripting languages.IV.Next, Favocado generates a JavaScript file (a test casegenerator) with the semantic information of binding code andD ESIGNIn this section, we describe the design of Favocado.Favocado consists of two parts: (1) semantic information5
construction (Section IV-A) and (2) dynamic error-safe testcase generator (Section IV-B). Figure 3 illustrates the overviewof Favocado design: After extracting semantic informationof binding objects, it starts fuzzing binding code inside atarget runtime system, dynamically generating syntacticallyand semantically correct test cases.123456789A. Semantic Information Construction1011Favocado relies on the semantic information extracted fromeither IDL files or JavaScript API references of software systems. Specifically, Favocado parses the following information.12131415Binding objects["HTMLDialogElement"] {"properties":{"open":{"read only":"None", "type":"boolean"},"returnValue":{"read only":"None", n":0, l":{"exception":1, "numarg":0,"args":{},},"show":{"exception":0, "numarg":0,"args":{},}},"has parent":1,"p typename":"HTMLElement"}(1) Binding object names. Favocado records a name of eachobject, and a name of a parent object if the object has aparent to check whether an object has inherited methodsor properties.(2) Binding object methods. Favocadoobtainseachmethod’s name and all arguments’ exact types togenerate a valid method call statement. Also, Favocadochecks whether or not a method can raise an exceptionto handle it. A return type of a method is decided aswell.(3) Binding object properties. Favocado parses a name,type, and possible string values
related work on fuzzing JavaScript engines and the binding code. A. Binding Code JavaScript is a dynamic high-level programming language interpreted by JavaScript engines (e.g., Chrome V8, Spider-Monkey, and Chakra). Currently, the use of JavaScript is not limit
Fuzzing for Software Security Testing and Quality Assurance Media whore. Overview The fuzzing setup Fuzzing PDF's, Preview and Adobe Acrobat Reader Fuzzing PPT's, OpenOffice and MS PowerPoint Fuzzing "truths" revealed. About this talk Most fuzzing talks take one of two forms
May 02, 2018 · D. Program Evaluation ͟The organization has provided a description of the framework for how each program will be evaluated. The framework should include all the elements below: ͟The evaluation methods are cost-effective for the organization ͟Quantitative and qualitative data is being collected (at Basics tier, data collection must have begun)
Silat is a combative art of self-defense and survival rooted from Matay archipelago. It was traced at thé early of Langkasuka Kingdom (2nd century CE) till thé reign of Melaka (Malaysia) Sultanate era (13th century). Silat has now evolved to become part of social culture and tradition with thé appearance of a fine physical and spiritual .
On an exceptional basis, Member States may request UNESCO to provide thé candidates with access to thé platform so they can complète thé form by themselves. Thèse requests must be addressed to esd rize unesco. or by 15 A ril 2021 UNESCO will provide thé nomineewith accessto thé platform via their émail address.
̶The leading indicator of employee engagement is based on the quality of the relationship between employee and supervisor Empower your managers! ̶Help them understand the impact on the organization ̶Share important changes, plan options, tasks, and deadlines ̶Provide key messages and talking points ̶Prepare them to answer employee questions
Dr. Sunita Bharatwal** Dr. Pawan Garga*** Abstract Customer satisfaction is derived from thè functionalities and values, a product or Service can provide. The current study aims to segregate thè dimensions of ordine Service quality and gather insights on its impact on web shopping. The trends of purchases have
Chính Văn.- Còn đức Thế tôn thì tuệ giác cực kỳ trong sạch 8: hiện hành bất nhị 9, đạt đến vô tướng 10, đứng vào chỗ đứng của các đức Thế tôn 11, thể hiện tính bình đẳng của các Ngài, đến chỗ không còn chướng ngại 12, giáo pháp không thể khuynh đảo, tâm thức không bị cản trở, cái được
language classes (and be honest, did you actually learn all that much in there?). There are now many different online lessons and tutorials to help you become proficient in the language of your choice. FluentU stands out among language learning websites, thanks to the huge range of learning opportunities it provides. 5 The Complete Guide to Foreign Language Immersion. FluentU takes real-world .
