Transparent Object Proxies for JavaScript

TL;DR

This paper explores the design of transparent proxies in JavaScript, proposing two implementations that maintain object identity for security and contract enforcement, with minimal performance impact.

Contribution

It introduces two novel transparent proxy designs requiring modest engine modifications, enabling identity preservation in JavaScript proxies for security and contract systems.

Findings

Modifications have no significant impact on JavaScript engine benchmarks.

Transparent proxies are essential for contract systems to function correctly.

Proposed designs are implemented in SpiderMonkey with practical evaluation.

Abstract

Proxies are the swiss army knives of object adaptation. They introduce a level of indirection to intercept select operations on a target object and divert them as method calls to a handler. Proxies have many uses like implementing access control, enforcing contracts, virtualizing resources. One important question in the design of a proxy API is whether a proxy object should inherit the identity of its target. Apparently proxies should have their own identity for security-related applications whereas other applications, in particular contract systems, require transparent proxies that compare equal to their target objects. We examine the issue with transparency in various use cases for proxies, discuss different approaches to obtain transparency, and propose two designs that require modest modifications in the JavaScript engine and cannot be bypassed by the programmer. We implement our designs in the SpiderMonkey JavaScript interpreter and bytecode compiler. Our evaluation shows that these modifications of have no statistically significant impact on the benchmark performance of the JavaScript engine. Furthermore, we demonstrate that contract systems based on wrappers require transparent proxies to avoid interference with program execution in realistic settings.