Lya is a coarse-grained dynamic analysis framework that interposes at the boundaries of libraries within an application. It is useful for both industrial users and academic researchers working with programs (i) that use many small libraries often written in functional style, and (ii) with significant dynamic behaviors – e.g., runtime code evaluation, dynamic loading, and runtime reflection. Lya enables concise analyses targeting JavaScript libraries and multi-library programs to extract information or enforce invariants. Examples include identifying security vulnerabilities, highlighting performance bottlenecks, and applying corrective actions.

The tutorial consists of three parts. The first part provides an overview of Lya, including a comparison with more conventional approaches to dynamic analysis. The second part is a hands-on session of applying built-in analyses to real libraries, including configuration parameters targeting their granularity. The third part is a live coding session focused on building an analysis – we use Lya’s interfaces to build one of the aforementioned analyses from scratch.