modern type systems for dynamic languages ravi chugh

ModernType Systems for

Dynamic Languages

Ravi Chugh

Web Platform

ScriptingLanguages

Untrusted

Web Platform

Goal: Rigorous Foundations

Untrusted

ScriptingLanguages

+ Logic

<html>

</html>

Username

Password

Web Page = Static HTMLWeb Page + LinksWeb Page + Client-Side Code

loginButton.onclick = function () {

if (passwordBox.value == “”) {

alert(“Enter password!”);

} else {

</script>

… an easy-to-use “scripting language”as a companion to Java

No Static Types

“Dynamic” Features Make itEasy to Experiment…

Brendan Eich,JavaScript creator

2014Asked whether Gmail would ever open up an API for developers to code add-ons and plug-ins with more official support and stability, Kowitz suggested it was unlikely. Gmail is based on “hundreds of thousands” of lines of JavaScript, Kowitz said, and it's a code base that “changes so quickly.” That said, Jackson said the Gmail team "loves" to see third-party functionality being developed, and the team tries to make developers aware of changes they know will affect those products. Article on LifeHacker

“Scripting”?!?

http://stackoverflow.com/tags02-26-14

Count Tag599,605 C#583,322 Java555,164 JavaScript532,851 PHP273,086 Python268,725 C++129,483 C

97,154 Ruby15,044 Haskell

2,175 OCaml

JavaScript isPervasive

http://stackoverflow.com/tags02-26-14

Other Dynamic Languages Are, Too

2014 Count Tag

599,605 C#

583,322 Java

555,164 JavaScript

532,851 PHP

273,086 Python

268,725 C++

129,483 C

97,154 Ruby

15,044 Haskell

2,175 OCaml

ShoppingBanking 2014

ShoppingBanking

Third-Party Ads

ShoppingBanking

Third-Party Ads

Third-Party Apps

Third-Party

No longerjust “scripting”

… an easy-to-use “scripting language”as a companion to Java

1. Development Tools2. Reliability / Security3. Performance

But JS is hard to reason about!

Significant Interest For:

Static TypesMy Ph.D.

JavaScript, Python, Ruby, PHPShare Common Challenges

New Techniques Apply Broadly,Even to Statically Typed Languages

for Dynamic Languages

Describe sets of run-time values

“integers”

“booleans” “objects with foo field”

“non-nullpointers”

“urls that are safe to visit”

Static Types

Prevent classes of run-time errors

“integers”

“booleans” “objects with foo field”

“non-nullpointers”

“urls that are safe to visit”

“multiplyint and bool”

“navigating to evil.com”“redirect to evil.com”

“foo fieldnot found”“foo fieldnot found”

“null pointer exception”

Static Types

“expected args”“actual args”

Type1 Type2

“function call produces no error”✓

Type1 Type2

“function call may produce error”✗

For all programs p in

If p has a type T in

Then p does not failwith any error e in

PROGRAMS

ERRORS

PROGRAMS

ERRORS

GOAL: Reason AboutMore Programs

PROGRAMS

ERRORS

GOAL: Reason AboutMore Programs

GOAL: EliminateMore Errors

Types + LogicRefinement Types

Type1 Type2“expected args”“actual args”

{x|p }

{x|q }

{x|p }

{x|q }

Types + LogicRefinement Types

Refinement Types

Nested Refinements [POPL ’12]Key to Encode Dynamic Features

{x|p } f :: {y|q }

Expressiveness

Usability

VerificationHoare Logics

Model CheckingAbstract Interpretation

Theorem Proving…

+ Logic Dependent JavaScript (DJS)[POPL ’12, OOPSLA ’12]

Why is JavaScript Important?Why is JavaScript Hard?Static Types via LogicSecurity via LogicLooking Ahead

OutlineWhy JavaScript? Types via Logic Security via Logic Looking AheadChallenges

PROGRAMS

ERRORS

PROGRAMS

ERRORS

Why is JavaScript Hard?

Lightweight ReflectionDictionary ObjectsAdditional Challenges

PROGRAMS

function negate(x) {

if (typeof x == “number”) {

Why JavaScript? Security via Logic Looking AheadChallenges Types via Logic

xQ: What is my “type”?

All JavaScript Values

{x|tag(x) = “number” }

{x|tag(x) = “boolean” }

true false

{x|tag(x) = “object” }

{ } { “f”:17 }

{ “f”:42, “g”:true }...

Q: What is my “type”? x17 42

3.14-1

xQ: What is my “type”?A: Described by “tag”

return 0 - x;

} else {

return !x;

“expected args”

values with tag“number” OR “boolean”

Lightweight Reflection

Dictionary ObjectsAdditional Challenges

PROGRAMS

obj.f means obj[“f”]

a.k.a.“maps”“hash tables”“associative arrays”

Objects are “Dictionaries”that mapstring keysto values

methodto invoke

methodtable

function dispatch(table, op, i, j) { }

var integerOps = { “+” : function (n, m) { … } , “-” : function (n, m) { … } };

function dispatch(table, op, i, j) { var fn = table[op]; return fn(i, j); }

dispatch (integerOps, “*”, 17, 42);

“foo fieldnot found”“*” key

not found

“expected args”

table object with an op key that stores a function on numbers

Dependencybetween types

of arguments

Lightweight ReflectionDictionary ObjectsAdditional Challenges

PROGRAMS

Lightweight ReflectionDictionary Objects Extensible ObjectsPrototype InheritanceJavaScript Peculiarities

PROGRAMS

Unsupported in Prior Work

Lightweight ReflectionDictionary Objects Extensible ObjectsPrototype InheritanceJavaScript Peculiarities

PROGRAMS

OutlineWhy JavaScript? Types via Logic Security via Logic Looking AheadChallengesChallenges Types via Logic

PROGRAMS

ERRORS

All JavaScript Values{x|tag(x) = “number” }

true false

{ } { “f”:17 }

{ “f”:42, “g”:true }...

3.14-1

All JavaScript Values{x|tag(x) = “number” }

3.14-1

true false

{ } { “f”:17 }

{ “f”:42, “g”:true }...

{ } { “f”:17 }

{ “f”:42, “g”:true }...

true false

{x|integer(x) }

{x|x > 0 }

3.14-1

“set of values x s.t. formula p is true”

{x|p }Refinement Types

Type1 Type2

{x|p }

{x|q }

{x|p }

{x|q }

Subtyping is ImplicationSource of Expressive Power

Type1 Type2

{x|p }

{x|q }

{x|p }

{x|q }

Static Types via Logic

OutlineWhy JavaScript? Security via Logic Looking AheadChallenges Types via Logic

Lightweight ReflectionDictionary ObjectsKey Technical InnovationsEvaluation

Why JavaScript? Types via Logic Security via Logic Looking AheadChallenges

return 0 - x;

} else {

return !x;

Type Annotation in Comments

//: negate :: (x:NumOrBool) NumOrBool

{v|tag(v) = “number” ∨ tag(v) = “boolean” }

NumOrBool

Syntactic Sugarfor Common Types

return 0 - x;

} else {

return !x;

“expected args”

{x|tag(x) = “number” }✓

return 0 - x;

} else {

return !x;

“expected args”

✓{x|not(tag(x) = “number”)

{x| ∧ (tag(x) = “number” ∨

{x| tag(x) = “boolean”) }

return 0 - x;

} else {

return !x;

Logic EnablesPath-SensitiveReasoning on

Branches

return 0 - x;

} else {

return !x;

Logic Enables Types to Depend on Values

//: negate :: (x:NumOrBool) { y|tag(y) = tag(x) }

OutlineWhy JavaScript? Security via Logic Looking AheadChallenges

Types via Logic

{ “f”:true }

{ “f”:17 }

{ “f”:42, “g”:null }

{x|tag(x) = “object” has(x,“f”) }

{ “f”:true }

{ “f”:17 }

{ “f”:42, “g”:null }

{x|tag(x) = “object” {x|has(x,“f”) {x|tag(sel(x,“f”)) = “number” }

{ “f”:true }

{ “f”:17 }

{ “f”:42, “g”:null }

//: dispatch ::

//: ({ table | tag(table) = “object” },

//: { op | tag(op) = “string”

//: { op | ∧ has(table,op)

//: { op | ∧ sel(table,op) :: (Num,Num) Num },

//: { i | tag(i) = “number” },

//: { j | tag(j) = “number” })

//: Num

//: dispatch ::

//: (table : { sel(table,op) :: (Num,Num) Num },

//: op : Str,

//: i : Num,

//: j : Num)

//: Num

var integerOps = { “+” : …, “-” : … };

dispatch (integerOps, “*”, 17, 42);

{op|op = “*” }

“actual args”{op|has(integerOps,op) }

Type Checking Prevents Run-Time Error

{op|op = “*” }

{op|has(integerOps,op) }✗

Types via Logic

PriorRefinement

✓✗

lightweight reflection

dictionary objects

extensible objects

prototype inheritance

JavaScript peculiarities

✗✗✗

Dependent JavaScript

(DJS)[POPL ’12, OOPSLA ’12]

✓✓✓✓✓

Key Challenge:Function Subtyping

as Logical Implication68

PriorRefinement

✗dictionary objects

42 + negate (17)

{f|f :: }(x:Num) Num “expected function”

{f|f :: } (x:NumOrBool) { y|tag(y) = tag(x) }

{f|f :: }

(x:NumOrBool) { y|tag(y) = tag(x) }

{f|f :: }(x:Num) Num

How to Prove

?How to Encode Type System Inside Logic?

Prior Refinement SystemsDisallow Function Types Inside Logic!

T ::= {x|p }

| T1 T2

Types Refinement Logic

Satisfiability Modulo Theories (SMT)

SAT + Decidable Theories

p q✓✗

SMT Solver(e.g. Z3)

[Prior State-of-the-Art]

T ::= {x|p }

| T1 T2

p ::= p ∧ q | p ∨ q | p

| x = y | x > y | …

| tag(x) = “number” | …

| sel(x,k) = 17 | …

• Boolean Connectives• Equality• Linear Arithmetic• Uninterpreted Functions• McCarthy Arrays

T ::= {x|p }

| T1 T2

p ::= p ∧ q | p ∨ q | p

| x = y | x > y | …

| sel(x,k) = 17 | …

{v|tag(v) = “number” ∨ tag(v) = “boolean” }NumOrBool

Enables Union Types and Lightweight Reflection

T ::= {x|p }

| T1 T2

p ::= p ∧ q | p ∨ q | p

| x = y | x > y | …

| sel(x,k) = 17 | …

Enables Dictionary Types with Dynamic Keys …{d|tag(sel(d,k)) = “boolean” ∧

{d|tag(sel(d,“f”)) = “function” ∧

{d|sel(d,“f”) ??? }

But DisallowsFunctions inDictionaries!

p ::= p ∧ q | p ∨ q | p

| x = y | x > y | …

| sel(x,k) = 17 | …

| sel(x,k) :: T1 T2 | …

Goal: Refer to Type System Inside LogicGoal: Without Giving up Decidability

T ::= {x|p }

| T1 T2

Solution: Nested Refinements!

T ::= {x|p } p ::= p ∧ q | p ∨ q | p

| x = y | x > y | …

| sel(x,k) = 17 | …

| sel(x,k) :: T1 T2 | …

Nested Refinements [POPL ’12]1. Decidable Encoding2. Precise Subtyping3. Type Soundness Proof

Decidable Encoding

Uninterpreted Predicate in Logic

Distinct UninterpretedConstants in Logic…

{f|f :: }

(x:NumOrBool) { y|tag(y) = tag(x) }

Decidable Encoding

Uninterpreted Predicate in Logic

w/ Types Nested Inside

Distinct UninterpretedConstants in Logic…

Decidable Encoding

✗SMTSolver

Trivially Decidable, but Imprecise

p f :: (x:S1) S2

{f|f :: }(x:T1) T2

{f|p }

Precise Subtyping

Step 1:

Step 2:

Find such that(x:S1) S2

SMTSolver✓

T1 S1 ✓✓S2 T2x:T1

Compare and(x:S1) S2 (x:T1) T2

“contra-variance”

“co-variance”

{f|f :: }(x:Num) Num{f|f = negate }

Precise Subtyping

Step 1:

Step 2:

f = negate

f :: (x:NumOrBool) { y|tag(y) = tag(x) }SMTSolver✓

{f|f :: }(x:Num) Num{f|f = negate }

Precise Subtyping

Step 1:

Step 2:

f = negate

f :: (x:NumOrBool) { y|tag(y) = tag(x) }

NumOrBool ✓✓{y|tag(y) = tag(x) } Nu

mx:Num

✓SMT

Solver✓

Precise Subtyping

Step 1:

Step 2:

Decidable Reasoningvia SMT

Precise Function Subtypingvia Syntactic Techniques

{f|f :: }{f|f = negate } ✓(x:Num) Num

Type Soundness Proof

Logic 0

Conventional ProofsRequire Logic to be an Oracle …

… but Nesting Introduces CircularityThat Prevents Typical Inductive Proofs

Type System 0

Type System ∞

Type Soundness Proof

Logic 0

Logic 1

Logic 2

Type System 1

Type System 2

Type System 0

… …

Proof Technique:Stratify into Infinite Hierarchy

T ::= {x|p } p ::= p ∧ q | p ∨ q | p

| x = y | x > y | …

| sel(x,k) = 17 | …

| sel(x,k) :: T1 T2 | …

Nested Refinements [POPL ’12]

Key to Encode Dictionary Objects(Even in Statically Typed Languages!)

dictionary objects

extensible objects

✓✓✓✓✓

PriorRefinement

✓✗✗✗✗

path-sensitivity

nested refinements

flow-sensitivity

logical encoding

JavaScript

JavaScript, Python, Ruby

dictionary objects

extensible objects

✓✓✓✓✓

path-sensitivity

nested refinements

flow-sensitivity

logical encoding

Statically Typed Languages(Java, C++, OCaml, Haskell, …)

dictionary objects

extensible objects

✓✓✓✓✓

path-sensitivity

nested refinements

flow-sensitivity

logical encoding

logical encoding✗

Statically Typed Languages(Java, C++, OCaml, Haskell, …)

✓✓✓

path-sensitivity

nested refinements

flow-sensitivity

General Techniques Can BeUsed to Eliminate More

ERRORS

Types via Logic

408(+33%)

LOCbefore/after

13 Excerpts from: JavaScript, Good Parts SunSpider Benchmark Suite Google Closure Library

Benchmarks

Chosen to Stretch Expressiveness Limits of DJS

408(+33%)

LOCbefore/after

Benchmarks

9 Browser Extensions from: [Guha et al. Oakland ’11]

383(+19%)

1,003a

1,027(+2%)

2 Examples from: Google Gadgets

1,818(+12%)

TOTALS

1,818(+12%)

TOTALS

Relatively Simple Syntactic Sugar andType Inference Have Helped Significantly

Opportunities for Improved Type Inference:• Iterative Predicate Abstraction• Bootstrap by Running Test Cases [STOP ’11]• Translating Programs from TypeScript

1,818(+12%)

Type Annotations

LOCbefore/after

408(+33%)

Benchmarks

9 Browser Extensions from: [Guha et al. Oakland ’11]

383(+19%)

2 Examples from: Google Gadgets

1,003a

1,027(+2%)

1,818(+12%)

10 sec

Running Time

19 sec

32 sec

TOTALS

1,818(+12%)

32 sec

TOTALS

32 sec

Relatively Simple Optimizations So Far:• Avoid SMT Solver When Possible• Reduce Precision for Common Patterns• Rely on Nested Refinements When Needed

Performance

Types via Logic

OutlineWhy JavaScript? Security via Logic Looking AheadChallenges Types via Logic Security via Logic

ERRORS

PROGRAMS

OutlineWhy JavaScript? Security via LogicTypes via Logic Looking AheadChallenges

Security via Logic Browser Extensions

Types for Fine-Grained Policies

ERRORS

… New Yorker article, “The Itch,” …

“?printable=true”

“I want every article in print

mode”

Browser Extensions

Third-Party DevelopersCustomize

Browser

Browser Extensions

PRINTNEW YORKER

Browser Extensions

for (var elt in doc.getEltsByTagName(“a”)) {

var url = elt.getAttr(“href”);

if (url.match(/^newyorker.com/)) {

elt.setAttr(“href”, url + “?printable=true”);

Browser Extensions

PRINTNEW YORKER

Document (DOM)

host-site.com

?printable=true

newyorker.com

Browser Extensions

PRINTNEW YORKER

Document (DOM)

host-site.com

?printable=true

newyorker.comevil.com EVIL

PasswordsBank Accts

History

Network Manager

OtherSensitive

JavaScriptEngine

Why JavaScript? Security via LogicTypes via Logic Looking AheadChallenges

Policy Expressiveness

Access All Resources

Access Some Resources

cannot access DOM cannot access History

coarse-grainedand uninformative!

cannot access DOM cannot access History

coarse-grainedand uninformative!

similar situation forother app platforms

Fine-Grained PoliciesGOAL

can write “a” elementsbut only “href” attribute

when original “href” valuestarts with “newyorker.com”and is prefix of new value

Fine-Grained PoliciesGOAL

Language-Based SecurityIf Language Could Enforce SomeSecurity-Related Policies …

Then Reduce Dependence On:• Testing• Code Reviews• Dynamic Checking

PROGRAMS

ERRORS

PROGRAMS

ERRORSGOAL: Eliminate SomeSecurity-Related Errors

PROGRAMS

ERRORSGOAL: Eliminate SomeSecurity-Related Errors

But How?

Subtyping is ImplicationSource of Expressive Power

Type1 Type2{x|p }

{x|q }

{x|p }

{x|q }

Security via Logic Browser Extensions

Types for Fine-Grained Policies

ERRORS

Static Verification (DJS)

Security Expert

reviews only policy

reads informative policy

Developerwrites policy in logic!

Network Manager

request, …

JS Engine

eval, …

getAttr, setAttr, …

request ::

url:Str

Network Manager

request, …

JS Engine

eval, …

request ::

{url:Str|WhiteListed(url)}

Network Manager

request, …

JS Engine

eval, …

eval ::

Network Manager

request, …

JS Engine

eval, …

eval ::

{s:Str|not(Tainted(s))}

Network Manager

request, …

JS Engine

eval, …

getAttr ::

elt:Element

attr:Str

Network Manager

request, …

JS Engine

eval, …

getAttr ::

elt:Element

{attr:Str|CanRead(elt,attr)}

Network Manager

request, …

JS Engine

eval, …

setAttr ::

elt:Element

attr:Str

Network Manager

request, …

JS Engine

eval, …

setAttr ::

elt:Element

attr:Str

{y:Str|CanWrite(elt,attr,y)}

Network Manager

request, …

JS Engine

eval, …

Refined APIs Mediate Access

Typecheck Extension with Policy

forall url.

not (url = “evil.com”)

WhiteListed (url)

var s = request(“evil.com”);

✗finite blacklist

//: url:Str

var s = request(url);

✗might beblacklisted!

forall url.

WhiteListed (url)

forall url.

WhiteListed (url)

if (url != “evil.com”) {

eval(s);

s:Str might be tainted!

forall url.

WhiteListed (url)

s = sanitize(s);

eval(s);

} ✓STATICALLY VERIFIED!

{s:Str|not(Tainted(s))}

forall url.

WhiteListed (url)

WhiteListed (“ny.com”)

WhiteListed (“golf.com”)

forall url.

WhiteListed (url)

not (Tainted (request (url)))

trust thatwhitelisted servers

return untainted strings

var s = request(“ny.com”);

eval(s);✓ no need to sanitize

WhiteListed (“ny.com”)

WhiteListed (“golf.com”)

forall url.

WhiteListed (url)

not (Tainted (request (url)))

STATICALLY VERIFIED!

forall e, oldUrl, newUrl.

ValueOf (e, “href”, oldUrl) ∧

StrPrefix (“newyorker.com”, oldUrl) ∧

StrPrefix (oldUrl, newUrl)

CanWrite (e, “href”, newUrl)

ValueOf (elt, “href”, url) ∧

StrPrefix (“newyorker.com”, url) ∧

StrPrefix (url, url + “?printable=true”)

CanWrite (e, “href”, url+“?printable=true”)

✓✓

✓✓✓

✓STATICALLY VERIFIED!

elt.setAttr(“href”, “evil.com”);

StrPrefix (url, “evil.com”)

CanWrite (e, “href”, “evil.com”)

StrPrefix (url, “evil.com”)

CanWrite (e, “href”, “evil.com”)

✓✓✗

Types for Security+ JavaScript Verification

= Fine-Grained Web Security

[ESOP ’10, Guha et al. ’11]

[POPL ’12, OOPSLA ’12]

[current]

Secure Extensions Written in OCaml

Preliminary Benchmarks

Guha et al. ’11]

Secure Extensions Written in OCamlPreliminary Benchmarks

Ported to DJS (~400 LOC so far)

Well-typed programsdon’t have run-time errorsand conform to security policies

Security via Logic

Browser ExtensionsTypes for Fine-Grained Policies

ERRORS

OutlineWhy JavaScript? Types via Logic Security via Logic Looking AheadChallenges Security via Logic Looking Ahead

ERRORS

PROGRAMS

Why JavaScript? Types via Logic Security via LogicChallenges Looking Ahead

Untrusted

ScriptingLanguages

Web Platform

Untrusted

ScriptingLanguages

PolicySpecification

Web Platform

Security Expert

Developer must write policy

must read policy

Developer must write policy

• Infer from traces• Incentives from platform

must read policyUser

• Traces to demonstrate behavior• Community review-and-recommend services

must read policySecurity Expert

• Modeling tools to analyze policies

Untrusted

ScriptingLanguages

PolicySpecification

DynamicEnforcement

Web Platform

Security Expert

Developer

eval(“…”);

…Dynamic

Code Loading

Impossible to statically analyzecode you don’t have!

Security Expert

Developer

DynamicEnforcement

eval(“…”);

//: #assume

New Types

Old Types

New Types

Limits of Static Reasoning

“expected”“actual”

p q✓ Definitely Safe

Maybe Unsafe✗p q(But Maybe Safe…)

Limits of Static Reasoning

p q Definitely Safe

Maybe Unsafe✗p qDefinitely Unsafep q✓

“expected”“actual”

Dynamic Enforcement

Limits of Static Reasoning• Accept Program, Rather than Reject

• Rely on Programmer-Trusted or• Dynamically-Checked Assumption

✗ Maybe Unsafep q

Untrusted

ScriptingLanguages

PolicySpecification

DynamicEnforcement

Trust Base

Web Platform

Security Expert

reviews only policy

Developer

DynamicEnforcement

Security Expertreviews only policy

trust SMTSolver

Eliminate from TCB à laProof-Carrying Code [PLDI ’10]

Eliminate from TCB via Formal Verification

Security Expert

SMTSolver

PolicySpecification

DynamicEnforcement

Trust Base

Untrusted

ScriptingLanguages

Web Platform

ToolSupport

• Generate Tests and Find Bugsfor Unannotated Programs

• Support Refactoring and Code Completionfor Annotated Programs

• Provide Analysis and Documentation Toolsfor Large, Popular Libraries like jQuery

• Web-Based Interfaces to Collect Statisticsabout Programming Patterns, Errors

Tools for Web Development

Inferred Annotationsare in Comments

Flow-SensitiveType Information

by Hoveringover Program Point

Inferred Annotationsare in Comments

Flow-SensitiveType Information

by Hoveringover Program Point

Many Software Engineering Challenges!

Untrusted

ScriptingLanguages

ToolSupport

PolicySpecification

DynamicEnforcement

Trust Base

Web PlatformTypes

+ Logic

[STOP ’11][POPL ’12]

[OOPSLA ’12][ML ’13]

[ESOP ’10]

[PLDI ’10][PLDI ’09]

Program Analysisfor Security

Dataflow Analysis for Race Detection

[PLDI ’08]

PL TechniquesTypes

+ Logic

Dynamic Languages are Pervasive

DJS: Precise Static Types via Logic

Towards Fine-Grained Web Security

ravichugh.com

Thanks!

modern type systems for dynamic languages ravi chugh

Documents

expressiveness and complexity of crosscut languages€¦ ·...

reg.n s.no o. name of the student father name...

delhi public school, chandigarh - dpschd.com · 345 aanya...

radar: dataflow analysis for concurrent programs using...

by soumil chugh

1 chapter 8 of programming languages by ravi sethi elements...

nested refinement types for dynamic languages ravi chugh

the role of programming languages chapter 1: programming...

introduction and chapter 8 of programming languages by ravi...

project report-binny chugh

dependent types for javascript ravi chugh ranjit jhala dave...

object oriented programming chapter 7 programming languages...

nested refinement types for javascript ravi chugh...

navamsa in astrology - c.s. patel page 001 image 0001 1 ·...

quantum programming languages for specification and...

towards dependent types for javascript ravi chugh, david...

nestedreﬁnement...

f ine + dcil nikhil swamy juan chen ravi chugh end-to-end...

vijay chugh - world...

staged information flow for javascript ravi chugh, jeff...