Today we continue to discuss jigsaw.Efficient, low effort mashup isolation by James Mickens and Matthew Finifter. Mashups are web applications that contain code from different principals.
Jigsaw lets mashups be isolated with its framework and lets them selectively expose private state. We were discussing the end to end performance study of Jigsaw.
Today we continue to discuss related work. We saw the differences between Jigsaw and Dojo, Fbjs and Caja. We now look into Secure ECMA script. This provides Caja like isolation without the rewriting and runtime virtualization. It pushes security checks into the Javascript engine. This can reduce costs significantly and Jigsaw can use some of thsee checks from the upcoming versions of SES.
We now look at pass by value systems. PostMash uses iframes as isolation containers and performs cross domain communication with asynchronous pass by value calls. These become quite expensive when each container clones the object graph. The degradation was to the tune of 60% for a Google maps mashup. The expense comes from marshaling as well as asynchronous calls that increase traffic. Moreover such calls are not really suited for modules that require a lot of computations such as those involving databases, cryptographic methods, input scrubbing, and image manipulation.
Iframes are better at isolation than Jigsaws box boundaries because a parent can make progress when a child is busy. In Jigsaw, several boxes can exist in the same iframe. If one box misbehaves, it can cause denial of service to others. But this is not a major concern because browsers terminate unresponsive scripts with user consent
ObjectViews enable full policy code to be written in Javascript
This is very expressive but the same benefit can be achieved with simpler declarations such as public private keywords.
#codingexercise
Given an array of prices of a stock in a day on each day and with unlimited sequential transactions, find the max profit.
int GetMaxProfit(List<int> prices)
{
int max = 0;
int sum = 0;
for (int i = 1; i < prices.Count(); i++)
{
int diff = prices[i] - prices[i-1];
if (diff > 0)
sum+=diff;
}
return sum;
}
If there were two simultaneous transactions that can be performed then we can use dynamic programming to combine the max profit from each.
TotalMaxProfit = max(MaxProfit(0,i) + MaxProfit(i+1, n)) for 0<=i<n
The maxprofit example shown above can also target a single transaction only.
On this case, instead of cumulative positive differences, we keep track of the min price and take the difference between the current price and the minimum price. We return the maximum of such differences as the answer
int MaxProfit(List <int> prices)
{
int min=INT_MAX; int max =0;
int diff=0;
for(int i =0; i< prices.Count(); i++)
{
if(prices[i]<min) min = prices[i];
diff = prices[i] - min;
if(max<diff)
max = diff;
}
return max;
}