JSAI: Designing a Sound, Configurable, and Efficient Static Analyzer for JavaScript
نویسندگان
چکیده
We describe JSAI, an abstract interpreter for JavaScript. JSAI uses novel abstract domains to compute a reduced product of type inference, pointer analysis, string analysis, integer and boolean constant propagation, and control-flow analysis. In addition, JSAI allows for analysis control-flow sensitivity (i.e., context-, path-, and heap-sensitivity) to be modularly configured without requiring any changes to the analysis implementation. JSAI is designed to be provably sound with respect to a specific concrete semantics for JavaScript, which has been extensively tested against existing production-quality JavaScript implementations. We provide a comprehensive evaluation of JSAI’s performance and precision using an extensive benchmark suite. This benchmark suite includes real-world JavaScript applications, machinegenerated JavaScript code via Emscripten, and browser addons. We use JSAI’s configurability to evaluate a large number of analysis sensitivities (some well-known, some novel) and observe some surprising results. We believe that JSAI’s configurability and its formal specifications position it as a useful research platform to experiment on novel sensitivities, abstract domains, and client analyses for JavaScript.
منابع مشابه
Scalable and Precise Static Analysis of JavaScript Applications via Loop-Sensitivity (Artifact)
This artifact is an implementation of the loopsensitive analysis (LSA) technique that can improve analysis precision and scalability in analyzing JavaScript applications by distinguishing loop iterations automatically during analysis. It has been built on SAFE, the open-source JavaScript static analyzer framework, and its package contains all benchmarks that we used in the companion ECOOP paper...
متن کاملImproving Tools for JavaScript Programmers
We present an overview of three research projects that all aim to provide better tools for JavaScript web application programmers: TAJS, which infers static type information for JavaScript applications using dataflow analysis; JSRefactor, which enables sound code refactorings; and Artemis, which provides high-coverage automated testing. 1. JAVASCRIPT PROGRAMMERS NEED
متن کاملData-flow Analysis of Programs with Associative Arrays
Dynamic programming languages, such as PHP, JavaScript, and Python, provide built-in data structures including associative arrays and objects with similar semantics—object properties can be created at run-time and accessed via arbitrary expressions. While a high level of security and safety of applications written in these languages can be of a particular importance (consider a web application ...
متن کاملGoblint : PATH - SENSITIVE DATA RACE ANALYSIS 1
We present Goblint, a static analyzer for detecting potential data races in the multithreaded C code. The implemented analysis is sound on a “safe” subset of C and sufficiently efficient to be used for race-detection of multithreaded programs up to about 25 thousand lines of code. It uses a global invariant approach to avoid the state space explosion problem and is both contextand path-sensitive.
متن کاملGoblint: Path-Sensitive Data Race Analysis
We present Goblint, a static analyzer for detecting potential data races in the multithreaded C code. The implemented analysis is sound on a “safe” subset of C and sufficiently efficient to be used for race-detection of multithreaded programs up to about 25 thousand lines of code. It uses a global invariant approach to avoid the state space explosion problem and is both contextand path-sensitive.
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
- CoRR
دوره abs/1403.3996 شماره
صفحات -
تاریخ انتشار 2014