skip to main content
10.1145/1806596.1806598acmconferencesArticle/Chapter ViewAbstractPublication PagespldiConference Proceedingsconference-collections
research-article

An analysis of the dynamic behavior of JavaScript programs

Published:05 June 2010Publication History

ABSTRACT

The JavaScript programming language is widely used for web programming and, increasingly, for general purpose computing. As such, improving the correctness, security and performance of JavaScript applications has been the driving force for research in type systems, static analysis and compiler techniques for this language. Many of these techniques aim to reign in some of the most dynamic features of the language, yet little seems to be known about how programmers actually utilize the language or these features. In this paper we perform an empirical study of the dynamic behavior of a corpus of widely-used JavaScript programs, and analyze how and why the dynamic features are used. We report on the degree of dynamism that is exhibited by these JavaScript programs and compare that with assumptions commonly made in the literature and accepted industry benchmark suites.

References

  1. Christopher Anderson. Type Inference for JavaScript. PhD thesis, Department of Computing, Imperial College London, March 2006.Google ScholarGoogle Scholar
  2. Christopher Anderson and Sophia Drossopoulou. BabyJ: From object based to class based programming via types. Electr. Notes Theor. Comput. Sci., 82(7), 2003.Google ScholarGoogle Scholar
  3. Christopher Anderson and Paola Giannini. Type checking for JavaScript. Electr. Notes Theor. Comput. Sci., 138(2), 2005. Google ScholarGoogle ScholarDigital LibraryDigital Library
  4. Brad Calder, Dirk Grunwald, and Benjamin Zorn. Quantifying behavioral differences between c and c++ programs. Journal of Programming Languages, (4), 1994.Google ScholarGoogle Scholar
  5. Craig Chambers, Dave Ungar, and Erin Lee. An efficient implementation of SELF a dynamically-typed object-oriented language based on prototypes. SIGPLAN Not., 24(10):49--70, 1989. Google ScholarGoogle ScholarDigital LibraryDigital Library
  6. Ravi Chugh, Jeffrey A. Meister, Ranjit Jhala, and Sorin Lerner. Staged information flow for JavaScript. In Programming Language Design and Implementation, (PLDI), 2009. Google ScholarGoogle ScholarDigital LibraryDigital Library
  7. Bruno Dufour, Karel Driesen, Laurie J. Hendren, and Clark Verbrugge. Dynamic metrics for java. In Proceedings of the Conference on Object-Oriented Programming Systems, Languages and Applications (OOPSLA), 2003. Google ScholarGoogle ScholarDigital LibraryDigital Library
  8. Ben Feinstein and Daniel Peck. Caffeinemonkey: Automated collection, detection and analysis of malicious JavaScript. In Black Hat USA 2007, Las Vegas, NV, USA, 2007.Google ScholarGoogle Scholar
  9. Michael Furr, Jong hoon An, Jeffrey Foster, and Michael Hicks. Static type inference for ruby. In Symposium on Applied Computing (SAC), 2009. Google ScholarGoogle ScholarDigital LibraryDigital Library
  10. Andreas Gal, Brendan Eich, Mike Shaver, David Anderson, David Mandelin, Mohammad R. Haghighat, Blake Kaplan, Graydon Hoare, Boris Zbarsky, Jason Orendorff, Jesse Ruderman, Edwin W. Smith, Rick Reitmaier, Michael Bebenita, Mason Chang, and Michael Franz. Trace-based just-in-time type specialization for dynamic languages. In Conference on Programming Language Design and Implementation (PLDI), 2009. Google ScholarGoogle ScholarDigital LibraryDigital Library
  11. C.D. Garret, Jeff Dean, David Grove, and Craig Chambers. Measurement and application of dynamic receiver class distributions. Univ of Washington, 1994.Google ScholarGoogle Scholar
  12. Arjun Guha, Shriram Krishnamurthi, and Trevor Jim. Using static analysis for ajax intrusion detection. In International Conference on World Wide Web (WWW), 2009. Google ScholarGoogle ScholarDigital LibraryDigital Library
  13. Phillip Heidegger and Peter Thiemann. Recency types for dynamically-typed, object-based languages. In Foundations of Object Oriented Languages (FOOL), 2009.Google ScholarGoogle Scholar
  14. Alex Holkner and James Harland. Evaluating the dynamic behaviour of Python applications. In Australasian Computer Science Conference (ACSC), 2009. Google ScholarGoogle ScholarDigital LibraryDigital Library
  15. Daniel Ingalls, Krzysztof Palacz, Stephen Uhler, Antero Taivalsaari, and Tommi Mikkonen. The lively kernel a self-supporting system on a web page. In Self-Sustaining Systems, 2008. Google ScholarGoogle ScholarDigital LibraryDigital Library
  16. ECMA International. ECMA-262: ECMAScript Language Specification. ECMA (European Association for Standardizing Information and Communication Systems), Geneva, Switzerland, third edition, December 1999.Google ScholarGoogle Scholar
  17. Dongseok Jang and Kwang-Moo Choe. Points-to analysis for JavaScript. In Symposium on Applied Computing (SAC), 2009. Google ScholarGoogle ScholarDigital LibraryDigital Library
  18. Simon Holm Jensen, Anders Møller, and Peter Thiemann. Type analysis for JavaScript. In Static Analysis Symposium (SAS), 2009. Google ScholarGoogle ScholarDigital LibraryDigital Library
  19. Sylvain Lebresne, Gregor Richards, Johan Ostlund, Tobias Wrigstad, and Jan Vitek. Understanding the dynamics of JavaScript. In Workshop on Script to Program Evolution (STOP), 2009. Google ScholarGoogle ScholarDigital LibraryDigital Library
  20. Florian Loitsch and Manuel Serrano. Hop client-side compilation. In Symposium on Trends on Functional Languages, 2007.Google ScholarGoogle Scholar
  21. Sergio Maffeis, John C. Mitchell, and Ankur Taly. Isolating JavaScript with filters, rewriting, and wrappers. In European Symposium on Research in Computer Security (ESORICS), 2009. Google ScholarGoogle ScholarDigital LibraryDigital Library
  22. Paruj Ratanaworabhan, Benjamin Livshits, and Benjamin Zorn. JSMeter: Comparing the behavior of JavaScript benchmarks with real web applications. In USENIX Conference on Web Application Development (WebApps), June 2010. Google ScholarGoogle ScholarDigital LibraryDigital Library
  23. Ewan D. Tempero, James Noble, and Hayden Melton. How do java programs use inheritance? an empirical study of inheritance in java software. In European Conference on Object-Oriented Programming (ECOOP), 2008. Google ScholarGoogle ScholarDigital LibraryDigital Library
  24. Peter Thiemann. Towards a type system for analyzing JavaScript programs. In European Symposium on Programming (ESOP), 2005. Google ScholarGoogle ScholarDigital LibraryDigital Library
  25. Sam Tobin-Hochstadt and Matthias Felleisen. The design and implementation of Typed Scheme. In POPL, pages 395--406, New York, NY, USA, 2008. ACM. Google ScholarGoogle ScholarDigital LibraryDigital Library
  26. Philipp Vogt, Florian Nentwich, Nenad Jovanovic, Engin Kirda, Christopher Krügel, and Giovanni Vigna. Cross site scripting prevention with dynamic data tainting and static analysis. In Network and Distributed System Security Symposium (NDSS), 2007.Google ScholarGoogle Scholar
  27. Dachuan Yu, Ajay Chander, Nayeem Islam, and Igor Serikov. JavaScript instrumentation for browser security. In Symposium on Principles of Programming Languages (POPL), 2007. Google ScholarGoogle ScholarDigital LibraryDigital Library
  28. Chuan Yue and Haining Wang. Characterizing insecure JavaScript practices on the web. In 18th International World Wide Web Conference, pages 961--961, April 2009. Google ScholarGoogle ScholarDigital LibraryDigital Library

Index Terms

  1. An analysis of the dynamic behavior of JavaScript programs

      Recommendations

      Comments

      Login options

      Check if you have access through your login credentials or your institution to get full access on this article.

      Sign in
      • Published in

        cover image ACM Conferences
        PLDI '10: Proceedings of the 31st ACM SIGPLAN Conference on Programming Language Design and Implementation
        June 2010
        514 pages
        ISBN:9781450300193
        DOI:10.1145/1806596
        • cover image ACM SIGPLAN Notices
          ACM SIGPLAN Notices  Volume 45, Issue 6
          PLDI '10
          June 2010
          496 pages
          ISSN:0362-1340
          EISSN:1558-1160
          DOI:10.1145/1809028
          Issue’s Table of Contents

        Copyright © 2010 ACM

        Publisher

        Association for Computing Machinery

        New York, NY, United States

        Publication History

        • Published: 5 June 2010

        Permissions

        Request permissions about this article.

        Request Permissions

        Check for updates

        Qualifiers

        • research-article

        Acceptance Rates

        Overall Acceptance Rate406of2,067submissions,20%

      PDF Format

      View or Download as a PDF file.

      PDF

      eReader

      View online with eReader.

      eReader
      About Cookies On This Site

      We use cookies to ensure that we give you the best experience on our website.

      Learn more

      Got it!