skip to main content
research-article

Towards a program logic for JavaScript

Published:25 January 2012Publication History
Skip Abstract Section

Abstract

JavaScript has become the most widely used language for client-side web programming. The dynamic nature of JavaScript makes understanding its code notoriously difficult, leading to buggy programs and a lack of adequate static-analysis tools. We believe that logical reasoning has much to offer JavaScript: a simple description of program behaviour, a clear understanding of module boundaries, and the ability to verify security contracts. We introduce a program logic for reasoning about a broad subset of JavaScript, including challenging features such as prototype inheritance and "with". We adapt ideas from separation logic to provide tractable reasoning about JavaScript code: reasoning about easy programs is easy; reasoning about hard programs is possible. We prove a strong soundness result. All libraries written in our subset and proved correct with respect to their specifications will be well-behaved, even when called by arbitrary JavaScript code.

Skip Supplemental Material Section

Supplemental Material

popl_1a_3.mp4

References

  1. C. Anderson, P. Giannini, and S. Drossopoulou. Towards type inference for JavaScript. In Proc. of ECOOP'05, 2005. Google ScholarGoogle ScholarDigital LibraryDigital Library
  2. J. Berdine, C. Calcagno, and P. O'Hearn. Smallfoot: Modular automatic assertion checking with separation logic. In FMCO, 2005. Google ScholarGoogle ScholarDigital LibraryDigital Library
  3. J. Berdine, B. Cook, and S. Ishtiaq. Slayer: Memory safety for systems-level code. In CAV, 2011. Google ScholarGoogle ScholarDigital LibraryDigital Library
  4. G.M. Bierman, M.J. Parkinson, and A. M. Pitts. MJ: An imperative core calculus for java and java with effects. Technical report, Cambridge, 2003.Google ScholarGoogle Scholar
  5. L. Birkedal and H. Yang. Relational parametricity and separation logic. In FoSSaCS, pages 93--107, 2007. Google ScholarGoogle ScholarDigital LibraryDigital Library
  6. N. Charlton. Hoare logic for higher order store using simple semantics. In Proc. of WOLLIC 2011, 2011. Google ScholarGoogle ScholarDigital LibraryDigital Library
  7. T. Dinsdale-Young, M. Dodds, P. Gardner, M. Parkinson, and V. Vafeiadis. Concurrent abstract predicates. ECOOP, 2010. Google ScholarGoogle ScholarDigital LibraryDigital Library
  8. D. Distefano and M. Parkinson. jStar: towards practical verification for Java. In OOPSLA '08, pages 213--226. ACM, 2008. Google ScholarGoogle ScholarDigital LibraryDigital Library
  9. M. Dodds, X. Feng, M.J. Parkinson, and V. Vafeiadis. Deny-guarantee reasoning, 2009.Google ScholarGoogle Scholar
  10. D. Dreyer, G. Neis, and L. Birkedal. The impact of higher-order state and control effects on local relational reasoning. In ICFP, pages 143--156, 2010. Google ScholarGoogle ScholarDigital LibraryDigital Library
  11. P. Gardner, S. Maffeis, and G. Smith. Towards a program logic for JavaScript. Imperial College London Technical Report number DTR11--11, November 2011.Google ScholarGoogle Scholar
  12. A. Guha, C. Saftoiu, and S. Krishnamurthi. The Essence of JavaScript. ECOOP 2010, pages 126--150, 2010. Google ScholarGoogle ScholarDigital LibraryDigital Library
  13. D. Herman and C. Flanagan. Status report: specifying JavaScript with ML. In Proc. of ML'07, pages 47--52, 2007. Google ScholarGoogle ScholarDigital LibraryDigital Library
  14. ECMA International. ECMAScript language specification. stardard ECMA-262, 3rd Edition, 1999.Google ScholarGoogle Scholar
  15. jQuery: The write less, do more, JavaScript library. http://jquery.com.Google ScholarGoogle Scholar
  16. S. Maffeis, J. C. Mitchell, and A. Taly. Isolating javascript with filters, rewriting, and wrappers. In ESORICS, pages 505--522, 2009. Google ScholarGoogle ScholarDigital LibraryDigital Library
  17. S. Maffeis, J. C. Mitchell, and A. Taly. Object capabilities and isolation of untrusted web applications. In IEEE Symposium on Security and Privacy, pages 125--140, 2010. Google ScholarGoogle ScholarDigital LibraryDigital Library
  18. S. Maffeis, J.C. Mitchell, and A. Taly. An operational semantics for JavaScript. In Proc. of APLAS'08, LNCS, 2008. Google ScholarGoogle ScholarDigital LibraryDigital Library
  19. S. Maffeis and A. Taly. Language-based isolation of untrusted javascript. In CSF, pages 77--91, 2009. Google ScholarGoogle ScholarDigital LibraryDigital Library
  20. P. O'Hearn, J. C. Reynolds, and H. Yang. Local reasoning about programs that alter data structures. In CSL, 2001. Google ScholarGoogle ScholarDigital LibraryDigital Library
  21. P. W. OHearn. Resources, concurrency, and local reasoning. Theor. Comput. Sci., 375(1--3):271--307, 2007. Google ScholarGoogle ScholarDigital LibraryDigital Library
  22. Changhee Park, Hongki Lee, and Sukyoung Ryu. An empirical study on the rewritability of the with statement in javascript. In FOOL, 2011.Google ScholarGoogle Scholar
  23. M. Parkinson and G. M. Bierman. Separation logic, abstraction and inheritance. In POPL, 2008. Google ScholarGoogle ScholarDigital LibraryDigital Library
  24. M. J. Parkinson. Local reasoning for Java. Technical Report 654, Univ. of Cambridge Computer Laboratory, 2005. Ph.D. dissertation.Google ScholarGoogle Scholar
  25. Prototype Core Team. Prototype JavaScript framework: Easy Ajax and DOM manipulation for dynamic web applications. http://www.prototypejs.org.Google ScholarGoogle Scholar
  26. Dave Raggett. W3C Slidy. http://www.w3.org/Talks/Tools/Slidy2/, 2005.Google ScholarGoogle Scholar
  27. G. Richards, C. Hammer, B. Burg, and J. Vitek. The Eval that men do Ð A large-scale study of the use of Eval in JavaScript applications. Accepted for publication at ECOOP 2011. Google ScholarGoogle ScholarDigital LibraryDigital Library
  28. G. Richards, S. Lebresne, B. Burg, and J. Vitek. An analysis of the dynamic behavior of JavaScript programs. In PLDI, 2010. Google ScholarGoogle ScholarDigital LibraryDigital Library
  29. J. Schwinghammer, L. Birkedal, B. Reus, and H. Yang. Nested hoare triples and frame rules for higher-order store. In In Proc. of CSL'09, 2009. Google ScholarGoogle ScholarDigital LibraryDigital Library
  30. G. D. Smith. Local reasoning about web programs. PhD Thesis, Dep. of Computing, Imperial College London, 2011.Google ScholarGoogle Scholar
  31. A. Taly, U. Erlingsson, M. S. Miller, J. C. Mitchell, and J. Nagra. Automated analysis of security-critical javascript apis. In Proc. of IEEE Security and Privacy '11. IEEE, 2011. Google ScholarGoogle ScholarDigital LibraryDigital Library
  32. P. Thiemann. Towards a type system for analyzing javascript programs. In Proc. of ESOP '05, volume 3444 of LNCS, 2005. Google ScholarGoogle ScholarDigital LibraryDigital Library
  33. P. Thiemann. A type safe DOM API. In Proc. of DBPL, pages 169--183, 2005. Google ScholarGoogle ScholarDigital LibraryDigital Library
  34. V. Vafeiadis. Concurrent separation logic and operational semantics. In MFPS11, 2011.Google ScholarGoogle ScholarDigital LibraryDigital Library
  35. Viktor Vafeiadis and M. Parkinson. A marriage of rely/guarantee and separation logic. In IN 18TH CONCUR. Springer, 2007. Google ScholarGoogle ScholarDigital LibraryDigital Library
  36. H. Yang, O. Lee, J. Berdine, C. Calcagno, B. Cook, D. Distefano, and P. O'Hearn. Scalable shape analysis for systems code. In CAV, 2008. Google ScholarGoogle ScholarDigital LibraryDigital Library
  37. D. Yu, A. Chander, N. Islam, and I. Serikov. JavaScript instrumentation for browser security. In Proc. of POPL'07, 2007. Google ScholarGoogle ScholarDigital LibraryDigital Library

Index Terms

  1. Towards a program logic for JavaScript

      Recommendations

      Comments

      Login options

      Check if you have access through your login credentials or your institution to get full access on this article.

      Sign in

      Full Access

      • Published in

        cover image ACM SIGPLAN Notices
        ACM SIGPLAN Notices  Volume 47, Issue 1
        POPL '12
        January 2012
        569 pages
        ISSN:0362-1340
        EISSN:1558-1160
        DOI:10.1145/2103621
        Issue’s Table of Contents
        • cover image ACM Conferences
          POPL '12: Proceedings of the 39th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
          January 2012
          602 pages
          ISBN:9781450310833
          DOI:10.1145/2103656

        Copyright © 2012 ACM

        Publisher

        Association for Computing Machinery

        New York, NY, United States

        Publication History

        • Published: 25 January 2012

        Check for updates

        Qualifiers

        • research-article

      PDF Format

      View or Download as a PDF file.

      PDF

      eReader

      View online with eReader.

      eReader
      About Cookies On This Site

      We use cookies to ensure that we give you the best experience on our website.

      Learn more

      Got it!