Abstract
JavaScript has become the most widely used language for client-side web programming. The dynamic nature of JavaScript makes understanding its code notoriously difficult, leading to buggy programs and a lack of adequate static-analysis tools. We believe that logical reasoning has much to offer JavaScript: a simple description of program behaviour, a clear understanding of module boundaries, and the ability to verify security contracts. We introduce a program logic for reasoning about a broad subset of JavaScript, including challenging features such as prototype inheritance and "with". We adapt ideas from separation logic to provide tractable reasoning about JavaScript code: reasoning about easy programs is easy; reasoning about hard programs is possible. We prove a strong soundness result. All libraries written in our subset and proved correct with respect to their specifications will be well-behaved, even when called by arbitrary JavaScript code.
Supplemental Material
- C. Anderson, P. Giannini, and S. Drossopoulou. Towards type inference for JavaScript. In Proc. of ECOOP'05, 2005. Google Scholar
Digital Library
- J. Berdine, C. Calcagno, and P. O'Hearn. Smallfoot: Modular automatic assertion checking with separation logic. In FMCO, 2005. Google Scholar
Digital Library
- J. Berdine, B. Cook, and S. Ishtiaq. Slayer: Memory safety for systems-level code. In CAV, 2011. Google Scholar
Digital Library
- G.M. Bierman, M.J. Parkinson, and A. M. Pitts. MJ: An imperative core calculus for java and java with effects. Technical report, Cambridge, 2003.Google Scholar
- L. Birkedal and H. Yang. Relational parametricity and separation logic. In FoSSaCS, pages 93--107, 2007. Google Scholar
Digital Library
- N. Charlton. Hoare logic for higher order store using simple semantics. In Proc. of WOLLIC 2011, 2011. Google Scholar
Digital Library
- T. Dinsdale-Young, M. Dodds, P. Gardner, M. Parkinson, and V. Vafeiadis. Concurrent abstract predicates. ECOOP, 2010. Google Scholar
Digital Library
- D. Distefano and M. Parkinson. jStar: towards practical verification for Java. In OOPSLA '08, pages 213--226. ACM, 2008. Google Scholar
Digital Library
- M. Dodds, X. Feng, M.J. Parkinson, and V. Vafeiadis. Deny-guarantee reasoning, 2009.Google Scholar
- D. Dreyer, G. Neis, and L. Birkedal. The impact of higher-order state and control effects on local relational reasoning. In ICFP, pages 143--156, 2010. Google Scholar
Digital Library
- P. Gardner, S. Maffeis, and G. Smith. Towards a program logic for JavaScript. Imperial College London Technical Report number DTR11--11, November 2011.Google Scholar
- A. Guha, C. Saftoiu, and S. Krishnamurthi. The Essence of JavaScript. ECOOP 2010, pages 126--150, 2010. Google Scholar
Digital Library
- D. Herman and C. Flanagan. Status report: specifying JavaScript with ML. In Proc. of ML'07, pages 47--52, 2007. Google Scholar
Digital Library
- ECMA International. ECMAScript language specification. stardard ECMA-262, 3rd Edition, 1999.Google Scholar
- jQuery: The write less, do more, JavaScript library. http://jquery.com.Google Scholar
- S. Maffeis, J. C. Mitchell, and A. Taly. Isolating javascript with filters, rewriting, and wrappers. In ESORICS, pages 505--522, 2009. Google Scholar
Digital Library
- S. Maffeis, J. C. Mitchell, and A. Taly. Object capabilities and isolation of untrusted web applications. In IEEE Symposium on Security and Privacy, pages 125--140, 2010. Google Scholar
Digital Library
- S. Maffeis, J.C. Mitchell, and A. Taly. An operational semantics for JavaScript. In Proc. of APLAS'08, LNCS, 2008. Google Scholar
Digital Library
- S. Maffeis and A. Taly. Language-based isolation of untrusted javascript. In CSF, pages 77--91, 2009. Google Scholar
Digital Library
- P. O'Hearn, J. C. Reynolds, and H. Yang. Local reasoning about programs that alter data structures. In CSL, 2001. Google Scholar
Digital Library
- P. W. OHearn. Resources, concurrency, and local reasoning. Theor. Comput. Sci., 375(1--3):271--307, 2007. Google Scholar
Digital Library
- Changhee Park, Hongki Lee, and Sukyoung Ryu. An empirical study on the rewritability of the with statement in javascript. In FOOL, 2011.Google Scholar
- M. Parkinson and G. M. Bierman. Separation logic, abstraction and inheritance. In POPL, 2008. Google Scholar
Digital Library
- M. J. Parkinson. Local reasoning for Java. Technical Report 654, Univ. of Cambridge Computer Laboratory, 2005. Ph.D. dissertation.Google Scholar
- Prototype Core Team. Prototype JavaScript framework: Easy Ajax and DOM manipulation for dynamic web applications. http://www.prototypejs.org.Google Scholar
- Dave Raggett. W3C Slidy. http://www.w3.org/Talks/Tools/Slidy2/, 2005.Google Scholar
- G. Richards, C. Hammer, B. Burg, and J. Vitek. The Eval that men do Ð A large-scale study of the use of Eval in JavaScript applications. Accepted for publication at ECOOP 2011. Google Scholar
Digital Library
- G. Richards, S. Lebresne, B. Burg, and J. Vitek. An analysis of the dynamic behavior of JavaScript programs. In PLDI, 2010. Google Scholar
Digital Library
- J. Schwinghammer, L. Birkedal, B. Reus, and H. Yang. Nested hoare triples and frame rules for higher-order store. In In Proc. of CSL'09, 2009. Google Scholar
Digital Library
- G. D. Smith. Local reasoning about web programs. PhD Thesis, Dep. of Computing, Imperial College London, 2011.Google Scholar
- A. Taly, U. Erlingsson, M. S. Miller, J. C. Mitchell, and J. Nagra. Automated analysis of security-critical javascript apis. In Proc. of IEEE Security and Privacy '11. IEEE, 2011. Google Scholar
Digital Library
- P. Thiemann. Towards a type system for analyzing javascript programs. In Proc. of ESOP '05, volume 3444 of LNCS, 2005. Google Scholar
Digital Library
- P. Thiemann. A type safe DOM API. In Proc. of DBPL, pages 169--183, 2005. Google Scholar
Digital Library
- V. Vafeiadis. Concurrent separation logic and operational semantics. In MFPS11, 2011.Google Scholar
Digital Library
- Viktor Vafeiadis and M. Parkinson. A marriage of rely/guarantee and separation logic. In IN 18TH CONCUR. Springer, 2007. Google Scholar
Digital Library
- H. Yang, O. Lee, J. Berdine, C. Calcagno, B. Cook, D. Distefano, and P. O'Hearn. Scalable shape analysis for systems code. In CAV, 2008. Google Scholar
Digital Library
- D. Yu, A. Chander, N. Islam, and I. Serikov. JavaScript instrumentation for browser security. In Proc. of POPL'07, 2007. Google Scholar
Digital Library
Index Terms
Towards a program logic for JavaScript
Recommendations
Towards a program logic for JavaScript
POPL '12: Proceedings of the 39th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languagesJavaScript has become the most widely used language for client-side web programming. The dynamic nature of JavaScript makes understanding its code notoriously difficult, leading to buggy programs and a lack of adequate static-analysis tools. We believe ...







Comments