Abstract
We present an analysis for identifying determinate variables and expressions that always have the same value at a given program point. This information can be exploited by client analyses and tools to, e.g., identify dead code or specialize uses of dynamic language constructs such as eval, replacing them with equivalent static constructs. Our analysis is completely dynamic and only needs to observe a single execution of the program, yet the determinacy facts it infers hold for any execution. We present a formal soundness proof of the analysis for a simple imperative language, and a prototype implementation that handles full JavaScript. Finally, we report on two case studies that explored how static analysis for JavaScript could leverage the information gathered by dynamic determinacy analysis. We found that in some cases scalability of static pointer analysis was improved dramatically, and that many uses of runtime code generation could be eliminated.
- Umut A. Acar. Self-Adjusting Computation. Ph.D. thesis, Carnegie Mellon University, 2005. Google Scholar
Digital Library
- Shay Artzi, Julian Dolby, Simon Holm Jensen, Anders Møller, and Frank Tip. A Framework for Automated Testing of JavaScript Web Applications. In ICSE, 2011. Google Scholar
Digital Library
- Thomas H. Austin and Cormac Flanagan. Efficient Purely-Dynamic Information Flow Analysis. In PLAS, 2009. Google Scholar
Digital Library
- Thomas H. Austin and Cormac Flanagan. Multiple Facets for Dynamic Information Flow. In POPL, 2012. Google Scholar
Digital Library
- Eric Bodden, Andreas Sewe, Jan Sinschek, Hela Oueslati, and Mira Mezini. Taming Reflection: Aiding Static Analysis in the Presence of Reflection and Custom Class Loaders. In ICSE, 2011. Google Scholar
Digital Library
- Yan Chen, Joshua Dunfield, and Umut A. Acar. Type-Directed Automatic Incrementalization. In PLDI, 2012. Google Scholar
Digital Library
- Yan Chen, Joshua Dunfield, Matthew Hammer, and Umut Acar. Implicit Self-Adjusting Computation for Purely Functional Programs. In ICFP, 2011. Google Scholar
Digital Library
- Aske Simon Christensen, Anders Møller, and Michael I. Schwartzbach. Precise Analysis of String Expressions. In SAS, 2003.Google Scholar
- Ravi Chugh, Jeffrey A. Meister, Ranjit Jhala, and Sorin Lerner. Staged Information Flow for JavaScript. In PLDI, 2009. Google Scholar
Digital Library
- Charles Consel. Polyvariant Binding-Time Analysis For Applicative Languages. In PEPM, 1993. Google Scholar
Digital Library
- Douglas Crockford. JavaScript: The Good Parts. O'Reilly, 2008. Google Scholar
Digital Library
- Bruno Dufour, Barbara G. Ryder, and Gary Sevitsky. Blended Analysis for Performance Understanding of Framework-based Applications. In ISSTA, 2007. Google Scholar
Digital Library
- Michael Furr, Jong-hoon An, and Jeffrey S. Foster. Profile-guided Static Typing for Dynamic Scripting Languages. In OOPSLA, 2009. Google Scholar
Digital Library
- Salvatore Guarnieri and V. Benjamin Livshits.textscGatekeeper: Mostly Static Enforcement of Security and Reliability Policies for JavaScript Code. In USENIX Security Symposium, 2009. Google Scholar
Digital Library
- Arjun Guha, Claudiu Saftoiu, and Shriram Krishnamurthi. The Essence of JavaScript. In ECOOP, 2010. Google Scholar
Digital Library
- Brian Hackett and Shu-yu Guo. Fast and Precise Hybrid Type Inference for JavaScript. In PLDI, 2012. Google Scholar
Digital Library
- Simon Holm Jensen, Peter A. Jonsson, and Anders Møller. Remedying the Eval That Men Do. In ISSTA, 2012.Google Scholar
Digital Library
- Simon Holm Jensen, Anders Møller, and Peter Thiemann. Type Analysis for JavaScript. In SAS, 2009.Google Scholar
Digital Library
- Neil D. Jones, Carsten K. Gomard, and Peter Sestoft. Partial evaluation and automatic program generation. Prentice-Hall, Inc., 1993. Google Scholar
Digital Library
- James C. King. Symbolic Execution and Program Testing. Communications of the ACM, 19(7), July 1976. Google Scholar
Digital Library
- Etienne Kneuss, Philippe Suter, and Viktor Kuncak. Runtime Instrumentation for Precise Flow-Sensitive Type Analysis. In RV, 2010. Google Scholar
Digital Library
- Xavier Leroy and Hervé Grall. Coinductive Big-Step Operational Semantics. Inf. Comput., 207(2):284--304, 2009. Google Scholar
Digital Library
- Fadi Meawad, Gregor Richards, Floréal Morandat, and Jan Vitek. Eval Begone! Semi-Automated Removal of Eval from JavaScript Programs. In OOPSLA, 2012. Google Scholar
Digital Library
- Thomas W. Reps, Stefan Schwoon, Somesh Jha, and David Melski. Weighted Pushdown Systems and Their Application to Interprocedural Dataflow Analysis. Sci. Comput. Program., 58(1--2):206--263, 2005. Google Scholar
Digital Library
- Thomas W. Reps and Tim Teitelbaum. The Synthesizer Generator. In SDE, 1984. Google Scholar
Digital Library
- Gregor Richards, Christian Hammer, Brian Burg, and Jan Vitek. The Eval That Men Do--A Large-Scale Study of the Use of Eval in JavaScript Applications. In ECOOP, 2011. Google Scholar
Digital Library
- Gregor Richards, Sylvain Lebresne, Brian Burg, and Jan Vitek. An Analysis of the Dynamic Behavior of JavaScript Programs. In PLDI, 2010. Google Scholar
Digital Library
- David A. Schmidt. Trace-Based Abstract Interpretation of Operational Semantics. Lisp and Symbolic Computation, 10(3):237--271, 1998. Google Scholar
Digital Library
- O. Shivers. Control Flow Analysis in Scheme. In PLDI, 1988. Google Scholar
Digital Library
- Manu Sridharan, Julian Dolby, Satish Chandra, Max Schäfer, and Frank Tip. Correlation Tracking for Points-To Analysis of JavaScript. In ECOOP, 2012. Google Scholar
Digital Library
- Shiyi Wei and Barbara G. Ryder. A Practical Blended Analysis for Dynamic Features in JavaScript. TR 12--18, Virginia Tech, 2012.Google Scholar
- Steve Zdancewic. Programming Languages for Information Security. PhD thesis, Cornell University, 2002. Google Scholar
Digital Library
Index Terms
Dynamic determinacy analysis
Recommendations
Dynamic determinacy analysis
PLDI '13: Proceedings of the 34th ACM SIGPLAN Conference on Programming Language Design and ImplementationWe present an analysis for identifying determinate variables and expressions that always have the same value at a given program point. This information can be exploited by client analyses and tools to, e.g., identify dead code or specialize uses of ...
Combined Static and Dynamic Analysis
Static analysis is usually faster than dynamic analysis but less precise. Therefore it is often desirable to retain information from static analysis for run-time verification, or to compare the results of both techniques. However, this requires writing ...
Accelerating JavaScript static analysis via dynamic shortcuts
ESEC/FSE 2021: Proceedings of the 29th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software EngineeringJavaScript has become one of the most widely used programming languages for web development, server-side programming, and even micro-controllers for IoT. However, its extremely functional and dynamic features degrade the performance and precision of ...







Comments