skip to main content
research-article

Type refinement for static analysis of JavaScript

Authors Info & Claims
Published:28 October 2013Publication History
Skip Abstract Section

Abstract

Static analysis of JavaScript has proven useful for a variety of purposes, including optimization, error checking, security auditing, program refactoring, and more. We propose a technique called type refinement that can improve the precision of such static analyses for JavaScript without any discernible performance impact. Refinement is a known technique that uses the conditions in branch guards to refine the analysis information propagated along each branch path. The key insight of this paper is to recognize that JavaScript semantics include many implicit conditional checks on types, and that performing type refinement on these implicit checks provides significant benefit for analysis precision.

To demonstrate the effectiveness of type refinement, we implement a static analysis tool for reporting potential type-errors in JavaScript programs. We provide an extensive empirical evaluation of type refinement using a benchmark suite containing a variety of JavaScript application domains, ranging from the standard performance benchmark suites (Sunspider and Octane), to open-source JavaScript applications, to machine-generated JavaScript via Emscripten. We show that type refinement can significantly improve analysis precision by up to 86% without affecting the performance of the analysis.

References

  1. Defensive JavaScript. http://www.defensivejs.com/. Accessed: 2013-06-05.Google ScholarGoogle Scholar
  2. Emscripten. http://emscripten.org/. Accessed: 2013-06-05.Google ScholarGoogle Scholar
  3. LINQ for JavaScript. http://linqjs.codeplex.com/. Accessed: 2013-06-05.Google ScholarGoogle Scholar
  4. Octane JavaScript Benchmark. http://code.google.com/p/octane-benchmark/. Accessed: 2013-06-05.Google ScholarGoogle Scholar
  5. Rhino Documentation. https://developer.mozilla.org/en-US/docs/Rhino. Accessed: 2013-06-05.Google ScholarGoogle Scholar
  6. SunSpider JavaScript Benchmark. http://www.webkit.org/perf/sunspider/sunspider.html. Accessed: 2013-06-05.Google ScholarGoogle Scholar
  7. T.J.Watson Libraries for Analysis (WALA). http://wala.sf.net. Accessed: 2013-06-05.Google ScholarGoogle Scholar
  8. J.-h. D. An, A. Chaudhuri, J. S. Foster, and M. Hicks. Dynamic inference of static types for ruby. In ACM SIGPLAN Symposium on Principles of Programming Languages (POPL), 2011. Google ScholarGoogle ScholarDigital LibraryDigital Library
  9. C. Anderson, P. Giannini, and S. Drossopoulou. Towards type inference for JavaScript. In European Conference on Object-Oriented Programming (ECOOP), 2005. Google ScholarGoogle ScholarDigital LibraryDigital Library
  10. G. Balakrishnan and T. Reps. Recency-abstraction for heap allocated storage. In Symposium on Static Analysis (SAS), 2006. Google ScholarGoogle ScholarDigital LibraryDigital Library
  11. R. Chugh, P. M. Rondon, and R. Jhala. Nested refinements: a logic for duck typing. In ACM SIGPLAN Symposium on Principles of Programming Languages (POPL), 2012. Google ScholarGoogle ScholarDigital LibraryDigital Library
  12. P. Cousot and R. Cousot. Abstract interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints. In ACM SIGPLAN Symposium on Principles of Programming Languages (POPL), 1977. Google ScholarGoogle ScholarDigital LibraryDigital Library
  13. A. Feldthaus, T. D. Millstein, A. Møller, M. Schäfer, and F. Tip. Toolsupported refactoring for JavaScript. In ACM SIGPLAN Conference on Object-Oriented Programming, Systems, Languages, and Applications (OOPSLA), 2011. Google ScholarGoogle ScholarDigital LibraryDigital Library
  14. T. Freeman and F. Pfenning. Refinement types for ML. In ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI), 1991. Google ScholarGoogle ScholarDigital LibraryDigital Library
  15. M. Furr, J.-h. D. An, J. S. Foster, and M. Hicks. Static type inference for ruby. In ACM symposium on Applied Computing, 2009. Google ScholarGoogle ScholarDigital LibraryDigital Library
  16. M. Gorbovitski, Y. A. Liu, S. D. Stoller, T. Rothamel, and T. K. Tekle. Alias analysis for optimization of dynamic languages. In Symposium on Dynamic Languages (DLS), 2010. Google ScholarGoogle ScholarDigital LibraryDigital Library
  17. S. Guarnieri and B. Livshits. GATEKEEPER: mostly static enforcement of security and reliability policies for JavaScript code. In USENIX security symposium (SSYM), 2009. Google ScholarGoogle ScholarDigital LibraryDigital Library
  18. S. Guarnieri, M. Pistoia, O. Tripp, J. Dolby, S. Teilhet, and R. Berg. Saving the world wide web from vulnerable javascript. In International Symposium on Software Testing and Analysis (ISSTA), 2011. Google ScholarGoogle ScholarDigital LibraryDigital Library
  19. A. Guha, S. Krishnamurthi, and T. Jim. Static analysis for ajax intrusion detection. In International World Wide Web Conference (WWW), 2009. Google ScholarGoogle ScholarDigital LibraryDigital Library
  20. A. Guha, C. Saftoiu, and S. Krishnamurthi. Typing local control and state using flow analysis. In European Symposium on Programming (ESOP), 2011. Google ScholarGoogle ScholarDigital LibraryDigital Library
  21. B. Hackett and S. Guo. Fast and precise hybrid type inference for javascript. In ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI), 2012. Google ScholarGoogle ScholarDigital LibraryDigital Library
  22. P. Heidegger and P. Thiemann. Recency Types for Analyzing Scripting Languages. In European Conference on Object-Oriented Programming, 2010. Google ScholarGoogle ScholarDigital LibraryDigital Library
  23. D. Jang and K.-M. Choe. Points-to analysis for javascript. In ACM symposium on Applied Computing (SAC), 2009. Google ScholarGoogle ScholarDigital LibraryDigital Library
  24. S. H. Jensen, A. Møller, and P. Thiemann. Type Analysis for JavaScript. In Symposium on Static Analysis (SAS), 2009. Google ScholarGoogle ScholarDigital LibraryDigital Library
  25. G. A. Kildall. A unified approach to global program optimization. In ACM SIGPLAN Symposium on Principles of Programming Languages (POPL), 1973. Google ScholarGoogle ScholarDigital LibraryDigital Library
  26. H. Lee, S. Won, J. Jin, J. Cho, and S. Ryu. Safe: Formal specification and implementation of a scalable analysis framework for ecmascript. In International Workshop on Foundations of Object-Oriented Languages (FOOL), 2012.Google ScholarGoogle Scholar
  27. F. Logozzo and H. Venter. RATA: rapid atomic type analysis by abstract interpretation -- application to JavaScript optimization. In Joint European conference on Theory and Practice of Software, international conference on Compiler Construction (CC/ETAPS), 2010. Google ScholarGoogle ScholarDigital LibraryDigital Library
  28. F. Pluquet, A. Marot, and R. Wuyts. Fast type reconstruction for dynamically typed programming languages. In Symposium on Dynamic Languages (DLS), 2009. Google ScholarGoogle ScholarDigital LibraryDigital Library
  29. H. G. Rice. Classes of Recursively Enumerable Sets and Their Decision Problems. Transactions of the American Mathematical Society, 74(2), 1953.Google ScholarGoogle Scholar
  30. M. Sridharan, J. Dolby, S. Chandra, M. Schäfer, and F. Tip. Correlation tracking for points-to analysis of javascript. In European Conference on Object-Oriented Programming (ECOOP), 2012. Google ScholarGoogle ScholarDigital LibraryDigital Library
  31. S. Tobin-Hochstadt and M. Felleisen. The design and implementation of typed scheme. In ACM SIGPLAN Symposium on Principles of Programming Languages (POPL), 2008. Google ScholarGoogle ScholarDigital LibraryDigital Library
  32. S. Tobin-Hochstadt and M. Felleisen. Logical types for untyped languages. In ACM SIGPLAN International Conference on Functional programming (ICFP), 2010. Google ScholarGoogle ScholarDigital LibraryDigital Library
  33. T. Zhao. Polymorphic type inference for scripting languages with object extensions. In Symposium on Dynamic Languages (DLS), 2011. Google ScholarGoogle ScholarDigital LibraryDigital Library

Index Terms

  1. Type refinement for static analysis of JavaScript

      Recommendations

      Comments

      Login options

      Check if you have access through your login credentials or your institution to get full access on this article.

      Sign in

      Full Access

      • Published in

        cover image ACM SIGPLAN Notices
        ACM SIGPLAN Notices  Volume 49, Issue 2
        DLS '13
        February 2014
        105 pages
        ISSN:0362-1340
        EISSN:1558-1160
        DOI:10.1145/2578856
        Issue’s Table of Contents
        • cover image ACM Conferences
          DLS '13: Proceedings of the 9th symposium on Dynamic languages
          October 2013
          118 pages
          ISBN:9781450324335
          DOI:10.1145/2508168

        Copyright © 2013 ACM

        Publisher

        Association for Computing Machinery

        New York, NY, United States

        Publication History

        • Published: 28 October 2013

        Check for updates

        Qualifiers

        • research-article

      PDF Format

      View or Download as a PDF file.

      PDF

      eReader

      View online with eReader.

      eReader
      About Cookies On This Site

      We use cookies to ensure that we give you the best experience on our website.

      Learn more

      Got it!