Abstract
Static analysis of JavaScript has proven useful for a variety of purposes, including optimization, error checking, security auditing, program refactoring, and more. We propose a technique called type refinement that can improve the precision of such static analyses for JavaScript without any discernible performance impact. Refinement is a known technique that uses the conditions in branch guards to refine the analysis information propagated along each branch path. The key insight of this paper is to recognize that JavaScript semantics include many implicit conditional checks on types, and that performing type refinement on these implicit checks provides significant benefit for analysis precision.
To demonstrate the effectiveness of type refinement, we implement a static analysis tool for reporting potential type-errors in JavaScript programs. We provide an extensive empirical evaluation of type refinement using a benchmark suite containing a variety of JavaScript application domains, ranging from the standard performance benchmark suites (Sunspider and Octane), to open-source JavaScript applications, to machine-generated JavaScript via Emscripten. We show that type refinement can significantly improve analysis precision by up to 86% without affecting the performance of the analysis.
- Defensive JavaScript. http://www.defensivejs.com/. Accessed: 2013-06-05.Google Scholar
- Emscripten. http://emscripten.org/. Accessed: 2013-06-05.Google Scholar
- LINQ for JavaScript. http://linqjs.codeplex.com/. Accessed: 2013-06-05.Google Scholar
- Octane JavaScript Benchmark. http://code.google.com/p/octane-benchmark/. Accessed: 2013-06-05.Google Scholar
- Rhino Documentation. https://developer.mozilla.org/en-US/docs/Rhino. Accessed: 2013-06-05.Google Scholar
- SunSpider JavaScript Benchmark. http://www.webkit.org/perf/sunspider/sunspider.html. Accessed: 2013-06-05.Google Scholar
- T.J.Watson Libraries for Analysis (WALA). http://wala.sf.net. Accessed: 2013-06-05.Google Scholar
- J.-h. D. An, A. Chaudhuri, J. S. Foster, and M. Hicks. Dynamic inference of static types for ruby. In ACM SIGPLAN Symposium on Principles of Programming Languages (POPL), 2011. Google Scholar
Digital Library
- C. Anderson, P. Giannini, and S. Drossopoulou. Towards type inference for JavaScript. In European Conference on Object-Oriented Programming (ECOOP), 2005. Google Scholar
Digital Library
- G. Balakrishnan and T. Reps. Recency-abstraction for heap allocated storage. In Symposium on Static Analysis (SAS), 2006. Google Scholar
Digital Library
- R. Chugh, P. M. Rondon, and R. Jhala. Nested refinements: a logic for duck typing. In ACM SIGPLAN Symposium on Principles of Programming Languages (POPL), 2012. Google Scholar
Digital Library
- P. Cousot and R. Cousot. Abstract interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints. In ACM SIGPLAN Symposium on Principles of Programming Languages (POPL), 1977. Google Scholar
Digital Library
- A. Feldthaus, T. D. Millstein, A. Møller, M. Schäfer, and F. Tip. Toolsupported refactoring for JavaScript. In ACM SIGPLAN Conference on Object-Oriented Programming, Systems, Languages, and Applications (OOPSLA), 2011. Google Scholar
Digital Library
- T. Freeman and F. Pfenning. Refinement types for ML. In ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI), 1991. Google Scholar
Digital Library
- M. Furr, J.-h. D. An, J. S. Foster, and M. Hicks. Static type inference for ruby. In ACM symposium on Applied Computing, 2009. Google Scholar
Digital Library
- M. Gorbovitski, Y. A. Liu, S. D. Stoller, T. Rothamel, and T. K. Tekle. Alias analysis for optimization of dynamic languages. In Symposium on Dynamic Languages (DLS), 2010. Google Scholar
Digital Library
- S. Guarnieri and B. Livshits. GATEKEEPER: mostly static enforcement of security and reliability policies for JavaScript code. In USENIX security symposium (SSYM), 2009. Google Scholar
Digital Library
- S. Guarnieri, M. Pistoia, O. Tripp, J. Dolby, S. Teilhet, and R. Berg. Saving the world wide web from vulnerable javascript. In International Symposium on Software Testing and Analysis (ISSTA), 2011. Google Scholar
Digital Library
- A. Guha, S. Krishnamurthi, and T. Jim. Static analysis for ajax intrusion detection. In International World Wide Web Conference (WWW), 2009. Google Scholar
Digital Library
- A. Guha, C. Saftoiu, and S. Krishnamurthi. Typing local control and state using flow analysis. In European Symposium on Programming (ESOP), 2011. Google Scholar
Digital Library
- B. Hackett and S. Guo. Fast and precise hybrid type inference for javascript. In ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI), 2012. Google Scholar
Digital Library
- P. Heidegger and P. Thiemann. Recency Types for Analyzing Scripting Languages. In European Conference on Object-Oriented Programming, 2010. Google Scholar
Digital Library
- D. Jang and K.-M. Choe. Points-to analysis for javascript. In ACM symposium on Applied Computing (SAC), 2009. Google Scholar
Digital Library
- S. H. Jensen, A. Møller, and P. Thiemann. Type Analysis for JavaScript. In Symposium on Static Analysis (SAS), 2009. Google Scholar
Digital Library
- G. A. Kildall. A unified approach to global program optimization. In ACM SIGPLAN Symposium on Principles of Programming Languages (POPL), 1973. Google Scholar
Digital Library
- H. Lee, S. Won, J. Jin, J. Cho, and S. Ryu. Safe: Formal specification and implementation of a scalable analysis framework for ecmascript. In International Workshop on Foundations of Object-Oriented Languages (FOOL), 2012.Google Scholar
- F. Logozzo and H. Venter. RATA: rapid atomic type analysis by abstract interpretation -- application to JavaScript optimization. In Joint European conference on Theory and Practice of Software, international conference on Compiler Construction (CC/ETAPS), 2010. Google Scholar
Digital Library
- F. Pluquet, A. Marot, and R. Wuyts. Fast type reconstruction for dynamically typed programming languages. In Symposium on Dynamic Languages (DLS), 2009. Google Scholar
Digital Library
- H. G. Rice. Classes of Recursively Enumerable Sets and Their Decision Problems. Transactions of the American Mathematical Society, 74(2), 1953.Google Scholar
- M. Sridharan, J. Dolby, S. Chandra, M. Schäfer, and F. Tip. Correlation tracking for points-to analysis of javascript. In European Conference on Object-Oriented Programming (ECOOP), 2012. Google Scholar
Digital Library
- S. Tobin-Hochstadt and M. Felleisen. The design and implementation of typed scheme. In ACM SIGPLAN Symposium on Principles of Programming Languages (POPL), 2008. Google Scholar
Digital Library
- S. Tobin-Hochstadt and M. Felleisen. Logical types for untyped languages. In ACM SIGPLAN International Conference on Functional programming (ICFP), 2010. Google Scholar
Digital Library
- T. Zhao. Polymorphic type inference for scripting languages with object extensions. In Symposium on Dynamic Languages (DLS), 2011. Google Scholar
Digital Library
Index Terms
Type refinement for static analysis of JavaScript
Recommendations
Static analysis of event-driven Node.js JavaScript applications
OOPSLA '15Many JavaScript programs are written in an event-driven style. In particular, in server-side Node.js applications, operations involving sockets, streams, and files are typically performed in an asynchronous manner, where the execution of listeners is ...
Type refinement for static analysis of JavaScript
DLS '13: Proceedings of the 9th symposium on Dynamic languagesStatic analysis of JavaScript has proven useful for a variety of purposes, including optimization, error checking, security auditing, program refactoring, and more. We propose a technique called type refinement that can improve the precision of such ...
Points-to analysis for JavaScript
SAC '09: Proceedings of the 2009 ACM symposium on Applied ComputingJavaScript is widely used by web developers and the complexity of JavaScript programs has increased over the last year. Therefore, the need for program analysis for JavaScript is evident. Points-to analysis for JavaScript is to determine the set of ...







Comments