Abstract
Static analysis for JavaScript can potentially help programmers find errors early during development. Although much progress has been made on analysis techniques, a major obstacle is the prevalence of libraries, in particular jQuery, which apply programming patterns that have detrimental consequences on the analysis precision and performance. Previous work on dynamic determinacy analysis has demonstrated how information about program expressions that always resolve to a fixed value in some call context may lead to significant scalability improvements of static analysis for such code. We present a static dataflow analysis for JavaScript that infers and exploits determinacy information on-the-fly, to enable analysis of some of the most complex parts of jQuery. The analysis combines selective context and path sensitivity, constant propagation, and branch pruning, based on a systematic investigation of the main causes of analysis imprecision when using a more basic analysis.
The techniques are implemented in the TAJS analysis tool and evaluated on a collection of small programs that use jQuery. Our results show that the proposed analysis techniques boost both precision and performance, specifically for inferring type information and call graphs.
- F. Allen and J. Cocke. A catalogue of optimizing transformations. In Design and Optimization of Compilers, pages 1--30. Prentice-Hall, 1971.Google Scholar
- C. Anderson, P. Giannini, and S. Drossopoulou. Towards type inference for JavaScript. In Proc. 19th European Conference on Object-Oriented Programming, July 2005. Google Scholar
Digital Library
- G. Balakrishnan and T. W. Reps. Recency-abstraction for heap-allocated storage. In Proc. 13th International Static Analysis Symposium, August 2006. Google Scholar
Digital Library
- T. Ball and S. K. Rajamani. Bebop: a path-sensitive interprocedural dataflow engine. In Proc. ACM SIGPLAN-SIGSOFT Workshop on Program Analysis For Software Tools and Engineering, June 2001. Google Scholar
Digital Library
- R. Chugh, J. A. Meister, R. Jhala, and S. Lerner. Staged information flow for JavaScript. In Proc. 30th ACM SIGPLAN Conference on Programming Language Design and Implementation, June 2009. Google Scholar
Digital Library
- ECMA. ECMAScript Language Specification, 3rd edition, 2000. ECMA-262.Google Scholar
- A. Feldthaus and A. Møller. Semi-automatic rename refactoring for JavaScript. In Proc. 28th ACM SIGPLAN Conference on Object-Oriented Programming, Systems, Languages, and Applications, October 2013. Google Scholar
Digital Library
- A. Feldthaus, T. Millstein, A. Møller, M. Schäfer, and F. Tip. Tool-supported refactoring for JavaScript. In Proc. 26th ACM SIGPLAN Conference on Object-Oriented Programming, Systems, Languages, and Applications, October 2011. Google Scholar
Digital Library
- A. Feldthaus, M. Schäfer, M. Sridharan, J. Dolby, and F. Tip. Efficient construction of approximate call graphs for JavaScript IDE services. In Proc. 35th International Conference on Software Engineering, May 2013. Google Scholar
Digital Library
- S. Guarnieri and V. B. Livshits. Gatekeeper: Mostly static enforcement of security and reliability policies for JavaScript code. In Proc. 18th USENIX Security Symposium, August 2009. Google Scholar
Digital Library
- S. Guarnieri, M. Pistoia, O. Tripp, J. Dolby, S. Teilhet, and R. Berg. Saving the world wide web from vulnerable JavaScript. In Proc. 20th International Symposium on Software Testing and Analysis. ACM, July 2011. Google Scholar
Digital Library
- A. Guha, S. Krishnamurthi, and T. Jim. Using static analysis for Ajax intrusion detection. In Proc. 18th International Conference on World Wide Web. ACM, May 2009. Google Scholar
Digital Library
- B. Hackett and S. Guo. Fast and precise hybrid type inference for JavaScript. In Proc. ACM SIGPLAN Conference on Programming Language Design and Implementation, June 2012. Google Scholar
Digital Library
- D. Jang and K.-M. Choe. Points-to analysis for JavaScript. In Proc. 24th Annual ACM Symposium on Applied Computing, Programming Language Track, March 2009. Google Scholar
Digital Library
- S. H. Jensen, A. Møller, and P. Thiemann. Type analysis for JavaScript. In Proc. 16th International Static Analysis Symposium, August 2009. Google Scholar
Digital Library
- S. H. Jensen, A. Møller, and P. Thiemann. Interprocedural analysis with lazy propagation. In Proc. 17th International Static Analysis Symposium, September 2010. Google Scholar
Digital Library
- S. H. Jensen, M. Madsen, and A. Møller. Modeling the HTML DOM and browser API in static analysis of JavaScript web applications. In Proc. European Software Engineering Conference / ACM SIGSOFT Symposium on the Foundations of Software Engineering, September 2011. Google Scholar
Digital Library
- S. H. Jensen, P. A. Jonsson, and A. Møller. Remedying the eval that men do. In Proc. 21st International Symposium on Software Testing and Analysis, July 2012. Google Scholar
Digital Library
- J. B. Kam and J. D. Ullman. Monotone data flow analysis frameworks. Acta Informatica, 7:305--317, 1977. Springer.Google Scholar
Digital Library
- V. Kashyap, J. Sarracino, J. Wagner, B. Wiedermann, and B. Hardekopf. Type refinement for static analysis of JavaScript. In Proc. 9th Symposium on Dynamic Languages, October 2013. Google Scholar
Digital Library
- G. Kastrinis and Y. Smaragdakis. Hybrid context-sensitivity for points-to analysis. In ACM SIGPLAN Conference on Programming Language Design and Implementation, June 2013. Google Scholar
Digital Library
- B. S. Lerner, L. Elberty, J. Li, and S. Krishnamurthi. Combining form and function: Static types for JQuery programs. In Proc. 27th European Conference on Object-Oriented Programming, July 2013. Google Scholar
Digital Library
- F. Logozzo and H. Venter. RATA: Rapid atomic type analysis by abstract interpretation - application to JavaScript optimization. In Proc. 19th International Conference on Compiler Construction, March 2010. Google Scholar
Digital Library
- M. Madsen, B. Livshits, and M. Fanning. Practical static analysis of JavaScript applications in the presence of frameworks and libraries. In Proc. European Software Engineering Conference/ACM SIGSOFT Symposium on the Foundations of Software Engineering, August 2013. Google Scholar
Digital Library
- M. Might and O. Shivers. Improving flow analyses via CFA: abstract garbage collection and counting. In Proc. 11th ACM SIGPLAN International Conference on Functional Programming, September 2006. Google Scholar
Digital Library
- A. Milanova, A. Rountev, and B. G. Ryder. Parameterized object sensitivity for points-to analysis for Java. ACM Transactions on Software Engineering and Methodology, 14(1), 2005. Google Scholar
Digital Library
- J. Plevyak and A. A. Chien. Precise concrete type inference for object-oriented languages. In Proc. 9th Annual Conference on Object-Oriented Programming Systems, Languages, and Applications, October 1994. Google Scholar
Digital Library
- T. W. Reps, S. Schwoon, S. Jha, and D. Melski. Weighted pushdown systems and their application to interprocedural dataflow analysis. Science of Computer Programming, 58(1--2):206--263, 2005. Google Scholar
Digital Library
- M. Schäfer, M. Sridharan, J. Dolby, and F. Tip. Dynamic determinacy analysis. In Proc. ACM SIGPLAN Conference on Programming Language Design and Implementation, June 2013. Google Scholar
Digital Library
- M. Shapiro and S. Horwitz. The effects of the precision of pointer analysis. In Proc. 4th International Symposium on Static Analysis, September 1997. Google Scholar
Digital Library
- M. Sharir and A. Pnueli. Two approaches to interprocedural dataflow analysis. In Program Flow Analysis: Theory and Applications, pages 189--233. Prentice-Hall, 1981.Google Scholar
- O. Shivers. Control-Flow Analysis of Higher-Order Languages. PhD thesis, Carnegie Mellon University, 1991. Google Scholar
Digital Library
- M. Sridharan, J. Dolby, S. Chandra, M. Schäfer, and F. Tip. Correlation tracking for points-to analysis of JavaScript. In Proc. 26th European Conference on Object-Oriented Programming, June 2012. Google Scholar
Digital Library
- P. Thiemann. Towards a type system for analyzing JavaScript programs. In Proc. Programming Languages and Systems, 14th European Symposium on Programming, April 2005. Google Scholar
Digital Library
- W3Techs. Usage of JavaScript libraries for websites, 2014. http://w3techs.com/technologies/overview/javascript_library/all.Google Scholar
- M. N. Wegman and F. K. Zadeck. Constant propagation with conditional branches. ACM Transactions on Programming Languages and Systems, 12(2):181--210, 1991. Google Scholar
Digital Library
- S. Wei and B. G. Ryder. Practical blended taint analysis for JavaScript. In Proc. 22nd International Symposium on Software Testing and Analysis, July 2013. Google Scholar
Digital Library
- B. Yankov et al. TypeScript type definition for jQuery, 2014. https://github.com/borisyankov/DefinitelyTyped/blob/master/jquery/jquery.d.ts.Google Scholar
- Y. Zheng, T. Bao, and X. Zhang. Statically locating web application bugs caused by asynchronous calls. In Proc. 20th International Conference on World Wide Web, March/April 2011. Google Scholar
Digital Library
Index Terms
Determinacy in static analysis for jQuery
Recommendations
Determinacy in static analysis for jQuery
OOPSLA '14: Proceedings of the 2014 ACM International Conference on Object Oriented Programming Systems Languages & ApplicationsStatic analysis for JavaScript can potentially help programmers find errors early during development. Although much progress has been made on analysis techniques, a major obstacle is the prevalence of libraries, in particular jQuery, which apply ...
Points-to analysis for JavaScript
SAC '09: Proceedings of the 2009 ACM symposium on Applied ComputingJavaScript is widely used by web developers and the complexity of JavaScript programs has increased over the last year. Therefore, the need for program analysis for JavaScript is evident. Points-to analysis for JavaScript is to determine the set of ...
Interprocedural pointer alias analysis
We present practical approximation methods for computing and representing interprocedural aliases for a program written in a language that includes pointers, reference parameters, and recursion. We present the following contributions: (1) a framework ...







Comments