skip to main content
research-article

Determinacy in static analysis for jQuery

Published:15 October 2014Publication History
Skip Abstract Section

Abstract

Static analysis for JavaScript can potentially help programmers find errors early during development. Although much progress has been made on analysis techniques, a major obstacle is the prevalence of libraries, in particular jQuery, which apply programming patterns that have detrimental consequences on the analysis precision and performance. Previous work on dynamic determinacy analysis has demonstrated how information about program expressions that always resolve to a fixed value in some call context may lead to significant scalability improvements of static analysis for such code. We present a static dataflow analysis for JavaScript that infers and exploits determinacy information on-the-fly, to enable analysis of some of the most complex parts of jQuery. The analysis combines selective context and path sensitivity, constant propagation, and branch pruning, based on a systematic investigation of the main causes of analysis imprecision when using a more basic analysis.

The techniques are implemented in the TAJS analysis tool and evaluated on a collection of small programs that use jQuery. Our results show that the proposed analysis techniques boost both precision and performance, specifically for inferring type information and call graphs.

References

  1. F. Allen and J. Cocke. A catalogue of optimizing transformations. In Design and Optimization of Compilers, pages 1--30. Prentice-Hall, 1971.Google ScholarGoogle Scholar
  2. C. Anderson, P. Giannini, and S. Drossopoulou. Towards type inference for JavaScript. In Proc. 19th European Conference on Object-Oriented Programming, July 2005. Google ScholarGoogle ScholarDigital LibraryDigital Library
  3. G. Balakrishnan and T. W. Reps. Recency-abstraction for heap-allocated storage. In Proc. 13th International Static Analysis Symposium, August 2006. Google ScholarGoogle ScholarDigital LibraryDigital Library
  4. T. Ball and S. K. Rajamani. Bebop: a path-sensitive interprocedural dataflow engine. In Proc. ACM SIGPLAN-SIGSOFT Workshop on Program Analysis For Software Tools and Engineering, June 2001. Google ScholarGoogle ScholarDigital LibraryDigital Library
  5. R. Chugh, J. A. Meister, R. Jhala, and S. Lerner. Staged information flow for JavaScript. In Proc. 30th ACM SIGPLAN Conference on Programming Language Design and Implementation, June 2009. Google ScholarGoogle ScholarDigital LibraryDigital Library
  6. ECMA. ECMAScript Language Specification, 3rd edition, 2000. ECMA-262.Google ScholarGoogle Scholar
  7. A. Feldthaus and A. Møller. Semi-automatic rename refactoring for JavaScript. In Proc. 28th ACM SIGPLAN Conference on Object-Oriented Programming, Systems, Languages, and Applications, October 2013. Google ScholarGoogle ScholarDigital LibraryDigital Library
  8. A. Feldthaus, T. Millstein, A. Møller, M. Schäfer, and F. Tip. Tool-supported refactoring for JavaScript. In Proc. 26th ACM SIGPLAN Conference on Object-Oriented Programming, Systems, Languages, and Applications, October 2011. Google ScholarGoogle ScholarDigital LibraryDigital Library
  9. A. Feldthaus, M. Schäfer, M. Sridharan, J. Dolby, and F. Tip. Efficient construction of approximate call graphs for JavaScript IDE services. In Proc. 35th International Conference on Software Engineering, May 2013. Google ScholarGoogle ScholarDigital LibraryDigital Library
  10. S. Guarnieri and V. B. Livshits. Gatekeeper: Mostly static enforcement of security and reliability policies for JavaScript code. In Proc. 18th USENIX Security Symposium, August 2009. Google ScholarGoogle ScholarDigital LibraryDigital Library
  11. S. Guarnieri, M. Pistoia, O. Tripp, J. Dolby, S. Teilhet, and R. Berg. Saving the world wide web from vulnerable JavaScript. In Proc. 20th International Symposium on Software Testing and Analysis. ACM, July 2011. Google ScholarGoogle ScholarDigital LibraryDigital Library
  12. A. Guha, S. Krishnamurthi, and T. Jim. Using static analysis for Ajax intrusion detection. In Proc. 18th International Conference on World Wide Web. ACM, May 2009. Google ScholarGoogle ScholarDigital LibraryDigital Library
  13. B. Hackett and S. Guo. Fast and precise hybrid type inference for JavaScript. In Proc. ACM SIGPLAN Conference on Programming Language Design and Implementation, June 2012. Google ScholarGoogle ScholarDigital LibraryDigital Library
  14. D. Jang and K.-M. Choe. Points-to analysis for JavaScript. In Proc. 24th Annual ACM Symposium on Applied Computing, Programming Language Track, March 2009. Google ScholarGoogle ScholarDigital LibraryDigital Library
  15. S. H. Jensen, A. Møller, and P. Thiemann. Type analysis for JavaScript. In Proc. 16th International Static Analysis Symposium, August 2009. Google ScholarGoogle ScholarDigital LibraryDigital Library
  16. S. H. Jensen, A. Møller, and P. Thiemann. Interprocedural analysis with lazy propagation. In Proc. 17th International Static Analysis Symposium, September 2010. Google ScholarGoogle ScholarDigital LibraryDigital Library
  17. S. H. Jensen, M. Madsen, and A. Møller. Modeling the HTML DOM and browser API in static analysis of JavaScript web applications. In Proc. European Software Engineering Conference / ACM SIGSOFT Symposium on the Foundations of Software Engineering, September 2011. Google ScholarGoogle ScholarDigital LibraryDigital Library
  18. S. H. Jensen, P. A. Jonsson, and A. Møller. Remedying the eval that men do. In Proc. 21st International Symposium on Software Testing and Analysis, July 2012. Google ScholarGoogle ScholarDigital LibraryDigital Library
  19. J. B. Kam and J. D. Ullman. Monotone data flow analysis frameworks. Acta Informatica, 7:305--317, 1977. Springer.Google ScholarGoogle ScholarDigital LibraryDigital Library
  20. V. Kashyap, J. Sarracino, J. Wagner, B. Wiedermann, and B. Hardekopf. Type refinement for static analysis of JavaScript. In Proc. 9th Symposium on Dynamic Languages, October 2013. Google ScholarGoogle ScholarDigital LibraryDigital Library
  21. G. Kastrinis and Y. Smaragdakis. Hybrid context-sensitivity for points-to analysis. In ACM SIGPLAN Conference on Programming Language Design and Implementation, June 2013. Google ScholarGoogle ScholarDigital LibraryDigital Library
  22. B. S. Lerner, L. Elberty, J. Li, and S. Krishnamurthi. Combining form and function: Static types for JQuery programs. In Proc. 27th European Conference on Object-Oriented Programming, July 2013. Google ScholarGoogle ScholarDigital LibraryDigital Library
  23. F. Logozzo and H. Venter. RATA: Rapid atomic type analysis by abstract interpretation - application to JavaScript optimization. In Proc. 19th International Conference on Compiler Construction, March 2010. Google ScholarGoogle ScholarDigital LibraryDigital Library
  24. M. Madsen, B. Livshits, and M. Fanning. Practical static analysis of JavaScript applications in the presence of frameworks and libraries. In Proc. European Software Engineering Conference/ACM SIGSOFT Symposium on the Foundations of Software Engineering, August 2013. Google ScholarGoogle ScholarDigital LibraryDigital Library
  25. M. Might and O. Shivers. Improving flow analyses via CFA: abstract garbage collection and counting. In Proc. 11th ACM SIGPLAN International Conference on Functional Programming, September 2006. Google ScholarGoogle ScholarDigital LibraryDigital Library
  26. A. Milanova, A. Rountev, and B. G. Ryder. Parameterized object sensitivity for points-to analysis for Java. ACM Transactions on Software Engineering and Methodology, 14(1), 2005. Google ScholarGoogle ScholarDigital LibraryDigital Library
  27. J. Plevyak and A. A. Chien. Precise concrete type inference for object-oriented languages. In Proc. 9th Annual Conference on Object-Oriented Programming Systems, Languages, and Applications, October 1994. Google ScholarGoogle ScholarDigital LibraryDigital Library
  28. T. W. Reps, S. Schwoon, S. Jha, and D. Melski. Weighted pushdown systems and their application to interprocedural dataflow analysis. Science of Computer Programming, 58(1--2):206--263, 2005. Google ScholarGoogle ScholarDigital LibraryDigital Library
  29. M. Schäfer, M. Sridharan, J. Dolby, and F. Tip. Dynamic determinacy analysis. In Proc. ACM SIGPLAN Conference on Programming Language Design and Implementation, June 2013. Google ScholarGoogle ScholarDigital LibraryDigital Library
  30. M. Shapiro and S. Horwitz. The effects of the precision of pointer analysis. In Proc. 4th International Symposium on Static Analysis, September 1997. Google ScholarGoogle ScholarDigital LibraryDigital Library
  31. M. Sharir and A. Pnueli. Two approaches to interprocedural dataflow analysis. In Program Flow Analysis: Theory and Applications, pages 189--233. Prentice-Hall, 1981.Google ScholarGoogle Scholar
  32. O. Shivers. Control-Flow Analysis of Higher-Order Languages. PhD thesis, Carnegie Mellon University, 1991. Google ScholarGoogle ScholarDigital LibraryDigital Library
  33. M. Sridharan, J. Dolby, S. Chandra, M. Schäfer, and F. Tip. Correlation tracking for points-to analysis of JavaScript. In Proc. 26th European Conference on Object-Oriented Programming, June 2012. Google ScholarGoogle ScholarDigital LibraryDigital Library
  34. P. Thiemann. Towards a type system for analyzing JavaScript programs. In Proc. Programming Languages and Systems, 14th European Symposium on Programming, April 2005. Google ScholarGoogle ScholarDigital LibraryDigital Library
  35. W3Techs. Usage of JavaScript libraries for websites, 2014. http://w3techs.com/technologies/overview/javascript_library/all.Google ScholarGoogle Scholar
  36. M. N. Wegman and F. K. Zadeck. Constant propagation with conditional branches. ACM Transactions on Programming Languages and Systems, 12(2):181--210, 1991. Google ScholarGoogle ScholarDigital LibraryDigital Library
  37. S. Wei and B. G. Ryder. Practical blended taint analysis for JavaScript. In Proc. 22nd International Symposium on Software Testing and Analysis, July 2013. Google ScholarGoogle ScholarDigital LibraryDigital Library
  38. B. Yankov et al. TypeScript type definition for jQuery, 2014. https://github.com/borisyankov/DefinitelyTyped/blob/master/jquery/jquery.d.ts.Google ScholarGoogle Scholar
  39. Y. Zheng, T. Bao, and X. Zhang. Statically locating web application bugs caused by asynchronous calls. In Proc. 20th International Conference on World Wide Web, March/April 2011. Google ScholarGoogle ScholarDigital LibraryDigital Library

Index Terms

  1. Determinacy in static analysis for jQuery

            Recommendations

            Comments

            Login options

            Check if you have access through your login credentials or your institution to get full access on this article.

            Sign in

            Full Access

            • Published in

              cover image ACM SIGPLAN Notices
              ACM SIGPLAN Notices  Volume 49, Issue 10
              OOPSLA '14
              October 2014
              907 pages
              ISSN:0362-1340
              EISSN:1558-1160
              DOI:10.1145/2714064
              • Editor:
              • Andy Gill
              Issue’s Table of Contents
              • cover image ACM Conferences
                OOPSLA '14: Proceedings of the 2014 ACM International Conference on Object Oriented Programming Systems Languages & Applications
                October 2014
                946 pages
                ISBN:9781450325851
                DOI:10.1145/2660193

              Copyright © 2014 ACM

              Publisher

              Association for Computing Machinery

              New York, NY, United States

              Publication History

              • Published: 15 October 2014

              Check for updates

              Qualifiers

              • research-article

            PDF Format

            View or Download as a PDF file.

            PDF

            eReader

            View online with eReader.

            eReader
            About Cookies On This Site

            We use cookies to ensure that we give you the best experience on our website.

            Learn more

            Got it!