Abstract
jQuery is the most popular JavaScript library but the state-of-the-art static analyzers for JavaScript applications fail to analyze simple programs that use jQuery. In this paper, we present a novel abstract string domain whose elements are simple regular expressions that can represent prefix, infix, and postfix substrings of a string and even their sets. We formalize the new domain in the abstract interpretation framework with abstract models of strings and objects commonly used in the existing JavaScript analyzers. For practical use of the domain, we present polynomial-time inclusion decision rules between the regular expressions and prove that the rules exactly capture the actual inclusion relation. We have implemented the domain as an extension of the open-source JavaScript analyzer, SAFE, and we show that the extension significantly improves the scalability and precision of the baseline analyzer in analyzing programs that use jQuery.
- ECMAScript Language Specification. Edition 5.1, 2011.Google Scholar
- P. A. Abdulla, A. Bouajjani, and B. Jonsson. On-the-fly analysis of systems with unbounded, lossy fifo channels. In Proceedings of the 10th International Conference on Computer Aided Verification. Springer Berlin Heidelberg, 1998. Google Scholar
Digital Library
- E. Andreasen and A. Møller. Determinacy in static analysis for jQuery. In Proceedings of the International Conference on Object Oriented Programming Systems Languages and Applications, 2014. Google Scholar
Digital Library
- T.-H. Choi, O. Lee, H. Kim, and K.-G. Doh. A practical string analyzer by the widening approach. In Proceedings of the Asian Symposium on Programming Languages and Systems, 2006. Google Scholar
Digital Library
- A. S. Christensen, A. Møller, and M. I. Schwartzbach. Precise analysis of string expressions. In Proceedings of the International Symposium on Static Analysis, 2003. Google Scholar
Digital Library
- P. Cousot and R. Cousot. Abstract interpretation: A unified lattice model for static analysis of programs by construction or approximation of fixpoints. In Proceedings of the Symposium on Principles of Programming Languages, 1977. Google Scholar
Digital Library
- H. Hosoya, J. Vouillon, and B. C. Pierce. Regular expression types for XML. ACM Transactions on Programming Languages and Systems, 27(1):46–90, 2005. Google Scholar
Digital Library
- D. Hovland. The inclusion problem for regular expressions. Journal of Computer and System Sciences, 78(6), 2012. Google Scholar
Digital Library
- S. H. Jensen, A. Møller, and P. Thiemann. Type analysis for JavaScript. In Proceedings of the International Symposium on Static Analysis. Springer-Verlag, 2009. Google Scholar
Digital Library
- S. H. Jensen, M. Madsen, and A. Møller. Modeling the HTML DOM and browser API in static analysis of JavaScript web applications. In Proceedings of the International Symposium on Foundations of Software Engineering. ACM, 2011. Google Scholar
Digital Library
- jQuery Foundation. jQuery. http://jquery.com.Google Scholar
- KAIST PLRG. http://plrg.kaist.ac.kr/pch.Google Scholar
- V. Kashyap, K. Dewey, E. A. Kuefner, J. Wagner, K. Gibbons, J. Sarracino, B. Wiedermann, and B. Hardekopf. JSAI: A static analysis platform for JavaScript. In Proceedings of the International Symposium on Foundations of Software Engineering, 2014. Google Scholar
Digital Library
- H. Lee, S. Won, J. Jin, J. Cho, and S. Ryu. SAFE: Formal specification and implementation of a scalable analysis framework for ECMAScript. In Workshop on Foundations of Object Oriented Languages, 2012.Google Scholar
- B. S. Lerner, L. Elberty, J. Li, and S. Krishnamurthi. Combining form and function: Static types for jQuery programs. In Proceedings of the European Conference on Object-Oriented Programming, 2013. Google Scholar
Digital Library
- M. Madsen and E. Andreasen. String analysis for dynamic field access. In Proceedings of the International Conference on Compiler Construction, 2014.Google Scholar
Cross Ref
- W. Martens, F. Neven, and T. Schwentick. Complexity of decision problems for simple regular expressions. In Proceedings of the International Symposium on Mathematical Foundations of Computer Science, 2004.Google Scholar
Cross Ref
- T. Milo and D. Suciu. Index structures for path expressions. In Proceedings of the International Conference on Database Theory, 1999. Google Scholar
Digital Library
- C. Park and S. Ryu. Scalable and precise static analysis of JavaScript applications via loop-sensitivity. In Proceedings of the European Conference on Object-Oriented Programming, 2015.Google Scholar
- C. Park, S. Won, J. Jin, and S. Ryu. Static analysis of JavaScript web applications in the wild via practical DOM. In Proceedings of the International Conference on Automated Software Engineering, 2015. Google Scholar
Digital Library
- J. G. Politz, A. Guha, and S. Krishnamurthi. Semantics and types for objects with first-class member names. In Workshop on Foundations of Object Oriented Languages, 2012.Google Scholar
- M. Schäfer, M. Sridharan, J. Dolby, and F. Tip. Dynamic determinacy analysis. In Proceedings of the Conference on Programming Language Design and Implementation, 2013. Google Scholar
Digital Library
- M. Sridharan, J. Dolby, S. Chandra, M. Schäfer, and F. Tip. Correlation tracking for points-to analysis of JavaScript. In Proceedings of the European Conference on Object-Oriented Programming, 2012. Google Scholar
Digital Library
- L. J. Stockmeyer and A. R. Meyer. Word problems requiring exponential time(preliminary report). In Proceedings of the Annual ACM Symposium on Theory of Computing, 1973. Google Scholar
Digital Library
Index Terms
Precise and scalable static analysis of jQuery using a regular expression domain
Recommendations
Determinacy in static analysis for jQuery
OOPSLA '14: Proceedings of the 2014 ACM International Conference on Object Oriented Programming Systems Languages & ApplicationsStatic analysis for JavaScript can potentially help programmers find errors early during development. Although much progress has been made on analysis techniques, a major obstacle is the prevalence of libraries, in particular jQuery, which apply ...
Precise and scalable static analysis of jQuery using a regular expression domain
DLS 2016: Proceedings of the 12th Symposium on Dynamic LanguagesjQuery is the most popular JavaScript library but the state-of-the-art static analyzers for JavaScript applications fail to analyze simple programs that use jQuery. In this paper, we present a novel abstract string domain whose elements are simple ...
Systematic approaches for increasing soundness and precision of static analyzers
SOAP 2017: Proceedings of the 6th ACM SIGPLAN International Workshop on State Of the Art in Program AnalysisBuilding static analyzers for modern programming languages is difficult. Often soundness is a requirement, perhaps with some well-defined exceptions, and precision must be adequate for producing useful results on realistic input programs. Formally ...







Comments