skip to main content
research-article
Open Access
Artifacts Available
Artifacts Evaluated & Functional

JaVerT: JavaScript verification toolchain

Published:27 December 2017Publication History
Skip Abstract Section

Abstract

The dynamic nature of JavaScript and its complex semantics make it a difficult target for logic-based verification. We introduce JaVerT, a semi-automatic JavaScript Verification Toolchain, based on separation logic and aimed at the specialist developer wanting rich, mechanically verified specifications of critical JavaScript code. To specify JavaScript programs, we design abstractions that capture its key heap structures (for example, prototype chains and function closures), allowing the developer to write clear and succinct specifications with minimal knowledge of the JavaScript internals. To verify JavaScript programs, we develop JaVerT, a verification pipeline consisting of: JS-2-JSIL, a well-tested compiler from JavaScript to JSIL, an intermediate goto language capturing the fundamental dynamic features of JavaScript; JSIL Verify, a semi-automatic verification tool based on a sound JSIL separation logic; and verified axiomatic specifications of the JavaScript internal functions. Using JaVerT, we verify functional correctness properties of: data-structure libraries (key-value map, priority queue) written in an object-oriented style; operations on data structures such as binary search trees (BSTs) and lists; examples illustrating function closures; and test cases from the official ECMAScript test suite. The verification times suggest that reasoning about larger, more complex code using JaVerT is feasible.

Skip Supplemental Material Section

Supplemental Material

javertjavascriptverificationtoolchain.webm

References

  1. Christopher Anderson, Paola Giannini, and Sophia Drossopoulou. 2005. Towards Type Inference for JavaScript. In Proceedings of the 19th European Conference on Object-Oriented Programming, ECOOP 2005, Glasgow, UK, July 25-29, 2005. (LNCS), Andrew P. Black (Ed.), Vol. 3586. Springer, 428–452. Google ScholarGoogle ScholarDigital LibraryDigital Library
  2. Esben Andreasen and Anders Møller. 2014. Determinacy in static analysis for jQuery, See [ Black and Millstein 2014 ], 17–31. Google ScholarGoogle ScholarDigital LibraryDigital Library
  3. Gilles Barthe, Tamara Rezk, and Ando Saabas. 2005. Proof Obligations Preserving Compilation. In Revised Selected Papers of the 3rd International Workshop on Formal Aspects in Security and Trust, FAST 2005, Newcastle upon Tyne, UK, July 18-19, 2005 (LNCS), Theodosis Dimitrakos, Fabio Martinelli, Peter Y. A. Ryan, and Steve A. Schneider (Eds.), Vol. 3866. Springer, 112–126. Google ScholarGoogle ScholarDigital LibraryDigital Library
  4. Josh Berdine, Cristiano Calcagno, and Peter W. O’Hearn. 2005a. Smallfoot: Modular Automatic Assertion Checking with Separation Logic. In Revised Lectures of the 4th International Symposium on Formal Methods for Components and Objects, FMCO 2005, Amsterdam, The Netherlands, November 1-4, 2005 (LNCS), Frank S. de Boer, Marcello M. Bonsangue, Susanne Graf, and Willem P. de Roever (Eds.), Vol. 4111. Springer, 115–137. Google ScholarGoogle ScholarDigital LibraryDigital Library
  5. Josh Berdine, Cristiano Calcagno, and Peter W. O’Hearn. 2005b. Symbolic Execution with Separation Logic. In Proceedings of the 3rd Asian Symposium on Programming Languages and Systems, APLAS 2005, Tsukuba, Japan, November 2-5, 2005 (LNCS), Kwangkeun Yi (Ed.), Vol. 3780. Springer, 52–68. Google ScholarGoogle ScholarDigital LibraryDigital Library
  6. Gavin M. Bierman, Martín Abadi, and Mads Torgersen. 2014. Understanding TypeScript. In Proceedings of the 28th European Conference on Object-Oriented Programming, ECOOP 2014, Uppsala, Sweden, July 28 - August 1, 2014 (LNCS), Richard E. Jones (Ed.), Vol. 8586. Springer, 257–281. Google ScholarGoogle ScholarDigital LibraryDigital Library
  7. Lars Birkedal, Rasmus Ejlers Møgelberg, Jan Schwinghammer, and Kristian Støvring. 2012. First Steps in Synthetic Guarded Domain Theory: Step-indexing in the Topos of Trees. Logical Methods in Computer Science 8, 4 (2012). Google ScholarGoogle ScholarCross RefCross Ref
  8. Lars Birkedal, Nick Rothwell, Mads Tofte, and David N. Turner. 1993. The ML Kit, Version 1. Technical Report. Technical Report 93/14 DIKU.Google ScholarGoogle Scholar
  9. Andrew P. Black and Todd D. Millstein (Eds.). 2014. Proceedings of the 2014 ACM International Conference on Object Oriented Programming Systems Languages and Applications, OOPSLA 2014, part of SPLASH 2014, Portland, OR, USA, October 20-24, 2014. ACM. http://dl.acm.org/citation.cfm?id=2660193Google ScholarGoogle Scholar
  10. Martin Bodin, Arthur Charguéraud, Daniele Filaretti, Philippa Gardner, Sergio Maffeis, Daiva Naudži ¯ unien ˙ e, Alan Schmitt, and Gareth Smith. 2014. A Trusted Mechanised JavaScript Specification. In Proceedings of the 41st Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, POPL 2014, San Diego, CA, USA, January 20-21, 2014, Proceedings, Suresh Jagannathan and Peter Sewell (Eds.). ACM, 87–100. Google ScholarGoogle ScholarDigital LibraryDigital Library
  11. Cristian Cadar, Daniel Dunbar, and Dawson R. Engler. 2008. KLEE: Unassisted and Automatic Generation of High-Coverage Tests for Complex Systems Programs. In the 8th USENIX Symposium on Operating Systems Design and Implementation, OSDI 2008, December 8-10, 2008, San Diego, California, USA, Proceedings, Richard Draves and Robbert van Renesse (Eds.). USENIX Association, 209–224. http://www.usenix.org/events/osdi08/tech/full_papers/cadar/cadar.pdfGoogle ScholarGoogle ScholarDigital LibraryDigital Library
  12. Cristiano Calcagno, Dino Distefano, Jérémy Dubreil, Dominik Gabi, Pieter Hooimeijer, Martino Luca, Peter W. O’Hearn, Irene Papakonstantinou, Jim Purbrick, and Dulma Rodriguez. 2015. Moving Fast with Software Verification. In the 7th International NASA Symposium on Formal Methods, NFM 2015, Pasadena, CA, USA, April 27-29, 2015, Proceedings, Klaus Havelund, Gerard J. Holzmann, and Rajeev Joshi (Eds.). LNCS, Vol. 9058. Springer, 3–11. Google ScholarGoogle ScholarCross RefCross Ref
  13. Cristiano Calcagno, Dino Distefano, Peter W. O’Hearn, and Hongseok Yang. 2011. Compositional Shape Analysis by Means of Bi-Abduction. J. ACM 58, 6, 26:1–26:66. Google ScholarGoogle ScholarDigital LibraryDigital Library
  14. Arlen Cox, Bor-Yuh Evan Chang, and Xavier Rival. 2014. Automatic Analysis of Open Objects in Dynamic Language Programs. In Proceedings of the 21st International Symposium on Static Analysis, SAS 2014, Munich, Germany, September 11-13, 2014 (LNCS), Markus Müller-Olm and Helmut Seidl (Eds.), Vol. 8723. Springer, 134–150. Google ScholarGoogle ScholarCross RefCross Ref
  15. Andrei Ştefănescu, Daejun Park, Shijiao Yuwen, Yilong Li, and Grigore Roşu. 2016. Semantics-Based Program Verifiers for All Languages. In Proceedings of the 31th Conference on Object-Oriented Programming, Systems, Languages, and Applications (OOPSLA 2016). ACM, 74–91. Google ScholarGoogle ScholarDigital LibraryDigital Library
  16. Ron Cytron, Jeanne Ferrante, Barry K. Rosen, Mark N. Wegman, and F. Kenneth Zadeck. 1989. An Efficient Method of Computing Static Single Assignment Form. In Conference Record of the Sixteenth Annual ACM Symposium on Principles of Programming Languages, Austin, Texas, USA, January 11-13, 1989. ACM Press, 25–35. Google ScholarGoogle ScholarDigital LibraryDigital Library
  17. Leonardo De Moura and Nikolaj Bjørner. 2008. Z3: An Efficient SMT Solver. In Proceedings of the Theory and Practice of Software, 14th International Conference on Tools and Algorithms for the Construction and Analysis of Systems (TACAS 2008/ETAPS 2008). Springer-Verlag, Berlin, Heidelberg, 337–340. http://dl.acm.org/citation.cfm?id=1792734.1792766 Google ScholarGoogle ScholarCross RefCross Ref
  18. Dino Distefano and Matthew J. Parkinson. 2008. jStar: Towards Practical Verification for Java. In Proceedings of the 23rd Annual ACM SIGPLAN Conference on Object-Oriented Programming, Systems, Languages, and Applications, OOPSLA 2008, October 19-23, 2008, Nashville, TN, USA, Gail E. Harris (Ed.). ACM, 213–226. Google ScholarGoogle ScholarDigital LibraryDigital Library
  19. ECMAScript Committee. 2011. The 5th Edition of the ECMAScript Language Specification. Technical Report. ECMA. http://www.ecma- international.org/ecma- 262/5.1/ECMA- 262.pdf .Google ScholarGoogle Scholar
  20. Facebook. 2017. react.js: A JavaScript Library for Building User Interfaces. https://facebook.github.io/react/ .Google ScholarGoogle Scholar
  21. Asger Feldthaus and Anders Møller. 2014. Checking Correctness of TypeScript Interfaces for JavaScript Libraries, See [ Black and Millstein 2014 ], 1–16. Google ScholarGoogle ScholarDigital LibraryDigital Library
  22. Asger Feldthaus, Max Schäfer, Manu Sridharan, Julian Dolby, and Frank Tip. 2013. Efficient Construction of Approximate Call Graphs for JavaScript IDE Services. In Proceedings of the 35th International Conference on Software Engineering, ICSE 2013, San Francisco, CA, USA, May 18-26, 2013, David Notkin, Betty H. C. Cheng, and Klaus Pohl (Eds.). IEEE Computer Society, 752–761. Google ScholarGoogle ScholarCross RefCross Ref
  23. David Flanagan. 1998. JavaScript: The Definitive Guide (3rd ed.). O’Reilly & Associates, Inc., Sebastopol, CA, USA.Google ScholarGoogle Scholar
  24. Cédric Fournet, Gurvan Le Guernic, and Tamara Rezk. 2009. A Security-preserving Compiler for Distributed Programs: from Information-flow Policies to Cryptographic Mechanisms. In Proceedings of the 2009 ACM Conference on Computer and Communications Security, CCS 2009, Chicago, Illinois, USA, November 9-13, 2009, Ehab Al-Shaer, Somesh Jha, and Angelos D. Keromytis (Eds.). ACM, 432–441. Google ScholarGoogle ScholarDigital LibraryDigital Library
  25. Cedric Fournet, Nikhil Swamy, Juan Chen, Pierre-Evariste Dagand, Pierre-Yves Strub, and Benjamin Livshits. 2013. Fully Abstract Compilation to JavaScript. In Proceedings of the 40th Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL 2013). ACM, New York, NY, USA, 371–384. Google ScholarGoogle ScholarDigital LibraryDigital Library
  26. José Fragoso Santos, Philippa Gardner, Petar Maksimović, and Daiva Naudži ¯ unien ˙ e. 2017. Towards Logic-Based Verification of JavaScript Programs. In the 26th International Conference on Automated Deduction, CADE 26, Gothenburg, Sweden, August 6-11, 2017, Proceedings (LNCS), Leonardo de Moura (Ed.), Vol. 10395. Springer, 8–25. Google ScholarGoogle ScholarCross RefCross Ref
  27. Philippa Gardner, Sergio Maffeis, and Gareth David Smith. 2012. Towards a Program Logic for JavaScript. In Proceedings of the 39th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, POPL 2012, Philadelphia, Pennsylvania, USA, January 22-28, 2012, John Field and Michael Hicks (Eds.). ACM, 31–44. Google ScholarGoogle ScholarDigital LibraryDigital Library
  28. Google. 2017. The V8 JavaScript Engine. https://v8project.blogspot.ie/ .Google ScholarGoogle Scholar
  29. Arjun Guha, Claudiu Saftoiu, and Shriram Krishnamurthi. 2010. The Essence of Javascript. In Proceedings of the 24th European Conference on Object-oriented Programming (ECOOP’10). Springer-Verlag, Berlin, Heidelberg, 126–150. http: //dl.acm.org/citation.cfm?id=1883978.1883988 Google ScholarGoogle ScholarCross RefCross Ref
  30. Bart Jacobs, Jan Smans, Pieter Philippaerts, Frédéric Vogels, Willem Penninckx, and Frank Piessens. 2011. VeriFast: A Powerful, Sound, Predictable, Fast Verifier for C and Java. In the 3rd International NASA Symposium on Formal Methods, NFM 2011, Pasadena, CA, USA, April 18-20, 2011, Proceedings, Mihaela Gheorghiu Bobaru, Klaus Havelund, Gerard J. Holzmann, and Rajeev Joshi (Eds.). LNCS, Vol. 6617. Springer, 41–55. Google ScholarGoogle ScholarCross RefCross Ref
  31. Dongseok Jang and Kwang-Moo Choe. 2009. Points-to Analysis for JavaScript. In Proceedings of the 2009 ACM Symposium on Applied Computing (SAC 2009). ACM, New York, NY, USA, 1930–1937. Google ScholarGoogle ScholarDigital LibraryDigital Library
  32. Simon Holm Jensen, Anders Møller, and Peter Thiemann. 2009. Type Analysis for JavaScript. In Proceedings of the 16th International Symposium on Static Analysis, SAS 2009, Los Angeles, CA, USA, August 9-11, 2009. (LNCS), Jens Palsberg and Zhendong Su (Eds.), Vol. 5673. Springer, 238–255. Google ScholarGoogle ScholarDigital LibraryDigital Library
  33. Jason Jones. 2016. Priority Queue Data Structure. https://github.com/jasonsjones/queue- pri .Google ScholarGoogle Scholar
  34. Ralf Jung, David Swasey, Filip Sieczkowski, Kasper Svendsen, Aaron Turon, Lars Birkedal, and Derek Dreyer. 2015. Iris: Monoids and Invariants As an Orthogonal Basis for Concurrent Reasoning. In Proceedings of the 42nd Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, (POPL 2015). ACM, New York, NY, USA, 637–650. Google ScholarGoogle ScholarDigital LibraryDigital Library
  35. Vineeth Kashyap, Kyle Dewey, Ethan A. Kuefner, John Wagner, Kevin Gibbons, John Sarracino, Ben Wiedermann, and Ben Hardekopf. 2014. JSAI: a static analysis platform for JavaScript. In Proceedings of the 22nd ACM SIGSOFT International Symposium on Foundations of Software Engineering, (FSE-22), Hong Kong, China, November 16 - 22, 2014, Shing-Chi Cheung, Alessandro Orso, and Margaret-Anne D. Storey (Eds.). ACM, 121–132. Google ScholarGoogle ScholarDigital LibraryDigital Library
  36. Robbert Krebbers, Amin Timany, and Lars Birkedal. 2017. Interactive Proofs in Higher-order Concurrent Separation Logic. In Proceedings of the 44th ACM SIGPLAN Symposium on Principles of Programming Languages, (POPL 2017). ACM, New York, NY, USA, 205–217. Google ScholarGoogle ScholarDigital LibraryDigital Library
  37. Daniel Kroening and Michael Tautschnig. 2014. CBMC - C Bounded Model Checker - (Competition Contribution). In Proceedings of the 20th International Conference Tools and Algorithms for the Construction and Analysis of Systems, TACAS 2014, Held as Part of the European Joint Conferences on Theory and Practice of Software, ETAPS 2014, Grenoble, France, April 5-13, 2014. (LNCS), Erika Ábrahám and Klaus Havelund (Eds.), Vol. 8413. Springer, 389–391. Google ScholarGoogle ScholarCross RefCross Ref
  38. Hongki Lee, Sooncheol Won, Joonho Jin, Junhee Cho, and Sukyoung Ryu. 2012. SAFE: Formal Specification and Implementation of a Scalable Analysis Framework for ECMAScript. In Proceedings of the 19th International Workshop on Foundations of Object-Oriented Languages (FOOL 2012).Google ScholarGoogle Scholar
  39. Ben Livshits. 2014. JSIR, An Intermediate Representation for JavaScript Analysis. http://too4words.github.io/jsir/ .Google ScholarGoogle Scholar
  40. Microsoft. 2014. TypeScript Language Specification. Technical Report. Microsoft.Google ScholarGoogle Scholar
  41. Daiva Naudži ¯ unien ˙ e. 2018. An Infrastructure for Tractable Verification of JavaScript Programs. Ph.D. Dissertation. Imperial College London, London, UK. Advisor(s) Philippa Gardner.Google ScholarGoogle Scholar
  42. Changhee Park and Sukyoung Ryu. 2015. Scalable and Precise Static Analysis of JavaScript Applications via Loop-Sensitivity. In Proceedings of the 29th European Conference on Object-Oriented Programming, ECOOP 2015, July 5-10, 2015, Prague, Czech Republic (LIPIcs), John Tang Boyland (Ed.), Vol. 37. Schloss Dagstuhl - Leibniz-Zentrum fuer Informatik, 735–756. Google ScholarGoogle ScholarCross RefCross Ref
  43. Daejun Park, Andrei Stefănescu, and Grigore Roşu. 2015. KJS: A Complete Formal Semantics of JavaScript. In Proceedings of the 36th ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI 2015). ACM, New York, NY, USA, 346–356. Google ScholarGoogle ScholarDigital LibraryDigital Library
  44. Matthew J. Parkinson and Gavin M. Bierman. 2005. Separation Logic and Abstraction. In Proceedings of the 32nd ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, POPL 2005, Long Beach, California, USA, January 12-14, 2005, Jens Palsberg and Martín Abadi (Eds.). ACM, 247–258. Google ScholarGoogle ScholarDigital LibraryDigital Library
  45. Matthew J. Parkinson and Gavin M. Bierman. 2008. Separation logic, Abstraction and Inheritance. In Proceedings of the 35th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, POPL 2008, San Francisco, California, USA, January 7-12, 2008, George C. Necula and Philip Wadler (Eds.). ACM, 75–86. Google ScholarGoogle ScholarDigital LibraryDigital Library
  46. Joe Gibbs Politz, Matthew J. Carroll, Benjamin S. Lerner, Justin Pombrio, and Shriram Krishnamurthi. 2012. A Tested Semantics for Getters, Setters, and Eval in JavaScript. In Proceedings of the 8th Symposium on Dynamic Languages, DLS 2012, Tucson, AZ, USA, October 22, 2012, Alessandro Warth (Ed.). ACM, 1–16. Google ScholarGoogle ScholarDigital LibraryDigital Library
  47. Azalea Raad, José Fragoso Santos, and Philippa Gardner. 2016. DOM: Specification and Client Reasoning. In Proceedings of the 14th Asian Symposium on Programming Languages and Systems, APLAS 2016, Hanoi, Vietnam, November 21-23, 2016, (LNCS), Atsushi Igarashi (Ed.), Vol. 10017. 401–422. Google ScholarGoogle ScholarCross RefCross Ref
  48. Aseem Rastogi, Nikhil Swamy, Cédric Fournet, Gavin M. Bierman, and Panagiotis Vekris. 2015. Safe & Efficient Gradual Typing for TypeScript. In Proceedings of the 42nd Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, POPL 2015, Mumbai, India, January 15-17, 2015, Sriram K. Rajamani and David Walker (Eds.). ACM, 167–180. Google ScholarGoogle ScholarDigital LibraryDigital Library
  49. John C. Reynolds. 2002. Separation Logic: A Logic for Shared Mutable Data Structures. In the 17th IEEE Symposium on Logic in Computer Science (LICS 2002), 22-25 July 2002, Copenhagen, Denmark, Proceedings. IEEE Computer Society, 55–74. Google ScholarGoogle ScholarCross RefCross Ref
  50. Grigore Roşu and Traian Florin Şerbănuţă. 2010. An Overview of the K Semantic Framework. Journal of Logic and Algebraic Programming 79, 6 (2010), 397–434. Google ScholarGoogle ScholarCross RefCross Ref
  51. Manu Sridharan, Julian Dolby, Satish Chandra, Max Schäfer, and Frank Tip. 2012. Correlation Tracking for Points-To Analysis of JavaScript. In the 26th European Conference on Object-Oriented Programming, ECOOP 2012, Beijing, China, June 11-16, 2012, Proceedings (LNCS), James Noble (Ed.), Vol. 7313. Springer, 435–458. Google ScholarGoogle ScholarDigital LibraryDigital Library
  52. Nikhil Swamy, Joel Weinberger, Cole Schlesinger, Juan Chen, and Benjamin Livshits. 2013. Verifying Higher-order Programs with the Dijkstra Monad. In ACM SIGPLAN Conference on Programming Language Design and Implementation, PLDI 2013, Seattle, WA, USA, June 16-19, 2013, Hans-Juergen Boehm and Cormac Flanagan (Eds.). ACM, 387–398. Google ScholarGoogle ScholarDigital LibraryDigital Library
  53. Peter Thiemann. 2005. Towards a Type System for Analyzing JavaScript Programs. In Programming Languages and Systems, 14th European Symposium on Programming,ESOP 2005, Held as Part of the Joint European Conferences on Theory and Practice of Software, ETAPS 2005, Edinburgh, UK, April 4-8, 2005, Proceedings (LNCS), Shmuel Sagiv (Ed.), Vol. 3444. Springer, 408–422. Google ScholarGoogle ScholarDigital LibraryDigital Library
  54. Emina Torlak and Rastislav Bodík. 2013. Growing Solver-aided Languages with Rosette. In ACM Symposium on New Ideas in Programming and Reflections on Software, Onward! 2013, part of SPLASH 2013, Indianapolis, IN, USA, October 26-31, 2013, Antony Hosking, Patrick Eugster, and Robert Hirschfeld (Eds.). ACM, 135–152. Google ScholarGoogle ScholarDigital LibraryDigital Library
  55. Emina Torlak and Rastislav Bodík. 2014. A Lightweight Symbolic Virtual Machine for Solver-aided Host Languages. In ACM SIGPLAN Conference on Programming Language Design and Implementation, PLDI 2014, Edinburgh, United Kingdom - June 09 - 11, 2014, Michael F. P. O’Boyle and Keshav Pingali (Eds.). ACM, 530–541. Google ScholarGoogle ScholarDigital LibraryDigital Library
  56. Hongseok Yang, Oukseh Lee, Josh Berdine, C. Calcagno, Byron Cook, Dino Distefano, and Peter O’Hearn. 2008. Scalable Shape Analysis for Systems Code. In CAV 2008: Proceedings of the 20th international conference on Computer Aided Verification. Springer-Verlag, Berlin, Heidelberg, 385–398. Google ScholarGoogle ScholarDigital LibraryDigital Library

Index Terms

  1. JaVerT: JavaScript verification toolchain

                    Recommendations

                    Comments

                    Login options

                    Check if you have access through your login credentials or your institution to get full access on this article.

                    Sign in

                    Full Access

                    PDF Format

                    View or Download as a PDF file.

                    PDF

                    eReader

                    View online with eReader.

                    eReader
                    About Cookies On This Site

                    We use cookies to ensure that we give you the best experience on our website.

                    Learn more

                    Got it!