Abstract
The dynamic nature of JavaScript and its complex semantics make it a difficult target for logic-based verification. We introduce JaVerT, a semi-automatic JavaScript Verification Toolchain, based on separation logic and aimed at the specialist developer wanting rich, mechanically verified specifications of critical JavaScript code. To specify JavaScript programs, we design abstractions that capture its key heap structures (for example, prototype chains and function closures), allowing the developer to write clear and succinct specifications with minimal knowledge of the JavaScript internals. To verify JavaScript programs, we develop JaVerT, a verification pipeline consisting of: JS-2-JSIL, a well-tested compiler from JavaScript to JSIL, an intermediate goto language capturing the fundamental dynamic features of JavaScript; JSIL Verify, a semi-automatic verification tool based on a sound JSIL separation logic; and verified axiomatic specifications of the JavaScript internal functions. Using JaVerT, we verify functional correctness properties of: data-structure libraries (key-value map, priority queue) written in an object-oriented style; operations on data structures such as binary search trees (BSTs) and lists; examples illustrating function closures; and test cases from the official ECMAScript test suite. The verification times suggest that reasoning about larger, more complex code using JaVerT is feasible.
Supplemental Material
Available for Download
This artifact consists of: 1) JaVerT, in the form of a VirtualBox hard disk, together with 2) the instructions for installing JaVerT and reproducing the results of the paper.
- Christopher Anderson, Paola Giannini, and Sophia Drossopoulou. 2005. Towards Type Inference for JavaScript. In Proceedings of the 19th European Conference on Object-Oriented Programming, ECOOP 2005, Glasgow, UK, July 25-29, 2005. (LNCS), Andrew P. Black (Ed.), Vol. 3586. Springer, 428–452. Google Scholar
Digital Library
- Esben Andreasen and Anders Møller. 2014. Determinacy in static analysis for jQuery, See [ Black and Millstein 2014 ], 17–31. Google Scholar
Digital Library
- Gilles Barthe, Tamara Rezk, and Ando Saabas. 2005. Proof Obligations Preserving Compilation. In Revised Selected Papers of the 3rd International Workshop on Formal Aspects in Security and Trust, FAST 2005, Newcastle upon Tyne, UK, July 18-19, 2005 (LNCS), Theodosis Dimitrakos, Fabio Martinelli, Peter Y. A. Ryan, and Steve A. Schneider (Eds.), Vol. 3866. Springer, 112–126. Google Scholar
Digital Library
- Josh Berdine, Cristiano Calcagno, and Peter W. O’Hearn. 2005a. Smallfoot: Modular Automatic Assertion Checking with Separation Logic. In Revised Lectures of the 4th International Symposium on Formal Methods for Components and Objects, FMCO 2005, Amsterdam, The Netherlands, November 1-4, 2005 (LNCS), Frank S. de Boer, Marcello M. Bonsangue, Susanne Graf, and Willem P. de Roever (Eds.), Vol. 4111. Springer, 115–137. Google Scholar
Digital Library
- Josh Berdine, Cristiano Calcagno, and Peter W. O’Hearn. 2005b. Symbolic Execution with Separation Logic. In Proceedings of the 3rd Asian Symposium on Programming Languages and Systems, APLAS 2005, Tsukuba, Japan, November 2-5, 2005 (LNCS), Kwangkeun Yi (Ed.), Vol. 3780. Springer, 52–68. Google Scholar
Digital Library
- Gavin M. Bierman, Martín Abadi, and Mads Torgersen. 2014. Understanding TypeScript. In Proceedings of the 28th European Conference on Object-Oriented Programming, ECOOP 2014, Uppsala, Sweden, July 28 - August 1, 2014 (LNCS), Richard E. Jones (Ed.), Vol. 8586. Springer, 257–281. Google Scholar
Digital Library
- Lars Birkedal, Rasmus Ejlers Møgelberg, Jan Schwinghammer, and Kristian Støvring. 2012. First Steps in Synthetic Guarded Domain Theory: Step-indexing in the Topos of Trees. Logical Methods in Computer Science 8, 4 (2012). Google Scholar
Cross Ref
- Lars Birkedal, Nick Rothwell, Mads Tofte, and David N. Turner. 1993. The ML Kit, Version 1. Technical Report. Technical Report 93/14 DIKU.Google Scholar
- Andrew P. Black and Todd D. Millstein (Eds.). 2014. Proceedings of the 2014 ACM International Conference on Object Oriented Programming Systems Languages and Applications, OOPSLA 2014, part of SPLASH 2014, Portland, OR, USA, October 20-24, 2014. ACM. http://dl.acm.org/citation.cfm?id=2660193Google Scholar
- Martin Bodin, Arthur Charguéraud, Daniele Filaretti, Philippa Gardner, Sergio Maffeis, Daiva Naudži ¯ unien ˙ e, Alan Schmitt, and Gareth Smith. 2014. A Trusted Mechanised JavaScript Specification. In Proceedings of the 41st Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, POPL 2014, San Diego, CA, USA, January 20-21, 2014, Proceedings, Suresh Jagannathan and Peter Sewell (Eds.). ACM, 87–100. Google Scholar
Digital Library
- Cristian Cadar, Daniel Dunbar, and Dawson R. Engler. 2008. KLEE: Unassisted and Automatic Generation of High-Coverage Tests for Complex Systems Programs. In the 8th USENIX Symposium on Operating Systems Design and Implementation, OSDI 2008, December 8-10, 2008, San Diego, California, USA, Proceedings, Richard Draves and Robbert van Renesse (Eds.). USENIX Association, 209–224. http://www.usenix.org/events/osdi08/tech/full_papers/cadar/cadar.pdfGoogle Scholar
Digital Library
- Cristiano Calcagno, Dino Distefano, Jérémy Dubreil, Dominik Gabi, Pieter Hooimeijer, Martino Luca, Peter W. O’Hearn, Irene Papakonstantinou, Jim Purbrick, and Dulma Rodriguez. 2015. Moving Fast with Software Verification. In the 7th International NASA Symposium on Formal Methods, NFM 2015, Pasadena, CA, USA, April 27-29, 2015, Proceedings, Klaus Havelund, Gerard J. Holzmann, and Rajeev Joshi (Eds.). LNCS, Vol. 9058. Springer, 3–11. Google Scholar
Cross Ref
- Cristiano Calcagno, Dino Distefano, Peter W. O’Hearn, and Hongseok Yang. 2011. Compositional Shape Analysis by Means of Bi-Abduction. J. ACM 58, 6, 26:1–26:66. Google Scholar
Digital Library
- Arlen Cox, Bor-Yuh Evan Chang, and Xavier Rival. 2014. Automatic Analysis of Open Objects in Dynamic Language Programs. In Proceedings of the 21st International Symposium on Static Analysis, SAS 2014, Munich, Germany, September 11-13, 2014 (LNCS), Markus Müller-Olm and Helmut Seidl (Eds.), Vol. 8723. Springer, 134–150. Google Scholar
Cross Ref
- Andrei Ştefănescu, Daejun Park, Shijiao Yuwen, Yilong Li, and Grigore Roşu. 2016. Semantics-Based Program Verifiers for All Languages. In Proceedings of the 31th Conference on Object-Oriented Programming, Systems, Languages, and Applications (OOPSLA 2016). ACM, 74–91. Google Scholar
Digital Library
- Ron Cytron, Jeanne Ferrante, Barry K. Rosen, Mark N. Wegman, and F. Kenneth Zadeck. 1989. An Efficient Method of Computing Static Single Assignment Form. In Conference Record of the Sixteenth Annual ACM Symposium on Principles of Programming Languages, Austin, Texas, USA, January 11-13, 1989. ACM Press, 25–35. Google Scholar
Digital Library
- Leonardo De Moura and Nikolaj Bjørner. 2008. Z3: An Efficient SMT Solver. In Proceedings of the Theory and Practice of Software, 14th International Conference on Tools and Algorithms for the Construction and Analysis of Systems (TACAS 2008/ETAPS 2008). Springer-Verlag, Berlin, Heidelberg, 337–340. http://dl.acm.org/citation.cfm?id=1792734.1792766 Google Scholar
Cross Ref
- Dino Distefano and Matthew J. Parkinson. 2008. jStar: Towards Practical Verification for Java. In Proceedings of the 23rd Annual ACM SIGPLAN Conference on Object-Oriented Programming, Systems, Languages, and Applications, OOPSLA 2008, October 19-23, 2008, Nashville, TN, USA, Gail E. Harris (Ed.). ACM, 213–226. Google Scholar
Digital Library
- ECMAScript Committee. 2011. The 5th Edition of the ECMAScript Language Specification. Technical Report. ECMA. http://www.ecma- international.org/ecma- 262/5.1/ECMA- 262.pdf .Google Scholar
- Facebook. 2017. react.js: A JavaScript Library for Building User Interfaces. https://facebook.github.io/react/ .Google Scholar
- Asger Feldthaus and Anders Møller. 2014. Checking Correctness of TypeScript Interfaces for JavaScript Libraries, See [ Black and Millstein 2014 ], 1–16. Google Scholar
Digital Library
- Asger Feldthaus, Max Schäfer, Manu Sridharan, Julian Dolby, and Frank Tip. 2013. Efficient Construction of Approximate Call Graphs for JavaScript IDE Services. In Proceedings of the 35th International Conference on Software Engineering, ICSE 2013, San Francisco, CA, USA, May 18-26, 2013, David Notkin, Betty H. C. Cheng, and Klaus Pohl (Eds.). IEEE Computer Society, 752–761. Google Scholar
Cross Ref
- David Flanagan. 1998. JavaScript: The Definitive Guide (3rd ed.). O’Reilly & Associates, Inc., Sebastopol, CA, USA.Google Scholar
- Cédric Fournet, Gurvan Le Guernic, and Tamara Rezk. 2009. A Security-preserving Compiler for Distributed Programs: from Information-flow Policies to Cryptographic Mechanisms. In Proceedings of the 2009 ACM Conference on Computer and Communications Security, CCS 2009, Chicago, Illinois, USA, November 9-13, 2009, Ehab Al-Shaer, Somesh Jha, and Angelos D. Keromytis (Eds.). ACM, 432–441. Google Scholar
Digital Library
- Cedric Fournet, Nikhil Swamy, Juan Chen, Pierre-Evariste Dagand, Pierre-Yves Strub, and Benjamin Livshits. 2013. Fully Abstract Compilation to JavaScript. In Proceedings of the 40th Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL 2013). ACM, New York, NY, USA, 371–384. Google Scholar
Digital Library
- José Fragoso Santos, Philippa Gardner, Petar Maksimović, and Daiva Naudži ¯ unien ˙ e. 2017. Towards Logic-Based Verification of JavaScript Programs. In the 26th International Conference on Automated Deduction, CADE 26, Gothenburg, Sweden, August 6-11, 2017, Proceedings (LNCS), Leonardo de Moura (Ed.), Vol. 10395. Springer, 8–25. Google Scholar
Cross Ref
- Philippa Gardner, Sergio Maffeis, and Gareth David Smith. 2012. Towards a Program Logic for JavaScript. In Proceedings of the 39th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, POPL 2012, Philadelphia, Pennsylvania, USA, January 22-28, 2012, John Field and Michael Hicks (Eds.). ACM, 31–44. Google Scholar
Digital Library
- Google. 2017. The V8 JavaScript Engine. https://v8project.blogspot.ie/ .Google Scholar
- Arjun Guha, Claudiu Saftoiu, and Shriram Krishnamurthi. 2010. The Essence of Javascript. In Proceedings of the 24th European Conference on Object-oriented Programming (ECOOP’10). Springer-Verlag, Berlin, Heidelberg, 126–150. http: //dl.acm.org/citation.cfm?id=1883978.1883988 Google Scholar
Cross Ref
- Bart Jacobs, Jan Smans, Pieter Philippaerts, Frédéric Vogels, Willem Penninckx, and Frank Piessens. 2011. VeriFast: A Powerful, Sound, Predictable, Fast Verifier for C and Java. In the 3rd International NASA Symposium on Formal Methods, NFM 2011, Pasadena, CA, USA, April 18-20, 2011, Proceedings, Mihaela Gheorghiu Bobaru, Klaus Havelund, Gerard J. Holzmann, and Rajeev Joshi (Eds.). LNCS, Vol. 6617. Springer, 41–55. Google Scholar
Cross Ref
- Dongseok Jang and Kwang-Moo Choe. 2009. Points-to Analysis for JavaScript. In Proceedings of the 2009 ACM Symposium on Applied Computing (SAC 2009). ACM, New York, NY, USA, 1930–1937. Google Scholar
Digital Library
- Simon Holm Jensen, Anders Møller, and Peter Thiemann. 2009. Type Analysis for JavaScript. In Proceedings of the 16th International Symposium on Static Analysis, SAS 2009, Los Angeles, CA, USA, August 9-11, 2009. (LNCS), Jens Palsberg and Zhendong Su (Eds.), Vol. 5673. Springer, 238–255. Google Scholar
Digital Library
- Jason Jones. 2016. Priority Queue Data Structure. https://github.com/jasonsjones/queue- pri .Google Scholar
- Ralf Jung, David Swasey, Filip Sieczkowski, Kasper Svendsen, Aaron Turon, Lars Birkedal, and Derek Dreyer. 2015. Iris: Monoids and Invariants As an Orthogonal Basis for Concurrent Reasoning. In Proceedings of the 42nd Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, (POPL 2015). ACM, New York, NY, USA, 637–650. Google Scholar
Digital Library
- Vineeth Kashyap, Kyle Dewey, Ethan A. Kuefner, John Wagner, Kevin Gibbons, John Sarracino, Ben Wiedermann, and Ben Hardekopf. 2014. JSAI: a static analysis platform for JavaScript. In Proceedings of the 22nd ACM SIGSOFT International Symposium on Foundations of Software Engineering, (FSE-22), Hong Kong, China, November 16 - 22, 2014, Shing-Chi Cheung, Alessandro Orso, and Margaret-Anne D. Storey (Eds.). ACM, 121–132. Google Scholar
Digital Library
- Robbert Krebbers, Amin Timany, and Lars Birkedal. 2017. Interactive Proofs in Higher-order Concurrent Separation Logic. In Proceedings of the 44th ACM SIGPLAN Symposium on Principles of Programming Languages, (POPL 2017). ACM, New York, NY, USA, 205–217. Google Scholar
Digital Library
- Daniel Kroening and Michael Tautschnig. 2014. CBMC - C Bounded Model Checker - (Competition Contribution). In Proceedings of the 20th International Conference Tools and Algorithms for the Construction and Analysis of Systems, TACAS 2014, Held as Part of the European Joint Conferences on Theory and Practice of Software, ETAPS 2014, Grenoble, France, April 5-13, 2014. (LNCS), Erika Ábrahám and Klaus Havelund (Eds.), Vol. 8413. Springer, 389–391. Google Scholar
Cross Ref
- Hongki Lee, Sooncheol Won, Joonho Jin, Junhee Cho, and Sukyoung Ryu. 2012. SAFE: Formal Specification and Implementation of a Scalable Analysis Framework for ECMAScript. In Proceedings of the 19th International Workshop on Foundations of Object-Oriented Languages (FOOL 2012).Google Scholar
- Ben Livshits. 2014. JSIR, An Intermediate Representation for JavaScript Analysis. http://too4words.github.io/jsir/ .Google Scholar
- Microsoft. 2014. TypeScript Language Specification. Technical Report. Microsoft.Google Scholar
- Daiva Naudži ¯ unien ˙ e. 2018. An Infrastructure for Tractable Verification of JavaScript Programs. Ph.D. Dissertation. Imperial College London, London, UK. Advisor(s) Philippa Gardner.Google Scholar
- Changhee Park and Sukyoung Ryu. 2015. Scalable and Precise Static Analysis of JavaScript Applications via Loop-Sensitivity. In Proceedings of the 29th European Conference on Object-Oriented Programming, ECOOP 2015, July 5-10, 2015, Prague, Czech Republic (LIPIcs), John Tang Boyland (Ed.), Vol. 37. Schloss Dagstuhl - Leibniz-Zentrum fuer Informatik, 735–756. Google Scholar
Cross Ref
- Daejun Park, Andrei Stefănescu, and Grigore Roşu. 2015. KJS: A Complete Formal Semantics of JavaScript. In Proceedings of the 36th ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI 2015). ACM, New York, NY, USA, 346–356. Google Scholar
Digital Library
- Matthew J. Parkinson and Gavin M. Bierman. 2005. Separation Logic and Abstraction. In Proceedings of the 32nd ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, POPL 2005, Long Beach, California, USA, January 12-14, 2005, Jens Palsberg and Martín Abadi (Eds.). ACM, 247–258. Google Scholar
Digital Library
- Matthew J. Parkinson and Gavin M. Bierman. 2008. Separation logic, Abstraction and Inheritance. In Proceedings of the 35th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, POPL 2008, San Francisco, California, USA, January 7-12, 2008, George C. Necula and Philip Wadler (Eds.). ACM, 75–86. Google Scholar
Digital Library
- Joe Gibbs Politz, Matthew J. Carroll, Benjamin S. Lerner, Justin Pombrio, and Shriram Krishnamurthi. 2012. A Tested Semantics for Getters, Setters, and Eval in JavaScript. In Proceedings of the 8th Symposium on Dynamic Languages, DLS 2012, Tucson, AZ, USA, October 22, 2012, Alessandro Warth (Ed.). ACM, 1–16. Google Scholar
Digital Library
- Azalea Raad, José Fragoso Santos, and Philippa Gardner. 2016. DOM: Specification and Client Reasoning. In Proceedings of the 14th Asian Symposium on Programming Languages and Systems, APLAS 2016, Hanoi, Vietnam, November 21-23, 2016, (LNCS), Atsushi Igarashi (Ed.), Vol. 10017. 401–422. Google Scholar
Cross Ref
- Aseem Rastogi, Nikhil Swamy, Cédric Fournet, Gavin M. Bierman, and Panagiotis Vekris. 2015. Safe & Efficient Gradual Typing for TypeScript. In Proceedings of the 42nd Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, POPL 2015, Mumbai, India, January 15-17, 2015, Sriram K. Rajamani and David Walker (Eds.). ACM, 167–180. Google Scholar
Digital Library
- John C. Reynolds. 2002. Separation Logic: A Logic for Shared Mutable Data Structures. In the 17th IEEE Symposium on Logic in Computer Science (LICS 2002), 22-25 July 2002, Copenhagen, Denmark, Proceedings. IEEE Computer Society, 55–74. Google Scholar
Cross Ref
- Grigore Roşu and Traian Florin Şerbănuţă. 2010. An Overview of the K Semantic Framework. Journal of Logic and Algebraic Programming 79, 6 (2010), 397–434. Google Scholar
Cross Ref
- Manu Sridharan, Julian Dolby, Satish Chandra, Max Schäfer, and Frank Tip. 2012. Correlation Tracking for Points-To Analysis of JavaScript. In the 26th European Conference on Object-Oriented Programming, ECOOP 2012, Beijing, China, June 11-16, 2012, Proceedings (LNCS), James Noble (Ed.), Vol. 7313. Springer, 435–458. Google Scholar
Digital Library
- Nikhil Swamy, Joel Weinberger, Cole Schlesinger, Juan Chen, and Benjamin Livshits. 2013. Verifying Higher-order Programs with the Dijkstra Monad. In ACM SIGPLAN Conference on Programming Language Design and Implementation, PLDI 2013, Seattle, WA, USA, June 16-19, 2013, Hans-Juergen Boehm and Cormac Flanagan (Eds.). ACM, 387–398. Google Scholar
Digital Library
- Peter Thiemann. 2005. Towards a Type System for Analyzing JavaScript Programs. In Programming Languages and Systems, 14th European Symposium on Programming,ESOP 2005, Held as Part of the Joint European Conferences on Theory and Practice of Software, ETAPS 2005, Edinburgh, UK, April 4-8, 2005, Proceedings (LNCS), Shmuel Sagiv (Ed.), Vol. 3444. Springer, 408–422. Google Scholar
Digital Library
- Emina Torlak and Rastislav Bodík. 2013. Growing Solver-aided Languages with Rosette. In ACM Symposium on New Ideas in Programming and Reflections on Software, Onward! 2013, part of SPLASH 2013, Indianapolis, IN, USA, October 26-31, 2013, Antony Hosking, Patrick Eugster, and Robert Hirschfeld (Eds.). ACM, 135–152. Google Scholar
Digital Library
- Emina Torlak and Rastislav Bodík. 2014. A Lightweight Symbolic Virtual Machine for Solver-aided Host Languages. In ACM SIGPLAN Conference on Programming Language Design and Implementation, PLDI 2014, Edinburgh, United Kingdom - June 09 - 11, 2014, Michael F. P. O’Boyle and Keshav Pingali (Eds.). ACM, 530–541. Google Scholar
Digital Library
- Hongseok Yang, Oukseh Lee, Josh Berdine, C. Calcagno, Byron Cook, Dino Distefano, and Peter O’Hearn. 2008. Scalable Shape Analysis for Systems Code. In CAV 2008: Proceedings of the 20th international conference on Computer Aided Verification. Springer-Verlag, Berlin, Heidelberg, 385–398. Google Scholar
Digital Library
Index Terms
JaVerT: JavaScript verification toolchain






Comments