skip to main content
10.1145/2491411.2491417acmconferencesArticle/Chapter ViewAbstractPublication PagesfseConference Proceedingsconference-collections
research-article

Practical static analysis of JavaScript applications in the presence of frameworks and libraries

Published:18 August 2013Publication History

ABSTRACT

JavaScript is a language that is widely-used for both web- based and standalone applications such as those in the upcoming Windows 8 operating system. Analysis of JavaScript has long been known to be challenging due to its dynamic nature. On top of that, most JavaScript applications rely on large and complex libraries and frameworks, often written in a combination of JavaScript and native code such as C and C++. Stubs have been commonly employed as a partial specification mechanism to address the library problem; however, they are tedious to write, incomplete, and occasionally incorrect.

However, the manner in which library code is used within applications often sheds light on what library APIs return or consume as parameters. In this paper, we propose a technique which combines pointer analysis with use analysis to handle many challenges posed by large JavaScript libraries. Our approach enables a variety of applications, ranging from call graph discovery to auto-complete to supporting runtime optimizations. Our techniques have been implemented and empirically validated on a set of 25 Windows 8 JavaScript applications, averaging 1,587 lines of code, demonstrating a combination of scalability and precision.

References

  1. K. Ali and O. Lhotak. Application-only call graph construction. In Proceedings of the European Conference on Object-Oriented Programming, 2012. Google ScholarGoogle ScholarDigital LibraryDigital Library
  2. L. O. Andersen. Program analysis and specialization for the C programming language. Technical report, University of Copenhagen, 1994.Google ScholarGoogle Scholar
  3. C. Anderson and P. Giannini. Type checking for JavaScript. In In WOOD ˇ S04, volume WOOD of ENTCS. Elsevier, 2004. http://www.binarylord.com/ work/js0wood.pdf, 2004.Google ScholarGoogle Scholar
  4. C. Anderson, P. Giannini, and S. Drossopoulou. Towards type inference for JavaScript. In In Proceedings of the European Conference on Object-Oriented Programming, pages 429–452, July 2005. Google ScholarGoogle ScholarDigital LibraryDigital Library
  5. M. Bravenboer and Y. Smaragdakis. Strictly declarative specification of sophisticated points-to analyses. In OOPSLA, pages 243–262, 2009. Google ScholarGoogle ScholarDigital LibraryDigital Library
  6. R. Cartwright and M. Fagan. Soft typing. SIGPLAN Notices, 39(4):412–428, 2004. Google ScholarGoogle ScholarDigital LibraryDigital Library
  7. R. Chugh, J. A. Meister, R. Jhala, and S. Lerner. Staged information flow for JavaScript. In PLDI, June 2009. Google ScholarGoogle ScholarDigital LibraryDigital Library
  8. L. M. de Moura and N. Bjørner. Z3: An efficient SMT solver. In TACAS, pages 337–340, 2008.Google ScholarGoogle ScholarDigital LibraryDigital Library
  9. P. Gardner, S. Maffeis, and G. D. Smith. Towards a program logic for JavaScript. In POPL, 2012. Google ScholarGoogle ScholarDigital LibraryDigital Library
  10. M. Grace, Y. Zhou, Z. Wang, and X. Jiang. Systematic detection of capability leaks in stock Android smartphones. In NDSS, 2012.Google ScholarGoogle Scholar
  11. D. Grove and C. Chambers. A framework for call graph construction algorithms. Transactions of Programming Language Systems, 23(6), 2001. Google ScholarGoogle ScholarDigital LibraryDigital Library
  12. D. Grove, G. DeFouw, J. Dean, and C. Chambers. Call graph construction in object-oriented languages. In OOPSLA, pages 108–124, Oct. 1997. Google ScholarGoogle ScholarDigital LibraryDigital Library
  13. S. Guarnieri and B. Livshits. Gatekeeper: Mostly static enforcement of security and reliability policies for JavaScript code. In Proceedings of the Usenix Security Symposium, Aug. 2009. Google ScholarGoogle ScholarDigital LibraryDigital Library
  14. S. Guarnieri and B. Livshits. Gulfstream: Incremental static analysis for streaming JavaScript applications. In Proceedings of the USENIX Conference on Web Application Development, June 2010. Google ScholarGoogle ScholarDigital LibraryDigital Library
  15. A. Guha, M. Fredrikson, B. Livshits, and N. Swamy. Verified security for browser extensions. In IEEE Symposium on Security and Privacy, May 2011. Google ScholarGoogle ScholarDigital LibraryDigital Library
  16. S. H. Jensen, P. A. Jonsson, and A. Møller. Remedying the eval that men do. In ISSTA, July 2012. Google ScholarGoogle ScholarDigital LibraryDigital Library
  17. S. H. Jensen, M. Madsen, and A. Møller. Modeling the HTML DOM and browser API in static analysis of JavaScript web applications. In FSE, 2011. Google ScholarGoogle ScholarDigital LibraryDigital Library
  18. S. H. Jensen, A. Møller, and P. Thiemann. Type analysis for JavaScript. In Proceedings of the International Static Analysis Symposium, volume 5673, August 2009. Google ScholarGoogle ScholarDigital LibraryDigital Library
  19. B. Livshits and M. S. Lam. Finding security errors in Java programs with static analysis. In Proceedings of the Usenix Security Symposium, Aug. 2005. Google ScholarGoogle ScholarDigital LibraryDigital Library
  20. B. Livshits, M. Sridharan, Y. Smaragdakis, and O. Lhotak. In defense of unsoundness. http://soundiness.org, 2013.Google ScholarGoogle Scholar
  21. B. Livshits, J. Whaley, and M. S. Lam. Reflection analysis for java. In LNCS 3780, Nov. 2005. Google ScholarGoogle ScholarDigital LibraryDigital Library
  22. M. Madsen, B. Livshits, and M. Fanning. Practical static analysis of JavaScript applications in the presence of frameworks and libraries. Technical Report MSR-TR-2012-66, Microsoft Research, 2012.Google ScholarGoogle Scholar
  23. S. Maffeis, J. Mitchell, and A. Taly. An operational semantics for JavaScript. 2008.Google ScholarGoogle Scholar
  24. A. Milanova, A. Rountev, and B. G. Ryder. Precise and efficient call graph construction for programs with function pointers. Journal of Automated Software Engineering, 2004. Google ScholarGoogle ScholarDigital LibraryDigital Library
  25. G. Richards, C. Hammer, B. Burg, and J. Vitek. The eval that men do – a large-scale study of the use of eval in JavaScript applications. In ECOOP, pages 52–78, 2011. Google ScholarGoogle ScholarDigital LibraryDigital Library
  26. M. Schaefer, M. Sridharan, J. Dolby, and F. Tip. Effective smart completion for JavaScript. Technical Report RC25359, IBM Research, Mar. 2013.Google ScholarGoogle Scholar
  27. M. Sridharan, J. Dolby, S. Chandra, M. Schaefer, and F. Tip. Correlation tracking for points-to analysis of JavaScript. In ECOOP, 2012. Google ScholarGoogle ScholarDigital LibraryDigital Library
  28. P. Thiemann. Towards a type system for analyzing JavaScript programs. European Symposium On Programming, 2005. Google ScholarGoogle ScholarDigital LibraryDigital Library
  29. P. Thiemann. A type safe DOM API. In DBPL, pages 169–183, 2005. Google ScholarGoogle ScholarDigital LibraryDigital Library
  30. J. Whaley, D. Avots, M. Carbin, and M. S. Lam. Using Datalog and binary decision diagrams for program analysis. In APLAS, Nov. 2005. Google ScholarGoogle ScholarDigital LibraryDigital Library

Index Terms

  1. Practical static analysis of JavaScript applications in the presence of frameworks and libraries

    Recommendations

    Comments

    Login options

    Check if you have access through your login credentials or your institution to get full access on this article.

    Sign in
    • Published in

      cover image ACM Conferences
      ESEC/FSE 2013: Proceedings of the 2013 9th Joint Meeting on Foundations of Software Engineering
      August 2013
      738 pages
      ISBN:9781450322379
      DOI:10.1145/2491411

      Copyright © 2013 ACM

      Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

      Publisher

      Association for Computing Machinery

      New York, NY, United States

      Publication History

      • Published: 18 August 2013

      Permissions

      Request permissions about this article.

      Request Permissions

      Check for updates

      Qualifiers

      • research-article

      Acceptance Rates

      Overall Acceptance Rate112of543submissions,21%

    PDF Format

    View or Download as a PDF file.

    PDF

    eReader

    View online with eReader.

    eReader