research-article

JSAI: a static analysis platform for JavaScript

Authors:

Vineeth Kashyap,

Ethan A. Kuefner,

John Sarracino,

Ben Wiedermann,

Ben HardekopfAuthors Info & Claims

FSE 2014: Proceedings of the 22nd ACM SIGSOFT International Symposium on Foundations of Software Engineering

Pages 121 - 132

https://doi.org/10.1145/2635868.2635904

Published: 11 November 2014 Publication History

Abstract

JavaScript is used everywhere from the browser to the server, including desktops and mobile devices. However, the current state of the art in JavaScript static analysis lags far behind that of other languages such as C and Java. Our goal is to help remedy this lack. We describe JSAI, a formally specified, robust abstract interpreter for JavaScript. JSAI uses novel abstract domains to compute a reduced product of type inference, pointer analysis, control-flow analysis, string analysis, and integer and boolean constant propagation. Part of JSAI's novelty is user-configurable analysis sensitivity, i.e., context-, path-, and heap-sensitivity. JSAI is designed to be provably sound with respect to a specific concrete semantics for JavaScript, which has been extensively tested against a commercial JavaScript implementation. We provide a comprehensive evaluation of JSAI's performance and precision using an extensive benchmark suite, including real-world JavaScript applications, machine generated JavaScript code via Emscripten, and browser addons. We use JSAI's configurability to evaluate a large number of analysis sensitivities (some well-known, some novel) and observe some surprising results that go against common wisdom. These results highlight the usefulness of a configurable analysis platform such as JSAI.

References

[1]

https://developer.mozilla.org/en-US/docs/ SpiderMonkey.

[2]

https://developer.mozilla.org/en-US/docs/Rhino.

[3]

https://addons.mozilla.org/en-US/firefox/.

[4]

C. Anderson, P. Giannini, and S. Drossopoulou. Towards type inference for javascript. In European conference on Object-oriented programming, 2005.

Digital Library

[5]

G. Balakrishnan and T. Reps. Recency-abstraction for heap-allocated storage. In International conference on Static Analysis, 2006.

Digital Library

[6]

S. Bandhakavi, N. Tiku, W. Pittman, S. T. King, P. Madhusudan, and M. Winslett. Vetting browser extensions for security vulnerabilities with vex. Commun. ACM, 54(9), Sept. 2011.

Digital Library

[7]

M. Bravenboer and Y. Smaragdakis. Strictly declarative specification of sophisticated points-to analyses. In ACM International Conference on Object Oriented Programming Systems Languages and Applications. ACM, 2009.

Digital Library

[8]

R. Chugh, D. Herman, and R. Jhala. Dependent types for javascript. In International Conference on Object Oriented Programming Systems Languages and Applications, 2012.

Digital Library

[9]

R. Chugh, J. A. Meister, R. Jhala, and S. Lerner. Staged information flow for javascript. In ACM SIGPLAN Conference on Programming Languages Design and Implementation, 2009.

Digital Library

[10]

P. Cousot and R. Cousot. Systematic design of program analysis frameworks. In ACM Symposium on Principles of Programming Languages, 1979.

Digital Library

[11]

ECMA. ECMA-262: ECMAScript Language Specification. Third edition, Dec. 1999.

[12]

A. Feldthaus, M. Schäfer, M. Sridharan, J. Dolby, and F. Tip. Efficient construction of approximate call graphs for javascript ide services. In International Conference on Software Engineering. IEEE Press, 2013.

Digital Library

[13]

P. A. Gardner, S. Maffeis, and G. D. Smith. Towards a program logic for javascript. In ACM Symposium on Principles of programming languages, 2012.

Digital Library

[14]

S. Guarnieri and B. Livshits. Gatekeeper: mostly static enforcement of security and reliability policies for javascript code. In Conference on USENIX security symposium, 2009.

Digital Library

[15]

A. Guha, S. Krishnamurthi, and T. Jim. Using static analysis for Ajax intrusion detection. In World Wide Web Conference, 2009.

Digital Library

[16]

A. Guha, C. Saftoiu, and S. Krishnamurthi. The essence of javascript. In European conference on Object-oriented programming, 2010.

Digital Library

[17]

A. Guha, C. Saftoiu, and S. Krishnamurthi. Typing local control and state using flow analysis. In European conference on Programming languages and systems, 2011.

Digital Library

[18]

B. Hardekopf, B. Wiedermann, B. Churchill, and V. Kashyap. Widening for control-flow. In International Conference on Verification, Model Checking, and Abstract Interpretation, 2014.

Digital Library

[19]

P. Heidegger and P. Thiemann. Recency types for analyzing scripting languages. European conference on Object-oriented programming, 2010.

Digital Library

[20]

D. Jang and K.-M. Choe. Points-to analysis for javascript. In Symposium on Applied Computing, 2009.

Digital Library

[21]

S. H. Jensen, P. A. Jonsson, and A. Møller. Remedying the Eval that Men Do. In International Symposium on Software Testing and Analysis, 2012.

Digital Library

[22]

S. H. Jensen, A. Møller, and P. Thiemann. Type Analysis for Javascript. In International Symposium on Static Analysis, 2009.

Digital Library

[23]

S. H. Jensen, A. Møller, and P. Thiemann. Interprocedural Analysis with Lazy Propagation. In International Symposium on Static Analysis, 2010.

Digital Library

[24]

V. Kashyap and B. Hardekopf. Security signature inference for javascript-based browser addons. In Symposium on Code Generation and Optimization, 2014.

Digital Library

[25]

V. Kashyap, J. Sarracino, J. Wagner, B. Wiedermann, and B. Hardekopf. Type refinement for static analysis of javascript. In Symposium on Dynamic Languages, 2013.

Digital Library

[26]

G. Kastrinis and Y. Smaragdakis. Hybrid context-sensitivity for points-to analysis. In ACM SIGPLAN Conference on Programming Languages Design and Implementation. ACM, 2013.

Digital Library

[27]

H. Lee, S. Won, J. Jin, J. Cho, and S. Ryu. Safe: Formal specification and implementation of a scalable analysis framework for ecmascript. In International Workshop on Foundations of Object-Oriented Languages, 2012.

[28]

F. Logozzo and H. Venter. Rata: Rapid Atomic Type Analysis by Abstract Interpretation – Application to Javascript Optimization. In Joint European Conference on Theory and Practice of Software, International Conference on Compiler Construction, 2010.

Digital Library

[29]

M. Madsen, B. Livshits, and M. Fanning. Practical static analysis of JavaScript applications in the presence of frameworks and libraries. In ACM Symposium on the Foundations of Software Engineering, Aug. 2013.

Digital Library

[30]

S. Maffeis, J. C. Mitchell, and A. Taly. An operational semantics for javascript. In Asian Symposium on Programming Languages and Systems, 2008.

Digital Library

[31]

M. Schäfer, M. Sridharan, J. Dolby, and F. Tip. Dynamic determinacy analysis. In ACM SIGPLAN Conference on Programming Languages Design and Implementation. ACM, 2013.

Digital Library

[32]

Y. Smaragdakis, M. Bravenboer, and O. Lhoták. Pick your contexts well: understanding object-sensitivity. In ACM Symposium on Principles of programming languages, 2011.

Digital Library

[33]

A. Taly, U. Erlingsson, J. C. Mitchell, M. S. Miller, and J. Nagra. Automated analysis of security-critical javascript apis. In IEEE Symposium on Security and Privacy, 2011.

Digital Library

[34]

P. Thiemann. Towards a Type System for Analyzing Javascript Programs. In European Conference on Programming Languages and Systems, 2005.

Digital Library

[35]

D. Van Horn and M. Might. Abstracting abstract machines. In International Conference on Functional Programming, 2010.

Digital Library

[36]

D. Vardoulakis. CFA2: Pushdown Flow Analysis for Higher-Order Languages. PhD thesis, Northeastern University, 2012.

Digital Library

[37]

M. Weiser. Program slicing. In International Conference on Software Engineering. IEEE Press, 1981.

Digital Library

[38]

D. Zanardini. The semantics of abstract program slicing. In IEEE International Working Conference on Source Code Analysis and Manipulation, 2008.

Cited By

Wang YFan MZhou HWang HJin WLi JChen WLi SZhang YHan DLiu TFilkov VRay BZhou M(2024)MiniChecker: Detecting Data Privacy Risk of Abusive Permission Request Behavior in Mini-ProgramsProceedings of the 39th IEEE/ACM International Conference on Automated Software Engineering10.1145/3691620.3695534(1667-1679)Online publication date: 27-Oct-2024
https://dl.acm.org/doi/10.1145/3691620.3695534
Guo ZKang MVenkatakrishnan VGjomemo RCao YLuo BLiao XXu JKirda ELie D(2024)ReactAppScan: Mining React Application Vulnerabilities via Component GraphProceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security10.1145/3658644.3670331(585-599)Online publication date: 2-Dec-2024
https://dl.acm.org/doi/10.1145/3658644.3670331
Zhang ZHou QYing LDiao WGu YLi RGuo SDuan HLuo BLiao XXu JKirda ELie D(2024)MiniCAT: Understanding and Detecting Cross-Page Request Forgery Vulnerabilities in Mini-ProgramsProceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security10.1145/3658644.3670294(525-539)Online publication date: 2-Dec-2024
https://dl.acm.org/doi/10.1145/3658644.3670294
Show More Cited By

Index Terms

JSAI: a static analysis platform for JavaScript
1. Theory of computation
  1. Semantics and reasoning
    1. Program semantics

Recommendations

Numerical static analysis with Soot
SOAP '13: Proceedings of the 2nd ACM SIGPLAN International Workshop on State Of the Art in Java Program analysis

Numerical static analysis computes an approximation of all the possible values that a numeric variable may assume, in any execution of the program. Many numerical static analyses have been proposed exploiting the theory of abstract interpretation, which ...
An algorithmic mitigation of large spurious interprocedural cycles in static analysis

We present a simple algorithmic extension of the approximate call-strings approach to mitigate substantial performance degradation caused by spurious interprocedural cycles. Spurious interprocedural cycles are, in a realistic setting, the key reasons ...
Pushdown control-flow analysis for free
POPL '16

Traditional control-flow analysis (CFA) for higher-order languages introduces spurious connections between callers and callees, and different invocations of a function may pollute each other's return flows. Recently, three distinct approaches have been ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

FSE 2014: Proceedings of the 22nd ACM SIGSOFT International Symposium on Foundations of Software Engineering

November 2014

856 pages

ISBN:9781450330565

DOI:10.1145/2635868

General Chair:
Shing-Chi Cheung
Hong Kong University of Science and Technology, China
,
Program Chairs:
Alessandro Orso
Georgia Institute of Technology, USA
,
Margaret-Anne Storey
University of Victoria, Canada

Copyright © 2014 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGSOFT: ACM Special Interest Group on Software Engineering

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 11 November 2014

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

SIGSOFT/FSE'14

Sponsor:

SIGSOFT

SIGSOFT/FSE'14: 22nd ACM SIGSOFT Symposium on the Foundations of Software Engineering

November 16 - 21, 2014

Hong Kong, China

Acceptance Rates

Overall Acceptance Rate 17 of 128 submissions, 13%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

124
Total Citations
View Citations
1,078
Total Downloads

Downloads (Last 12 months)93
Downloads (Last 6 weeks)10

Reflects downloads up to 01 Mar 2025

Other Metrics

View Author Metrics

Citations

Cited By

Wang YFan MZhou HWang HJin WLi JChen WLi SZhang YHan DLiu TFilkov VRay BZhou M(2024)MiniChecker: Detecting Data Privacy Risk of Abusive Permission Request Behavior in Mini-ProgramsProceedings of the 39th IEEE/ACM International Conference on Automated Software Engineering10.1145/3691620.3695534(1667-1679)Online publication date: 27-Oct-2024
https://dl.acm.org/doi/10.1145/3691620.3695534
Guo ZKang MVenkatakrishnan VGjomemo RCao YLuo BLiao XXu JKirda ELie D(2024)ReactAppScan: Mining React Application Vulnerabilities via Component GraphProceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security10.1145/3658644.3670331(585-599)Online publication date: 2-Dec-2024
https://dl.acm.org/doi/10.1145/3658644.3670331
Zhang ZHou QYing LDiao WGu YLi RGuo SDuan HLuo BLiao XXu JKirda ELie D(2024)MiniCAT: Understanding and Detecting Cross-Page Request Forgery Vulnerabilities in Mini-ProgramsProceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security10.1145/3658644.3670294(525-539)Online publication date: 2-Dec-2024
https://dl.acm.org/doi/10.1145/3658644.3670294
Laursen MXu WMøller A(2024)Reducing Static Analysis Unsoundness with Approximate InterpretationProceedings of the ACM on Programming Languages10.1145/36564248:PLDI(1165-1188)Online publication date: 20-Jun-2024
https://dl.acm.org/doi/10.1145/3656424
Ferreira MMonteiro MBrito TCoimbra MSantos NJia LSantos J(2024)Efficient Static Vulnerability Analysis for JavaScript with Multiversion Dependency GraphsProceedings of the ACM on Programming Languages10.1145/36563948:PLDI(417-441)Online publication date: 20-Jun-2024
https://dl.acm.org/doi/10.1145/3656394
Sofaer RDavid YKang MYu JCao YYang JNieh JRoychoudhury APaiva AAbreu RStorey M(2024)RogueOne: Detecting Rogue Updates via Differential Data-flow Analysis Using Trust DomainsProceedings of the IEEE/ACM 46th International Conference on Software Engineering10.1145/3597503.3639199(1-13)Online publication date: 20-May-2024
https://dl.acm.org/doi/10.1145/3597503.3639199
Kanyal RSarangi SChua TNgo CKa-Wei Lee RKumar RLauw H(2024)PanoptiChrome: A Modern In-browser Taint Analysis FrameworkProceedings of the ACM Web Conference 202410.1145/3589334.3645699(1914-1922)Online publication date: 13-May-2024
https://dl.acm.org/doi/10.1145/3589334.3645699
Wang YFan MLiu JTao JJin WWang HXiong QLiu T(2024)Do as You Say: Consistency Detection of Data Practice in Program Code and Privacy Policy in Mini-AppIEEE Transactions on Software Engineering10.1109/TSE.2024.347928850:12(3225-3248)Online publication date: 1-Dec-2024
https://dl.acm.org/doi/10.1109/TSE.2024.3479288
Liblit BLyu YMukherjee RTripp OWang Y(2024)User-assisted code query customization and optimizationInternational Journal on Software Tools for Technology Transfer (STTT)10.1007/s10009-024-00763-026:5(607-619)Online publication date: 1-Oct-2024
https://dl.acm.org/doi/10.1007/s10009-024-00763-0
Kalita PReps TRoy S(2024)Synthesizing Abstract Transformers for Reduced-Product DomainsStatic Analysis10.1007/978-3-031-74776-2_6(147-172)Online publication date: 20-Oct-2024
https://dl.acm.org/doi/10.1007/978-3-031-74776-2_6
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Figures

Tables

Media

View Table of Conten