Proceedings of the 22nd ACM SIGSOFT International Symposium on Foundations of Software Engineering 2014
DOI: 10.1145/2635868.2635904
|View full text |Cite
|
Sign up to set email alerts
|

JSAI: a static analysis platform for JavaScript

Abstract: JavaScript is used everywhere from the browser to the server, including desktops and mobile devices. However, the current state of the art in JavaScript static analysis lags far behind that of other languages such as C and Java. Our goal is to help remedy this lack. We describe JSAI, a formally specified, robust abstract interpreter for JavaScript. JSAI uses novel abstract domains to compute a reduced product of type inference, pointer analysis, control-flow analysis, string analysis, and integer and boolean c… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
2
1
1

Citation Types

0
77
0
2

Year Published

2015
2015
2019
2019

Publication Types

Select...
6
1
1

Relationship

0
8

Authors

Journals

citations
Cited by 134 publications
(79 citation statements)
references
References 36 publications
0
77
0
2
Order By: Relevance
“…Several studies have focused on static analysis for JavaScript since ASATs have different kinds of requirements for dynamic languages than for static languages [126,111,86]. Other research has been conducted on general ASATs, including how developers use these tools…”
Section: Introductionmentioning
confidence: 99%
“…Several studies have focused on static analysis for JavaScript since ASATs have different kinds of requirements for dynamic languages than for static languages [126,111,86]. Other research has been conducted on general ASATs, including how developers use these tools…”
Section: Introductionmentioning
confidence: 99%
“…We used the abstract interpreter JSAI from [15] to test the assertions. JSAI is a framework written in Scala.…”
Section: Discussionmentioning
confidence: 99%
“…The assertion statement is a special function call. All the details about the translator can be found in [15]. The static analysis engine takes as input the abstract syntax tree extended with assertion statements.…”
mentioning
confidence: 99%
“…The existing literature covers a wide range of analysis techniques for JavaScript programs, including: type systems [Anderson et al 2005;Bierman et al 2014;Feldthaus and Mùller 2014;Jensen et al 2009;Microsoft 2014;Rastogi et al 2015;Thiemann 2005], control flow analysis [Feldthaus et al 2013], pointer analysis [Jang and Choe 2009;Sridharan et al 2012] and abstract interpretation [Andreasen and Mùller 2014;Jensen et al 2009;Kashyap et al 2014;Park and Ryu 2015], among others. In contrast, there has been comparatively little work on logic-based verification of JavaScript programs.…”
Section: Related Workmentioning
confidence: 99%
“…There is a rich landscape of IRs for JavaScript, broadly divided into two categories: (1) those for syntax-directed analyses, following the abstract syntax tree of the program, such as λ J S [Guha et al 2010], S5 [Politz et al 2012], and notJS [Kashyap et al 2014]; and (2) those for analyses based on the control-flow graph of the program, such as JSIR [Livshits 2014], WALA [Sridharan et al 2012] and the IR of TAJS [Andreasen and Mùller 2014;Jensen et al 2009]. SAFE [Lee et al 2012], an analysis framework for JavaScript, provides IRs in both categories.…”
Section: Related Workmentioning
confidence: 99%