2019
DOI: 10.1145/3360566
|View full text |Cite
|
Sign up to set email alerts
|

Static analysis with demand-driven value refinement

Abstract: Static analysis tools for JavaScript must strike a delicate balance, achieving the level of precision required by the most complex features of target programs without incurring prohibitively high analysis time. For example, reasoning about dynamic property accesses sometimes requires precise relational information connecting the object, the dynamically-computed property name, and the property value. Even a minor precision loss at such critical program locations can result in a proliferation of spurious dataflo… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
2
1
1
1

Citation Types

0
11
0

Year Published

2020
2020
2022
2022

Publication Types

Select...
5
4

Relationship

0
9

Authors

Journals

citations
Cited by 17 publications
(11 citation statements)
references
References 42 publications
0
11
0
Order By: Relevance
“…Package-level detection is not accurate and could introduce false positives [56]. Although it is a difficult task [63,67,73], reachability analysis based on call graph [68] can precisely filter out if these vulnerable codes are really called.…”
Section: Discussion 61 Lessons Learned By Our Studymentioning
confidence: 99%
“…Package-level detection is not accurate and could introduce false positives [56]. Although it is a difficult task [63,67,73], reachability analysis based on call graph [68] can precisely filter out if these vulnerable codes are really called.…”
Section: Discussion 61 Lessons Learned By Our Studymentioning
confidence: 99%
“…Value partitioning [Nielsen and Mùller 2020], is an efficient trace partitioning [Rival and Mauborgne 2007] variant, where the analysis does not attempt to refine abstract states, but instead, abstract values. This apporach manages to circumvent the expensive abstract state partitioning [Ko et al 2017] or additional backwards analysis [Stein et al 2019] that previous apporaches required, while maintaining precision.…”
Section: Related Workmentioning
confidence: 99%
“…A potential limitation is that it can be hard to pre-compute a proper call graph for certain dynamic languages such as JavaScript [19,34,43,60]. To support such languages, future work can extend Chianina to explore call edges on-the-fly as part of the computation model.…”
Section: Chianina Overviewmentioning
confidence: 99%