Type refinement for static analysis of JavaScript

Kashyap, Vineeth; Sarracino, John; Wagner, John; Wiedermann, Ben; Hardekopf, Ben

doi:10.1145/2508168.2508175

Cited by 15 publications

(4 citation statements)

References 30 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…TAJS [17,18], WALA [27], JSAI [15,19], and SAFE [1,21] are whole-program JavaScript analyses. Unlike the above systems, they require no annotations at all and are highly automated.…”

Section: Related Workmentioning

confidence: 99%

“…As a result, there is a proliferation of generic libraries and code reuse in the JavaScript community. Unfortunately, even though library authors would like to know that their libraries work correctly with any client, current verification techniques cannot verify this because they do not also follow the DRY mantra -they require reverifying libraries along with each and every client [15,[17][18][19]27]. This paper brings the DRY mantra to automatic dynamic language verification by modularly verifying libraries without the presence of client code.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Desynchronized Multi-State Abstractions for Open Programs in Dynamic Languages

Cox

Chang

Rival

2015

Programming Languages and Systems

View full text Add to dashboard Cite

Abstract. Dynamic language library developers face a challenging problem: ensuring that their libraries will behave correctly for a wide variety of client programs without having access to those client programs. This problem stems from the common use of two defining features for dynamic languages: callbacks into client code and complex manipulation of attribute names within objects. To remedy this problem, we introduce two state-spanning abstractions. To analyze callbacks, the first abstraction desynchronizes a heap, allowing partitions of the heap that may be affected by a callback to an unknown function to be frozen in the state prior to the call. To analyze object attribute manipulation, building upon an abstraction for dynamic language heaps, the second abstraction tracks attribute name/value pairs across the execution of a library. We implement these abstractions and use them to verify modular specifications of class-, trait-, and mixin-implementing libraries.

show abstract

“…TAJS [17,18], WALA [27], JSAI [15,19], and SAFE [1,21] are whole-program JavaScript analyses. Unlike the above systems, they require no annotations at all and are highly automated.…”

Section: Related Workmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Desynchronized Multi-State Abstractions for Open Programs in Dynamic Languages

Cox

Chang

Rival

2015

Programming Languages and Systems

View full text Add to dashboard Cite

show abstract

“…As opposed to directly abstracting open objects, TAJS [21,22], WALA [31], and JSAI [19,24] extend standard field-sensitive analyses to JavaScript by adding a summary field for all unknown attributes. They employ clever interprocedural analysis tricks to propagate statically known object attributes through loops and across function call boundaries.…”

Section: Related Workmentioning

confidence: 99%

Automatic Analysis of Open Objects in Dynamic Language Programs

2014

View full text Add to dashboard Cite

Abstract. In dynamic languages, objects are open-they support iteration over and dynamic addition/deletion of their attributes. Open objects, because they have an unbounded number of attributes, are difficult to abstract without a priori knowledge of all or nearly all of the attributes and thus pose a significant challenge for precise static analysis. To address this challenge, we present the HOO (Heap with Open Objects) abstraction that can precisely represent and infer properties about open-objectmanipulating programs without any knowledge of specific attributes. It achieves this by building upon a relational abstract domain for sets that is used to reason about partitions of object attributes. An implementation of the resulting static analysis is used to verify specifications for dynamic language framework code that makes extensive use of open objects, thus demonstrating the effectiveness of this approach.

show abstract

“…Further, it is possible to assign this variable to a different type by executing a different assignment statement within the same JavaScript code. The dynamic typed feature of JavaScript makes it difficult to analyze the variable types statically, as these types can be modified during program execution [15,23].…”

Section: Challengesmentioning

confidence: 99%

Dompletion

Bajaj

Pattabiraman

Mesbah

2014

Proceedings of the 29th ACM/IEEE International Conference on Automated Software Engineering

View full text Add to dashboard Cite

JavaScript is a scripting language that plays a prominent role in modern web applications. It is dynamic in nature and interacts heavily with the Document Object Model (DOM) at runtime. These characteristics make providing code completion support to JavaScript programmers particularly challenging. We propose an automated technique that reasons about existing DOM structures, dynamically analyzes the JavaScript code, and provides code completion suggestions for JavaScript code that interacts with the DOM through its APIs. Our automated code completion scheme is implemented in an open source tool called DOMPLETION. The results of our empirical evaluation indicate that (1) DOM structures exhibit patterns, which can be extracted and reasoned about in the context of code completion suggestions; (2) DOMPLETION can provide code completion suggestions with a recall of 89%, precision of 90%, and an average time of 2.8 seconds.

show abstract

Type refinement for static analysis of JavaScript

Cited by 15 publications

References 30 publications

Desynchronized Multi-State Abstractions for Open Programs in Dynamic Languages

Desynchronized Multi-State Abstractions for Open Programs in Dynamic Languages

Automatic Analysis of Open Objects in Dynamic Language Programs

Dompletion

Contact Info

Product

Resources

About