research-article

Type refinement for static analysis of JavaScript

Authors:

Vineeth Kashyap,

John Sarracino,

Ben Wiedermann,

Ben HardekopfAuthors Info & Claims

DLS '13: Proceedings of the 9th symposium on Dynamic languages

Pages 17 - 26

https://doi.org/10.1145/2508168.2508175

Published: 28 October 2013 Publication History

Abstract

Static analysis of JavaScript has proven useful for a variety of purposes, including optimization, error checking, security auditing, program refactoring, and more. We propose a technique called type refinement that can improve the precision of such static analyses for JavaScript without any discernible performance impact. Refinement is a known technique that uses the conditions in branch guards to refine the analysis information propagated along each branch path. The key insight of this paper is to recognize that JavaScript semantics include many implicit conditional checks on types, and that performing type refinement on these implicit checks provides significant benefit for analysis precision.

To demonstrate the effectiveness of type refinement, we implement a static analysis tool for reporting potential type-errors in JavaScript programs. We provide an extensive empirical evaluation of type refinement using a benchmark suite containing a variety of JavaScript application domains, ranging from the standard performance benchmark suites (Sunspider and Octane), to open-source JavaScript applications, to machine-generated JavaScript via Emscripten. We show that type refinement can significantly improve analysis precision by up to 86% without affecting the performance of the analysis.

References

[1]

Defensive JavaScript. http://www.defensivejs.com/. Accessed: 2013-06-05.

[2]

Emscripten. http://emscripten.org/. Accessed: 2013-06-05.

[3]

LINQ for JavaScript. http://linqjs.codeplex.com/. Accessed: 2013-06-05.

[4]

Octane JavaScript Benchmark. http://code.google.com/p/octane-benchmark/. Accessed: 2013-06-05.

[5]

Rhino Documentation. https://developer.mozilla.org/en-US/docs/Rhino. Accessed: 2013-06-05.

[6]

SunSpider JavaScript Benchmark. http://www.webkit.org/perf/sunspider/sunspider.html. Accessed: 2013-06-05.

[7]

T.J.Watson Libraries for Analysis (WALA). http://wala.sf.net. Accessed: 2013-06-05.

[8]

J.-h. D. An, A. Chaudhuri, J. S. Foster, and M. Hicks. Dynamic inference of static types for ruby. In ACM SIGPLAN Symposium on Principles of Programming Languages (POPL), 2011.

Digital Library

[9]

C. Anderson, P. Giannini, and S. Drossopoulou. Towards type inference for JavaScript. In European Conference on Object-Oriented Programming (ECOOP), 2005.

Digital Library

[10]

G. Balakrishnan and T. Reps. Recency-abstraction for heap allocated storage. In Symposium on Static Analysis (SAS), 2006.

Digital Library

[11]

R. Chugh, P. M. Rondon, and R. Jhala. Nested refinements: a logic for duck typing. In ACM SIGPLAN Symposium on Principles of Programming Languages (POPL), 2012.

Digital Library

[12]

P. Cousot and R. Cousot. Abstract interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints. In ACM SIGPLAN Symposium on Principles of Programming Languages (POPL), 1977.

Digital Library

[13]

A. Feldthaus, T. D. Millstein, A. Møller, M. Schäfer, and F. Tip. Toolsupported refactoring for JavaScript. In ACM SIGPLAN Conference on Object-Oriented Programming, Systems, Languages, and Applications (OOPSLA), 2011.

Digital Library

[14]

T. Freeman and F. Pfenning. Refinement types for ML. In ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI), 1991.

Digital Library

[15]

M. Furr, J.-h. D. An, J. S. Foster, and M. Hicks. Static type inference for ruby. In ACM symposium on Applied Computing, 2009.

Digital Library

[16]

M. Gorbovitski, Y. A. Liu, S. D. Stoller, T. Rothamel, and T. K. Tekle. Alias analysis for optimization of dynamic languages. In Symposium on Dynamic Languages (DLS), 2010.

Digital Library

[17]

S. Guarnieri and B. Livshits. GATEKEEPER: mostly static enforcement of security and reliability policies for JavaScript code. In USENIX security symposium (SSYM), 2009.

Digital Library

[18]

S. Guarnieri, M. Pistoia, O. Tripp, J. Dolby, S. Teilhet, and R. Berg. Saving the world wide web from vulnerable javascript. In International Symposium on Software Testing and Analysis (ISSTA), 2011.

Digital Library

[19]

A. Guha, S. Krishnamurthi, and T. Jim. Static analysis for ajax intrusion detection. In International World Wide Web Conference (WWW), 2009.

Digital Library

[20]

A. Guha, C. Saftoiu, and S. Krishnamurthi. Typing local control and state using flow analysis. In European Symposium on Programming (ESOP), 2011.

Digital Library

[21]

B. Hackett and S. Guo. Fast and precise hybrid type inference for javascript. In ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI), 2012.

Digital Library

[22]

P. Heidegger and P. Thiemann. Recency Types for Analyzing Scripting Languages. In European Conference on Object-Oriented Programming, 2010.

Digital Library

[23]

D. Jang and K.-M. Choe. Points-to analysis for javascript. In ACM symposium on Applied Computing (SAC), 2009.

Digital Library

[24]

S. H. Jensen, A. Møller, and P. Thiemann. Type Analysis for JavaScript. In Symposium on Static Analysis (SAS), 2009.

Digital Library

[25]

G. A. Kildall. A unified approach to global program optimization. In ACM SIGPLAN Symposium on Principles of Programming Languages (POPL), 1973.

Digital Library

[26]

H. Lee, S. Won, J. Jin, J. Cho, and S. Ryu. Safe: Formal specification and implementation of a scalable analysis framework for ecmascript. In International Workshop on Foundations of Object-Oriented Languages (FOOL), 2012.

[27]

F. Logozzo and H. Venter. RATA: rapid atomic type analysis by abstract interpretation -- application to JavaScript optimization. In Joint European conference on Theory and Practice of Software, international conference on Compiler Construction (CC/ETAPS), 2010.

Digital Library

[28]

F. Pluquet, A. Marot, and R. Wuyts. Fast type reconstruction for dynamically typed programming languages. In Symposium on Dynamic Languages (DLS), 2009.

Digital Library

[29]

H. G. Rice. Classes of Recursively Enumerable Sets and Their Decision Problems. Transactions of the American Mathematical Society, 74(2), 1953.

[30]

M. Sridharan, J. Dolby, S. Chandra, M. Schäfer, and F. Tip. Correlation tracking for points-to analysis of javascript. In European Conference on Object-Oriented Programming (ECOOP), 2012.

Digital Library

[31]

S. Tobin-Hochstadt and M. Felleisen. The design and implementation of typed scheme. In ACM SIGPLAN Symposium on Principles of Programming Languages (POPL), 2008.

Digital Library

[32]

S. Tobin-Hochstadt and M. Felleisen. Logical types for untyped languages. In ACM SIGPLAN International Conference on Functional programming (ICFP), 2010.

Digital Library

[33]

T. Zhao. Polymorphic type inference for scripting languages with object extensions. In Symposium on Dynamic Languages (DLS), 2011.

Digital Library

Cited By

Gordon CEdwards JTaeumel M(2024)The Linguistics of ProgrammingProceedings of the 2024 ACM SIGPLAN International Symposium on New Ideas, New Paradigms, and Reflections on Programming and Software10.1145/3689492.3689806(162-182)Online publication date: 17-Oct-2024
https://dl.acm.org/doi/10.1145/3689492.3689806
Kristensen EMøller AAtlee JBultan TWhittle J(2019)Reasonably-most-general clients for JavaScript library analysisProceedings of the 41st International Conference on Software Engineering10.1109/ICSE.2019.00026(83-93)Online publication date: 25-May-2019
https://dl.acm.org/doi/10.1109/ICSE.2019.00026
Sun KRyu S(2017)Analysis of JavaScript ProgramsACM Computing Surveys10.1145/310674150:4(1-34)Online publication date: 25-Aug-2017
https://dl.acm.org/doi/10.1145/3106741
Show More Cited By

Index Terms

Type refinement for static analysis of JavaScript
1. Theory of computation
  1. Semantics and reasoning
    1. Program reasoning
      1. Program analysis
    2. Program semantics

Recommendations

Type refinement for static analysis of JavaScript
DLS '13

Static analysis of JavaScript has proven useful for a variety of purposes, including optimization, error checking, security auditing, program refactoring, and more. We propose a technique called type refinement that can improve the precision of such ...
Systematic approaches for increasing soundness and precision of static analyzers
SOAP 2017: Proceedings of the 6th ACM SIGPLAN International Workshop on State Of the Art in Program Analysis

Building static analyzers for modern programming languages is difficult. Often soundness is a requirement, perhaps with some well-defined exceptions, and precision must be adequate for producing useful results on realistic input programs. Formally ...
Points-to analysis for JavaScript
SAC '09: Proceedings of the 2009 ACM symposium on Applied Computing

JavaScript is widely used by web developers and the complexity of JavaScript programs has increased over the last year. Therefore, the need for program analysis for JavaScript is evident. Points-to analysis for JavaScript is to determine the set of ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

DLS '13: Proceedings of the 9th symposium on Dynamic languages

October 2013

118 pages

ISBN:9781450324335

DOI:10.1145/2508168

Co-chair:
Antony Hosking
Purdue University, USA
,
General Chair:
Patrick Eugster
Purdue University, USA
,
Program Chair:
Carl Friedrich Bolz
Heinrich-Heine-Universität Düsseldorf, Germany

ACM SIGPLAN Notices Volume 49, Issue 2
DLS '13
February 2014
105 pages
ISSN:0362-1340
EISSN:1558-1160
DOI:10.1145/2578856
Editor:
Mark W. Bailey
Hamilton College, Clinton, NY
Issue’s Table of Contents

Copyright © 2013 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGPLAN: ACM Special Interest Group on Programming Languages

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 28 October 2013

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

SPLASH '13

Sponsor:

SIGPLAN

SPLASH '13: Conference on Systems, Programming, and Applications: Software for Humanity

October 28, 2013

Indiana, Indianapolis, USA

Acceptance Rates

DLS '13 Paper Acceptance Rate 9 of 22 submissions, 41%;

Overall Acceptance Rate 32 of 77 submissions, 42%

Upcoming Conference

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

13
Total Citations
View Citations
434
Total Downloads

Downloads (Last 12 months)13
Downloads (Last 6 weeks)0

Reflects downloads up to 13 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

Gordon CEdwards JTaeumel M(2024)The Linguistics of ProgrammingProceedings of the 2024 ACM SIGPLAN International Symposium on New Ideas, New Paradigms, and Reflections on Programming and Software10.1145/3689492.3689806(162-182)Online publication date: 17-Oct-2024
https://dl.acm.org/doi/10.1145/3689492.3689806
Kristensen EMøller AAtlee JBultan TWhittle J(2019)Reasonably-most-general clients for JavaScript library analysisProceedings of the 41st International Conference on Software Engineering10.1109/ICSE.2019.00026(83-93)Online publication date: 25-May-2019
https://dl.acm.org/doi/10.1109/ICSE.2019.00026
Sun KRyu S(2017)Analysis of JavaScript ProgramsACM Computing Surveys10.1145/310674150:4(1-34)Online publication date: 25-Aug-2017
https://dl.acm.org/doi/10.1145/3106741
Bultan TYu FAlkhalaf MAydin ABultan TYu FAlkhalaf MAydin A(2017)A Brief Survey of Related WorkString Analysis for Software Verification and Security10.1007/978-3-319-68670-7_11(155-164)Online publication date: 13-Dec-2017
https://doi.org/10.1007/978-3-319-68670-7_11
Ancona DCorradi A(2016)Semantic subtyping for imperative object-oriented languagesACM SIGPLAN Notices10.1145/3022671.298399251:10(568-587)Online publication date: 19-Oct-2016
https://dl.acm.org/doi/10.1145/3022671.2983992
Ancona DCorradi AVisser ESmaragdakis Y(2016)Semantic subtyping for imperative object-oriented languagesProceedings of the 2016 ACM SIGPLAN International Conference on Object-Oriented Programming, Systems, Languages, and Applications10.1145/2983990.2983992(568-587)Online publication date: 19-Oct-2016
https://dl.acm.org/doi/10.1145/2983990.2983992
Madsen MTip FLhoták O(2015)Static analysis of event-driven Node.js JavaScript applicationsACM SIGPLAN Notices10.1145/2858965.281427250:10(505-519)Online publication date: 23-Oct-2015
https://dl.acm.org/doi/10.1145/2858965.2814272
Madsen MTip FLhoták OAldrich JEugster P(2015)Static analysis of event-driven Node.js JavaScript applicationsProceedings of the 2015 ACM SIGPLAN International Conference on Object-Oriented Programming, Systems, Languages, and Applications10.1145/2814270.2814272(505-519)Online publication date: 23-Oct-2015
https://dl.acm.org/doi/10.1145/2814270.2814272
Cox AChang BRival X(2015)Desynchronized Multi-State Abstractions for Open Programs in Dynamic LanguagesProceedings of the 24th European Symposium on Programming on Programming Languages and Systems - Volume 903210.1007/978-3-662-46669-8_20(483-509)Online publication date: 11-Apr-2015
https://dl.acm.org/doi/10.1007/978-3-662-46669-8_20
Andreasen EMøller A(2014)Determinacy in static analysis for jQueryACM SIGPLAN Notices10.1145/2714064.266021449:10(17-31)Online publication date: 15-Oct-2014
https://dl.acm.org/doi/10.1145/2714064.2660214
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents