research-article

Determinacy in static analysis for jQuery

Authors:

Esben Andreasen,

Anders MøllerAuthors Info & Claims

OOPSLA '14: Proceedings of the 2014 ACM International Conference on Object Oriented Programming Systems Languages & Applications

Pages 17 - 31

https://doi.org/10.1145/2660193.2660214

Published: 15 October 2014 Publication History

Abstract

Static analysis for JavaScript can potentially help programmers find errors early during development. Although much progress has been made on analysis techniques, a major obstacle is the prevalence of libraries, in particular jQuery, which apply programming patterns that have detrimental consequences on the analysis precision and performance. Previous work on dynamic determinacy analysis has demonstrated how information about program expressions that always resolve to a fixed value in some call context may lead to significant scalability improvements of static analysis for such code. We present a static dataflow analysis for JavaScript that infers and exploits determinacy information on-the-fly, to enable analysis of some of the most complex parts of jQuery. The analysis combines selective context and path sensitivity, constant propagation, and branch pruning, based on a systematic investigation of the main causes of analysis imprecision when using a more basic analysis.

The techniques are implemented in the TAJS analysis tool and evaluated on a collection of small programs that use jQuery. Our results show that the proposed analysis techniques boost both precision and performance, specifically for inferring type information and call graphs.

References

[1]

F. Allen and J. Cocke. A catalogue of optimizing transformations. In Design and Optimization of Compilers, pages 1--30. Prentice-Hall, 1971.

[2]

C. Anderson, P. Giannini, and S. Drossopoulou. Towards type inference for JavaScript. In Proc. 19th European Conference on Object-Oriented Programming, July 2005.

Digital Library

[3]

G. Balakrishnan and T. W. Reps. Recency-abstraction for heap-allocated storage. In Proc. 13th International Static Analysis Symposium, August 2006.

Digital Library

[4]

T. Ball and S. K. Rajamani. Bebop: a path-sensitive interprocedural dataflow engine. In Proc. ACM SIGPLAN-SIGSOFT Workshop on Program Analysis For Software Tools and Engineering, June 2001.

Digital Library

[5]

R. Chugh, J. A. Meister, R. Jhala, and S. Lerner. Staged information flow for JavaScript. In Proc. 30th ACM SIGPLAN Conference on Programming Language Design and Implementation, June 2009.

Digital Library

[6]

ECMA. ECMAScript Language Specification, 3rd edition, 2000. ECMA-262.

[7]

A. Feldthaus and A. Møller. Semi-automatic rename refactoring for JavaScript. In Proc. 28th ACM SIGPLAN Conference on Object-Oriented Programming, Systems, Languages, and Applications, October 2013.

Digital Library

[8]

A. Feldthaus, T. Millstein, A. Møller, M. Schäfer, and F. Tip. Tool-supported refactoring for JavaScript. In Proc. 26th ACM SIGPLAN Conference on Object-Oriented Programming, Systems, Languages, and Applications, October 2011.

Digital Library

[9]

A. Feldthaus, M. Schäfer, M. Sridharan, J. Dolby, and F. Tip. Efficient construction of approximate call graphs for JavaScript IDE services. In Proc. 35th International Conference on Software Engineering, May 2013.

Digital Library

[10]

S. Guarnieri and V. B. Livshits. Gatekeeper: Mostly static enforcement of security and reliability policies for JavaScript code. In Proc. 18th USENIX Security Symposium, August 2009.

Digital Library

[11]

S. Guarnieri, M. Pistoia, O. Tripp, J. Dolby, S. Teilhet, and R. Berg. Saving the world wide web from vulnerable JavaScript. In Proc. 20th International Symposium on Software Testing and Analysis. ACM, July 2011.

Digital Library

[12]

A. Guha, S. Krishnamurthi, and T. Jim. Using static analysis for Ajax intrusion detection. In Proc. 18th International Conference on World Wide Web. ACM, May 2009.

Digital Library

[13]

B. Hackett and S. Guo. Fast and precise hybrid type inference for JavaScript. In Proc. ACM SIGPLAN Conference on Programming Language Design and Implementation, June 2012.

Digital Library

[14]

D. Jang and K.-M. Choe. Points-to analysis for JavaScript. In Proc. 24th Annual ACM Symposium on Applied Computing, Programming Language Track, March 2009.

Digital Library

[15]

S. H. Jensen, A. Møller, and P. Thiemann. Type analysis for JavaScript. In Proc. 16th International Static Analysis Symposium, August 2009.

Digital Library

[16]

S. H. Jensen, A. Møller, and P. Thiemann. Interprocedural analysis with lazy propagation. In Proc. 17th International Static Analysis Symposium, September 2010.

Digital Library

[17]

S. H. Jensen, M. Madsen, and A. Møller. Modeling the HTML DOM and browser API in static analysis of JavaScript web applications. In Proc. European Software Engineering Conference / ACM SIGSOFT Symposium on the Foundations of Software Engineering, September 2011.

Digital Library

[18]

S. H. Jensen, P. A. Jonsson, and A. Møller. Remedying the eval that men do. In Proc. 21st International Symposium on Software Testing and Analysis, July 2012.

Digital Library

[19]

J. B. Kam and J. D. Ullman. Monotone data flow analysis frameworks. Acta Informatica, 7:305--317, 1977. Springer.

Digital Library

[20]

V. Kashyap, J. Sarracino, J. Wagner, B. Wiedermann, and B. Hardekopf. Type refinement for static analysis of JavaScript. In Proc. 9th Symposium on Dynamic Languages, October 2013.

Digital Library

[21]

G. Kastrinis and Y. Smaragdakis. Hybrid context-sensitivity for points-to analysis. In ACM SIGPLAN Conference on Programming Language Design and Implementation, June 2013.

Digital Library

[22]

B. S. Lerner, L. Elberty, J. Li, and S. Krishnamurthi. Combining form and function: Static types for JQuery programs. In Proc. 27th European Conference on Object-Oriented Programming, July 2013.

Digital Library

[23]

F. Logozzo and H. Venter. RATA: Rapid atomic type analysis by abstract interpretation - application to JavaScript optimization. In Proc. 19th International Conference on Compiler Construction, March 2010.

Digital Library

[24]

M. Madsen, B. Livshits, and M. Fanning. Practical static analysis of JavaScript applications in the presence of frameworks and libraries. In Proc. European Software Engineering Conference/ACM SIGSOFT Symposium on the Foundations of Software Engineering, August 2013.

Digital Library

[25]

M. Might and O. Shivers. Improving flow analyses via CFA: abstract garbage collection and counting. In Proc. 11th ACM SIGPLAN International Conference on Functional Programming, September 2006.

Digital Library

[26]

A. Milanova, A. Rountev, and B. G. Ryder. Parameterized object sensitivity for points-to analysis for Java. ACM Transactions on Software Engineering and Methodology, 14(1), 2005.

Digital Library

[27]

J. Plevyak and A. A. Chien. Precise concrete type inference for object-oriented languages. In Proc. 9th Annual Conference on Object-Oriented Programming Systems, Languages, and Applications, October 1994.

Digital Library

[28]

T. W. Reps, S. Schwoon, S. Jha, and D. Melski. Weighted pushdown systems and their application to interprocedural dataflow analysis. Science of Computer Programming, 58(1--2):206--263, 2005.

Digital Library

[29]

M. Schäfer, M. Sridharan, J. Dolby, and F. Tip. Dynamic determinacy analysis. In Proc. ACM SIGPLAN Conference on Programming Language Design and Implementation, June 2013.

Digital Library

[30]

M. Shapiro and S. Horwitz. The effects of the precision of pointer analysis. In Proc. 4th International Symposium on Static Analysis, September 1997.

Digital Library

[31]

M. Sharir and A. Pnueli. Two approaches to interprocedural dataflow analysis. In Program Flow Analysis: Theory and Applications, pages 189--233. Prentice-Hall, 1981.

[32]

O. Shivers. Control-Flow Analysis of Higher-Order Languages. PhD thesis, Carnegie Mellon University, 1991.

Digital Library

[33]

M. Sridharan, J. Dolby, S. Chandra, M. Schäfer, and F. Tip. Correlation tracking for points-to analysis of JavaScript. In Proc. 26th European Conference on Object-Oriented Programming, June 2012.

Digital Library

[34]

P. Thiemann. Towards a type system for analyzing JavaScript programs. In Proc. Programming Languages and Systems, 14th European Symposium on Programming, April 2005.

Digital Library

[35]

W3Techs. Usage of JavaScript libraries for websites, 2014. http://w3techs.com/technologies/overview/javascript_library/all.

[36]

M. N. Wegman and F. K. Zadeck. Constant propagation with conditional branches. ACM Transactions on Programming Languages and Systems, 12(2):181--210, 1991.

Digital Library

[37]

S. Wei and B. G. Ryder. Practical blended taint analysis for JavaScript. In Proc. 22nd International Symposium on Software Testing and Analysis, July 2013.

Digital Library

[38]

B. Yankov et al. TypeScript type definition for jQuery, 2014. https://github.com/borisyankov/DefinitelyTyped/blob/master/jquery/jquery.d.ts.

[39]

Y. Zheng, T. Bao, and X. Zhang. Statically locating web application bugs caused by asynchronous calls. In Proc. 20th International Conference on World Wide Web, March/April 2011.

Digital Library

Cited By

Laursen MXu WMøller A(2024)Reducing Static Analysis Unsoundness with Approximate InterpretationProceedings of the ACM on Programming Languages10.1145/36564248:PLDI(1165-1188)Online publication date: 20-Jun-2024
https://dl.acm.org/doi/10.1145/3656424
Sigalov DGamayunov D(2024)Dead or aliveJournal of Information Security and Applications10.1016/j.jisa.2024.10374682:COnline publication date: 1-May-2024
https://dl.acm.org/doi/10.1016/j.jisa.2024.103746
Roth TVasconcelos V(2023)Reusing Single-Language Analyses for Static Analysis of Multi-language ProgramsCompanion Proceedings of the 2023 ACM SIGPLAN International Conference on Systems, Programming, Languages, and Applications: Software for Humanity10.1145/3618305.3623590(16-18)Online publication date: 22-Oct-2023
https://dl.acm.org/doi/10.1145/3618305.3623590
Show More Cited By

Index Terms

Determinacy in static analysis for jQuery

Recommendations

Precise and scalable static analysis of jQuery using a regular expression domain
DLS 2016: Proceedings of the 12th Symposium on Dynamic Languages

jQuery is the most popular JavaScript library but the state-of-the-art static analyzers for JavaScript applications fail to analyze simple programs that use jQuery. In this paper, we present a novel abstract string domain whose elements are simple ...
Determinacy in static analysis for jQuery
OOPSLA '14

Static analysis for JavaScript can potentially help programmers find errors early during development. Although much progress has been made on analysis techniques, a major obstacle is the prevalence of libraries, in particular jQuery, which apply ...
Points-to analysis for JavaScript
SAC '09: Proceedings of the 2009 ACM symposium on Applied Computing

JavaScript is widely used by web developers and the complexity of JavaScript programs has increased over the last year. Therefore, the need for program analysis for JavaScript is evident. Points-to analysis for JavaScript is to determine the set of ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

OOPSLA '14: Proceedings of the 2014 ACM International Conference on Object Oriented Programming Systems Languages & Applications

October 2014

946 pages

ISBN:9781450325851

DOI:10.1145/2660193

General Chair:
Andrew Black
Portland State University, USA
,
Program Chair:
Todd Millstein
University of California, Los Angeles, USA

ACM SIGPLAN Notices Volume 49, Issue 10
OOPSLA '14
October 2014
907 pages
ISSN:0362-1340
EISSN:1558-1160
DOI:10.1145/2714064
Editor:
Andy Gill
University of Kansas, Lawrence, KS
Issue’s Table of Contents

Copyright © 2014 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Sponsors

SIGPLAN: ACM Special Interest Group on Programming Languages

In-Cooperation

SIGAda: ACM Special Interest Group on Ada Programming Language

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 15 October 2014

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

SPLASH '14

Sponsor:

SIGPLAN

SPLASH '14: Conference on Systems, Programming, and Applications: Software for Humanity

October 20 - 24, 2014

Oregon, Portland, USA

Acceptance Rates

OOPSLA '14 Paper Acceptance Rate 52 of 186 submissions, 28%;

Overall Acceptance Rate 268 of 1,244 submissions, 22%

Upcoming Conference

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

94
Total Citations
View Citations
744
Total Downloads

Downloads (Last 12 months)25
Downloads (Last 6 weeks)4

Reflects downloads up to 13 Sep 2024

Other Metrics

View Author Metrics

Citations

Cited By

Laursen MXu WMøller A(2024)Reducing Static Analysis Unsoundness with Approximate InterpretationProceedings of the ACM on Programming Languages10.1145/36564248:PLDI(1165-1188)Online publication date: 20-Jun-2024
https://dl.acm.org/doi/10.1145/3656424
Sigalov DGamayunov D(2024)Dead or aliveJournal of Information Security and Applications10.1016/j.jisa.2024.10374682:COnline publication date: 1-May-2024
https://dl.acm.org/doi/10.1016/j.jisa.2024.103746
Roth TVasconcelos V(2023)Reusing Single-Language Analyses for Static Analysis of Multi-language ProgramsCompanion Proceedings of the 2023 ACM SIGPLAN International Conference on Systems, Programming, Languages, and Applications: Software for Humanity10.1145/3618305.3623590(16-18)Online publication date: 22-Oct-2023
https://dl.acm.org/doi/10.1145/3618305.3623590
Mordahl AJust RFraser G(2023)Automatic Testing and Benchmarking for Configurable Static Analysis ToolsProceedings of the 32nd ACM SIGSOFT International Symposium on Software Testing and Analysis10.1145/3597926.3605232(1532-1536)Online publication date: 12-Jul-2023
https://dl.acm.org/doi/10.1145/3597926.3605232
Mordahl ASoles DMiao MZhang ZWei SJust RFraser G(2023)ECSTATIC: Automatic Configuration-Aware Testing and Debugging of Static Analysis ToolsProceedings of the 32nd ACM SIGSOFT International Symposium on Software Testing and Analysis10.1145/3597926.3604918(1479-1482)Online publication date: 12-Jul-2023
https://dl.acm.org/doi/10.1145/3597926.3604918
Wang WLin XWang JGao WGu DLv WWang JMeng WJensen CCremers CKirda E(2023)HODOR: Shrinking Attack Surface on Node.js via System Call LimitationProceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security10.1145/3576915.3616609(2800-2814)Online publication date: 15-Nov-2023
https://dl.acm.org/doi/10.1145/3576915.3616609
Mordahl AZhang ZSoles DWei S(2023)ECSTATIC: An Extensible Framework for Testing and Debugging Configurable Static Analysis2023 IEEE/ACM 45th International Conference on Software Engineering (ICSE)10.1109/ICSE48619.2023.00056(550-562)Online publication date: May-2023
https://doi.org/10.1109/ICSE48619.2023.00056
Liu XZiarek L(2023)PTDETECTOR: An Automated JavaScript Front-end Library Detector2023 38th IEEE/ACM International Conference on Automated Software Engineering (ASE)10.1109/ASE56229.2023.00049(649-660)Online publication date: 11-Sep-2023
https://doi.org/10.1109/ASE56229.2023.00049
Nagy CLanza MCleve A(2023)Mining, Analyzing, and Evolving Data-Intensive Software EcosystemsSoftware Ecosystems10.1007/978-3-031-36060-2_11(281-314)Online publication date: 6-Oct-2023
https://doi.org/10.1007/978-3-031-36060-2_11
Cherry BBenats PGobert MMeurice LNagy CCleve A(2022)Static Analysis of Database Accesses in MongoDB Applications2022 IEEE International Conference on Software Analysis, Evolution and Reengineering (SANER)10.1109/SANER53432.2022.00111(930-934)Online publication date: Mar-2022
https://doi.org/10.1109/SANER53432.2022.00111
Show More Cited By

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents