skip to main content
10.1145/2989225.2989228acmconferencesArticle/Chapter ViewAbstractPublication PagessplashConference Proceedingsconference-collections
research-article

Precise and scalable static analysis of jQuery using a regular expression domain

Published: 01 November 2016 Publication History

Abstract

jQuery is the most popular JavaScript library but the state-of-the-art static analyzers for JavaScript applications fail to analyze simple programs that use jQuery. In this paper, we present a novel abstract string domain whose elements are simple regular expressions that can represent prefix, infix, and postfix substrings of a string and even their sets. We formalize the new domain in the abstract interpretation framework with abstract models of strings and objects commonly used in the existing JavaScript analyzers. For practical use of the domain, we present polynomial-time inclusion decision rules between the regular expressions and prove that the rules exactly capture the actual inclusion relation. We have implemented the domain as an extension of the open-source JavaScript analyzer, SAFE, and we show that the extension significantly improves the scalability and precision of the baseline analyzer in analyzing programs that use jQuery.

References

[1]
ECMAScript Language Specification. Edition 5.1, 2011.
[2]
P. A. Abdulla, A. Bouajjani, and B. Jonsson. On-the-fly analysis of systems with unbounded, lossy fifo channels. In Proceedings of the 10th International Conference on Computer Aided Verification. Springer Berlin Heidelberg, 1998.
[3]
E. Andreasen and A. Møller. Determinacy in static analysis for jQuery. In Proceedings of the International Conference on Object Oriented Programming Systems Languages and Applications, 2014.
[4]
T.-H. Choi, O. Lee, H. Kim, and K.-G. Doh. A practical string analyzer by the widening approach. In Proceedings of the Asian Symposium on Programming Languages and Systems, 2006.
[5]
A. S. Christensen, A. Møller, and M. I. Schwartzbach. Precise analysis of string expressions. In Proceedings of the International Symposium on Static Analysis, 2003.
[6]
P. Cousot and R. Cousot. Abstract interpretation: A unified lattice model for static analysis of programs by construction or approximation of fixpoints. In Proceedings of the Symposium on Principles of Programming Languages, 1977.
[7]
H. Hosoya, J. Vouillon, and B. C. Pierce. Regular expression types for XML. ACM Transactions on Programming Languages and Systems, 27(1):46–90, 2005.
[8]
D. Hovland. The inclusion problem for regular expressions. Journal of Computer and System Sciences, 78(6), 2012.
[9]
S. H. Jensen, A. Møller, and P. Thiemann. Type analysis for JavaScript. In Proceedings of the International Symposium on Static Analysis. Springer-Verlag, 2009.
[10]
S. H. Jensen, M. Madsen, and A. Møller. Modeling the HTML DOM and browser API in static analysis of JavaScript web applications. In Proceedings of the International Symposium on Foundations of Software Engineering. ACM, 2011.
[11]
jQuery Foundation. jQuery. http://jquery.com.
[12]
KAIST PLRG. http://plrg.kaist.ac.kr/pch.
[13]
V. Kashyap, K. Dewey, E. A. Kuefner, J. Wagner, K. Gibbons, J. Sarracino, B. Wiedermann, and B. Hardekopf. JSAI: A static analysis platform for JavaScript. In Proceedings of the International Symposium on Foundations of Software Engineering, 2014.
[14]
H. Lee, S. Won, J. Jin, J. Cho, and S. Ryu. SAFE: Formal specification and implementation of a scalable analysis framework for ECMAScript. In Workshop on Foundations of Object Oriented Languages, 2012.
[15]
B. S. Lerner, L. Elberty, J. Li, and S. Krishnamurthi. Combining form and function: Static types for jQuery programs. In Proceedings of the European Conference on Object-Oriented Programming, 2013.
[16]
M. Madsen and E. Andreasen. String analysis for dynamic field access. In Proceedings of the International Conference on Compiler Construction, 2014.
[17]
W. Martens, F. Neven, and T. Schwentick. Complexity of decision problems for simple regular expressions. In Proceedings of the International Symposium on Mathematical Foundations of Computer Science, 2004.
[18]
T. Milo and D. Suciu. Index structures for path expressions. In Proceedings of the International Conference on Database Theory, 1999.
[19]
C. Park and S. Ryu. Scalable and precise static analysis of JavaScript applications via loop-sensitivity. In Proceedings of the European Conference on Object-Oriented Programming, 2015.
[20]
C. Park, S. Won, J. Jin, and S. Ryu. Static analysis of JavaScript web applications in the wild via practical DOM. In Proceedings of the International Conference on Automated Software Engineering, 2015.
[21]
J. G. Politz, A. Guha, and S. Krishnamurthi. Semantics and types for objects with first-class member names. In Workshop on Foundations of Object Oriented Languages, 2012.
[22]
M. Schäfer, M. Sridharan, J. Dolby, and F. Tip. Dynamic determinacy analysis. In Proceedings of the Conference on Programming Language Design and Implementation, 2013.
[23]
M. Sridharan, J. Dolby, S. Chandra, M. Schäfer, and F. Tip. Correlation tracking for points-to analysis of JavaScript. In Proceedings of the European Conference on Object-Oriented Programming, 2012.
[24]
L. J. Stockmeyer and A. R. Meyer. Word problems requiring exponential time(preliminary report). In Proceedings of the Annual ACM Symposium on Theory of Computing, 1973.

Cited By

View all
  • (2024) Tarsis : An effective automata‐based abstract domain for string analysis Journal of Software: Evolution and Process10.1002/smr.2647Online publication date: 14-Feb-2024
  • (2023)Lifting String Analysis DomainsChallenges of Software Verification10.1007/978-981-19-9601-6_7(109-143)Online publication date: 22-Jul-2023
  • (2022)Automatically deriving JavaScript static analyzers from specifications using Meta-level static analysisProceedings of the 30th ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering10.1145/3540250.3549097(1022-1034)Online publication date: 7-Nov-2022
  • Show More Cited By

Index Terms

  1. Precise and scalable static analysis of jQuery using a regular expression domain

    Recommendations

    Comments

    Information & Contributors

    Information

    Published In

    cover image ACM Conferences
    DLS 2016: Proceedings of the 12th Symposium on Dynamic Languages
    November 2016
    131 pages
    ISBN:9781450344456
    DOI:10.1145/2989225
    Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

    Sponsors

    In-Cooperation

    Publisher

    Association for Computing Machinery

    New York, NY, United States

    Publication History

    Published: 01 November 2016

    Permissions

    Request permissions for this article.

    Check for updates

    Author Tags

    1. JavaScript
    2. regular expressions
    3. static analysis

    Qualifiers

    • Research-article

    Funding Sources

    Conference

    SPLASH '16
    Sponsor:

    Acceptance Rates

    Overall Acceptance Rate 32 of 77 submissions, 42%

    Upcoming Conference

    Contributors

    Other Metrics

    Bibliometrics & Citations

    Bibliometrics

    Article Metrics

    • Downloads (Last 12 months)12
    • Downloads (Last 6 weeks)1
    Reflects downloads up to 15 Feb 2025

    Other Metrics

    Citations

    Cited By

    View all
    • (2024) Tarsis : An effective automata‐based abstract domain for string analysis Journal of Software: Evolution and Process10.1002/smr.2647Online publication date: 14-Feb-2024
    • (2023)Lifting String Analysis DomainsChallenges of Software Verification10.1007/978-981-19-9601-6_7(109-143)Online publication date: 22-Jul-2023
    • (2022)Automatically deriving JavaScript static analyzers from specifications using Meta-level static analysisProceedings of the 30th ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering10.1145/3540250.3549097(1022-1034)Online publication date: 7-Nov-2022
    • (2022)String Abstract Domains and Their CombinationLogic-Based Program Synthesis and Transformation10.1007/978-3-030-98869-2_1(1-15)Online publication date: 13-Mar-2022
    • (2022)Relational String Abstract DomainsVerification, Model Checking, and Abstract Interpretation10.1007/978-3-030-94583-1_2(20-42)Online publication date: 14-Jan-2022
    • (2021)A Survey on String Constraint SolvingACM Computing Surveys10.1145/348419855:1(1-38)Online publication date: 23-Nov-2021
    • (2021)Accelerating JavaScript static analysis via dynamic shortcutsProceedings of the 29th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering10.1145/3468264.3468556(1129-1140)Online publication date: 20-Aug-2021
    • (2021)Completeness of string analysis for dynamic languagesInformation and Computation10.1016/j.ic.2021.104791281:COnline publication date: 1-Dec-2021
    • (2021)Twinning Automata and Regular Expressions for String Static AnalysisVerification, Model Checking, and Abstract Interpretation10.1007/978-3-030-67067-2_13(267-290)Online publication date: 17-Jan-2021
    • (2020)Abstracting Strings for Model Checking of C ProgramsApplied Sciences10.3390/app1021785310:21(7853)Online publication date: 5-Nov-2020
    • Show More Cited By

    View Options

    Login options

    View options

    PDF

    View or Download as a PDF file.

    PDF

    eReader

    View online with eReader.

    eReader

    Figures

    Tables

    Media

    Share

    Share

    Share this Publication link

    Share on social media