research-article

Precise String Analysis for JavaScript Programs Using Automata

Authors:

Nabil Almashfi,

Lunjin Lu,

Koby Picker,

Christian MaldonadoAuthors Info & Claims

ICSCA '19: Proceedings of the 2019 8th International Conference on Software and Computer Applications

Pages 159 - 166

https://doi.org/10.1145/3316615.3316662

Published: 19 February 2019 Publication History

Get Access

Abstract

Existing static analyzers for JavaScript use constant propagation domains to analyze strings. The simplicity of these domains results in a huge loss of precision when dealing with features such as dynamic property access. This paper presents a string analysis for the full JavaScript language based on abstract interpretation. The analysis uses finite state automata to track all possible strings a variable might hold during execution. We present an empirical performance and precision evaluation on some JavaScript benchmarks and show that the analysis achieves a higher level of precision especially when handling dynamic property access.

References

[1]

R. Amadini, A. Jordan, G. Gange, F. Gauthier, P. Schachte, H. Søndergaard, P. J. Stuckey, and C. Zhang. Combining string abstract domains for javascript analysis: An evaluation. In A. Legay and T. Margaria, editors, Tools and Algorithms for the Construction and Analysis of Systems, pages 41--57, Berlin, Heidelberg, 2017. Springer Berlin Heidelberg.

Digital Library

Google Scholar

[2]

C. Bartzis and T. Bultan. Widening arithmetic automata. In R. Alur and D. A. Peled, editors, Computer Aided Verification, pages 321--333, Berlin, Heidelberg, 2004. Springer Berlin Heidelberg.

Crossref

Google Scholar

[3]

T.-H. Choi, O. Lee, H. Kim, and K.-G. Doh. A practical string analyzer by the widening approach. In N. Kobayashi, editor, Programming Languages and Systems, pages 374--388, Berlin, Heidelberg, 2006. Springer Berlin Heidelberg.

Digital Library

Google Scholar

[4]

A. S. Christensen, A. Møller, and M. I. Schwartzbach. Precise analysis of string expressions. In R. Cousot, editor, Static Analysis, pages 1--18, Berlin, Heidelberg, 2003. Springer Berlin Heidelberg.

Digital Library

Google Scholar

[5]

G. Costantini, P. Ferrara, and A. Cortesi. Static analysis of string values. In S. Qin and Z. Qiu, editors, Formal Methods and Software Engineering, pages 505--521, Berlin, Heidelberg, 2011. Springer Berlin Heidelberg.

Digital Library

Google Scholar

[6]

P. Cousot and R. Cousot. Abstract interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints. In Proceedings of the 4th ACM SIGACT-SIGPLAN symposium on Principles of programming languages, pages 238--252. ACM, 1977.

Digital Library

Google Scholar

[7]

S. H. Jensen, A. Møller, and P. Thiemann. Type analysis for JavaScript. In Static Analysis, pages 238--255. Springer, 2009.

Digital Library

Google Scholar

[8]

V. Kashyap, K. Dewey, E. A. Kuefner, J.Wagner, K. Gibbons, J. Sarracino, B. Wiedermann, and B. Hardekopf. Jsai: A static analysis platform for javascript. In 22nd ACM SIGSOFT International Symposium on Foundations of Software Engineering, pages 121--132. ACM, 2014.

Digital Library

Google Scholar

[9]

H. Lee, S.Won, J. Jin, J. Cho, and S. Ryu. Safe: Formal specification and implementation of a scalable analysis framework for ecmascript. In International Workshop on Foundations of Object-Oriented Languages (FOOL), 2012.

Google Scholar

[10]

M. Madsen and E. Andreasen. String analysis for dynamic field access. In A. Cohen, editor, Compiler Construction, pages 197--217, Berlin, Heidelberg, 2014. Springer Berlin Heidelberg.

Crossref

Google Scholar

[11]

C. Park, H. Im, and S. Ryu. Precise and scalable static analysis of jquery using a regular expression domain. In Proceedings of the 12th Symposium on Dynamic Languages, DLS 2016, pages 25--36, New York, NY, USA, 2016. ACM.

Digital Library

Google Scholar

[12]

M. Sridharan, J. Dolby, S. Chandra, M. Schäfer, and F. Tip. Correlation tracking for points-to analysis of javascript. In J. Noble, editor, ECOOP 2012 -- Object-Oriented Programming, pages 435--458, Berlin, Heidelberg, 2012. Springer Berlin Heidelberg.

Digital Library

Google Scholar

[13]

F. Yu, T. Bultan, M. Cova, and O. H. Ibarra. Symbolic string verification: An automata-based approach. In K. Havelund, R. Majumdar, and J. Palsberg, editors, Model Checking Software, pages 306--324, Berlin, Heidelberg, 2008. Springer Berlin Heidelberg.

Digital Library

Google Scholar

Cited By

View all

Almashfi NLu L(2021)Static Taint Analysis for JavaScript ProgramsTools and Methods of Program Analysis10.1007/978-3-030-71472-7_13(155-167)Online publication date: 17-Mar-2021
https://doi.org/10.1007/978-3-030-71472-7_13
Almashfi NLu L(2020)Precise String Domain for Analyzing JavaScript Arrays and Objects2020 3rd International Conference on Information and Computer Technologies (ICICT)10.1109/ICICT50521.2020.00011(17-23)Online publication date: Mar-2020
https://doi.org/10.1109/ICICT50521.2020.00011

Index Terms

Precise String Analysis for JavaScript Programs Using Automata
1. Software and its engineering
  1. Software creation and management
    1. Software verification and validation
      1. Software defect analysis
        Software testing and debugging
2. Theory of computation
  1. Semantics and reasoning
    1. Program reasoning
      1. Program analysis

Recommendations

Twinning Automata and Regular Expressions for String Static Analysis
Verification, Model Checking, and Abstract Interpretation
Abstract
In this paper we formalize $T A R S I S$ , a new abstract domain based on the abstract interpretation theory that approximates string values through finite state automata. The main novelty of $T A R S I S$ is that it works over an alphabet of strings instead of ...
Precise and scalable static analysis of jQuery using a regular expression domain
DLS '16

jQuery is the most popular JavaScript library but the state-of-the-art static analyzers for JavaScript applications fail to analyze simple programs that use jQuery. In this paper, we present a novel abstract string domain whose elements are simple ...
Precise null-pointer analysis

In Java, C or C++, attempts to dereference the null value result in an exception or a segmentation fault. Hence, it is important to identify those program points where this undesired behaviour might occur or prove the other program points (and possibly ...

Comments

Information & Contributors

Information

Published In

ICSCA '19: Proceedings of the 2019 8th International Conference on Software and Computer Applications

February 2019

611 pages

ISBN:9781450365734

DOI:10.1145/3316615

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

In-Cooperation

University of New Brunswick: University of New Brunswick

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 19 February 2019

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article
Research
Refereed limited

Conference

ICSCA '19

ICSCA '19: 2019 8th International Conference on Software and Computer Applications

February 19 - 21, 2019

Penang, Malaysia

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

2
Total Citations
View Citations
113
Total Downloads

Downloads (Last 12 months)2
Downloads (Last 6 weeks)0

Reflects downloads up to 08 Mar 2025

Other Metrics

View Author Metrics

Citations

Cited By

View all

Almashfi NLu L(2021)Static Taint Analysis for JavaScript ProgramsTools and Methods of Program Analysis10.1007/978-3-030-71472-7_13(155-167)Online publication date: 17-Mar-2021
https://doi.org/10.1007/978-3-030-71472-7_13
Almashfi NLu L(2020)Precise String Domain for Analyzing JavaScript Arrays and Objects2020 3rd International Conference on Information and Computer Technologies (ICICT)10.1109/ICICT50521.2020.00011(17-23)Online publication date: Mar-2020
https://doi.org/10.1109/ICICT50521.2020.00011

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Abstract

References

Cited By

Index Terms

Recommendations

Twinning Automata and Regular Expressions for String Static Analysis

Precise and scalable static analysis of jQuery using a regular expression domain

Precise null-pointer analysis

Comments

Information

Published In

In-Cooperation

Publisher

Publication History

Permissions

Check for updates

Author Tags

Qualifiers

Conference

Contributors

Other Metrics

Bibliometrics

Article Metrics

Other Metrics

Citations

Cited By

Login options

Full Access

View options

PDF

eReader

Share

Share this Publication link

Share on social media

Affiliations