research-article

Accelerating JavaScript static analysis via dynamic shortcuts

Authors:

Joonyoung Park,

Sukyoung RyuAuthors Info & Claims

ESEC/FSE 2021: Proceedings of the 29th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering

Pages 1129 - 1140

https://doi.org/10.1145/3468264.3468556

Published: 18 August 2021 Publication History

Abstract

JavaScript has become one of the most widely used programming languages for web development, server-side programming, and even micro-controllers for IoT. However, its extremely functional and dynamic features degrade the performance and precision of static analysis. Moreover, the variety of built-in functions and host environments requires excessive manual modeling of their behaviors. To alleviate these problems, researchers have proposed various ways to leverage dynamic analysis during JavaScript static analysis. However, they do not fully utilize the high performance of dynamic analysis and often sacrifice the soundness of static analysis. In this paper, we present dynamic shortcuts, a new technique to flexibly switch between abstract and concrete execution during JavaScript static analysis in a sound way. It can significantly improve the analysis performance and precision by using highly-optimized commercial JavaScript engines and lessen the modeling efforts for opaque code. We actualize the technique via SAFE_DS, an extended combination of SAFE and Jalangi, a static analyzer and a dynamic analyzer, respectively. We evaluated SAFE_DS using 269 official tests of Lodash 4 library. Our experiment shows that SAFE_DS is 7.81x faster than the baseline static analyzer, and it improves the precision to reduce failed assertions by 12.31% on average for 22 opaque functions.

References

[1]

2020. Electron - A framework for cross-platform desktop apps with JavaScript, HTML, and CSS. https://www.electronjs.org/

[2]

2020. Espruino - An open-source JavaScript interpreter for microcontrollers. https://www.espruino.com/

[3]

2020. Lodash - A modern JavaScript library delivering modularity, performance, and extras. https://lodash.com/

[4]

2020. Moddable - Tools to create open IoT products using standard JavaScript on low cast microcontrollers. https://www.moddable.com/

[5]

2020. Node.js - A JavaScript runtime built on Chrome’s V8 JavaScript engine. https://nodejs.org/

[6]

2020. React Native - A framework for building native apps using React. https://reactnative.dev/

[7]

2020. Standard ECMA-262 6th Edition, ECMAScript 2015 Language Specification. https://262.ecma-international.org/6.0/

[8]

2020. SunSpider Javascript Benchmark. https://webkit.org/perf/sunspider/sunspider.html

[9]

2020. Zoom - A videotelephony software program developed by Zoom Video Communications. https://zoom.us/

[10]

Roberto Amadini, Alexander Jordan, Graeme Gange, François Gauthier, Peter Schachte, Harald Søndergaard, Peter J Stuckey, and Chenyi Zhang. 2017. Combining String Abstract Domains for JavaScript Analysis: An Evaluation. In Proceedings of the 23rd International Conference on Tools and Algorithms for the Construction and Analysis of Systems (TACAS). https://doi.org/10.1007/978-3-662-54577-5_3

Digital Library

[11]

SungGyeong Bae, Hyunghun Cho, Inho Lim, and Sukyoung Ryu. 2014. SAFEWAPI: Web API Misuse Detector for Web Applications. In Proceedings of the 22nd ACM SIGSOFT International Symposium on Foundations of Software Engineering (FSE). https://doi.org/10.1145/2635868.2635916

Digital Library

[12]

Cristian Cadar, Daniel Dunbar, and Dawson Engler. 2008. KLEE: Unassisted and Automatic Generation of High-Coverage Tests for Complex Systems Programs. In Proceedings of the 8th USENIX Symposium on Operating Systems Design and Implementation (OSDI). 8, 209–224. https://dl.acm.org/doi/10.5555/1855741.1855756

[13]

Patrick Cousot and Radhia Cousot. 1977. Abstract Interpretation: A Unified Lattice Model for Static Analysis of Programs by Construction or Approximation of Fixpoints. In Proceedings of the 4th ACM SIGACT-SIGPLAN Symposium on Principles of Programming languages (POPL). https://doi.org/10.1145/512950.512973

Digital Library

[14]

Patrick Cousot and Radhia Cousot. 1992. Abstract interpretation frameworks. Journal of Logic and Computation (JLC), 2, 4 (1992), 511–547. https://doi.org/10.1093/logcom/2.4.511

[15]

Patrice Godefroid, Nils Klarlund, and Koushik Sen. 2005. DART: Directed automated random testing. In Proceedings of the ACM SIGPLAN conference on Programming language design and implementation (PLDI). https://doi.org/10.1145/1065010.1065036

Digital Library

[16]

Patrice Godefroid, Michael Y Levin, and David Molnar. 2012. SAGE: Whitebox Fuzzing for Security Testing. Communications of the ACM (CACM), 55, 3 (2012), 40–44. https://doi.org/10.1145/2093548.2093564

Digital Library

[17]

Liang Gong, Michael Pradel, Manu Sridharan, and Koushik Sen. 2015. DLint: Dynamically Checking Bad Coding Practices in JavaScript. In Proceedings of the 24th International Symposium on Software Testing and Analysis (ISSTA). https://doi.org/10.1145/2771783.2771809

Digital Library

[18]

Stefan Heule, Manu Sridharan, and Satish Chandra. 2015. Mimic: Computing Models for Opaque Code. In Proceedings of the 10th Joint Meeting of the European Software Engineering Conference and the ACM SIGSOFT Symposium on the Foundations of Software Engineering (ESEC/FSE). https://doi.org/10.1145/2786805.2786875

Digital Library

[19]

Simon Holm Jensen, Anders Møller, and Peter Thiemann. 2009. Type Analysis for JavaScript. In Proceedings of the 16th International Symposium on Static Analysis (SAS). https://doi.org/10.1007/978-3-642-03237-0_17

Digital Library

[20]

Vineeth Kashyap, Kyle Dewey, Ethan A. Kuefner, John Wagner, Kevin Gibbons, John Sarracino, Ben Wiedermann, and Ben Hardekopf. 2014. JSAI: A Static Analysis Platform for JavaScript. In Proceedings of the 22nd ACM SIGSOFT International Symposium on Foundations of Software Engineering (FSE). https://doi.org/10.1145/2635868.2635904

Digital Library

[21]

Se-Won Kim, Xavier Rival, and Sukyoung Ryu. 2018. A Theoretical Foundation of Sensitivity in an Abstract Interpretation Framework. ACM Transactions on Programming Languages and Systems (TOPLAS), 40, 3 (2018), 1–44. https://doi.org/10.1145/3230624

Digital Library

[22]

James C King. 1976. Symbolic execution and program testing. Communications of the ACM (CACM), 19, 7 (1976), 385–394. https://doi.org/10.1145/360248.360252

Digital Library

[23]

Yoonseok Ko, Xavier Rival, and Sukyoung Ryu. 2017. Weakly Sensitive Analysis for Unbounded Iteration over JavaScript Objects. In Proceedings of the 15th Asian Symposium on Programming Languages and Systems (APLAS). https://doi.org/10.1007/978-3-319-71237-6_8

[24]

Yoonseok Ko, Xavier Rival, and Sukyoung Ryu. 2019. Weakly sensitive analysis for JavaScript object-manipulating programs. Software: Practice and Experience (SPE), 49, 5 (2019), 840–884. https://doi.org/10.1002/spe.2676

[25]

Hongki Lee, Sooncheol Won, Joonho Jin, Junhee Cho, and Sukyoung Ryu. 2012. SAFE: Formal Specification and Implementation of a Scalable Analysis Framework for ECMAScript. In Proceedings of 19th International Workshop on Foundations of Object-Oriented Languages (FOOL).

[26]

Magnus Madsen and Esben Andreasen. 2014. String Analysis for Dynamic Field Access. In Proceedings of the 23rd International Conference on Compiler Construction (CC). https://doi.org/10.1007/978-3-642-54807-9_12

[27]

Matthew Might and Olin Shivers. 2006. Improving Flow Analyses via Γ CFA: Abstract Garbage Collection and Counting. In Proceedings of the 11th ACM SIGPLAN International Conference on Functional Programming (ICFP). https://doi.org/10.1145/1159803.1159807

Digital Library

[28]

Benjamin Barslev Nielsen and Anders Møller. 2020. Value Partitioning: A Lightweight Approach to Relational Static Analysis for JavaScript. In Proceedings of the 34th European Conference on Object-Oriented Programming (ECOOP). https://doi.org/10.4230/LIPIcs.ECOOP.2020.16

[29]

Changhee Park, Hyeonseung Im, and Sukyoung Ryu. 2016. Precise and Scalable Static Analysis of jQuery using a Regular Expression Domain. In Proceedings of the 12th Symposium on Dynamic Languages (DLS). https://doi.org/10.1145/2989225.2989228

Digital Library

[30]

Changhee Park, Hongki Lee, and Sukyoung Ryu. 2018. Static analysis of JavaScript libraries in a scalable and precise way using loop sensitivity. Software: Practice and Experience (SPE), 48, 4 (2018), 911–944. https://doi.org/10.1002/spe.2676

[31]

Changhee Park and Sukyoung Ryu. 2015. Scalable and Precise Static Analysis of JavaScript Applications via Loop-Sensitivity. In Proceedings of the 29th European Conference on Object-Oriented Programming (ECOOP). https://doi.org/10.4230/LIPIcs.ECOOP.2015.735

[32]

Jihyeok Park. 2014. JavaScript API misuse detection by using typescript. In Proceedings of the companion publication of the 13th international conference on Modularity. https://doi.org/10.1145/2584469.2584472

Digital Library

[33]

Joonyoung Park, Alexander Jordan, and Sukyoung Ryu. 2019. Automatic Modeling of Opaque Code for JavaScript Static Analysis. In Proceedings of the 22nd International Conference on Fundamental Approaches to Software Engineering (FASE). https://doi.org/10.1007/978-3-030-16722-6_3

[34]

Joonyoung Park, Inho Lim, and Sukyoung Ryu. 2016. Battles with False Positives in Static Analysis of JavaScript Web Applications in the Wild. In Proceedings of the 38th IEEE/ACM International Conference on Software Engineering Companion (ICSE-C). https://doi.org/10.1145/2889160.2889227

Digital Library

[35]

Joonyoung Park, Jihyeok Park, Dongjun Youn, and Sukyoung Ryu. 2021. Accelerating JavaScript Static Analysis via Dynamic Shortcuts (Extended Version). arxiv:2105.13699

[36]

Jihyeok Park, Xavier Rival, and Sukyoung Ryu. 2017. Revisiting Recency Abstraction for JavaScript: Towards an Intuitive, Compositional, and Efficient Heap Abstraction. In Proceedings of the 6th ACM SIGPLAN International Workshop on State Of the Art in Program Analysis (SOAP). https://doi.org/10.1145/3088515.3088516

Digital Library

[37]

Jihyeok Park, Yeonhee Ryou, Joonyoung Park, and Sukyoung Ryu. 2017. Analysis of JavaScript Web Applications Using SAFE 2.0. In Proceedings of the 39th IEEE/ACM International Conference on Software Engineering Companion (ICSE-C). https://doi.org/10.1109/ICSE-C.2017.4

Digital Library

[38]

Joonyoung Park, Kwangwon Sun, and Sukyoung Ryu. 2018. EventHandler-Based Analysis Framework for Web Apps Using Dynamically Collected States. In Proceedings of the 21st International Conference on Fundamental Approaches to Software Engineering (FASE). https://doi.org/10.1007/978-3-319-89363-1_8

[39]

Max Schäfer, Manu Sridharan, Julian Dolby, and Frank Tip. 2013. Dynamic Determinacy Analysis. In Proceedings of the 34th annual ACM SIGPLAN conference on Programming Language Design and Implementation (PLDI). https://doi.org/10.1145/2499370.2462168

Digital Library

[40]

Koushik Sen, Swaroop Kalasapur, Tasneem Brutch, and Simon Gibbs. 2013. Jalangi: A Selective Record-Replay and Dynamic Analysis Framework for JavaScript. In Proceedings of the 10th Joint Meeting of the European Software Engineering Conference and the ACM SIGSOFT Symposium on the Foundations of Software Engineering (ESEC/FSE). https://doi.org/10.1145/2491411.2491447

Digital Library

[41]

Manu Sridharan, Julian Dolby, Satish Chandra, Max Schäfer, and Frank Tip. 2012. Correlation Tracking for Points-To Analysis of JavaScript. In Proceedings of the 26th European Conference on Object-Oriented Programming (ECOOP). https://doi.org/10.1007/978-3-642-31057-7_20

Digital Library

[42]

Benno Stein, Benjamin Barslev Nielsen, Bor-Yuh Evan Chang, and Anders Møller. 2019. Static Analysis with Demand-Driven Value Refinement. In Proceedings of the 34th ACM SIGPLAN conference on Object-Oriented Programming, Systems, Languages, and Applications (OOPSLA). https://doi.org/10.1145/3360566

Digital Library

[43]

John Toman and Dan Grossman. 2019. Concerto: A Framework for Combined Concrete and Abstract Interpretation. In Proceedings of the 46th ACM SIGPLAN Symposium on Principles of Programming Languages (POPL). https://doi.org/10.1145/3290356

Digital Library

[44]

Shiyi Wei and Barbara G Ryder. 2013. Practical Blended Taint Analysis for JavaScript. In Proceedings of the 22th International Symposium on Software Testing and Analysis (ISSTA). https://doi.org/10.1145/2483760.2483788

Digital Library

Cited By

Laursen MXu WMøller A(2024)Reducing Static Analysis Unsoundness with Approximate InterpretationProceedings of the ACM on Programming Languages10.1145/36564248:PLDI(1165-1188)Online publication date: 20-Jun-2024
https://dl.acm.org/doi/10.1145/3656424
Ferreira MMonteiro MBrito TCoimbra MSantos NJia LSantos J(2024)Efficient Static Vulnerability Analysis for JavaScript with Multiversion Dependency GraphsProceedings of the ACM on Programming Languages10.1145/36563948:PLDI(417-441)Online publication date: 20-Jun-2024
https://dl.acm.org/doi/10.1145/3656394
Cao YChen LChen ZZhong JZhang XWang L(2024)Efficient Construction of Practical Python Call Graphs with Entity Knowledge BaseInternational Journal of Software Engineering and Knowledge Engineering10.1142/S021819402450010434:07(999-1024)Online publication date: 22-May-2024
https://doi.org/10.1142/S0218194024500104
Show More Cited By

Index Terms

Accelerating JavaScript static analysis via dynamic shortcuts
1. Software and its engineering
  1. Software creation and management
    1. Software verification and validation
      1. Software defect analysis
        Software testing and debugging

Recommendations

Automatically deriving JavaScript static analyzers from specifications using Meta-level static analysis
ESEC/FSE 2022: Proceedings of the 30th ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering

JavaScript is one of the most dominant programming languages. However, despite its popularity, it is a challenging task to correctly understand the behaviors of JavaScript programs because of their highly dynamic nature. Researchers have developed ...
Combined Static and Dynamic Analysis

Static analysis is usually faster than dynamic analysis but less precise. Therefore it is often desirable to retain information from static analysis for run-time verification, or to compare the results of both techniques. However, this requires writing ...
Dynamic determinacy analysis
PLDI '13

We present an analysis for identifying determinate variables and expressions that always have the same value at a given program point. This information can be exploited by client analyses and tools to, e.g., identify dead code or specialize uses of ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

ESEC/FSE 2021: Proceedings of the 29th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering

August 2021

1690 pages

ISBN:9781450385626

DOI:10.1145/3468264

General Chairs:
Diomidis Spinellis
Athens University of Economics and Business, Greece
,
Georgios Gousios
Facebook, Netherlands / Delft University of Technology, Netherlands
,
Program Chairs:
Marsha Chechik
University of Toronto, Canada
,
Massimiliano Di Penta
University of Sannio, Italy

Copyright © 2021 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGSOFT: ACM Special Interest Group on Software Engineering

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 18 August 2021

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Badges

Author Tags

Qualifiers

Research-article

Funding Sources

National Research Foundation of Korea (NRF)

Conference

ESEC/FSE '21

Sponsor:

SIGSOFT

ESEC/FSE '21: 29th ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering

August 23 - 28, 2021

Athens, Greece

Acceptance Rates

Overall Acceptance Rate 112 of 543 submissions, 21%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

8
Total Citations
View Citations
382
Total Downloads

Downloads (Last 12 months)61
Downloads (Last 6 weeks)5

Reflects downloads up to 25 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

Laursen MXu WMøller A(2024)Reducing Static Analysis Unsoundness with Approximate InterpretationProceedings of the ACM on Programming Languages10.1145/36564248:PLDI(1165-1188)Online publication date: 20-Jun-2024
https://dl.acm.org/doi/10.1145/3656424
Ferreira MMonteiro MBrito TCoimbra MSantos NJia LSantos J(2024)Efficient Static Vulnerability Analysis for JavaScript with Multiversion Dependency GraphsProceedings of the ACM on Programming Languages10.1145/36563948:PLDI(417-441)Online publication date: 20-Jun-2024
https://dl.acm.org/doi/10.1145/3656394
Cao YChen LChen ZZhong JZhang XWang L(2024)Efficient Construction of Practical Python Call Graphs with Entity Knowledge BaseInternational Journal of Software Engineering and Knowledge Engineering10.1142/S021819402450010434:07(999-1024)Online publication date: 22-May-2024
https://doi.org/10.1142/S0218194024500104
Xiao FSu ZYang GLee W(2024)Jasmine: Scale up JavaScript Static Security Analysis with Computation-based Semantic Explanation2024 IEEE Symposium on Security and Privacy (SP)10.1109/SP54263.2024.00183(296-311)Online publication date: 19-May-2024
https://doi.org/10.1109/SP54263.2024.00183
Wang WLin XWang JGao WGu DLv WWang JMeng WJensen CCremers CKirda E(2023)HODOR: Shrinking Attack Surface on Node.js via System Call LimitationProceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security10.1145/3576915.3616609(2800-2814)Online publication date: 15-Nov-2023
https://dl.acm.org/doi/10.1145/3576915.3616609
Kang MXu YLi SGjomemo RHou JVenkatakrishnan VCao Y(2023)Scaling JavaScript Abstract Interpretation to Detect and Exploit Node.js Taint-style Vulnerability2023 IEEE Symposium on Security and Privacy (SP)10.1109/SP46215.2023.10179352(1059-1076)Online publication date: May-2023
https://doi.org/10.1109/SP46215.2023.10179352
Cassel DWong WJia L(2023)NodeMedic: End-to-End Analysis of Node.js Vulnerabilities with Provenance Graphs2023 IEEE 8th European Symposium on Security and Privacy (EuroS&P)10.1109/EuroSP57164.2023.00068(1101-1127)Online publication date: Jul-2023
https://doi.org/10.1109/EuroSP57164.2023.00068
Park JAn SRyu SRoychoudhury ACadar CKim M(2022)Automatically deriving JavaScript static analyzers from specifications using Meta-level static analysisProceedings of the 30th ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering10.1145/3540250.3549097(1022-1034)Online publication date: 7-Nov-2022
https://dl.acm.org/doi/10.1145/3540250.3549097

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Figures

Tables

Media

View Table of Conten