Modeling the HTML DOM and Browser API in Static Analysis of JavaScript Web Applications

Simon Holm Jensen, Magnus Madsen, Anders Møller

    Research output: Contribution to book/anthology/report/proceedingArticle in proceedingsResearchpeer-review

    84 Citations (Scopus)

    Abstract


    Developers of JavaScript web applications have little tool support for catching errors early in development. In comparison, an abundance of tools exist for statically typed languages, including sophisticated integrated development environments and specialized static analyses. Transferring such technologies to the domain of JavaScript web applications is challenging. In this paper, we discuss the challenges, which include the dynamic aspects of JavaScript and the complex interactions between JavaScript, HTML, and the browser. From this, we present the first static analysis that is capable of reasoning about the flow of control and data in modern JavaScript applications that interact with the HTML DOM and browser API.

    One application of such a static analysis is to detect type-related and dataflow-related programming errors. We report on experiments with a range of modern web applications, including Chrome Experiments and IE Test Drive applications, to measure the precision and performance of the technique. The experiments indicate that the analysis is able to show absence of errors related to missing object properties and to identify dead and unreachable code. By measuring the precision of the types inferred for object properties, the analysis is precise enough to show that most expressions have unique types. By also producing precise call graphs, the analysis additionally shows that most invocations in the programs are monomorphic. We furthermore study the usefulness of the analysis to detect spelling errors in the code. Despite the encouraging results, not all problems are solved and some of the experiments indicate a potential for improvement, which allows us to identify central remaining challenges and outline directions for future work.
    Original languageEnglish
    Title of host publicationProceedings of the 19th ACM SIGSOFT Symposium and the 13th European Conference on Foundations of Software Engineering. ESEC/FSE '11
    Number of pages11
    PublisherAssociation for Computing Machinery
    Publication date2011
    Pages59-69
    ISBN (Print)978-1-4503-0443-6
    DOIs
    Publication statusPublished - 2011
    EventJoint 19th ACM SIGSOFT symposium and 13th European conference on Foundations of software - Szeged, Hungary
    Duration: 5 Sept 20119 Sept 2011

    Conference

    ConferenceJoint 19th ACM SIGSOFT symposium and 13th European conference on Foundations of software
    Country/TerritoryHungary
    CitySzeged
    Period05/09/201109/09/2011

    Fingerprint

    Dive into the research topics of 'Modeling the HTML DOM and Browser API in Static Analysis of JavaScript Web Applications'. Together they form a unique fingerprint.

    Cite this