Practical static analysis of JavaScript applications in the presence of frameworks and libraries

Research output: Contribution to book/anthology/report/proceedingArticle in proceedingsResearchpeer-review

  • Magnus Madsen
  • Benjamin Livshits, Microsoft Research, United States
  • Michael Fanning, Microsoft, United States
JavaScript is a language that is widely-used for both web-based and standalone applications such as those in the Windows 8 operating system. Analysis of JavaScript has long been known to be challenging due to the language's dynamic nature. On top of that, most JavaScript applications rely on large and complex libraries and frameworks, often written in a combination of JavaScript and native code such as C and C++. Stubs have been commonly employed as a partial specification mechanism to address the library problem; alas, they are tedious and error-prone. However, the manner in which library code is used within applications often sheds light on what library APIs return or pass into callbacks declared within the application. In this paper, we propose a technique which combines pointer analysis with a novel use analysis to handle many challenges posed by large JavaScript libraries. Our techniques have been implemented and empirically validated on a set of 25 Windows 8 JavaScript applications, averaging 1, 587 lines of code, together with about 30, 000 lines of library code, demonstrating a combination of scalability and precision.
Original languageEnglish
Title of host publicationProceedings of the 2013 9th Joint Meeting on Foundations of Software Engineering , ESEC/FSE 2013
EditorsBertrand Meyer, Luciano Baresi, Mira Mezini
Number of pages11
PublisherAssociation for Computing Machinery
Publication year1 Jan 2013
Pages499-509
ISBN (print)9781450322379
DOIs
Publication statusPublished - 1 Jan 2013
Event9th Joint Meeting of the European Software Engineering Conference and the ACM SIGSOFT Symposium on the Foundations of Software Engineering (ESEC/FSE) -
Duration: 18 Aug 201326 Aug 2013

Conference

Conference9th Joint Meeting of the European Software Engineering Conference and the ACM SIGSOFT Symposium on the Foundations of Software Engineering (ESEC/FSE)
Periode18/08/201326/08/2013

See relations at Aarhus University Citationformats

ID: 166877123