Abstract
A range of static analysis tools and techniques have been developed
in recent years with the aim of helping JavaScript
web application programmers produce code that is more robust,
safe, and efficient. However, as shown in a previous
large-scale study, many web applications use the JavaScript
eval function to dynamically construct code from text strings
in ways that obstruct existing static analyses. As a consequence,
the analyses either fail to reason about the web
applications or produce unsound or useless results.
We present an approach to soundly and automatically
transform many common uses of eval into other language
constructs to enable sound static analysis of web applications.
By eliminating calls to eval, we expand the applicability
of static analysis for JavaScript web applications in
general.
The transformation we propose works by incorporating a
refactoring technique into a dataflow analyzer. We report
on our experimental results with a small collection of programming
patterns extracted from popular web sites. Although
there are inevitably cases where the transformation
must give up, our technique succeeds in eliminating many
nontrivial occurrences of eval.
in recent years with the aim of helping JavaScript
web application programmers produce code that is more robust,
safe, and efficient. However, as shown in a previous
large-scale study, many web applications use the JavaScript
eval function to dynamically construct code from text strings
in ways that obstruct existing static analyses. As a consequence,
the analyses either fail to reason about the web
applications or produce unsound or useless results.
We present an approach to soundly and automatically
transform many common uses of eval into other language
constructs to enable sound static analysis of web applications.
By eliminating calls to eval, we expand the applicability
of static analysis for JavaScript web applications in
general.
The transformation we propose works by incorporating a
refactoring technique into a dataflow analyzer. We report
on our experimental results with a small collection of programming
patterns extracted from popular web sites. Although
there are inevitably cases where the transformation
must give up, our technique succeeds in eliminating many
nontrivial occurrences of eval.
Original language | English |
---|---|
Title of host publication | 2012 International Symposium on Software Testing and Analysis (ISSTA) : Proceedings |
Editors | Mats Heimdahl, Zhendong Su |
Number of pages | 11 |
Publisher | Association for Computing Machinery |
Publication date | 2012 |
Pages | 34-44 |
ISBN (Print) | 978-1-4503-1454-1 |
DOIs | |
Publication status | Published - 2012 |
Event | International Symposium on Software Testing and Analysis - Minneapolis, United States Duration: 15 Jul 2012 → 20 Jul 2012 |
Conference
Conference | International Symposium on Software Testing and Analysis |
---|---|
Country/Territory | United States |
City | Minneapolis |
Period | 15/07/2012 → 20/07/2012 |
Keywords
- JavaScript
- Refactoring
- Static analysis