Skip to main content
SpringerLink
Log in
Book cover

International Conference on Tools and Methods for Program Analysis

TMPA 2017: Tools and Methods of Program Analysis pp 183–195Cite as

Statically Checking Conventionality of Array Objects in JavaScript

  • Conference paper
  • First Online:

  • 628 Accesses

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 779))

Abstract

A JavaScript array object is just like any other kind of object except that it has a property named length that is automatically updated. The array object may have other property names such as non-numeric strings and string representations of negative integers. A conventional array is an array that has a property named length and the names of all other properties are (string representation of) positive integers. This paper presents a conventionality analysis of array objects in JavaScript programs. The analysis provides useful information for program development and understanding since any non-conventional use of an array could indicate a potential programming error unless it is intended by the programmer. The analysis is built upon a novel abstract string domain that captures array index information more precisely than the existing ones. Our experiments on a set of 98 benchmark programs show that arrays are used in a conventional way in 95% of the benchmark programs.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

References

  1. http://webkit.org/perf/sunspider/sunspider.html

  2. http://v8.google.com/svn/data/benchmarks/v7/run.html

  3. https://addons.mozilla.org/en-US/firefox/

  4. http://www.emscripten.org/

  5. https://github.com/

  6. http://jsperf.com/

  7. http://eslint.org/

  8. https://developers.google.com/closure/

  9. Anderson, C., Giannini, P., Drossopoulou, S.: Towards type inference for JavaScript. In: Black, A.P. (ed.) ECOOP 2005. LNCS, vol. 3586, pp. 428–452. Springer, Heidelberg (2005). https://doi.org/10.1007/11531142_19

    Chapter  Google Scholar 

  10. Bandhakavi, S., Tiku, N., Pittman, W., King, S.T., Madhusudan, P., Winslett, M.: Vetting browser extensions for security vulnerabilities with VEX. Commun. ACM 54(9), 91–99 (2011)

    Article  Google Scholar 

  11. Chaudhuri, A.: Flow: abstract interpretation of JavaScript for type checking and beyond. In: ACM Workshop on Programming Languages and Analysis for Security, pp. 1–1. ACM (2016)

    Google Scholar 

  12. Cortesi, A., Zanioli, M.: Widening and narrowing operators for abstract interpretation. Comput. Lang. Syst. Struct. 37(1), 24–42 (2011)

    MATH  Google Scholar 

  13. Cousot, P., Cousot, R.: Abstract interpretation and application to logic programs. J. Logic Program. 13(2), 103–179 (1992)

    Article  MathSciNet  MATH  Google Scholar 

  14. Crockford, D.: JSlint: The Javascript code quality tool (2011). http://www.jslint.com, 95

  15. Guarnieri, S., Livshits, V.B.: GATEKEEPER: mostly static enforcement of security and reliability policies for JavaScript code. In: USENIX Security Symposium, pp. 151–168 (2009)

    Google Scholar 

  16. Guha, A., Krishnamurthi, S., Jim, T.: Using static analysis for ajax intrusion detection. In: 18th International Conference on World Wide Web, pp. 561–570. ACM (2009)

    Google Scholar 

  17. Heidegger, P., Thiemann, P.: Recency types for analyzing scripting languages. In: D’Hondt, T. (ed.) ECOOP 2010. LNCS, vol. 6183, pp. 200–224. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-14107-2_10

    Chapter  Google Scholar 

  18. Jensen, S.H., Møller, A., Thiemann, P.: Type analysis for JavaScript. In: Palsberg, J., Su, Z. (eds.) SAS 2009. LNCS, vol. 5673, pp. 238–255. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-03237-0_17

    Chapter  Google Scholar 

  19. Kashyap, V., Dewey, K., Kuefner, E.A., Wagner, J., Gibbons, K., Sarracino, J., Wiedermann, B., Hardekopf, B.: JSAI: a static analysis platform for Javascript. In: 22nd ACM SIGSOFT International Symposium on Foundations of Software Engineering, pp. 121–132. ACM (2014)

    Google Scholar 

  20. Kovalyov, A., Kluge, W., Perez, J.: JSHint, a JavaScript Code Quality Tool (2010)

    Google Scholar 

  21. Lee, H., Won, S., Jin, J., Cho, J., Ryu, S.: SAFE: formal specification and implementation of a scalable analysis framework for ECMAScript. In: International Workshop on Foundations of Object-Oriented Languages (FOOL) (2012)

    Google Scholar 

  22. Logozzo, F., Venter, H.: RATA: rapid atomic type analysis by abstract interpretation – application to, optimization. In: Gupta, R. (ed.) CC 2010. LNCS, vol. 6011, pp. 66–83. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-11970-5_5

    Chapter  Google Scholar 

  23. Taly, A., Mitchell, J.C., Miller, M.S., Nagra, J., et al.: Automated analysis of security-critical javascript apis. In: 2011 IEEE Symposium on Security and Privacy (SP), pp. 363–378. IEEE (2011)

    Google Scholar 

  24. Taylor, R.N., Levine, D.L., Kelly, C.D.: Structural testing of concurrent programs. IEEE Trans. Software Eng. 18(3), 206–215 (1992)

    Article  Google Scholar 

  25. Thiemann, P.: Towards a type system for analyzing JavaScript programs. In: Sagiv, M. (ed.) ESOP 2005. LNCS, vol. 3444, pp. 408–422. Springer, Heidelberg (2005). https://doi.org/10.1007/978-3-540-31987-0_28

    Chapter  Google Scholar 

  26. Younang, A., Lu, L.: Improving precision of JavaScript program analysis with an extended domain of intervals. In: 39th Annual Computer Software and Applications Conference, IEEE COMPSAC, pp. 441–446 (2015)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Oakland University, Rochester, USA

    Astrid Younang, Lunjin Lu & Nabil Almashfi

Authors
  1. Astrid Younang
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Lunjin Lu
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Nabil Almashfi
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Lunjin Lu .

Editor information

Editors and Affiliations

  1. St. Petersburg Polytechnic University, St. Petersburg, Russia

    Vladimir Itsykson

  2. University of Pennsylvania, Philadelphia, Pennsylvania, USA

    Andre Scedrov

  3. FRC CSC, Moscow, Russia

    Victor Zakharov

Rights and permissions

Reprints and permissions

Copyright information

© 2018 Springer International Publishing AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Younang, A., Lu, L., Almashfi, N. (2018). Statically Checking Conventionality of Array Objects in JavaScript. In: Itsykson, V., Scedrov, A., Zakharov, V. (eds) Tools and Methods of Program Analysis. TMPA 2017. Communications in Computer and Information Science, vol 779. Springer, Cham. https://doi.org/10.1007/978-3-319-71734-0_16

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-71734-0_16

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-71733-3

  • Online ISBN: 978-3-319-71734-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation