PLDI '03 Proceedings of the ACM SIGPLAN 2003 conference on Programming language design and implementation
Precise Call Graphs for C Programs with Function Pointers
Automated Software Engineering
ACM SIGPLAN Notices - Best of PLDI 1979-1999
JavaScript instrumentation for browser security
Proceedings of the 34th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
ACM Transactions on Programming Languages and Systems (TOPLAS)
AjaxScope: a platform for remotely monitoring the client-side behavior of web 2.0 applications
Proceedings of twenty-first ACM SIGOPS symposium on Operating systems principles
Staged information flow for javascript
Proceedings of the 2009 ACM SIGPLAN conference on Programming language design and implementation
Trace-based just-in-time type specialization for dynamic languages
Proceedings of the 2009 ACM SIGPLAN conference on Programming language design and implementation
ConScript: Specifying and Enforcing Fine-Grained Security Policies for JavaScript in the Browser
SP '10 Proceedings of the 2010 IEEE Symposium on Security and Privacy
GATEKEEPER: mostly static enforcement of security and reliability policies for javascript code
SSYM'09 Proceedings of the 18th conference on USENIX security symposium
JSMeter: comparing the behavior of JavaScript benchmarks with real web applications
WebApps'10 Proceedings of the 2010 USENIX conference on Web application development
Using datalog with binary decision diagrams for program analysis
APLAS'05 Proceedings of the Third Asian conference on Programming Languages and Systems
Towards a type system for analyzing javascript programs
ESOP'05 Proceedings of the 14th European conference on Programming Languages and Systems
Towards type inference for javascript
ECOOP'05 Proceedings of the 19th European conference on Object-Oriented Programming
RATA: rapid atomic type analysis by abstract interpretation – application to javascript optimization
CC'10/ETAPS'10 Proceedings of the 19th joint European conference on Theory and Practice of Software, international conference on Compiler Construction
Dynamic updates for web and cloud applications
APLWACA '10 Proceedings of the 2010 Workshop on Analysis and Programming Languages for Web Applications and Cloud Applications
AjaxScope: A Platform for Remotely Monitoring the Client-Side Behavior of Web 2.0 Applications
ACM Transactions on the Web (TWEB)
Modeling the HTML DOM and browser API in static analysis of JavaScript web applications
Proceedings of the 19th ACM SIGSOFT symposium and the 13th European conference on Foundations of software engineering
Remedying the eval that men do
Proceedings of the 2012 International Symposium on Software Testing and Analysis
Correlation tracking for points-to analysis of javascript
ECOOP'12 Proceedings of the 26th European conference on Object-Oriented Programming
Efficient construction of approximate call graphs for JavaScript IDE services
Proceedings of the 2013 International Conference on Software Engineering
Practical static analysis of JavaScript applications in the presence of frameworks and libraries
Proceedings of the 2013 9th Joint Meeting on Foundations of Software Engineering
Scalable and incremental software bug detection
Proceedings of the 2013 9th Joint Meeting on Foundations of Software Engineering
| Hi-index | 0.00 |
The advent of Web 2.0 has led to the proliferation of client-side code that is typically written in JavaScript. Recently, there has been an upsurge of interest in static analysis of client-side JavaScript for applications such as bug finding and optimization. However, most approaches in static analysis literature assume that the entire program is available to analysis. This, however, is in direct contradiction with the nature of Web 2.0 programs that are essentially being streamed at the user's browser. Users can see data being streamed to pages in the form of page updates, but the same thing can be done with code, essentially delaying the downloading of code until it is needed. In essence, the entire program is never completely available. Interacting with the application causes more code to be sent to the browser. This paper explores staged static analysis as a way to analyze streaming JavaScript programs. We observe while there is variance in terms of the code that gets sent to the client, much of the code of a typical JavaScript application can be determined statically. As a result, we advocate the use of combined offline-online static analysis as a way to accomplish fast, browser-based client-side online analysis at the expense of a more thorough and costly server-based offline analysis on the static code. We find that in normal use, where updates to the code are small, we can update static analysis results quickly enough in the browser to be acceptable for everyday use. We demonstrate the staged analysis approach to be advantageous especially in mobile devices, by experimenting on popular applications such as Facebook.