Type refinement for static analysis of JavaScript

Authors:
Vineeth Kashyap;John Sarracino;John Wagner;Ben Wiedermann;Ben Hardekopf
Affiliations:
University of California Santa Barbara, Santa Barbara, California, USA;Harvey Mudd College, Claremont, California, USA;University of California Santa Barbara, Santa Barbara, California, USA;Harvey Mudd College, Claremont, California, USA;University of California Santa Barbara, Santa Barbara, California, USA
Venue:
Proceedings of the 9th symposium on Dynamic languages
Year:
2013

Citing 24
Cited 0

Refinement types for ML

PLDI '91 Proceedings of the ACM SIGPLAN 1991 conference on Programming language design and implementation
A unified approach to global program optimization

POPL '73 Proceedings of the 1st annual ACM SIGACT-SIGPLAN symposium on Principles of programming languages
Abstract interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints

POPL '77 Proceedings of the 4th ACM SIGACT-SIGPLAN symposium on Principles of programming languages
The design and implementation of typed scheme

Proceedings of the 35th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Using static analysis for Ajax intrusion detection

Proceedings of the 18th international conference on World wide web
Static type inference for Ruby

Proceedings of the 2009 ACM symposium on Applied Computing
Points-to analysis for JavaScript

Proceedings of the 2009 ACM symposium on Applied Computing
Type Analysis for JavaScript

SAS '09 Proceedings of the 16th International Symposium on Static Analysis
Fast type reconstruction for dynamically typed programming languages

DLS '09 Proceedings of the 5th symposium on Dynamic languages
GATEKEEPER: mostly static enforcement of security and reliability policies for javascript code

SSYM'09 Proceedings of the 18th conference on USENIX security symposium
Logical types for untyped languages

Proceedings of the 15th ACM SIGPLAN international conference on Functional programming
Alias analysis for optimization of dynamic languages

Proceedings of the 6th symposium on Dynamic languages
Recency types for analyzing scripting languages

ECOOP'10 Proceedings of the 24th European conference on Object-oriented programming
Dynamic inference of static types for ruby

Proceedings of the 38th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Typing local control and state using flow analysis

ESOP'11/ETAPS'11 Proceedings of the 20th European conference on Programming languages and systems: part of the joint European conferences on theory and practice of software
Saving the world wide web from vulnerable JavaScript

Proceedings of the 2011 International Symposium on Software Testing and Analysis
Polymorphic type inference for scripting languages with object extensions

Proceedings of the 7th symposium on Dynamic languages
Tool-supported refactoring for JavaScript

Proceedings of the 2011 ACM international conference on Object oriented programming systems languages and applications
Recency-Abstraction for heap-allocated storage

SAS'06 Proceedings of the 13th international conference on Static Analysis
Nested refinements: a logic for duck typing

POPL '12 Proceedings of the 39th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Towards type inference for javascript

ECOOP'05 Proceedings of the 19th European conference on Object-Oriented Programming
RATA: rapid atomic type analysis by abstract interpretation – application to javascript optimization

CC'10/ETAPS'10 Proceedings of the 19th joint European conference on Theory and Practice of Software, international conference on Compiler Construction
Fast and precise hybrid type inference for JavaScript

Proceedings of the 33rd ACM SIGPLAN conference on Programming Language Design and Implementation
Correlation tracking for points-to analysis of javascript

ECOOP'12 Proceedings of the 26th European conference on Object-Oriented Programming

Quantified Score

Hi-index	0.00

Visualization

Abstract

Static analysis of JavaScript has proven useful for a variety of purposes, including optimization, error checking, security auditing, program refactoring, and more. We propose a technique called type refinement that can improve the precision of such static analyses for JavaScript without any discernible performance impact. Refinement is a known technique that uses the conditions in branch guards to refine the analysis information propagated along each branch path. The key insight of this paper is to recognize that JavaScript semantics include many implicit conditional checks on types, and that performing type refinement on these implicit checks provides significant benefit for analysis precision. To demonstrate the effectiveness of type refinement, we implement a static analysis tool for reporting potential type-errors in JavaScript programs. We provide an extensive empirical evaluation of type refinement using a benchmark suite containing a variety of JavaScript application domains, ranging from the standard performance benchmark suites (Sunspider and Octane), to open-source JavaScript applications, to machine-generated JavaScript via Emscripten. We show that type refinement can significantly improve analysis precision by up to 86% without affecting the performance of the analysis.