Towards a program logic for JavaScript

JavaScript has become the most widely used language for client-side web programming. The dynamic nature of JavaScript makes understanding its code notoriously difficult, leading to buggy programs and a lack of adequate static-analysis tools. We believe that logical reasoning has much to offer JavaScript: a simple description of program behaviour, a clear understanding of module boundaries, and the ability to verify security contracts. We introduce a program logic for reasoning about a broad subset of JavaScript, including challenging features such as prototype inheritance and "with". We adapt ideas from separation logic to provide tractable reasoning about JavaScript code: reasoning about easy programs is easy; reasoning about hard programs is possible. We prove a strong soundness result. All libraries written in our subset and proved correct with respect to their specifications will be well-behaved, even when called by arbitrary JavaScript code.

[1]  Ankur Taly,et al.  Language-Based Isolation of Untrusted JavaScript , 2009, 2009 22nd IEEE Computer Security Foundations Symposium.

[2]  Peter Thiemann Towards a Type System for Analyzing JavaScript Programs , 2005, ESOP.

[3]  Sukyoung Ryu,et al.  An Empirical Study on the Rewritability of the with Statement in JavaScript , 2011 .

[4]  Lars Birkedal,et al.  The impact of higher-order state and control effects on local relational reasoning , 2012, J. Funct. Program..

[5]  Matthew J. Parkinson,et al.  Local reasoning for Java , 2005 .

[6]  Peter W. O'Hearn,et al.  A Semantic Basis for Local Reasoning , 2002, FoSSaCS.

[7]  Viktor Vafeiadis,et al.  A Marriage of Rely/Guarantee and Separation Logic , 2007, CONCUR.

[8]  Peter Thiemann A Type Safe DOM API , 2005, DBPL.

[9]  Gareth Smith,et al.  Local reasoning about Web programs , 2011 .

[10]  Sophia Drossopoulou,et al.  Towards Type Inference for JavaScript , 2005, ECOOP.

[11]  MaffeisSergio,et al.  Towards a program logic for JavaScript , 2012 .

[12]  Cormac Flanagan,et al.  Status report: specifying javascript with ML , 2007, ML '07.

[13]  Peter W. O'Hearn,et al.  Scalable Shape Analysis for Systems Code , 2008, CAV.

[14]  Úlfar Erlingsson,et al.  Automated Analysis of Security-Critical JavaScript APIs , 2011, 2011 IEEE Symposium on Security and Privacy.

[15]  Samin Ishtiaq,et al.  SLAyer: Memory Safety for Systems-Level Code , 2011, CAV.

[16]  Jan Vitek,et al.  The Eval That Men Do - A Large-Scale Study of the Use of Eval in JavaScript Applications , 2011, ECOOP.

[17]  Hongseok Yang,et al.  Nested Hoare Triples and Frame Rules for Higher-Order Store , 2009, CSL.

[18]  Matthew J. Parkinson,et al.  jStar: towards practical verification for java , 2008, OOPSLA.

[19]  Nathaniel Charlton Hoare Logic for Higher Order Store Using Simple Semantics , 2011, WoLLIC.

[20]  Peter W. O'Hearn,et al.  Resources, Concurrency, and Local Reasoning (Abstract) , 2004, ESOP.

[21]  Gavin M. Bierman,et al.  Separation logic, abstraction and inheritance , 2008, POPL '08.

[22]  Hongseok Yang,et al.  Relational Parametricity and Separation Logic , 2007, FoSSaCS.

[23]  Andrew M. Pitts,et al.  MJ: An imperative core calculus for Java and Java with effects , 2003 .

[24]  Viktor Vafeiadis Concurrent Separation Logic and Operational Semantics , 2011, MFPS.

[25]  Ankur Taly,et al.  An Operational Semantics for JavaScript , 2008, APLAS.

[26]  Peter W. O'Hearn,et al.  Smallfoot: Modular Automatic Assertion Checking with Separation Logic , 2005, FMCO.

[27]  Jan Vitek,et al.  An analysis of the dynamic behavior of JavaScript programs , 2010, PLDI '10.

[28]  Shriram Krishnamurthi,et al.  The Essence of JavaScript , 2010, ECOOP.

[29]  Xinyu Feng,et al.  Deny-Guarantee Reasoning , 2009, ESOP.

[30]  Peter W. O'Hearn,et al.  Local Reasoning about Programs that Alter Data Structures , 2001, CSL.

[31]  Viktor Vafeiadis,et al.  Concurrent Abstract Predicates , 2010, ECOOP.

[32]  Ankur Taly,et al.  Isolating JavaScript with Filters, Rewriting, and Wrappers , 2009, ESORICS.

[33]  Ankur Taly,et al.  Object Capabilities and Isolation of Untrusted Web Applications , 2010, 2010 IEEE Symposium on Security and Privacy.

[34]  Peter W. O'Hearn,et al.  Resources, concurrency, and local reasoning , 2007 .

[35]  Ajay Chander,et al.  JavaScript instrumentation for browser security , 2007, POPL '07.