Scalable and Precise Static Analysis of JavaScript Applications via Loop-Sensitivity

The numbers and sizes of JavaScript applications are ever growing but static analysis techniques for analyzing large-scale JavaScript applications are not yet ready in a scalable and precise manner. Even when building complex software like compilers and operating systems in JavaScript, developers do not get much benefits from existing static analyzers, which suffer from mutually intermingled problems of scalability and imprecision. In this paper, we present Loop-Sensitive Analysis (LSA) that improves the analysis scalability by enhancing the analysis precision in loops. LSA distinguishes loop iterations as many as needed by automatically choosing loop unrolling numbers during analysis. We formalize LSA in the abstract interpretation framework and prove its soundness and precision theorems using Coq. We evaluate our implementation of LSA using the analysis results of main web pages in the 5 most popular websites and those of the programs that use top 5 JavaScript libraries, and show that it outperforms the state-of-the-art JavaScript static analyzers in terms of analysis scalability. Our mechanization and implementation of LSA are both publicly available.

[1]  Frank Tip,et al.  Correlation Tracking for Points-To Analysis of JavaScript , 2012, ECOOP.

[2]  Patrick Cousot,et al.  Abstract interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints , 1977, POPL.

[3]  Patrick Cousot,et al.  Semantic foundations of program analysis , 1981 .

[4]  Frank Tip,et al.  Dynamic determinacy analysis , 2013, PLDI.

[5]  Esben Andreasen,et al.  Determinacy in static analysis for jQuery , 2014, OOPSLA 2014.

[6]  Xavier Rival,et al.  The trace partitioning abstract domain , 2007, TOPL.

[7]  A. Tarski A LATTICE-THEORETICAL FIXPOINT THEOREM AND ITS APPLICATIONS , 1955 .

[8]  Hongseok Yang,et al.  A Correspondence between Two Approaches to Interprocedural Analysis in the Presence of Join , 2014, ESOP.

[9]  Thomas H. Austin,et al.  Efficient purely-dynamic information flow analysis , 2009, PLAS '09.

[10]  Sukyoung Ryu,et al.  SAFEWAPI: web API misuse detector for web applications , 2014, SIGSOFT FSE.

[11]  Sukyoung Ryu,et al.  SAFE: Formal Specification and Implementation of a Scalable Analysis Framework for ECMAScript , 2012 .

[12]  Patrick Cousot,et al.  Systematic design of program analysis frameworks , 1979, POPL.

[13]  Sukyoung Ryu,et al.  JavaScript module system: exploring the design space , 2014, MODULARITY.

[14]  Ben Hardekopf,et al.  JSAI: a static analysis platform for JavaScript , 2014, SIGSOFT FSE.

[15]  Maria Handjieva,et al.  Refining Static Analyses by Trace-Based Partitioning Using Control Flow , 1998, SAS.

[16]  Ondrej Lhoták,et al.  Scaling Java Points-to Analysis Using SPARK , 2003, CC.

[17]  Ondrej Lhoták,et al.  Pick your contexts well: understanding object-sensitivity , 2011, POPL '11.