String Analysis for Dynamic Field Access

In JavaScript, and scripting languages in general, dynamic field access is a commonly used feature. Unfortunately, current static analysis tools either completely ignore dynamic field access or use overly conservative approximations that lead to poor precision and scalability.

[1]  Frank Tip,et al.  Correlation Tracking for Points-To Analysis of JavaScript , 2012, ECOOP.

[2]  Sorin Lerner,et al.  Staged information flow for javascript , 2009, PLDI '09.

[3]  Lars Ole Andersen,et al.  Program Analysis and Specialization for the C Programming Language , 2005 .

[4]  Aske Simon Christensen,et al.  Precise Analysis of String Expressions , 2003, SAS.

[5]  水野 貴明,et al.  JavaScript : the good parts : 「良いパーツ」によるベストプラクティス , 2008 .

[6]  Brian Campbell,et al.  Amortised Memory Analysis Using the Depth of Data Structures , 2009, ESOP.

[7]  Jan Vitek,et al.  An analysis of the dynamic behavior of JavaScript programs , 2010, PLDI '10.

[8]  Xiangyu Zhang,et al.  Z3-str: a z3-based string solver for web application analysis , 2013, ESEC/FSE 2013.

[9]  Marco Pistoia,et al.  Saving the world wide web from vulnerable JavaScript , 2011, ISSTA '11.

[10]  Ajitha Rajan,et al.  Requirements Coverage as an Adequacy Measure for Conformance Testing , 2008, ICFEM.

[11]  James Noble ECOOP 2012 – Object-Oriented Programming , 2012, Lecture Notes in Computer Science.

[12]  Magnus Madsen,et al.  Modeling the HTML DOM and browser API in static analysis of JavaScript web applications , 2011, ESEC/FSE '11.

[13]  Peter Thiemann,et al.  Type Analysis for JavaScript , 2009, SAS.

[14]  Agostino Cortesi,et al.  Static Analysis of String Values , 2011, ICFEM.

[15]  Mayur Naik,et al.  A dynamic evaluation of the precision of static heap abstractions , 2010, OOPSLA.

[16]  Simon Holm Jensen,et al.  Remedying the eval that men do , 2012, ISSTA 2012.

[17]  Benjamin Livshits,et al.  GATEKEEPER: Mostly Static Enforcement of Security and Reliability Policies for JavaScript Code , 2009, USENIX Security Symposium.

[18]  Michael D. Ernst,et al.  HAMPI: a solver for string constraints , 2009, ISSTA.

[19]  Ankur Taly,et al.  An Operational Semantics for JavaScript , 2008, APLAS.