Automatic Modeling of Opaque Code for JavaScript Static Analysis

Static program analysis often encounters problems in analyzing library code. Most real-world programs use library functions intensively, and library functions are usually written in different languages. For example, static analysis of JavaScript programs requires analysis of the standard built-in library implemented in host environments. A common approach to analyze such opaque code is for analysis developers to build models that provide the semantics of the code. Models can be built either manually, which is time consuming and error prone, or automatically, which may limit application to different languages or analyzers. In this paper, we present a novel mechanism to support automatic modeling of opaque code, which is applicable to various languages and analyzers. For a given static analysis, our approach automatically computes analysis results of opaque code via dynamic testing during static analysis. By using testing techniques, the mechanism does not guarantee sound over-approximation of program behaviors in general. However, it is fully automatic, is scalable in terms of the size of opaque code, and provides more precise results than conventional over-approximation approaches. Our evaluation shows that although not all functionalities in opaque code can (or should) be modeled automatically using our technique, a large number of JavaScript built-in functions are approximated soundly yet more precisely than existing manual models.

[1]  Rex Black,et al.  Pragmatic Software Testing: Becoming an Effective and Efficient Test Professional , 2007 .

[2]  Guoqing Xu,et al.  Improving efficiency of dynamic analysis with dynamic dependence summaries , 2013, 2013 28th IEEE/ACM International Conference on Automated Software Engineering (ASE).

[3]  Manu Sridharan,et al.  Mimic: computing models for opaque code , 2015, ESEC/SIGSOFT FSE.

[4]  Koushik Sen,et al.  CUTE: a concolic unit testing engine for C , 2005, ESEC/FSE-13.

[5]  Xiangyu Zhang,et al.  Modeling Software Execution Environment , 2012, 2012 19th Working Conference on Reverse Engineering.

[6]  Koushik Sen,et al.  Jalangi: a selective record-replay and dynamic analysis framework for JavaScript , 2013, ESEC/FSE 2013.

[7]  Matthew B. Dwyer,et al.  Adapting side effects analysis for modular program model checking , 2003, ESEC/FSE-11.

[8]  Matthew B. Dwyer,et al.  Automated environment generation for software model checking , 2003, 18th IEEE International Conference on Automated Software Engineering, 2003. Proceedings..

[9]  Amer Diwan,et al.  Fast online pointer analysis , 2007, TOPL.

[10]  D. Richard Kuhn,et al.  Software fault interactions and implications for software testing , 2004, IEEE Transactions on Software Engineering.

[11]  Oksana Tkachuk OCSEGen: open components and systems environment generator , 2013, SOAP '13.

[12]  Matteo Ceccarello,et al.  Automated generation of model classes for Java PathFinder , 2014, SOEN.

[13]  Sumit Gulwani,et al.  Oracle-guided component-based program synthesis , 2010, 2010 ACM/IEEE 32nd International Conference on Software Engineering.

[14]  Sukyoung Ryu,et al.  SAFEWAPI: web API misuse detector for web applications , 2014, SIGSOFT FSE.

[15]  Sumit Gulwani,et al.  Spreadsheet data manipulation using examples , 2012, CACM.

[16]  Benjamin Livshits,et al.  Practical static analysis of JavaScript applications in the presence of frameworks and libraries , 2013, ESEC/FSE 2013.

[17]  Sukyoung Ryu,et al.  Analysis of JavaScript Web Applications Using SAFE 2.0 , 2017, 2017 IEEE/ACM 39th International Conference on Software Engineering Companion (ICSE-C).

[18]  Sukyoung Ryu,et al.  SAFE: Formal Specification and Implementation of a Scalable Analysis Framework for ECMAScript , 2012 .

[19]  Jihyeok Park,et al.  JavaScript API misuse detection by using typescript , 2014, MODULARITY.

[20]  Patrick Cousot,et al.  Abstract interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints , 1977, POPL.

[21]  Pedro M. Domingos,et al.  Learning programs from traces using version space algebra , 2003, K-CAP '03.

[22]  Franck van Breugel,et al.  Automatic handling of native methods in Java PathFinder , 2014, SPIN.

[23]  Corina S. Pasareanu,et al.  Symbolic execution with mixed concrete-symbolic solving , 2011, ISSTA '11.

[24]  Koushik Sen,et al.  Symbolic execution for software testing: three decades later , 2013, CACM.

[25]  Xiangyu Zhang,et al.  Automatic Model Generation from Documentation for Java API Functions , 2016, 2016 IEEE/ACM 38th International Conference on Software Engineering (ICSE).