Towards Logic-Based Verification of JavaScript Programs

In this position paper, we argue for what we believe is a correct pathway to achieving scalable symbolic verification of JavaScript based on separation logic. We highlight the difficulties imposed by the language, the current state-of-the-art in the literature, and the sequence of steps that needs to be taken. We briefly describe Open image in new window , our semi-automatic toolchain for JavaScript verification.

[1]  Dawson R. Engler,et al.  KLEE: Unassisted and Automatic Generation of High-Coverage Tests for Complex Systems Programs , 2008, OSDI.

[2]  Peter W. O'Hearn,et al.  Smallfoot: Modular Automatic Assertion Checking with Separation Logic , 2005, FMCO.

[3]  Peter W. O'Hearn,et al.  Compositional Shape Analysis by Means of Bi-Abduction , 2011, JACM.

[4]  Daejun Park,et al.  KJS: a complete formal semantics of JavaScript , 2015, PLDI.

[5]  Samin Ishtiaq,et al.  SLAyer: Memory Safety for Systems-Level Code , 2011, CAV.

[6]  Frank Piessens,et al.  VeriFast: A Powerful, Sound, Predictable, Fast Verifier for C and Java , 2011, NASA Formal Methods.

[7]  Hongseok Yang,et al.  Nested Hoare Triples and Frame Rules for Higher-Order Store , 2009, CSL.

[8]  Ben Hardekopf,et al.  JSAI: a static analysis platform for JavaScript , 2014, SIGSOFT FSE.

[9]  Peter W. O'Hearn,et al.  Moving Fast with Software Verification , 2015, NFM.

[10]  Grigore Rosu,et al.  Semantics-based program verifiers for all languages , 2016, OOPSLA.

[11]  Arthur Charguéraud,et al.  A trusted mechanised JavaScript specification , 2014, POPL.

[12]  YangHongseok,et al.  Compositional Shape Analysis by Means of Bi-Abduction , 2009 .

[13]  Philippa Gardner,et al.  Towards a program logic for JavaScript , 2012, POPL '12.

[14]  Frank Tip,et al.  Correlation Tracking for Points-To Analysis of JavaScript , 2012, ECOOP.

[15]  Matthew J. Parkinson,et al.  jStar: towards practical verification for java , 2008, OOPSLA.

[16]  P ? ? ? ? ? ? ? % ? ? ? ? , 1991 .

[17]  Joe Gibbs Politz,et al.  A tested semantics for getters, setters, and eval in JavaScript , 2012, DLS.

[18]  Grigore Rosu,et al.  An overview of the K semantic framework , 2010, J. Log. Algebraic Methods Program..

[19]  W. Marsden I and J , 2012 .

[20]  Sarfraz Khurshid,et al.  Test input generation with java PathFinder , 2004, ISSTA '04.

[21]  Shriram Krishnamurthi,et al.  The Essence of JavaScript , 2010, ECOOP.

[22]  Esben Andreasen,et al.  Determinacy in static analysis for jQuery , 2014, OOPSLA 2014.

[23]  Peter Thiemann,et al.  Type Analysis for JavaScript , 2009, SAS.