论文信息 - xWIDL: modular and deep JavaScript API misuses checking based on extended WebIDL

xWIDL: modular and deep JavaScript API misuses checking based on extended WebIDL

JavaScript is the de facto language of the Web, but is notoriously error-prone to use. 65% of common bugs like undefined/null variable usage are DOM-related. Besides DOM, JS APIs are also expected to manipulate graphic hardware and asynchronous I/O, which makes the condition even worse. Although WebIDL provides a formal contract between JS developers and platform implementation, its expressivity is too limited to support deep checking of API misuses. We propose the eXtended WebIDL (xWIDL) language and a modular API misuses checking framework based on xWIDL. We discuss how to handle the data exchange between JS analyzer and SMT-based verifier. Finally, we test our implementation in a case study manner and report our findings on its efficiency and modularity.

Zhen Zhang

[1] Ali Mesbah,et al. An Empirical Study of Client-Side JavaScript Bugs , 2013, 2013 ACM / IEEE International Symposium on Empirical Software Engineering and Measurement.

[2] Ben Hardekopf,et al. JSAI: a static analysis platform for JavaScript , 2014, SIGSOFT FSE.

[3] K. Rustan M. Leino,et al. Dafny: An Automatic Program Verifier for Functional Correctness , 2010, LPAR.

[4] Sukyoung Ryu,et al. SAFEWAPI: web API misuse detector for web applications , 2014, SIGSOFT FSE.

[5] Benjamin S. Lerner,et al. Web API Verification : Results and Challenges , 2012 .

[6] Magnus Madsen,et al. Modeling the HTML DOM and browser API in static analysis of JavaScript web applications , 2011, ESEC/FSE '11.

[7] Peter Thiemann,et al. Type Analysis for JavaScript , 2009, SAS.

[8] Sukyoung Ryu,et al. SAFE: Formal Specification and Implementation of a Scalable Analysis Framework for ECMAScript , 2012 .