Adaptive Context-sensitive Analysis for JavaScript

Context sensitivity is a technique to improve program analysis precision by distinguishing between function calls. A specific context-sensitive analysis is usually designed to accommodate the programming paradigm of a particular programming language. JavaScript features both the object-oriented and functional programming paradigms. Our empirical study suggests that there is no single context-sensitive analysis that always produces precise results for JavaScript applications. This observation motivated us to design an adaptive analysis, selecting a context-sensitive analysis from multiple choices for each function. Our two-staged adaptive context-sensitive analysis first extracts function characteristics from an inexpensive points-to analysis and then chooses a specialized context-sensitive analysis per function based on the heuristics. The experimental results show that our adaptive analysis achieved more precise results than any single context-sensitive analysis for several JavaScript programs in the benchmarks.

[1]  Henry Lieberman,et al.  Using Prototypical Objects to Implement Shared Behavior in Object Oriented Systems , 1986, OOPSLA.

[2]  Mayur Naik,et al.  Scaling abstraction refinement via pruning , 2011, PLDI '11.

[3]  Frank Tip,et al.  Correlation Tracking for Points-To Analysis of JavaScript , 2012, ECOOP.

[4]  Peter Wegner Dimensions of object-based language design , 1987, OOPSLA 1987.

[5]  Yannis Smaragdakis,et al.  Hybrid context-sensitivity for points-to analysis , 2013, PLDI.

[6]  Yannis Smaragdakis,et al.  Introspective analysis: context-sensitivity, across the board , 2014, PLDI.

[7]  Manu Sridharan,et al.  Refinement-based context-sensitive points-to analysis for Java , 2006, PLDI '06.

[8]  Henry Lieberman,et al.  Using prototypical objects to implement shared behavior in object-oriented systems , 1986, OOPLSA '86.

[9]  J. Ross Quinlan,et al.  C4.5: Programs for Machine Learning , 1992 .

[10]  Ben Hardekopf,et al.  JSAI: a static analysis platform for JavaScript , 2014, SIGSOFT FSE.

[11]  Hongseok Yang,et al.  Selective context-sensitivity guided by impact pre-analysis , 2014, PLDI.

[12]  Ole Agesen The Cartesian Product Algorithm: Simple and Precise Type Inference Of Parametric Polymorphism , 1995, ECOOP.

[13]  Barbara G. Ryder,et al.  Practical blended taint analysis for JavaScript , 2013, ISSTA.

[14]  Aiko M. Hormann,et al.  Programs for Machine Learning. Part I , 1962, Inf. Control..

[15]  Barbara G. Ryder,et al.  Parameterized object sensitivity for points-to analysis for Java , 2005, TSEM.

[16]  Ondrej Lhoták,et al.  Pick your contexts well: understanding object-sensitivity , 2011, POPL '11.

[17]  Olin Shivers,et al.  Control-flow analysis of higher-order languages of taming lambda , 1991 .

[18]  David Grove,et al.  Call graph construction in object-oriented languages , 1997, OOPSLA '97.

[19]  Calvin Lin,et al.  Client-Driven Pointer Analysis , 2003, SAS.

[20]  Ondrej Lhoták,et al.  Evaluating the benefits of context-sensitive points-to analysis using a BDD-based implementation , 2008, TSEM.

[21]  Barbara G. Ryder,et al.  State-Sensitive Points-to Analysis for the Dynamic Behavior of JavaScript Objects , 2014, ECOOP.

[22]  Peter Thiemann,et al.  Type Analysis for JavaScript , 2009, SAS.