Dynamic determinacy analysis

We present an analysis for identifying determinate variables and expressions that always have the same value at a given program point. This information can be exploited by client analyses and tools to, e.g., identify dead code or specialize uses of dynamic language constructs such as eval, replacing them with equivalent static constructs. Our analysis is completely dynamic and only needs to observe a single execution of the program, yet the determinacy facts it infers hold for any execution. We present a formal soundness proof of the analysis for a simple imperative language, and a prototype implementation that handles full JavaScript. Finally, we report on two case studies that explored how static analysis for JavaScript could leverage the information gathered by dynamic determinacy analysis. We found that in some cases scalability of static pointer analysis was improved dramatically, and that many uses of runtime code generation could be eliminated.

[1]  Simon Holm Jensen,et al.  Remedying the eval that men do , 2012, ISSTA 2012.

[2]  Mira Mezini,et al.  Taming reflection: Aiding static analysis in the presence of reflection and custom class loaders , 2011, 2011 33rd International Conference on Software Engineering (ICSE).

[3]  Andrew C. Myers,et al.  Programming Languages for Information Security , 2002 .

[4]  Barbara G. Ryder,et al.  A Practical Blended Analysis for Dynamic Features in JavaScript , 2012 .

[5]  Umut A. Acar,et al.  Type-directed automatic incrementalization , 2012, PLDI '12.

[6]  Olin Shivers,et al.  Control flow analysis in scheme , 1988, PLDI '88.

[7]  James C. King,et al.  Symbolic execution and program testing , 1976, CACM.

[8]  Robert Harper Self-adjusting computation , 2004, LICS 2004.

[9]  Thomas H. Austin,et al.  Multiple facets for dynamic information flow , 2012, POPL '12.

[10]  Brian Hackett,et al.  Fast and precise hybrid type inference for JavaScript , 2012, PLDI '12.

[11]  Viktor Kuncak,et al.  Runtime Instrumentation for Precise Flow-Sensitive Type Analysis , 2010, RV.

[12]  Frank Tip,et al.  Correlation Tracking for Points-To Analysis of JavaScript , 2012, ECOOP.

[13]  Shriram Krishnamurthi,et al.  The Essence of JavaScript , 2010, ECOOP.

[14]  Frank Tip,et al.  A framework for automated testing of javascript web applications , 2011, 2011 33rd International Conference on Software Engineering (ICSE).

[15]  David A. Schmidt Trace-Based Abstract Interpretation of Operational Semantics , 1998, LISP Symb. Comput..

[16]  Peter Sestoft,et al.  Partial evaluation and automatic program generation , 1993, Prentice Hall international series in computer science.

[17]  Benjamin Livshits,et al.  GATEKEEPER: Mostly Static Enforcement of Security and Reliability Policies for JavaScript Code , 2009, USENIX Security Symposium.

[18]  Aske Simon Christensen,et al.  Precise Analysis of String Expressions , 2003, SAS.

[19]  Thomas W. Reps,et al.  The synthesizer generator , 1984, SDE 1.

[20]  Charles Consel,et al.  Polyvariant binding-time analysis for applicative languages , 1993, PEPM '93.

[21]  Peter Thiemann,et al.  Type Analysis for JavaScript , 2009, SAS.

[22]  Robert Harper,et al.  Self-adjusting computation , 2004, Proceedings of the 19th Annual IEEE Symposium on Logic in Computer Science, 2004..

[23]  Xavier Leroy,et al.  Coinductive big-step operational semantics , 2006, Inf. Comput..

[24]  Jeffrey S. Foster,et al.  Profile-guided static typing for dynamic scripting languages , 2009, OOPSLA.

[25]  Jan Vitek,et al.  The Eval That Men Do - A Large-Scale Study of the Use of Eval in JavaScript Applications , 2011, ECOOP.

[26]  Somesh Jha,et al.  Weighted pushdown systems and their application to interprocedural dataflow analysis , 2003, Sci. Comput. Program..

[27]  Jan Vitek,et al.  An analysis of the dynamic behavior of JavaScript programs , 2010, PLDI '10.

[28]  Barbara G. Ryder,et al.  Blended analysis for performance understanding of framework-based applications , 2007, ISSTA '07.

[29]  Sorin Lerner,et al.  Staged information flow for javascript , 2009, PLDI '09.

[30]  Thomas H. Austin,et al.  Efficient purely-dynamic information flow analysis , 2009, PLAS '09.

[31]  Umut A. Acar,et al.  Implicit self-adjusting computation for purely functional programs , 2011, J. Funct. Program..

[32]  Jan Vitek,et al.  Eval begone!: semi-automated removal of eval from javascript programs , 2012, OOPSLA '12.