Dynamic Flow Analysis for Java']JavaScript

被引：1

作者：

Naus, Nico ^{[1
]}

Thiemann, Peter ^{[2
]}

机构：

[1] Univ Utrecht, Utrecht, Netherlands

[2] Albert Ludwigs Univ Freiburg, Freiburg, Germany

来源：

TRENDS IN FUNCTIONAL PROGRAMMING (TFP 2016) | 2019年 / 10447卷

关键词：

Type inference; !text type='Java']Java[!/text]Script; Flow analysis; Dynamic languages; INFERENCE; SYSTEM;

D O I：

10.1007/978-3-030-14805-8_5

中图分类号：

TP31 [计算机软件];

学科分类号：

081202 ; 0835 ;

摘要：

Static flow analyses compute a safe approximation of a program's dataflow without executing it. Dynamic flow analyses compute a similar safe approximation by running the program on test data such that it achieves sufficient coverage. We design and implement a dynamic flow analysis for JavaScript. Our formalization and implementation observe a program's execution in a training run and generate flow constraints from the observations. We show that a solution of the constraints yields a safe approximation to the program's dataflow if each path in every function is executed at least once in the training run. As a by-product, we can reconstruct types for JavaScript functions from the results of the flow analysis. Our implementation shows that dynamic flow analysis is feasible for JavaScript. While our formalization concentrates on a core language, the implementation covers full JavaScript. We evaluated the implementation using the SunSpider benchmark.

引用

页码：75 / 93

页数：19

共 50 条

[31] Analysis and Identification of Malicious Java']JavaScript Code
Fraiwan, Mohammad
Al-Salman, Rami
Khasawneh, Natheer
Conrad, Stefan
[J]. INFORMATION SECURITY JOURNAL, 2012, 21 (01): : 1 - 11
[32] Conventionality Analysis of Array Objects in Java']JavaScript
Younang, Astrid
Lu, Lunjin
[J]. 2017 IEEE 24TH INTERNATIONAL CONFERENCE ON SOFTWARE ANALYSIS, EVOLUTION, AND REENGINEERING (SANER), 2017, : 561 - 562
[33] Fixpoint Reuse for Incremental Java']JavaScript Analysis
Nichols, Lawton
Emre, Mehmet
Hardekopf, Ben
[J]. SOAP'19: PROCEEDINGS OF THE 8TH ACM SIGPLAN INTERNATIONAL WORKSHOP ON STATE OF THE ART IN PROGRAM ANALYSIS, 2019, : 2 - 7
[34] CSRF protection in Java']JavaScript frameworks and the security of Java']JavaScript applications
Peguero, Ksenia
Cheng, Xiuzhen
[J]. HIGH-CONFIDENCE COMPUTING, 2021, 1 (02):
[35] WEB BASED DYNAMIC MODELING BY MEANS OF PHP AND JAVA']JAVASCRIPT
Valek, Jan
Sladek, Petr
[J]. INFORMATION AND COMMUNICATION TECHNOLOGY IN EDUCATION, 2012, : 291 - 301
[36] Evaluation and Comparison of Dynamic Call Graph Generators for Java']JavaScript
Herczeg, Zoltan
Loki, Gabor
[J]. PROCEEDINGS OF THE 14TH INTERNATIONAL CONFERENCE ON EVALUATION OF NOVEL APPROACHES TO SOFTWARE ENGINEERING (ENASE), 2019, : 472 - 479
[37] Designing with Java']JavaScript: Creating dynamic Web pages.
Brooks, TA
[J]. JOURNAL OF THE AMERICAN SOCIETY FOR INFORMATION SCIENCE AND TECHNOLOGY, 2002, 53 (11): : 967 - 968
[38] Information-flow security for Java']JavaScript and its APIs
Hedin, Daniel
Bello, Luciano
Sabelfeld, Andrei
[J]. JOURNAL OF COMPUTER SECURITY, 2016, 24 (02) : 181 - 234
[39] Flow: Abstract Interpretation of Java']JavaScript for Type Checking and Beyond
Chaudhuri, Avik
[J]. PROCEEDINGS OF THE 2016 ACM WORKSHOP ON PROGRAMMING LANGUAGES AND ANALYSIS FOR SECURITY (PLAS'16), 2016, : 1 - 1
[40] Java']Java-to-Java']JavaScript Translation via Structured Control Flow Reconstruction of Compiler IR
Leopoldseder, David
Stadler, Lukas
Wimmer, Christian
Moessenboeck, Hanspeter
[J]. ACM SIGPLAN NOTICES, 2016, 51 (02) : 91 - 103

← 1 2 3 4 5 →