Update-Tolerant JavaScript Static Analysis for Frequently Released ECMAScript
COM1 Level 3
MR1, COM1-03-19
Abstract:
JavaScript was initially designed for client-side code in web browsers, but its engine is now embedded in various kinds of host software. Despite its popularity, since the JavaScript semantics is complex especially due to its dynamic nature, understanding and reasoning about JavaScript programs are challenging tasks. Thus, researchers have proposed static analysis for JavaScript based on abstract interpretation. Since a formal semantics of JavaScript is necessary to construct static analysis, various formal semantics are proposed based on ECMAScript, the official JavaScript specification. However, the existing approaches to construct formal semantics are manual, labor-intensive, and error-prone, and they all target only the ECMAScript 5.1 version. This problem is critical in static analysis of recent JavaScript programs because ECMAScript has been annually released since 2015, which made already five updates after ECMAScript 5.1. Moreover, because JavaScript programs are rapidly growing, the scalability of JavaScript static analysis becomes more important than before.
To alleviate the problem, we first present an approach to automatically extract the semantics from ECMAScript and to construct a static analyzer based on the extracted semantics. For the semantics extraction, we introduce JISET, a JavaScript IR-based Semantics Extraction Toolchain. JISET successfully synthesizes parsers and extracts 91.60% of semantics from five recent ECMAScript versions. Based on the extracted semantics, we have a plan to develop JSAVER, a JavaScript Static Analyzer via ECMAScript Representations. We will design it to be light-weight, highly parametric, and modular so that JSAVER has three main features: pluggability, extensibility, and debuggability. Moreover, to cope with the fast growing JavaScript programs, we also have a plan to develop a new heap abstraction. Because JavaScript supports open-objects that allow to add new object properties or to delete existing ones, a heap abstraction is important to precisely analyze such open-objects. We discover that the recency abstraction, a heap abstraction frequently used in JavaScript static analysis, is not monotonic and inefficient. For future work, we will propose a symbolic heap abstraction based on symbolic values. We believe that it can enhance the precision and scalability of JSAVER.
Biodata:
Jihyeok Park is a Ph.D. student in the School of Computing at Korea Advanced Institute of Science and Technology (KAIST). His research interests include static analysis, memory abstraction, and formal verification. Park received a B.S. in computer science at KAIST.