Thumbnail
Access Restriction
Open

Author Jensen, Simon Holm ♦ Jonsson, Peter A. ♦ Møller, Anders
Source CiteSeerX
Content type Text
File Format PDF
Language English
Subject Domain (in DDC) Computer science, information & general works ♦ Data processing & computer science
Subject Keyword Small Collection ♦ Javascript Web Application ♦ Popular Web Site ♦ Sound Static Analysis ♦ Many Common Us ♦ Dataflow Analyzer ♦ Static Analysis Tool ♦ Previous Large-scale Study ♦ Many Nontrivial Occurrence ♦ Refactoring Technique ♦ Javascript Web Application Programmer ♦ Recent Year ♦ Useless Result ♦ Web Application ♦ Experimental Result ♦ Language Construct ♦ Static Analysis
Description A range of static analysis tools and techniques have been developed in recent years with the aim of helping JavaScript web application programmers produce code that is more robust, safe, and efficient. However, as shown in a previous large-scale study, many web applications use the JavaScript evalfunctiontodynamicallyconstructcodefromtextstrings in ways that obstruct existing static analyses. As a consequence, the analyses either fail to reason about the web applications or produce unsound or useless results. We present an approach to soundly and automatically transform many common uses of eval into other language constructs to enable sound static analysis of web applications. By eliminating calls to eval, we expand the applicability of static analysis for JavaScript web applications in general. The transformation we propose works by incorporating a refactoring technique into a dataflow analyzer. We report on our experimental results with a small collection of programming patterns extracted from popular web sites. Although there are inevitably cases where the transformation must give up, our technique succeeds in eliminating many nontrivial occurrences of eval. Categories andSubject Descriptors
In Proceedings of the International Symposium on Software Testing and Analysis
Educational Role Student ♦ Teacher
Age Range above 22 year
Educational Use Research
Education Level UG and PG ♦ Career/Technical Study
Learning Resource Type Article
Publisher Date 2012-01-01