Journal of KIISE (정보과학회 논문지)

Korean Institute of Information Scientists and Engineers (한국정보과학회)
권호 표지
DOI QR코드

DOI QR Code

Tunable Static Analysis Framework for JavaScript Applications

확장성을 조절할 수 있는 자바스크립트 앱 정적 분석 프레임워크

  • 고윤석 (한국과학기술원 전산학부) ;
  • 류석영 (한국과학기술원 전산학부)
  • Received : 2015.07.23
  • Accepted : 2015.09.01
  • Published : 2015.11.15
⟨ Previous Next ⟩

Abstract

In this paper, we present a novel approach to analyzing large-scale JavaScript applications statically by tuning the analysis scalability, possibly sacrificing soundness. For a given sound static baseline analysis of JavaScript programs, our framework allows users to define a sound approximation of selected executions that they wish to analyze, and it derives a tuned static analysis that can analyze the selected executions practically. The selected executions serve as parameters of the framework by taking a trade-off between the scalability and the soundness of the derived analyses. We formally describe our framework in the abstract interpretation setting and present two instances of the framework.

본 논문에서는 벤치마크용이 아닌 실제 자바스크립트 프로그램을 효과적으로 분석하기 위해서 정확도와 확장성을 조절하는 정적 분석 프레임워크를 제시한다. 본 논문에서 제안하는 방식은 전분석과 본분석의 두 단계로 구성된다. 전분석은 분석 대상을 조절해서 분석의 정확도를 결정하기 위한 분석 대상의 윤곽을 계산한다. 본분석은 주어진 분석 대상의 윤곽 안에서 실행 의미를 빠뜨리지 않고 안전하게 분석한다. 두 단계 분석 기법을 소개한 후, 전분석에서 분석 대상의 윤곽을 조절하여 본분석의 정확도와 확장성을 조절할 수 있음을 보이고 그 방식의 올바름을 증명한다.

Keywords

Acknowledgement

Supported by : 한국연구재단

References

  1. E. Andreasen and A. Moller, "Determinacy in static analysis for jQuery," Proc. of the ACM International Conference on Object Oriented Programming Systems Languages and Applications, 2014.
  2. C. Park and S. Ryu, "Scalable and precise static analysis of JavaScript applications via loop-sensitivity," Proc. of the European Conference on Object-Oriented Programming, 2015.
  3. M. Schafer, M. Sridharan, J. Dolby, and F. Tip, "Dynamic determinacy analysis," Proc. of the ACM SIGPLAN Conference on Programming Language Design and Implementation, 2013.
  4. M. Sridharan, J. Dolby, S. Chandra, M. Schafer, and F. Tip, "Correlation tracking for points-to analysis of JavaScript," Proc. of the European Conference on Object-Oriented Programming, 2012.
  5. W3Techs. [Online]. Available: http://w3techs.com
  6. JQuery. [Online]. Available: http://jquery.com
  7. A. Feldthaus, M. Schafer, M. Sridharan, J. Dolby, and F. Tip, "Efficient construction of approximate call graphs for JavaScript IDE services," Proc. of the International Conference on Software Engineering, 2013.
  8. S. Wei and B. G. Ryder, "Practical blended taint analysis for JavaScript," Proc. of the International Symposium on Software Testing and Analysis, 2013.
  9. P. Cousot and R. Cousot, "Abstract interpretation: A unified lattice model for static analysis of programs by construction or approximation of fixpoints," Proc. of the 4th ACM SIGACT-SIGPLAN Symposium on Principles of Programming Languages, 1977.
  10. P. Cousot and R. Cousot, "Systematic design of program analysis frameworks," Proc. of the 6th ACM SIGACT-SIGPLAN Symposium on Principles of Programming Languages, 1979.
  11. SAFE. [Online]. Available: http://safe.kaist.ac.kr
  12. TAJS. [Online]. Available: https://github.com/csau-dk/TAJS
  13. WALA. [Online]. Available: http://wala.sourceforge.net
  14. JSAI. [Online]. Available: http://www.cs.ucsb.edu/-benh/rsearch/downloads/jsai.zip