Precise and Scalable Static Analysis of jQuery using a Regular Expression Domain

Cited 0 time in webofscience Cited 0 time in scopus
  • Hit : 809
  • Download : 0
jQuery is the most popular JavaScript library but the state-of-the-art static analyzers for JavaScript applications fail to analyze simple programs that use jQuery. In this paper, we present a novel abstract string domain whose elements are simple regular expressions that can represent prefix, infix, and postfix substrings of a string and even their sets. We formalize the new domain in the abstract interpretation framework with abstract models of strings and objects commonly used in the existing JavaScript analyzers. For practical use of the domain, we present polynomial-time inclusion decision rules between the regular expressions and prove that the rules exactly capture the actual inclusion relation. We have implemented the domain as an extension of the open-source JavaScript analyzer, SAFE, and we show that the extension significantly improves the scalability and precision of the baseline analyzer in analyzing programs that use jQuery.
Publisher
ASSOC COMPUTING MACHINERY
Issue Date
2017-02
Language
English
Article Type
Article
Citation

ACM SIGPLAN NOTICES, v.52, no.2, pp.25 - 36

ISSN
0362-1340
DOI
10.1145/2989225.2989228
URI
http://hdl.handle.net/10203/224118
Appears in Collection
CS-Journal Papers(저널논문)
Files in This Item
There are no files associated with this item.

qr_code

  • mendeley

    citeulike


rss_1.0 rss_2.0 atom_1.0