Combining string abstract domains for JavaScript analysis: an evaluation

Roberto Amadini, Alexander Jordan, Graeme Gange, François Gauthier, Peter Schachte, Harald Søndergaard, Peter J. Stuckey, Chenyi Zhang

Research output: Chapter in Book/Report/Conference proceedingConference PaperResearchpeer-review

9 Citations (Scopus)

Abstract

Strings play a central role in JavaScript and similar scripting languages. Owing to dynamic features such as the eval function and dynamic property access, precise string analysis is a prerequisite for automated reasoning about practically any kind of runtime property. Although the literature presents a considerable number of abstract domains for capturing and representing specific aspects of strings, we are not aware of tools that allow flexible combination of string abstract domains. Indeed, support for string analysis is often confined to a single, dedicated string domain. In this paper we describe a framework that allows us to combine multiple string abstract domains for the analysis of JavaScript programs. It is implemented as an extension of SAFE, an open-source static analysis tool. We investigate different combinations of abstract domains that capture various aspects of strings. Our evaluation suggests that a combination of a few, simple abstract domains suffice to outperform the precision of state-of-the-art static analysis tools for JavaScript.

Original languageEnglish
Title of host publicationTools and Algorithms for the Construction and Analysis of Systems
Subtitle of host publication23rd International Conference, TACAS 2017 Held as Part of the European Joint Conferences on Theory and Practice of Software, ETAPS 2017 Uppsala, Sweden, April 22–29, 2017 Proceedings, Part I
EditorsAxel Legay, Tiziana Margaria
Place of PublicationBerlin Germany
PublisherSpringer
Pages41-57
Number of pages17
ISBN (Electronic)9783662545775
ISBN (Print)9783662545768
DOIs
Publication statusPublished - 2017
Externally publishedYes
EventInternational Conference on Tools and Algorithms for the Construction and Analysis of Systems held at the Joint European Conferences on Theory and Practice of Software 2017 - Uppsala, Sweden
Duration: 22 Apr 201729 Apr 2017
Conference number: 23rd
https://www.etaps.org/2017/tacas

Publication series

NameLecture Notes in Computer Science
PublisherSpringer
Volume10205
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Conference

ConferenceInternational Conference on Tools and Algorithms for the Construction and Analysis of Systems held at the Joint European Conferences on Theory and Practice of Software 2017
Abbreviated titleTACAS 2017
CountrySweden
City Uppsala
Period22/04/1729/04/17
Internet address

Cite this

Amadini, R., Jordan, A., Gange, G., Gauthier, F., Schachte, P., Søndergaard, H., Stuckey, P. J., & Zhang, C. (2017). Combining string abstract domains for JavaScript analysis: an evaluation. In A. Legay, & T. Margaria (Eds.), Tools and Algorithms for the Construction and Analysis of Systems: 23rd International Conference, TACAS 2017 Held as Part of the European Joint Conferences on Theory and Practice of Software, ETAPS 2017 Uppsala, Sweden, April 22–29, 2017 Proceedings, Part I (pp. 41-57). (Lecture Notes in Computer Science ; Vol. 10205 ). Springer. https://doi.org/10.1007/978-3-662-54577-5_3