abstract

JavaScript API misuse detection by using typescript

Author:

Jihyeok ParkAuthors Info & Claims

MODULARITY '14: Proceedings of the companion publication of the 13th international conference on Modularity

Pages 11 - 12

https://doi.org/10.1145/2584469.2584472

Published: 22 April 2014 Publication History

Get Access

Abstract

Static analysis of JavaScript programs to detect errors in them is a challenging task. Especially when the program imports massive JavaScript libraries such as jQuery and MooTools, analyzing the whole program and the libraries is expensive and extremely declines the analysis efficiency. In this paper, we introduce a novel approach to solve the problem by modularizing the analysis. We separate the analysis of JavaScript libraries by using types extracted from their corresponding specifications in TypeScript and the analysis of JavaScript applications by a static analysis framework. We use DefinitelyTyped, an open-source repository that provides TypeScript declaration files of over 300 popular JavaScript libraries, and we extend SAFE, an open-source analysis framework for JavaScript.

References

[1]

ECMAScript Language Specification. Edition 5.1. http://www.ecma-international.org/publications/standards/Ecma-262.htm.

Google Scholar

[2]

Christopher Anderson, Paola Giannini, and Sophia Drossopoulou. Towards type inference for JavaScript. In ECOOP 2005.

Digital Library

Google Scholar

[3]

Ravi Chugh, Jeffrey A. Meister, Ranjit Jhala, and Sorin Lerner. Staged information flow for JavaScript. In PLDI 2009.

Digital Library

Google Scholar

[4]

Douglas Crockford. JSLint. http://www.jslint.com.

Google Scholar

[5]

Salvatore Guarnieri, Marco Pistoia, Omer Tripp, Julian Dolbyand Stephen Teilhet, and Ryan Berg. Saving the world wide web from vulnerable JavaScript. In ISSTA 2011.

Digital Library

Google Scholar

[6]

Arjun Guha, Shriram Krishnamurthi, and Trevor Jim. Using static analysis for Ajax intrusion detection. In WWW 2009.

Digital Library

Google Scholar

[7]

Phillip Heidegger and Peter Thiemann. Recency types for analyzing scripting languages. In ECOOP 2010.

Digital Library

Google Scholar

[8]

Simon Holm Jensen, Anders Møller, and Peter Thiemann. Type analysis for JavaScript. In SAS 2009.

Digital Library

Google Scholar

[9]

PLRG @ KAIST. SAFE: Scalable Analysis Framework for ECMAScript. http://safe.kaist.ac.kr.

Google Scholar

[10]

Hongki Lee, Sooncheol Won, Joonho Jin, Junhee Cho, and Sukyoung Ryu. SAFE: Formal specification and implementation of a scalable analysis framework for ECMAScript. In FOOL 2012.

Google Scholar

[11]

Sergio Maffeis, John C. Mitchell, and Ankur Taly. Isolating JavaScript with filters, rewriting, and wrappers. In ESORICS 2009.

Digital Library

Google Scholar

[12]

Microsoft. TypeScript. http://www.typescriptlang.org.

Google Scholar

Cited By

View all

Seidel LBaker Effendi SPinho XRieck Kvan der Merwe BYamaguchi F(2024)Learning Type Inference for Enhanced Dataflow AnalysisComputer Security – ESORICS 202310.1007/978-3-031-51482-1_10(184-203)Online publication date: 11-Jan-2024
https://doi.org/10.1007/978-3-031-51482-1_10
Park JAn SRyu SRoychoudhury ACadar CKim M(2022)Automatically deriving JavaScript static analyzers from specifications using Meta-level static analysisProceedings of the 30th ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering10.1145/3540250.3549097(1022-1034)Online publication date: 7-Nov-2022
https://dl.acm.org/doi/10.1145/3540250.3549097
Jesse KDevanbu PAhmed TSpinellis DGousios GChechik MDi Penta M(2021)Learning type annotation: is big data enough?Proceedings of the 29th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering10.1145/3468264.3473135(1483-1486)Online publication date: 20-Aug-2021
https://dl.acm.org/doi/10.1145/3468264.3473135
Show More Cited By

Index Terms

JavaScript API misuse detection by using typescript
1. General and reference
  1. Document types
    1. Computing standards, RFCs and guidelines
2. Software and its engineering

Recommendations

Generation of TypeScript declaration files from JavaScript code
MPLR 2021: Proceedings of the 18th ACM SIGPLAN International Conference on Managed Programming Languages and Runtimes

Developers are starting to write large and complex applications in TypeScript, a typed dialect of JavaScript. TypeScript applications integrate JavaScript libraries via typed descriptions of their APIs called declaration files. DefinitelyTyped is the ...
Learning TypeScript
TypeScript Revealed

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

MODULARITY '14: Proceedings of the companion publication of the 13th international conference on Modularity

April 2014

44 pages

ISBN:9781450327732

DOI:10.1145/2584469

Conference Chair:
Achille Peternier
University of Lugano, Switzerland
,
General Chair:
Walter Binder
University of Lugano, Switzerland
,
Program Chairs:
Christoph Bockisch
University of Twente, The Netherlands
,
Michael Haupt
Oracle Labs, Germany
,
Walter Cazzola
Università degli Studi di Milano, Italy

Permission to make digital or hard copies of part or all of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for third-party components of this work must be honored. For all other uses, contact the Owner/Author.

In-Cooperation

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 22 April 2014

Check for updates

Author Tags

Qualifiers

Abstract

Funding Sources

National Research Foundation of Korea

Conference

MODULARITY '14

Sponsor:

AOSA

MODULARITY '14: 13th International Conference on Modularity

April 22 - 26, 2014

Lugano, Switzerland

Acceptance Rates

Overall Acceptance Rate 41 of 139 submissions, 29%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

9
Total Citations
View Citations
344
Total Downloads

Downloads (Last 12 months)14
Downloads (Last 6 weeks)0

Reflects downloads up to 03 Mar 2025

Other Metrics

View Author Metrics

Citations

Cited By

View all

Seidel LBaker Effendi SPinho XRieck Kvan der Merwe BYamaguchi F(2024)Learning Type Inference for Enhanced Dataflow AnalysisComputer Security – ESORICS 202310.1007/978-3-031-51482-1_10(184-203)Online publication date: 11-Jan-2024
https://doi.org/10.1007/978-3-031-51482-1_10
Park JAn SRyu SRoychoudhury ACadar CKim M(2022)Automatically deriving JavaScript static analyzers from specifications using Meta-level static analysisProceedings of the 30th ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering10.1145/3540250.3549097(1022-1034)Online publication date: 7-Nov-2022
https://dl.acm.org/doi/10.1145/3540250.3549097
Jesse KDevanbu PAhmed TSpinellis DGousios GChechik MDi Penta M(2021)Learning type annotation: is big data enough?Proceedings of the 29th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering10.1145/3468264.3473135(1483-1486)Online publication date: 20-Aug-2021
https://dl.acm.org/doi/10.1145/3468264.3473135
Park JPark JYoun DRyu SSpinellis DGousios GChechik MDi Penta M(2021)Accelerating JavaScript static analysis via dynamic shortcutsProceedings of the 29th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering10.1145/3468264.3468556(1129-1140)Online publication date: 20-Aug-2021
https://dl.acm.org/doi/10.1145/3468264.3468556
Park JLee HRyu S(2021)A Survey of Parametric Static AnalysisACM Computing Surveys10.1145/346445754:7(1-37)Online publication date: 18-Jul-2021
https://dl.acm.org/doi/10.1145/3464457
Jiang ZZhong HMeng N(2021)Investigating and recommending co-changed entities for JavaScript programsJournal of Systems and Software10.1016/j.jss.2021.111027180:COnline publication date: 1-Oct-2021
https://dl.acm.org/doi/10.1016/j.jss.2021.111027
Park JJordan ARyu S(2019)Automatic Modeling of Opaque Code for JavaScript Static AnalysisFundamental Approaches to Software Engineering10.1007/978-3-030-16722-6_3(43-60)Online publication date: 4-Apr-2019
https://doi.org/10.1007/978-3-030-16722-6_3
Sun KRyu S(2017)Analysis of JavaScript ProgramsACM Computing Surveys10.1145/310674150:4(1-34)Online publication date: 25-Aug-2017
https://dl.acm.org/doi/10.1145/3106741
Leclerc GAuerbach JIacca GFloreano DNeumann FSutton A(2016)The Seamless Peer and Cloud Evolution FrameworkProceedings of the Genetic and Evolutionary Computation Conference 201610.1145/2908812.2908886(821-828)Online publication date: 20-Jul-2016
https://dl.acm.org/doi/10.1145/2908812.2908886

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Abstract

References

Cited By

Index Terms

Recommendations

Generation of TypeScript declaration files from JavaScript code

Learning TypeScript

TypeScript Revealed

Comments

Information

Published In

Sponsors

In-Cooperation

Publisher

Publication History

Check for updates

Author Tags

Qualifiers

Funding Sources

Conference

Acceptance Rates

Contributors

Other Metrics

Bibliometrics

Article Metrics

Other Metrics

Citations

Cited By

Login options

Full Access

View options

PDF

eReader

Share

Share this Publication link

Share on social media

Affiliations