research-article

Revisiting recency abstraction for JavaScript: towards an intuitive, compositional, and efficient heap abstraction

Authors:

Jihyeok Park,

Xavier Rival,

Sukyoung RyuAuthors Info & Claims

SOAP 2017: Proceedings of the 6th ACM SIGPLAN International Workshop on State Of the Art in Program Analysis

Pages 1 - 6

https://doi.org/10.1145/3088515.3088516

Published: 18 June 2017 Publication History

Get Access

Abstract

JavaScript is one of the most widely used programming languages. To understand the behaviors of JavaScript programs and to detect possible errors in them, researchers have developed several static analyzers based on the abstract interpretation framework. However, JavaScript provides various language features that are difficult to analyze statically and precisely such as dynamic addition and removal of object properties, first-class property names, and higher-order functions. To alleviate the problem, JavaScript static analyzers often use recency abstraction, which refines address abstraction by distinguishing recent objects from summaries of old objects. We observed that while recency abstraction enables more precise analysis results by allowing strong updates on recent objects, it is not monotone in the sense that it does not preserve the precision relationship between the underlying address abstraction techniques: for an address abstraction A and a more precise abstraction B, recency abstraction on B may not be more precise than recency abstraction on A. Such an unintuitive semantics of recency abstraction makes its composition with various analysis sensitivity techniques also unintuitive. In this paper, we propose a new singleton abstraction technique, which distinguishes singleton objects to allow strong updates on them without changing a given address abstraction. We formally define recency and singleton abstractions, and explain the unintuitive behaviors of recency abstraction. Our preliminary experiments show promising results for singleton abstraction.

References

[1]

TIOBE Index for February 2017. http://www.tiobe.com/ tiobe-index.

Google Scholar

[2]

Iot.js: A framework for Internet of Things. http://samsung.github.io/jerryscript/, 2015.

Google Scholar

[3]

E. Andreasen and A. Møller. Determinacy in static analysis for jQuery. In OOPSLA, 2014.

Digital Library

Google Scholar

[4]

G. Balakrishnan and T. Reps. Recency-abstraction for heap-allocated storage. In SAS, 2006.

Digital Library

Google Scholar

[5]

S. H. Jensen, A. Møller, and P. Thiemann. Type analysis for JavaScript. In SAS, 2009.

Digital Library

Google Scholar

[6]

C. Lattner, A. Lenharth, and V. Adve. Making context-sensitive points-to analysis with heap cloning practical for the real world. In PLDI, 2007.

Digital Library

Google Scholar

[7]

H. Lee, S. Won, J. Jin, J. Cho, and S. Ryu. SAFE: Formal specification and implementation of a scalable analysis framework for ECMAScript. In FOOL, 2012.

Google Scholar

[8]

C. Park and S. Ryu. Scalable and precise static analysis of JavaScript applications via loop-sensitivity. In ECOOP, 2015.

Google Scholar

[9]

J. Park, X. Rival, and S. Ryu. Revisiting recency abstraction for JavaScript (extended). http://plrg.kaist.ac.kr/doku.php?id=research:material, 2017.

Google Scholar

[10]

M. Schäfer, M. Sridharan, J. Dolby, and F. Tip. Dynamic determinacy analysis. In PLDI, 2013.

Digital Library

Google Scholar

[11]

M. Sridharan, J. Dolby, S. Chandra, M. Schäfer, and F. Tip. Correlation tracking for points-to analysis of JavaScript. In ECOOP, 2012.

Digital Library

Google Scholar

Cited By

View all

Xiao FSu ZYang GLee W(2024)Jasmine: Scale up JavaScript Static Security Analysis with Computation-based Semantic Explanation2024 IEEE Symposium on Security and Privacy (SP)10.1109/SP54263.2024.00183(296-311)Online publication date: 19-May-2024
https://doi.org/10.1109/SP54263.2024.00183
Park JPark JYoun DRyu SSpinellis DGousios GChechik MDi Penta M(2021)Accelerating JavaScript static analysis via dynamic shortcutsProceedings of the 29th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering10.1145/3468264.3468556(1129-1140)Online publication date: 20-Aug-2021
https://dl.acm.org/doi/10.1145/3468264.3468556
Nielsen BHassanshahi BGauthier FDumas MPfahl DApel SRusso A(2019)Nodest: feedback-driven static analysis of Node.js applicationsProceedings of the 2019 27th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering10.1145/3338906.3338933(455-465)Online publication date: 12-Aug-2019
https://dl.acm.org/doi/10.1145/3338906.3338933
Show More Cited By

Index Terms

Revisiting recency abstraction for JavaScript: towards an intuitive, compositional, and efficient heap abstraction
1. Software and its engineering
  1. Software notations and tools
    1. General programming languages
2. Theory of computation
  1. Semantics and reasoning
    1. Program reasoning
      1. Program analysis

Recommendations

Symbolic heap abstraction with demand-driven axiomatization of memory invariants
OOPSLA '10

Many relational static analysis techniques for precise reasoning about heap contents perform an explicit case analysis of all possible heaps that can arise. We argue that such precise relational reasoning can be obtained in a more scalable and ...
Modular Heap Abstraction-Based Memory Leak Detection for Heap-Manipulating Programs
APSEC '12: Proceedings of the 2012 19th Asia-Pacific Software Engineering Conference - Volume 01

Heap-manipulating programs allow flexible manipulations over dynamically allocated, shared, and mutable heap cells via pointers that point to not only linked data structures but also their pointer fields. Therefore, memory leak detection for these ...
Predicate abstraction and canonical abstraction for singly-linked lists
VMCAI'05: Proceedings of the 6th international conference on Verification, Model Checking, and Abstract Interpretation

Predicate abstraction and canonical abstraction are two finitary abstractions used to prove properties of programs. We study the relationship between these two abstractions by considering a very limited case: abstraction of (potentially cyclic) singly-...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

SOAP 2017: Proceedings of the 6th ACM SIGPLAN International Workshop on State Of the Art in Program Analysis

June 2017

48 pages

ISBN:9781450350723

DOI:10.1145/3088515

General Chairs:
Karim Ali
University of Alberta, Canada
,
Cristina Cifuentes
Oracle Labs, Australia

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 18 June 2017

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Funding Sources

Conference

PLDI '17

Sponsor:

SIGPLAN

PLDI '17: ACM SIGPLAN Conference on Programming Language Design and Implementation

June 18, 2017

Barcelona, Spain

Acceptance Rates

Overall Acceptance Rate 11 of 11 submissions, 100%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

5
Total Citations
View Citations
144
Total Downloads

Downloads (Last 12 months)5
Downloads (Last 6 weeks)0

Reflects downloads up to 14 Dec 2024

Other Metrics

View Author Metrics

Citations

Cited By

View all

Xiao FSu ZYang GLee W(2024)Jasmine: Scale up JavaScript Static Security Analysis with Computation-based Semantic Explanation2024 IEEE Symposium on Security and Privacy (SP)10.1109/SP54263.2024.00183(296-311)Online publication date: 19-May-2024
https://doi.org/10.1109/SP54263.2024.00183
Park JPark JYoun DRyu SSpinellis DGousios GChechik MDi Penta M(2021)Accelerating JavaScript static analysis via dynamic shortcutsProceedings of the 29th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering10.1145/3468264.3468556(1129-1140)Online publication date: 20-Aug-2021
https://dl.acm.org/doi/10.1145/3468264.3468556
Nielsen BHassanshahi BGauthier FDumas MPfahl DApel SRusso A(2019)Nodest: feedback-driven static analysis of Node.js applicationsProceedings of the 2019 27th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering10.1145/3338906.3338933(455-465)Online publication date: 12-Aug-2019
https://dl.acm.org/doi/10.1145/3338906.3338933
Welearegai GSchlueter MHammer CHung CPapadopoulos G(2019)Static security evaluation of an industrial web applicationProceedings of the 34th ACM/SIGAPP Symposium on Applied Computing10.1145/3297280.3297471(1952-1961)Online publication date: 8-Apr-2019
https://dl.acm.org/doi/10.1145/3297280.3297471
Park CLee HRyu S(2017)Static analysis of JavaScript libraries in a scalable and precise way using loop sensitivitySoftware: Practice and Experience10.1002/spe.255248:4(911-944)Online publication date: 23-Oct-2017
https://doi.org/10.1002/spe.2552

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Cited By

Index Terms

Recommendations

Symbolic heap abstraction with demand-driven axiomatization of memory invariants

Modular Heap Abstraction-Based Memory Leak Detection for Heap-Manipulating Programs

Predicate abstraction and canonical abstraction for singly-linked lists