Abstract
In JavaScript, and scripting languages in general, dynamic field access is a commonly used feature. Unfortunately, current static analysis tools either completely ignore dynamic field access or use overly conservative approximations that lead to poor precision and scalability. We present new string domains to reason about dynamic field access in a static analysis tool. A key feature of the domains is that the equal, concatenate and join operations take script O(1) time. Experimental evaluation on four common JavaScript libraries, including jQuery and Prototype, shows that traditional string domains are insufficient. For instance, the commonly used constant string domain can only ensure that at most 21% dynamic field accesses are without false positives. In contrast, our string domain script H ensures no false positives for up to 90% of all dynamic field accesses. We demonstrate that a dataflow analysis equipped with the script H domain gains significant precision resulting in an analysis speedup of more than 1.5x for 7 out of 10 benchmark programs. © 2014 Springer-Verlag.
Cite
CITATION STYLE
Madsen, M., & Andreasen, E. (2014). String analysis for dynamic field access. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 8409 LNCS, pp. 197–217). Springer Verlag. https://doi.org/10.1007/978-3-642-54807-9_12
Register to see more suggestions
Mendeley helps you to discover research relevant for your work.
