String Analysis for Dynamic Field Access

Madsen, Magnus; Andreasen, Esben

doi:10.1007/978-3-642-54807-9_12

Cited by 32 publications

(30 citation statements)

References 15 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Analogously, Richards et al [2010], Richards et al [2011], and Wei et al [2016] conducted a similar study, but in this case targeting JavaScript's dynamic behavior and in particular the eval function. Also for JavaScript, Madsen and Andreasen [2014] analyzed how fields are accessed via strings, while Jang et al [2010] analyzed privacy violations. Similar empirical studies were done for PHP [Dahse and Holz 2015;Doyle and Walden 2011;Hills et al 2013] and Swift [Rebouças et al 2016].…”

Section: Empirical Studies Of Large Code Basesmentioning

confidence: 99%

Casting about in the dark: an empirical study of cast operations in Java programs

Mastrangelo

Hauswirth

Nystrom

2019

Proc. ACM Program. Lang.

View full text Add to dashboard Cite

The main goal of a static type system is to prevent certain kinds of errors from happening at run time. A type system is formulated as a set of constraints that gives any expression or term in a program a well-defined type. Yet mainstream programming languages are endowed with type systems that provide the means to circumvent their constraints through casting. We want to understand how and when developers escape the static type system to use dynamic typing. We empirically study how casting is used by developers in more than seven thousand Java projects. We find that casts are widely used (8.7% of methods contain at least one cast) and that 50% of casts we inspected are not guarded locally to ensure against potential run-time errors. To help us better categorize use cases and thus understand how casts are used in practice, we identify 25 cast-usage patternsÐrecurrent programming idioms using casts to solve a specific issue. This knowledge can be: (a) a recommendation for current and future language designers to make informed decisions (b) a reference for tool builders, e.g., by providing more precise or new refactoring analyses, (c) a guide for researchers to test new language features, or to carry out controlled programming experiments, and (d) a guide for developers for better practices. CCS Concepts: • Software and its engineering → General programming languages; Object oriented languages; Software libraries and repositories.

show abstract

Section: Empirical Studies Of Large Code Basesmentioning

confidence: 99%

Casting about in the dark: an empirical study of cast operations in Java programs

Mastrangelo

Hauswirth

Nystrom

2019

Proc. ACM Program. Lang.

View full text Add to dashboard Cite

show abstract

“…Several research tools, including TAJS [Jensen et al 2009], WALA [Sridharan et al 2012], SAFE [Lee et al 2012], and JSAI [Kashyap et al 2014], have been developed in recent years to address this challenge. A notable trend is that analysis precision is being increased in many directions, including high degrees of context sensitivity [Andreasen and Mùller 2014], aggressive loop unrolling [Park and Ryu 2015], and sophisticated abstract domains for strings [Amadini et al 2017;Madsen and Andreasen 2014;Park et al 2016], to enable analysis of real-world JavaScript programs.…”

Section: Introductionmentioning

confidence: 99%

Static analysis with demand-driven value refinement

Stein

Nielsen

Chang

et al. 2019

Proc. ACM Program. Lang.

View full text Add to dashboard Cite

Static analysis tools for JavaScript must strike a delicate balance, achieving the level of precision required by the most complex features of target programs without incurring prohibitively high analysis time. For example, reasoning about dynamic property accesses sometimes requires precise relational information connecting the object, the dynamically-computed property name, and the property value. Even a minor precision loss at such critical program locations can result in a proliferation of spurious dataflow that renders the analysis results useless. We present a technique by which a conventional non-relational static dataflow analysis can be combined soundly with a value refinement mechanism to increase precision on demand at critical locations. Crucially, our technique is able to incorporate relational information from the value refinement mechanism into the non-relational domain of the dataflow analysis. We demonstrate the feasibility of this approach by extending an existing JavaScript static analysis with a demand-driven value refinement mechanism that relies on backwards abstract interpretation. Our evaluation finds that precise analysis of widely used JavaScript utility libraries depends heavily on the precision at a small number of critical locations that can be identified heuristically, and that backwards abstract interpretation is an effective mechanism to provide that precision on demand. CCS Concepts: • Theory of computation → Program analysis.

show abstract

“…Researchers have developed various static analysis frameworks [11,12,17] for JavaScript, and suggested techniques to improve analysis precision such as loop specialization [1,24,31], adaptive context-sensitivity [32], and advanced analysis domains [20,23]. Analysis precision may be improved by repeating the following process: 1. Check if an analysis is precise enough to prove properties of interest.…”

Section: Introductionmentioning

confidence: 99%

Automatically Tracing Imprecision Causes in JavaScript Static Analysis

2019

View full text Add to dashboard Cite

Researchers have developed various techniques for static analysis of JavaScript to improve analysis precision. To develop such techniques, they first identify causes of the precision losses for unproven properties. While most of the existing work has diagnosed main causes of imprecision in static analysis by manual investigation, manually tracing the imprecision causes is challenging because it requires detailed knowledge of analyzer internals. Recently, several studies proposed to localize the analysis imprecision causes automatically, but these localization techniques work for only specific analysis techniques.In this paper, we present an automatic technique that can trace analysis imprecision causes of JavaScript applications starting from user-selected variables. Given a set of program variables, our technique stops an analysis when any of the variables gets imprecise analysis values. It then traces the imprecise analysis values using intermediate analysis results back to program points where the imprecision first started. Our technique shows the trace information with a new representation called tracing graphs, whose nodes and edges together represent traces from imprecise points to precise points. In order to detect major causes of analysis imprecision automatically, we present four node/edge patterns in tracing graphs for common imprecision causes. We formalized the technique of generating tracing graphs and identifying patterns, and implemented them on SAFE, a state-of-the-art JavaScript static analyzer with various analysis configurations, such as contextsensitivity, loop-sensitivity, and heap cloning. Our evaluation demonstrates that the technique can easily find 96 % of the major causes of the imprecision problems in 17 applications by only automatic detection in tracing graphs using the patterns, and selectively adopting various advanced techniques can eliminate the found causes of imprecision. ACM CCS 2012Software and its engineering → Software verification; Automated static analysis;

show abstract

String Analysis for Dynamic Field Access

Cited by 32 publications

References 15 publications

Casting about in the dark: an empirical study of cast operations in Java programs

Casting about in the dark: an empirical study of cast operations in Java programs

Static analysis with demand-driven value refinement

Automatically Tracing Imprecision Causes in JavaScript Static Analysis

Contact Info

Product

Resources

About