Filters








8,004 Hits in 4.4 sec

Correlation Tracking for Points-To Analysis of JavaScript [chapter]

Manu Sridharan, Julian Dolby, Satish Chandra, Max Schäfer, Frank Tip
2012 Lecture Notes in Computer Science  
JavaScript poses significant challenges for points-to analysis, particularly due to its flexible object model in which object properties can be created and deleted at run-time and accessed via first-class  ...  In practice, we found that a standard implementation of the analysis was unable to analyze popular JavaScript frameworks.  ...  Correlation Tracking We now discuss our correlation tracking technique for improving the scalability of JavaScript points-to analysis in practice.  ... 
doi:10.1007/978-3-642-31057-7_20 fatcat:q3vlyjtzt5cmhp5x2aw347oeva

Taming the dynamic behavior of JavaScript

Shiyi Wei, Barbara G. Ryder
2014 Proceedings of the companion publication of the 2014 ACM SIGPLAN conference on Systems, Programming, and Applications: Software for Humanity - SPLASH '14  
Correlation tracking for points-to analysis of JavaScript. ECOOP 2012. Program Understanding Application:! REF Analysis Results!  ...  Practical blended taint analysis for JavaScript. ISSTA 2013. [2] Shiyi Wei and Barbara G. Ryder. State-sensitive points-to analysis for the dynamic behavior of JavaScript objects. ECOOP 2014.  ... 
doi:10.1145/2660252.2660393 dblp:conf/oopsla/WeiR14 fatcat:lm6qkep6wnbclmafkpjkbevvgu

Hybrid security analysis of web JavaScript code via dynamic partial evaluation

Omer Tripp, Pietro Ferrara, Marco Pistoia
2014 Proceedings of the 2014 International Symposium on Software Testing and Analysis - ISSTA 2014  
We present a new form of hybrid JavaScript analysis, which augments static analysis with (semi-)concrete information by applying partial evaluation to JavaScript functions according to dynamic data recorded  ...  Such vulnerabilities are becoming a source of growing concern due to the rapid migration of server-side business logic to the client side, combined with new JavaScript-backed Web technologies, such as  ...  They present a novel correlation tracking mechanism to cope with this pattern, thereby making the analysis more scalable. Scalability challenges remain, however, a problem.  ... 
doi:10.1145/2610384.2610385 dblp:conf/issta/TrippFP14 fatcat:ryffhyeduzad7g7uyoagvzqgru

State-Sensitive Points-to Analysis for the Dynamic Behavior of JavaScript Objects [chapter]

Shiyi Wei, Barbara G. Ryder
2014 Lecture Notes in Computer Science  
We compare the new points-to algorithm with an existing JavaScript points-to algorithm in terms of their respective performance and accuracy on a client application.  ...  Points-to analysis calculates the set of values a reference property or variable may have during execution.  ...  Comparison with Points-to Analysis in [26] . We use the term Corr to refer to a blended version of correlation-tracking points-to analysis [26] (see Section 5 for more details) and its REF client.  ... 
doi:10.1007/978-3-662-44202-9_1 fatcat:wcgljbeclzavtcbkdivg4fmi3y

On the Popularity of GitHub Applications: A Preliminary Note [article]

Hudson Borges, Marco Tulio Valente, Andre Hora, Jailton Coelho
2017 arXiv   pre-print
GitHub is the world's largest collection of open source software. Therefore, it is important both to software developers and users to compare and track the popularity of GitHub repositories.  ...  We show that stars tend to correlate with other measures, like forks, and with the effective usage of GitHub software by third-party programs.  ...  Conclusion We proposed a framework to track the popularity of GitHub systems and we found that: • JavaScript is responsible for more than one third of the popular applications on GitHub; the next five  ... 
arXiv:1507.00604v3 fatcat:ykbohsl25naptfg3md5mgqle64

String Analysis for Dynamic Field Access [chapter]

Magnus Madsen, Esben Andreasen
2014 Lecture Notes in Computer Science  
In contrast, our string domain H ensures no false positives for up to 90% of all dynamic field accesses.  ...  We demonstrate that a dataflow analysis equipped with the H domain gains significant precision resulting in an analysis speedup of more than 1.5x for 7 out of 10 benchmark programs.  ...  We believe that correlation tracking is a step in the right direction for scaling points-to and dataflow analyses for large JavaScript libraries.  ... 
doi:10.1007/978-3-642-54807-9_12 fatcat:2tr2arroazag7e2mjmd65qtrbm

A Dependency Graph Generation Process for Client-side Web Applications

Tajkia R. Toma, Mohayeminul Islam, Mohammad Shoyaib, Shariful Islam
2015 International Journal of Information Engineering and Electronic Business  
We conduct a dynamic analysis to make the JavaScript call graph to address the dynamic nature of JavaScript.  ...  Our evaluation of the JavaScript call graph on six web applications demonstrates that the precision is high for the large applications and relatively low for small applications.  ...  A points-to analysis or static analysis of JavaScript with the correlation tracking, a novel approach is proposed in [27] .  ... 
doi:10.5815/ijieeb.2015.02.06 fatcat:zf5yak3wdrg2bbo2fyxccjzqym

JSWhiz: Static analysis for JavaScript memory leaks

J. A. Pienaar, R. Hundt
2013 Proceedings of the 2013 IEEE/ACM International Symposium on Code Generation and Optimization (CGO)  
JavaScript is the dominant language for implementing dynamic web pages in browsers.  ...  As a result, a plethora of web development frameworks were developed to hide cross-browser issues and to ease development of large web applications.  ...  All comments helped tremendously to improve the quality of this paper.  ... 
doi:10.1109/cgo.2013.6495007 dblp:conf/cgo/PienaarH13 fatcat:73eehuzlrvggzelw5swzpdwnpm

Value Partitioning: A Lightweight Approach to Relational Static Analysis for JavaScript

Benjamin Barslev Nielsen, Anders Møller, Tobias Pape, Robert Hirschfeld
2020 European Conference on Object-Oriented Programming  
In static analysis of modern JavaScript libraries, relational analysis at key locations is critical to provide sound and useful results.  ...  Furthermore, we extend an existing JavaScript analyzer with value partitioning and demonstrate experimentally that it is a simple, precise, and efficient alternative to the existing approaches for analyzing  ...  In our work with analysis of JavaScript libraries, we have not encountered a critical need for tracking numeric relations.  ... 
doi:10.4230/lipics.ecoop.2020.16 dblp:conf/ecoop/NielsenM19 fatcat:jln7cwv4gbb6rdb5girkp64p3a

Practical static analysis of JavaScript applications in the presence of frameworks and libraries

Magnus Madsen, Benjamin Livshits, Michael Fanning
2013 Proceedings of the 2013 9th Joint Meeting on Foundations of Software Engineering - ESEC/FSE 2013  
Analysis of JavaScript has long been known to be challenging due to the language's dynamic nature.  ...  In this paper, we propose a technique which combines pointer analysis with a novel use analysis to handle many challenges posed by large JavaScript libraries.  ...  [24] presents a technique for tracking correlations between dynamically computed property names in JavaScript programs.  ... 
doi:10.1145/2491411.2491417 dblp:conf/sigsoft/MadsenLF13 fatcat:zl7rmeruhvhhhkgscwefvmxow4

Using static analysis for Ajax intrusion detection

Arjun Guha, Shriram Krishnamurthi, Trevor Jim
2009 Proceedings of the 18th international conference on World wide web - WWW '09  
We present a static control-flow analysis for JavaScript programs running in a web browser.  ...  We use our analysis to extract a model of expected client behavior as seen from the server, and build an intrusion-prevention proxy for the server: the proxy intercepts client requests and disables those  ...  ACKNOWLEDGEMENTS We thank Spiridon Eliopoulos and Brendan Hickey, who helped implement the program analysis.  ... 
doi:10.1145/1526709.1526785 dblp:conf/www/GuhaKJ09 fatcat:oezj7uezxnalteu3txg7kor4gq

Using real-time online preprocessed mouse tracking for lower storage and transmission costs

Fajar Purnama, Tsuyoshi Usagawa
2020 Journal of Big Data  
To perform deeper analysis, additional methods are required such as mouse tracking, which can help researchers understand online user behavior on a single webpage.  ...  Fortunately, the geometrical data of each x and y point of the mouse trail are not always needed.  ...  Acknowledgements The authors would like to express their deepest gratitude to Otgontsetseg Sukhbaatar, Lodoiravsal Choimaa, and their students for participating in the mouse tracking quiz session.  ... 
doi:10.1186/s40537-020-00304-x fatcat:5auiu3xevvhnlfgdk6ygefz4se

Automatic Root Cause Quantification for Missing Edges in JavaScript Call Graphs (Extended Version) [article]

Madhurima Chakraborty, Renzo Olivares, Manu Sridharan, Behnaz Hassanshahi
2022 arXiv   pre-print
Building sound and precise static call graphs for real-world JavaScript applications poses an enormous challenge, due to many hard-to-analyze language features.  ...  information for an analysis designer.  ...  This change improved average recall for the pessimistic analysis by 2 percentage points to 37% (by the Reachable Edges metric); improvement for optimistic analysis was 5 percentage points, to 76%.  ... 
arXiv:2205.06780v1 fatcat:evz3lan365c7xf4dlzoybjlipu

Gelato: Feedback-driven and Guided Security Analysis of Client-side Web Applications [article]

Behnaz Hassanshahi, Hyunjun Lee, Paddy Krishnan, Jörn Güy Suß
2020 arXiv   pre-print
Moreover, we propose a new lightweight client-side taint analysis that outperforms the start-of-the-art tools, requires no modification to browsers, and reports non-trivial taint flows on modern JavaScript  ...  Even though a lot of effort has been invested in analyzing client-side web applications during the past decade, the existing tools often fail to deal with the complexity of modern JavaScript applications  ...  It uses dynamic taint tracking to trace the data flow of each input character for a set of sample inputs.  ... 
arXiv:2004.06292v1 fatcat:qgwdmly5brfixipgq3io6w7x6i

Determinacy in static analysis for jQuery

Esben Andreasen, Anders Møller
2014 Proceedings of the 2014 ACM International Conference on Object Oriented Programming Systems Languages & Applications - OOPSLA '14  
We present a static dataflow analysis for JavaScript that infers and exploits determinacy information on-the-fly, to enable analysis of some of the most complex parts of jQuery.  ...  of static analysis for such code.  ...  Acknowledgments This work was supported by Google, IBM, and the Danish Research Council for Technology and Production.  ... 
doi:10.1145/2660193.2660214 dblp:conf/oopsla/AndreasenM14 fatcat:hsy6rdojq5aubaw6maivfz37gy
« Previous Showing results 1 — 15 out of 8,004 results