Correlation Tracking for Points-To Analysis of JavaScript.

JavaScript poses significant challenges for points-to analysis, particularly due to its flexible object model in which object properties can be created and deleted at run-time and accessed via first-class ... In practice, we found that a standard implementation of the analysis was unable to analyze popular JavaScript frameworks. ... Correlation Tracking We now discuss our correlation tracking technique for improving the scalability of JavaScript points-to analysis in practice. ...

doi:10.1007/978-3-642-31057-7_20 fatcat:q3vlyjtzt5cmhp5x2aw347oeva

Correlation tracking for points-to analysis of JavaScript. ECOOP 2012. Program Understanding Application:! REF Analysis Results! ... Practical blended taint analysis for JavaScript. ISSTA 2013. [2] Shiyi Wei and Barbara G. Ryder. State-sensitive points-to analysis for the dynamic behavior of JavaScript objects. ECOOP 2014. ...

doi:10.1145/2660252.2660393 dblp:conf/oopsla/WeiR14 fatcat:lm6qkep6wnbclmafkpjkbevvgu

We present a new form of hybrid JavaScript analysis, which augments static analysis with (semi-)concrete information by applying partial evaluation to JavaScript functions according to dynamic data recorded ... Such vulnerabilities are becoming a source of growing concern due to the rapid migration of server-side business logic to the client side, combined with new JavaScript-backed Web technologies, such as ... They present a novel correlation tracking mechanism to cope with this pattern, thereby making the analysis more scalable. Scalability challenges remain, however, a problem. ...

doi:10.1145/2610384.2610385 dblp:conf/issta/TrippFP14 fatcat:ryffhyeduzad7g7uyoagvzqgru

We compare the new points-to algorithm with an existing JavaScript points-to algorithm in terms of their respective performance and accuracy on a client application. ... Points-to analysis calculates the set of values a reference property or variable may have during execution. ... Comparison with Points-to Analysis in [26] . We use the term Corr to refer to a blended version of correlation-tracking points-to analysis [26] (see Section 5 for more details) and its REF client. ...

doi:10.1007/978-3-662-44202-9_1 fatcat:wcgljbeclzavtcbkdivg4fmi3y

GitHub is the world's largest collection of open source software. Therefore, it is important both to software developers and users to compare and track the popularity of GitHub repositories. ... We show that stars tend to correlate with other measures, like forks, and with the effective usage of GitHub software by third-party programs. ... Conclusion We proposed a framework to track the popularity of GitHub systems and we found that: • JavaScript is responsible for more than one third of the popular applications on GitHub; the next five ...

arXiv:1507.00604v3 fatcat:ykbohsl25naptfg3md5mgqle64

Multiple Versions

In contrast, our string domain H ensures no false positives for up to 90% of all dynamic field accesses. ... We demonstrate that a dataflow analysis equipped with the H domain gains significant precision resulting in an analysis speedup of more than 1.5x for 7 out of 10 benchmark programs. ... We believe that correlation tracking is a step in the right direction for scaling points-to and dataflow analyses for large JavaScript libraries. ...

doi:10.1007/978-3-642-54807-9_12 fatcat:2tr2arroazag7e2mjmd65qtrbm

We conduct a dynamic analysis to make the JavaScript call graph to address the dynamic nature of JavaScript. ... Our evaluation of the JavaScript call graph on six web applications demonstrates that the precision is high for the large applications and relatively low for small applications. ... A points-to analysis or static analysis of JavaScript with the correlation tracking, a novel approach is proposed in [27] . ...

doi:10.5815/ijieeb.2015.02.06 fatcat:zf5yak3wdrg2bbo2fyxccjzqym

Open Access

JavaScript is the dominant language for implementing dynamic web pages in browsers. ... As a result, a plethora of web development frameworks were developed to hide cross-browser issues and to ease development of large web applications. ... All comments helped tremendously to improve the quality of this paper. ...

doi:10.1109/cgo.2013.6495007 dblp:conf/cgo/PienaarH13 fatcat:73eehuzlrvggzelw5swzpdwnpm

In static analysis of modern JavaScript libraries, relational analysis at key locations is critical to provide sound and useful results. ... Furthermore, we extend an existing JavaScript analyzer with value partitioning and demonstrate experimentally that it is a simple, precise, and efficient alternative to the existing approaches for analyzing ... In our work with analysis of JavaScript libraries, we have not encountered a critical need for tracking numeric relations. ...

doi:10.4230/lipics.ecoop.2020.16 dblp:conf/ecoop/NielsenM19 fatcat:jln7cwv4gbb6rdb5girkp64p3a

Open Access

Analysis of JavaScript has long been known to be challenging due to the language's dynamic nature. ... In this paper, we propose a technique which combines pointer analysis with a novel use analysis to handle many challenges posed by large JavaScript libraries. ... [24] presents a technique for tracking correlations between dynamically computed property names in JavaScript programs. ...

doi:10.1145/2491411.2491417 dblp:conf/sigsoft/MadsenLF13 fatcat:zl7rmeruhvhhhkgscwefvmxow4

We present a static control-flow analysis for JavaScript programs running in a web browser. ... We use our analysis to extract a model of expected client behavior as seen from the server, and build an intrusion-prevention proxy for the server: the proxy intercepts client requests and disables those ... ACKNOWLEDGEMENTS We thank Spiridon Eliopoulos and Brendan Hickey, who helped implement the program analysis. ...

doi:10.1145/1526709.1526785 dblp:conf/www/GuhaKJ09 fatcat:oezj7uezxnalteu3txg7kor4gq

To perform deeper analysis, additional methods are required such as mouse tracking, which can help researchers understand online user behavior on a single webpage. ... Fortunately, the geometrical data of each x and y point of the mouse trail are not always needed. ... Acknowledgements The authors would like to express their deepest gratitude to Otgontsetseg Sukhbaatar, Lodoiravsal Choimaa, and their students for participating in the mouse tracking quiz session. ...

doi:10.1186/s40537-020-00304-x fatcat:5auiu3xevvhnlfgdk6ygefz4se

DOAJ Szczepanski

Building sound and precise static call graphs for real-world JavaScript applications poses an enormous challenge, due to many hard-to-analyze language features. ... information for an analysis designer. ... This change improved average recall for the pessimistic analysis by 2 percentage points to 37% (by the Reachable Edges metric); improvement for optimistic analysis was 5 percentage points, to 76%. ...

arXiv:2205.06780v1 fatcat:evz3lan365c7xf4dlzoybjlipu

Open Access

Moreover, we propose a new lightweight client-side taint analysis that outperforms the start-of-the-art tools, requires no modification to browsers, and reports non-trivial taint flows on modern JavaScript ... Even though a lot of effort has been invested in analyzing client-side web applications during the past decade, the existing tools often fail to deal with the complexity of modern JavaScript applications ... It uses dynamic taint tracking to trace the data flow of each input character for a set of sample inputs. ...

arXiv:2004.06292v1 fatcat:qgwdmly5brfixipgq3io6w7x6i

We present a static dataflow analysis for JavaScript that infers and exploits determinacy information on-the-fly, to enable analysis of some of the most complex parts of jQuery. ... of static analysis for such code. ... Acknowledgments This work was supported by Google, IBM, and the Danish Research Council for Technology and Production. ...

doi:10.1145/2660193.2660214 dblp:conf/oopsla/AndreasenM14 fatcat:hsy6rdojq5aubaw6maivfz37gy

Correlation Tracking for Points-To Analysis of JavaScript [chapter]

Preserved Fulltext

Taming the dynamic behavior of JavaScript

Preserved Fulltext

Hybrid security analysis of web JavaScript code via dynamic partial evaluation

Preserved Fulltext

State-Sensitive Points-to Analysis for the Dynamic Behavior of JavaScript Objects [chapter]

Preserved Fulltext

On the Popularity of GitHub Applications: A Preliminary Note [article]

Preserved Fulltext

Other Versions

String Analysis for Dynamic Field Access [chapter]

Preserved Fulltext

A Dependency Graph Generation Process for Client-side Web Applications

Preserved Fulltext

JSWhiz: Static analysis for JavaScript memory leaks

Preserved Fulltext

Value Partitioning: A Lightweight Approach to Relational Static Analysis for JavaScript

Preserved Fulltext

Practical static analysis of JavaScript applications in the presence of frameworks and libraries

Preserved Fulltext

Using static analysis for Ajax intrusion detection

Preserved Fulltext

Using real-time online preprocessed mouse tracking for lower storage and transmission costs

Preserved Fulltext

Automatic Root Cause Quantification for Missing Edges in JavaScript Call Graphs (Extended Version) [article]

Preserved Fulltext

Gelato: Feedback-driven and Guided Security Analysis of Client-side Web Applications [article]

Preserved Fulltext

Determinacy in static analysis for jQuery

Preserved Fulltext