8,505 Hits in 2.2 sec

Symbolic Execution for JavaScript

José Fragoso Santos, Petar Maksimović, Théotime Grohens, Julian Dolby, Philippa Gardner
2018 Proceedings of the 20th International Symposium on Principles and Practice of Declarative Programming - PPDP '18  
We present a framework for trustworthy symbolic execution of JavaScripts program, with the aim of assisting developers in the testing of their code: the developer writes symbolic tests for which the framework  ...  We prove that the underlying symbolic execution is sound and does not generate false positives.  ...  oracle for other symbolic execution tools for JavaScript that purposely ignore some corner cases of the JavaScript semantics.  ... 
doi:10.1145/3236950.3236956 dblp:conf/ppdp/SantosMGDG18 fatcat:qpc76jdqdfhcvhkrqhaoueufse

A Symbolic Execution Framework for JavaScript

Prateek Saxena, Devdatta Akhawe, Steve Hanna, Feng Mao, Stephen McCamant, Dawn Song
2010 2010 IEEE Symposium on Security and Privacy  
In this paper, we describe the first system for exploring the execution space of JavaScript code using symbolic execution.  ...  As AJAX applications gain popularity, client-side JavaScript code is becoming increasingly complex. However, few automated vulnerability analysis tools for JavaScript exist.  ...  ACKNOWLEDGMENTS We thank David Wagner, Adam Barth, Domagoj Babic, Adrian Mettler, Juan Caballero, Pongsin Poosankam and our anonymous reviewers for helpful feedback on the paper and suggestions for improvements  ... 
doi:10.1109/sp.2010.38 dblp:conf/sp/SaxenaAHMMS10 fatcat:wdfkmpebcbeapcg6esllmartzi

Sound Regular Expression Semantics for Dynamic Symbolic Execution of JavaScript [article]

Blake Loring, Duncan Mitchell, Johannes Kinder
2018 arXiv   pre-print
We implemented our model in a dynamic symbolic execution engine for JavaScript and evaluated it on over 1,000 Node.js packages containing regular expressions, demonstrating that the strategy is effective  ...  In this paper, we present the first complete strategy to faithfully reason about regular expressions in the context of symbolic execution, focusing on the operators found in JavaScript.  ...  [19] describe a custom browser and symbolic execution engine for JavaScript and the browser DOM, and a string constraint solver PASS with support for most JavaScript string operations.  ... 
arXiv:1810.05661v2 fatcat:uwveovhoqbf43fswen7xkilcuu

JaVerT 2.0: compositional symbolic execution for JavaScript

José Fragoso Santos, Petar Maksimović, Gabriela Sampaio, Philippa Gardner
2019 Proceedings of the ACM on Programming Languages (PACMPL)  
in JavaScript verification; and the feasibility of automatic compositional testing for JavaScript.  ...  Using this approach, we build JaVerT 2.0, a symbolic analysis tool for JavaScript that follows the language semantics without simplifications.  ...  We first describe existing work on symbolic execution and logic-based verification for JavaScript.  ... 
doi:10.1145/3290379 fatcat:kdbxb6ffrrddxkixh3lhfqiln4

Automatic Unit Test Generation and Execution for JavaScript Program through Symbolic Execution

Hideo Tanida, Tadahiro Uehara, Guodong Li, Indradeep Ghosh
The technique makes use of symbolic execution engine for JavaScript code, and stub/driver generation engine which automatically generate stub for code of uninterest.  ...  We propose a technique to automatically generate high-coverage unit tests for JavaScript code.  ...  Our JavaScript symbolic execution engine SymJS is applicable to JavaScript development in field for the following reasons.  ... 

ArtForm: a tool for exploring the codebase of form-based websites

Ben Spencer, Michael Benedikt, Anders Møller, Franck van Breugel
2017 Proceedings of the 26th ACM SIGSOFT International Symposium on Software Testing and Analysis - ISSTA 2017  
ArtForm extends an instrumented browser, so that it can directly implement user interactions, adding on top of it symbolic and concolic execution of JavaScript.  ...  We describe ArtForm, a tool for exploration of the codebase of dynamic data-driven websites where users enter data via forms.  ...  An implementation of concolic execution for stand-alone JavaScript functions is included in the Jalangi distribution.  ... 
doi:10.1145/3092703.3098226 dblp:conf/issta/SpencerBMB17 fatcat:mghuxttwpngczdpssoixzks4jm

Oblique: Accelerating Page Loads Using Symbolic Execution

Ronny Ko, James Mickens, Blake Loring, Ravi Netravali
2021 Symposium on Networked Systems Design and Implementation  
Oblique symbolically executes the client-side of a page load, generating a prefetch list of symbolic URLs.  ...  Each symbolic URL describes a URL that a client browser should fetch, given user-specific values for cookies, the User-Agent string, and other sensitive variables.  ...  As the JavaScript code executes, Oblique records the path constraints, and updates JavaScript variables with concrete values and symbolic constraints.  ... 
dblp:conf/nsdi/KoMLN21 fatcat:ebuv6dmidjcqtophpv6x6luafi

A Study on the Code Generator for a Virtual Machine Code based JavaScript Compiler

Jaehyun Kim, Yangsun Lee
2018 International Journal of Advanced Science and Technology  
In this paper, we design and implement a code generator for the JavaScript compiler.  ...  To support the execution of these diverse JavaScript applications, we develop JavaScript compilers based on virtual machine code in the smart cross-platform.  ...  To support the execution of these various JavaScript applications, we develop a JavaScript compiler based on virtual machine code for the smart cross platform.  ... 
doi:10.14257/ijast.2018.119.11 fatcat:5d2bv72efra3rfgb6mpiqx36ce

Lightweight compilation of (C)LP to JavaScript

2012 Theory and Practice of Logic Programming  
Targeting JavaScript makes (C)LP programs executable in virtually every modern computing device with no additional software requirements from the point of view of the user.  ...  We present an overview of the compilation process and a detailed description of the run-time system, including the support for modular compilation into separate JavaScript code.  ...  This reliance makes it possible to execute code on a variety of devices without any need for installation of additional plug-ins or proprietary code.  ... 
doi:10.1017/s1471068412000336 fatcat:reuxpfqs6bbotlgfcg6dp5j6ia

Rozzle: De-cloaking Internet Malware

Clemens Kolbitsch, Benjamin Livshits, Benjamin Zorn, Christian Seifert
2012 2012 IEEE Symposium on Security and Privacy  
This paper proposes Rozzle, a JavaScript multiexecution virtual machine, as a way to explore multiple execution paths within a single execution so that environment-specific malware will reveal itself.  ...  Index Terms-malware; cloaking; JavaScript Fig. 1 : Typical JavaScript exploit found in the wild that demonstrates environment matching.  ...  In their paper, Saxena et al. present a symbolic execution framework for JavaScript that can be used to explore all paths inside a script body.  ... 
doi:10.1109/sp.2012.48 dblp:conf/sp/KolbitschLZS12 fatcat:w7ciecc6jjfhzhsfjyilyw2jq4

JsSandbox: A Framework for Analyzing the Behavior of Malicious JavaScript Code using Internal Function Hooking

Hyoung Chun Kim
2012 KSII Transactions on Internet and Information Systems  
Recently, many malicious users have attacked web browsers using JavaScript code that can execute dynamic actions within the browsers.  ...  By forcing the browser to execute malicious JavaScript code, the attackers can steal personal information stored in the system, allow malware program downloads in the client's system, and so on.  ...  For example, the JavaScript engine (jscript.dll) of IE in Windows Vista includes 3,623 symbols, and the symbols represent all functions implemented in the JavaScript engine.  ... 
doi:10.3837/tiis.2012.02.019 fatcat:stojza4u55farbjjmlgrm2fa2q

Jalangi: a tool framework for concolic testing, selective record-replay, and dynamic analysis of JavaScript

Koushik Sen, Swaroop Kalasapur, Tasneem Brutch, Simon Gibbs
2013 Proceedings of the 2013 9th Joint Meeting on Foundations of Software Engineering - ESEC/FSE 2013  
The framework is written in JavaScript and allows implementation of various heavy-weight dynamic analyses for JavaScript.  ...  We describe a tool framework, called Jalangi, for dynamic analysis and concolic testing of JavaScript programs.  ...  : Pure symbolic execution executes the program symbolically and never restarts the program for the purpose of backtracking.  ... 
doi:10.1145/2491411.2494598 dblp:conf/sigsoft/SenKBG13a fatcat:qqposcyi3bhchgycfm2n43r5di

SymJS: automatic symbolic testing of JavaScript web applications

Guodong Li, Esben Andreasen, Indradeep Ghosh
2014 Proceedings of the 22nd ACM SIGSOFT International Symposium on Foundations of Software Engineering - FSE 2014  
The tool contains a symbolic execution engine for JavaScript, and an automatic event explorer for Web pages.  ...  Without any user intervention, SymJS can automatically discover and explore Web events, symbolically execute the associated JavaScript code, refine the execution based on dynamic feedbacks, and produce  ...  , which extends the Rhino 2 JavaScript engine for symbolic execution.  ... 
doi:10.1145/2635868.2635913 dblp:conf/sigsoft/LiAG14 fatcat:635b36kmhvgw7aa7ceuy2nio4u

Concolic Testing of Full-Stack JavaScript Applications

Maarten Vandercammen, Laurent Christophe, Wolfgang De Meuter, Coen De Roover
2018 BElgian-NEtherlands software eVOLution symposium  
JavaScript applications.  ...  Recent years have seen the rise of so-called full-stack JavaScript web applications, where both the client and the server side of the web application are developed in JavaScript.  ...  Symbolic Execution For the sake of brevity, we omit the details of how the code resulting from the instrumentation performs the symbolic execution.  ... 
dblp:conf/benevol/VandercammenCMR18 fatcat:vj7vbz3dxfhn5nyizy2bkzbtfa

A Trusted Infrastructure for Symbolic Analysis of Event-Driven Web Applications

Gabriela Sampaio, José Fragoso Santos, Petar Maksimović, Philippa Gardner, Tobias Pape, Robert Hirschfeld
2020 European Conference on Object-Oriented Programming  
Using the Core Event Semantics and the reference implementations, we develop JaVerT.Click, a symbolic execution tool for JavaScript that, for the first time, supports reasoning about JavaScript programs  ...  We introduce a trusted infrastructure for the symbolic analysis of modern event-driven Web applications.  ...  We will also implement the Event Semantics as a layer on top of Gillian [11] , our new multi-language platform for compositional symbolic analysis, by instantiating the Event Semantics with Gillian's  ... 
doi:10.4230/lipics.ecoop.2020.28 dblp:conf/ecoop/SampaioSMG19 fatcat:qyniuxpuj5fv3npgg4shnuyd24
« Previous Showing results 1 — 15 out of 8,505 results