Correlation Tracking for Points-To Analysis of JavaScript [chapter]

Manu Sridharan, Julian Dolby, Satish Chandra, Max Schäfer, Frank Tip
2012 Lecture Notes in Computer Science  
JavaScript poses significant challenges for points-to analysis, particularly due to its flexible object model in which object properties can be created and deleted at run-time and accessed via first-class names. These features cause an increase in the worst-case running time of fieldsensitive Andersen-style analysis, which becomes O(N 4 ), where N is the program size, in contrast to the O(N 3 ) bound for languages like Java. In practice, we found that a standard implementation of the analysis
more » ... s unable to analyze popular JavaScript frameworks. We identify correlated dynamic property accesses as a common code pattern that is analyzed very imprecisely by the standard analysis, and show how a novel correlation tracking technique enables us to handle this pattern more precisely, thereby making the analysis more scalable. In an experimental evaluation, we found that correlation tracking often dramatically improved analysis scalability and precision on popular JavaScript frameworks, though in some cases scalability challenges remain.
doi:10.1007/978-3-642-31057-7_20 fatcat:q3vlyjtzt5cmhp5x2aw347oeva