EventHandler-Based Analysis Framework for Web Apps Using Dynamically Collected States [chapter]

Joonyoung Park, Kwangwon Sun, Sukyoung Ryu
2018 Lecture Notes in Computer Science  
JavaScript web applications (apps) are prevalent these days, and quality assurance of web apps gets even more important. Even though researchers have studied various analysis techniques and software industries have developed code analyzers for their own code repositories, statically analyzing web apps in a sound and scalable manner is challenging. On top of dynamic features of JavaScript, abundant execution flows triggered by user events make a sound static analysis difficult. In this paper, we
more » ... propose a novel EventHandler (EH )-based static analysis for web apps using dynamically collected state information. Unlike traditional whole-program analyses, the EH -based analysis intentionally analyzes partial execution flows using concrete user events. Such analyses surely miss execution flows in the entire program, but they analyze less infeasible flows reporting less false positives. Moreover, they can finish analyzing partial flows of web apps that whole-program analyses often fail to finish analyzing, and produce partial bug reports. Our experimental results show that the EH -based analysis improves the precision dramatically compared with a state-of-the-art JavaScript whole-program analyzer, and it can finish analysis of partial execution flows in web apps that the whole-program analyzer fails to analyze within a timeout.
doi:10.1007/978-3-319-89363-1_8 fatcat:kwndxuyplzdjvjbrq5ii64w4sa