abstract

JavaScript API misuse detection by using typescript

Author:
Jihyeok Park

KAIST, DaeJeon, South Korea

KAIST, DaeJeon, South Korea
View Profile

MODULARITY '14: Proceedings of the companion publication of the 13th international conference on ModularityApril 2014Pages 11–12https://doi.org/10.1145/2584469.2584472

Published:22 April 2014Publication History

MODULARITY '14: Proceedings of the companion publication of the 13th international conference on Modularity

Pages 11–12

ABSTRACT

Static analysis of JavaScript programs to detect errors in them is a challenging task. Especially when the program imports massive JavaScript libraries such as jQuery and MooTools, analyzing the whole program and the libraries is expensive and extremely declines the analysis efficiency. In this paper, we introduce a novel approach to solve the problem by modularizing the analysis. We separate the analysis of JavaScript libraries by using types extracted from their corresponding specifications in TypeScript and the analysis of JavaScript applications by a static analysis framework. We use DefinitelyTyped, an open-source repository that provides TypeScript declaration files of over 300 popular JavaScript libraries, and we extend SAFE, an open-source analysis framework for JavaScript.

References

ECMAScript Language Specification. Edition 5.1. http://www.ecma-international.org/publications/standards/Ecma-262.htm.Google Scholar
Christopher Anderson, Paola Giannini, and Sophia Drossopoulou. Towards type inference for JavaScript. In ECOOP 2005. Google ScholarDigital Library
Ravi Chugh, Jeffrey A. Meister, Ranjit Jhala, and Sorin Lerner. Staged information flow for JavaScript. In PLDI 2009. Google ScholarDigital Library
Douglas Crockford. JSLint. http://www.jslint.com.Google Scholar
Salvatore Guarnieri, Marco Pistoia, Omer Tripp, Julian Dolbyand Stephen Teilhet, and Ryan Berg. Saving the world wide web from vulnerable JavaScript. In ISSTA 2011. Google ScholarDigital Library
Arjun Guha, Shriram Krishnamurthi, and Trevor Jim. Using static analysis for Ajax intrusion detection. In WWW 2009. Google ScholarDigital Library
Phillip Heidegger and Peter Thiemann. Recency types for analyzing scripting languages. In ECOOP 2010. Google ScholarDigital Library
Simon Holm Jensen, Anders Møller, and Peter Thiemann. Type analysis for JavaScript. In SAS 2009.Google ScholarDigital Library
PLRG @ KAIST. SAFE: Scalable Analysis Framework for ECMAScript. http://safe.kaist.ac.kr.Google Scholar
Hongki Lee, Sooncheol Won, Joonho Jin, Junhee Cho, and Sukyoung Ryu. SAFE: Formal specification and implementation of a scalable analysis framework for ECMAScript. In FOOL 2012.Google Scholar
Sergio Maffeis, John C. Mitchell, and Ankur Taly. Isolating JavaScript with filters, rewriting, and wrappers. In ESORICS 2009. Google ScholarDigital Library
Microsoft. TypeScript. http://www.typescriptlang.org.Google Scholar

Index Terms

JavaScript API misuse detection by using typescript
1. General and reference
  1. Document types
    1. Computing standards, RFCs and guidelines
2. Software and its engineering

Recommendations

Generation of TypeScript declaration files from JavaScript code
MPLR 2021: Proceedings of the 18th ACM SIGPLAN International Conference on Managed Programming Languages and Runtimes

Developers are starting to write large and complex applications in TypeScript, a typed dialect of JavaScript. TypeScript applications integrate JavaScript libraries via typed descriptions of their APIs called declaration files. DefinitelyTyped is the ...
Read More
Learning TypeScript
Read More
TypeScript Revealed
Read More

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Published in
MODULARITY '14: Proceedings of the companion publication of the 13th international conference on Modularity
April 2014
44 pages
ISBN:9781450327732
DOI:10.1145/2584469
Conference Chair:
Achille Peternier
University of Lugano, Switzerland
,
General Chair:
Walter Binder
University of Lugano, Switzerland
,
Program Chairs:
Christoph Bockisch
University of Twente, The Netherlands
,
Michael Haupt
Oracle Labs, Germany
,
Walter Cazzola
Università degli Studi di Milano, Italy
Copyright © 2014 Owner/Author
Permission to make digital or hard copies of part or all of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for third-party components of this work must be honored. For all other uses, contact the Owner/Author.
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
- Published: 22 April 2014
Check for updates
Author Tags
api misuse detection
javascript
typescript
Qualifiers
- abstract
Conference

Acceptance Rates
Overall Acceptance Rate41of139submissions,29%
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 9
  Total Citations
  View Citations
- 336
  Total Downloads
- Downloads (Last 12 months)16
- Downloads (Last 6 weeks)5
Other Metrics
View Author Metrics
Cited By
View all

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

JavaScript API misuse detection by using typescript

MODULARITY '14: Proceedings of the companion publication of the 13th international conference on Modularity

ABSTRACT

References

Cited By

Index Terms

Recommendations

Generation of TypeScript declaration files from JavaScript code

Learning TypeScript

TypeScript Revealed