ABSTRACT
Static analysis of JavaScript programs to detect errors in them is a challenging task. Especially when the program imports massive JavaScript libraries such as jQuery and MooTools, analyzing the whole program and the libraries is expensive and extremely declines the analysis efficiency. In this paper, we introduce a novel approach to solve the problem by modularizing the analysis. We separate the analysis of JavaScript libraries by using types extracted from their corresponding specifications in TypeScript and the analysis of JavaScript applications by a static analysis framework. We use DefinitelyTyped, an open-source repository that provides TypeScript declaration files of over 300 popular JavaScript libraries, and we extend SAFE, an open-source analysis framework for JavaScript.
- ECMAScript Language Specification. Edition 5.1. http://www.ecma-international.org/publications/standards/Ecma-262.htm.Google Scholar
- Christopher Anderson, Paola Giannini, and Sophia Drossopoulou. Towards type inference for JavaScript. In ECOOP 2005. Google ScholarDigital Library
- Ravi Chugh, Jeffrey A. Meister, Ranjit Jhala, and Sorin Lerner. Staged information flow for JavaScript. In PLDI 2009. Google ScholarDigital Library
- Douglas Crockford. JSLint. http://www.jslint.com.Google Scholar
- Salvatore Guarnieri, Marco Pistoia, Omer Tripp, Julian Dolbyand Stephen Teilhet, and Ryan Berg. Saving the world wide web from vulnerable JavaScript. In ISSTA 2011. Google ScholarDigital Library
- Arjun Guha, Shriram Krishnamurthi, and Trevor Jim. Using static analysis for Ajax intrusion detection. In WWW 2009. Google ScholarDigital Library
- Phillip Heidegger and Peter Thiemann. Recency types for analyzing scripting languages. In ECOOP 2010. Google ScholarDigital Library
- Simon Holm Jensen, Anders Møller, and Peter Thiemann. Type analysis for JavaScript. In SAS 2009.Google ScholarDigital Library
- PLRG @ KAIST. SAFE: Scalable Analysis Framework for ECMAScript. http://safe.kaist.ac.kr.Google Scholar
- Hongki Lee, Sooncheol Won, Joonho Jin, Junhee Cho, and Sukyoung Ryu. SAFE: Formal specification and implementation of a scalable analysis framework for ECMAScript. In FOOL 2012.Google Scholar
- Sergio Maffeis, John C. Mitchell, and Ankur Taly. Isolating JavaScript with filters, rewriting, and wrappers. In ESORICS 2009. Google ScholarDigital Library
- Microsoft. TypeScript. http://www.typescriptlang.org.Google Scholar
Index Terms
- JavaScript API misuse detection by using typescript
Recommendations
Generation of TypeScript declaration files from JavaScript code
MPLR 2021: Proceedings of the 18th ACM SIGPLAN International Conference on Managed Programming Languages and RuntimesDevelopers are starting to write large and complex applications in TypeScript, a typed dialect of JavaScript. TypeScript applications integrate JavaScript libraries via typed descriptions of their APIs called declaration files. DefinitelyTyped is the ...
Comments