javascript was initially designed for client-side programming in web browsers, but its engine is now embedded in various kinds of host software. Despite the popularity, since the javascript semantics is complex especi...
详细信息
ISBN:
(纸本)9781450367684
javascript was initially designed for client-side programming in web browsers, but its engine is now embedded in various kinds of host software. Despite the popularity, since the javascript semantics is complex especially due to its dynamic nature, understanding and reasoning about javascript programs are challenging tasks. Thus, researchers have proposed several attempts to define the formal semantics of javascript based on ECMAScript, the official javascript specification. However, the existing approaches are manual, labor-intensive, and error-prone and all of their formal semantics target ECMAScript 5.1 (ES5.1, 2011) or its former versions. Therefore, they are not suitable for understanding modern javascript language features introduced since ECMAScript 6 (ES6, 2015). Moreover, ECMAScript has been annually updated since ES6, which already made five releases after ES5.1. To alleviate the problem, we propose JISET, a javascript IR-based Semantics Extraction Toolchain. It is the first tool that automatically synthesizes parsers and AST-IR translators directly from a given language specification, ECMAScript. For syntax, we develop a parser generation technique with lookahead parsing for BNFES, a variant of the extended BNF used in ECMAScript. For semantics, JISET synthesizes AST-IR translators using forward compatible rule-based compilation. Compile rules describe how to convert each step of abstract algorithms written in a structured natural language into IRES, an Intermediate Representation that we designed for ECMAScript. For the four most recent ECMAScript versions, JISET automatically synthesized parsers for all versions, and compiled 95.03% of the algorithm steps on average. After we complete the missing parts manually, the extracted core semantics of the latest ECMAScript (ES10, 2019) passed all 18,064 applicable tests. Using this first formal semantics of modern javascript, we found nine specification errors in ES10, which were all confirmed by the Ecma Techn
javascript is a scripting language that is used for creating web pages. It is widely used and a top contender in real-world usage. javascript has many dynamic features that makes it challenging to static analysis. Arr...
详细信息
ISBN:
(数字)9781728172835
ISBN:
(纸本)9781728172835
javascript is a scripting language that is used for creating web pages. It is widely used and a top contender in real-world usage. javascript has many dynamic features that makes it challenging to static analysis. Arrays and objects are one aspect that needs more attention. Array elements are inherently sparse where elements can be added at noncontiguous locations. Object properties can be dynamically accessed and they can also store values of different types. Existing javascript static analyzers use constant propagation domains that lose huge amount of precision when analyzing arrays and objects. In this paper, we propose a string abstract domain that is capable of capturing precise information about arrays and objects. The domain we propose provides useful information for the detection of some errors such as the attempt to access a nonexistent element or property. We also define the abstract semantics of some crucial operations over this domain.
In the simplest form, software testing consists of creating test cases from a defined input space, executing those test cases for the system-under-test (SUT), and evaluating the outputs with a mechanism for determinin...
详细信息
ISBN:
(纸本)9781450379571
In the simplest form, software testing consists of creating test cases from a defined input space, executing those test cases for the system-under-test (SUT), and evaluating the outputs with a mechanism for determining success or failure (i.e. oracle). Bodies of research focus on the selection, execution, evaluation, and even testing of software tests. Many tools and frameworks aim to apply the research in ways that improve test development. However, the options available for testing user interfaces have technical limitations that negatively impact practical application in industry. As such, this industry abstract explores the journey between industry-standard frameworks for testing user interfaces, the negative impacts of their limitations, and a proposed solution that attempts to avoid those issues.
javascript is widely used for implementing client-side web applications, and it is common to include javascript code from many different hosts. However, in a web browser, all the scripts loaded in the same frame share...
详细信息
ISBN:
(纸本)9781450370431
javascript is widely used for implementing client-side web applications, and it is common to include javascript code from many different hosts. However, in a web browser, all the scripts loaded in the same frame share a single global namespace. As a result, a script may read or even overwrite the global objects or functions in other scripts, causing unexpected behaviors. For example, a script can redefine a function in a different script as an object, so that any call of that function would cause an exception at run time. We systematically investigate the client-side javascript code integrity problem caused by javascript global identifier conflicts in this paper. We developed a browser-based analysis framework, JSO(BSERVER), to collect and analyze the write operations to global memory locations by javascript code. We identified three categories of conflicts using JSO(BSERVER) on the Alexa top 100K websites, and detected 145,918 conflicts on 31,615 websites. We reveal that javascript global identifier conflicts are prevalent and could cause behavior deviation at run time. In particular, we discovered that 1,611 redefined functions were called after being overwritten, and many scripts modified the value of cookies or redefined cookie-related functions. Our research demonstrated that javascript global identifier conflict is an emerging threat to both the web users and the integrity of web applications.
javascript is one of the most popular programming languages. WeChat Mini-Program is a large ecosystem of javascript applications that runs on the WeChat platform. Millions of Mini-Programs are accessed by WeChat users...
详细信息
ISBN:
(纸本)9781450367684
javascript is one of the most popular programming languages. WeChat Mini-Program is a large ecosystem of javascript applications that runs on the WeChat platform. Millions of Mini-Programs are accessed by WeChat users every week. Consequently, the performance and robustness of Mini-Programs are particularly important. Unfortunately, many Mini-Programs suffer from various defects and performance problems. Dynamic analysis is a useful technique to pinpoint application defects. However, due to the dynamic features of the javascript language and the complexity of the runtime environment, dynamic analysis techniques were rarely used to improve the quality of javascript applications running on industrial platforms such as WeChat Mini-Program previously. In this work, we report our experience of extending Jalangi, a dynamic analysis framework for javascript applications developed by academia, and applying the extended version, named WeJalangi, to diagnose defects in WeChat Mini-Programs. WeJalangi is compatible with existing dynamic analysis tools such as DLint, Smemory, and JITProf. We implemented a null pointer checker on WeJalangi and tested the tool's usability on 152 open-source Mini-Programs. We also conducted a case study in Tencent by applying WeJalangi on six popular commercial Mini-Programs. In the case study, WeJalangi accurately located six null pointer issues and three of them haven't been discovered previously. All of the reported defects have been confirmed by developers and testers.
Spectrum-Based Fault Localization (SBFL) is a well-understood statistical approach to software fault localization, and there have been numerous studies performed that tackle its effectiveness. However, mostly Java and...
详细信息
ISBN:
(纸本)9781728151434
Spectrum-Based Fault Localization (SBFL) is a well-understood statistical approach to software fault localization, and there have been numerous studies performed that tackle its effectiveness. However, mostly Java and C/C++ programs have been addressed to date. We performed an empirical study on SBFL for javascript programs using a recent bug benchmark, BugsJS. In particular, we examined (1) how well some of the most popular SBFL algorithms, Tarantula, Ochiai and DStar, can predict the faulty source code elements in these javascript programs, (2) whether there is a significant difference between the effectiveness of the different SBFL algorithms, and (3) whether there is any relationship between the bug-fix types and the performance of SBFL methods. For the latter, we performed a manual classification of each benchmark bug according to an existing classification scheme. Results show that the performance of the SBFL algorithms is similar but there are some notable differences among them as well, and that certain bug-fix types can be significantly differentiated from the others (in both positive and negative direction) based on the fault localization effectiveness of the investigated algorithms.
暂无评论