Skip to content
/ jsaver Public

JSAVER: JavaScript Static Analyzer via ECMAScript Representation

License

View license
4 stars 1 fork Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

kaist-plrg/jsaver

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

35 Commits
ecma262 @ 41ddcc2
ecma262 @ 41ddcc2
 
 
eval
eval
 
 
project
project
 
 
src
src
 
 
tests
tests
 
 
.gitignore
.gitignore
 
 
.gitmodules
.gitmodules
 
 
.jvmopts
.jvmopts
 
 
INSTALL.md
INSTALL.md
 
 
LICENSE.md
LICENSE.md
 
 
README.md
README.md
 
 
REQUIREMENTS.md
REQUIREMENTS.md
 
 
STATUS.md
STATUS.md
 
 
artifact-abstract.pdf
artifact-abstract.pdf
 
 
build.sbt
build.sbt
 
 
fse22-jsaver-report.pdf
fse22-jsaver-report.pdf
 
 
fse22-jsaver.pdf
fse22-jsaver.pdf
 
 
java-opts
java-opts
 
 
jsaver-auto-completion
jsaver-auto-completion
 
 

Repository files navigation

JSAVER: JavaScript Static Analyzer via ECMAScript Representation

DOI Docker Image Version (latest by date)

JSAVER is a JavaScript Static Analyzer via ECMAScript Representation. It is the first tool that automatically derives JavaScript static analyzers from language specifications using an interpreter-based approach called meta-level static analysis instead of traditional a compiler-based approach.

This artifact extends JISET, a JavaScript IR-based Semantics Extraction Toolchain, to extract JavaScript definitional interpreters from diverse versions of ECMA-262, the standard specification of ECMAScript (the official name of JavaScript) written in English. The extracted definitional interpreter is written in IRES, an Intermediate Representations for ECMAScript Specifications.

Getting Started Guide

The source code of JSAVER and the dataset of our study are publicly available at https://doi.org/10.5281/zenodo.6785678, and the latest version is maintained as a GitHub repository:

$ git clone --recurse-submodules https://github.com/kaist-plrg/jsaver.git

Please see INSTALL.md for the detailed guide on installation and how to use this artifact. We also provide a docker image as follows:

$ docker run -it -m=16g --rm jhnaldo/fse22-jsaver

Overall Structure

image

JSAVER consists of two phases: 1) definitional interpreter extraction and 2) meta-level static analysis.

Definitional Interpreter Extraction

We utilize another tool JISET, a JavaScript IR-based Semantics Extraction Toolchain, to extract JavaScript definitional interpreters from given ECMA-262. In this artifact, we extracted the definitional interpreter from ES2021 (ES12), the latest version of ECMA-262, and manually filled out essential steps of its not-yet-compiled parts. It consists of two different main parts for semantics and syntax of JavaScript. For semantics, it compiles abstract algorithms in ECMA-262 to corresponding IRES Functions. For syntax, it generates a JavaScript Parser in Scala.

Meta-level Static Analysis

JSAVER performs a meta-level static analysis with JavaScript as its defined-language and IRES as its defining-language. Thus, it indirectly analyzes a JavaScript program by analyzing IRES functions with the AST of the program as an argument. Using the generated parser, it first parses a given JavaScript program to produce an Abstract Syntax Tree (AST). Then, Analysis Initializer constructs an initial Abstract State with the extracted IRES functions and the produced AST. Finally, JSAVER computes the fixpoint of the Abstract Transfer Function with the initial abstract state.

It utilizes a Worklist algorithm to update the abstract state per Control Point, a pair of the following two components:

About

JSAVER: JavaScript Static Analyzer via ECMAScript Representation

Resources

Readme

License

View license
Activity
Custom properties

Stars

4 stars

Watchers

6 watching

Forks

1 fork
Report repository

Releases 7

Minor updates Latest
Jul 26, 2022
+ 6 releases

Packages

No packages published

Languages