Configurable and Sound Static Analysis of JavaScript : Techniques and Applications
- Degree Grantor:
- University of California, Santa Barbara. Computer Science
- Degree Supervisor:
- Ben Hardekopf
- Place of Publication:
- [Santa Barbara, Calif.]
- Publisher:
- University of California, Santa Barbara
- Creation Date:
- 2015
- Issued Date:
- 2015
- Topics:
- Computer Science
- Keywords:
- JavaScript,
Security, and
Static Analysis - Genres:
- Online resources and Dissertations, Academic
- Dissertation:
- Ph.D.--University of California, Santa Barbara, 2015
- Description:
JavaScript is widespread. Web developers use JavaScript to enrich user experience via dynamic content ranging from scripts to enhance a web page's appearance, to full-blown web applications, to extending the functionality of web browsers in the form of browser addons. Desktop developers use JavaScript, e.g., for OS applications in Windows 8. JavaScript's growing prominence means that secure, correct, and fast JavaScript code is becoming ever more critical. Static analysis traditionally plays a large role in providing these characteristics: it can be used for security auditing, error-checking, debugging, optimization, and program refactoring, among other uses. Thus, a sound, precise static analysis platform for JavaScript can be of enormous advantage.
In this thesis, we present our work on creating a sound, precise, configurable and fast static analysis for JavaScript called JSAI that we have made openly available to the research community. JSAI is both a practical tool for JavaScript static analysis and also a research platform for experimenting with static analysis techniques. JSAI showcases a number of novel techniques to soundly compute a combination of type inference, pointer analysis, control-flow analysis, string analysis, and integer and boolean constant propagation for JavaScript programs. It also provides a unique method for modularly configuring analysis precision that is based on fundamental new insights into the theory of static analysis. We describe precision-increasing techniques for the analysis using type refinement; and performance-increasing techniques for the analysis based on parallelization of JSAI. As an example use-case for JSAI, we discuss a novel security analysis for JavaScript-based browser addon vetting.
- Physical Description:
- 1 online resource (207 pages)
- Format:
- Text
- Collection(s):
- UCSB electronic theses and dissertations
- Other Versions:
- http://gateway.proquest.com/openurl?url_ver=Z39.88-2004&rft_val_fmt=info:ofi/fmt:kev:mtx:dissertation&res_dat=xri:pqm&rft_dat=xri:pqdiss:3689941
- ARK:
- ark:/48907/f3ft8j7w
- ISBN:
- 9781321696332
- Catalog System Number:
- 990045119440203776
- Copyright:
- Vineeth Kashyap, 2014
- Rights:
- In Copyright
- Copyright Holder:
- Vineeth Kashyap
File | Description |
---|---|
Access: Public access | |
Kashyap_ucsb_0035D_12496.pdf | pdf (Portable Document Format) |