• Pushing the Boundaries of Java...

Treffer: Pushing the Boundaries of JavaScript Static Analysis

Title:
Pushing the Boundaries of JavaScript Static Analysis
Authors:
Sridharan, Manu, Chakraborty, Madhurima
Publisher Information:
eScholarship, University of California 2025-05-27
Document Type:
E-Ressource Electronic Resource
Index Terms:
Computer science, Computer engineering, Engineering, publication
URL:
https://escholarship.org/uc/item/73c2j2mk
https://escholarship.org/content/qt73c2j2mk/qt73c2j2mk.pdf
Availability:
Open access content. Open access content
CC-BY
Note:
application/pdf
Other Numbers:
CDLER oai:escholarship.org:ark:/13030/qt73c2j2mk
qt73c2j2mk
1533732290
Contributing Source:
UC MASS DIGITIZATION
From OAIster®, provided by the OCLC Cooperative.
Accession Number:
edsoai.on1533732290
Database:
OAIster

Weitere Informationen

Static analysis of JavaScript remains a notoriously difficult problem due to the language’s highly dynamic and reflective nature. Features such as dynamic property accesses, higher-order functions, prototype-based inheritance, and event-driven control flow introduce fundamental obstacles to sound and scalable analysis. A central challenge is the construction of precise call graphs, which serve as a critical prerequisite for most interprocedural analyses. Imprecise call graphs often result in high false-positive rates, undermining the effectiveness of downstream analyses and increasing the manual burden on developers. This thesis addresses core limitations in JavaScript static analysis. The first work presents an empirical study of call graph unsoundness in real-world JavaScript applications. We systematically identify and categorize the root causes of missing call graph edges in state-of-the-art call graph construction techniques, such as dynamic property accesses, higher-order functions, and indirect call patterns. This analysis reveals fundamental weaknesses in existing techniques and provides actionable insights for improving call graph recall. The second work introduces an indirection-bounded call graph construction technique. Motivated by the observation that real-world JavaScript code typically exhibits shallow levels of indirection in data flows, the technique bounds the depth of object and function dereferencing to reduce analysis overhead. This approach achieves up to a 2X speedup on large Node.js applications while maintaining nearly identical precision and incurring a modest reduction in recall, making whole-program analysis more tractable at scale. The final work focuses on statically detecting promise misuses, a class of bugs that arise from JavaScript’s asynchronous programming model through PromisePatrol–an abstract interpretation framework that models promise creation, state transitions, and handler attachment interprocedurally. The analysis identifi