计算机科学

计算机科学 ›› 2017, Vol. 44 ›› Issue (4): 223-228.doi: 10.11896/j.issn.1002-137X.2017.04.048

• 软件与数据库技术 • 上一篇    下一篇

基于静态分析的JavaScript类型失配缺陷查找

魏苗,吴毅坚,沈立炜,彭鑫,赵文耘   

  1. 复旦大学软件学院 上海201203 上海市数据科学重点实验室复旦大学 上海201203,复旦大学软件学院 上海201203 上海市数据科学重点实验室复旦大学 上海201203,复旦大学软件学院 上海201203 上海市数据科学重点实验室复旦大学 上海201203,复旦大学软件学院 上海201203 上海市数据科学重点实验室复旦大学 上海201203,复旦大学软件学院 上海201203 上海市数据科学重点实验室复旦大学 上海201203
  • 出版日期:2018-11-13 发布日期:2018-11-13

Finding Type Mismatch Defects of JavaScript Based on Static Analysis

WEI Miao, WU Yi-jian, SHEN Li-wei, PENG Xin and ZHAO Wen-yun   

  • Online:2018-11-13 Published:2018-11-13

PDF (PC)

1399

摘要: 由于JavaScript自身的语言特性,JavaScript程序中可能存在与运行时变量类型不匹配的缺陷,这类缺陷往往难以被察觉,只有在运行时报错后才能发现故障,而人工检查代码时需要开发者花费大量的时间通过调试的方法来定位查找代码缺陷。提出了一种静态分析JavaScript的方法来检查可能的运行时类型不匹配缺陷。该方法首先基于HTML和JSP页面对于JavaScript文件的引用将整个项目中的JavaScript文件进行分组;接着以分组为单位对JavaScript文件进行分析和变量类型推断,再检查每个分组中是否存在多类型属性;然后对这种多类型属性的使用进行检查;最后对检查结果进行报告,并给出修复建议。实现了一个用于自动检测JavaScript中多类型属性缺陷的工具,并通过在真实JavaScript项目中的实验证明了该方法的可行性,与已有的JavaScript分析方法相比,该方法的效果更优,提升了有关缺陷查找的效率与有效性。

关键词: 静态分析,JavaScript,缺陷查找

Abstract: Because of the nature of the JavaScript language and the increase of amount of JavaScript code with the evolving software,a JavaScript program may have a lot of defects which are related to the runtime variable type.This kind of defect is often difficult to detect,only when runtime errors can find fault.It takes programmers a lot of time to locate and search the code bug by debugging manually.The proposed JavaScript defect inspection method is mainly used to check the possible runtime type unmatched defects.First of all,the JavaScript file was grouped in the project based on HTML,JSP page reference for JavaScript files.Secondly,JavaScript files were analyzed in groups and the variable type was inferred.Then we checked whether there is a multi-type attribute in the group,afterwards the use of the multi-type attribute was checked.Finally,the checking results was reported and the repair advice was gave.A tool for automatic detection of multi-type attribute defect in JavaScript was implemented,through the experiment in the real JavaScript projects,the feasibility of this method was illustrated and the existing JavaScript analysis method was compared to illustrate the effectiveness of this method,improving the JavaScript’s defect finding efficiency and effectiveness.

Key words: Static analysis,JavaScript,Defect finding

[1] stackoverflow .http://stackoverflow.com.
[2] esprima.http://esprima.org.
[3] escope.https://github.com/estools/escope.
[4] FELDTHAUS A,MLLER A.Semi-automatic rename refac-toring for JavaScript[J].AcmSigplan Notices,2013,48(10):323-338.
[5] LI S S,CHENG B Q,LI X F,et al.JavaScript Typing System with Prediction[J].Journal of Computer Research and Development,2012,49(2):421-431.(in Chinese) 李世胜,程歩奇,李晓峰,等.基于预测的JavaScript类型系统研究[J].计算机研究与发展,2012,49(2):421-431.
[6] DAMAS L,MILNER R.Principal type-schemes for functional programs[C]∥Proceedings of the 9th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages.ACM,1982:207-212.
[7] GUARNIERI S,LIVSHITS B.GATEKEEPER:Mostly StaticEnforcement of Security and Reliability Policies for JavaScript Code[J].Washington Sammyg,2009,7(4):151-168.
[8] MADSEN M,LIVSHITS B,FANNING M.Practical Static A-nalysis of JavaScript Applications in the Presence of Frameworks and Libraries[C]∥Proceedings of the 2013 9th Joint Meeting on Foundations of Software Engineering.ACM,2012:499-509.
[9] WEI S,RYDER B G.Practical blended taint analysis for JavaScript[C]∥Proceedings of the 2013 International Symposium on Software Testing and Analysis.ACM,2013:336-346.
[10] JENSEN S H,MLLER A,T HIEMANN P.Type Analysis for JavaScript[M]∥Static Analysis.Springer Berlin Heidelberg,2009:238-255.
[11] VARDOULAKIS D.CFA2:Pushdown Flow Analysis for Hi-gher-Order Languages[D].Boston:Northeastern University,2012
[12] OCARIZA F,BAJAJ K,P ATTABIRAMAN K,et al.An Empirical Study of Client-Side JavaScript Bugs[C]∥2013 ACM/IEEE International Symposium on Empirical Software Enginee-ring and Measurement.IEEE Computer Society,2013:55-64.
[13] OCARIZA F S,PATTABIRMAN K,MESBAH A.Vejovis:Suggesting Fixes for JavaScript Faults[C]∥International Conference on Software Engineering.2014:837-847.
[14] OCARIZA F S,PATTABIRMAN K,MESBAH A.DetectingInconsistencies in JavaScript MVC Applications[C]∥2015 IEEE/ACM 37th IEEE International Conference on Software Engineering (ICSE).IEEE,2015:325-335.
[15] FELDTHAUS A,SCH &#,FER M,et al.Efficient construction of approximate call graphs for JavaScript IDE services[C]∥International Conference on Software Engineering.IEEE Press,2013:752-761.
[16] collegesvis.https://github.com/nerdyworm/collegesvis.
[17] p4wn.https://github.com/douglasbagnall/p4wn.
[18] wander-mesh.https://github.com/notlion/wander-mesh.
[19] flow.http://flowtype.org.
No related articles found!
Viewed
Full text


Abstract

Cited
  Shared   
  Discussed   
No Suggested Reading articles found!
渝ICP备16013121号-4
地址:重庆市渝北区洪湖西路18号    邮编:401121  
电话:023-63500828(编辑部) 023-67039612(会议/专题) 023-67039623(财务/发票)
E-mail:jsjkx12@163.com
本系统由北京玛格泰克科技发展有限公司设计开发