WALA Tutorial at PLDI 2014       

links

Julian Dolby photo

WALA Tutorial at PLDI 2014 - overview


Analyzing JavaScript and the Web with WALA

Tutorial at PLDI 2014

Abstract

JavaScript has become pervasive: it is the only language widely supported for writing sophisticated client-side Web applications; it is finding a home on servers running nodejs; and it increasingly dominates the mobile domain, as many mobile apps are little more than JavaScript with an API to access the mobile device. Hence, there is increasing interest in tooling for JavaScript development, both for providing the kind of environment that developers take for granted in Java, and also for assessing and improving the quality of developed JavaScript code. JavaScript program analysis is becoming increasingly important to enable such support. It also poses particular challenges, as the dynamic nature of JavaScript is exacerbated by rich frameworks that make heavy use of JavaScript's dynamic features to engage in metaprogramming.

We will present the JavaScript program analysis functionality available in the Thomas J. Watson Libraries for Analysis (WALA). We have been using WALA as a basis to explore a variety of approaches to analyze client-side Web code; we will discuss those results and focus primarily on describing the infrastructure in WALA that we have developed in the course of this work. We shall summarize the basic capabilities of WALA, and we will focus on the following aspects of support for JavaScript: the HTML front end that creates analyzable programs from Web pages, the WALA IR features that we use to represent JavaScript, support for code specialization and targeted analysis to cope with dynamic metaprogramming, and support currently available for analysis of mobile issues. We shall cover these topics at a detailed level and present our experiences using WALA in our own research.

Description

We will present the JavaScript program analysis functionality available in the T.J. Watson Libraries for Analysis (WALA). As JavaScript becomes more pervasive, both in sophisticated client-side Web applications and on the server, JavaScript program analysis becomes increasingly important. It also poses particular challenges, as the dynamic nature of JavaScript is exacerbated by rich frameworks that make heavy use of JavaScript's dynamic features to engage in metaprogramming.

We have been using WALA as a basis to explore a variety of approaches to analyze client-side Web code; we will discuss those results and focus primarily on describing the infrastructure in WALA that we have developed in the course of this work. Specifically, we will focus on the following aspects of WALA:

  • A brief overview of the general analysis utilities in WALA that can be used with the JavaScript front end, such as pointer analysis, call graph construction, and a framework for interprocedural dataflow analysis. (This functionality was covered in detail in a previous WALA tutorial.)
  • The HTML front end, which translates a Web page into a pure JavaScript program to analyze. We will present the front end options for how to model the DOM objects that comprise the representation of the Web page itself. We will also describe the support for recording very precise source mappings for JavaScript code so that aspects of the WALA internal representation can be mapped back to portions of the Web page and included files. We will also talk about how different HTML parsers can be integrated into WALA.
  • JavaScript-specific IR constructs. We will discuss ways in which the WALA IR has been adapted to address aspects of JavaScript. We will describe the representation of function calls in particular: how a direct implementation using traditional IR instruction types led to imprecisions that motivated us to craft higher-level IR that folds together multiple JavaScript expressions.
  • Targeted context sensitivity. We will present the general context-sensitivity support in WALA's pointer analysis framework, which allows analyses to tailor sensitivity to particular functions and objects. We will illustrate this and also WALA specialization support by examining how the correlation tracking analysis described in our ECOOP 2012 paper is implemented.
  • We will present our field-based call graph construction for JavaScript from ICSE 2013. One aspect of this technique is systematically ignoring some of the more dynamic features of JavaScript, allowing a trade-off of soundness and scalability. We present how this algorithm is integrated into the rest of WALA.
  • We will present Eclipse integration of WALA for JavaScript, and describe prototype security analyses we have written using it.

We will focus on these topics using our own research work as examples of how these pieces of infrastructure are used in practice.

Presenters

  • Julian Dolby has been a Research Staff Member at IBM's Thomas J. Watson Research Center since 2000. He recently co-organized the JSTools workshops at ECOOP 2012 and 2013. He works on a range of topics, including static program analysis, software testing, concurrent programming models and the semantic Web. His program analysis work has recently focused on scripting languages like JavaScript and on security analysis of Web applications; this work has been included in IBM products, most notably Rational AppScan, Standard Edition and Source Edition, and he is one of the primary authors of the publicly-available Watson Libraries for Analysis (WALA) program analysis infrastructure. He was educated at the University of Illinois at Urbana-Champaign as a graduate student where he worked with Professor Andrew Chien on programming systems for massively-parallel machines.
  • Manu Sridharan is a researcher at Samsung Research America in the area of programming languages and software engineering. He received my PhD from the University of California, Berkeley in 2007 and worked at IBM Research from 2008–2013. His dissertation focused on refinement-based program analysis tools. Since then, he has done research on a variety of topics in static analysis, dynamic analysis, and software engineering. His most recent work focuses on static and dynamic analysis of web applications.

Videos of Last Year's Tutorial at PLDI 13