Towards a Program Logic for JavaScript

Towards a Program Logic for JavaScript

Cached

Download Links

by Sergio Maffeis , Gareth Smith

Citations:

BibTeX

@MISC{Maffeis_towardsa,
    author = {Sergio Maffeis and Gareth Smith},
    title = {Towards a Program Logic for JavaScript},
    year = {}
}

Bookmark

OpenURL

Abstract

JavaScript has become the most widely used language for clientside web programming. The dynamic nature of JavaScript makes understanding its code notoriously difficult, leading to buggy programs and a lack of adequate static-analysis tools. We believe that logical reasoning has much to offer JavaScript: a simple description of program behaviour, a clear understanding of module boundaries, and the ability to verify security contracts. We introduce a program logic for reasoning about a broad subset of JavaScript, including challenging features such as prototype inheritance and with. We adapt ideas from separation logic to provide tractable reasoning about JavaScript code: reasoning about easy programs is easy; reasoning about hard programs is possible. We prove a strong soundness result. All libraries written in our subset and proved correct with respect to their specifications will be well-behaved, even when called by arbitrary JavaScript code.

Citations

237	Local reasoning about programs that alter data structures - O’Hearn, Reynolds, et al. - 2001
122	Resources, concurrency and local reasoning - O’Hearn - 2007
83	Smallfoot: Modular automatic assertion checking with separation logic - Berdine, Calcagno, et al. - 2005
64	jStar: towards practical verification for Java - Distefano, J - 2008
62	Local reasoning for Java - Parkinson - 2005
61	Scalable shape analysis for systems code - Yang, Lee, et al.
57	MJ: An imperative core calculus for Java and Java with effects - Bierman, Parkinson, et al. - 2003
49	A marriage of rely/guarantee and Separation Logic - Vafeiadis, Parkinson
48	Separation logic, abstraction and inheritance - Parkinson, Bierman - 2008
45	Towards type inference for JavaScript - Anderson, Giannini, et al. - 2005
42	Javascript instrumentation for browser security - YU, CHANDER, et al.
33	Towards a type system for analyzing JavaScript programs - Thiemann - 2005
23	V.: Concurrent abstract predicates - Dinsdale-Young, Dodds, et al.
22	Relational parametricity and separation logic - Birkedal, Yang
22	An operational semantics for JavaScript - Maffeis, Mitchell, et al. - 2008
21	The impact of higher-order state and control effects on local relational reasoning (Technical appendix - Dreyer, Neis, et al. - 2012
19	Denyguarantee reasoning - Dodds, Feng, et al. - 2009
16	Nested Hoare triples and frame rules for higher-order store - Schwinghammer, Birkedal, et al. - 2009
15	Language-based isolation of untrusted javascript - Maffeis, Taly - 2009
14	An Analysis of the Dynamic Behavior of JavaScript Programs - Richards, Lebresne, et al. - 2010
12	The essence of Javascript, in - Guha, Saftoiu, et al. - 2010
9	Object capabilities and isolation of untrusted Web applications - Maffeis, Mitchell, et al. - 2010
8	Isolating JavaScript with filters, rewriting, and wrappers - Maffeis, Mitchell, et al. - 2009
8	A type safe DOM API - Thiemann - 2005
7	Status report: specifying javascript with ml - Herman, Flanagan - 2007
7	ECMAScript language specification. Stardard ECMA-262, 3rd Edition - International - 1999
7	Automated analysis of security-critical javascript APIs - Taly, Erlingsson, et al. - 2011
6	The Eval that Men Do: A Large-scale Study of the Use of Eval - Richards, Hammer, et al. - 2012
4	SLAyer: Memory Safety for Systems-level Code - Berdine, Cook, et al. - 2011
3	Concurrent separation logic and operational semantics - Vafeiadis - 2011
1	An empirical study on the rewritability of the with statement in javascript - Park, Lee, et al.
1	Local reasoning about web programs - Smith - 2011