Static Analysis of JavaScript Web Applications in the Wild via Practical DOM Modeling (T)

We present SAFE Wapp , an open-source static analysis framework for JavaScript web applications. It provides a faithful (partial) model of web application execution environments of various browsers, based on empirical data from the main web pages of the 9,465 most popular websites. A main feature of...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Veröffentlicht in:2015 30th IEEE/ACM International Conference on Automated Software Engineering (ASE) S. 552 - 562
Hauptverfasser: Changhee Park, Sooncheol Won, Joonho Jin, Sukyoung Ryu
Format: Tagungsbericht
Sprache:Englisch
Veröffentlicht: IEEE 01.11.2015
Schlagworte:
Analytical models
Browsers
Encyclopedias
HTML
Internet
Web pages
Online-Zugang:Volltext
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:We present SAFE Wapp , an open-source static analysis framework for JavaScript web applications. It provides a faithful (partial) model of web application execution environments of various browsers, based on empirical data from the main web pages of the 9,465 most popular websites. A main feature of SAFE Wapp is the configurability of DOM tree abstraction levels to allow users to adjust a trade-off between analysis performance and precision depending on their applications. We evaluate SAFEWapp on the 5 most popular JavaScript libraries and the main web pages of the 10 most popular websites in terms of analysis performance, precision, and modeling coverage. Additionally, as an application of SAFE Wapp , we build a bug detector for JavaScript web applications that uses static analysis results from SAFE Wapp . Our bug detector found previously undiscovered bugs including ones from wikipedia.org and amazon.com.
DOI:10.1109/ASE.2015.27