A Trusted Infrastructure for Symbolic Analysis of Event-Driven Web Applications

European Conference on Object-Oriented Programming Pub Date : 2020-06-10 DOI:10.4230/LIPICS.ECOOP.2020.28

Gabriela Sampaio, J. Santos, P. Maksimovic, Philippa Gardner

{"title":"A Trusted Infrastructure for Symbolic Analysis of Event-Driven Web Applications","authors":"Gabriela Sampaio, J. Santos, P. Maksimovic, Philippa Gardner","doi":"10.4230/LIPICS.ECOOP.2020.28","DOIUrl":null,"url":null,"abstract":"We introduce a trusted infrastructure for the symbolic analysis of modern event-driven Web applications. This infrastructure consists of reference implementations of the DOM Core Level 1, DOM UI Events, JavaScript Promises and the JavaScript async/await APIs, all underpinned by a simple Core Event Semantics which is sufficiently expressive to describe the event models underlying these APIs. Our reference implementations are trustworthy in that three follow the appropriate standards line-by-line and all are thoroughly tested against the official test-suites, passing all the applicable tests. Using the Core Event Semantics and the reference implementations, we develop JaVerT.Click, a symbolic execution tool for JavaScript that, for the first time, supports reasoning about JavaScript programs that use multiple event-related APIs. We demonstrate the viability of JaVerT.Click by proving both the presence and absence of bugs in real-world JavaScript code. 2012 ACM Subject Classification Software and its engineering → Formal software verification; Software and its engineering → Software testing and debugging","PeriodicalId":172012,"journal":{"name":"European Conference on Object-Oriented Programming","volume":"1 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2020-06-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"3","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"European Conference on Object-Oriented Programming","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.4230/LIPICS.ECOOP.2020.28","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 3

Abstract

We introduce a trusted infrastructure for the symbolic analysis of modern event-driven Web applications. This infrastructure consists of reference implementations of the DOM Core Level 1, DOM UI Events, JavaScript Promises and the JavaScript async/await APIs, all underpinned by a simple Core Event Semantics which is sufficiently expressive to describe the event models underlying these APIs. Our reference implementations are trustworthy in that three follow the appropriate standards line-by-line and all are thoroughly tested against the official test-suites, passing all the applicable tests. Using the Core Event Semantics and the reference implementations, we develop JaVerT.Click, a symbolic execution tool for JavaScript that, for the first time, supports reasoning about JavaScript programs that use multiple event-related APIs. We demonstrate the viability of JaVerT.Click by proving both the presence and absence of bugs in real-world JavaScript code. 2012 ACM Subject Classification Software and its engineering → Formal software verification; Software and its engineering → Software testing and debugging

查看原文本刊更多论文

事件驱动Web应用程序符号分析的可信基础结构

我们为现代事件驱动的Web应用程序的符号分析引入了一个可信的基础设施。该基础架构包括DOM核心Level 1、DOM UI Events、JavaScript Promises和JavaScript async/await api的参考实现，所有这些都由一个简单的核心事件语义支撑，该语义足以描述这些api底层的事件模型。我们的参考实现是值得信赖的，因为其中三个参考实现逐行遵循适当的标准，并且都针对官方测试套件进行了彻底的测试，通过了所有适用的测试。使用核心事件语义和参考实现，我们开发了JaVerT。Click是JavaScript的符号执行工具，它首次支持对使用多个事件相关api的JavaScript程序进行推理。我们证明了JaVerT的可行性。点击验证真实JavaScript代码中是否存在bug。2012 ACM学科分类软件及其工程→正式软件验证;软件及其工程→软件测试与调试

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

European Conference on Object-Oriented Programming

自引率

0.00%

发文量