{"title":"Static Analysis of JavaScript Web Applications in the Wild via Practical DOM Modeling (T)","authors":"Changhee Park, S. Won, Joonho Jin, Sukyoung Ryu","doi":"10.1109/ASE.2015.27","DOIUrl":null,"url":null,"abstract":"We present SAFEWapp, an open-source static analysis framework for JavaScript web applications. It provides a faithful (partial) model of web application execution environments of various browsers, based on empirical data from the main web pages of the 9,465 most popular websites. A main feature of SAFEWapp is the configurability of DOM tree abstraction levels to allow users to adjust a trade-off between analysis performance and precision depending on their applications. We evaluate SAFEWapp on the 5 most popular JavaScript libraries and the main web pages of the 10 most popular websites in terms of analysis performance, precision, and modeling coverage. Additionally, as an application of SAFEWapp, we build a bug detector for JavaScript web applications that uses static analysis results from SAFEWapp. Our bug detector found previously undiscovered bugs including ones from wikipedia.org and amazon.com.","PeriodicalId":6586,"journal":{"name":"2015 30th IEEE/ACM International Conference on Automated Software Engineering (ASE)","volume":"9 1","pages":"552-562"},"PeriodicalIF":0.0000,"publicationDate":"2015-11-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"25","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2015 30th IEEE/ACM International Conference on Automated Software Engineering (ASE)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ASE.2015.27","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 25
Abstract
We present SAFEWapp, an open-source static analysis framework for JavaScript web applications. It provides a faithful (partial) model of web application execution environments of various browsers, based on empirical data from the main web pages of the 9,465 most popular websites. A main feature of SAFEWapp is the configurability of DOM tree abstraction levels to allow users to adjust a trade-off between analysis performance and precision depending on their applications. We evaluate SAFEWapp on the 5 most popular JavaScript libraries and the main web pages of the 10 most popular websites in terms of analysis performance, precision, and modeling coverage. Additionally, as an application of SAFEWapp, we build a bug detector for JavaScript web applications that uses static analysis results from SAFEWapp. Our bug detector found previously undiscovered bugs including ones from wikipedia.org and amazon.com.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
