Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

idea: static analysis for unexpected throws #40

Open
dckc opened this issue Jun 23, 2022 · 3 comments
Open

idea: static analysis for unexpected throws #40

dckc opened this issue Jun 23, 2022 · 3 comments

Comments

@dckc
Copy link

dckc commented Jun 23, 2022

In a Jan 17 comment, @jhnaldo writes:

We are currently developing JSAVER, a JavaScript static analyzer, based on the JavaScript syntax and semantics extracted from ECMAScript specification via JISET. While the current version of JSAVER is a prototype implementation, we checked that it can successfully analyze all applicable JavaScript programs in Test262: ECMAScript Test Suite (ECMA TR/104).

On the other hand, our team also has developed SAFE, a JavaScript static analyzer for ECMAScript 5.1, with abstract semantics designed by hand in several years.

I cannot find JSAVER. Is it shared publicly yet? So this SAFE tool seems to be the closest thing with an open issues list...

I have an idea for a static analysis tool to check for unexpected throws. Expected throws would be denoted as assert(cond) or assert.typeof(x, 'string') or assert.equal(a, b) or the like. If any code path could lead to a throw other than an explicit assert, the tool should report that as a problem. I expect this would be extremely valuable in establishing that input validation has been done thoroughly. For example, in issues such as:

I would appreciate any thoughts you would like to share on how to go about making such a tool.

Feel free to write to me at [email protected] if you prefer that over a github issue such as this.

cc @erights
@jhnaldo
Copy link
Collaborator

jhnaldo commented Jun 24, 2022

Hi @dckc, the tool JSAVER has been a private project because of the double-blinded conference review process. Recently, we accepted the paper and opened it to the public in the following repository:

Please look at this repository if you are interested in JavaScript static analysis with evolving language specifications.

For the exception analysis you mentioned, I believe it is possible to detect such unexpected throws using SAFE or JSAVER. However, I have two concerns about it.

First, it might require manual modeling of opaque code. Many existing real-world JavaScript programs require host-dependent functions, such as DOM APIs or Node.js APIs. Since they are opaque code, we should manually define their modeling to analyze such JavaScript programs.

Second, JavaScript static analysis has lower analysis precision than other languages because of the highly-dynamic nature of JavaScript. As a result, it might cause false alarms of unexpected throws. Nevertheless, I believe that we could alleviate it via optimization with reasonable assumptions.

@dckc
Copy link
Author

dckc commented Jun 24, 2022

Excellent! Thank you!

This limitation is not a problem for us:

Many existing real-world JavaScript programs require host-dependent functions, such as DOM APIs or Node.js APIs.

Our system excludes such host-dependent functions: https://agoric.com/documentation/guides/js-programming/hardened-js.html#hardening-javascript-limiting-globals-with-compartments

@dckc dckc mentioned this issue Jun 25, 2022
Open
@turadg
Copy link

turadg commented Jun 1, 2023

JavaScript static analysis has lower analysis precision than other languages because of the highly-dynamic nature of JavaScript

TypeScript could help with that.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@turadg @dckc @jhnaldo