DXR JS Analysis: Difference between revisions
Jump to navigation
Jump to search
Mchanlatte (talk | contribs) No edit summary |
Mchanlatte (talk | contribs) |
||
| Line 2: | Line 2: | ||
* Must work with lastest version of ecmascript (6 as of this writing) | * Must work with lastest version of ecmascript (6 as of this writing) | ||
* | ** See caution below | ||
* Produce a call graph | * Produce a call graph | ||
== General note of caution about bleeding edge support of features == | |||
Because Ecmascript (and many other popular languages) do not offer executable semantics ([http://www.kframework.org/index.php/Main_Page See the K Framework for an example]), there is no way to ensure tools will remain compatiable with new language features. | |||
Any tool that is not built ontop of these semantics is likely wrong or eventually wrong when the spec changes. | |||
Given that there are no executable semantics provided for ecmascript and we require bleeding edge features for the FF code base, this '''will''' become an issue. | |||
== Bonus Features == | == Bonus Features == | ||
Revision as of 17:15, 24 June 2014
Requirements for DxR
- Must work with lastest version of ecmascript (6 as of this writing)
- See caution below
- Produce a call graph
General note of caution about bleeding edge support of features
Because Ecmascript (and many other popular languages) do not offer executable semantics (See the K Framework for an example), there is no way to ensure tools will remain compatiable with new language features.
Any tool that is not built ontop of these semantics is likely wrong or eventually wrong when the spec changes. Given that there are no executable semantics provided for ecmascript and we require bleeding edge features for the FF code base, this will become an issue.
Bonus Features
- Type Inference
Existing work:
See: <https://wiki.mozilla.org/Security/B2G/JavaScript_code_analysis>
Algorithms and Techniques
k-CFA
Anderson's Points-To Analysis
Use Analysis
CFA2
Inlining Eval
Removing the with Statement
Ways to get the AST
| Framework | ES6+ | Interface | Function References (Call Graph or Something) | Type Inference | Other Notes |
|---|---|---|---|---|---|
| JSWebTools | No | ||||
| Esprima | Partial | JS | |||
| Ternjs | No | JS or http+json | |||
| Doctorjs | No | JS | |||
| Safe | No | Java | |||
| JSAI | Coffee Script (from paper) | couldn't find code |
| Name | Interface | Compatible with Mozilla Parser API | Other Pros | Other Cons |
|---|---|---|---|---|
| Spidermonkey Reflect.parse | JS | Yes (by construction) | Full ES6 support | |
| Acorn.js | JS | yes | ||
| Sweet.js | JS | yes | support for macros | might be hard for the analysis |
| Esprima | JS | yes | Partial ES6 support |