DXR JS Analysis: Difference between revisions

From MozillaWiki
Jump to navigation Jump to search
No edit summary
Line 22: Line 22:


=== k-CFA ===
=== k-CFA ===
Family of flow analysises that approximate the program as a DFA via a structure called the call graph.


=== Anderson's Points-To Analysis ===
=== Anderson's Points-To Analysis ===

Revision as of 18:37, 24 June 2014

Requirements for DxR

  • Must work with lastest version of ecmascript (6 as of this writing)
    • See caution below
  • Produce a call graph

General note of caution about bleeding edge support of features

Because Ecmascript (and many other popular languages) do not offer executable semantics (See the K Framework for an example), there is no way to ensure tools will remain compatiable with new language features.

Any tool that is not built ontop of these semantics is likely wrong or eventually wrong when the spec changes. Given that there are no executable semantics provided for ecmascript and we require bleeding edge features for the FF code base, this will become an issue.

Bonus Features

  • Type Inference

Existing work:

See: <https://wiki.mozilla.org/Security/B2G/JavaScript_code_analysis>

Algorithms and Techniques

k-CFA

Family of flow analysises that approximate the program as a DFA via a structure called the call graph.

Anderson's Points-To Analysis

Use Analysis

CFA2

Inlining Eval

Removing the with Statement

Framework ES6 Interface Function References Type Inference Other Notes
JS WebTools No
Acorn NO JS
Esprima Partial JS Partial ES6 Support
Ternjs No JS or http+json
Doctorjs No JS
Safe No Java
JSAI No Coffee Script (stated in paper) Couldn't locate code



Ways to get the AST

Name InterFace Compatiable with Mozilla Parser API Other Pros Other Cons
Spidermonkey Reflect.parse JS Yes Full ES6 Suport
Acorn JS yes
Sweet.js JS Yes Partial ES6 Support
Retrieved from "https://wiki.mozilla.org/index.php?title=DXR_JS_Analysis&oldid=992021"