14
edits
DXR JS Analysis: Difference between revisions
→Existing work:
No edit summary |
Mchanlatte (talk | contribs) |
||
| (13 intermediate revisions by the same user not shown) | |||
| Line 1: | Line 1: | ||
= Requirements for DxR = | |||
* | |||
* https:// | * Must work with lastest version of ecmascript (6 as of this writing) | ||
** See caution below | |||
* Produce a call graph | |||
== General note of caution about bleeding edge support of features == | |||
Because Ecmascript (and many other popular languages) do not offer executable semantics ([http://www.kframework.org/index.php/Main_Page See the K Framework for an example]), there is no way to ensure tools will remain compatiable with new language features. | |||
Any tool that is not built ontop of these semantics is likely wrong or eventually wrong when the spec changes. | |||
Given that there are no executable semantics provided for ecmascript and we require bleeding edge features for the FF code base, this '''will''' become an issue. | |||
== Bonus Features == | |||
* Type Inference | |||
= Existing work: = | |||
See: <https://wiki.mozilla.org/Security/B2G/JavaScript_code_analysis> | |||
{| class="wikitable" | |||
|- | |||
! Framework !! ES6 !! Interface !! Function References !! Type Inference !! Other Notes | |||
|- | |||
| JS WebTools || No || || || || | |||
|- | |||
| Esprima || Partial || JS || || || Partial ES6 Support | |||
|- | |||
| Ternjs || No || JS or http+json || || || | |||
|- | |||
| Doctorjs || No || JS || || || | |||
|- | |||
| Safe || No || Java || || || | |||
|- | |||
| JSAI || No || Coffee Script (stated in paper) || || ||Couldn't locate code | |||
|- | |||
| TAJS || No || || || || | |||
|} | |||
== Algorithms and Techniques == | |||
=== k-CFA === | |||
Family of flow analyses that approximate the program as a DFA via a structure called the call graph. | |||
=== Anderson's Points-To Analysis === | |||
=== Use Analysis === | |||
=== CFA2 === | |||
Approximate the program as a PDA allowing seperate call sites to be distiguished (avoiding call/return mismatch). Implemented in Doctorjs | |||
=== Inlining Eval === | |||
=== Dealing with "with" === | |||
= Ways to get the AST = | |||
{| class="wikitable" | |||
|- | |||
! Name !! InterFace !! Compatiable with Mozilla Parser API !! Other Pros !! Other Cons | |||
|- | |||
| Spidermonkey Reflect.parse || JS || Yes || Full ES6 Suport || | |||
|- | |||
| Acorn || JS || yes || || | |||
|- | |||
| Sweet.js || JS || Yes || Partial ES6 Support || | |||
|} | |||