A Trusted Infrastructure for Symbolic Analysis of Event-Driven Web Applications

Sampaio, Gabriela; Fragoso Santos, José; Maksimović, Petar; Gardner, Philippa

doi:10.4230/LIPIcs.ECOOP.2020.28

License:

Creative Commons Attribution 3.0 Unported license (CC-BY 3.0)
when quoting this document, please refer to the following
DOI: 10.4230/LIPIcs.ECOOP.2020.28
URN: urn:nbn:de:0030-drops-131853
URL: https://drops.dagstuhl.de/opus/volltexte/2020/13185/

Sampaio, Gabriela ; Fragoso Santos, José ; Maksimović, Petar ; Gardner, Philippa

A Trusted Infrastructure for Symbolic Analysis of Event-Driven Web Applications

pdf-format:

LIPIcs-ECOOP-2020-28.pdf (2 MB)

Abstract

We introduce a trusted infrastructure for the symbolic analysis of modern event-driven Web applications. This infrastructure consists of reference implementations of the DOM Core Level 1, DOM UI Events, JavaScript Promises and the JavaScript async/await APIs, all underpinned by a simple Core Event Semantics which is sufficiently expressive to describe the event models underlying these APIs. Our reference implementations are trustworthy in that three follow the appropriate standards line-by-line and all are thoroughly tested against the official test-suites, passing all the applicable tests. Using the Core Event Semantics and the reference implementations, we develop JaVerT.Click, a symbolic execution tool for JavaScript that, for the first time, supports reasoning about JavaScript programs that use multiple event-related APIs. We demonstrate the viability of JaVerT.Click by proving both the presence and absence of bugs in real-world JavaScript code.

BibTeX - Entry

@InProceedings{sampaio_et_al:LIPIcs:2020:13185,
  author =	{Gabriela Sampaio and Jos{\'e} Fragoso Santos and Petar Maksimović and Philippa Gardner},
  title =	{{A Trusted Infrastructure for Symbolic Analysis of Event-Driven Web Applications}},
  booktitle =	{34th European Conference on Object-Oriented Programming (ECOOP 2020)},
  pages =	{28:1--28:29},
  series =	{Leibniz International Proceedings in Informatics (LIPIcs)},
  ISBN =	{978-3-95977-154-2},
  ISSN =	{1868-8969},
  year =	{2020},
  volume =	{166},
  editor =	{Robert Hirschfeld and Tobias Pape},
  publisher =	{Schloss Dagstuhl--Leibniz-Zentrum f{\"u}r Informatik},
  address =	{Dagstuhl, Germany},
  URL =		{https://drops.dagstuhl.de/opus/volltexte/2020/13185},
  URN =		{urn:nbn:de:0030-drops-131853},
  doi =		{10.4230/LIPIcs.ECOOP.2020.28},
  annote =	{Keywords: Events, DOM, JavaScript, promises, symbolic execution, bug-finding}
}

06.11.2020

Keywords: Events, DOM, JavaScript, promises, symbolic execution, bug-finding

Seminar: 34th European Conference on Object-Oriented Programming (ECOOP 2020)

Issue date: 2020

Date of publication: 06.11.2020

Supplementary Material: ECOOP 2020 Artifact Evaluation approved artifact available at https://doi.org/10.4230/DARTS.6.2.5.

Keywords:		Events, DOM, JavaScript, promises, symbolic execution, bug-finding
Seminar:		34th European Conference on Object-Oriented Programming (ECOOP 2020)
Issue date:		2020
Date of publication:		06.11.2020
Supplementary Material:		ECOOP 2020 Artifact Evaluation approved artifact available at https://doi.org/10.4230/DARTS.6.2.5.