IDE support?

Claus Reinke claus.reinke at talk21.com
Tue Sep 13 01:16:28 PDT 2011 

>> There are some half dozen or more papers on Javascript type inference
>> or static analysis (hmm, is there a central wiki or bibliography where
>> we could record and collect such JS-related references? should I post
>> here what I've found so far?).
>
> For as far as you haven't already, I'd love to see more of them.

Ok, here are some I've found so far (more than I remembered:-).
I've tried to add urls, but haven't checked those:

    TAJS: Type Analyzer for JavaScript
    http://www.brics.dk/TAJS/

        Modeling the HTML DOM and Browser API
        in Static Analysis of JavaScript Web Applications
        Jensen, Madsen, Møller, 2011
        http://cs.au.dk/~amoeller/papers/dom/

        Interprocedural Analysis with Lazy Propagation
        Jensen, Møller, Thiemann, 2010
        http://users-cs.au.dk/amoeller/papers/lazy/

        Type Analysis for JavaScript
        Jensen, Møller, Thiemann, 2009
        http://users-cs.au.dk/amoeller/papers/tajs/

    Recency Types for Analyzing Scripting Languages
    Heidegger, Thiemann, 2010
    https://proglang.informatik.uni-freiburg.de/JavaScript/recency.pdf

    Towards a Type System for Analyzing JavaScript Programs
    Thiemann, 2005
    https://mailserver.di.unipi.it/ricerca/proceedings/ETAPS05/papers/3444/34440408.pdf

    Type Inference for JavaScript
    Anderson, 2006
    http://pubs.doc.ic.ac.uk/chrisandersonphd/

    Towards Type Inference for JavaScript
    Anderson, Giannini, Drossopoulou, 2005
    http://pubs.doc.ic.ac.uk/typeinferenceforjavascript-ecoop/

    Staged Information Flow for JavaScript
    Chugh, Meister, Jhala, Lerner, 2009
    http://goto.ucsd.edu/~rjhala/papers/staged_information_flow_for_javascript.html

    An Empirical Study of Privacy-Violating Information Flows
    in JavaScript Web Applications
    Jang, Jhala, Lerner, Shacham, 2010
    http://goto.ucsd.edu/~rjhala/papers/an_empirical_study_of_privacy_violating_flows_in_javascript_web_applications.html

    CFA2: a Context-Free Approach to Control-Flow Analysis
    Vardoulakis, Shivers, 2010 (used in DoctorJS)
    http://www.ccs.neu.edu/home/dimvar/papers/cfa2-NU-CCIS-10-01.pdf

    Gulfstream: Incremental Static Analysis for
    Streaming JavaScript Applications
    Livshits, Guarnieri, 2010
    http://research.microsoft.com/pubs/118310/paper.pdf

    GATEKEEPER: Mostly Static Enforcement of Security and
    Reliability Policies for JavaScript Code
    Guarnieri, Livshits, 2009
    http://research.microsoft.com/en-us/um/people/livshits/papers/pdf/usenixsec09a.pdf

    JSTrace: Run-time Type Discovery for JavaScript
    Saftoiu, 2010
    http://www.cs.brown.edu/research/pubs/theses/ugrad/2010/saftoiu.pdf

    Polymorphic Type Inference for Scripting
    Languages with Object Extensions
    Zhao, 2011
    http://jiangxi.cs.uwm.edu/publication/dls2011.pdf

    RATA: Rapid Atomic Type Analysis by Abstract Interpretation.
    Application to JavaScript optimization.
    Logozzo, Venter,
    http://research.microsoft.com/pubs/115734/aitypes.pdf

    An Analytic Framework for JavaScript
    van Horn, Might, 2011
    http://www.ccs.neu.edu/home/dvanhorn/pubs/vanhorn-might-preprint11.pdf

    Points-to Analysis for JavaScript
    Dongseok Jang, Kwang-Moo Choe, 2009
    http://cseweb.ucsd.edu/~d1jang/papers/sac09.pdf

    Language-Based Isolation of Untrusted JavaScript
    Sergio Maffeis, Mitchell, Taly, 2009
    http://www.stanford.edu/~jcm/papers/csf09-techrep.pdf

    An Operational Semantics for JavaScript
    Maffeis, Mitchell, Taly, 2008
    http://www.stanford.edu/~jcm/papers/aplas08-camera-ready.pdf

    The Essence of JavaScript
    Guha, Saftoiu, Krishnamurthi, 2010
    http://www.cs.brown.edu/research/plt/dl/jssem/v1/gsk-essence-javascript-r5.pdf

    Using Static Analysis for Ajax Intrusion Detection
    Guha, Krishnamurthi, Jim, 2009
    http://sca2002.cs.brown.edu/people/arjun/public/intrusion-detection.pdf

    Typing Local Control and State using Flow Analysis
    Guha, Saftoiu, Krishnamurthi, 2011
    http://www.cs.brown.edu/~sk/Publications/Papers/Published/gsk-flow-typing-theory/paper.pdf

    JavaScript Instrumentation for Browser Security
    Yu, Chander, Islam, Serikov, 2007
    http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.89.183&rep=rep1&type=pdf

    Automated Analysis of Security-Critical JavaScript APIs
    Taly, Erlingsson, Mitchell, Miller, Nagra, 2011
    http://theory.stanford.edu/~ataly/Papers/sp11.pdf

    Trace-based Just-in-Time Type Specialization for Dynamic Languages
    Gal et. al.,  2009
    http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.148.349&rep=rep1&type=pdf

Also useful for setting the stage are general studies like:

    The Eval that Men Do
    A Large-scale Study of the Use of Eval in JavaScript Applications
    Richards, Hammer, Burg, Vitek, 2011
    http://www.cs.washington.edu/homes/burg/files/eval-ecoop-2011-paper.pdf

    An Analysis of the Dynamic Behavior of JavaScript Programs
    Richards, Lebresne, Burg, Vitek, 2010
    http://www.cs.washington.edu/homes/burg/files/dynjs-pldi-2010-paper.pdf

Not to forget moving from prototypes to practice:

    Introduce Javascript type inference
    https://bugzilla.mozilla.org/show_bug.cgi?id=557407

I've omitted some performance-oriented general studies and
implementation papers, as well as presentations where I've
only seen slides, focusing on publications somewhat related
to (static or dynamic) analysis. No claims of accuracy,
completeness, or relevance are made - further references or
corrections are welcome!

Claus
http://clausreinke.github.com/

More information about the es-discuss mailing list