IDE support?

Claus Reinke claus.reinke at
Tue Sep 13 01:16:28 PDT 2011

>> There are some half dozen or more papers on Javascript type inference
>> or static analysis (hmm, is there a central wiki or bibliography where
>> we could record and collect such JS-related references? should I post
>> here what I've found so far?).
> For as far as you haven't already, I'd love to see more of them.

Ok, here are some I've found so far (more than I remembered:-).
I've tried to add urls, but haven't checked those:

    TAJS: Type Analyzer for JavaScript

        Modeling the HTML DOM and Browser API
        in Static Analysis of JavaScript Web Applications
        Jensen, Madsen, Møller, 2011

        Interprocedural Analysis with Lazy Propagation
        Jensen, Møller, Thiemann, 2010

        Type Analysis for JavaScript
        Jensen, Møller, Thiemann, 2009

    Recency Types for Analyzing Scripting Languages
    Heidegger, Thiemann, 2010

    Towards a Type System for Analyzing JavaScript Programs
    Thiemann, 2005

    Type Inference for JavaScript
    Anderson, 2006

    Towards Type Inference for JavaScript
    Anderson, Giannini, Drossopoulou, 2005

    Staged Information Flow for JavaScript
    Chugh, Meister, Jhala, Lerner, 2009

    An Empirical Study of Privacy-Violating Information Flows
    in JavaScript Web Applications
    Jang, Jhala, Lerner, Shacham, 2010

    CFA2: a Context-Free Approach to Control-Flow Analysis
    Vardoulakis, Shivers, 2010 (used in DoctorJS)

    Gulfstream: Incremental Static Analysis for
    Streaming JavaScript Applications
    Livshits, Guarnieri, 2010

    GATEKEEPER: Mostly Static Enforcement of Security and
    Reliability Policies for JavaScript Code
    Guarnieri, Livshits, 2009

    JSTrace: Run-time Type Discovery for JavaScript
    Saftoiu, 2010

    Polymorphic Type Inference for Scripting
    Languages with Object Extensions
    Zhao, 2011

    RATA: Rapid Atomic Type Analysis by Abstract Interpretation.
    Application to JavaScript optimization.
    Logozzo, Venter,

    An Analytic Framework for JavaScript
    van Horn, Might, 2011

    Points-to Analysis for JavaScript
    Dongseok Jang, Kwang-Moo Choe, 2009

    Language-Based Isolation of Untrusted JavaScript
    Sergio Maffeis, Mitchell, Taly, 2009

    An Operational Semantics for JavaScript
    Maffeis, Mitchell, Taly, 2008

    The Essence of JavaScript
    Guha, Saftoiu, Krishnamurthi, 2010

    Using Static Analysis for Ajax Intrusion Detection
    Guha, Krishnamurthi, Jim, 2009

    Typing Local Control and State using Flow Analysis
    Guha, Saftoiu, Krishnamurthi, 2011

    JavaScript Instrumentation for Browser Security
    Yu, Chander, Islam, Serikov, 2007

    Automated Analysis of Security-Critical JavaScript APIs
    Taly, Erlingsson, Mitchell, Miller, Nagra, 2011

    Trace-based Just-in-Time Type Specialization for Dynamic Languages
    Gal et. al.,  2009

Also useful for setting the stage are general studies like:

    The Eval that Men Do
    A Large-scale Study of the Use of Eval in JavaScript Applications
    Richards, Hammer, Burg, Vitek, 2011

    An Analysis of the Dynamic Behavior of JavaScript Programs
    Richards, Lebresne, Burg, Vitek, 2010

Not to forget moving from prototypes to practice:

    Introduce Javascript type inference

I've omitted some performance-oriented general studies and
implementation papers, as well as presentations where I've
only seen slides, focusing on publications somewhat related
to (static or dynamic) analysis. No claims of accuracy,
completeness, or relevance are made - further references or
corrections are welcome!


More information about the es-discuss mailing list