Sun 14 Jun 2015 11:20 - 12:20 at B110-B11 - session 2 Chair(s): Mayur Naik

JavaScript is pervasive. While it began as a simple client-side webpage scripting language, JavaScript is now used in a wide variety of settings including large-scale web applications, web browser addons, desktop applications, server-side applications, and mobile phones. This growing prominence means that secure, correct, maintainable, and performant JavaScript code is becoming ever more critical. Static analysis traditionally plays a large role in providing such characteristics, e.g., security auditing, error-checking, debugging, optimization, and program refactoring, among other uses. However, JavaScript’s inherently dynamic nature, obscure and surprising corner-cases, and other idiosyncracies make static analysis a significant challenge. Sound, precise, and efficient JavaScript static analysis is an open problem in the research community.

In this talk I will explain what makes JavaScript analysis so difficult and distill some of the collected wisdom and insights that we as a research community have gathered with respect to analyzing JavaScript. Some of these insights run counter to the community’s wealth of experience gained from the static analysis of other languages such as Java and C, and I will highlight these differences. I will finish by discussing some of the ongoing challenges for JavaScript static analysis that we have yet to resolve and that provide a rich source of opportunities for further research.

Sun 14 Jun

Displayed time zone: Tijuana, Baja California change

11:20 - 12:30
session 2SOAP at B110-B11
Chair(s): Mayur Naik Georgia Tech
Static Analysis of JavaScript: Insights and Challenges
Ben Hardekopf UC Santa Barbara