understanding and verifying javascript programs
play

Understanding and Verifying JavaScript Programs Philippa Gardner - PowerPoint PPT Presentation

Feb 16, 2023 •123 likes •666 views

Understanding and Verifying JavaScript Programs Philippa Gardner Imperial College London LFCS 30th Anniversary 1/31 JavaScript at Imperial Philippa Gardner Jos e Fragoso Santos Petar Maksimovi c Daiva Naud zi unien e Azalea

  1. Understanding and Verifying JavaScript Programs Philippa Gardner Imperial College London LFCS 30th Anniversary 1/31

  2. JavaScript at Imperial Philippa Gardner Jos´ e Fragoso Santos Petar Maksimovi´ c Daiva Naudˇ zi¯ unien˙ e Azalea Raad Thomas Wood 2/31

  3. Mechanised Language Specification Standard ML: formal definition Milner, Harper, MacQueen, Tofte, 1990 and 1997; mechanised definition Lee, Crary, Harper, 2006. C: many partial definitions, some mechanised e.g. by Norrish 1998 , Leroy 2009; complete mechanised definition Ellison, Rosu, 2012; lots of recent work on C11, e.g. Batty’s thesis, 2014. Fragments of Java: many partial (large) definitions, first studied by Drossopoulou, Eisenbach, 1997; mechanised definition, Syme, 1998. Javascript: complete formal definition of the ECMAScript 3 standard (ES3), Maffeis, Mitchell, Tally, 2008; mechanised definition of ES5, us, 2014; Park, Stefanescu, Rosu, 2015. 3/31

  4. JavaScript at Imperial � DOM Specification P. Gardner, G. Smith, M. Wheelhouse, U. Zarfaty. Local Hoare Reasoning about the DOM, PODS 2008. 4/31

  5. JavaScript at Imperial � DOM Specification � JSLogic: a program logic for JavaScript P. Gardner, S. Maffeis, G. Smith. Towards a Program Logic for JavaScript, POPL 2012. 4/31

  6. JavaScript at Imperial � DOM Specification � JSLogic: a program logic for JavaScript � JSCert: a mechanised specification of ES5 in Coq M. Bodin, A. Chargu´ eraud, D. Filaretti, P. Gardner, S. Maffeis, D. Naudˇ zi¯ unien˙ e, A. Schmitt, G. Smith. A Trusted Mechanised JavaScript Specification, POPL 2014. Inria Collaborators � JSCert JSRef JavaScript Test262 A. Schmitt A. Chargu´ eraud M. Bodin 4/31

  7. JavaScript at Imperial � DOM Specification � JSLogic: a program logic for JavaScript � JSCert: a mechanised specification of ES5 in Coq JSIL: an intermediate language for JavaScript JSVerify: a verification tool for JavaScript 4/31

  8. JavaScript and Verification JavaScript 5/31

  9. JavaScript and Verification ECMAScript 5 English Standard Language Libraries How is it organised? Chapters 1-7: Overview, notation, parsing Chapters 8-14: Language constructs Chapter 15: Library functions 6/31

  10. JavaScript and Verification ES5 Strict Language Libraries How is it organised? Same as before; strict-only features throughout chapters 8-15 How is it different? Better behavioural properties: lexicographic scoping, mandatory variable declarations, explicit error throwing... 7/31

  11. JavaScript and Verification Non-core Core ES5 Strict Libraries What is Core ES5 Strict? All of the language constructs Core library functions Non-core library functions definable using the core language Why the core language? Important for verification 8/31

  12. Verifying Core ES5 Strict Core ES5 Strict • JSIL: simple intermediate goto language, good for verification, memory model similar to JavaScript • Semantics-directed compilation from Core ES5 Strict to JSIL • Core library functions implemented in JSIL • JSVerify: Smallfoot-like verification tool for JSIL (in future for JavaScript) • Core library functions specified and verified using JSVerify 9/31

  13. JavaScript vs. JSIL Verification 10/31

  14. Incorporating Non-core Libraries Non-core Libraries Axiomatic specification to verify client programs Does not follow the standard, which is operational Justification of specifications Informal appeal to the English standard Reference implementation in JSIL or Core ES5 Strict, following the standard, verified with JSVerify, tested against Test262 Verification of industrial-strength library implementations 11/31

  15. Introducing JSIL JSCert Core ES5 Strict Non-core libraries Semantics-directed compilation JSIL 12/31

  16. Introducing JSIL JSCert Core ES5 Strict Non-core libraries Semantics-directed compilation JSIL To be implemented Attributes, for-in, getters/setters, the arguments object Some core library functions 12/31

  17. The Syntax of JSIL Expressions: e ::= v | x | ⊖ e | e ⊕ e | typeof ( e ) v | e . o e | e . v e | base ( e ) | field ( e ) Commands: c ::= skip | x := e | x := new () | x := [ e , e ] | [ e , e ] := e | delete ( e ) | x := hasField ( e , e ) | x := protoField ( e , e ) | x := protoObj ( e , e ) | goto i | goto [ e ] i , j | x := e ( e ) with j 13/31

  18. The Syntax of JSIL Expressions: e ::= v | x | ⊖ e | e ⊕ e | typeof ( e ) v | e . o e | e . v e | base ( e ) | field ( e ) Commands: c ::= skip | x := e | x := new () | x := [ e , e ] | [ e , e ] := e | delete ( e ) | x := hasField ( e , e ) | x := protoField ( e , e ) | x := protoObj ( e , e ) | goto i | goto [ e ] i , j | x := e ( e ) with j Extensible objects, dynamic fields 13/31

  19. The Syntax of JSIL Expressions: e ::= v | x | ⊖ e | e ⊕ e | typeof ( e ) v | e . o e | e . v e | base ( e ) | field ( e ) Commands: c ::= skip | x := e | x := new () | x := [ e , e ] | [ e , e ] := e | delete ( e ) | x := hasField ( e , e ) | x := protoField ( e , e ) | x := protoObj ( e , e ) | goto i | goto [ e ] i , j | x := e ( e ) with j Prototype chains 13/31

  20. The Syntax of JSIL Expressions: e ::= v | x | ⊖ e | e ⊕ e | typeof ( e ) v | e . o e | e . v e | base ( e ) | field ( e ) Commands: c ::= skip | x := e | x := new () | x := [ e , e ] | [ e , e ] := e | delete ( e ) | x := hasField ( e , e ) | x := protoField ( e , e ) | x := protoObj ( e , e ) | goto i | goto [ e ] i , j | x := e ( e ) with j Dynamic function choice 13/31

  21. The Syntax of JSIL Expressions: e ::= v | x | ⊖ e | e ⊕ e | typeof ( e ) v | e . o e | e . v e | base ( e ) | field ( e ) Commands: c ::= skip | x := e | x := new () | x := [ e , e ] | [ e , e ] := e | delete ( e ) | x := hasField ( e , e ) | x := protoField ( e , e ) | x := protoObj ( e , e ) | goto i | goto [ e ] i , j | x := e ( e ) with j Procedures: proc ::= proc m ( x ) { c } 13/31

  22. Compiling ES5 Strict to JSIL JavaScript Code Object . prototype . foo = 1; var bar = 2; function f () { this . baz = this . bar + foo ; } f . prototype . bar = 3 Three ways of calling f : • Function call: f () • Method call: this . f () • Constructor call: new f () 14/31

  23. Compiling Functions • Each function translated to a top-level procedure. • Global code translated to a special procedure main . • No nesting of procedures. • Scope and the this object as first two parameters JavaScript Code JSIL Code function f() { ... } proc f ( x sc , x this ) { ... } Global code proc main () { ... } 15/31

  24. Compiling ES5 Strict to JSIL Heap JavaScript Code Object.prototype.foo = 1; var bar = 2; function f() { this.baz = this.bar + foo; } f.prototype.bar = 3 16/31

  25. Compiling ES5 Strict to JSIL Heap JavaScript Code Object.prototype.foo = 1; var bar = 2; function f() { this.baz = this.bar + foo; } f.prototype.bar = 3 JSIL Code [ l op , “foo” ] := 1 17/31

  26. Compiling ES5 Strict to JSIL Heap JavaScript Code Object.prototype.foo = 1; var bar = 2; function f() { this.baz = this.bar + foo; } f.prototype.bar = 3 JSIL Code [ l g , “bar” ] := 2 18/31

  27. Compiling ES5 Strict to JSIL JavaScript Code Heap Object.prototype.foo = 1; var bar = 2; function f() { this.baz = this.bar + foo; } f.prototype.bar = 3 JSIL Code x fp := new () [ x fp , @ proto ] := l op x fo := new () [ x fo , @ code ] := “f” [ x fo , @ scope ] := [ l g ] [ x fo , @ proto ] := ... [ x fo , ”prototype” ] := x fp [ l g , “f” ] := x fo 19/31

  28. Compiling ES5 Strict to JSIL Heap JavaScript Code Object.prototype.foo = 1; var bar = 2; function f() { this.baz = this.bar + foo; } f.prototype.bar = 3 JSIL Code [ x fp , “bar” ] := 3 20/31

  29. Constructor call: new f() JavaScript Code Object.prototype.foo = 1; Heap var bar = 2; function f() { this.baz = this.bar + foo; } f.prototype.bar = 3 new f() ← − constructor call JSIL Code x n := new () x fo := [ l g , “f” ] x fp := [ x fo , “prototype” ] [ x n , @ proto ] := x fp x scope := [ x fo , @ scope ] x this := x n x f := [ x fo , @ code ] x ret := x f ( x scope , x this ) 21/31

  30. Constructor call: new f() In this case, the this is bound to the newly created object. this . baz = this . bar + foo 22/31

  31. Constructor call: new f() In this case, the this is bound to the newly created object. this . baz = this . bar + foo Step 1 l n . o baz 22/31

  32. Constructor call: new f() In this case, the this is bound to the newly created object. this . baz = this . bar + foo Step 1 Step 2 l n . o baz l n . o bar 22/31

  33. Constructor call: new f() In this case, the this is bound to the newly created object. this . baz = this . bar + foo Step 1 Step 2 l n . o baz l n . o bar Step 3 getValue ( l n . o bar ) 22/31

  34. Constructor call: new f() In this case, the this is bound to the newly created object. this . baz = this . bar + foo Step 1 Step 2 l n . o baz l n . o bar Step 3 getValue ( l n . o bar ) Step 4 3 22/31

  35. Constructor call: new f() In this case, the this is bound to the newly created object. this . baz = this . bar + foo Step 1 Step 2 Step 5 l n . o baz l n . o bar l g . v foo Step 3 getValue ( l n . o bar ) Step 4 3 22/31

  36. Constructor call: new f() In this case, the this is bound to the newly created object. this . baz = this . bar + foo Step 1 Step 2 Step 5 l n . o baz l n . o bar l g . v foo Step 3 Step 6 getValue ( l n . o bar ) getValue ( l g . v foo ) Step 4 3 22/31

Recommend

Understanding and Verifying JavaScript Programs Philippa Gardner Imperial College London LFCS

Understanding and Verifying JavaScript Programs Philippa Gardner Imperial College London LFCS

Understanding and Verifying JavaScript Programs Philippa Gardner Imperial College London LFCS 30th Anniversary 1/33 JavaScript at Imperial Philippa Gardner Jos e Fragoso Santos Petar Maksimovi c Daiva Naud zi unien e Azalea

446 views • 27 slides
CE419 Session 5: JavaScript Web Programming 1 What is JavaScript? JavaScript is a dynamic

CE419 Session 5: JavaScript Web Programming 1 What is JavaScript? JavaScript is a dynamic

CE419 Session 5: JavaScript Web Programming 1 What is JavaScript? JavaScript is a dynamic programming language. Introduced in 1995 as a way to add programs to web pages in the Netscape Navigator browser. It has made modern web

795 views • 35 slides
+ The HARPO Verifier Status 2018 October 15 Verifying the Correctness of HARPO Programs 1

+ The HARPO Verifier Status 2018 October 15 Verifying the Correctness of HARPO Programs 1

+ The HARPO Verifier Status 2018 October 15 Verifying the Correctness of HARPO Programs 1 Verifying the Correctness of HARPO Programs Presented at NECEC 2018, St. Johns NL Inaam Ahmed Computer Engineering Research Labs, Dept. ECE, MUN

492 views • 23 slides
Metaprogramming & JavaScript Object Proxies What is metaprogramming ? Writing programs that

Metaprogramming & JavaScript Object Proxies What is metaprogramming ? Writing programs that

C152 Programming Language Paradigms Prof. Tom Austin, Fall 2014 Metaprogramming & JavaScript Object Proxies What is metaprogramming ? Writing programs that manipulate other programs. JavaScript Proxies Special metaprogramming

594 views • 24 slides
Verifying Concurrent Programs (Tutorial) Aarti Gupta Systems Analysis & Verification Group

Verifying Concurrent Programs (Tutorial) Aarti Gupta Systems Analysis & Verification Group

Verifying Concurrent Programs (Tutorial) Aarti Gupta Systems Analysis & Verification Group NEC Labs America, Princeton, USA www.nec-labs.com Tutorial: Verifying Concurrent Programs Oct 2011 Acknowledgements Malay Ganai, Vineet

982 views • 72 slides
Verifying Distributed Programs via Canonical Sequentialization Klaus von Gleissenthall Joint

Verifying Distributed Programs via Canonical Sequentialization Klaus von Gleissenthall Joint

Verifying Distributed Programs via Canonical Sequentialization Klaus von Gleissenthall Joint work with Alexander Bakst, Ranjit Jhala and Rami Gkhan Kc 1 Writing distributed programs A bug appears Issue: random hangs / deadlock in

809 views • 79 slides
Recency Types for JavaScript Phillip Heidegger, Peter Thiemann University of Freiburg

Recency Types for JavaScript Phillip Heidegger, Peter Thiemann University of Freiburg

Recency Types for JavaScript Phillip Heidegger, Peter Thiemann University of Freiburg 08.06.2009 Motivation Create a static program analysis to: Find bugs in JavaScript programs Understand JavaScript programs Specify this analysis

741 views • 22 slides
Verifying functional correctness of message-passing programs in Coq Robbert Krebbers, TU Delft

Verifying functional correctness of message-passing programs in Coq Robbert Krebbers, TU Delft

Verifying functional correctness of message-passing programs in Coq Robbert Krebbers, TU Delft Joint work with Jonas Kastberg Hinrichsen, ITU Jesper Bengtson, ITU 4 June 2020 @ VEST Workshop, Online 1 Type checking message-passing programs

601 views • 25 slides
Understanding the Dynamics of JavaScript Sylvain Lebresne, Gregor Richards, Johan Ostlund,

Understanding the Dynamics of JavaScript Sylvain Lebresne, Gregor Richards, Johan Ostlund,

Outline Introduction JavaScript Measurements Results Conclusions Understanding the Dynamics of JavaScript Sylvain Lebresne, Gregor Richards, Johan Ostlund, Tobias Wrigstad, Jan Vitek Purdue University July 6, 2009 1 / 28 Outline

737 views • 44 slides
Verifying Concurrent Programs Daniel Kroening 28 May 1 June 2012 Outline Shared-Variable

Verifying Concurrent Programs Daniel Kroening 28 May 1 June 2012 Outline Shared-Variable

Verifying Concurrent Programs Daniel Kroening 28 May 1 June 2012 Outline Shared-Variable Concurrency Predicate Abstraction for Concurrent Programs Boolean Programs with Bounded Replication Boolean Programs with Unbounded Replication D.

774 views • 50 slides
Verifying Safety and Accuracy of Approximate Parallel Programs via Canonical Sequentialization

Verifying Safety and Accuracy of Approximate Parallel Programs via Canonical Sequentialization

Verifying Safety and Accuracy of Approximate Parallel Programs via Canonical Sequentialization Vimuth Fernando , Keyur Joshi, Sasa Misailovic University of Illinois at Urbana-Champaign CCF-1629431 CCF-1703637 CCF-1846354 Compression

665 views • 63 slides
Understanding JavaScript Event-Based Interactions Saba Alimadadi Sheldon Sequeira Ali Mesbah

Understanding JavaScript Event-Based Interactions Saba Alimadadi Sheldon Sequeira Ali Mesbah

Understanding JavaScript Event-Based Interactions Saba Alimadadi Sheldon Sequeira Ali Mesbah Karthik Pattabiraman Motivation JavaScript Widely used, very popular Event driven, dynamic, asynchronous Difficult to understand the

677 views • 31 slides
Verifying Asynchronous programs with nested locks K Narayan Kumar CMI, Chennai Joint work with

Verifying Asynchronous programs with nested locks K Narayan Kumar CMI, Chennai Joint work with

Verifying Asynchronous programs with nested locks K Narayan Kumar CMI, Chennai Joint work with M.F. Atig A. Bouajjani Prakash Saivasan Programs with Locks: A collection of processes executing concurrently. A finite set of Locks

1.82k views • 169 slides
The Benefits of Duality in Verifying Concurrent Programs under TSO Parosh Aziz Abdulla 1 Ahmed

The Benefits of Duality in Verifying Concurrent Programs under TSO Parosh Aziz Abdulla 1 Ahmed

The Benefits of Duality in Verifying Concurrent Programs under TSO Parosh Aziz Abdulla 1 Ahmed Bouajjani 2 Mohamed Faouzi Atig 1 Tuan Phong Ngo 1 1 Uppsala University 2 IRIF, Universit Paris Diderot & IUF CONCUR 2016 1 Motivation

1.66k views • 118 slides
Verifying Concurrent Programs using Contracts Ricardo J. Dias, Carla Ferreira, Jan Fiedor, Jo

Verifying Concurrent Programs using Contracts Ricardo J. Dias, Carla Ferreira, Jan Fiedor, Jo

Verifying Concurrent Programs using Contracts Ricardo J. Dias, Carla Ferreira, Jan Fiedor, Jo ao M. Lourenc o, Ale s Smr cka, Diogo G. Sousa, Tom a s Vojnar Brno University of Technology (BUT) Universidade Nova de Lisboa (UNL)

1.54k views • 125 slides
VeriMAP A Tool for Verifying Programs through Transformations Emanuele De Angelis, Fabio

VeriMAP A Tool for Verifying Programs through Transformations Emanuele De Angelis, Fabio

VeriMAP A Tool for Verifying Programs through Transformations Emanuele De Angelis, Fabio Fioravanti, Alberto Pettorossi, and Maurizio Proietti University of Chieti Pescara G. dAnnunzio, University of Rome Tor Vergata, and

508 views • 18 slides
Toward an Understanding of C++ Writing and Understanding C++ Writing programs in any language

Toward an Understanding of C++ Writing and Understanding C++ Writing programs in any language

Toward an Understanding of C++ Writing and Understanding C++ Writing programs in any language requires understanding the Traditional first program, doesnt convey power of computing syntax and semantics of the programming language as

519 views • 5 slides
JavaScript Primer Basic Introduction of JavaScript JavaScript History Why (re)introduce

JavaScript Primer Basic Introduction of JavaScript JavaScript History Why (re)introduce

JavaScript Primer Basic Introduction of JavaScript JavaScript History Why (re)introduce JavaScript? Notorious for being worlds most misunderstood programming language o (Douglas Crockford -

432 views • 11 slides
Metaprogramming & JavaScript Object Proxies Prof. Tom Austin San Jos State University

Metaprogramming & JavaScript Object Proxies Prof. Tom Austin San Jos State University

CS 152: Programming Language Paradigms Metaprogramming & JavaScript Object Proxies Prof. Tom Austin San Jos State University What is metaprogramming ? Writing programs that manipulate other programs. JavaScript Proxies

380 views • 27 slides
Introduction to JavaScript Niels Olof Bouvin 2 Overview A brief history of JavaScript and

Introduction to JavaScript Niels Olof Bouvin 2 Overview A brief history of JavaScript and

Introduction to JavaScript Niels Olof Bouvin 2 Overview A brief history of JavaScript and ECMAScript JavaScript for Java developers The JavaScript ecosystem Getting access to JavaScript Some language basics A look at the Node.js standard

1.03k views • 54 slides
Introduction to JavaScript Niels Olof Bouvin 1 Overview A brief history of JavaScript and

Introduction to JavaScript Niels Olof Bouvin 1 Overview A brief history of JavaScript and

Introduction to JavaScript Niels Olof Bouvin 1 Overview A brief history of JavaScript and ECMAScript JavaScript for Java developers The JavaScript ecosystem Getting access to JavaScript Some language basics A look at the Node.js standard

1.1k views • 57 slides
Verifying Concurrent ML programs a research proposal Gergely Buday Eszterhzy Kroly

Verifying Concurrent ML programs a research proposal Gergely Buday Eszterhzy Kroly

Verifying Concurrent ML programs a research proposal Gergely Buday Eszterhzy Kroly University Gyngys, Hungary Synchron 2016 Bamberg December 2016 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

486 views • 25 slides
Verifying Array Manipulating Programs by Tiling Authors: Supratik Chakraborty, Ashutosh Gupta,

Verifying Array Manipulating Programs by Tiling Authors: Supratik Chakraborty, Ashutosh Gupta,

Verifying Array Manipulating Programs by Tiling Authors: Supratik Chakraborty, Ashutosh Gupta, Divyesh Unadkat R Venkatesh TCS Research December 11-16, 2017 Winter School in Software Engineering Pune, India Authors: Supratik Chakraborty,

1.04k views • 76 slides
JavaScript: The Good Parts vs. JavaScript: The Definitive Guide CS 252: Advanced Programming

JavaScript: The Good Parts vs. JavaScript: The Definitive Guide CS 252: Advanced Programming

JavaScript: The Good Parts vs. JavaScript: The Definitive Guide CS 252: Advanced Programming Language Principles Introduction to JavaScript Prof. Tom Austin San Jos State University History of JavaScript In 1995, Netscape hired Brendan

395 views • 16 slides

More recommend