Frequently updated programs cause the cost of static analysis to be multiplied by the number of program versions. When the baseline cost is high (for example, analyzing JavaScript), this multiplicative factor can be prohibitive. As an example, JavaScript-based browser addons are continually updated and there are known instances where malicious code has been injected into such updates; thus the addons must be repeatedly vetted each time an update happens.

Incremental analysis reduces this cumulative cost by reusing analysis results of previous versions to reduce the cost of analyzing an updated version. However, existing incremental analyses are not applicable to dynamic programming languages such as JavaScript because they make assumptions that don’t hold in this setting. In this paper, we propose the first incremental static analysis for JavaScript. We do not require perfect precision, but we show empirically that there is negligible precision loss in practice. Our technique includes a method for matching code between JavaScript program versions, a non-trivial problem which existing techniques do not solve. For our benchmarks, drawn from real browser addons and node.js programs, our incremental analysis performance is on average within a factor of two of an optimal incremental analysis.

Sat 22 Jun
Times are displayed in time zone: (GMT-07:00) Tijuana, Baja California change

09:15 - 11:00: SOAP - Performance and Optimizations for Program Analysis Tools at 106A
Chair(s): Neville GrechUniversity of Athens
SOAP-2019-papers09:15 - 09:35
SOAP-2019-papers09:35 - 09:55
Philipp Dominik SchubertHeinz Nixdorf Institut, Paderborn University, Richard LeerHeinz Nixdorf Institut, Paderborn University, Ben HermannPaderborn University, Eric BoddenHeinz Nixdorf Institut, Paderborn University and Fraunhofer IEM
Pre-print Media Attached
SOAP-2019-papers09:55 - 10:15
Lawton Nichols, Mehmet EmreUniversity of California, Santa Barbara, Ben HardekopfUC Santa Barbara
SOAP-2019-papers10:15 - 11:35
SOAP-2019-papers10:35 - 11:00