An Operational Semantics for JavaScript

  • Sergio Maffeis
  • John C. Mitchell
  • Ankur Taly
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5356)

Abstract

We define a small-step operational semantics for the ECMAScript standard language corresponding to JavaScript, as a basis for analyzing security properties of web applications and mashups. The semantics is based on the language standard and a number of experiments with different implementations and browsers. Some basic properties of the semantics are proved, including a soundness theorem and a characterization of the reachable portion of the heap.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    AdSafe: Making JavaScript safe for advertising, http://www.adsafe.org/
  2. 2.
    Google-Caja, A.: source-to-source translator for securing JavaScript-based Web, http://code.google.com/p/google-caja/
  3. 3.
    Jscript (Windows Script Technologies), http://msdn2.microsoft.com/en-us/library/hbxc2t98.aspx
  4. 4.
    Rhino: Javascript for Java, http://www.mozilla.org/rhino/
  5. 5.
    Abadi, M., Cardelli, L.: A Theory of Objects. Springer, Heidelberg (1996)CrossRefMATHGoogle Scholar
  6. 6.
    Adida, B.: BeamAuth: two-factor Web authentication with a bookmark. In: ACM Computer and Communications Security, pp. 48–57 (2007)Google Scholar
  7. 7.
    Anderson, C., Giannini, P., Drossopoulou, S.: Towards type inference for JavaScript. In: Black, A.P. (ed.) ECOOP 2005. LNCS, vol. 3586, pp. 428–452. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  8. 8.
    Eich, B.: Javascript at ten years, http://www.mozilla.org/js/language/ICFP-Keynote.ppt
  9. 9.
    Fisher, K., Honsell, F., Mitchell, J.C.: A lambda calculus of objects and method specialization. Nordic J. Computing (formerly BIT) 1, 3–37 (1994)MathSciNetMATHGoogle Scholar
  10. 10.
    Flanagan, D.: JavaScript: The Definitive Guide. O’Reilly, Sebastopol (2006), http://proquest.safaribooksonline.com/0596101996 MATHGoogle Scholar
  11. 11.
    Herman, D.: Classic JavaScript, http://www.ccs.neu.edu/home/dherman/javascript/
  12. 12.
    Herman, D., Flanagan, C.: Status report: specifying JavaScript with ML. In: ML 2007: Proc. Workshop on ML, pp. 47–52 (2007)Google Scholar
  13. 13.
    ECMA International. ECMAScript 4, http://www.ecmascript.org
  14. 14.
    ECMA International. ECMAScript language specification. stardard ECMA-262, 3rd Edition (1999), http://www.ecma-international.org/publications/ECMA-ST/Ecma-262.pdf
  15. 15.
    Maffeis, S., Mitchell, J., Taly, A.: Complete ECMA 262-3 operational semantics and long version of present paper. Semantics: http://jssec.net/semantics/ Paper: http://jssec.net/semantics/
  16. 16.
    Mitchell, J.C.: Toward a typed foundation for method specialization and inheritance. In: POPL 1990, pp. 109–124 (1990)Google Scholar
  17. 17.
    Mozilla. Spidermonkey (javascript-c) engine, http://www.mozilla.org/js/spidermonkey/
  18. 18.
    Reis, C., Dunagan, J., Wang, H., Dubrovsky, O., Esmeir, S.: Browsershield: Vulnerability-driven filtering of dynamic HTML. ACM Transactions on the Web 1(3) (2007)Google Scholar
  19. 19.
    Siek, J., Taha, W.: Gradual typing for objects. In: Ernst, E. (ed.) ECOOP 2007. LNCS, vol. 4609, pp. 2–27. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  20. 20.
  21. 21.
    Thiemann, P.: Towards a type system for analyzing JavaScript programs. In: Sagiv, M. (ed.) ESOP 2005, vol. 3444, pp. 408–422. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  22. 22.
    Thiemann, P.: A type safe DOM api. In: Bierman, G., Koch, C. (eds.) DBPL 2005. LNCS, vol. 3774, pp. 169–183. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  23. 23.
    Ungar, D., Smith, R.B.: Self: The power of simplicity. In: Proc. OOPSLA, vol. 22, pp. 227–242 (1987)Google Scholar
  24. 24.
    Yu, D., Chander, A., Islam, N., Serikov, I.: JavaScript instrumentation for browser security. In: ACM POPL, pp. 237–249 (2007)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2008

Authors and Affiliations

  • Sergio Maffeis
    • 1
  • John C. Mitchell
    • 2
  • Ankur Taly
    • 2
  1. 1.Department of ComputingImperial College LondonUK
  2. 2.Department of Computer ScienceStanford UniversityUSA

Personalised recommendations