The Essence of JavaScript

  • Arjun Guha
  • Claudiu Saftoiu
  • Shriram Krishnamurthi
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6183)

Abstract

We reduce JavaScript to a core calculus structured as a small-step operational semantics. We present several peculiarities of the language and show that our calculus models them. We explicate the desugaring process that turns JavaScript programs into ones in the core. We demonstrate faithfulness to JavaScript using real-world test suites. Finally, we illustrate utility by defining a security property, implementing it as a type system on the core, and extending it to the full language.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Abadi, M., Cardelli, L.: A Theory of Objects. Springer, Heidelberg (1996)MATHGoogle Scholar
  2. 2.
    Anderson, C., Giannini, P., Drossopoulou, S.: Towards type inference for JavaScript. In: Black, A.P. (ed.) ECOOP 2005. LNCS, vol. 3586, pp. 428–452. Springer, Heidelberg (2005)Google Scholar
  3. 3.
    Borning, A.: Classes versus prototypes in object-oriented languages. In: ACM Fall Joint Computer Conference (1986)Google Scholar
  4. 4.
    Chugh, R., Meister, J.A., Jhala, R., Lerner, S.: Staged information flow for JavaScript. In: ACM SIGPLAN Conference on Programming Language Design and Implementation (2009)Google Scholar
  5. 5.
    Crockford, D.: ADSafe, http://www.adsafe.org
  6. 6.
    ECMAScript language specification (1999)Google Scholar
  7. 7.
  8. 8.
    Felleisen, M., Findler, R.B., Flatt, M.: Semantics Engineering with PLT Redex. MIT Press, Cambridge (2009)MATHGoogle Scholar
  9. 9.
    Guarnieri, S., Livshits, B.: GateKeeper: Mostly static enforcement of security and reliability policies for JavaScript code. In: USENIX Security Symposium (2009)Google Scholar
  10. 10.
    Guha, A., Krishnamurthi, S., Jim, T.: Static analysis for Ajax intrusion detection. In: International World Wide Web Conference (2009)Google Scholar
  11. 11.
    Heidegger, P., Thiemann, P.: Recency types for dynamically-typed, object-based languages: Strong updates for JavaScript. In: ACM SIGPLAN International Workshop on Foundations of Object-Oriented Languages (2009)Google Scholar
  12. 12.
    Herman, D.: ClassicJavaScript, http://www.ccs.neu.edu/home/dherman/javascript/
  13. 13.
    Jensen, S.H., Møller, A., Thiemann, P.: Type analysis for JavaScript. In: International Static Analysis Symposium (2009)Google Scholar
  14. 14.
    Klein, C., Finder, R.B.: Randomized testing in PLT Redex. In: ACM SIGPLAN Workshop on Scheme and Functional Programming (2009)Google Scholar
  15. 15.
    Maffeis, S., Mitchell, J.C., Taly, A.: An operational semantics for JavaScript. In: Ramalingam, G. (ed.) APLAS 2008. LNCS, vol. 5356, pp. 307–325. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  16. 16.
    Maffeis, S., Mitchell, J.C., Taly, A.: Isolating JavaScript with filters, rewriting, and wrappers. In: Backes, M., Ning, P. (eds.) ESORICS 2009. LNCS, vol. 5789, pp. 505–522. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  17. 17.
    Miller, M.S., Samuel, M., Laurie, B., Awad, I., Stay, M.: Caja: Safe active content in sanitized JavaScript. Technical report, Google Inc. (2008), http://google-caja.googlecode.com/files/caja-spec-2008-06-07.pdf
  18. 18.
    Tobin-Hochstadt, S., Felleisen, M.: The design and implementation of Typed Scheme. In: ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (2008)Google Scholar
  19. 19.
    Ungar, D., Smith, R.B.: SELF: The power of simplicity. In: ACM SIGPLAN Conference on Object-Oriented Programming Systems, Languages & Applications (1987)Google Scholar
  20. 20.
    Wright, A., Felleisen, M.: A syntactic approach to type soundness. Information and Computation 115(1) (1994)Google Scholar
  21. 21.
    Yu, D., Chander, A., Islam, N., Serikov, I.: Javascript instrumentation for browser security. In: ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (2007)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2010

Authors and Affiliations

  • Arjun Guha
    • 1
  • Claudiu Saftoiu
    • 1
  • Shriram Krishnamurthi
    • 1
  1. 1.Brown University 

Personalised recommendations