Dynamic Flow Analysis for JavaScript

Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10447)


Static flow analyses compute a safe approximation of a program’s dataflow without executing it. Dynamic flow analyses compute a similar safe approximation by running the program on test data such that it achieves sufficient coverage.

We design and implement a dynamic flow analysis for JavaScript. Our formalization and implementation observe a program’s execution in a training run and generate flow constraints from the observations. We show that a solution of the constraints yields a safe approximation to the program’s dataflow if each path in every function is executed at least once in the training run. As a by-product, we can reconstruct types for JavaScript functions from the results of the flow analysis.

Our implementation shows that dynamic flow analysis is feasible for JavaScript. While our formalization concentrates on a core language, the implementation covers full JavaScript. We evaluated the implementation using the SunSpider benchmark.


Type inference JavaScript Flow analysis Dynamic languages 


  1. 1.
    An, J.D., Chaudhuri, A., Foster, J.S., Hicks, M.: Dynamic inference of static types for Ruby. In: Ball, T., Sagiv, M. (eds.) Proceedings of the 38th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, POPL 2011, Austin, TX, USA, 26–28 January 2011, pp. 459–472. ACM (2011)Google Scholar
  2. 2.
    Anderson, C., Giannini, P.: Type checking for JavaScript. Electr. Notes Theor. Comput. Sci. 138(2), 37–58 (2005)CrossRefGoogle Scholar
  3. 3.
    Anderson, C., Giannini, P., Drossopoulou, S.: Towards type inference for JavaScript. In: Black, A.P. (ed.) ECOOP 2005. LNCS, vol. 3586, pp. 428–452. Springer, Heidelberg (2005). Scholar
  4. 4.
    Cartwright, R., Fagan, M.: Soft typing. In: Proceedings of the ACM SIGPLAN 1991 Conference on Programming Language Design and Implementation (PLDI), Toronto, Ontario, Canada, 26–28 June 1991, pp. 278–292 (1991)Google Scholar
  5. 5.
    Chugh, R., Herman, D., Jhala, R.: Dependent types for JavaScript. In: Proceedings of the 27th Annual ACM SIGPLAN Conference on Object-Oriented Programming, Systems, Languages, and Applications, OOPSLA 2012, Part of SPLASH 2012, Tucson, AZ, USA, 21–25 October 2012, pp. 587–606 (2012)Google Scholar
  6. 6.
    Facebook Flow (2016). Accessed 21 June 2016
  7. 7.
    Furr, M., An, J.D., Foster, J.S., Hicks, M.W.: Static type inference for Ruby. In: Shin, S.Y., Ossowski, S. (eds.) Proceedings of the 2009 ACM Symposium on Applied Computing (SAC), Honolulu, Hawaii, USA, 9–12 March 2009, pp. 1859–1866. ACM (2009)Google Scholar
  8. 8.
    Hackett, B., Guo, S.: Fast and precise hybrid type inference for JavaScript. In: Vitek, J., Lin, H., Tip, F. (eds.) ACM SIGPLAN Conference on Programming Language Design and Implementation, PLDI 2012, Beijing, China, 11–16 June 2012, pp. 239–250. ACM (2012)Google Scholar
  9. 9.
    Henglein, F.: Efficient type inference for higher-order binding-time analysis. In: Hughes, J. (ed.) FPCA 1991. LNCS, vol. 523, pp. 448–472. Springer, Heidelberg (1991). Scholar
  10. 10.
    Jakob, R., Thiemann, P.: A falsification view of success typing. In: Havelund, K., Holzmann, G., Joshi, R. (eds.) NFM 2015. LNCS, vol. 9058, pp. 234–247. Springer, Cham (2015). Scholar
  11. 11.
    Jalangi2 GitHub (2015). Accessed 9 July 2015
  12. 12.
    Jensen, S.H., Møller, A., Thiemann, P.: Type analysis for JavaScript. In: Palsberg, J., Su, Z. (eds.) SAS 2009. LNCS, vol. 5673, pp. 238–255. Springer, Heidelberg (2009). Scholar
  13. 13.
    Jones, N.D., Muchnick, S.S.: Flow analysis and optimization of Lisp-like structures. In: Aho, A.V., Zilles, S.N., Rosen, B.K. (eds.) Conference Record of the Sixth Annual ACM Symposium on Principles of Programming Languages, San Antonio, Texas, USA, 1979 January, pp. 244–256. ACM Press (1979)Google Scholar
  14. 14.
    Lerner, B.S., Politz, J.G., Guha, A., Krishnamurthi, S.: TeJaS: retrofitting type systems for JavaScript. In: DLS 2013, Proceedings of the 9th Symposium on Dynamic Languages, Part of SPLASH 2013, Indianapolis, IN, USA, 26–31 October 2013, pp. 1–16 (2013)Google Scholar
  15. 15.
    Naus, N.: Dynamic type inference for JavaScript. Master Thesis (2015)Google Scholar
  16. 16.
    Pradel, M., Schuh, P., Sen, K.: TypeDevil: dynamic type inconsistency analysis for JavaScript. In: 37th IEEE/ACM International Conference on Software Engineering, ICSE 2015, Florence, Italy, 16–24 May 2015, vol. 1, pp. 314–324. IEEE (2015)Google Scholar
  17. 17.
    Ren, B.M., Foster, J.S.: Just-in-time static type checking for dynamic languages. In: Proceedings of the 37th ACM SIGPLAN Conference on Programming Language Design and Implementation, PLDI 2016, Santa Barbara, CA, USA, 13–17 June 2016, pp. 462–476 (2016)Google Scholar
  18. 18.
    Saftoiu, C.: JSTrace: run-time type discovery for JavaScript. Technical report, Brown University (2010)Google Scholar
  19. 19.
    Salib, M.: Faster than C: static type inference with Starkiller. In: PyCon Proceedings, Washington DC, vol. 3 (2004)Google Scholar
  20. 20.
    Sen, K., Kalasapur, S., Brutch, T.G., Gibbs, S.: Jalangi: a tool framework for concolic testing, selective record-replay, and dynamic analysis of JavaScript. In: Meyer, B., Baresi, L., Mezini, M. (eds.) Joint Meeting of the European Software Engineering Conference and the ACM SIGSOFT Symposium on the Foundations of Software Engineering, ESEC/FSE 2013, Saint Petersburg, Russian Federation, 18–26 August 2013, pp. 615–618. ACM (2013)Google Scholar
  21. 21.
    Siek, J., Taha, W.: Gradual typing for objects. In: Ernst, E. (ed.) ECOOP 2007. LNCS, vol. 4609, pp. 2–27. Springer, Heidelberg (2007). Scholar
  22. 22.
    SunSpider 1.0.2 JavaScript Benchmark (2016). Accessed 5 July 2016
  23. 23.
    Swamy, N., et al.: Gradual typing embedded securely in JavaScript. In: The 41st Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, POPL 2014, San Diego, CA, USA, 20–21 January 2014, pp. 425–438 (2014)Google Scholar
  24. 24.
    Thiemann, P.: Towards a Type system for analyzing JavaScript programs. In: Sagiv, M. (ed.) ESOP 2005. LNCS, vol. 3444, pp. 408–422. Springer, Heidelberg (2005). Scholar
  25. 25.
    Wright, A.K., Cartwright, R.: A practical soft type system for Scheme. ACM Trans. Program. Lang. Syst. 19(1), 87–152 (1997)CrossRefGoogle Scholar

Copyright information

© Springer Nature Switzerland AG 2019

Authors and Affiliations

  1. 1.Utrecht UniversityUtrechtThe Netherlands
  2. 2.Albert-Ludwigs-Universität FreiburgFreiburg im BreisgauGermany

Personalised recommendations