Accelerating JavaScript Static Analysis via Dynamic Shortcuts (Extended Version)

TL;DR

This paper introduces dynamic shortcuts, a technique that combines static and concrete execution to enhance JavaScript static analysis performance and accuracy, leveraging high-performance engines and reducing manual modeling.

Contribution

It proposes a novel method to switch between abstract and concrete execution in JavaScript static analysis, improving speed and precision while reducing modeling effort.

Findings

SAFE_DS is 7.81x faster than baseline static analysis.

It reduces failed assertions by 12.31% on average.

The approach effectively handles opaque code in JavaScript analysis.

Abstract

JavaScript has become one of the most widely used programming languages for web development, server-side programming, and even micro-controllers for IoT. However, its extremely functional and dynamic features degrade the performance and precision of static analysis. Moreover, the variety of built-in functions and host environments requires excessive manual modeling of their behaviors. To alleviate these problems, researchers have proposed various ways to leverage dynamic analysis during JavaScript static analysis. However, they do not fully utilize the high performance of dynamic analysis and often sacrifice the soundness of static analysis. In this paper, we present dynamic shortcuts, a new technique to flexibly switch between abstract and concrete execution during JavaScript static analysis in a sound way. It can significantly improve the analysis performance and precision by using highly-optimized commercial JavaScript engines and lessen the modeling efforts for opaque code. We actualize the technique via $\text{SAFE}_\textsf{DS}$, an extended combination of $\text{SAFE}$ and Jalangi, a static analyzer and a dynamic analyzer, respectively. We evaluated $\text{SAFE}_\textsf{DS}$ using 269 official tests of Lodash 4 library. Our experiment shows that $\text{SAFE}_\textsf{DS}$ is 7.81x faster than the baseline static analyzer, and it improves the precision to reduce failed assertions by 12.31% on average for 22 opaque functions.