Newer
Older
Thomas Wood
committed
project_id: web
menu: true
We study various forms of program analysis for JavaScript (ECMAScript 5 Strict) programs,
extending this work to include important Web APIs, such as the DOM (including UI Events), JavaScript Promises, and async/await.
We are also interested in the mechanised specification of JavaScript itself.
#### JaVerT
We have developed JaVerT, a compositional symbolic analysis tool for JavaScript, targeting the strict mode of the ECMAScript 5 standard. JaVerT supports whole-program symbolic testing, verification and automatic compositional testing based on bi-abduction. It comprises:
- JSIL, an intermediate goto language with a symbolic execution engine with explicit management of execution errors that guides the feedback for symbolic testing and the automatic bi-abductive inference. The meta-theory underpinning JSIL is formally defined and modular, streamlining the proofs and guiding the implementation.
- JS-2-JSIL, a trusted compiler that preserves the JavaScript memory model and semantics, trusted in the sense that it is line-by-line close to the standard and comprehensively tested using the official Test262 test suite.
#### Web APIs
Using our considerable experience with the DOM specification and JavaScript analysis, we have recently (ECOOP'20) introduced a trusted infrastructure for symbolic analysis of modern event-driven Web applications, comprising:
- reference implementations of the DOM Core Level 1, DOM UI Events, JavaScript Promises, and the JavaScript async/await APIs, all following the API standards as closely as possible and all thoroughly tested against the official test suites;
- a simple Core Events Semantics that is sufficiently expressive to describe the event models underlying these APIs;
- JaVerT.Click, an extension of JaVerT with the Core Events Semantics, that is, for the first time, able to symbolically test JavaScript programs that use any/all of the above-mentioned APIs.
We have used JaVerT.Click to analyse the events module of [cash](https://kenwheeler.github.io/cash/), a small, widely-used jQuery alternative, in which we found two bugs (fixed) and for which we have proven boundned correctness of several essential properties, such as "an event handler can be triggered if and only if it has previously been registered".
We have also found a bug in the [p-map](https://github.com/sindresorhus/p-map) library (fixed), which extends the functionality of JavaScript Promises.
have developed [JSCert](http://jscert.org/), a substantial Coq specification that is
line-by-line close to the core language of the ECMAScript 5
standard. It comes with a reference interpreter, JSRef, proven correct
with respect to JSCert and tested using the official Test262 test
suite. With Schmitt and Jensen, we have also recently introduced the skeletal semantics framework
for capturing both concrete and abstract semantics, connected together by a
general consistency result. Our hope is that this framework will simplify
the verification of properties such has heap well-formedness for large
complex languages such as JavaScript.
This work is supported by Gardner's UKRI Established Career Fellowship
["VeTSpec: Verified Trustworthy Software Specification"][VeTSpec].
It was previously supported by the EPSRC
programme grant [EP/K008528/1]: [REMS: Rigorous Engineering of
Mainstream Systems][REMS], the EPSRC/GCHQ grant [EP/K032089/1]:
[Certified Verification of Client-Side Web Programs][1], and the EPSRC
programme grant [EP/H008373/2]: [Resource Reasoning]. We also have
substantial collaboration with [José Fragoso Santos], previously an RA
in the group and now an Assistant Professor at the Instituto
Superior Técnico, Lisbon.
[VeTSpec]: https://gow.epsrc.ukri.org/NGBOViewGrant.aspx?GrantRef=EP/R034567/1
[EP/K032089/1]: http://gow.epsrc.ac.uk/NGBOViewGrant.aspx?GrantRef=EP/K032089/1
[EP/H008373/2]: http://gow.epsrc.ac.uk/NGBOViewGrant.aspx?GrantRef=EP/H008373/2
[EP/K008528/1]: http://gow.epsrc.ac.uk/NGBOViewGrant.aspx?GrantRef=EP/K008528/1
[REMS]: http://www.cl.cam.ac.uk/~pes20/rems/
[1]: https://verificationinstitute.org/project/certified-verification-of-client-side-web-programs/
[Resource Reasoning]: http://www.resourcereasoning.com/
[Arthur Charguéraud]: http://www.chargueraud.org/
[Alan Schmitt]: https://www.irisa.fr/celtique/aschmitt/