Completeness of Abstract Domains for String Analysis of
JavaScript Programs

D 2019

Completeness of Abstract Domains for String Analysis of JavaScript Programs

ARCERI, Vincenzo; Martina OLLIARO; Agostino CORTESI and Isabella MASTROENI

Basic information

Original name

Completeness of Abstract Domains for String Analysis of JavaScript Programs

Authors

ARCERI, Vincenzo (380 Italy); Martina OLLIARO (380 Italy, guarantor, belonging to the institution); Agostino CORTESI (380 Italy) and Isabella MASTROENI (380 Italy)

Edition

Hammamet, Tunisia, Theoretical Aspects of Computing – ICTAC 2019, p. 255-272, 18 pp. 2019

Publisher

Springer

Other information

Language

English

Type of outcome

Proceedings paper

Field of Study

10201 Computer sciences, information science, bioinformatics

Country of publisher

Switzerland

Confidentiality degree

is not subject to a state or trade secret

Publication form

printed version "print"

Impact factor

Impact factor: 0.402 in 2005

RIV identification code

RIV/00216224:14330/19:00116391

Organization unit

Faculty of Informatics

ISBN

978-3-030-32504-6

ISSN

DOI

http://dx.doi.org/10.1007/978-3-030-32505-3_15

UT WoS

000582443200015

EID Scopus

2-s2.0-85076142268

Keywords in English

string abstract domains; abstract interpretation completeness; string analysis

Abstract

V originále

Completeness in abstract interpretation is a well-known property, which ensures that the abstract framework does not lose information during the abstraction process, with respect to the property of interest. Completeness has been never taken into account for existing string abstract domains, due to the fact that it is difficult to prove it formally. However, the effort is fully justified when dealing with string analysis, which is a key issue to guarantee security properties in many software systems, in particular for JavaScript programs where poorly managed string manipulating code often leads to significant security flaws. In this paper, we address completeness for the main JavaScript-specific string abstract domains, we provide suitable refinements of them, and we discuss the benefits of guaranteeing completeness in the context of abstract-interpretation based string analysis of dynamic languages.

Cite

ARCERI, Vincenzo; Martina OLLIARO; Agostino CORTESI and Isabella MASTROENI. Completeness of Abstract Domains for String Analysis of JavaScript Programs. In Robert M. Hierons, Mohamed Mosbah. CORTESI, Agostino and Isabella MASTROENI. Theoretical Aspects of Computing – ICTAC 2019. Hammamet, Tunisia: Springer, 2019, p. 255-272. ISBN 978-3-030-32504-6. Available from: https://dx.doi.org/10.1007/978-3-030-32505-3_15.

@inproceedings{1678177,
   author = {Arceri, Vincenzo and Olliaro, Martina and Cortesi, Agostino and Mastroeni, Isabella},
   address = {Hammamet, Tunisia},
   booktitle = {Theoretical Aspects of Computing – ICTAC 2019},
   doi = {http://dx.doi.org/10.1007/978-3-030-32505-3_15},
   editor = {Robert M. Hierons, Mohamed Mosbah},
   keywords = {string abstract domains; abstract interpretation completeness; string analysis},
   howpublished = {tištěná verze "print"},
   language = {eng},
   location = {Hammamet, Tunisia},
   isbn = {978-3-030-32504-6},
   pages = {255-272},
   publisher = {Springer},
   title = {Completeness of Abstract Domains for String Analysis of JavaScript Programs},
   year = {2019}
}

TY  - CONF
ID  - 1678177
AU  - Arceri, Vincenzo - Olliaro, Martina - Cortesi, Agostino - Mastroeni, Isabella
PY  - 2019
TI  - Completeness of Abstract Domains for String Analysis of JavaScript Programs
PB  - Springer
CY  - Hammamet, Tunisia
SN  - 9783030325046
KW  - string abstract domains
KW  - abstract interpretation completeness
KW  - string analysis
N2  - Completeness in abstract interpretation is a well-known property, which ensures that the abstract framework does not lose information during the abstraction process, with respect to the property of interest. Completeness has been never taken into account for existing string abstract domains, due to the fact that it is difficult to prove it formally. However, the effort is fully justified when dealing with string analysis, which is a key issue to guarantee security properties in many software systems, in particular for JavaScript programs where poorly managed string manipulating code often leads to significant security flaws. In this paper, we address completeness for the main JavaScript-specific string abstract domains, we provide suitable refinements of them, and we discuss the benefits of guaranteeing completeness in the context of abstract-interpretation based string analysis of dynamic languages.
ER  -

ARCERI, Vincenzo; Martina OLLIARO; Agostino CORTESI and Isabella MASTROENI. Completeness of Abstract Domains for String Analysis of JavaScript Programs. In Robert M. Hierons, Mohamed Mosbah. CORTESI, Agostino and Isabella MASTROENI. \textit{Theoretical Aspects of Computing – ICTAC 2019}. Hammamet, Tunisia: Springer, 2019, p.~255-272. ISBN~978-3-030-32504-6. Available from: https://dx.doi.org/10.1007/978-3-030-32505-3\_{}15.

Přehled o publikaci