Improving Precision of Java']JavaScript Program Analysis with an Extended Domain of Intervals

The Abstract Interpretation has been a promising approach for static analysis of JavaScript programs. Static analysis is used for security auditing, debugging, optimization and error checking. JavaScript is dynamically typed, uses prototype-based inheritance and first class functions. It supports reflective calls, access to object fields and allows object fields to be dynamically added and deleted. These dynamic features make JavaScript flexible to use. At the same time, they make JavaScript applications more susceptible to programming errors. The challenge that comes with the analysis of such programs is the design of abstract domains that will precisely track properties of interest without affecting performance. This paper presents our work on improving analysis precision of JavaScript programs. We used an extended domain of intervals to track ranges of numeric values of variables. This is the first time interval domain has been applied to the analysis of the full JavaScript language. We implemented the new abstract domain within a JavaScript abstract interpreter. Our experiments show that the new abstract domain enables the abstract interpreter to infer more precise type information for most of the benchmark programs and strikes a good balance between analysis precision and cost. While the analysis of some benchmarks take more time as expected, some other benchmarks actually take less time.