5,579 research outputs found
Semantics and Security Issues in JavaScript
There is a plethora of research articles describing the deep semantics of
JavaScript. Nevertheless, such articles are often difficult to grasp for
readers not familiar with formal semantics. In this report, we propose a digest
of the semantics of JavaScript centered around security concerns. This document
proposes an overview of the JavaScript language and the misleading semantic
points in its design. The first part of the document describes the main
characteristics of the language itself. The second part presents how those
characteristics can lead to problems. It finishes by showing some coding
patterns to avoid certain traps and presents some ECMAScript 5 new features.Comment: Deliverable Resilience FUI 12: 7.3.2.1 Failles de s\'ecurit\'e en
JavaScript / JavaScript security issue
Declassification of Faceted Values in JavaScript
This research addresses the issues with protecting sensitive information at the language level using information flow control mechanisms (IFC). Most of the IFC mechanisms face the challenge of releasing sensitive information in a restricted or limited manner. This research uses faceted values, an IFC mechanism that has shown promising flexibility for downgrading the confidential information in a secure manner, also called declassification.
In this project, we introduce the concept of first-class labels to simplify the declassification of faceted values. To validate the utility of our approach we show how the combination of faceted values and first-class labels can build various declassification mechanisms
An Abstract Interpretation-based Model of Tracing Just-In-Time Compilation
Tracing just-in-time compilation is a popular compilation technique for the
efficient implementation of dynamic languages, which is commonly used for
JavaScript, Python and PHP. We provide a formal model of tracing JIT
compilation of programs using abstract interpretation. Hot path detection
corresponds to an abstraction of the trace semantics of the program. The
optimization phase corresponds to a transform of the original program that
preserves its trace semantics up to an observation modeled by some abstraction.
We provide a generic framework to express dynamic optimizations and prove them
correct. We instantiate it to prove the correctness of dynamic type
specialization and constant variable folding. We show that our framework is
more general than the model of tracing compilation introduced by Guo and
Palsberg [2011] based on operational bisimulations.Comment: To appear in ACM Transactions on Programming Languages and System
Trust, but Verify: Two-Phase Typing for Dynamic Languages
A key challenge when statically typing so-called dynamic languages is the
ubiquity of value-based overloading, where a given function can dynamically
reflect upon and behave according to the types of its arguments. Thus, to
establish basic types, the analysis must reason precisely about values, but in
the presence of higher-order functions and polymorphism, this reasoning itself
can require basic types. In this paper we address this chicken-and-egg problem
by introducing the framework of two-phased typing. The first "trust" phase
performs classical, i.e. flow-, path- and value-insensitive type checking to
assign basic types to various program expressions. When the check inevitably
runs into "errors" due to value-insensitivity, it wraps problematic expressions
with DEAD-casts, which explicate the trust obligations that must be discharged
by the second phase. The second phase uses refinement typing, a flow- and
path-sensitive analysis, that decorates the first phase's types with logical
predicates to track value relationships and thereby verify the casts and
establish other correctness properties for dynamically typed languages
- …