A Trusted Infrastructure for Symbolic Analysis of Event-Driven Web Applications

We introduce a trusted infrastructure for the symbolic analysis of modern event-driven Web applications. This infrastructure consists of reference implementations of the DOM Core Level 1, DOM UI Events, JavaScript Promises and the JavaScript async/await APIs, all underpinned by a simple Core Event Semantics which is sufficiently expressive to describe the event models underlying these APIs. Our reference implementations are trustworthy in that three follow the appropriate standards line-by-line and all are thoroughly tested against the official test-suites, passing all the applicable tests. Using the Core Event Semantics and the reference implementations, we develop JaVerT.Click, a symbolic execution tool for JavaScript that, for the first time, supports reasoning about JavaScript programs that use multiple event-related APIs. We demonstrate the viability of JaVerT.Click by proving both the presence and absence of bugs in real-world JavaScript code

A Trusted Infrastructure for Symbolic Analysis of Event-Driven Web Applications (Artifact)

This artifact contains the implementation of JaVerT.Click, a symbolic analysis tool for modern event-driven Web applications. The tool extends JaVerT 2.0, a state-of-the-art symbolic execution tool for JavaScript (JS), with JS reference implementations of the DOM Core Level 1, DOM UI Events, JavaScript Promises and the JavaScript async/await APIs, all underpinned by a simple Core Event Semantics which is sufficiently expressive to describe the event models underlying these APIs. Our reference implementations mostly follow the respective standards line-by-line and are all thoroughly tested against the official test suite. We also evaluate JaVerT.Click by performing symbolic analysis on two real-world libraries: cash and p-map, finding three previously unknown bugs

LLFp: A logical framework for modeling external evidence, side conditions, and proof irrelevance using monads

We extend the constructive dependent type theory of the Logical Framework LF with monadic, dependent type constructors indexed with predicates over judgements, called Locks. These monads capture various possible proof attitudes in establishing the judgment of the object logic encoded by an LF type. Standard examples are factoring-out the verification of a constraint or delegating it to an external oracle, or supplying some non-apodictic epistemic evidence, or simply discarding the proof witness of a precondition deeming it irrelevant. This new framework, called Lax Logical Framework, LLFP, is a conservative extension of LF, and hence it is the appropriate metalanguage for dealing formally with side-conditions in rules or external evidence in logical systems. LLFP arises once the monadic nature of the lock type-constructor, (Formula Presented), introduced by the authors in a series of papers, together with Marina Lenisa, is fully exploited. The nature of the lock monads permits to utilize the very Lock destructor, (Formula Presented), in place of Moggi\u2019s monadic letT, thus simplifying the equational theory. The rules for (Formula Presented) permit also the removal of the monad once the constraint is satisfied. We derive the meta-theory of LLFP by a novel indirect method based on the encoding of LLFP in LF. We discuss encodings in LLFP of call-by-value \u3bb-calculi, Hoare\u2019s Logic, and Fitch-Prawitz Naive Set Theory