Practically tunable static analysis framework for large-scale JavaScript applications

Abstract

We present a novel approach to analyze large-scale JavaScript applications statically by tuning the analysis scalability possibly giving up its soundness. For a given sound static baseline analysis of JavaScript programs, our framework allows users to define a sound approximation of selected executions that they are interested in analyzing, and it derives a tuned static analysis that can analyze the selected executions practically. The selected executions serve as parameters of the framework by taking trade-off between the scalability and the soundness of derived analyses. We formally describe our framework in abstract interpretation, and implement two instances of the framework. We evaluate them by analyzing large-scale real-world JavaScript applications, and the evaluation results show that the framework indeed empowers users to experiment with different levels of scalability and soundness. Our implementation provides an extra level of scalability by deriving sparse versions of derived analyses, and the implementation is publicly available.