Deep learning type inference

VJ Hellendoorn, C Bird, ET Barr… - … of the 2018 26th acm joint …, 2018 - dl.acm.org
Dynamically typed languages such as JavaScript and Python are increasingly popular, yet
static typing has not been totally eclipsed: Python now supports type annotations and …

Pycg: Practical call graph generation in python

V Salis, T Sotiropoulos, P Louridas… - 2021 IEEE/ACM …, 2021 - ieeexplore.ieee.org
Call graphs play an important role in different contexts, such as profiling and vulnerability
propagation analysis. Generating call graphs in an efficient manner can be a challenging …

Analysis of JavaScript programs: Challenges and research trends

K Sun, S Ryu - ACM Computing Surveys (CSUR), 2017 - dl.acm.org
JavaScript has been a de facto standard language for client-side web programs, and now it
is expanding its territory to general purpose programs. In this article, we classify the client …

KJS: A complete formal semantics of JavaScript

D Park, A Stefănescu, G Roşu - Proceedings of the 36th ACM SIGPLAN …, 2015 - dl.acm.org
This paper presents KJS, the most complete and throughly tested formal semantics of
JavaScript to date. Being executable, KJS has been tested against the ECMAScript 5.1 …

Detecting node. js prototype pollution vulnerabilities via object lookup analysis

S Li, M Kang, J Hou, Y Cao - Proceedings of the 29th ACM Joint Meeting …, 2021 - dl.acm.org
Prototype pollution is a type of vulnerability specific to prototype-based languages, such as
JavaScript, which allows an adversary to pollute a base object's property, leading to a further …

Mining node. js vulnerabilities via object dependence graph and query

S Li, M Kang, J Hou, Y Cao - 31st USENIX Security Symposium …, 2022 - usenix.org
Node. js is a popular non-browser JavaScript platform that provides useful but sometimes
also vulnerable packages. On one hand, prior works have proposed many program analysis …

Containing malicious package updates in npm with a lightweight permission system

G Ferreira, L Jia, J Sunshine… - 2021 IEEE/ACM 43rd …, 2021 - ieeexplore.ieee.org
The large amount of third-party packages available in fast-moving software ecosystems,
such as Node. js/npm, enables attackers to compromise applications by pushing malicious …

Static analysis of event-driven Node. js JavaScript applications

M Madsen, F Tip, O Lhoták - ACM SIGPLAN Notices, 2015 - dl.acm.org
Many JavaScript programs are written in an event-driven style. In particular, in server-side
Node. js applications, operations involving sockets, streams, and files are typically …

Discovering bug patterns in JavaScript

Q Hanam, FSM Brito, A Mesbah - Proceedings of the 2016 24th ACM …, 2016 - dl.acm.org
JavaScript has become the most popular language used by developers for client and server
side programming. The language, however, still lacks proper support in the form of warnings …

Scaling javascript abstract interpretation to detect and exploit node. js taint-style vulnerability

M Kang, Y Xu, S Li, R Gjomemo, J Hou… - … IEEE Symposium on …, 2023 - ieeexplore.ieee.org
Taint-style vulnerabilities, such as OS command injection and path traversal, are common
and severe software weaknesses. There exists an inherent trade-off between analysis …