KJS: A complete formal semantics of javascript

Daejun Park; Andrei Stefanescu; Grigore Rosu

doi:10.1145/2737924.2737991

KJS: A complete formal semantics of javascript

Daejun Park, Andrei Stefanescu, Grigore Rosu

Research output: Contribution to journal › Article › peer-review

Abstract

This paper presents KJS, the most complete and throughly tested formal semantics of JavaScript to date. Being executable, KJS has been tested against the ECMAScript 5.1 conformance test suite, and passes all 2,782 core language tests. Among the existing implementations of JavaScript, only Chrome V8's passes all the tests, and no other semantics passes more than 90%. In addition to a reference implementation for JavaScript, KJS also yields a simple coverage metric for a test suite: the set of semantic rules it exercises. Our semantics revealed that the ECMAScript 5.1 conformance test suite fails to cover several semantic rules. Guided by the semantics, we wrote tests to exercise those rules. The new tests revealed bugs both in production JavaScript engines (Chrome V8, Safari WebKit, Firefox SpiderMonkey) and in other semantics. KJS is symbolically executable, thus it can be used for formal analysis and verification of JavaScript programs. We verified non-trivial programs and found a known security vulnerability.

Original language	English (US)
Pages (from-to)	346-356
Number of pages	11
Journal	ACM SIGPLAN Notices
Volume	50
Issue number	6
DOIs	https://doi.org/10.1145/2737924.2737991
State	Published - Jun 2015

Keywords

JavaScript
K framework
Mechanized semantics

ASJC Scopus subject areas

Computer Science(all)

Online availability

10.1145/2737924.2737991

Library availability

Discover UIUC Full Text

Cite this

@article{e6d26e572e6c4055ba46f52d9c2229d0,

title = "KJS: A complete formal semantics of javascript",

abstract = "This paper presents KJS, the most complete and throughly tested formal semantics of JavaScript to date. Being executable, KJS has been tested against the ECMAScript 5.1 conformance test suite, and passes all 2,782 core language tests. Among the existing implementations of JavaScript, only Chrome V8's passes all the tests, and no other semantics passes more than 90%. In addition to a reference implementation for JavaScript, KJS also yields a simple coverage metric for a test suite: the set of semantic rules it exercises. Our semantics revealed that the ECMAScript 5.1 conformance test suite fails to cover several semantic rules. Guided by the semantics, we wrote tests to exercise those rules. The new tests revealed bugs both in production JavaScript engines (Chrome V8, Safari WebKit, Firefox SpiderMonkey) and in other semantics. KJS is symbolically executable, thus it can be used for formal analysis and verification of JavaScript programs. We verified non-trivial programs and found a known security vulnerability.",

keywords = "JavaScript, K framework, Mechanized semantics",

author = "Daejun Park and Andrei Stefanescu and Grigore Rosu",

year = "2015",

month = jun,

doi = "10.1145/2737924.2737991",

language = "English (US)",

volume = "50",

pages = "346--356",

journal = "ACM SIGPLAN Notices",

issn = "1523-2867",

publisher = "Association for Computing Machinery (ACM)",

number = "6",

}

TY - JOUR

T1 - KJS

T2 - A complete formal semantics of javascript

AU - Park, Daejun

AU - Stefanescu, Andrei

AU - Rosu, Grigore

PY - 2015/6

Y1 - 2015/6

N2 - This paper presents KJS, the most complete and throughly tested formal semantics of JavaScript to date. Being executable, KJS has been tested against the ECMAScript 5.1 conformance test suite, and passes all 2,782 core language tests. Among the existing implementations of JavaScript, only Chrome V8's passes all the tests, and no other semantics passes more than 90%. In addition to a reference implementation for JavaScript, KJS also yields a simple coverage metric for a test suite: the set of semantic rules it exercises. Our semantics revealed that the ECMAScript 5.1 conformance test suite fails to cover several semantic rules. Guided by the semantics, we wrote tests to exercise those rules. The new tests revealed bugs both in production JavaScript engines (Chrome V8, Safari WebKit, Firefox SpiderMonkey) and in other semantics. KJS is symbolically executable, thus it can be used for formal analysis and verification of JavaScript programs. We verified non-trivial programs and found a known security vulnerability.

AB - This paper presents KJS, the most complete and throughly tested formal semantics of JavaScript to date. Being executable, KJS has been tested against the ECMAScript 5.1 conformance test suite, and passes all 2,782 core language tests. Among the existing implementations of JavaScript, only Chrome V8's passes all the tests, and no other semantics passes more than 90%. In addition to a reference implementation for JavaScript, KJS also yields a simple coverage metric for a test suite: the set of semantic rules it exercises. Our semantics revealed that the ECMAScript 5.1 conformance test suite fails to cover several semantic rules. Guided by the semantics, we wrote tests to exercise those rules. The new tests revealed bugs both in production JavaScript engines (Chrome V8, Safari WebKit, Firefox SpiderMonkey) and in other semantics. KJS is symbolically executable, thus it can be used for formal analysis and verification of JavaScript programs. We verified non-trivial programs and found a known security vulnerability.

KW - JavaScript

KW - K framework

KW - Mechanized semantics

UR - http://www.scopus.com/inward/record.url?scp=84950973214&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84950973214&partnerID=8YFLogxK

U2 - 10.1145/2737924.2737991

DO - 10.1145/2737924.2737991

M3 - Article

AN - SCOPUS:84950973214

VL - 50

SP - 346

EP - 356

JO - ACM SIGPLAN Notices

JF - ACM SIGPLAN Notices

SN - 1523-2867

IS - 6

ER -

KJS: A complete formal semantics of javascript

Abstract

Keywords

ASJC Scopus subject areas

Online availability

Library availability

Related links

Fingerprint

Cite this