Download
slide1 n.
Skip this Video
Loading SlideShow in 5 Seconds..
Static Verification for Web Scripting Languages PowerPoint Presentation
Download Presentation
Static Verification for Web Scripting Languages

Static Verification for Web Scripting Languages

160 Views Download Presentation
Download Presentation

Static Verification for Web Scripting Languages

- - - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

  1. Static Verification forWeb ScriptingLanguages Ravi Chugh

  2. Web Platform

  3. Web Platform UntrustedCode ScriptingLanguages

  4. My Goal: Rigorous Foundations Web Platform UntrustedCode Static Types and Logic! ScriptingLanguages

  5. 1995 • Web Page = Static HTML • Web Page + Links • Web Page + Client-Side Code <html> </html> <script type=“javascript”> loginButton.onclick= function () { if (passwordBox.value==“”) { alert(“Enter password!”); } else { ... } } </script> Username Password Login

  6. 1995 • No Static Types • “Dynamic” Features Make itEasy to Experiment… • … an easy-to-use “scripting language”as a companion to Java Brendan Eich,JavaScript creator

  7. 2013

  8. 2013 Asked whether Gmail would ever open up an API for developers to code add-ons and plug-ins with more official support and stability, Kowitz suggested it was unlikely. Gmail is based on “hundreds of thousands” of lines of JavaScript, Kowitz said,and it's a code base that “changes so quickly.” That said, Jackson said the Gmail team "loves" to see third-party functionality being developed, and the team tries to make developers aware of changes they know will affect those products. Article on LifeHacker

  9. 2013 Asked whether Gmail would ever open up an API for developers to code add-ons and plug-ins with more official support and stability, Kowitz suggested it was unlikely. Gmail is based on “hundreds of thousands” of lines of JavaScript, Kowitz said,andit's a code base that “changes so quickly.” That said, Jackson said the Gmail team "loves" to see third-party functionality being developed, and the team tries to make developers aware of changes they know will affect those products. • “Scripting”?!? Article on LifeHacker

  10. 2013 JavaScript isEverywhere http://stackoverflow.com/tags 02-03-13

  11. 2013 JavaScript isEverywhere http://stackoverflow.com/tags 02-03-13 Popular Server-SideScripting Languages

  12. 2013 Banking Shopping News JavaScript isEverywhere

  13. 2013 Banking Shopping News JavaScript isEverywhere Third-Party Ads

  14. 2013 Banking Shopping News JavaScript isEverywhere Third-Party Apps Third-Party Ads

  15. 2013 Third-Party JavaScript isEverywhere

  16. 2013 • No longerjust “scripting” • … an easy-to-use “scripting language”as a companion to Java

  17. 2013 • No longerjust “scripting” • … an easy-to-use “scripting language”as a companion to Java • JavaScript ismuch harder than Java

  18. … New Yorker article, “The Itch,” …

  19. PRINT

  20. “?printable=true” “I want every article in print mode”

  21. Browser Extensions Third-Party DevelopersCustomize Browser

  22. Browser Extensions PRINTNEW YORKER

  23. Browser Extensions for (var elt in doc.getEltsByTagName(“a”)) { var url = elt.getAttr(“href”); if (url.match(/^newyorker.com/)) { elt.setAttr(“href”, url + “?printable=true”); } }

  24. Browser Extensions Document (DOM) host-site.com PRINTNEW YORKER newyorker.com ?printable=true

  25. Browser Extensions Document (DOM) host-site.com PRINTNEW YORKER newyorker.com evil.com ?printable=true EVIL BUGGY Network Manager PasswordsBank AcctsHistory JavaScriptEngine OtherSensitiveAPIs

  26. Enforcing JavaScript Security? • Dynamic Checking… • Expensive • Misses Attacks • Can Blame Wrong Party • Goal: Static Verification

  27. My Dissertation • 1. Reliability / Security • 2. Development Tools • 3. Performance • Static Types for JavaScript • for Dynamic Languages

  28. My Dissertation • New Techniques Apply to Traditional Languages • Static Types for JavaScript • for Dynamic Languages • Many Challenges of Web are Independent of Language • Working with JavaScriptCan Have Long-Term Impact

  29. “booleans” • “integers” • “objects with foo field” • Static Types for JavaScript • Describe sets of run-time values • “urls that are safe to visit” • “non-nullpointers”

  30. “multiplyint and bool” • “booleans” • “foo fieldnot found” • “integers” • “objects with foo field” • “foo fieldnot found” • Static Types for JavaScript • Prevent classes of run-time errors • “navigating to evil.com” • “redirect to evil.com” • “urls that are safe to visit” • “null pointer exception” • “null pointer exception” • “non-nullpointers”

  31. f(x) • “actual args” • “expected args” •  • Type1 • Type2 ✓ • “function call produces no error”

  32. f(x) • “actual args” • “expected args” •  • Type1 • Type2 ✗ • “function call may produce error”

  33. Refinement Types • Types + Logic • “actual args” • “expected args” •  {x|p} • Type1 {x|q} • Type2  {x|p} {x|q}

  34. Refinement Types Types Logic {x|p} f :: {y|q} • Nested Refinements [POPL ’12] • Key to Encode Dynamic Features

  35. Usability Types + Logic Dependent JavaScript (DJS) [POPL ’12, OOPSLA ’12] Verification Hoare LogicsModel CheckingAbstract InterpretationTheorem Proving… Expressiveness

  36. Why JavaScript? • Challenges • Types via Logic • Security via Logic • Looking Ahead Outline • Why is JavaScript Important? • Why is JavaScript Hard? • Static Types via Logic • Security via Logic • Looking Ahead

  37. Why JavaScript? • Challenges • Types via Logic • Security via Logic • Looking Ahead Outline • Why is JavaScript Important? • Why is JavaScript Hard? • Static Types via Logic • Security via Logic • Looking Ahead

  38. Why JavaScript? • Challenges • Types via Logic • Security via Logic • Looking Ahead Outline • Why is JavaScript Hard? • Lightweight Reflection • Dictionary Objects • Additional Challenges

  39. Why JavaScript? • Challenges • Types via Logic • Security via Logic • Looking Ahead function negate(x) { if (typeofx==“number”) { } x • Q: What is my “type”?

  40. Why JavaScript? • Challenges • Types via Logic • Security via Logic • Looking Ahead All JavaScript Values {x|tag(x)=“number”} 3.14 -1 17 42 ... x • Q: What is my “type”? {x|tag(x)=“boolean”} {} {“f”:17} {x|tag(x)=“object”} ... {“f”:42,“g”:true} true false

  41. Why JavaScript? • Challenges • Types via Logic • Security via Logic • Looking Ahead function negate(x) { if (typeofx==“number”) { } x • Q: What is my “type”? • A: Described by “tag”

  42. Why JavaScript? • Challenges • Types via Logic • Security via Logic • Looking Ahead function negate(x) { if (typeofx==“number”) { return 0 - x; } else { return !x; } } • “expected args” • values with tag“number”OR“boolean”

  43. Why JavaScript? • Challenges • Types via Logic • Security via Logic • Looking Ahead Outline • Why is JavaScript Hard? • Lightweight Reflection • Dictionary Objects • Additional Challenges

  44. Why JavaScript? • Challenges • Types via Logic • Security via Logic • Looking Ahead obj.f means obj[“f”] • Objects are “Dictionaries”that mapstring keysto values • a.k.a.“maps”“hash tables”“associative arrays”

  45. Why JavaScript? • Challenges • Types via Logic • Security via Logic • Looking Ahead function dispatch(table, op, i, j) { } • methodto invoke • methodtable

  46. Why JavaScript? • Challenges • Types via Logic • Security via Logic • Looking Ahead function dispatch(table, op, i, j) { var fn = table[op]; return fn(i, j); } • “*” keynot found • “foo fieldnot found” var integerOps = { “+” : function (n, m) { … } , “-” : function (n, m) { … }}; dispatch (integerOps, “*”, 17, 42);

  47. Why JavaScript? • Challenges • Types via Logic • Security via Logic • Looking Ahead function dispatch(table, op, i, j) { var fn = table[op]; return fn(i, j); } • “expected args” • table object with an op key that stores a function on numbers • Dependencybetween typesof arguments

  48. Why JavaScript? • Challenges • Types via Logic • Security via Logic • Looking Ahead Outline • Why is JavaScript Hard? • Lightweight Reflection • Dictionary Objects • Additional Challenges

  49. Why JavaScript? • Challenges • Types via Logic • Security via Logic • Looking Ahead Outline • Why is JavaScript Hard? • Lightweight Reflection • Dictionary Objects • Extensible Objects • Prototype Inheritance • Array Semantics