Write a Blog >>
ASE 2020
Mon 21 - Fri 25 September 2020 Melbourne, Australia
Wed 23 Sep 2020 09:30 - 09:50 at Kangaroo - Synthesis Chair(s): Domenico Bianculli

JavaScript was initially designed for client-side programming in web browsers, but its engine is now embedded in various kinds of host software. Despite the popularity, since the JavaScript semantics is complex especially due to its dynamic nature, understanding and reasoning about JavaScript programs are challenging tasks. Thus, researchers have proposed several attempts to define the formal semantics of JavaScript based on ECMAScript, the official JavaScript specification. However, the existing approaches are manual, labor-intensive, and error-prone and all of their formal semantics target ECMAScript 5.1 (ES5.1, 2011) or its former versions. Therefore, they are not suitable for understanding modern JavaScript language features introduced since ECMAScript 6 (ES6, 2015). Moreover, ECMAScript has been annually updated since ES6, which already made five releases after ES5.1. To alleviate the problem, we propose JISET, a JavaScript IR-based Semantics Extraction Toolchain. It is the first tool that automatically synthesizes parsers and AST-IR translators directly from a given language specification, ECMAScript. For syntax, we develop a parser generation technique with lookahead parsing for BNFES, a variant of the extended BNF used in ECMAScript. For semantics, JISET synthesizes AST-IR translators using forward compatible rule-based compilation. Compile rules describe how to convert each step of abstract algorithms written in a structured natural language into IRES, an Intermediate Representation that we designed for ECMAScript. For the four most recent ECMAScript versions, JISET automatically synthesized parsers for all versions, and compiled 95.03% of the algorithm steps on average. After we complete the missing parts manually, the extracted core semantics of the latest ECMAScript (ES10, 2019) passed all 18,064 applicable tests. Using this first formal semantics of modern JavaScript, we found nine specification errors in ES10, which were all confirmed by the Ecma Technical Committee 39. Furthermore, we showed that JISET is forward compatible by applying it to nine feature proposals ready for inclusion in the next ECMAScript, which let us find four errors in the BigInt proposal.

Wed 23 Sep
Times are displayed in time zone: (UTC) Coordinated Universal Time

09:10 - 10:10: SynthesisResearch Papers at Kangaroo
Chair(s): Domenico BianculliUniversity of Luxembourg
09:10 - 09:30
Just-In-Time Reactive Synthesis
Research Papers
Shahar MaozTel Aviv University, Israel, Ilia ShevrinTel Aviv University
09:30 - 09:50
JISET: JavaScript IR-based Semantics Extraction Toolchain
Research Papers
Jihyeok ParkKAIST, South Korea, Jihee ParkKAIST, Seungmin AnKAIST, Sukyoung RyuKAIST
09:50 - 10:10
FlashRegex: Deducing Anti-ReDoS Regexes from Examples
Research Papers
Yeting LiInstitute of Software, Chinese Academy of Sciences; University of Chinese Academy of Sciences, Zhiwu XuShenzhen University, Jialun CaoDepartment of Computer Science and Engineering, The Hong Kong University of Science and Technology, Haiming ChenInstitute of Software, Chinese Academy of Sciences, Tingjian GeUniversity of Massachusetts, Lowell, Shing-Chi CheungHong Kong University of Science and Technology, China, Haoren ZhaoShaanxi Normal University, Xi'an, China