Skip to page navigation menu Skip entire header
Brown University
Skip 13 subheader links

Semantics and Types for Safe Web Programming


Web programs are distinct from traditional programs in two key ways. First,<br/><br/> programs freely compose data and code from several sources. Second, the user<br/><br/> often cannot control which programs run; Web programs are visited, not<br/><br/> installed. These problems do not affect traditional software.<br/><br/> <br/><br/> Web programs are universally written in JavaScript, the \emph{lingua<br/><br/> franca} of the Web. JavaScript has quirks and features that<br/><br/> make it difficult to read and reason about simple snippets of code. JavaScript<br/><br/> also lacks mechanisms necessary to control the complexity of large<br/><br/> programs. These deficiencies make Web programming harder<br/><br/> than necessary. <br/><br/> <br/><br/> This dissertation presents a type-checker for JavaScript <br/><br/> that uses two novel<br/><br/> techniques to verify JavaScript programs that are untypable by conventional<br/><br/> means. These types define invariants and interfaces for programming in the<br/><br/> large, and also catch bugs caused by JavaScript's quirks. We demonstrate its<br/><br/> efficacy by type-checking several thousand lines of JavaScript, written by<br/><br/> several third-party programmers.<br/><br/> <br/><br/> Our JavaScript type-checker is sophisticated enough to verify security<br/><br/> properties of JavaScript code. We use the type-checker to verify and find bugs<br/><br/> in ADsafe, a third-party language-based Web sandbox that makes program<br/><br/> composition safe. As a result, ADsafe is the first Web sandbox with a<br/><br/> precisely defined notion of safety and proof thereof.<br/><br/> <br/><br/> Finally, this dissertation presents a core calculus for JavaScript that is<br/><br/> tested against commercial Web browsers. The design of the calculus and our<br/><br/> testing give us confidence that our tools and proofs have some bearing on<br/><br/> reality. For the same reasons, our semantics are already in use by other<br/><br/> research groups.
Thesis (Ph.D. -- Brown University (2012)

Access Conditions

In Copyright
Restrictions on Use
Collection is open for research.


Guha, Arjun, "Semantics and Types for Safe Web Programming" (2012). Computer Science Theses and Dissertations. Brown Digital Repository. Brown University Library.