An Empirical Study on the Rewritability of the with Statement in JavaScript

Changhee Park, Hongki Lee and Sukyoung Ryu

Abstract

As JavaScript gets more popular in web programming, a demand for better analysis of JavaScript programs becomes higher. However, many dynamic features of JavaScript make its analysis, especially static analysis, particularly difficult. One of the main dynamic features of JavaScript is the with statement, which invalidates lexical scoping by introducing a new scope at run time. To simplify the problem, many researchers leave the with statement out of their consideration and major web service companies force their web application developers to use sub-languages of JavaScript which do not include the with statement. While deprecating a potentially dangerous feature might be the easiest solution, it could be too restrictive for application development. To decide whether to include the with statement, we should better understand the actual usage patterns of the with statement. In this paper, we present the usage patterns of the with statement in real-world JavaScript applications currently used in the 98 most popular web sites. We investigate whether we can rewrite the with statements in each pattern to other statements not using with. We show that we can rewrite all the static occurrences of the with statement which does not have any dynamic code generating functions. Even though the rewriting process is not applicable to any dynamically instrumented with statements either, our result is still promising. Because all the static approaches that disallow the with statement also disallow dynamic code instrumentation, such static approaches can allow the with statement using our rewriting process: JavaScript developers use the with statement in their applications and the rewriting process desugars it away. Automating the rewriting process is under progress and we believe that it will make static analysis of JavaScript programs more feasible while imposing less restriction.

Full paper

Slides

o

Presented at FOOL 2011; Sunday, 23 October 2011; Portland, Oregon, USA