search

wala / JS_WALA

WALA analyses and tools that are implemented in JavaScript
Eclipse Public License 1.0
82 stars 11 forks source link

js_wala #5

Open mingshanjianke opened 8 years ago

mingshanjianke commented 8 years ago

hi, I have some confusion about the JS_WALA. Firstly, I am confused why we should normalize the js first? Is it just for adapting the lots of cases in js of html? Secondly, I am confused why the generated CFG have a ring ? Finally, I think when put some js into "normalizer", the "normalizer" make many temporary variables. When I want to analyze the define and use of js , it is too difficulty. Could you give me some advice for it?Thanks!

xiemaisi commented 8 years ago

Firstly, I am confused why we should normalize the js first? Is it just for adapting the lots of cases in js of html?

Yes. The normalisation flattens nested expressions, and replaces complex language constructs by simpler ones where possible (e.g., x -= y is expressed as x = x - y). This is useful for many analyses, since you have to consider fewer constructs.

Secondly, I am confused why the generated CFG have a ring?

I am confused by this question. What do you mean by a "ring"?

the "normalizer" make many temporary variables.

Yes. This is because complex nested expressions are replaced by a series of simpler statements that compute the same value. Basically, the new temporary variables give names to results of nested sub-expressions.

mingshanjianke commented 8 years ago

What I mean the "ring" is that the last statement is point to the first statement,like this "ExpressionStatement at 2 b=a --> [Program at 1]".

xiemaisi commented 8 years ago

Ah, I see what you mean (though I still don't understand why you refer to it as a "ring"; your example is not cyclic).

The CFGs we construct are intraprocedural, that is, there is one CFG for each function, and one for each toplevel script. In general, it's useful for CFGs to have a single entry node and a single exit node, so we create an artificial Entry node for each script and function. Similarly, we could have created corresponding Exit nodes, but instead we decided to overload the Program node of a script (and, similarly, the FunctionExpression and FunctionDeclaration nodes of a function) to serve as exit node.

For instance, in the example, the CFG of the toplevel script has Entry at 1:0 as its entry node, and Program at 1:0 as its exit node.