This invention relates generally to analysis of programs and, more specifically, relates to static analysis of programs.
This section is intended to provide a background or context to the invention disclosed below. The description herein may include concepts that could be pursued, but are not necessarily ones that have been previously conceived, implemented or described. Therefore, unless otherwise explicitly indicated herein, what is described in this section is not prior art to the description in this application and is not admitted to be prior art by inclusion in this section.
Languages with dynamic code execution, such as JAVASCRIPT®, present a challenge for static analysis. JAVASCRIPT® is a scripting language commonly implemented as part of a web browser. Static analyses are run over code before the code is executed, so the analyses can only analyze code that is statically known. In particular, call graph generation and pointer analysis will be incomplete and possibly incorrect without knowledge of all the code that could be executed. Modular analysis and incremental analysis allow a static analysis to analyze a program in parts then combine the results into one final result. These types of static analyses still suffer from only being able to analyze code that is known to exist statically, and they are not solutions to finding and analyzing dynamically executed code. Furthermore, JAVASCRIPT® does not have a strong module system so a piece of code could impact every piece of the whole program.
Typically, statements that execute code dynamically are ignored in static analyses for JAVASCRIPT®. Dynamic analyses, which run concurrently with the program, can analyze dynamically executed code, but there are limitations to dynamic analyses. First, the dynamic analyses must run while the program is run so there is some amount of overhead in running the analysis. Second, dynamic analyses do not alert the developer to problems during development since these analyses only analyze programs that are being executed.
Third, to incorporate dynamic analysis into a developer tool, the developer can write test cases that will execute the program and allow the dynamic analysis to run. Any program point not reached by a test case will not be analyzed by the dynamic analysis. So the dynamic analysis has limited coverage. By contrast, static analysis can be run without executing the program and static analysis examines all possible program paths. For these reasons, it is important to improve the handling of dynamically executed code in a static analysis.