We study the mechanised specification of the JavaScript language (following the ECMAScript 5 standard) and the verification of JavaScript programs.

JSCert

With Bodin, Charguéraud, and Schmitt at Inria, we have developed JSCert, a substantial Coq specification that is line-by-line close to the core language of the ECMAScript 5 standard. It comes with a reference interpreter, JSRef, proven correct with respect to JSCert and tested using the official Test262 test suite. We are currently extending this specification to the numerous libraries, providing continuous test integration for the ever-growing specification, developing a new, human-readable JSRef, with a tighter connection to the standard and good tracking properties, and creating the web service Explain.js to explain behavioural complexities of JavaScript programs.

JSIL

We have developed a principled compiler from JavaScript (ECMAScript 5 strict) to a small intermediate language JSIL, which has a simpler operational semantics and is better suited to program verification. The compiler has been substantially tested using the Test262 test suite and it comes with a hand-proof of translation correctness for a fragment of the language. We will use JSIL to develop JSVerify - a verification tool for JavaScript. Daiva Naudžiūnienė will this year hold internships at Amazon and Facebook to use JSIL to develop front-ends for the CBMC and Infer verification tools.

Research Support

This research is supported by the EPSRC/GCHQ grant EP/K032089/1: Certified Verification of Client-Side Web Programs, the EPSRC programme grant EP/K008528/1: REMS: Rigorous Engineering of Mainstream Systems and previously by the EPSRC programme grant EP/H008373/2: Resource Reasoning.

We also interact extensively with Arthur Charguéraud, Alan Schmitt and Martin Bodin of INRIA, who are supported by the AJACS project.

People

Recent Publications

  1. Towards Logic-based Verification of JavaScript Programs

    Proceedings of 26th Conference on Automated Deduction (CADE 26)

  2. DOM: Specification and Client Reasoning

    Proceedings of the 13th Asian Symposium on Programming Languages and Systems (APLAS’16), pp. 401–422

  3. Mashic Compiler: Mashup Sandboxing based on Inter-frame Communication

    Journal of Computer Security, vol. 1(24), pp. 91–136

  4. A Trusted Mechanised Specification of JavaScript: One Year On

    Proceedings of the 27th International Conference on Computer Aided Verification (CAV’15), pp. 3–10

  5. A Trusted Mechanised JavaScript Specification

    Proceedings of the 41st Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL’14), pp. 87–100

  6. Towards a Program Logic for JavaScript

    Proceedings of the 39th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL’12), pp. 31–44

  7. Reasoning About Client-side Web Programs: Invited Talk

    Proceedings of the 2010 EDBT/ICDT Workshops

  8. DOM: Towards a Formal Specification

    Proceedings of the ACM SIGPLAN Workshop on Programming Language Technologies for XML (PLAN-X’08)

  9. Local Hoare Reasoning about DOM

    Proceedings of the 27th ACM SIGMOD-SIGACT-SIGART Symposium on Principles of Database Systems (PODS’08), pp. 261–270

  10. Behavioural Equivalences for Dynamic Web Data

    Logic and Algebraic Programming, vol. 75(1), pp. 86–138