• Higher-order contracts for Jav...

*Result*: Higher-order contracts for JavaScript

Title:
Higher-order contracts for JavaScript
Authors:
Keil, Roman Matthias
Publication Year:
2018
Collection:
University of Freiburg: FreiDok
Subject Terms:
JavaScript
Document Type:
*Dissertation/ Thesis* doctoral or postdoctoral thesis
File Description:
pdf
Language:
English
Relation:
https://freidok.uni-freiburg.de/data/16963
DOI:
10.6094/UNIFR/16963
Availability:
https://freidok.uni-freiburg.de/data/16963
https://nbn-resolving.org/urn:nbn:de:bsz:25-freidok-169633
https://doi.org/10.6094/UNIFR/16963
https://freidok.uni-freiburg.de/dnb/download/16963
Rights:
free
Accession Number:
edsbas.A76555EA
Database:
BASE

*Further Information*

*JavaScript is an untyped and dynamic programming language with objects and first-class functions. While it is most well-known as the client-side scripting language for websites, it is also increasingly used for non-browser development, such as developing server-side applications with Node.js, for game development, to implement platform-independent mobile applications, or as a compilation target for other languages like TypeScript or Dart. Unfortunately, JavaScript itself has no real security awareness: there is a global scope for functions and variables, all scripts have the same authority, and everything can be modified, from the fields and methods of an object over its prototype property to the scope chain of a function closure. As a consequence, JavaScript code is prone to injection attacks, library code can read and manipulate everything reachable from the global scope, and third-party code can get access to sensitive data. Furthermore, side effects may cause unexpected behavior so that program understanding and maintenance become difficult. To overcome these limitations, we propose using contracts with runtime monitoring. Software contracts were introduced with Meyer’s Design by Contract methodology which stipulates invariants for objects as well as Hoare-like pre- and postconditions for functions. Contract monitoring has become a prominent mechanism to provide strong guarantees for programs in dynamically typed languages while preserving their flexibility and expressiveness. This dissertation presents the design and implementation of TreatJS, a language-embedded, higher-order contract system for JavaScript which enforces contracts by runtime monitoring. Beyond the standard abstractions for higher-order contracts (flat contracts, function contracts, dependent contracts), TreatJS provides intersection and union operators for contracts and a contract constructor that constructs and composes contracts at runtime using contract abstraction. Contract constructors are the building blocks for dependent contracts, ...*