by Swamy, Nikhil, Fournet, Cedric, Rastogi, Aseem, Bhargavan, Karthikeyan, Chen, Juan, Strub, Pierre-Yves and Bierman, Gavin
Abstract:
JavaScript's flexible semantics makes writing correct code hard and writing secure code extremely difficult. To address the former problem, various forms of gradual typing have been proposed, such as Closure and TypeScript. However, supporting all common programming idioms is not easy; for example, TypeScript deliberately gives up type soundness for programming convenience. In this paper, we propose a gradual type system and implementation techniques that provide important safety and security guarantees.We present TS , a gradual type system and source-to-source compiler for JavaScript. In contrast to prior gradual type systems, TS features full runtime reflection over three kinds of types: (1) simple types for higher-order functions, recursive datatypes and dictionary-based extensible records; (2) the type any, for dynamically type-safe TS expressions; and (3) the type un, for untrusted, potentially malicious JavaScript contexts in which TS is embedded. After type-checking, the compiler instruments the program with various checks to ensure the type safety of TS despite its interactions with arbitrary JavaScript contexts, which are free to use eval, stack walks, prototype customizations, and other offensive features. The proof of our main theorem employs a form of type-preserving compilation, wherein we prove all the runtime invariants of the translation of TS to JavaScript by showing that translated programs are well-typed in JS , a previously proposed dependently typed language for proving functional correctness of JavaScript programs.We describe a prototype compiler, a secure runtime, and sample applications for TS. Our examples illustrate how web security patterns that developers currently program in JavaScript (with much difficulty and still with dubious results) can instead be programmed naturally in TS, retaining a flavor of idiomatic JavaScript, while providing strong safety guarantees by virtue of typing.
Reference:
Gradual Typing Embedded Securely in JavaScript (Swamy, Nikhil, Fournet, Cedric, Rastogi, Aseem, Bhargavan, Karthikeyan, Chen, Juan, Strub, Pierre-Yves and Bierman, Gavin), In SIGPLAN Not., Association for Computing Machinery, volume 49, 2014.
Bibtex Entry:
@article{10.1145/2578855.2535889,
author = {Swamy, Nikhil and Fournet, Cedric and Rastogi, Aseem and Bhargavan, Karthikeyan and Chen, Juan and Strub, Pierre-Yves and Bierman, Gavin},
title = {Gradual Typing Embedded Securely in JavaScript},
year = {2014},
issue_date = {January 2014},
publisher = {Association for Computing Machinery},
address = {New York, NY, USA},
volume = {49},
number = {1},
issn = {0362-1340},
url = {https://doi.org/10.1145/2578855.2535889},
doi = {10.1145/2578855.2535889},
abstract = {JavaScript's flexible semantics makes writing correct code hard and writing secure code extremely difficult. To address the former problem, various forms of gradual typing have been proposed, such as Closure and TypeScript. However, supporting all common programming idioms is not easy; for example, TypeScript deliberately gives up type soundness for programming convenience. In this paper, we propose a gradual type system and implementation techniques that provide important safety and security guarantees.We present TS# , a gradual type system and source-to-source compiler for JavaScript. In contrast to prior gradual type systems, TS# features full runtime reflection over three kinds of types: (1) simple types for higher-order functions, recursive datatypes and dictionary-based extensible records; (2) the type any, for dynamically type-safe TS# expressions; and (3) the type un, for untrusted, potentially malicious JavaScript contexts in which TS# is embedded. After type-checking, the compiler instruments the program with various checks to ensure the type safety of TS# despite its interactions with arbitrary JavaScript contexts, which are free to use eval, stack walks, prototype customizations, and other offensive features. The proof of our main theorem employs a form of type-preserving compilation, wherein we prove all the runtime invariants of the translation of TS# to JavaScript by showing that translated programs are well-typed in JS# , a previously proposed dependently typed language for proving functional correctness of JavaScript programs.We describe a prototype compiler, a secure runtime, and sample applications for TS#. Our examples illustrate how web security patterns that developers currently program in JavaScript (with much difficulty and still with dubious results) can instead be programmed naturally in TS#, retaining a flavor of idiomatic JavaScript, while providing strong safety guarantees by virtue of typing.},
journal = {SIGPLAN Not.},
month = {jan},
pages = {425–437},
numpages = {13},
keywords = {compilers, language-based security, type systems}
}