Software

The Eval That Men Do: A Large-Scale Study of the Use of Eval in JavaScript Applications

Free registration required

Executive Summary

Transforming text into executable code with a function such as Java-Script's eval endows programmers with the ability to extend applications, at any time, and in almost any way they choose. But, this expressive power comes at a price: reasoning about the dynamic behavior of programs that use this feature becomes challenging. Any ahead-of-time analysis, to remain sound, is forced to make pessimistic assumptions about the impact of dynamically created code. This pessimism affects the optimizations that can be applied to programs and significantly limits the kinds of errors that can be caught statically and the security guarantees that can be enforced.

  • Format: PDF
  • Size: 2639 KB