More Web Proxy on the site http://driver.im/

Article

Free access

Detecting unknown inconsistencies in web applications

Authors:

Frolin S. Ocariza, Jr.,

Karthik Pattabiraman,

Ali MesbahAuthors Info & Claims

ASE '17: Proceedings of the 32nd IEEE/ACM International Conference on Automated Software Engineering

Pages 566 - 577

Published: 30 October 2017 Publication History

Abstract

Although there has been increasing demand for more reliable web applications, JavaScript bugs abound in web applications. In response to this issue, researchers have proposed automated fault detection tools, which statically analyze the web application code to find bugs. While useful, these tools either only target a limited set of bugs based on predefined rules, or they do not detect bugs caused by cross-language interactions, which occur frequently in web application code. To address this problem, we present an anomaly-based inconsistency detection approach, implemented in a tool called Holocron. The main novelty of our approach is that it does not look for hard-coded inconsistency classes. Instead, it applies subtree pattern matching to infer inconsistency classes and association rule mining to detect inconsistencies that occur both within a single language, and between two languages. We evaluated Holocron, and it successfully detected 51 previously unreported inconsistencies - including 18 bugs and 33 code smells - in 12 web applications.

References

[1]

StackOverflow, “StackOverflow Developer Survey 2015,” 2015, http://stackoverflow.com/research/developer-survey-2015#tech (Accessed: May 16, 2015).

[2]

F. Ocariza, K. Pattabiraman, and B. Zorn, “JavaScript errors in the wild: an empirical study,” in Proceedings of the International Symposium on Software Reliability Engineering (ISSRE). IEEE Computer Society, 2011, pp. 100–109.

Digital Library

[3]

F. Ocariza, K. Bajaj, K. Pattabiraman, and A. Mesbah, “A study of causes and consequences of client-side JavaScript bugs,” IEEE Transactions on Software Engineering (TSE), p. 17 pages, 2017.

Digital Library

[4]

G. Richards, C. Hammer, B. Burg, and J. Vitek, “The eval that men do: A large-scale study of the use of eval in JavaScript applications,” in Proceedings of the European Conference on Object-Oriented Programming (ECOOP). Springer, 2011, pp. 52–78.

Digital Library

[5]

A. Marchetto, P. Tonella, and F. Ricca, “State-based testing of Ajax web applications,” in Proceedings of the International Conference on Software Testing, Verification and Validation (ICST). IEEE Computer Society, 2008, pp. 121–130.

Digital Library

[6]

A. Mesbah and A. van Deursen, “Invariant-based automatic testing of Ajax user interfaces,” in Proceedings of the International Conference on Software Engineering (ICSE). IEEE Computer Society, 2009, pp. 210–220.

Digital Library

[7]

K. Pattabiraman and B. Zorn, “DoDOM: leveraging DOM invariants for web 2.0 application robustness testing,” in Proceedings of the International Symposium on Software Reliability Engineering (ISSRE). IEEE Computer Society, 2010, pp. 191–200.

Digital Library

[8]

S. Artzi, J. Dolby, S. Jensen, A. Møller, and F. Tip, “A framework for automated testing of JavaScript web applications,” in Proceedings of the International Conference on Software Engineering (ICSE). ACM, 2011, pp. 571–580.

Digital Library

[9]

S. Mirshokraie, A. Mesbah, and K. Pattabiraman, “Guided mutation testing for JavaScript web applications,” Transactions on Software Engineering (TSE), vol. 41, no. 5, pp. 429–444, 2015.

Digital Library

[10]

Douglas Crockford, “JSLint,” 2012, http://www.jslint.com (Accessed: April 18, 2012).

[11]

S. Jensen, A. Møller, and P. Thiemann, “Type analysis for JavaScript,” Proceedings of the International Static Analysis Symposium (SAS), pp. 238–255, 2009.

Digital Library

[12]

S. H. Jensen, M. Madsen, and A. Møller, “Modeling the HTML DOM and browser API in static analysis of JavaScript web applications,” in Proceedings of the Joint Meeting of the European Software Engineering Conference and the Symposium on the Foundations of Software Engineering (ESEC/FSE). ACM, 2011, pp. 59–69.

Digital Library

[13]

F. Ocariza, K. Pattabiraman, and A. Mesbah, “Detecting inconsistencies in JavaScript MVC applications,” in Proceedings of the International Conference on Software Engineering (ICSE). IEEE Computer Society, 2015.

Digital Library

[14]

D. Engler, D. Y. Chen, S. Hallem, A. Chou, and B. Chelf, “Bugs as deviant behavior: A general approach to inferring errors in systems code,” in Proceedings of the ACM Symposium on Operating Systems Principles (SOSP). ACM, 2001, pp. 57–72.

Digital Library

[15]

A. Milani Fard and A. Mesbah, “JSNose: Detecting JavaScript code smells,” in Proceedings of the International Working Conference on Source Code Analysis and Manipulation (SCAM). IEEE Computer Society, 2013, pp. 116–125.

[16]

D. Synodinos, “Top JavaScript MVC frameworks,” 2013, http://www. infoq.com/research/top-javascript-mvc-frameworks (Accessed: May 16, 2015).

[17]

Two Sigma, “Beaker,” 2016, https://github.com/twosigma/ beaker-notebook (Accessed: April 29, 2016).

[18]

MarionetteJS, “Backbone Marionette,” 2016, https://github.com/ marionettejs/backbone.marionette (Accessed: April 29, 2016).

[19]

I. D. Baxter, A. Yahin, L. Moura, M. S. Anna, and L. Bier, “Clone detection using abstract syntax trees,” in Proceedings of the International Conference on Software Maintenance (ICSM). IEEE Computer Society, 1998, pp. 368–377.

Digital Library

[20]

R. Agrawal, T. Imieli´nski, and A. Swami, “Mining association rules between sets of items in large databases,” in Proceedings of the International Conference on Management of Data (SIGMOD). ACM, 1993, pp. 207–216.

Digital Library

[21]

R. Agrawal and R. Srikant, “Fast algorithms for mining association rules in large databases,” in Proceedings of the International Conference on Very Large Databases (VLDB). Morgan Kaufmann Publishers Inc., 1994, pp. 487–499.

Digital Library

[22]

Adobe Systems, “Brackets,” 2015, http://www.brackets.io (Accessed: May 16, 2015).

[23]

A. Hidayat, “Esprima,” 2015, http://www.esprima.org/ (Accessed: May 16, 2015).

[24]

jindw, “XMLDOM,” 2016, https://www.github.com/jindw/xmldom (Accessed: April 29, 2016).

[25]

K. Sera, “apriori.js,” 2016, https://github.com/seratch/apriori.js (Accessed: April 29, 2016).

[26]

U. Shaked, “AngularJS vs. BackboneJS vs. EmberJS,” 2014, http: //www.airpair.com/js/javascript-framework-comparison (Accessed: May 16, 2015).

[27]

Google, “Built with AngularJS,” 2015, https://github.com/angular/ builtwith.angularjs.org/blob/master/projects/projects.json (Accessed: May 16, 2015).

[28]

J. Ashkenas, “BackboneJS: Tutorials, blog posts and example sites,” 2016, https://github.com/jashkenas/backbone/wiki/Tutorials, -blog-posts-and-example-sites (Accessed: April 29, 2016).

[29]

EmberSherpa, “Open source Ember apps,” 2016, https://github.com/ EmberSherpa/open-source-ember-apps (Accessed: April 29, 2016).

[30]

B. Johnson, Y. Song, E. Murphy-Hill, and R. Bowdidge, “Why don’t software developers use static analysis tools to find bugs?” in Proceedings of the International Conference on Software Engineering (ICSE). IEEE Computer Society, 2013, pp. 672–681.

Digital Library

[31]

N. Ayewah, W. Pugh, J. D. Morgenthaler, J. Penix, and Y. Zhou, “Evaluating static analysis defect warnings on production software,” in Proceedings of the ACM SIGPLAN-SIGSOFT Workshop on Program Analysis for Software Tools and Engineering (PASTE). ACM, 2007, pp. 1–8.

Digital Library

[32]

S. Hangal and M. S. Lam, “Tracking down software bugs using automatic anomaly detection,” in Proceedings of the International Conference on Software Engineering (ICSE). ACM, 2002, pp. 291–301.

Digital Library

[33]

Z. Li and Y. Zhou, “PR-Miner: automatically extracting implicit programming rules and detecting violations in large software code,” in Proceedings of the International Symposium on Foundations of Software Engineering (FSE). ACM, 2005, pp. 306–315.

Digital Library

[34]

Z. Li, S. Lu, S. Myagmar, and Y. Zhou, “CP-Miner: Finding copy-paste and related bugs in large-scale software code,” Transactions on Software Engineering (TSE), vol. 32, no. 3, pp. 176–192, 2006.

Digital Library

[35]

W. Weimer and G. C. Necula, “Mining temporal specifications for error detection,” in Proceedings of the International Conference on Tools and Algorithms for the Construction and Analysis of Systems (TACAS). Springer, 2005, pp. 461–476.

Digital Library

[36]

A. Wasylkowski, A. Zeller, and C. Lindig, “Detecting object usage anomalies,” in Proceedings of the Joint Meeting of the European Software Engineering Conference and the Symposium on the Foundations of Software Engineering (ESEC/FSE). ACM, 2007, pp. 35–44.

Digital Library

[37]

L. Jiang, Z. Su, and E. Chiu, “Context-based detection of clone-related bugs,” in Proceedings of the Joint Meeting of the European Software Engineering Conference and the Symposium on the Foundations of Software Engineering (ESEC/FSE). ACM, 2007, pp. 55–64.

Digital Library

[38]

C.-H. Hsiao, M. Cafarella, and S. Narayanasamy, “Using web corpus statistics for program analysis,” in Proceedings of the International Conference on Object Oriented Programming Systems Languages & Applications (OOPSLA). ACM, 2014, pp. 49–65.

Digital Library

[39]

S. Thummalapenta and T. Xie, “Alattin: Mining alternative patterns for detecting neglected conditions,” in Proceedings of the International Conference on Automated Software Engineering (ASE). IEEE Computer Society, 2009, pp. 283–294.

Digital Library

[40]

N. Gruska, A. Wasylkowski, and A. Zeller, “Learning from 6,000 projects: lightweight cross-project anomaly detection,” in Proceedings of the International Symposium on Software Testing and Analysis (ISSTA). ACM, 2010, pp. 119–130.

Digital Library

[41]

H. V. Nguyen, H. A. Nguyen, T. T. Nguyen, A. T. Nguyen, and T. N. Nguyen, “Detection of embedded code smells in dynamic web applications,” in Proceedings of the International Conference on Automated Software Engineering (ASE). IEEE Computer Society, 2012, pp. 282– 285.

Digital Library

[42]

N. Tsantalis, T. Chaikalis, and A. Chatzigeorgiou, “Jdeodorant: Identification and removal of type-checking bad smells,” in Proceedings of the European Conference on Software Maintenance and Reengineering (CSMR). IEEE Computer Society, 2008, pp. 329–331.

Digital Library

[43]

E. Van Emden and L. Moonen, “Java quality assurance by detecting code smells,” in Proceedings of the Working Conference on Reverse Engineering (WCRE). IEEE Computer Society, 2002, pp. 97–106.

Digital Library

[44]

Synopsys, “Coverity,” 2016, http://www.coverity.com/ (Accessed: April 29, 2016).

[45]

S. P. Reiss, “Finding unusual code,” in Proceedings of the International Conference on Software Maintenance. IEEE Computer Society, 2007, pp. 34–43.

[46]

D. Hovemeyer and W. Pugh, “Finding bugs is easy,” in Companion Proceedings of the International Conference on Object-Oriented Programming, Systems, Languages and Applications (OOPSLA). ACM, 2004, pp. 132–136.

Digital Library

[47]

L. Gong, M. Pradel, M. Sridharan, and K. Sen, “DLint: Dynamically checking bad coding practices in JavaScript,” in Proceedings of the International Symposium on Software Testing and Analysis (ISSTA). ACM, 2015.

Digital Library

[48]

Facebook, “Flow: a static type checker for JavaScript,” 2016, http:// flowtype.org/ (Accessed: April 29, 2016).

[49]

M. Pradel, P. Schuh, and K. Sen, “TypeDevil: Dynamic type inconsistency analysis for JavaScript,” in Proceedings of the International Conference on Software Engineering (ICSE). IEEE Computer Society, 2015, pp. 314–324.

Digital Library

[50]

H. V. Nguyen, H. A. Nguyen, T. T. Nguyen, A. T. Nguyen, and T. N. Nguyen, “Dangling references in multi-configuration and dynamic PHPbased web applications,” in Proceedings of the International Conference on Automated Software Engineering (ASE). IEEE Computer Society/ACM, 2013, pp. 399–409.

Digital Library

[51]

T. Polychniatis, J. Hage, S. Jansen, E. Bouwers, and J. Visser, “Detecting cross-language dependencies generically,” in Proceedings of the European Conference on Software Maintenance and Reengineering (CSMR). IEEE, 2013, pp. 349–352.

Digital Library

[52]

R.-H. Pfeiffer and A. Wasowski, “Taming the confusion of languages,” in Proceedings of the European Conference on Modelling Foundations and Applications (ECMFA). Springer, 2011, pp. 312–328.

Digital Library

[53]

P. Mayer and A. Schroeder, “Cross-language code analysis and refactoring,” in Proceedings of the International Working Conference on Source Code Analysis and Manipulation (SCAM). IEEE Computer Society, 2012, pp. 94–103.

Digital Library

[54]

D. Strein, H. Kratz, and W. Löwe, “Cross-language program analysis and refactoring,” in Proceedings of the International Workshop on Source Code Analysis and Manipulation (SCAM). IEEE Computer Society, 2006, pp. 207–216.

Digital Library

Cited By

Biagiola MStocco ARicca FTonella PDumas MPfahl DApel SRusso A(2019)Diversity-based web test generationProceedings of the 2019 27th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering10.1145/3338906.3338970(142-153)Online publication date: 12-Aug-2019
https://dl.acm.org/doi/10.1145/3338906.3338970

Recommendations

Detecting code smells in React-based Web apps
Abstract Context:
Facebook’s React is a widely popular JavaScript library to build rich and interactive user interfaces (UI). However, due to the complexity of modern Web UIs, React applications can have hundreds of components and ...
SAFEWAPI: web API misuse detector for web applications
FSE 2014: Proceedings of the 22nd ACM SIGSOFT International Symposium on Foundations of Software Engineering

The evolution of Web 2.0 technologies makes web applications prevalent in various platforms including mobile devices and smart TVs. While one of the driving technologies of web applications is JavaScript, the extremely dynamic features of JavaScript ...
Automated Client-Side Monitoring for Web Applications
ICSTW '09: Proceedings of the IEEE International Conference on Software Testing, Verification, and Validation Workshops

Web applications have become very popular today in a variety of domains. Given the varied nature of client-side environments and browser configurations, it is difficult to completely test or debug the client-side code of web applications in-house. There ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image Guide Proceedings

ASE '17: Proceedings of the 32nd IEEE/ACM International Conference on Automated Software Engineering

October 2017

1033 pages

ISBN:9781538626849

General Chair:
Grigore Rosu
University of Illinois at Urbana-Champaign, USA
,
Program Chairs:
Massimiliano Di Penta
University of Sannio, Italy
,
Tien N. Nguyen
University of Texas at Dallas, USA

Sponsors

Publisher

IEEE Press

Publication History

Published: 30 October 2017

Author Tags

Qualifiers

Article

Acceptance Rates

Overall Acceptance Rate 82 of 337 submissions, 24%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

1
Total Citations
View Citations
138
Total Downloads

Downloads (Last 12 months)16
Downloads (Last 6 weeks)5

Reflects downloads up to 20 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

Biagiola MStocco ARicca FTonella PDumas MPfahl DApel SRusso A(2019)Diversity-based web test generationProceedings of the 2019 27th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering10.1145/3338906.3338970(142-153)Online publication date: 12-Aug-2019
https://dl.acm.org/doi/10.1145/3338906.3338970

View Options

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Media

Figures

Other

Tables

View Table of Contents