An Empirical Study of Client-Side JavaScript Bugs Frolin S. Ocariza, Jr. Kartik Bajaj, Karthik Pattabiraman, Ali Mesbah University of British Columbia.

Slides:



Advertisements
Similar presentations
Introducing JavaScript
Advertisements

JavaScript and AJAX Jonathan Foss University of Warwick
AutoFLox: An Automatic Fault Localizer for Client-Side JavaScript Frolin S. Ocariza, Jr. Karthik Pattabiraman Ali Mesbah University of British Columbia.
Mobile App Development Using: Presented by Tyler Richey Images from
1 / 28 Modeling the HTML DOM and Browser API in Static Analysis of JavaScript Web Applications ESEC/FSE 2011 Anders Møller, Magnus Madsen and Simon Holm.
ExtJS 4.0 JavaScript MVC Framework. Who ExtJS is provided by Sencha ( o Sencha Touch o GWT o CSS Animator o IO (Cloud Data Management)
Working with JavaScript. 2 Objectives Introducing JavaScript Inserting JavaScript into a Web Page File Writing Output to the Web Page Working with Variables.
Tutorial 10 Programming with JavaScript
XP 1 Working with JavaScript Creating a Programmable Web Page for North Pole Novelties Tutorial 10.
SIM5102 Software Evaluation
DT228/3 Web Development JSP: Directives and Scripting elements.
XP Tutorial 1 New Perspectives on JavaScript, Comprehensive1 Introducing JavaScript Hiding Addresses from Spammers.
ITM352 Javascript and Dynamic Web Pages: Client Side Processing.
Finding Bugs in Web Applications Using Dynamic Test Generation and Explicit-State Model Checking -Shreyas Ravindra.
Agenda What is AJAX? What is jQuery? Demonstration/Tutorial Resources Q&A.
Overview of JSP Technology. The need of JSP With servlets, it is easy to – Read form data – Read HTTP request headers – Set HTTP status codes and response.
JavaScript & jQuery the missing manual Chapter 11
For rich web client applications Jeff Hemminger Object Partners, Inc.
WaveMaker Visual AJAX Studio 4.0 Training Troubleshooting.
CS346 - Javascript 1, 21 Module 1 Introduction to JavaScript CS346.
Overview of Previous Lesson(s) Over View  ASP.NET Pages  Modular in nature and divided into the core sections  Page directives  Code Section  Page.
Programming with JavaScript (Chapter 10). XP Various things Midterm grades: Friday Winter Career Fair – Thursday, April 28, 2011 (11 am to 3 pm). – MAC.
Java Omar Rana University of South Asia. Course Overview JAVA  C/C++ and JAVA Comparison  OOP in JAVA  Exception Handling  Streams  Graphics User.
November 13, 2008 Ohio Information Security Forum Attack Surface of Web Applications James Walden Northern Kentucky University
Web 2.0 Security James Walden Northern Kentucky University.
JavaScript II ECT 270 Robin Burke. Outline JavaScript review Processing Syntax Events and event handling Form validation.
JavaScript is a client-side scripting language. Programs run in the web browser on the client's computer. (PHP, in contrast, is a server-side scripting.
JavaScript Programming B.Ramamurthy 6/113/2014B. Ramamurthy CSE6511.
Introduction to JavaServer Pages (JSP) Slides from Dr. Mark Llewellyn.
INTRODUCTION TO JAVASCRIPT AND DOM Internet Engineering Spring 2012.
1 JavaScript in Context. Server-Side Programming.
XP Tutorial 10New Perspectives on Creating Web Pages with HTML, XHTML, and XML 1 Working with JavaScript Creating a Programmable Web Page for North Pole.
TUTORIAL 10: PROGRAMMING WITH JAVASCRIPT Session 2: What is JavaScript?
Tutorial 10 Programming with JavaScript. XP Objectives Learn the history of JavaScript Create a script element Understand basic JavaScript syntax Write.
Tutorial 10 Programming with JavaScript
Done by: Hanadi Muhsen1 Tutorial 1.  Learn the history of JavaScript  Create a script element  Write text to a Web page with JavaScript  Understand.
School of Computing and Information Systems CS 371 Web Application Programming PHP – Forms, Cookies, Sessions and Database.
Isolating JavaScript in Dynamic Code Environments Execution Environments for Cloud Applications – Spring 2011.
Extending HTML CPSC 120 Principles of Computer Science April 9, 2012.
SIGITE 2008: Oct Integrating Web Application Security into the IT Curriculum James Walden Northern Kentucky University.
HTML Table and PHP Array
Introduction.  The scripting language most often used for client-side web development.  Influenced by many programming languages, easier for nonprogrammers.
Java server pages. A JSP file basically contains HTML, but with embedded JSP tags with snippets of Java code inside them. A JSP file basically contains.
XP Tutorial 10New Perspectives on HTML and XHTML, Comprehensive 1 Working with JavaScript Creating a Programmable Web Page for North Pole Novelties Tutorial.
Introduction to JavaScript CS101 Introduction to Computing.
Extend the Operations Dashboard with Custom Widgets (and more)
Extending the Operations Dashboard
Walkthrough example including SAS output How to create a mobile WebApp? PhUSE / 12. October 2015 / Katja Glaß BHC 4:3 Template 2010 June 2014Page 1.
1 Server versus Client-Side Programming Server-SideClient-Side.
1 JavaScript in Context. Server-Side Programming.
ICM – API Server & Forms Gary Ratcliffe.
1 What is JQuery. jQuery is a fast and concise JavaScript Library that simplifies HTML document traversing, event handling, animating, and Ajax* interactions.
Google Map Engine Can export images to Map Engine from Earth Engine
Tutorial 10 Programming with JavaScript. 2New Perspectives on HTML, XHTML, and XML, Comprehensive, 3rd Edition Objectives Learn the history of JavaScript.
Rich Internet Applications 2. Core JavaScript. The importance of JavaScript Many choices open to the developer for server-side Can choose server technology.
1 Java Server Pages A Java Server Page is a file consisting of HTML or XML markup into which special tags and code blocks are inserted When the page is.
JavaScript II ECT 270 Robin Burke. Outline Functions Events and event handling Form validation.
Javascript Intro Instructor: Shalen Malabon. Lesson Plan Core Javascript Syntax Types and Objects Functions DOM Event Handling Debugging Javascript Smarter.
JavaScript Introduction and Background. 2 Web languages Three formal languages HTML JavaScript CSS Three different tasks Document description Client-side.
Chapter 1 Murach's JavaScript and jQuery, C1© 2012, Mike Murach & Associates, Inc.Slide 1.
Tutorial 10 Programming with JavaScript. 2New Perspectives on HTML, XHTML, and XML, Comprehensive, 3rd Edition Objectives Learn the history of JavaScript.
1 CSC160 Chapter 1: Introduction to JavaScript Chapter 2: Placing JavaScript in an HTML File.
TEMPLATE DESIGN © Crawling is the process of automatically exploring a web application to discover the states of the application.
JavaScript and AJAX 2nd Edition Tutorial 1 Programming with JavaScript.
XP Tutorial 10New Perspectives on HTML, XHTML, and DHTML, Comprehensive 1 Working with JavaScript Creating a Programmable Web Page for North Pole Novelties.
Wes Preston DEV 202. Audience: Info Workers, Dev A deeper dive into use-cases where client-side rendering (CSR) and SharePoint’s JS Link property can.
Customizing Share Document Previews Will Abson Senior Integrations Engineer and Share Extras Project Lead
Tutorial 10 Programming with JavaScript
A Comprehensive Study on Real World Concurrency Bugs in Node.js
Presentation transcript:

An Empirical Study of Client-Side JavaScript Bugs Frolin S. Ocariza, Jr. Kartik Bajaj, Karthik Pattabiraman, Ali Mesbah University of British Columbia

Why Study Client-Side JavaScript (JS) Bugs?  Other uses of JS: widgets, servers, hybrid mobile apps  JavaScript can be confusing!  Weak typing, Asynchronous/Event-driven, eval() 2 # of Faults

Goal of This Study 3 Goal #1: Discover the causes of JavaScript faults Goal #2: Discover the consequences of JavaScript faults -Better tests and analysis tools for client-side JavaScript -Do these faults have any impact?

JavaScript Bug Sequence: Some Terminology  Programmer makes a mistake  ERROR  Erroneous value gets used  FAULT  Code terminates or generates wrong output  FAILURE 4 x = {“foo”: “some value”}; key = “moo”; y = x[key];... z = y.length; EXCEPTION! EVALUATES TO UNDEFINED MISTAKE!

What We Analyze: Bug Reports  Main item of analysis  Bug reports contain detailed information from patches, developer comments, etc.  Console messages don’t directly tell us what the causes and consequences are of the fault 5

Experimental Objects 6 Eight JavaScript Web Applications Four JavaScript Libraries Reports per repository: min{30, NumJSReports} Total Reports Analyzed: 317

Bug Report Collection 7 Bug/D efect? Bug Report DISCARD NO Fixed? YES NO JS Fault? YES NO Create XML file for bug report YES

8 Initial Description Developer Comments Classifications

Research Questions 1. What are the types of faults that exist among reported bugs, and how prevalent are they? 2. What impact do these JavaScript faults have on the web application? 3. What are the root causes of these JavaScript faults? 4. How long does it take programmers to fix JavaScript faults? 9

Research Questions 1. What are the types of faults that exist among reported bugs, and how prevalent are they? 2. What impact do these JavaScript faults have on the web application? 3. What are the root causes of these JavaScript faults? 4. How long does it take programmers to fix JavaScript faults? 10

RQ1 – Fault Categories: Results 11 Incorrect Method Parameter: Error propagated into parameter of native JS method  88% of these native methods are part of the DOM API

JavaScript DOM API 12 html bodyhead scripttablep Text: “Hello world” table tr

JavaScript DOM API 13 table id: foo JavaScript code: DOM: var x = document.getElementById(“foo”); No longer existsReturns null Dynamically modified id: bar

RQ1 – Fault Categories: Results 14 DOM-Related Faults What programmer expects to be in the DOM vs what is actually in the DOM 65% of all JavaScript faults

Research Questions 1. What are the types of faults that exist among reported bugs, and how prevalent are they? 2. What impact do these JavaScript faults have on the web application? 3. What are the root causes of these JavaScript faults? 4. How long does it take programmers to fix JavaScript faults? 15

RQ2 – Impact: Results  Impact Types  Type 1 (lowest impact), Type 5 (highest impact) 16 80% of highest impact faults are DOM-related

High-Impact Bugs  Data loss: Save functionality not working, mail not sent  Occurred in: Joomla, WordPress, Drupal, Roundcube, Prototype  Browser hangs: typically browser-specific  Occurred in: Roundcube, Prototype  Information leakage: One case where server code accidentally gets displayed  Occurred in: TYPO3  Unusable application: Login functionality not working  Occurred in: Moodle, Drupal, WikiMedia, jQuery, Ember.js 17

Research Questions 1. What are the types of faults that exist among reported bugs, and how prevalent are they? 2. What impact do these JavaScript faults have on the web application? 3. What are the root causes of these JavaScript faults? 4. How long does it take programmers to fix JavaScript faults? 18

Finding the Error Location  Made use of patches  BUT: Patches may be workarounds, not fixes 19

RQ3 – Error Locations: Results  Error Locations  Most errors committed by programmer in JS code itself 20

Research Questions 1. What are the types of faults that exist among reported bugs, and how prevalent are they? 2. What impact do these JavaScript faults have on the web application? 3. What are the root causes of these JavaScript faults? 4. How long does it take programmers to fix JavaScript faults? 21

RQ4 – Triage and Fix Times 22 ReportedAssigned or Commented Fixed Triage Time Fix Time

RQ4 - Triage and Fix Times: Results 23

Implications  Developer tools that reason about DOM  e.g., DOM- aware IDEs  Emulate more DOM-related faults in testing  Static and dynamic analysis tools  e.g., Vejovis (JS repair suggestion tool) 24

Threats to Validity  Two people classifying bugs  possible consistency issues  Non-deterministic and low-visual-impact faults may go unaccounted for  Delays in triage and fix times also unaccounted for 25

Conclusion  74% of JS faults  Incorrect Method Parameter faults. 88% of these are DOM-related faults.  80% of high-impact faults are DOM-related  Most JS faults are committed by programmers in the JS code itself  DOM-related faults have short triage times but long fix times compared to non-DOM-related faults 26

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.