Feedback-Directed Instrumentation for Deployed JavaScript Applications

  title={Feedback-Directed Instrumentation for Deployed JavaScript Applications},
  author={Magnus Madsen and Frank Tip and Esben Andreasen and Koushik Sen and Anders M{\o}ller},
  journal={2016 IEEE/ACM 38th International Conference on Software Engineering (ICSE)},
Many bugs in JavaScript applications manifest themselves as objects that have incorrect property values when a failure occurs. For this type of error, stack traces and log files are often insufficient for diagnosing problems. In such cases, it is helpful for developers to know the control flow path from the creation of an object to a crashing statement. Such crash paths are useful for understanding where the object originated and whether any properties of the object were corrupted since its… 

Figures and Tables from this paper

BUGSJS: a benchmark and taxonomy of JavaScript bugs
BugsJS is a benchmark of 453 real, manually validated JavaScript bugs from 10 popular JavaScript server‐side programs, comprising 444k lines of code (LOC) in total, and a classification of the bugs according to their nature is performed, which shows that the taxonomy is adequate for characterizing the bugs in BugsJS.
BugsJS: a Benchmark of JavaScript Bugs
BugsJS is proposed, a benchmark of 453 real, manually validated JavaScript bugs from 10 popular JavaScript server-side programs, comprising 444k LOC in total, which facilitates conducting highly-reproducible empirical studies and comparisons of JavaScript analysis and testing tools.
Finding broken promises in asynchronous JavaScript programs
The notion of promise graphs is extended to include all promise-related features in ECMAScript 6, including default reactions, exceptions, and the synchronization operations race and all, and PromiseKeeper, which performs a dynamic analysis to create promise graphs and infer common promise anti-patterns is reported on.
Change-Aware Dynamic Program Analysis for JavaScript
change-aware dynamic program analysis is presented, an approach to make a common class of dynamic analyses change-aware, to identify parts of the code affected by a change through a lightweight static change impact analysis, and to focus the dynamic analysis on these affected parts.
Orchestrating dynamic analyses of distributed processes for full-stack JavaScript programs
This paper advocates maintaining distributed analysis state in a centralized analysis process instead — which is communicated with from the processes under analysis, supported by a dynamic analysis platform that provides abstractions for this communication.
A Survey of Dynamic Analysis and Test Generation for JavaScript
This article surveys dynamic program analysis and test generation techniques for JavaScript targeted at improving the correctness, reliability, performance, security, and privacy of JavaScript-based software.
Detecting and understanding JavaScript global identifier conflicts on the web
This research developed a browser-based analysis framework, JSObserver, to collect and analyze the write operations to global memory locations by JavaScript code, and revealed that JavaScript global identifier conflicts are prevalent and could cause behavior deviation at run time.
Tigris: a DSL and Framework for Monitoring Software Systems at Runtime
Statistical Program Slicing: a Hybrid Slicing Technique for Analyzing Deployed Software
Dynamic program slicing can significantly reduce the code developers need to inspect by narrowing it down to only a subset of relevant program statements. However, despite an extensive body of
ConflictJS: Finding and Understanding Conflicts Between JavaScript Libraries
This paper uses ConflictJS, an automated and scalable approach to analyze libraries for conflicts, to analyze and study conflicts among 951 real-world libraries and provides evidence that designing a language without explicit namespaces has undesirable effects.


Mugshot: Deterministic Capture and Replay for JavaScript Applications
Mugshot is a system that captures every event in an executing JavaScript program, allowing developers to deterministically replay past executions of web applications, and is one of the first capture systems that is practical to deploy to every client and run in the common case.
Chronicler: Lightweight recording to reproduce field failures
Chronicler is presented, an approach to remote debugging that captures non-deterministic inputs to applications in a lightweight manner, assuring faithful reproduction of client executions.
BugRedux: Reproducing field failures for in-house debugging
  • Wei Jin, A. Orso
  • Computer Science
    2012 34th International Conference on Software Engineering (ICSE)
  • 2012
The results are promising in that they show that it is possible to synthesize in-house executions that reproduce failures observed in the field using a suitable set of execution data.
BugNet: continuously recording program execution for deterministic replay debugging
The proposed BugNet architecture provides the ability to replay an application's execution across context switches and interrupts, which obviates the need for tracking program I/O, interrupts and DMA transfers, which would have otherwise required more complex hardware support.
SymCrash: selective recording for reproducing crashes
A dynamic symbolic execution method called SymCon is proposed, which addresses the limitation of conventional symbolic execution by selecting functions that are hard to be resolved by a constraint solver and using their concrete runtime values to replace the symbols.
Automatic fault localization for client‐side JavaScript
The approach is implemented in an open source tool called AUTOFLOX, and evaluation results indicate that it is capable of automatically localizing DOM‐related JAVASCRIPT faults with high accuracy (over 96%) and no false‐positives.
A Technique for Enabling and Supporting Debugging of Field Failures
  • J. Clause, A. Orso
  • Computer Science
    29th International Conference on Software Engineering (ICSE'07)
  • 2007
A technique for recording, reproducing, and minimizing failing executions that enables and supports in- house debugging of field failures and an empirical study that evaluates the technique on a widely used e-mail client is presented.
An Empirical Study of Client-Side JavaScript Bugs
The majority of JavaScript faults are DOM-related, meaning they are caused by faulty interactions of the JavaScript code with the Document Object Model (DOM), and JavaScript programmers need development tools that can help them reason about the DOM.
Interactive record/replay for web application debugging
Timelapse is a tool for quickly recording, reproducing, and debugging interactive behaviors in web applications, built on Dolos, a novel record/replay infrastructure that ensures deterministic execution by capturing and reusing program inputs both from the user and from external sources such as the network.
DLint: dynamically checking bad coding practices in JavaScript
DLint is presented, a dynamic analysis approach to check code quality rules in JavaScript that consists of a generic framework and an extensible set of checkers that each addresses a particular rule.