Abstract
Event races are a common source of subtle errors in JavaScript web applications. Several automated tools for detecting event races have been developed, but experiments show that their accuracy is generally quite low. We present a new approach that focuses on three categories of event race errors that often appear during the initialization phase of web applications: form-input-overwritten errors, late-event-handler-registration errors, and access-before-definition errors. The approach is based on a dynamic analysis that uses a combination of adverse and approximate execution. Among the strengths of the approach are that it does not require browser modifications, expensive model checking, or static analysis.
In an evaluation on 100 widely used websites, our tool InitRacer reports 1085 initialization races, while providing informative explanations of their causes and effects. A manual study of 218 of these reports shows that 111 of them lead to uncaught exceptions and at least 47 indicate errors that affect the functionality of the websites.
- Christoffer Quist Adamsen, Gianluca Mezzetti, and Anders Møller. 2015. Systematic Execution of Android Test Suites in Adverse Conditions. In Proc. 24th International Symposium on Software Testing and Analysis (ISSTA). 83–93. Google ScholarDigital Library
- Christoffer Quist Adamsen, Anders Møller, Rezwana Karim, Manu Sridharan, Frank Tip, and Koushik Sen. 2017. Repairing Event Race Errors by Controlling Nondeterminism. In Proc. 39th International Conference on Software Engineering (ICSE). Google ScholarDigital Library
- Esben Andreasen and Anders Møller. 2014. Determinacy in Static Analysis for jQuery. In Proc. International Conference on Object Oriented Programming Systems Languages & Applications (OOPSLA) . 17–31. Google ScholarDigital Library
- Chandrasekhar Boyapati and Martin C. Rinard. 2001. A Parameterized Type System for Race-Free Java Programs. In Proc. ACM SIGPLAN Conference on Object-Oriented Programming Systems, Languages and Applications (OOPSLA) . 56–69. Google ScholarDigital Library
- Cormac Flanagan and Stephen N. Freund. 2000. Type-Based Race Detection for Java. In Proc. ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI) . 219–232. Google ScholarDigital Library
- Cormac Flanagan and Stephen N. Freund. 2008. Atomizer: A Dynamic Atomicity Checker for Multithreaded Programs. Sci. Comput. Program. 71, 2 (2008), 89–109. Google ScholarDigital Library
- Cormac Flanagan and Stephen N. Freund. 2010. FastTrack: Efficient and Precise Dynamic Race Detection. Commun. ACM 53, 11 (2010), 93–101. Google ScholarDigital Library
- Liang Gong, Michael Pradel, Manu Sridharan, and Koushik Sen. 2015. DLint: Dynamically Checking Bad Coding Practices in JavaScript. In Proc. 24th International Symposium on Software Testing and Analysis (ISSTA). 94–105. Google ScholarDigital Library
- Christian Hammer, Julian Dolby, Mandana Vaziri, and Frank Tip. 2008. Dynamic Detection of Atomic-Set-Serializability Violations. In Proc. 30th International Conference on Software Engineering (ICSE). 231–240. Google ScholarDigital Library
- Shin Hong, Yongbae Park, and Moonzoo Kim. 2014. Detecting Concurrency Errors in Client-Side JavaScript Web Applications. In Proc. 7th IEEE International Conference on Software Testing, Verification and Validation (ICST). 61–70.Google Scholar
- Gang Hu, Xinhao Yuan, Yang Tang, and Junfeng Yang. 2014. Efficiently, Effectively Detecting Mobile App Bugs with AppDoctor. In Proc. 9th Eurosys Conference. 18:1–18:15. Google ScholarDigital Library
- James Ide, Rastislav Bodik, and Doug Kimelman. 2009. Concurrency Concerns in Rich Internet Applications. In Proc. Workshop on Exploiting Concurrency Efficiently and Correctly .Google Scholar
- Casper Svenning Jensen, Anders Møller, Veselin Raychev, Dimitar Dimitrov, and Martin T. Vechev. 2015. Stateless Model Checking of Event-Driven Applications. In Proc. 30th ACM SIGPLAN International Conference on Object-Oriented Programming, Systems, Languages, and Applications (OOPSLA) . 57–73. Google ScholarDigital Library
- Erdal Mutlu, Serdar Tasiran, and Benjamin Livshits. 2015. Detecting JavaScript Races that Matter. In Proc. 10th Joint Meeting on Foundations of Software Engineering (ESEC/FSE) . 381–392. Google ScholarDigital Library
- Mayur Naik, Alex Aiken, and John Whaley. 2006. Effective Static Race Detection for Java. In Proc. ACM SIGPLAN 2006 Conference on Programming Language Design and Implementation (PLDI) . 308–319. Google ScholarDigital Library
- Boris Petrov, Martin T. Vechev, Manu Sridharan, and Julian Dolby. 2012. Race Detection for Web Applications. In Proc. 33rd ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI) . 251–262. Google ScholarDigital Library
- Veselin Raychev, Martin T. Vechev, and Manu Sridharan. 2013. Effective Race Detection for Event-Driven Programs. In Proc. 28th ACM SIGPLAN International Conference on Object Oriented Programming Systems Languages, and Applications (OOPSLA) . 151–166. Google ScholarDigital Library
- Jerome Howard Saltzer. 1966. Traffic Control in a Multiplexed Computer System. Ph.D. Dissertation. Massachusetts Institute of Technology. MAC-TR-30.Google Scholar
- Stefan Savage, Michael Burrows, Greg Nelson, Patrick Sobalvarro, and Thomas E. Anderson. 1997. Eraser: A Dynamic Data Race Detector for Multithreaded Programs. ACM Trans. Comput. Syst. 15, 4 (1997), 391–411. Google ScholarDigital Library
- Hallvord Reiar Michaelsen Steen. 2009. Websites playing timing roulette. https://hallvors.wordpress.com/2009/ 03/07/websites-playing-timing-roulette/ . (2009).Google Scholar
- Jan Wen Voung, Ranjit Jhala, and Sorin Lerner. 2007. RELAY: Static Race Detection on Millions of Lines of Code. In Proc. 6th joint meeting of the European Software Engineering Conference and the ACM SIGSOFT International Symposium on Foundations of Software Engineering (ESEC/FSE) . 205–214. Google ScholarDigital Library
- Weihang Wang, Yunhui Zheng, Peng Liu, Lei Xu, Xiangyu Zhang, and Patrick Eugster. 2016. ARROW: Automated Repair of Races on Client-Side Web Pages. In Proc. 25th International Symposium on Software Testing and Analysis (ISSTA). 201–212. Google ScholarDigital Library
- Andreas Zeller and Ralf Hildebrandt. 2002. Simplifying and Isolating Failure-Inducing Input. IEEE Trans. Software Eng. 28, 2 (2002), 183–200. Google ScholarDigital Library
- Lu Zhang and Chao Wang. 2017. RClassify: Classifying Race Conditions in Web Applications via Deterministic Replay. In Proc. 39th International Conference on Software Engineering (ICSE) . Google ScholarDigital Library
- Yunhui Zheng, Tao Bao, and Xiangyu Zhang. 2011. Statically Locating Web Application Bugs Caused by Asynchronous Calls. In Proc. 20th International Conference on World Wide Web (WWW). Google ScholarDigital Library
Index Terms
- Practical initialization race detection for JavaScript web applications
Recommendations
Practical AJAX race detection for JavaScript web applications
ESEC/FSE 2018: Proceedings of the 2018 26th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software EngineeringAsynchronous client-server communication is a common source of errors in JavaScript web applications. Such errors are difficult to detect using ordinary testing because of the nondeterministic scheduling of AJAX events. Existing automated event race ...
Comments