Eventhandler-based analysis framework for web apps using dynamically collected states
JavaScript web applications (apps) are prevalent these days, and quality assurance of web apps gets even more important. Even though researchers have studied various analysis techniques and software industries have developed code analyzers for their own code repositories, statically analyzing web apps in a sound and scalable manner is challenging. On top of dynamic features of JavaScript, abundant execution flows triggered by user events make a sound static analysis difficult. In this paper, we propose a novel EventHandler (EH)-based static analysis for web apps using dynamically collected state information. Unlike traditional whole-program analyses, the EH-based analysis intentionally analyzes partial execution flows using concrete user events. Such analyses surely miss execution flows in the entire program, but they analyze less infeasible flows reporting less false positives. Moreover, they can finish analyzing partial flows of web apps that whole-program analyses often fail to finish analyzing, and produce partial bug reports. Our experimental results show that the EH-based analysis improves the precision dramatically compared with a state-of-the-art JavaScript whole-program analyzer, and it can finish analysis of partial execution flows in web apps that the whole-program analyzer fails to analyze within a timeout.
- Publisher
- Springer Verlag
- Issue Date
- 2018-04-18
- Language
- English
- Citation
21st International Conference on Fundamental Approaches to Software Engineering, FASE 2018, Held as Part of the European Joint Conferences on Theory and Practice of Software, ETAPS 2018, pp.129 - 145
- Appears in Collection
- CS-Conference Papers(학술회의논문)
- Files in This Item
- There are no files associated with this item.
Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.