Talk given at Microsoft Research, Redmond (June 3rd, 2011). [ Slides ]
Abstract: JavaScript is today the de-facto client-side programming language for modern web applications. However, JavaScript is notorious for its difficult-to-analyze constructs and “laissez-faire” programming style, which makes it challenging to build robust and reliable web applications. Along with performance and security, reliability is a key factor that can make or break a web application. While there have been significant efforts to study (and improve) the former two entities, reliability of JavaScript applications has received little attention so far from the research community. This talk will present two directions to assess and improve the operational reliability of JavaScript-based web applications.
In the first part of this talk, I will present our recent results on studying the reliability of web applications in the wild. We use error messages printed to the JavaScript console of popular websites to understand the characteristics of the errors and their root causes. We also categorize the messages and study their correlations with the static and dynamic characteristics of the web application. Our study is carried out using the Firefox web browser and involves fifty of the top 100 Alexa most-visited websites. We find that JavaScript errors abound even in well-tested, mature web applications, and that they can often be surprisingly difficult to find through traditional testing and analysis techniques.
In the second part of the talk, I will present our work on DoDOM, a system for testing the robustness of JavaScript-based web applications. Our goal is to characterize the correctness of the application based on invariants over its DOM, in order to improve its robustness. To this end, we build DoDOM, a tool to dynamically learn invariants over the web application’s DOM, by recording the user’s interactions with the web applications transparently, and replaying the interactions on the application iteratively (hence the name). We show that DoDOM is effective at detecting errors in web applications, requires no effort from programmers/testers, and incurs only modest performance overheads.
This is joint work with Frolin Ocariza Jr. (UBC) and Ben Zorn (MSR).
