Detecting Unknown Inconsistencies in Web Applications

Frolin Ocariza, Karthik Pattabiraman, and Ali Mesbah, IEEE/ACM International Conference onAutomated Software Engineering (ASE), 2017. (Acceptance Rate: 21%) [ PDF | Talk ]

Abstract: Although there has been increasing demand for more reliable web applications, JavaScript bugs abound in web applications. In response to this issue, researchers have proposed automated fault detection tools, which statically analyze the web application code to find bugs. While useful, these tools either only target a limited set of bugs based on predefined rules, or they do not detect bugs caused by cross-language interactions, which occur frequently in web application code. To address this problem, we present an anomaly-based inconsistency detection approach, implemented in a tool called HOLOCRON. The main novelty of our approach is that it does not look for hard-coded inconsistency classes. Instead, it applies subtree pattern matching to infer inconsistency classes and association rule mining to detect inconsistencies that occur both within a single language, and between two languages. We evaluated HOLOCRON, and it successfully detected 51 previously unreported inconsistencies – including 18 bugs and 33 code smells – in 12 web applications.