Empirical study of the dynamic behavior of JavaScript objects

Despite the popularity of JavaScript for client‐side web applications, there is a lack of effective software tools supporting JavaScript development and testing. The dynamic characteristics of JavaScript pose software engineering challenges such as program understanding and security. One important feature of JavaScript is that its objects support flexible mechanisms such as property changes at runtime and prototype‐based inheritance, making it difficult to reason about object behavior. We have performed an empirical study on real JavaScript applications to understand the dynamic behavior of JavaScript objects. We present metrics to measure behavior of JavaScript objects during execution (e.g., operations associated with an object, object size, and property type changes). We also investigated the behavioral patterns of observed objects to understand the coding or user interaction practices in JavaScript software. Copyright © 2015 John Wiley & Sons, Ltd.

[1]  Jan Vitek,et al.  An analysis of the dynamic behavior of JavaScript programs , 2010, PLDI '10.

[2]  Brian Hackett,et al.  Fast and precise hybrid type inference for JavaScript , 2012, PLDI '12.

[3]  Karthik Pattabiraman,et al.  JavaScript Errors in the Wild: An Empirical Study , 2011, 2011 IEEE 22nd International Symposium on Software Reliability Engineering.

[4]  Ravi Chugh,et al.  Dependent types for JavaScript , 2012, OOPSLA '12.

[5]  Laurie J. Hendren,et al.  Dynamic metrics for java , 2003, OOPSLA '03.

[6]  Jan Vitek,et al.  The Eval That Men Do - A Large-Scale Study of the Use of Eval in JavaScript Applications , 2011, ECOOP.

[7]  Haining Wang,et al.  A measurement study of insecure javascript practices on the web , 2013, TWEB.

[8]  Ali Mesbah,et al.  Understanding JavaScript event-based interactions , 2014, ICSE.

[9]  Thomas W. Reps,et al.  Recency-Abstraction for Heap-Allocated Storage , 2006, SAS.

[10]  Ali Mesbah,et al.  An Empirical Study of Client-Side JavaScript Bugs , 2013, 2013 ACM / IEEE International Symposium on Empirical Software Engineering and Measurement.

[11]  Benjamin Livshits,et al.  JSMeter: Comparing the Behavior of JavaScript Benchmarks with Real Web Applications , 2010, WebApps.

[12]  Frank Tip,et al.  Correlation Tracking for Points-To Analysis of JavaScript , 2012, ECOOP.

[13]  Frank Tip,et al.  Dynamic determinacy analysis , 2013, PLDI.

[14]  Benjamin Livshits,et al.  GATEKEEPER: Mostly Static Enforcement of Security and Reliability Policies for JavaScript Code , 2009, USENIX Security Symposium.

[15]  Jeffrey S. Foster,et al.  Profile-guided static typing for dynamic scripting languages , 2009, OOPSLA.

[16]  Marco Pistoia,et al.  Saving the world wide web from vulnerable JavaScript , 2011, ISSTA '11.

[17]  Peter Thiemann,et al.  Type Analysis for JavaScript , 2009, SAS.

[18]  Esben Andreasen,et al.  Determinacy in static analysis for jQuery , 2014, OOPSLA 2014.

[19]  Håkan Grahn,et al.  A methodology for evaluating JavaScript execution behavior in interactive web applications , 2011, 2011 9th IEEE/ACS International Conference on Computer Systems and Applications (AICCSA).

[20]  Mason Chang,et al.  Trace-based just-in-time type specialization for dynamic languages , 2009, PLDI '09.

[21]  Barbara G. Ryder,et al.  State-Sensitive Points-to Analysis for the Dynamic Behavior of JavaScript Objects , 2014, ECOOP.

[22]  Joe Gibbs Politz,et al.  TeJaS: retrofitting type systems for JavaScript , 2013, DLS '13.

[23]  WegnerPeter Dimensions of object-based language design , 1987 .

[24]  Barbara G. Ryder Dimensions of Precision in Reference Analysis of Object-Oriented Programming Languages , 2003, CC.

[25]  James Harland,et al.  Evaluating the dynamic behaviour of Python applications , 2009, ACSC.

[26]  Barbara G. Ryder,et al.  Practical blended taint analysis for JavaScript , 2013, ISSTA.

[27]  Ben Hardekopf,et al.  JSAI: a static analysis platform for JavaScript , 2014, SIGSOFT FSE.

[28]  Henry Lieberman,et al.  Using prototypical objects to implement shared behavior in object-oriented systems , 1986, OOPLSA '86.

[29]  Paul Klint,et al.  An empirical study of PHP feature usage: a static analysis perspective , 2013, ISSTA.

[30]  Haining Wang,et al.  Characterizing insecure javascript practices on the web , 2009, WWW '09.

[31]  Benjamin Livshits,et al.  Practical static analysis of JavaScript applications in the presence of frameworks and libraries , 2013, ESEC/FSE 2013.