Practical AJAX race detection for JavaScript web applications

Asynchronous client-server communication is a common source of errors in JavaScript web applications. Such errors are difficult to detect using ordinary testing because of the nondeterministic scheduling of AJAX events. Existing automated event race detectors are generally too imprecise or too inefficient to be practically useful. To address this problem, we present a new approach based on a lightweight combination of dynamic analysis and controlled execution that directly targets identification of harmful AJAX event races. We experimentally demonstrate using our implementation, AjaxRacer, that this approach is capable of automatically detecting harmful AJAX event races in many websites, and producing informative error messages that support diagnosis and debugging. Among 20 widely used web pages that use AJAX, AjaxRacer discovers harmful AJAX races in 12 of them, with a total of 72 error reports, and with very few false positives.

[1]  Shin Hong,et al.  Detecting Concurrency Errors in Client-Side Java Script Web Applications , 2014, 2014 IEEE Seventh International Conference on Software Testing, Verification and Validation.

[2]  Xiangyu Zhang,et al.  Statically locating web application bugs caused by asynchronous calls , 2011, WWW.

[3]  Manu Sridharan,et al.  Race detection for web applications , 2012, PLDI.

[4]  Frank Tip,et al.  Repairing Event Race Errors by Controlling Nondeterminism , 2017, 2017 IEEE/ACM 39th International Conference on Software Engineering (ICSE).

[5]  Peter Müller,et al.  Serializability for eventual consistency: criterion, analysis, and applications , 2017, POPL.

[6]  R. Bodík,et al.  Concurrency Concerns in Rich Internet Applications , 2009 .

[7]  Michael Pradel,et al.  Monkey see, monkey do: effective generation of GUI tests with inferred macro events , 2017, Software Engineering.

[8]  Dimitar Dimitrov,et al.  Stateless model checking of event-driven applications , 2015, OOPSLA.

[9]  Chao Wang,et al.  RClassify: Classifying Race Conditions in Web Applications via Deterministic Replay , 2017, 2017 IEEE/ACM 39th International Conference on Software Engineering (ICSE).

[10]  Benjamin Livshits,et al.  I Know It When I See It: Observable Races in JavaScript Applications , 2014, Dyla'14.

[11]  Martin T. Vechev,et al.  Scalable race detection for Android applications , 2015, OOPSLA.

[12]  Patrick Th. Eugster,et al.  ARROW: automated repair of races on client-side web pages , 2016, ISSTA.

[13]  Stephen N. Freund,et al.  RedCard: Redundant Check Elimination for Dynamic Race Detectors , 2013, ECOOP.

[14]  Yongjian Hu,et al.  Automatically verifying and reproducing event-based races in Android apps , 2016, ISSTA.

[15]  Rupak Majumdar,et al.  Race detection for Android applications , 2014, PLDI.

[16]  Frank Tip,et al.  A framework for automated testing of javascript web applications , 2011, 2011 33rd International Conference on Software Engineering (ICSE).

[17]  Manu Sridharan,et al.  Effective race detection for event-driven programs , 2013, OOPSLA.

[18]  Martin C. Rinard,et al.  A parameterized type system for race-free Java programs , 2001, OOPSLA '01.

[19]  Aditya Kanade,et al.  Efficient race detection in the presence of programmatic event loops , 2016, ISSTA.

[20]  Benjamin Livshits,et al.  Detecting JavaScript races that matter , 2015, ESEC/SIGSOFT FSE.

[21]  Arie van Deursen,et al.  Crawling Ajax-Based Web Applications through Dynamic Analysis of User Interface State Changes , 2012, TWEB.

[22]  Frank Tip,et al.  Practical initialization race detection for JavaScript web applications , 2017, Proc. ACM Program. Lang..

[23]  Stephen N. Freund,et al.  Type-based race detection for Java , 2000, PLDI '00.

[24]  Satish Narayanasamy,et al.  Race detection for event-driven mobile applications , 2014, PLDI.