Eraser: a dynamic data race detector for multithreaded programs
ACM Transactions on Computer Systems (TOCS)
Hybrid dynamic data race detection
Proceedings of the ninth ACM SIGPLAN symposium on Principles and practice of parallel programming
Atomizer: a dynamic atomicity checker for multithreaded programs
Proceedings of the 31st ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Static approximation of dynamically generated Web pages
WWW '05 Proceedings of the 14th international conference on World Wide Web
Effective static race detection for Java
Proceedings of the 2006 ACM SIGPLAN conference on Programming language design and implementation
AVIO: detecting atomicity violations via access interleaving invariants
Proceedings of the 12th international conference on Architectural support for programming languages and operating systems
Compilers: Principles, Techniques, and Tools (2nd Edition)
Compilers: Principles, Techniques, and Tools (2nd Edition)
Static detection of cross-site scripting vulnerabilities
Proceedings of the 30th international conference on Software engineering
State-Based Testing of Ajax Web Applications
ICST '08 Proceedings of the 2008 International Conference on Software Testing, Verification, and Validation
Finding bugs in dynamic web applications
ISSTA '08 Proceedings of the 2008 international symposium on Software testing and analysis
Randomized active atomicity violation detection in concurrent programs
Proceedings of the 16th ACM SIGSOFT International Symposium on Foundations of software engineering
Using static analysis for Ajax intrusion detection
Proceedings of the 18th international conference on World wide web
Characterizing insecure javascript practices on the web
Proceedings of the 18th international conference on World wide web
Staged information flow for javascript
Proceedings of the 2009 ACM SIGPLAN conference on Programming language design and implementation
Invariant-based automatic testing of AJAX user interfaces
ICSE '09 Proceedings of the 31st International Conference on Software Engineering
Precise interface identification to improve testing and analysis of web applications
Proceedings of the eighteenth international symposium on Software testing and analysis
An analysis of the dynamic behavior of JavaScript programs
PLDI '10 Proceedings of the 2010 ACM SIGPLAN conference on Programming language design and implementation
Race detection for web applications
Proceedings of the 33rd ACM SIGPLAN conference on Programming Language Design and Implementation
Static detection of resource contention problems in server-side scripts
Proceedings of the 34th International Conference on Software Engineering
JSART: javascript assertion-based regression testing
ICWE'12 Proceedings of the 12th international conference on Web Engineering
Correlation tracking for points-to analysis of javascript
ECOOP'12 Proceedings of the 26th European conference on Object-Oriented Programming
Server interface descriptions for automated testing of JavaScript web applications
Proceedings of the 2013 9th Joint Meeting on Foundations of Software Engineering
Effective race detection for event-driven programs
Proceedings of the 2013 ACM SIGPLAN international conference on Object oriented programming systems languages & applications
| Hi-index | 0.00 |
Ajax becomes more and more important for web applications that care about client side user experience. It allows sending requests asynchronously, without blocking clients from continuing execution. Callback functions are only executed upon receiving the responses. While such mechanism makes browsing a smooth experience, it may cause severe problems in the presence of unexpected network latency, due to the non-determinism of asynchronism. In this paper, we demonstrate the possible problems caused by the asynchronism and propose a static program analysis to automatically detect such bugs in web applications. As client side Ajax code is often wrapped in server-side scripts, we also develop a technique that extracts client-side JavaScript code from server-side scripts. We evaluate our technique on a number of real-world web applications. Our results show that it can effectively identify real bugs. We also discuss possible ways to avoid such bugs.