Automatic javascript bug detection framework and different approaches to false-positive minimization

Abstract

Along with the rapid advance of web as a cross-platform development framework, JavaScript is now becoming the dominant choice for application development in various domains, and it leads to the increasing demands for sophisticated tools to analyze JavaScript programs, especially to detect potential bugs within the programs. Since any type of static analysis is quite challenging due to the dynamic nature of JavaScript, however, there are not many such tools in the wild. Besides, even most of existing bug-detection tools neither provide clear definition of JavaScript bugs nor are sufficient to track bugs, which particularly reside in complicated execution flows. In this paper, we present a formal representation of JavaScript bugs and design and implementation of scalable bug-detecting framework for JavaScript. Our work is the very trailblazer in JavaScript bug detection area since this is the first attempt to provide both clear definitions of JavaScript bugs and formal representation of their semantics, which can be the foundation stone of other research on this topic. Based on such bugs, we implemented bug detection framework, which is scalable and opened to the public. We designed every part of this framework as a module so that we can enjoy advantages of the modular design. For better understanding of our framework, we provide its algorithm in detail. We also provide some techniques that we strived to reduce false positives among bug reports. Our evaluation on well-known benchmarks such as Mozilla Sunspider or Google v8 will show that our bug detector, while there exists some room for improvement, is highly precise and fast enough to use in practice.