DLint: dynamically checking bad coding practices in JavaScript
- 13 July 2015
- conference paper
- conference paper
- Published by Association for Computing Machinery (ACM) in Proceedings of the 2015 International Symposium on Software Testing and Analysis
Abstract
JavaScript has become one of the most popular programming languages, yet it is known for its suboptimal design. To effectively use JavaScript despite its design flaws, developers try to follow informal code quality rules that help avoid correctness, maintainability, performance, and security problems. Lightweight static analyses, implemented in "lint-like" tools, are widely used to find violations of these rules, but are of limited use because of the language's dynamic nature. This paper presents DLint, a dynamic analysis approach to check code quality rules in JavaScript. DLint consists of a generic framework and an extensible set of checkers that each addresses a particular rule. We formally describe and implement 28 checkers that address problems missed by state-of-the-art static approaches. Applying the approach in a comprehensive empirical study on over 200 popular web sites shows that static and dynamic checking complement each other. On average per web site, DLint detects 49 problems that are missed statically, including visible bugs on the web sites of IKEA, Hilton, eBay, and CNBC.Keywords
Funding Information
- German Research Foundation (ConcSys)
- German Federal Ministry of Education and Research (EC SPRIDE)
- NSF Office of the Director (CCF-1423645)
- NSF Office (CCF-1409872)
This publication has 44 references indexed in Scilit:
- Correlation Tracking for Points-To Analysis of JavaScriptLecture Notes in Computer Science, 2012
- Improving penetration testing through static and dynamic analysisSoftware Testing, Verification and Reliability, 2011
- The Eval That Men DoLecture Notes in Computer Science, 2011
- Typing Local Control and State Using Flow AnalysisLecture Notes in Computer Science, 2011
- A few billion lines of code laterCommunications of the ACM, 2010
- Type Analysis for JavaScriptLecture Notes in Computer Science, 2009
- DSD-CrasherACM Transactions on Software Engineering and Methodology, 2008
- Combining Static and Dynamic Reasoning for Bug DetectionLecture Notes in Computer Science, 2007
- Towards a Type System for Analyzing JavaScript ProgramsLecture Notes in Computer Science, 2005
- Finding bugs is easyACM SIGPLAN Notices, 2004