TU Darmstadt / ULB / TUbiblio

TypeDevil: dynamic type inconsistency analysis for JavaScript

Pradel, Michael and Schuh, Parker and Sen, Koushik (2015):
TypeDevil: dynamic type inconsistency analysis for JavaScript.
In: Proceedings of the 37th International Conference on Software Engineering, IEEE Press, Florence, Italy, ISBN 978-1-4799-1934-5,
DOI: 10.1109/ICSE.2015.51, [Conference or Workshop Item]

Abstract

Dynamic languages, such as JavaScript, give programmers the freedom to ignore types, and enable them to write concise code in short time. Despite this freedom, many programs follow implicit type rules, for example, that a function has a particular signature or that a property has a particular type. Violations of such implicit type rules often correlate with problems in the program. This paper presents Type Devil, a mostly dynamic analysis that warns developers about inconsistent types. The key idea is to assign a set of observed types to each variable, property, and function, to merge types based in their structure, and to warn developers about variables, properties, and functions that have inconsistent types. To deal with the pervasiveness of polymorphic behavior in real-world JavaScript programs, we present a set of techniques to remove spurious warnings and to merge related warnings. Applying Type Devil to widely used benchmark suites and real-world web applications reveals 15 problematic type inconsistencies, including correctness problems, performance problems, and dangerous coding practices.

Item Type: Conference or Workshop Item
Erschienen: 2015
Creators: Pradel, Michael and Schuh, Parker and Sen, Koushik
Title: TypeDevil: dynamic type inconsistency analysis for JavaScript
Language: German
Abstract:

Dynamic languages, such as JavaScript, give programmers the freedom to ignore types, and enable them to write concise code in short time. Despite this freedom, many programs follow implicit type rules, for example, that a function has a particular signature or that a property has a particular type. Violations of such implicit type rules often correlate with problems in the program. This paper presents Type Devil, a mostly dynamic analysis that warns developers about inconsistent types. The key idea is to assign a set of observed types to each variable, property, and function, to merge types based in their structure, and to warn developers about variables, properties, and functions that have inconsistent types. To deal with the pervasiveness of polymorphic behavior in real-world JavaScript programs, we present a set of techniques to remove spurious warnings and to merge related warnings. Applying Type Devil to widely used benchmark suites and real-world web applications reveals 15 problematic type inconsistencies, including correctness problems, performance problems, and dangerous coding practices.

Title of Book: Proceedings of the 37th International Conference on Software Engineering
Volume: 1
Number: 37
Publisher: IEEE Press
ISBN: 978-1-4799-1934-5
Uncontrolled Keywords: Instruments, Performance analysis, Runtime, Computer crashes, Arrays, Receivers, Benchmark testing
Divisions: Profile Areas > Cybersecurity (CYSEC)
Profile Areas
Event Location: Florence, Italy
Date Deposited: 14 Aug 2017 14:18
DOI: 10.1109/ICSE.2015.51
Identification Number: TUD-CS-2015-12085
Export:

Optionen (nur für Redakteure)

View Item View Item