GENERATING ERROR-REVEALING INPUTS WITH NEW STATIC ANALYSIS WARNINGS

The Hong Kong University of Science and Technology
Department of Computer Science and Engineering


PhD Thesis Defence


Title: "GENERATING ERROR-REVEALING INPUTS WITH NEW STATIC ANALYSIS WARNINGS"

By

Mr. Wai Ting CHEUNG


Abstract

JavaScript is a popular programming language in 2017. Many JavaScript libraries 
are widely used in practice. However, existing research is not yet ready for 
analyzing JavaScript libraries. Pattern- based static analyzers use pattern 
matching to identify known buggy patterns, but can hardly identify bugs that 
require semantics-based analysis. Applying existing semantics-based static 
analyzers on JavaScript libraries faces several challenges: functions not 
reachable during analysis, creating objects of dynamic types, detecting 
undeclared exceptions, and generating error-revealing inputs.

To address these limitations, this thesis proposes a combination of static and 
dynamic analysis techniques that leverages existing test cases to call and 
reach the library functions during static analysis. The technique extends 
existing test cases to filter out redundant warnings and to reveal real errors 
that serve as debugging aids. By applying the technique to analyze 32 top 
client-side JavaScript libraries from GitHub, it can filter out almost 90% of 
redundant warnings and verify the warnings of 47% of the subjects. Also, 3723 
extended test cases revealed a total of 33 errors and existing tools can detect 
at most 24% of them. Five of the errors (15%) have been confirmed by developers 
as bugs. The proposed approach acts as a milestone that drives the JavaScript 
community to expand their scope of research by analyzing a large variety of 
JavaScript libraries in their work.


Date:			Friday, 8 September 2017

Time:			10:00am - 12:00noon

Venue:			Room 4475
 			Lifts 25/26

Chairman:		Prof. Jiewen Hong (MARK)

Committee Members:	Prof. Sunghun Kim (Supervisor)
 			Prof. Sukyoung Ryu (Supervisor - KAIST)
 			Prof. Frederick Lochovsky
 			Prof. Xiaojuan Ma
 			Prof. Wei Zhang (ECE)
 			Prof. Hong Cheng (Sys Engg & Engg Mgmt, CUHK)
 			Prof. Moonzoo Kim (Computing, KAIST)


**** ALL are Welcome ****