javascript (JS) is a popular, platform-independent programming language. To ensure the interoperability of JS programs across different platforms, the implementation of a JS engine should conform to the ECMAScript sta...
详细信息
ISBN:
(纸本)9781450383912
javascript (JS) is a popular, platform-independent programming language. To ensure the interoperability of JS programs across different platforms, the implementation of a JS engine should conform to the ECMAScript standard. However, doing so is challenging as there are many subtle definitions of API behaviors, and the definitions keep evolving. We present Comfort, a new compiler fuzzing framework for detecting JS engine bugs and behaviors that deviate from the ECMAScript standard. COMFORT leverages the recent advance in deep learning-based language models to automatically generate JS test code. As a departure from prior fuzzers, COMFORT utilizes the well-structured ECMAScript specifications to automatically generate test data along with the test programs to expose bugs that could be overlooked by the developers or manually written test cases. COMFORT then applies differential testing methodologies on the generated test cases to expose standard conformance bugs. We apply COMFORT to ten mainstream JS engines. In 200 hours of automated concurrent testing runs, we discover bugs in all tested JS engines. We had identified 158 unique JS engine bugs, of which 129 have been verified, and 115 have already been fixed by the developers. Furthermore, 21 of the COMFORT-generated test cases have been added to Test262, the official ECMAScript conformance test suite.
Search-based test case generation approaches make use of static type information to determine which data types should be used for the creation of new test cases. Dynamically typed languages like javascript, however, d...
详细信息
ISBN:
(纸本)9783031212505;9783031212512
Search-based test case generation approaches make use of static type information to determine which data types should be used for the creation of new test cases. Dynamically typed languages like javascript, however, do not have this type information. In this paper, we propose an unsupervised probabilistic type inference approach to infer data types within the test case generation process. We evaluated the proposed approach on a benchmark of 98 units under test (i.e., exported classes and functions) compared to random type sampling w. r. t. branch coverage. Our results show that our type inference approach achieves a statistically significant increase in 56% of the test files with up to 71% of branch coverage compared to the baseline.
Web applications have become one of the fastest growing types of software systems today. Despite their popularity, understanding the behaviour of modern web applications is still a challenging endeavour for developers...
详细信息
ISBN:
(纸本)9781450327565
Web applications have become one of the fastest growing types of software systems today. Despite their popularity, understanding the behaviour of modern web applications is still a challenging endeavour for developers during development and maintenance tasks. The challenges mainly stem from the dynamic, event-driven, and asynchronous nature of the javascript language. We propose a generic technique for capturing low-level event-based interactions in a web application and mapping those to a higher-level behavioural model. This model is then transformed into an interactive visualization, representing episodes of triggered causal and temporal events, related javascript code executions, and their impact on the dynamic DOM state. Our approach, implemented in a tool called CLEMATIS, allows developers to easily understand the complex dynamic behaviour of their application at three different semantic levels of granularity. The results of our industrial controlled experiment show that CLEMATIS is capable of improving the task accuracy by 61%, while reducing the task completion time by 47%.
As testing phase plays a significant role in the software lifecycle, all facilitations that can speed up and automate this process seem to be very useful. One of the biggest group of approaches covers automatic test g...
详细信息
ISBN:
(纸本)9789897585081
As testing phase plays a significant role in the software lifecycle, all facilitations that can speed up and automate this process seem to be very useful. One of the biggest group of approaches covers automatic test generation. In this paper, we describe our solution for fully automated unit test generation from UML class and activity diagrams. We have adapted and completely redesigned two algorithms from the literature. The first of them tests conformance of types of attributes and method return values between the class diagram and class implementation. The second one serves as a basis for testing all paths of the activity diagram. As a result, we generate tests in dynamically typed language, javascript, in the format required by Jest testing framework. We have implemented this approach in the extensible UML2Test tool, a plug-in to StarUML modeling environment. The tool generates complete executable unit tests from the UML model, so it can be used in conjunction with the test-driven development methodology. Usefulness of our approach and tool was successfully verified on the exemplary system for recruitment support.
javascript libraries, such as JQuery, are widely used in web applications. In these libraries' event delegation models, a DOM element's event handler is usually bound to its parent nodes. This makes it difficu...
详细信息
ISBN:
(纸本)9781467396448
javascript libraries, such as JQuery, are widely used in web applications. In these libraries' event delegation models, a DOM element's event handler is usually bound to its parent nodes. This makes it difficult for developers to figure out the user-defined event handlers of a specified DOM element. In this paper, we propose an approach that identifies the user-defined event handlers of DOM elements in a web page. We dynamically collect the execution trace for each triggered event in a web page, and analyze how each function is used in the execution trace to discover the event handlers for each event. We evaluate our approach on seven real-world web applications. The result shows that our approach is effective, with an overall precision of 100% and recall of 99.8%.
Regular expressions are notoriously difficult to get right, with developers often having to resort to trial-and-error approaches. Even so, little attention has been given by the research community to the development o...
详细信息
ISBN:
(纸本)9798350322637
Regular expressions are notoriously difficult to get right, with developers often having to resort to trial-and-error approaches. Even so, little attention has been given by the research community to the development of effective debugging tools for regular expressions. We present REXSTEPPER, a reference debugger for troubleshooting javascript regular expressions in the browser. REXSTEPPER is implemented on top of REXREF, a trusted reference implementation of javascript (ECMAScript 5) regular expressions, which works by transpiling the given regular expression to a javascript function that recognises its expansions. We demonstrate the usefulness of REXSTEPPER by successfully using it to troubleshoot a benchmark of 18 faulty regular expressions obtained from the Stack Overflow and Stack Exchange websites.
作者:
Wu, DiDalian Univ
Coll Phys Sci & Technol Dalian Econ & Tech Dev Zone 10 Xuefu St Dalian 116622 Peoples R China
When constructing sophisticated 3D interactive apparatus with VRML, a method is usually adopted that is manipulating another object with a selected one. Therefore, the way of achieving the linkage movement of three-di...
详细信息
ISBN:
(纸本)9783642384660;9783642384653
When constructing sophisticated 3D interactive apparatus with VRML, a method is usually adopted that is manipulating another object with a selected one. Therefore, the way of achieving the linkage movement of three-dimensional objects on website was crucial. Adjustment of the apparatus for complex interaction can not simply be operated with VRML itself. This article takes the creation of interactive three-dimensional microscope for example, with the technique of javascript programming which realized the interactive operation adjusting the place of microscope lens horizontally and vertically, a complex interaction and coordinated controlling campaign achieved.
In our recent work, we proposed BUGSJS, a benchmark of several hundred bugs from popular javascript server-side programs. In this abstract paper, we report the results of our initial evaluation in adopting BUGSJS to s...
详细信息
ISBN:
(纸本)9781728117362
In our recent work, we proposed BUGSJS, a benchmark of several hundred bugs from popular javascript server-side programs. In this abstract paper, we report the results of our initial evaluation in adopting BUGSJS to support an experiment in fault localization. First, we describe how BUGSJS facilitated accessing the information required to perform the experiment, namely, test case code, their outcomes, their associated code coverage and related bug information. Second, we illustrate how BUGSJS can be improved to further enable easier application to fault localization research, for instance, by filtering out failing test cases that do not directly contribute to a bug. We hope that our preliminary results will foster researchers in using BUGSJS to enable highly-reproducible empirical studies and comparisons of javascript analysis and testing tools.
Learn how to build interactive, data-driven websites--even if you don't have any previous programming experience. If you know how to build static sites with HTML, this popular guide will help you tackle dynamic we...
详细信息
ISBN:
(纸本)9781491949467
Learn how to build interactive, data-driven websites--even if you don't have any previous programming experience. If you know how to build static sites with HTML, this popular guide will help you tackle dynamic web programming. You'll get a thorough grounding in today's core open source technologies: PHP, MySQL, javascript, CSS, and now *** each technology separately, learn how to combine them, and pick up valuable web programming concepts along the way, including objects, XHTML, cookies, and session management. This book provides review questions in each chapter to help you apply what you've learned. Learn PHP essentials and the basics of object-oriented programming Master MySQL, from database structure to complex queries Create web pages with PHP and MySQL by integrating forms and other HTML, CSS, javascript and HTML5 features Learn javascript fundamentals, from functions and event handling to accessing the Document Object Model Pick up CSS and CSS3 basics for formatting and styling your web pagesFind out how to manipulate CSS properties directly from javascriptTurn your website into a highly dynamic environment with Ajax calls Upload and manipulate files and images, validate user input, and secure your applications Enhance your website with HTML5 audio, video and other multimedia and powerful features Build a working example that brings all of these ingredients together
Keystrokes trigger interrupts which can be detected through software side channels to reconstruct keystroke timings. Keystroke timing attacks use these side channels to infer typed words, passphrases, or create user f...
详细信息
ISBN:
(数字)9783319663999
ISBN:
(纸本)9783319663999;9783319663982
Keystrokes trigger interrupts which can be detected through software side channels to reconstruct keystroke timings. Keystroke timing attacks use these side channels to infer typed words, passphrases, or create user fingerprints. While keystroke timing attacks are considered harmful, they typically require native code execution to exploit the side channels and, thus, may not be practical in many scenarios. In this paper, we present the first generic keystroke timing attack in sandboxed javascript, targeting arbitrary other tabs, processes and programs. This violates same-origin policy, HTTPS security model, and process isolation. Our attack is based on the interrupt-timing side channel which has previously only been exploited using native code. In contrast to previous attacks, we do not require the victim to run a malicious binary or interact with the malicious website. Instead, our attack runs in a background tab, possibly in a minimized browser window, displaying a malicious online advertisement. We show that we can observe the exact inter-keystroke timings for a user's PIN or password, infer URLs entered by the user, and distinguish different users time-sharing a computer. Our attack works on personal computers, laptops and smartphones, with different operating systems and browsers. As a solution against all known javascript timing attacks, we propose a fine-grained permission model.
暂无评论