Dynamic Data Collection and Diagnostics for Improving JavaScript Applications

Play Dynamic Data Collection and Diagnostics for Improving JavaScript Applications
Sign in to queue

Description

JavaScript is becoming one of the most popular languages, yet it is known for its suboptimal design. To effectively use JavaScript despite its design flaws, lightweight static analyses, implemented in "lint-like" tools, are widely used to detect potential issues in JavaScript code, but are of limited use because of the language's dynamic nature. My work tackles this challenge via dynamic analysis. Specifically, I developed async-track and extended Jalangi, both of which are instrumentation infrastructures used in industry for tracking various kinds of runtime information. In this talk, I will first present our instrumentation frameworks and show how we dynamically pinpoint issues in real-world applications. We detected dozens of bugs in the world's most popular websites, found hundreds of security issues in npm packages, and pinpointed JIT-unfriendly code that prevents the runtime to perform profitable optimization in well-known benchmarks. Our generic frameworks also facilitate runtime data collection for other research areas. In the second part of my talk, I will share some of the lessons I learned in mining software repositories and statistical bug localization based on data collected via instrumentation. 

Embed

Download

Download this episode

Download captions

The Discussion

Add Your 2 Cents