Software Engineering for JavaScript

Testing

  • K. Sen, S. Kalasapur, T. Brutch, and S. Gibbs, "Jalangi: A Selective Record-Replay and Dynamic Analysis Framework for JavaScript," in Proc. 9th joint meeting of the European Software Engineering Conference and the ACM SIGSOFT Symposium on the Foundations of Software Engineering (ESEC/FSE'13), 2013. [pdf] [demo] [slides][open source tool]
  • K. Sen, S. Kalasapur, T. Brutch, and S. Gibbs, "Jalangi: A Tool Framework for Concolic Testing, Selective Record-Replay, and Dynamic Analysis of JavaScript," in Proc. 9th joint meeting of the European Software Engineering Conference and the ACM SIGSOFT Symposium on the Foundations of Software Engineering (ESEC/FSE'13), 2013. (Tool Paper) [pdf]
  • S. Mirshokraie, A. Mesbah and K. Pattabiraman, “Pythia: Generating Test Cases with Oracles for JavaScript Applications”, in Proceedings of the ACM/IEEE International Conference on Automated Software Engineering (ASE), New Ideas Track, 2013, 610–615, IEEE Computer Society. [pdf][open source tool]
  • S. Mirshokraie, A. Mesbah and K. Pattabiraman, “Efficient JavaScript Mutation Testing”, in Proceedings of the International Conference on Software Testing, Verification and Validation (ICST), 2013, 74–83, IEEE Computer Society, [pdf][open source tool]
  • S. Mirshokraie and A. Mesbah, “JSART: JavaScript Assertion-based Regression Testing”, in Proceedings of the International Conference on Web Engineering (ICWE), 2012, 238–252, Springer. [pdf][open source tool]
  • S. Artzi, J. Dolby, S. H. Jensen, A. M.ller, and F. Tip. A framework for automated testing of javascript web applications. In 33rd International Conference on Software Engineering, ICSE'11, pages 571{580. ACM, 2011. [pdf][open source tool][project web][example applications]
  • ] A. Mesbah and A. van Deursen. Invariant-based automatic testing of ajax user interfaces. In 31st International Conference on Software Engineering, ICSE '09, 2009. [pdf]

Debugging

  • Frolin S. Ocariza, Jr. Karthik Pattabiraman Ali Mesbah. Vejovis: Suggesting Fixes for JavaScript Faults. ICSE 2014. [pdf][open source tool]
  • F. Ocariza Jr., K. Pattabiraman, A. Mesbah, "AutoFLox: An Automatic Fault Localizer for Client-Side JavaScript," In Proceedings of the 5th IEEE International Conference on Software Testing, Verification and Validation (ICST), Montreal, QC, Canada, April 2012. [pdf][open source tool]
  • Jeremy Elson, and Jon Howell. Mugshot: Deterministic Capture and Replay for JavaScript Applications James Mickens, NDSI 2010. [pdf][slides and online video]

Refactoring/Program Understanding

  • Alimadadi, Saba and Sequeira, Sheldon and Mesbah, Ali and Pattabiraman, Karthik, Understanding JavaScript Event-based Interactions, ICSE 2014. [pdf][open source tool]
  • Asger Feldthaus and Anders Møller. Semi-Automatic Rename Refactoring for JavaScript. OOPSLA 2013. [pdf][project web][open source tool]
  • J. Lo, E. Wohlstadter and A. Mesbah, “Imagen: Runtime Migration of Browser Sessions for JavaScript Web Applications”, in Proceedings of the International World Wide Web Conference (WWW), 2013, 815–825, [pdf]
  • Tool-supported Refactoring for JavaScript. OOPSLA 2011. [pdf][project web][open source tool]

Security

  • Christoph Kerschbaumer, Eric Hennigan, Per Larsen, Stefan Brunthaler, and Michael Franz. 2013. Information flow tracking meets just-in-time compilation. ACM Trans. Archit. Code Optim. 10, 4, Article 38 (December 2013). [pdf]
  • Meyerovich, Leo A., and Benjamin Livshits. "ConScript: Specifying and enforcing fine-grained security policies for Javascript in the browser." Security and Privacy (SP), 2010 IEEE Symposium on. IEEE, 2010. [pdf]
  • Yu, Dachuan, et al. "JavaScript instrumentation for browser security." ACM SIGPLAN Notices. Vol. 42. No. 1. ACM, POPL 2007. [pdf]
  • Yue, Chuan, and Haining Wang. "Characterizing insecure javascript practices on the web." Proceedings of the 18th international conference on World wide web. ACM, 2009. [pdf]
  • Georgiev, Martin, Suman Jana, and Vitaly Shmatikov. "Breaking and Fixing Origin-Based Access Control in Hybrid Web/Mobile Application Frameworks." NDSS 2014. [pdf]

Bug Studies

  • F. Ocariza Jr., K. Bajaj, K. Pattabiraman, A. Mesbah, "An Empirical Study of Client-Side JavaScript Bugs," In Proceedings of the 7th IEEE International Symposium on Empirical Software Engineering and Measurement (ESEM), Baltimore, MD, USA, October 2013. [pdf]
  • F. Ocariza Jr., K. Pattabiraman, B. Zorn, "JavaScript Errors in the Wild: An Empirical Study," In Proceedings of the 22nd IEEE International Symposium on Software Reliability Engineering (ISSRE), Hiroshima, Japan, November 2011. [pdf]

Program Analysis

  • A. Milani Fard and A. Mesbah, “JSNose: Detecting JavaScript Code Smells”, in Proceedings of the International Conference on Source Code Analysis and Manipulation (SCAM), 2013, 116–125, IEEE Computer Society. [pdf][open source tool]
  • Shiyi Wei and Barbara G. Ryder. 2013. Practical blended taint analysis for JavaScript. In Proceedings of the 2013 International Symposium on Software Testing and Analysis (ISSTA 2013). [pdf]
  • Feldthaus, Schäfer, Sridharan, Dolby, and Tip, Efficient Construction of Approximate Call Graphs for JavaScript IDE Services. ICSE 2013 [pdf]

Open Source Infrastructures