talk by Michael Pradel, TU Darmstadt

DLint: Dynamically Checking Bad Coding Practices in JavaScript

2015.04.15 | Anders Møller

Friday 24 April 10:00, Nygaard-327

DLint: Dynamically Checking Bad Coding Practices in JavaScript

JavaScript is becoming one of the most popular languages, yet it is known for its suboptimal design. To effectively use JavaScript despite its design flaws, developers try to follow informal code quality rules that help avoiding correctness, maintainability, performance, and security problems. Lightweight static analyses, implemented in "lint-like" tools, are widely used to find violations of these rules, but are of limited use because of the language's dynamic nature. This talk presents DLint, a dynamic analysis approach to check code quality rules in JavaScript. DLint consists of a generic framework and an extensible set of checkers that each address a particular rule. So far, we have formally described and implemented 28 checkers that address problems missed by state-of-the-art static approaches. Applying the approach in a comprehensive empirical study on over 200 popular web sites shows that static and dynamic checking complement each other. On average per web site, DLint detects 49 problems that are missed statically, including visible bugs on the web sites of IKEA, Hilton, eBay, and CNBC.

This is joint work with Liang Gong, Manu Shridharan, and Koushik Sen.