Andy Ko- Defect Detection for the Wayward Web

The web is becoming an increasingly popular place for interactive software applications. And with good reason: it is platform-independent, information-rich, and highly flexible, enabling developers to rapidly prototype and deploy ideas with a range of dynamic languages such as JavaScript, Python, and PHP. Unfortunately, in trade for this flexibility, defects are often difficult to find without significant testing efforts. In this talk, I discuss two tools that detect defects in web applications automatically by exploiting patterns in how developers write web applications. The first is an analysis called Cleanroom, which attempts to detect faulty identifiers in client-side web application code by looking for program identifiers that appear only once across a web application's code base. The second is a static program analysis called FeedLack, which identifies control flow paths through user interface code that do not produce visible changes to a web page in response to user input. I describe empirical evaluations for both analyses, demonstrating their ability to detect defects in real web applications.