DLint: Dynamically Checking Bad Coding Practices in JavaScript

Liang Gong and Michael Pradel and Manu Sridharan and Koushik Sen

EECS Department, University of California, Berkeley

Technical Report No. UCB/EECS-2015-5

February 8, 2015

http://www2.eecs.berkeley.edu/Pubs/TechRpts/2015/EECS-2015-5.pdf

JavaScript is becoming one of the most popular languages, yet it is known for its suboptimal design. To effectively use JavaScript despite its design flaws, developers try to follow informal code quality rules that help avoiding correctness, maintainability, performance, and security problems. Lightweight static analyses, implemented in "lint-like" tools, are widely used to find violations of these rules, but are of limited use because of the language's dynamic nature. This paper presents DLint, a dynamic analysis approach to check code quality rules in JavaScript. DLint consists of a generic framework and an extensible set of checkers that each address a particular rule. We formally describe and implement 28 checkers that address problems missed by state-of-the-art static approaches. Applying the approach in a comprehensive empirical study on over 200 popular web sites shows that static and dynamic checking complement each other. On average per web site, DLint detects 49 problems that are missed statically, including visible bugs on the web sites of IKEA, Hilton, eBay, and CNBC.

BibTeX citation:

@techreport{Gong:EECS-2015-5,
    Author= {Gong, Liang and Pradel, Michael and Sridharan, Manu and Sen, Koushik},
    Title= {DLint: Dynamically Checking Bad Coding Practices in JavaScript},
    Year= {2015},
    Month= {Feb},
    Url= {http://www2.eecs.berkeley.edu/Pubs/TechRpts/2015/EECS-2015-5.html},
    Number= {UCB/EECS-2015-5},
    Abstract= {JavaScript is becoming one of the most popular languages, yet it is known for its suboptimal design. To effectively use JavaScript despite its design flaws, developers try to follow informal code quality rules that help avoiding correctness, maintainability, performance, and security problems. Lightweight static analyses, implemented in "lint-like" tools, are widely used to find violations of these rules, but are of limited use because of the language's dynamic nature. This paper presents DLint, a dynamic analysis approach to check code quality rules in JavaScript. DLint consists of a generic framework and an extensible set of checkers that each address a particular rule. We formally describe and implement 28 checkers that address problems missed by state-of-the-art static approaches. Applying the approach in a comprehensive empirical study on over 200 popular web sites shows that static and dynamic checking complement each other. On average per web site, DLint detects 49 problems that are missed statically, including visible bugs on the web sites of IKEA, Hilton, eBay, and CNBC.},
}

EndNote citation:

%0 Report
%A Gong, Liang 
%A Pradel, Michael 
%A Sridharan, Manu 
%A Sen, Koushik 
%T DLint: Dynamically Checking Bad Coding Practices in JavaScript
%I EECS Department, University of California, Berkeley
%D 2015
%8 February 8
%@ UCB/EECS-2015-5
%U http://www2.eecs.berkeley.edu/Pubs/TechRpts/2015/EECS-2015-5.html
%F Gong:EECS-2015-5