AutoFLox: Automatic Fault Localization in Ajax-based Web Applications

AutoFLox stands for "Automatic Fault Localizer for Ajax". At its current state, the tool is capable of localizing - finding the direct DOM access of - code-terminating DOM-related JavaScript faults resulting in null exceptions, which, according to our studies make up the vast majority of JavaScript errors reported by web application users.

Journal Paper (STVR'15): Automatic Fault Localization for Client-Side JavaScript
Conference Paper (ICST'12): AutoFLox: An Automatic Fault Localizer for Client Side JavaScript

Motivation

Much of the interactivity and functionality provided by web applications are attained through the use of client-side JavaScript. The JavaScript language has many distinguishable characteristics such as its loosely typed semantics and permissiveness that paves the way for dependability problems to arise. Hence, JavaScript-based applications can be prone to bugs, which appear in both the development phase, as well as the maintenance phase after the web application has been made available to the public. While some work has been done on testing client-side JavaScript to detect the presence of such bugs, very little work has been done on the localization of these bugs. This is one of the most important steps when debugging as it allows the programmer to know exactly which parts of the code need to be modified in order to fix the bug; unfortunately, this step can also be very expensive.

Our tool, AutoFLox, is capable of performing automatic fault localization of client-side JavaScript errors in Web 2.0 (i.e., Ajax-based) applications. Specifically, it can localize code-terminating DOM-related JavaScript errors, which make up over 50% of bug reports we have studied for well-known web applications. The output of the tool is the direct DOM access, which is the DOM access function in JavaScript from which the erroneous, code- terminating value (e.g., null, undefined) originated. The direct DOM access will give the programmer a clear idea as to the nature of the root cause (i.e., the JavaScript code or the DOM) as well as its location (i.e., the line number).

Methodology

AutoFLox consists of two phases: trace collection and trace analysis. These are described below.

  1. In the trace collection phase, AutoFLox executes the client-side JavaScript code in the web application under test by means of crawling the application. This is mainly accomplished using our own refined version of existing tools such as Crawljax and InvarScope. Here, our tool adds instrumentation at every line of JavaScript code to keep track of which lines are executed. Our performance evaluation suggests that the performance overhead incurred by this instrumentation is low.
  2. In the trace analysis phase, the collected traces are analyzed and parsed to (1) determine the line in which the null exception has been thrown and (2) perform a backwards slice along the executed JavaScript code to ascertain the null propagation path and find the direct DOM access.

Tool

The download link for AutoFLox is as follows: autoflox.zip

Address: SAP Vancouver
E-mail: frolino AT ece DOT ubc DOT ca