A General Approach for Finding Web Application Inconsistencies

We introduce a new fault detection approach, implemented in our tool called Holocron, which targets both single-language and cross-language inconsistencies in web applications that use MVC frameworks. Unlike our previous tool Aurebesh, Holocron works not only with AngularJS applications, but also with BackboneJS and Ember.js applications.

Conference Paper (ASE'17): Detecting Unknown Inconsistencies in Web Applications

Motivation

A recent trend in web programming has seen the web application's functionality being offloaded more and more to the client-side; as a result, there is increasing demand for making client-side code more bug-free. As a response, developers have created various fault detection schemes for web applications. This includes our previous tool - Aurebesh - which detects inconsistencies in AngularJS applications. However, many of these fault detection schemes target very specific classes of inconsistencies based on pre-defined coding patterns, which limits both the types of bugs that can be detected, as well as the types of frameworks that can be supported. Further, these fault detection schemes only detect inconsistencies that occur in single programming languages, even though web application bugs tend to span multiple programming languages. This suggests the need for a fault detection approach that is both general, in the sense that it does not rely on pre-defined coding patterns, and cross-language.

Methodology

In response to the above issues, we introduce a tool called Holocron, which looks for code patterns in the AST and DOM by finding subtree repeats. These code patterns are used to generate consistency rules, which are themselves used to find both single-language inconsistencies as well as cross-language inconsistencies. For the latter, we use a data mining technique known as association rule learning to infer consistency rules between the HTML and JavaScript code.

Tool

Holocron: holocron.zip