{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,6,5]],"date-time":"2026-06-05T04:22:42Z","timestamp":1780633362069,"version":"3.54.1"},"reference-count":128,"publisher":"Association for Computing Machinery (ACM)","issue":"5","license":[{"start":{"date-parts":[[2017,9,26]],"date-time":"2017-09-26T00:00:00Z","timestamp":1506384000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"name":"German Federal Ministry of Education and Research and by the Hessian Ministry of Science and the Arts within \u201cCRISP,\u201d"},{"DOI":"10.13039\/100000001","name":"NSF","doi-asserted-by":"publisher","award":["CCF-1409872 and CCF-1423645"],"award-info":[{"award-number":["CCF-1409872 and CCF-1423645"]}],"id":[{"id":"10.13039\/100000001","id-type":"DOI","asserted-by":"publisher"}]},{"name":"European Research Council (ERC) under the European Union's Horizon 2020 research and innovation program","award":["647544"],"award-info":[{"award-number":["647544"]}]},{"name":"German Research Foundation within the Emmy Noether project \u201cConcSys,\u201d"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":["ACM Comput. Surv."],"published-print":{"date-parts":[[2018,9,30]]},"abstract":"<jats:p>JavaScript has become one of the most prevalent programming languages. Unfortunately, some of the unique properties that contribute to this popularity also make JavaScript programs prone to errors and difficult for program analyses to reason about. These properties include the highly dynamic nature of the language, a set of unusual language features, a lack of encapsulation mechanisms, and the \u201cno crash\u201d philosophy. This article surveys dynamic program analysis and test generation techniques for JavaScript targeted at improving the correctness, reliability, performance, security, and privacy of JavaScript-based software.<\/jats:p>","DOI":"10.1145\/3106739","type":"journal-article","created":{"date-parts":[[2017,9,27]],"date-time":"2017-09-27T12:33:53Z","timestamp":1506515633000},"page":"1-36","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":61,"title":["A Survey of Dynamic Analysis and Test Generation for JavaScript"],"prefix":"10.1145","volume":"50","author":[{"given":"Esben","family":"Andreasen","sequence":"first","affiliation":[{"name":"Aarhus University, Aarhus N, Denmark"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Liang","family":"Gong","sequence":"additional","affiliation":[{"name":"University of California, Berkeley, CA, USA"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Anders","family":"M\u00f8ller","sequence":"additional","affiliation":[{"name":"Aarhus University, Aarhus N, Denmark"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-1623-498X","authenticated-orcid":false,"given":"Michael","family":"Pradel","sequence":"additional","affiliation":[{"name":"TU Darmstadt, Darmstadt, Germany"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Marija","family":"Selakovic","sequence":"additional","affiliation":[{"name":"TU Darmstadt, Darmstadt, Germany"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Koushik","family":"Sen","sequence":"additional","affiliation":[{"name":"University of California, Berkeley, CA, USA"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Cristian-Alexandru","family":"Staicu","sequence":"additional","affiliation":[{"name":"TU Darmstadt, Darmstadt, Germany"}],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"320","published-online":{"date-parts":[[2017,9,26]]},"reference":[{"issue":"8","key":"e_1_2_1_1_1","first-page":"2016","article-title":"TypeScript Language Specification","volume":"1","year":"2016","unstructured":"2016 . TypeScript Language Specification , Version 1 . 8 . ( January 2016 . 2016. TypeScript Language Specification, Version 1.8. (January 2016.","journal-title":"Version"},{"key":"e_1_2_1_2_1","doi-asserted-by":"publisher","DOI":"10.1145\/93542.93576"},{"key":"e_1_2_1_3_1","first-page":"321","article-title":"Hybrid DOM-sensitive change impact analysis for javascript","volume":"37","author":"Alimadadi Saba","year":"2015","unstructured":"Saba Alimadadi , Ali Mesbah , and Karthik Pattabiraman . 2015 . Hybrid DOM-sensitive change impact analysis for javascript . In ECOOP , Vol. 37. 321 -- 345 . Saba Alimadadi, Ali Mesbah, and Karthik Pattabiraman. 2015. Hybrid DOM-sensitive change impact analysis for javascript. In ECOOP, Vol. 37. 321--345.","journal-title":"ECOOP"},{"key":"e_1_2_1_4_1","doi-asserted-by":"publisher","DOI":"10.1145\/2884781.2884864"},{"key":"e_1_2_1_5_1","doi-asserted-by":"publisher","DOI":"10.1145\/2568225.2568268"},{"key":"e_1_2_1_6_1","doi-asserted-by":"publisher","DOI":"10.1147\/sj.442.0399"},{"key":"e_1_2_1_7_1","doi-asserted-by":"crossref","unstructured":"Esben Andreasen and Anders M\u00f8ller. 2014. Determinacy in static analysis for jQuery. In OOPSLA. 17--31. Esben Andreasen and Anders M\u00f8ller. 2014. Determinacy in static analysis for jQuery. In OOPSLA. 17--31.","DOI":"10.1145\/2714064.2660214"},{"key":"e_1_2_1_8_1","doi-asserted-by":"publisher","DOI":"10.1109\/DSN.2011.5958253"},{"key":"e_1_2_1_9_1","volume-title":"Anders M\u00f8ller, and Frank Tip.","author":"Artzi Shay","year":"2011","unstructured":"Shay Artzi , Julian Dolby , Simon Holm Jensen , Anders M\u00f8ller, and Frank Tip. 2011 . A framework for automated testing of JavaScript web applications. In ICSE. 571--580. Shay Artzi, Julian Dolby, Simon Holm Jensen, Anders M\u00f8ller, and Frank Tip. 2011. A framework for automated testing of JavaScript web applications. In ICSE. 571--580."},{"key":"e_1_2_1_10_1","doi-asserted-by":"publisher","DOI":"10.1145\/1814217.1814220"},{"key":"e_1_2_1_11_1","doi-asserted-by":"publisher","DOI":"10.1145\/2103656.2103677"},{"key":"e_1_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.1145\/857076.857077"},{"key":"e_1_2_1_13_1","doi-asserted-by":"publisher","DOI":"10.1145\/1831708.1831738"},{"key":"e_1_2_1_14_1","doi-asserted-by":"publisher","DOI":"10.1145\/2642937.2642981"},{"key":"e_1_2_1_15_1","first-page":"52","article-title":"Hidden-web induced by client-side scripting: An empirical study","volume":"7977","author":"Behfarshad Zahra","year":"2013","unstructured":"Zahra Behfarshad and Ali Mesbah . 2013 . Hidden-web induced by client-side scripting: An empirical study . In ICWE , Vol. 7977. 52 -- 67 . Zahra Behfarshad and Ali Mesbah. 2013. Hidden-web induced by client-side scripting: An empirical study. In ICWE, Vol. 7977. 52--67.","journal-title":"ICWE"},{"key":"e_1_2_1_16_1","doi-asserted-by":"publisher","DOI":"10.1145\/1646353.1646374"},{"key":"e_1_2_1_17_1","first-page":"159","article-title":"Information flow control in webkit\u2019s JavaScript Bytecode","volume":"8414","author":"Bichhawat Abhishek","year":"2014","unstructured":"Abhishek Bichhawat , Vineet Rajani , Deepak Garg , and Christian Hammer . 2014 . Information flow control in webkit\u2019s JavaScript Bytecode . In POST , Vol. 8414. 159 -- 178 . Abhishek Bichhawat, Vineet Rajani, Deepak Garg, and Christian Hammer. 2014. Information flow control in webkit\u2019s JavaScript Bytecode. In POST, Vol. 8414. 159--178.","journal-title":"POST"},{"key":"e_1_2_1_18_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-33167-1_4"},{"key":"e_1_2_1_19_1","volume-title":"Ernst","author":"Burg Brian","year":"2013","unstructured":"Brian Burg , Richard Bailey , Andrew J. Ko , and Michael D . Ernst . 2013 . Interactive record\/replay for web application debugging. In UIST. 473--484. Brian Burg, Richard Bailey, Andrew J. Ko, and Michael D. Ernst. 2013. Interactive record\/replay for web application debugging. In UIST. 473--484."},{"key":"e_1_2_1_20_1","doi-asserted-by":"publisher","DOI":"10.1145\/2807442.2807473"},{"key":"e_1_2_1_21_1","doi-asserted-by":"publisher","DOI":"10.1145\/2591062.2591097"},{"key":"e_1_2_1_22_1","doi-asserted-by":"crossref","unstructured":"Shauvik Roy Choudhary Mukul R. Prasad and Alessandro Orso. 2012. CrossCheck: Combining crawling and differencing to better detect cross-browser incompatibilities in web applications. In ICST. 171--180. Shauvik Roy Choudhary Mukul R. Prasad and Alessandro Orso. 2012. CrossCheck: Combining crawling and differencing to better detect cross-browser incompatibilities in web applications. In ICST. 171--180.","DOI":"10.1109\/ICST.2012.97"},{"key":"e_1_2_1_23_1","doi-asserted-by":"crossref","unstructured":"Shauvik Roy Choudhary Mukul R. Prasad and Alessandro Orso. 2013. X-PERT: Accurate identification of cross-browser issues in web applications. In ICSE. 702--711. Shauvik Roy Choudhary Mukul R. Prasad and Alessandro Orso. 2013. X-PERT: Accurate identification of cross-browser issues in web applications. In ICSE. 702--711.","DOI":"10.1109\/ICSE.2013.6606616"},{"key":"e_1_2_1_24_1","doi-asserted-by":"publisher","DOI":"10.1145\/2610384.2610409"},{"key":"e_1_2_1_25_1","doi-asserted-by":"publisher","DOI":"10.1145\/2610384.2628057"},{"key":"e_1_2_1_26_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICSM.2010.5609728"},{"key":"e_1_2_1_27_1","volume-title":"WEBDIFF: Automated identification of cross-browser issues in web applications. In ICSM. 1--10.","author":"Choudhary Shauvik Roy","year":"2010","unstructured":"Shauvik Roy Choudhary , Husayn Versee , and Alessandro Orso . 2010 b. WEBDIFF: Automated identification of cross-browser issues in web applications. In ICSM. 1--10. Shauvik Roy Choudhary, Husayn Versee, and Alessandro Orso. 2010b. WEBDIFF: Automated identification of cross-browser issues in web applications. In ICSM. 1--10."},{"key":"e_1_2_1_28_1","doi-asserted-by":"publisher","DOI":"10.1109\/SANER.2016.91"},{"key":"e_1_2_1_29_1","doi-asserted-by":"publisher","DOI":"10.1145\/2810103.2813684"},{"key":"e_1_2_1_30_1","doi-asserted-by":"publisher","DOI":"10.1145\/1542476.1542483"},{"key":"e_1_2_1_31_1","doi-asserted-by":"publisher","DOI":"10.1002\/spe.602"},{"key":"e_1_2_1_32_1","first-page":"1","article-title":"Just-in-time value specialization","volume":"29","author":"de Assis Costa Igor Rafael","year":"2013","unstructured":"Igor Rafael de Assis Costa , P\u00e9ricles Rafael Oliveira Alves , Henrique Nazar\u00e9 Santos , and Fernando Magno Quint\u00e3o Pereira . 2013 . Just-in-time value specialization . In CGO. 29 : 1 -- 29 :11. Igor Rafael de Assis Costa, P\u00e9ricles Rafael Oliveira Alves, Henrique Nazar\u00e9 Santos, and Fernando Magno Quint\u00e3o Pereira. 2013. Just-in-time value specialization. In CGO. 29:1--29:11.","journal-title":"CGO."},{"key":"e_1_2_1_33_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2010.15"},{"key":"e_1_2_1_34_1","doi-asserted-by":"publisher","DOI":"10.1109\/ACSAC.2009.43"},{"key":"e_1_2_1_35_1","doi-asserted-by":"publisher","DOI":"10.1145\/2884781.2884859"},{"key":"e_1_2_1_36_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.jss.2014.01.010"},{"key":"e_1_2_1_37_1","volume-title":"ECMAScript Language Specification","author":"International ECMA","year":"2016","unstructured":"ECMA International . 2016. Standard ECMA-262 , ECMAScript Language Specification ( 7 th ed.\/ June 2016 ). ECMA International. 2016. Standard ECMA-262, ECMAScript Language Specification (7th ed.\/June 2016).","edition":"7"},{"key":"e_1_2_1_38_1","first-page":"1","article-title":"The Daikon system for dynamic detection of likely invariants","volume":"69","author":"Ernst Michael D.","year":"2007","unstructured":"Michael D. Ernst , Jeff H. Perkins , Philip J. Guo , Stephen McCamant , Carlos Pacheco , Matthew S. Tschantz , and Chen Xiao . 2007 . The Daikon system for dynamic detection of likely invariants . SCP 69 , 1 - 3 (2007), 35--45. Michael D. Ernst, Jeff H. Perkins, Philip J. Guo, Stephen McCamant, Carlos Pacheco, Matthew S. Tschantz, and Chen Xiao. 2007. The Daikon system for dynamic detection of likely invariants. SCP 69, 1-3 (2007), 35--45.","journal-title":"SCP"},{"key":"e_1_2_1_39_1","volume-title":"JSNOSE: Detecting JavaScript code smells. In SCAM. 116--125.","author":"Fard Amin Milani","year":"2013","unstructured":"Amin Milani Fard and Ali Mesbah . 2013 . JSNOSE: Detecting JavaScript code smells. In SCAM. 116--125. Amin Milani Fard and Ali Mesbah. 2013. JSNOSE: Detecting JavaScript code smells. In SCAM. 116--125."},{"key":"e_1_2_1_40_1","doi-asserted-by":"crossref","unstructured":"Amin Milani Fard Ali Mesbah and Eric Wohlstadter. 2015. Generating fixtures for JavaScript unit testing. In ASE. 190--200. Amin Milani Fard Ali Mesbah and Eric Wohlstadter. 2015. Generating fixtures for JavaScript unit testing. In ASE. 190--200.","DOI":"10.1109\/ASE.2015.26"},{"key":"e_1_2_1_41_1","doi-asserted-by":"crossref","unstructured":"Amin Milani Fard Mehdi MirzaAghaei and Ali Mesbah. 2014. Leveraging existing tests in automated test generation for web applications. In ASE. 67--78. Amin Milani Fard Mehdi MirzaAghaei and Ali Mesbah. 2014. Leveraging existing tests in automated test generation for web applications. In ASE. 67--78.","DOI":"10.1145\/2642937.2642991"},{"key":"e_1_2_1_42_1","doi-asserted-by":"publisher","DOI":"10.1145\/1542476.1542528"},{"key":"e_1_2_1_43_1","doi-asserted-by":"crossref","unstructured":"Keheliya Gallaba Ali Mesbah and Ivan Beschastnikh. 2015. Don\u2019t call us we\u2019ll call you: Characterizing callbacks in JavaScript. In ESEM. 247--256. Keheliya Gallaba Ali Mesbah and Ivan Beschastnikh. 2015. Don\u2019t call us we\u2019ll call you: Characterizing callbacks in JavaScript. In ESEM. 247--256.","DOI":"10.1109\/ESEM.2015.7321196"},{"key":"e_1_2_1_44_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.infsof.2013.02.006"},{"key":"e_1_2_1_45_1","doi-asserted-by":"publisher","DOI":"10.1145\/1065010.1065036"},{"key":"e_1_2_1_46_1","doi-asserted-by":"publisher","DOI":"10.1145\/2786805.2786831"},{"key":"e_1_2_1_47_1","doi-asserted-by":"crossref","unstructured":"Liang Gong Michael Pradel Manu Sridharan and Koushik Sen. 2015b. DLint: Dynamically checking bad coding practices in JavaScript. In ISSTA. 94--105. Liang Gong Michael Pradel Manu Sridharan and Koushik Sen. 2015b. DLint: Dynamically checking bad coding practices in JavaScript. In ISSTA. 94--105.","DOI":"10.1145\/2771783.2771809"},{"key":"e_1_2_1_48_1","doi-asserted-by":"crossref","unstructured":"Mark Grechanik Qing Xie and Chen Fu. 2009. Maintaining and evolving GUI-directed test scripts. In ICSE. 408--418. Mark Grechanik Qing Xie and Chen Fu. 2009. Maintaining and evolving GUI-directed test scripts. In ICSE. 408--418.","DOI":"10.1109\/ICSE.2009.5070540"},{"key":"e_1_2_1_49_1","volume-title":"USENIX Security Symposium. 151--168","author":"Guarnieri Salvatore","unstructured":"Salvatore Guarnieri and V. Benjamin Livshits . 2009. GATEKEEPER: Mostly static enforcement of security and reliability policies for JavaScript code . In USENIX Security Symposium. 151--168 . Salvatore Guarnieri and V. Benjamin Livshits. 2009. GATEKEEPER: Mostly static enforcement of security and reliability policies for JavaScript code. In USENIX Security Symposium. 151--168."},{"key":"e_1_2_1_50_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-19718-5_14"},{"key":"e_1_2_1_51_1","doi-asserted-by":"publisher","DOI":"10.1145\/2254064.2254094"},{"key":"e_1_2_1_52_1","doi-asserted-by":"crossref","unstructured":"Daniel Hedin Arnar Birgisson Luciano Bello and Andrei Sabelfeld. 2014. JSFlow: Tracking information flow in JavaScript and its APIs. In SAC. 1663--1671. Daniel Hedin Arnar Birgisson Luciano Bello and Andrei Sabelfeld. 2014. JSFlow: Tracking information flow in JavaScript and its APIs. In SAC. 1663--1671.","DOI":"10.1145\/2554850.2554909"},{"key":"e_1_2_1_53_1","doi-asserted-by":"publisher","DOI":"10.1109\/CSF.2012.19"},{"key":"e_1_2_1_54_1","doi-asserted-by":"publisher","DOI":"10.5381\/jot.2012.11.1.a6"},{"key":"e_1_2_1_55_1","volume-title":"Unravel: Rapid web application reverse engineering via interaction recording, source tracing, and library detection. In UIST. 270--279.","author":"Hibschman Joshua","year":"2015","unstructured":"Joshua Hibschman and Haoqi Zhang . 2015 . Unravel: Rapid web application reverse engineering via interaction recording, source tracing, and library detection. In UIST. 270--279. Joshua Hibschman and Haoqi Zhang. 2015. Unravel: Rapid web application reverse engineering via interaction recording, source tracing, and library detection. In UIST. 270--279."},{"key":"e_1_2_1_56_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICST.2014.17"},{"key":"e_1_2_1_57_1","unstructured":"James Ide Rastislav Bodik and Doug Kimelman. 2009. Concurrency concerns in rich Internet applications. In ECEC. James Ide Rastislav Bodik and Doug Kimelman. 2009. Concurrency concerns in rich Internet applications. In ECEC."},{"key":"e_1_2_1_58_1","doi-asserted-by":"publisher","DOI":"10.1145\/1866307.1866339"},{"key":"e_1_2_1_59_1","volume-title":"Vechev","author":"Jensen Casper Svenning","year":"2015","unstructured":"Casper Svenning Jensen , Anders M\u00f8ller , Veselin Raychev , Dimitar Dimitrov , and Martin T . Vechev . 2015 a. Stateless model checking of event-driven applications. In OOPSLA. 57--73. Casper Svenning Jensen, Anders M\u00f8ller, Veselin Raychev, Dimitar Dimitrov, and Martin T. Vechev. 2015a. Stateless model checking of event-driven applications. In OOPSLA. 57--73."},{"key":"e_1_2_1_60_1","first-page":"238","article-title":"Type analysis for JavaScript","volume":"5673","author":"Jensen Simon Holm","year":"2009","unstructured":"Simon Holm Jensen , Anders M\u00f8ller , and Peter Thiemann . 2009 . Type analysis for JavaScript . In SAS , Vol. 5673. 238 -- 255 . Simon Holm Jensen, Anders M\u00f8ller, and Peter Thiemann. 2009. Type analysis for JavaScript. In SAS, Vol. 5673. 238--255.","journal-title":"SAS"},{"key":"e_1_2_1_61_1","doi-asserted-by":"crossref","unstructured":"Simon Holm Jensen Manu Sridharan Koushik Sen and Satish Chandra. 2015b. MemInsight: Platform-independent memory debugging for JavaScript. In ESEC\/FSE. 345--356. Simon Holm Jensen Manu Sridharan Koushik Sen and Satish Chandra. 2015b. MemInsight: Platform-independent memory debugging for JavaScript. In ESEC\/FSE. 345--356.","DOI":"10.1145\/2786805.2786860"},{"key":"e_1_2_1_62_1","doi-asserted-by":"crossref","unstructured":"Xing Jin Xuchao Hu Kailiang Ying Wenliang Du Heng Yin and Gautam Nagesh Peri. 2014. Code injection attacks on HTML5-based mobile apps: Characterization detection and mitigation. In CCS. 66--77. Xing Jin Xuchao Hu Kailiang Ying Wenliang Du Heng Yin and Gautam Nagesh Peri. 2014. Code injection attacks on HTML5-based mobile apps: Characterization detection and mitigation. In CCS. 66--77.","DOI":"10.1145\/2660267.2660275"},{"key":"e_1_2_1_63_1","volume-title":"Ernst","author":"Just Ren\u00e9","year":"2014","unstructured":"Ren\u00e9 Just , Darioush Jalali , and Michael D . Ernst . 2014 . Defects4J: A database of existing faults to enable controlled testing studies for Java programs. In ISSTA. 437--440. Ren\u00e9 Just, Darioush Jalali, and Michael D. Ernst. 2014. Defects4J: A database of existing faults to enable controlled testing studies for Java programs. In ISSTA. 437--440."},{"key":"e_1_2_1_64_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-31057-7_16"},{"key":"e_1_2_1_65_1","doi-asserted-by":"crossref","unstructured":"Madhukar N. Kedlaya Behnam Robatmili and Ben Hardekopf. 2015. Server-side type profiling for optimizing client-side JavaScript engines. In DLS. 140--153. Madhukar N. Kedlaya Behnam Robatmili and Ben Hardekopf. 2015. Server-side type profiling for optimizing client-side JavaScript engines. In DLS. 140--153.","DOI":"10.1145\/2936313.2816719"},{"key":"e_1_2_1_66_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-89330-1_23"},{"key":"e_1_2_1_67_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-662-44202-9_22"},{"key":"e_1_2_1_68_1","doi-asserted-by":"crossref","unstructured":"Sungho Lee Julian Dolby and Sukyoung Ryu. 2016. HybriDroid: Static analysis framework for Android hybrid applications. In ASE. 250--261. Sungho Lee Julian Dolby and Sukyoung Ryu. 2016. HybriDroid: Static analysis framework for Android hybrid applications. In ASE. 250--261.","DOI":"10.1145\/2970276.2970368"},{"key":"e_1_2_1_69_1","doi-asserted-by":"crossref","unstructured":"Sebastian Lekies Ben Stock and Martin Johns. 2013. 25 million flows later: Large-scale detection of DOM-based XSS. In CCS. 1193--1204. Sebastian Lekies Ben Stock and Martin Johns. 2013. 25 million flows later: Large-scale detection of DOM-based XSS. In CCS. 1193--1204.","DOI":"10.1145\/2508859.2516703"},{"key":"e_1_2_1_70_1","doi-asserted-by":"publisher","DOI":"10.1109\/ISSREW.2014.17"},{"key":"e_1_2_1_71_1","doi-asserted-by":"crossref","unstructured":"Guodong Li Esben Andreasen and Indradeep Ghosh. 2014a. SymJS: Automatic symbolic testing of JavaScript web applications. In FSE. 449--459. Guodong Li Esben Andreasen and Indradeep Ghosh. 2014a. SymJS: Automatic symbolic testing of JavaScript web applications. In FSE. 449--459.","DOI":"10.1145\/2635868.2635913"},{"key":"e_1_2_1_72_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.is.2014.02.001"},{"key":"e_1_2_1_73_1","doi-asserted-by":"crossref","unstructured":"Magnus Madsen Frank Tip Esben Andreasen Koushik Sen and Anders M\u00f8ller. 2016. Feedback-directed instrumentation for deployed JavaScript applications. In ICSE. 899--910. Magnus Madsen Frank Tip Esben Andreasen Koushik Sen and Anders M\u00f8ller. 2016. Feedback-directed instrumentation for deployed JavaScript applications. In ICSE. 899--910.","DOI":"10.1145\/2884781.2884846"},{"key":"e_1_2_1_74_1","doi-asserted-by":"publisher","DOI":"10.1109\/ASE.2011.6100110"},{"key":"e_1_2_1_75_1","doi-asserted-by":"crossref","unstructured":"Josip Maras Jan Carlson and Ivica Crnkovic. 2012. Extracting client-side web application code. In WWW. 819--828. Josip Maras Jan Carlson and Ivica Crnkovic. 2012. Extracting client-side web application code. In WWW. 819--828.","DOI":"10.1145\/2187836.2187947"},{"key":"e_1_2_1_76_1","doi-asserted-by":"crossref","unstructured":"Nick Matthijssen Andy Zaidman Margaret-Anne D. Storey R. Ian Bull and Arie van Deursen. 2010. Connecting traces: Understanding client-server interactions in ajax applications. In ICPC. 216--225. Nick Matthijssen Andy Zaidman Margaret-Anne D. Storey R. Ian Bull and Arie van Deursen. 2010. Connecting traces: Understanding client-server interactions in ajax applications. In ICPC. 216--225.","DOI":"10.1109\/ICPC.2010.14"},{"key":"e_1_2_1_77_1","doi-asserted-by":"crossref","unstructured":"Fadi Meawad Gregor Richards Flor\u00e9al Morandat and Jan Vitek. 2012. Eval begone&excl;: Semi-automated removal of eval from JavaScript programs. In OOPSLA. 607--620. Fadi Meawad Gregor Richards Flor\u00e9al Morandat and Jan Vitek. 2012. Eval begone&excl;: Semi-automated removal of eval from JavaScript programs. In OOPSLA. 607--620.","DOI":"10.1145\/2398857.2384660"},{"key":"e_1_2_1_78_1","doi-asserted-by":"publisher","DOI":"10.1016\/bs.adcom.2014.12.003"},{"key":"e_1_2_1_79_1","doi-asserted-by":"publisher","DOI":"10.1145\/1985793.1985870"},{"key":"e_1_2_1_80_1","doi-asserted-by":"publisher","DOI":"10.1145\/2109205.2109208"},{"key":"e_1_2_1_81_1","volume-title":"Mugshot: Deterministic capture and replay for JavaScript applications. In NSDI. 159--174.","author":"Mickens James W.","year":"2010","unstructured":"James W. Mickens , Jeremy Elson , and Jon Howell . 2010 . Mugshot: Deterministic capture and replay for JavaScript applications. In NSDI. 159--174. James W. Mickens, Jeremy Elson, and Jon Howell. 2010. Mugshot: Deterministic capture and replay for JavaScript applications. In NSDI. 159--174."},{"key":"e_1_2_1_82_1","volume-title":"Howden","author":"Miller Edward","year":"1981","unstructured":"Edward Miller and William E . Howden . 1981 . Software Testing 8 Validation Techniques. IEEE Computer Society Press . Edward Miller and William E. Howden. 1981. Software Testing 8 Validation Techniques. IEEE Computer Society Press."},{"key":"e_1_2_1_83_1","first-page":"238","article-title":"JSART: JavaScript assertion-based regression testing","volume":"7387","author":"Mirshokraie Shabnam","year":"2012","unstructured":"Shabnam Mirshokraie and Ali Mesbah . 2012 . JSART: JavaScript assertion-based regression testing . In ICWE , Vol. 7387. 238 -- 252 . Shabnam Mirshokraie and Ali Mesbah. 2012. JSART: JavaScript assertion-based regression testing. In ICWE, Vol. 7387. 238--252.","journal-title":"ICWE"},{"key":"e_1_2_1_84_1","volume-title":"PYTHIA: Generating test cases with oracles for JavaScript applications. In ASE. 610--615.","author":"Mirshokraie Shabnam","year":"2013","unstructured":"Shabnam Mirshokraie , Ali Mesbah , and Karthik Pattabiraman . 2013 . PYTHIA: Generating test cases with oracles for JavaScript applications. In ASE. 610--615. Shabnam Mirshokraie, Ali Mesbah, and Karthik Pattabiraman. 2013. PYTHIA: Generating test cases with oracles for JavaScript applications. In ASE. 610--615."},{"key":"e_1_2_1_85_1","volume-title":"JSEFT: Automated JavaScript unit test generation. In ICST. 1--10.","author":"Mirshokraie Shabnam","year":"2015","unstructured":"Shabnam Mirshokraie , Ali Mesbah , and Karthik Pattabiraman . 2015 . JSEFT: Automated JavaScript unit test generation. In ICST. 1--10. Shabnam Mirshokraie, Ali Mesbah, and Karthik Pattabiraman. 2015. JSEFT: Automated JavaScript unit test generation. In ICST. 1--10."},{"key":"e_1_2_1_86_1","doi-asserted-by":"publisher","DOI":"10.1145\/2786805.2786820"},{"key":"e_1_2_1_87_1","doi-asserted-by":"crossref","unstructured":"Alex Nederlof Ali Mesbah and Arie van Deursen. 2014. Software engineering for the web: The state of the practice. In ICSE. 4--13. Alex Nederlof Ali Mesbah and Arie van Deursen. 2014. Software engineering for the web: The state of the practice. In ICSE. 4--13.","DOI":"10.1145\/2591062.2591170"},{"key":"e_1_2_1_88_1","volume-title":"Wouter Joosen, Christopher Kruegel, Frank Piessens, and Giovanni Vigna.","author":"Nikiforakis Nick","year":"2012","unstructured":"Nick Nikiforakis , Luca Invernizzi , Alexandros Kapravelos , Steven Van Acker , Wouter Joosen, Christopher Kruegel, Frank Piessens, and Giovanni Vigna. 2012 . You are what you include: Large-scale evaluation of remote JavaScript inclusions. In CCS. 736--747. Nick Nikiforakis, Luca Invernizzi, Alexandros Kapravelos, Steven Van Acker, Wouter Joosen, Christopher Kruegel, Frank Piessens, and Giovanni Vigna. 2012. You are what you include: Large-scale evaluation of remote JavaScript inclusions. In CCS. 736--747."},{"key":"e_1_2_1_89_1","doi-asserted-by":"publisher","DOI":"10.1109\/ESEM.2013.18"},{"key":"e_1_2_1_90_1","doi-asserted-by":"crossref","unstructured":"Frolin S. Ocariza Jr. Karthik Pattabiraman and Ali Mesbah. 2012. AutoFLox: An automatic fault localizer for client-side JavaScript. In ICST. 31--40. Frolin S. Ocariza Jr. Karthik Pattabiraman and Ali Mesbah. 2012. AutoFLox: An automatic fault localizer for client-side JavaScript. In ICST. 31--40.","DOI":"10.1109\/ICST.2012.83"},{"key":"e_1_2_1_91_1","volume-title":"Vejovis: Suggesting fixes for JavaScript faults. In ICSE. 837--847.","author":"Ocariza Frolin S.","year":"2014","unstructured":"Frolin S. Ocariza Jr ., Karthik Pattabiraman , and Ali Mesbah . 2014 . Vejovis: Suggesting fixes for JavaScript faults. In ICSE. 837--847. Frolin S. Ocariza Jr., Karthik Pattabiraman, and Ali Mesbah. 2014. Vejovis: Suggesting fixes for JavaScript faults. In ICSE. 837--847."},{"key":"e_1_2_1_92_1","volume-title":"Zorn","author":"Ocariza Frolin S.","year":"2011","unstructured":"Frolin S. Ocariza Jr ., Karthik Pattabiraman , and Benjamin G . Zorn . 2011 . JavaScript errors in the wild: An empirical study. In ISSRE. 100--109. Frolin S. Ocariza Jr., Karthik Pattabiraman, and Benjamin G. Zorn. 2011. JavaScript errors in the wild: An empirical study. In ISSRE. 100--109."},{"key":"e_1_2_1_93_1","volume-title":"Myers","author":"Oney Stephen","year":"2009","unstructured":"Stephen Oney and Brad A . Myers . 2009 . FireCrystal: Understanding interactive behaviors in dynamic web pages. In VL\/HCC. 105--108. Stephen Oney and Brad A. Myers. 2009. FireCrystal: Understanding interactive behaviors in dynamic web pages. In VL\/HCC. 105--108."},{"key":"e_1_2_1_94_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICSE.2007.37"},{"key":"e_1_2_1_95_1","doi-asserted-by":"publisher","DOI":"10.1145\/1772954.1772958"},{"key":"e_1_2_1_96_1","doi-asserted-by":"publisher","DOI":"10.1145\/2254064.2254095"},{"key":"e_1_2_1_97_1","doi-asserted-by":"crossref","unstructured":"Michael Pradel Parker Schuh George C. Necula and Koushik Sen. 2014. EventBreak: Analyzing the responsiveness of user interfaces through performance-guided test generation. In OOPSLA. 33--47. Michael Pradel Parker Schuh George C. Necula and Koushik Sen. 2014. EventBreak: Analyzing the responsiveness of user interfaces through performance-guided test generation. In OOPSLA. 33--47.","DOI":"10.1145\/2714064.2660233"},{"key":"e_1_2_1_98_1","doi-asserted-by":"crossref","unstructured":"Michael Pradel Parker Schuh and Koushik Sen. 2015. TypeDevil: Dynamic type inconsistency analysis for JavaScript. In ICSE. 314--324. Michael Pradel Parker Schuh and Koushik Sen. 2015. TypeDevil: Dynamic type inconsistency analysis for JavaScript. In ICSE. 314--324.","DOI":"10.1109\/ICSE.2015.51"},{"key":"e_1_2_1_99_1","first-page":"519","article-title":"The good, the bad, and the ugly: An empirical study of implicit type conversions in JavaScript","volume":"37","author":"Pradel Michael","year":"2015","unstructured":"Michael Pradel and Koushik Sen . 2015 . The good, the bad, and the ugly: An empirical study of implicit type conversions in JavaScript . In ECOOP , Vol. 37. 519 -- 541 . Michael Pradel and Koushik Sen. 2015. The good, the bad, and the ugly: An empirical study of implicit type conversions in JavaScript. In ECOOP, Vol. 37. 519--541.","journal-title":"ECOOP"},{"key":"e_1_2_1_100_1","volume-title":"Zorn","author":"Ratanaworabhan Paruj","year":"2010","unstructured":"Paruj Ratanaworabhan , Benjamin Livshits , and Benjamin G . Zorn . 2010 . JSMeter: Comparing the behavior of JavaScript benchmarks with real web applications. In WebApps . Paruj Ratanaworabhan, Benjamin Livshits, and Benjamin G. Zorn. 2010. JSMeter: Comparing the behavior of JavaScript benchmarks with real web applications. In WebApps."},{"key":"e_1_2_1_101_1","doi-asserted-by":"publisher","DOI":"10.1145\/2509136.2509538"},{"key":"e_1_2_1_102_1","doi-asserted-by":"publisher","DOI":"10.1145\/2048066.2048119"},{"key":"e_1_2_1_103_1","volume-title":"ECOOP","volume":"6813","author":"Richards Gregor","year":"2011","unstructured":"Gregor Richards , Christian Hammer , Brian Burg , and Jan Vitek . 2011 b. The eval that men do - A large-scale study of the use of eval in JavaScript applications . In ECOOP , Vol. 6813 . 52--78. Gregor Richards, Christian Hammer, Brian Burg, and Jan Vitek. 2011b. The eval that men do - A large-scale study of the use of eval in JavaScript applications. In ECOOP, Vol. 6813. 52--78."},{"key":"e_1_2_1_104_1","doi-asserted-by":"publisher","DOI":"10.1145\/1806596.1806598"},{"key":"e_1_2_1_105_1","doi-asserted-by":"crossref","unstructured":"Philippe De Ryck Maarten Decat Lieven Desmet Frank Piessens and Wouter Joosen. 2010. Security of web mashups: A survey. In NordSec. 223--238. Philippe De Ryck Maarten Decat Lieven Desmet Frank Piessens and Wouter Joosen. 2010. Security of web mashups: A survey. In NordSec. 223--238.","DOI":"10.1007\/978-3-642-27937-9_16"},{"key":"e_1_2_1_106_1","doi-asserted-by":"publisher","DOI":"10.1109\/JSAC.2002.806121"},{"key":"e_1_2_1_107_1","volume-title":"Tricorder: Building a program analysis ecosystem. In ICSE. 598--608.","author":"Sadowski Caitlin","year":"2015","unstructured":"Caitlin Sadowski , Jeffrey van Gogh , Ciera Jaspan , Emma S\u00f6derberg , and Collin Winter . 2015 . Tricorder: Building a program analysis ecosystem. In ICSE. 598--608. Caitlin Sadowski, Jeffrey van Gogh, Ciera Jaspan, Emma S\u00f6derberg, and Collin Winter. 2015. Tricorder: Building a program analysis ecosystem. In ICSE. 598--608."},{"key":"e_1_2_1_108_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2010.38"},{"key":"e_1_2_1_109_1","volume-title":"FLAX: Systematic discovery of client-side validation vulnerabilities in rich web applications. In NDSS.","author":"Saxena Prateek","year":"2010","unstructured":"Prateek Saxena , Steve Hanna , Pongsin Poosankam , and Dawn Song . 2010 b. FLAX: Systematic discovery of client-side validation vulnerabilities in rich web applications. In NDSS. Prateek Saxena, Steve Hanna, Pongsin Poosankam, and Dawn Song. 2010b. FLAX: Systematic discovery of client-side validation vulnerabilities in rich web applications. In NDSS."},{"key":"e_1_2_1_110_1","doi-asserted-by":"crossref","unstructured":"Marija Selakovic and Michael Pradel. 2016. Performance issues and optimizations in JavaScript: An empirical study. In ICSE. 61--72. Marija Selakovic and Michael Pradel. 2016. Performance issues and optimizations in JavaScript: An empirical study. In ICSE. 61--72.","DOI":"10.1145\/2884781.2884829"},{"key":"e_1_2_1_111_1","doi-asserted-by":"publisher","DOI":"10.1145\/2491411.2491447"},{"key":"e_1_2_1_112_1","doi-asserted-by":"crossref","unstructured":"Koushik Sen George C. Necula Liang Gong and Wontae Choi. 2015. MultiSE: Multi-path symbolic execution using value summaries. In FSE. 842--853. Koushik Sen George C. Necula Liang Gong and Wontae Choi. 2015. MultiSE: Multi-path symbolic execution using value summaries. In FSE. 842--853.","DOI":"10.1145\/2786805.2786830"},{"key":"e_1_2_1_113_1","doi-asserted-by":"publisher","DOI":"10.1109\/MC.2012.57"},{"key":"e_1_2_1_114_1","unstructured":"Sooel Son and Vitaly Shmatikov. 2013. The postman always rings twice: Attacking and defending postmessage in HTML5 websites. In NDSS. Sooel Son and Vitaly Shmatikov. 2013. The postman always rings twice: Attacking and defending postmessage in HTML5 websites. In NDSS."},{"key":"e_1_2_1_115_1","first-page":"435","article-title":"Correlation tracking for points-to analysis of JavaScript","volume":"7313","author":"Sridharan Manu","year":"2012","unstructured":"Manu Sridharan , Julian Dolby , Satish Chandra , Max Sch\u00e4fer , and Frank Tip . 2012 . Correlation tracking for points-to analysis of JavaScript . In ECOOP , Vol. 7313. 435 -- 458 . Manu Sridharan, Julian Dolby, Satish Chandra, Max Sch\u00e4fer, and Frank Tip. 2012. Correlation tracking for points-to analysis of JavaScript. In ECOOP, Vol. 7313. 435--458.","journal-title":"ECOOP"},{"key":"e_1_2_1_116_1","volume-title":"Optimization coaching for JavaScript (Artifact). DARTS 1, 1","author":"St-Amour Vincent","year":"2015","unstructured":"Vincent St-Amour and Shu-yu Guo. 2015. Optimization coaching for JavaScript (Artifact). DARTS 1, 1 ( 2015 ), 05:1--05:2. Vincent St-Amour and Shu-yu Guo. 2015. Optimization coaching for JavaScript (Artifact). DARTS 1, 1 (2015), 05:1--05:2."},{"key":"e_1_2_1_117_1","unstructured":"Hallvord Reiar Michaelsen Steen. 2009. Websites playing timing roulette. Retrieved from https:\/\/hallvors.wordpress.com\/2009\/03\/07\/websites-pl aying-timing-roulette\/. Hallvord Reiar Michaelsen Steen. 2009. Websites playing timing roulette. Retrieved from https:\/\/hallvors.wordpress.com\/2009\/03\/07\/websites-pl aying-timing-roulette\/."},{"key":"e_1_2_1_118_1","volume-title":"USENIX Security Symposium. 655--670","author":"Stock Ben","year":"2014","unstructured":"Ben Stock , Sebastian Lekies , Tobias Mueller , Patrick Spiegel , and Martin Johns . 2014 . Precise client-side protection against DOM-based cross-site scripting . In USENIX Security Symposium. 655--670 . Ben Stock, Sebastian Lekies, Tobias Mueller, Patrick Spiegel, and Martin Johns. 2014. Precise client-side protection against DOM-based cross-site scripting. In USENIX Security Symposium. 655--670."},{"key":"e_1_2_1_119_1","first-page":"146","article-title":"Automated unit testing of JavaScript code through symbolic executor SymJS","volume":"8","author":"Tanida Hideo","year":"2015","unstructured":"Hideo Tanida , Tadahiro Uehara , Guodong Li , and Indradeep Ghosh . 2015 . Automated unit testing of JavaScript code through symbolic executor SymJS . International Journal on Advances in Software 8 , 1 (2015), 146 -- 155 . Hideo Tanida, Tadahiro Uehara, Guodong Li, and Indradeep Ghosh. 2015. Automated unit testing of JavaScript code through symbolic executor SymJS. International Journal on Advances in Software 8, 1 (2015), 146--155.","journal-title":"International Journal on Advances in Software"},{"key":"e_1_2_1_120_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-31987-0_28"},{"key":"e_1_2_1_121_1","doi-asserted-by":"publisher","DOI":"10.1145\/2610384.2610385"},{"key":"e_1_2_1_122_1","doi-asserted-by":"publisher","DOI":"10.1145\/2483760.2483788"},{"key":"e_1_2_1_123_1","doi-asserted-by":"publisher","DOI":"10.1002\/spe.2334"},{"key":"e_1_2_1_124_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-26529-2_18"},{"key":"e_1_2_1_125_1","doi-asserted-by":"publisher","DOI":"10.1145\/1190216.1190252"},{"key":"e_1_2_1_126_1","doi-asserted-by":"crossref","unstructured":"Chuan Yue and Haining Wang. 2009. Characterizing insecure JavaScript practices on the web. In WWW. 961--970. Chuan Yue and Haining Wang. 2009. Characterizing insecure JavaScript practices on the web. In WWW. 961--970.","DOI":"10.1145\/1526709.1526838"},{"key":"e_1_2_1_127_1","volume-title":"Ernst","author":"Zhang Sai","year":"2013","unstructured":"Sai Zhang , Hao L\u00fc , and Michael D . Ernst . 2013 . Automatically repairing broken workflows for evolving GUI applications. In ISSTA. 45--55. Sai Zhang, Hao L\u00fc, and Michael D. Ernst. 2013. Automatically repairing broken workflows for evolving GUI applications. In ISSTA. 45--55."},{"key":"e_1_2_1_128_1","doi-asserted-by":"crossref","unstructured":"Yunhui Zheng Tao Bao and Xiangyu Zhang. 2011. Statically locating web application bugs caused by asynchronous calls. In WWW. 805--814. Yunhui Zheng Tao Bao and Xiangyu Zhang. 2011. Statically locating web application bugs caused by asynchronous calls. In WWW. 805--814.","DOI":"10.1145\/1963405.1963517"}],"container-title":["ACM Computing Surveys"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3106739","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3106739","content-type":"application\/pdf","content-version":"vor","intended-application":"syndication"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3106739","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,25]],"date-time":"2025-06-25T22:33:07Z","timestamp":1750890787000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3106739"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2017,9,26]]},"references-count":128,"journal-issue":{"issue":"5","published-print":{"date-parts":[[2018,9,30]]}},"alternative-id":["10.1145\/3106739"],"URL":"https:\/\/doi.org\/10.1145\/3106739","relation":{},"ISSN":["0360-0300","1557-7341"],"issn-type":[{"value":"0360-0300","type":"print"},{"value":"1557-7341","type":"electronic"}],"subject":[],"published":{"date-parts":[[2017,9,26]]},"assertion":[{"value":"2016-09-01","order":0,"name":"received","label":"Received","group":{"name":"publication_history","label":"Publication History"}},{"value":"2017-06-01","order":1,"name":"accepted","label":"Accepted","group":{"name":"publication_history","label":"Publication History"}},{"value":"2017-09-26","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}