66:32 E. Andreasen et al.

The large amount of competing approaches surveyed in this article provides an opportunity for
novel benchmarks and tools to create such benchmarks. Currently, many articles are evaluated
with an ad hoc selection of programs and problems, making it difficult to understand the strength
and weaknesses of related approaches. For example, it would be desirable to have a curated collec-
tion of JavaScript correctness bugs, for example, similarly to the Defects4J database for Java (Just
et al. 2014). Furthermore, it is necessary to consider the development of new or the adaptation of
current benchmarks to support new language features and constructs. Many of the ECMAScript 6
and 7 features are already available in browsers; however, to date, we are not aware of official
benchmarks that demonstrate the performance of these features in JavaScript engines.
Is it important to note that are already steps toward reusable research infrastructures and bench-
marks for JavaScript, such as Jalangi (Sen et al. 2013), which is the basis of various dynamic analy-
ses; Crawljax (Mesbah et al. 2012), on which several test generators build; the performance bench-
mark creator JSBench (Richards et al. 2011a); and work by Selakovic and Pradel (2016), which
provides reproducible versions of a large set of real-world performance issues.

11 CONCLUDING REMARKS
This article provides a survey of dynamic analysis and test generation techniques for JavaScript. As
JavaScript was developed in 1995 and has become popular for complex applications only since the
mid-2000s, the field of research is relatively young. Despite its young age, the field has already seen
large amounts of work. By summarizing and comparing existing approaches in a structured way,
we enable interested outsiders to quickly get an overview of the field. We conclude that the current
state of the art successfully addresses the most common software goals—correctness, reliability,
security, privacy, and performance, as well as the meta-goal of developer productivity.
Despite all the advances in analyzing JavaScript programs, various research challenges remain
to be addressed. These include improved support for code refactoring and program repair, analy-
ses targeted at emerging execution platforms and usage scenarios of JavaScript, and combinations
of test generation and dynamic analysis. A particularly important goal for future work should be
to consolidate existing research results into reusable research infrastructures that enable future
research to avoid re-inventing the wheel. Moreover, to bridge the current gap between ideas pre-
sented in research and ideas picked up by industry, future work should strive for analysis tools that
are easily usable by regular developers. Given the continuously increasing popularity of JavaScript,
we expect further progress in dynamic analysis and test generation for JavaScript and hope that
this article helps guiding it in fruitful directions.

REFERENCES
2016. TypeScript Language Specification, Version 1.8. (January 2016).
Hiralal Agrawal and Joseph Robert Horgan. 1990. Dynamic program slicing. In PLDI. 246–256.
Saba Alimadadi, Ali Mesbah, and Karthik Pattabiraman. 2015. Hybrid DOM-sensitive change impact analysis for javascript.
In ECOOP, Vol. 37. 321–345.
Saba Alimadadi, Ali Mesbah, and Karthik Pattabiraman. 2016. Understanding asynchronous interactions in full-stack
JavaScript. In ICSE. 1169–1180.
Saba Alimadadi, Sheldon Sequeira, Ali Mesbah, and Karthik Pattabiraman. 2014. Understanding JavaScript event-based
interactions. In ICSE. 367–377.
Bowen Alpern, Steve Augart, Stephen M. Blackburn, Maria A. Butrico, Anthony Cocchi, Perry Cheng, Julian Dolby, Stephen
J. Fink, David Grove, Michael Hind, Kathryn S. McKinley, Mark F. Mergen, J. Eliot B. Moss, Ton Anh Ngo, Vivek Sarkar,
and Martin Trapp. 2005. The Jikes research virtual machine project: Building an open-source research community. IBM
Syst. J. 44, 2 (2005), 399–418.
Esben Andreasen and Anders Møller. 2014. Determinacy in static analysis for jQuery. In OOPSLA. 17–31.
Silviu Andrica and George Candea. 2011. WaRR: A tool for high-fidelity web application record and replay. In DSN. 403–410.

ACM Computing Surveys, Vol. 50, No. 5, Article 66. Publication date: September 2017.
A Survey of Dynamic Analysis and Test Generation for JavaScript 66:33

Shay Artzi, Julian Dolby, Simon Holm Jensen, Anders Møller, and Frank Tip. 2011. A framework for automated testing of
JavaScript web applications. In ICSE. 571–580.
Thomas H. Austin and Cormac Flanagan. 2010. Permissive dynamic information flow analysis. In PLAS. 3.
Thomas H. Austin and Cormac Flanagan. 2012. Multiple facets for dynamic information flow. In POPL. 165–178.
John Aycock. 2003. A brief history of just-in-time. ACM Comput. Surv. 35, 2 (2003), 97–113.
Nathaniel Ayewah and William Pugh. 2010. The Google findbugs fixit. In ISSTA. 241–252.
Kartik Bajaj, Karthik Pattabiraman, and Ali Mesbah. 2014. Dompletion: DOM-aware JavaScript code completion. In ASE.
43–54.
Zahra Behfarshad and Ali Mesbah. 2013. Hidden-web induced by client-side scripting: An empirical study. In ICWE,
Vol. 7977. 52–67.
Al Bessey, Ken Block, Benjamin Chelf, Andy Chou, Bryan Fulton, Seth Hallem, Charles-Henri Gros, Asya Kamsky, Scott
McPeak, and Dawson R. Engler. 2010. A few billion lines of code later: Using static analysis to find bugs in the real
world. Commun. ACM 53, 2 (2010), 66–75.
Abhishek Bichhawat, Vineet Rajani, Deepak Garg, and Christian Hammer. 2014. Information flow control in webkit’s
JavaScript Bytecode. In POST, Vol. 8414. 159–178.
Arnar Birgisson, Daniel Hedin, and Andrei Sabelfeld. 2012. Boosting the permissiveness of dynamic information-flow track-
ing by testing. In ESORICS, Vol. 7459. 55–72.
Brian Burg, Richard Bailey, Andrew J. Ko, and Michael D. Ernst. 2013. Interactive record/replay for web application debug-
ging. In UIST. 473–484.
Brian Burg, Andrew J. Ko, and Michael D. Ernst. 2015. Explaining visual changes in web interfaces. In UIST. 259–268.
Shauvik Roy Choudhary. 2014. Cross-platform testing and maintenance of web and mobile applications. In ICSE. 642–645.
Shauvik Roy Choudhary, Mukul R. Prasad, and Alessandro Orso. 2012. CrossCheck: Combining crawling and differencing
to better detect cross-browser incompatibilities in web applications. In ICST. 171–180.
Shauvik Roy Choudhary, Mukul R. Prasad, and Alessandro Orso. 2013. X-PERT: Accurate identification of cross-browser
issues in web applications. In ICSE. 702–711.
Shauvik Roy Choudhary, Mukul R. Prasad, and Alessandro Orso. 2014a. Cross-platform feature matching for web applica-
tions. In ISSTA. 82–92.
Shauvik Roy Choudhary, Mukul R. Prasad, and Alessandro Orso. 2014b. X-PERT: A web application testing tool for cross-
browser inconsistency detection. In ISSTA. 417–420.
Shauvik Roy Choudhary, Husayn Versee, and Alessandro Orso. 2010a. A cross-browser web application testing tool. In
ICSM. 1–6.
Shauvik Roy Choudhary, Husayn Versee, and Alessandro Orso. 2010b. WEBDIFF: Automated identification of cross-
browser issues in web applications. In ICSM. 1–10.
Laurent Christophe, Elisa Gonzalez Boix, Wolfgang De Meuter, and Coen De Roover. 2016. Linvail: A general-purpose
platform for shadow execution of JavaScript. In SANER. 260–270.
Andrey Chudnov and David A. Naumann. 2015. Inlined information flow monitoring for JavaScript. In CCS. 629–643.
Ravi Chugh, Jeffrey A. Meister, Ranjit Jhala, and Sorin Lerner. 2009. Staged information flow for JavaScript. In PLDI. 50–62.
Christoph Csallner and Yannis Smaragdakis. 2004. JCrasher: An automatic robustness tester for Java. Softw., Pract. Exp. 34,
11 (2004), 1025–1050.
Igor Rafael de Assis Costa, Péricles Rafael Oliveira Alves, Henrique Nazaré Santos, and Fernando Magno Quintão Pereira.
2013. Just-in-time value specialization. In CGO. 29:1–29:11.
Dominique Devriese and Frank Piessens. 2010. Noninterference through secure multi-execution. In S&P. 109–124.
Mohan Dhawan and Vinod Ganapathy. 2009. Analyzing information flow in JavaScript-based browser extensions. In AC-
SAC. 382–391.
Monika Dhok, Murali Krishna Ramanathan, and Nishant Sinha. 2016. Type-aware concolic testing of JavaScript programs.
In ICSE. 168–179.
Serdar Dogan, Aysu Betin-Can, and Vahid Garousi. 2014. Web application testing: A systematic literature review. J. Syst.
Softw. 91 (2014), 174–201.
ECMA International. 2016. Standard ECMA-262, ECMAScript Language Specification (7th ed./June 2016).
Michael D. Ernst, Jeff H. Perkins, Philip J. Guo, Stephen McCamant, Carlos Pacheco, Matthew S. Tschantz, and Chen Xiao.
2007. The Daikon system for dynamic detection of likely invariants. SCP 69, 1-3 (2007), 35–45.
Amin Milani Fard and Ali Mesbah. 2013. JSNOSE: Detecting JavaScript code smells. In SCAM. 116–125.
Amin Milani Fard, Ali Mesbah, and Eric Wohlstadter. 2015. Generating fixtures for JavaScript unit testing. In ASE. 190–200.
Amin Milani Fard, Mehdi MirzaAghaei, and Ali Mesbah. 2014. Leveraging existing tests in automated test generation for
web applications. In ASE. 67–78.
Andreas Gal, Brendan Eich, Mike Shaver, David Anderson, David Mandelin, Mohammad R. Haghighat, Blake Kaplan,
Graydon Hoare, Boris Zbarsky, Jason Orendorff, Jesse Ruderman, Edwin W. Smith, Rick Reitmaier, Michael Bebenita,

ACM Computing Surveys, Vol. 50, No. 5, Article 66. Publication date: September 2017.
66:34 E. Andreasen et al.

Mason Chang, and Michael Franz. 2009. Trace-based just-in-time type specialization for dynamic languages. In PLDI.
465–478.
Keheliya Gallaba, Ali Mesbah, and Ivan Beschastnikh. 2015. Don’t call us, we’ll call you: Characterizing callbacks in
JavaScript. In ESEM. 247–256.
Vahid Garousi, Ali Mesbah, Aysu Betin-Can, and Shabnam Mirshokraie. 2013. A systematic mapping study of web appli-
cation testing. Inf. Softw. Technol. 55, 8 (2013), 1374–1396.
Patrice Godefroid, Nils Klarlund, and Koushik Sen. 2005. DART: Directed automated random testing. In PLDI. 213–223.
Liang Gong, Michael Pradel, and Koushik Sen. 2015a. JITProf: Pinpointing JIT-unfriendly JavaScript code. In ESEC/FSE.
357–368.
Liang Gong, Michael Pradel, Manu Sridharan, and Koushik Sen. 2015b. DLint: Dynamically checking bad coding practices
in JavaScript. In ISSTA. 94–105.
Mark Grechanik, Qing Xie, and Chen Fu. 2009. Maintaining and evolving GUI-directed test scripts. In ICSE. 408–418.
Salvatore Guarnieri and V. Benjamin Livshits. 2009. GATEKEEPER: Mostly static enforcement of security and reliability
policies for JavaScript code. In USENIX Security Symposium. 151–168.
Arjun Guha, Claudiu Saftoiu, and Shriram Krishnamurthi. 2011. Typing local control and state using flow analysis. In ESOP,
Vol. 6602. 256–275.
Brian Hackett and Shu-yu Guo. 2012. Fast and precise hybrid type inference for JavaScript. In PLDI. 239–250.
Daniel Hedin, Arnar Birgisson, Luciano Bello, and Andrei Sabelfeld. 2014. JSFlow: Tracking information flow in JavaScript
and its APIs. In SAC. 1663–1671.
Daniel Hedin and Andrei Sabelfeld. 2012. Information-flow security for a core of JavaScript. In CSF. 3–18.
Phillip Heidegger and Peter Thiemann. 2012. JSConTest: Contract-driven testing and path effect inference for JavaScript.
J. Obj. Technol. 11, 1 (2012), 1–29.
Joshua Hibschman and Haoqi Zhang. 2015. Unravel: Rapid web application reverse engineering via interaction recording,
source tracing, and library detection. In UIST. 270–279.
Shin Hong, Yongbae Park, and Moonzoo Kim. 2014. Detecting concurrency errors in client-side java script web applications.
In ICST. 61–70.
James Ide, Rastislav Bodik, and Doug Kimelman. 2009. Concurrency concerns in rich Internet applications. In ECEC.
Dongseok Jang, Ranjit Jhala, Sorin Lerner, and Hovav Shacham. 2010. An empirical study of privacy-violating information
flows in JavaScript web applications. In CCS. 270–283.
Casper Svenning Jensen, Anders Møller, Veselin Raychev, Dimitar Dimitrov, and Martin T. Vechev. 2015a. Stateless model
checking of event-driven applications. In OOPSLA. 57–73.
Simon Holm Jensen, Anders Møller, and Peter Thiemann. 2009. Type analysis for JavaScript. In SAS, Vol. 5673. 238–255.
Simon Holm Jensen, Manu Sridharan, Koushik Sen, and Satish Chandra. 2015b. MemInsight: Platform-independent memory
debugging for JavaScript. In ESEC/FSE. 345–356.
Xing Jin, Xuchao Hu, Kailiang Ying, Wenliang Du, Heng Yin, and Gautam Nagesh Peri. 2014. Code injection attacks on
HTML5-based mobile apps: Characterization, detection and mitigation. In CCS. 66–77.
René Just, Darioush Jalali, and Michael D. Ernst. 2014. Defects4J: A database of existing faults to enable controlled testing
studies for Java programs. In ISSTA. 437–440.
Rezwana Karim, Mohan Dhawan, Vinod Ganapathy, and Chung-chieh Shan. 2012. An analysis of the mozilla jetpack ex-
tension framework. In ECOOP, Vol. 7313. 333–355.
Madhukar N. Kedlaya, Behnam Robatmili, and Ben Hardekopf. 2015. Server-side type profiling for optimizing client-side
JavaScript engines. In DLS. 140–153.
Haruka Kikuchi, Dachuan Yu, Ajay Chander, Hiroshi Inamura, and Igor Serikov. 2008. JavaScript instrumentation in prac-
tice. In APLAS. 326–341.
Erick Lavoie, Bruno Dufour, and Marc Feeley. 2014. Portable and efficient run-time monitoring of JavaScript applications
using virtual machine layering. In ECOOP, Vol. 8586. 541–566.
Sungho Lee, Julian Dolby, and Sukyoung Ryu. 2016. HybriDroid: Static analysis framework for Android hybrid applications.
In ASE. 250–261.
Sebastian Lekies, Ben Stock, and Martin Johns. 2013. 25 million flows later: Large-scale detection of DOM-based XSS. In
CCS. 1193–1204.
Maurizio Leotta, Andrea Stocco, Filippo Ricca, and Paolo Tonella. 2014. Reducing web test cases aging by means of robust
XPath locators. In ISSRE. 449–454.
Guodong Li, Esben Andreasen, and Indradeep Ghosh. 2014a. SymJS: Automatic symbolic testing of JavaScript web appli-
cations. In FSE. 449–459.
Yuan-Fang Li, Paramjit K. Das, and David L. Dowe. 2014b. Two decades of Web application testing - A survey of recent
advances. Inf. Syst. 43 (2014), 20–54.

ACM Computing Surveys, Vol. 50, No. 5, Article 66. Publication date: September 2017.
A Survey of Dynamic Analysis and Test Generation for JavaScript 66:35

Magnus Madsen, Frank Tip, Esben Andreasen, Koushik Sen, and Anders Møller. 2016. Feedback-directed instrumentation
for deployed JavaScript applications. In ICSE. 899–910.
Josip Maras, Jan Carlson, and Ivica Crnkovic. 2011. Client-side web application slicing. In ASE. 504–507.
Josip Maras, Jan Carlson, and Ivica Crnkovic. 2012. Extracting client-side web application code. In WWW. 819–828.
Nick Matthijssen, Andy Zaidman, Margaret-Anne D. Storey, R. Ian Bull, and Arie van Deursen. 2010. Connecting traces:
Understanding client-server interactions in ajax applications. In ICPC. 216–225.
Fadi Meawad, Gregor Richards, Floréal Morandat, and Jan Vitek. 2012. Eval begone!: Semi-automated removal of eval from
JavaScript programs. In OOPSLA. 607–620.
Ali Mesbah. 2015. Advances in testing JavaScript-based web applications. Adv. Comput. 97 (2015), 201–235.
Ali Mesbah and Mukul R. Prasad. 2011. Automated cross-browser compatibility testing. In ICSE. 561–570.
Ali Mesbah, Arie van Deursen, and Stefan Lenselink. 2012. Crawling ajax-based web applications through dynamic analysis
of user interface state changes. Trans. Web 6, 1 (2012), 3.
James W. Mickens, Jeremy Elson, and Jon Howell. 2010. Mugshot: Deterministic capture and replay for JavaScript applica-
tions. In NSDI. 159–174.
Edward Miller and William E. Howden. 1981. Software Testing & Validation Techniques. IEEE Computer Society Press.
Shabnam Mirshokraie and Ali Mesbah. 2012. JSART: JavaScript assertion-based regression testing. In ICWE, Vol. 7387.
238–252.
Shabnam Mirshokraie, Ali Mesbah, and Karthik Pattabiraman. 2013. PYTHIA: Generating test cases with oracles for
JavaScript applications. In ASE. 610–615.
Shabnam Mirshokraie, Ali Mesbah, and Karthik Pattabiraman. 2015. JSEFT: Automated JavaScript unit test generation. In
ICST. 1–10.
Erdal Mutlu, Serdar Tasiran, and Benjamin Livshits. 2015. Detecting JavaScript races that matter. In ESEC/FSE. 381–392.
Alex Nederlof, Ali Mesbah, and Arie van Deursen. 2014. Software engineering for the web: The state of the practice. In
ICSE. 4–13.
Nick Nikiforakis, Luca Invernizzi, Alexandros Kapravelos, Steven Van Acker, Wouter Joosen, Christopher Kruegel, Frank
Piessens, and Giovanni Vigna. 2012. You are what you include: Large-scale evaluation of remote JavaScript inclusions.
In CCS. 736–747.
Frolin S. Ocariza Jr., Kartik Bajaj, Karthik Pattabiraman, and Ali Mesbah. 2013. An empirical study of client-side JavaScript
bugs. In ESEM. 55–64.
Frolin S. Ocariza Jr., Karthik Pattabiraman, and Ali Mesbah. 2012. AutoFLox: An automatic fault localizer for client-side
JavaScript. In ICST. 31–40.
Frolin S. Ocariza Jr., Karthik Pattabiraman, and Ali Mesbah. 2014. Vejovis: Suggesting fixes for JavaScript faults. In ICSE.
837–847.
Frolin S. Ocariza Jr., Karthik Pattabiraman, and Benjamin G. Zorn. 2011. JavaScript errors in the wild: An empirical study.
In ISSRE. 100–109.
Stephen Oney and Brad A. Myers. 2009. FireCrystal: Understanding interactive behaviors in dynamic web pages. In VL/HCC.
105–108.
Carlos Pacheco, Shuvendu K. Lahiri, Michael D. Ernst, and Thomas Ball. 2007. Feedback-directed random test generation.
In ICSE. 75–84.
Harish Patil, Cristiano Pereira, Mack Stallcup, Gregory Lueck, and James Cownie. 2010. PinPlay: A framework for deter-
ministic replay and reproducible analysis of parallel programs. In CGO. 2–11.
Boris Petrov, Martin T. Vechev, Manu Sridharan, and Julian Dolby. 2012. Race detection for web applications. In PLDI.
251–262.
Michael Pradel, Parker Schuh, George C. Necula, and Koushik Sen. 2014. EventBreak: Analyzing the responsiveness of user
interfaces through performance-guided test generation. In OOPSLA. 33–47.
Michael Pradel, Parker Schuh, and Koushik Sen. 2015. TypeDevil: Dynamic type inconsistency analysis for JavaScript. In
ICSE. 314–324.
Michael Pradel and Koushik Sen. 2015. The good, the bad, and the ugly: An empirical study of implicit type conversions in
JavaScript. In ECOOP, Vol. 37. 519–541.
Paruj Ratanaworabhan, Benjamin Livshits, and Benjamin G. Zorn. 2010. JSMeter: Comparing the behavior of JavaScript
benchmarks with real web applications. In WebApps.
Veselin Raychev, Martin T. Vechev, and Manu Sridharan. 2013. Effective race detection for event-driven programs. In OOP-
SLA. 151–166.
Gregor Richards, Andreas Gal, Brendan Eich, and Jan Vitek. 2011a. Automated construction of JavaScript benchmarks. In
OOPSLA. 677–694.
Gregor Richards, Christian Hammer, Brian Burg, and Jan Vitek. 2011b. The eval that men do - A large-scale study of the
use of eval in JavaScript applications. In ECOOP, Vol. 6813. 52–78.

ACM Computing Surveys, Vol. 50, No. 5, Article 66. Publication date: September 2017.
66:36 E. Andreasen et al.

Gregor Richards, Sylvain Lebresne, Brian Burg, and Jan Vitek. 2010. An analysis of the dynamic behavior of JavaScript
programs. In PLDI. 1–12.
Philippe De Ryck, Maarten Decat, Lieven Desmet, Frank Piessens, and Wouter Joosen. 2010. Security of web mashups: A
survey. In NordSec. 223–238.
Andrei Sabelfeld and Andrew C. Myers. 2003. Language-based information-flow security. IEEE J. Select.Areas Commun. 21,
1 (2003), 5–19.
Caitlin Sadowski, Jeffrey van Gogh, Ciera Jaspan, Emma Söderberg, and Collin Winter. 2015. Tricorder: Building a program
analysis ecosystem. In ICSE. 598–608.
Prateek Saxena, Devdatta Akhawe, Steve Hanna, Feng Mao, Stephen McCamant, and Dawn Song. 2010a. A symbolic exe-
cution framework for JavaScript. In S&P. 513–528.
Prateek Saxena, Steve Hanna, Pongsin Poosankam, and Dawn Song. 2010b. FLAX: Systematic discovery of client-side
validation vulnerabilities in rich web applications. In NDSS.
Marija Selakovic and Michael Pradel. 2016. Performance issues and optimizations in JavaScript: An empirical study. In
ICSE. 61–72.
Koushik Sen, Swaroop Kalasapur, Tasneem G. Brutch, and Simon Gibbs. 2013. Jalangi: A selective record-replay and dy-
namic analysis framework for JavaScript. In ESEC/FSE. 488–498.
Koushik Sen, George C. Necula, Liang Gong, and Wontae Choi. 2015. MultiSE: Multi-path symbolic execution using value
summaries. In FSE. 842–853.
Charles R. Severance. 2012. JavaScript: Designing a language in 10 days. IEEE Comput. 45, 2 (2012), 7–8.
Sooel Son and Vitaly Shmatikov. 2013. The postman always rings twice: Attacking and defending postmessage in HTML5
websites. In NDSS.
Manu Sridharan, Julian Dolby, Satish Chandra, Max Schäfer, and Frank Tip. 2012. Correlation tracking for points-to analysis
of JavaScript. In ECOOP, Vol. 7313. 435–458.
Vincent St-Amour and Shu-yu Guo. 2015. Optimization coaching for JavaScript (Artifact). DARTS 1, 1 (2015), 05:1–05:2.
Hallvord Reiar Michaelsen Steen. 2009. Websites playing timing roulette. Retrieved from https://hallvors.wordpress.com/
2009/03/07/websites-pl aying-timing-roulette/.
Ben Stock, Sebastian Lekies, Tobias Mueller, Patrick Spiegel, and Martin Johns. 2014. Precise client-side protection against
DOM-based cross-site scripting. In USENIX Security Symposium. 655–670.
Hideo Tanida, Tadahiro Uehara, Guodong Li, and Indradeep Ghosh. 2015. Automated unit testing of JavaScript code through
symbolic executor SymJS. International Journal on Advances in Software 8, 1 (2015), 146–155.
Peter Thiemann. 2005. Towards a type system for analyzing JavaScript programs. In ESOP, Vol. 3444. 408–422.
Omer Tripp, Pietro Ferrara, and Marco Pistoia. 2014. Hybrid security analysis of web JavaScript code via dynamic partial
evaluation. In ISSTA. 49–59.
Shiyi Wei and Barbara G. Ryder. 2013. Practical blended taint analysis for JavaScript. In ISSTA. 336–346.
Shiyi Wei, Franceska Xhakaj, and Barbara G. Ryder. 2016. Empirical study of the dynamic behavior of JavaScript objects.
Softw. Pract. Exper. 46, 7 (2016), 867–889.
Xiao Xiao, Shi Han, Charles Zhang, and Dongmei Zhang. 2015. Uncovering JavaScript performance code smells relevant
to type mutations. In APLAS, Vol. 9458. 335–355.
Dachuan Yu, Ajay Chander, Nayeem Islam, and Igor Serikov. 2007. JavaScript instrumentation for browser security. In
POPL. 237–249.
Chuan Yue and Haining Wang. 2009. Characterizing insecure JavaScript practices on the web. In WWW. 961–970.
Sai Zhang, Hao Lü, and Michael D. Ernst. 2013. Automatically repairing broken workflows for evolving GUI applications.
In ISSTA. 45–55.
Yunhui Zheng, Tao Bao, and Xiangyu Zhang. 2011. Statically locating web application bugs caused by asynchronous calls.
In WWW. 805–814.

Received September 2016; revised June 2017; accepted June 2017

ACM Computing Surveys, Vol. 50, No. 5, Article 66. Publication date: September 2017.