Learning how to listen: Automatically finding bug patterns in event-driven JavaScript APIs

TL;DR

This paper presents a learning-based method to detect bug patterns in event-driven JavaScript APIs by mining large code corpora and applying statistical models, effectively identifying anomalous event listener usage.

Contribution

It introduces a novel approach combining static analysis and statistical modeling to detect incorrect event API usage patterns in JavaScript code at scale.

Findings

Detected 75 anomalous patterns with 90.9% precision

Achieved 7.5% recall on validation set

Reported 30 issues in open-source projects, 7 confirmed bugs

Abstract

Event-driven programming is widely practiced in the JavaScript community, both on the client side to handle UI events and AJAX requests, and on the server side to accommodate long-running operations such as file or network I/O. Many popular event-based APIs allow event names to be specified as free-form strings without any validation, potentially leading to lost events for which no listener has been registered and dead listeners for events that are never emitted. In previous work, Madsen et al. presented a precise static analysis for detecting such problems, but their analysis does not scale because it may require a number of contexts that is exponential in the size of the program. Concentrating on the problem of detecting dead listeners, we present an approach to learn how to correctly use event-based APIs by first mining a large corpus of JavaScript code using a simple static analysis to identify code snippets that register an event listener, and then applying statistical modeling to identify anomalous patterns, which often indicate incorrect API usage. From a large-scale evaluation on 127,531 open-source JavaScript code bases, our technique was able to detect 75 anomalous listener-registration patterns, while maintaining a precision of 90.9% and recall of 7.5% over our validation set, demonstrating that a learning-based approach to detecting event-handling bugs is feasible. In an additional experiment, we investigated instances of these patterns in 25 open-source projects, and reported 30 issues to the project maintainers, of which 7 have been confirmed as bugs.