Research interests: Web-based software analysis, testing, and maintenance; Database/data mining (information retrieval, privacy preserving data publishing, social network analysis)

My Google Scholar profile


Selected publications

  • A. Milani Fard, A. Mesbah, JavaScript: The (Un)covered Parts, 10th IEEE International Conference on Software Testing, Verification and Validation (ICST), 2017. [Abstract] [BibTeX] * Nominated for the Best Paper Award
  • Abstract: Testing JavaScript code is important. JavaScript has grown to be among the most popular programming languages and it is extensively used to create web applications both on the client and server. We present the first empirical study of JavaScript tests to characterize their prevalence, quality metrics (e.g. code coverage), and shortcomings. We perform our study across a representative corpus of 373 JavaScript projects, with over 5.4 million lines of JavaScript code. Our results show that 22% of the studied subjects do not have test code. About 40% of projects with JavaScript at client-side do not have a test, while this is only about 3% for the purely server-side JavaScript projects. Also tests for server-side code have high quality (in terms of code coverage, test code ratio, test commit ratio, and average number of assertions per test), while tests for client-side code have moderate to low quality. In general, tests written in Mocha, Tape, Tap, and Nodeunit frameworks have high quality and those written without using any framework have low quality. We scrutinize the (un)covered parts of the code under test to find out root causes for the uncovered code. Our results show that JavaScript tests lack proper coverage for event-dependent callbacks (36%), asynchronous callbacks (53%), and DOM-related code (63%). We believe that it is worthwhile for the developer and research community to focus on testing techniques and tools to achieve better coverage for difficult to cover JavaScript code.
    @inproceedings{amin:icst17,
    author = {Milani Fard, Amin and Mesbah, Ali},
    title = {JavaScript: The (Un)covered Parts},
    booktitle = {Proceedings of the IEEE International Conference on Software Testing, Verification and Validation (ICST)},
    publisher = {IEEE},
    pages = {11 pages},
    year = {2017}
    }

  • A. Milani Fard, Directed Test Generation and Analysis for Web Applications, Ph.D. Thesis, University of British Columbia (UBC), January 2017. [Abstract] [BibTeX]
  • Abstract: The advent of web technologies has led to the proliferation of modern web applications with enhanced user interaction and client-side execution. JavaScript (the most widely used programming language) is extensively used to build responsive modern web applications. The event-driven and dynamic nature of JavaScript, and its interaction with the Document Object Model (DOM), make it challenging to understand and test effectively. The ultimate goal of this thesis is to improve the quality of web applications through automated testing and maintenance. The work presented in this dissertation has focused on advancing the state-of-the-art in testing and maintaining web applications by proposing a new set of techniques and tools. We proposed (1) a feedback-directed exploration technique and a tool to cover a subset of the state-space of a given web application; the exploration is guided towards achieving higher functionality, navigational, and page structural coverage while reducing the test model size, (2) a technique and a tool to generate UI tests using existing tests; it mines the existing test suite to infer a model of the covered DOM states and event-based transitions including input values and assertions; it then expands the inferred model by exploring alternative paths and generates assertions for the new states; finally it generates a new test suite from the extended model, (3) the first empirical study on JavaScript tests to characterize their prevalence and quality metrics, and to find out root causes for the uncovered (missed) parts of the code under test, (4) a DOM-based JavaScript test fixture generation technique and a tool, which is based on dynamic symbolic execution; it guides the executing through different branches of a function by producing expected DOM instances, (5) a technique and a tool to detect JavaScript code smells using static and dynamic analysis. We evaluated the presented techniques by conducting various empirical studies and comparisons. The evaluation results point to the effectiveness of the proposed techniques in terms of fault detection capability and code coverage for test generation, and in terms of accuracy for code smell detection.
    @phdthesis{amin:thesis2017,
    author = {Milani Fard, Amin},
    title = {Directed test generation and analysis for web applications},
    series={Electronic Theses and Dissertations (ETDs) 2008+},
    url={https://open.library.ubc.ca/cIRcle/collections/24/items/1.0340953},
    DOI={http://dx.doi.org/10.14288/1.0340953},
    school={University of British Columbia},
    year={2017},
    month={Jan},
    collection={Electronic Theses and Dissertations (ETDs) 2008+}
    }

  • A. Milani Fard, A. Mesbah, E. Wohlstadter, Generating Fixtures for JavaScript Unit Testing, 30th IEEE/ACM International Conference on Automated Software Engineering (ASE), 2015. [Abstract] [BibTeX]
  • Abstract: In today's web applications, JavaScript code interacts with the Document Object Model (DOM) at runtime. This runtime interaction between JavaScript and the DOM is error-prone and challenging to test. In order to unit test a JavaScript function that has read/write DOM operations, a DOM instance has to be provided as a test fixture. This DOM fixture needs to be in the exact structure expected by the function under test. Otherwise, the test case can terminate prematurely due to a null exception. Generating these fixtures is challenging due to the dynamic nature of JavaScript and the hierarchical structure of the DOM. We present an automated technique, based on concolic execution, which generates test fixtures for unit testing JavaScript functions. Our approach is implemented in a tool called ConFix. Our empirical evaluation shows that ConFix can effectively generate tests that cover DOM-dependent paths. We also find that ConFix yields considerably higher coverage compared to an existing JavaScript input generation technique.
    @inproceedings{amin:ase15,
    author = {Milani Fard, Amin and Mesbah, Ali and Wohlstadter, Eric},
    title = {Generating Fixtures for JavaScript Unit Testing},
    booktitle = {Proceedings of the IEEE/ACM International Conference on Automated Software Engineering (ASE)},
    publisher = {ACM},
    pages = {190--200},
    year = {2015}
    }

  • A. Vahabzadeh, A. Milani Fard, A. Mesbah, An Empirical Study of Bugs in Test Code, 31st IEEE International Conference on Software Maintenance and Evolution (ICSME), 2015. [Abstract] [BibTeX]
  • Abstract: Testing aims at detecting (regression) bugs in production code. However, testing code is just as likely to contain bugs as the code it tests. Buggy test cases can silently miss bugs in the production code or loudly ring false alarms when the production code is correct. We present the first empirical study of bugs in test code to characterize their prevalence and root cause categories. We mine the bug repositories and version control systems of 211 Apache Software Foundation (ASF) projects and find 5,556 test-related bug reports. We (1) compare properties of test bugs with production bugs, such as active time and fixing effort needed, (2) qualitatively study 443 randomly sampled test bug reports in detail and categorize them based on their impact and root causes, (3) run FindBugs on the test code of the latest version of the projects to discover potential (undiscovered) bugs. Our results show that (1) around half of all the projects had bugs in their test code; (2) the majority of test bugs are false alarms, i.e., test fails while the production code is correct, while a minority of these bugs result in silent horrors, i.e., test passes while the production code is incorrect; (3) incorrect and missing assertions are the dominant root cause of silent horror bugs; (4) semantic (25%), flaky (21%), environment-related (18%) bugs are the dominant root cause categories of false alarms; (5) the majority of false alarm bugs happen in the exercise portion of the tests, and (6) developers contribute more actively to fixing test bugs and test bugs are fixed sooner compared to production bugs.
    @inproceedings{arash:icsme15,
    author = {Vahabzadeh, Arash and Milani Fard, Amin and Mesbah, Ali},
    title = {An Empirical Study of Bugs in Test Code},
    booktitle = {Proceedings of the International Conference on Software Maintenance and Evolution (ICSME)},
    publisher = {IEEE Computer Society},
    pages = {101--110},
    year = {2015}
    }

  • A. Milani Fard, M. Mirzaaghaei, A. Mesbah, Leveraging Existing Tests in Automated Test Generation for Web Applications, 29th IEEE/ACM International Conference on Automated Software Engineering (ASE), 2014. [Abstract] [BibTeX]
  • Abstract: To test web applications, developers currently write test cases in frameworks such as Selenium. On the other hand, most web test generation techniques rely on a crawler to explore the dynamic states of the application. The first approach requires much manual effort, but benefits from the domain knowledge of the developer writing the test cases. The second one is automated and systematic, but lacks the domain knowledge required to be as effective. We believe combining the two can be advantageous. In this paper, we propose to (1) mine the human knowledge present in the form of input values, event sequences, and assertions, in the human-written test suites, (2) combine that inferred knowledge with the power of automated crawling, and (3) extend the test suite for uncovered/unchecked portions of the web application under test. Our approach is implemented in a tool called Testilizer. An evaluation of our approach indicates that Testilizer (1) outperforms a random test generator, and (2) on average, can generate test suites with improvements of up to 150 percent in fault detection rate and up to 30 precent in code coverage, compared to the original test suite.
    @inproceedings{amin:ase14,
    author = {Milani Fard, Amin and Mirzaaghaei, Mehdi and Mesbah, Ali},
    title = {Leveraging Existing Tests in Automated Test Generation for Web Applications},
    booktitle = {Proceedings of the IEEE/ACM International Conference on Automated Software Engineering (ASE)},
    publisher = {ACM},
    pages = {67--78},
    year = {2014}
    }

  • A. Milani Fard, A. Mesbah, Feedback-Directed Exploration of Web Applications to Derive Test Models, 24th IEEE International Symposium on Software Reliability Engineering (ISSRE), 2013. [Abstract] [BibTeX]
  • Abstract: Dynamic exploration techniques play a significant role in automated web application testing and analysis. However, a general web application crawler that exhaustively explores the states can become mired in limited specific regions of the web application, yielding poor functionality coverage. In this paper, we propose a feedback-directed web application exploration technique to derive test models. While exploring, our approach dynamically measures and applies a combination of code coverage impact, navigational diversity, and structural diversity, to decide a-priori (1) which state should be expanded, and (2) which event should be exercised next to maximize the overall coverage, while minimizing the size of the test model. Our approach is implemented in a tool called FeedEx. We have empirically evaluated the efficacy of FeedEx using six web applications. The results show that our technique is successful in yielding higher coverage while reducing the size of the test model, compared to classical exhaustive techniques such as depth-first, breadth-first, and random exploration.
    @inproceedings{amin:issre13,
    author = {Milani Fard, Amin and Mesbah, Ali},
    title = {Feedback-directed Exploration of Web Applications to Derive Test Models},
    booktitle = {Proceedings of the International Symposium on Software Reliability Engineering (ISSRE)},
    publisher = {IEEE Computer Society},
    pages = {278--287},
    year = {2013}
    }

  • A. Milani Fard, A. Mesbah, JSNose: Detecting JavaScript Code Smells, 13th IEEE International Conference on Source Code Analysis and Manipulation (SCAM), 2013. [Abstract] [BibTeX]
  • Abstract: JavaScript is a powerful and flexible prototype-based scripting language that is increasingly used by developers to create interactive web applications. The language is interpreted, dynamic, weakly-typed, and has first-class functions. In addition, it interacts with other web languages such as CSS and HTML at runtime. All these characteristics make JavaScript code particularly error-prone and challenging to write and maintain. Code smells are patterns in the source code that can adversely influence program comprehension and maintainability of the program in the long term. We propose a set of 13 JavaScript code smells, collected from various developer resources. We present a JavaScript code smell detection technique called JSNose. Our metric-based approach combines static and dynamic analysis to detect smells in client-side code. This automated technique can help developers to spot code that could benefit from refactoring. We evaluate the smell finding capabilities of our technique through an empirical study. By analyzing 11 web applications, we investigate which smells detected by JSNose are more prevalent.
    @inproceedings{amin:scam13,
    author = {Milani Fard, Amin and Mesbah, Ali},
    title = {{JSNose}: Detecting {JavaScript} Code Smells},
    booktitle = {Proceedings of the International Conference on Source Code Analysis and Manipulation (SCAM)},
    publisher = {IEEE Computer Society},
    pages = {116--125},
    year = {2013}
    }

  • A. Milani Fard, K. Wang, Neighborhood Randomization for Link Privacy in Social Network Analysis, The World Wide Web (WWW) Journal, Springer US, 2013. [Abstract] [BibTeX]
  • Abstract: Social network analysis has many important applications but it depends on sharing and publishing the underlying graph. Link privacy requires limiting the ability of an adversary to infer the presence of a sensitive link between two individuals in the published social network graph. A standard technique for achieving link privacy is to probabilistically randomize a link over the space for node pairs. A major drawback of such graph-wise randomization is that it ignores the structural proximity of nodes, thus, alters considerably the structure of social networks and distorts the accuracy of social network analysis. To address this problem, we propose a structure-aware randomization scheme, called neighborhood randomization. This scheme models a social network as a directed graph and probabilistically randomizes the destination of a link within a local neighborhood. By confining the randomization to a local neighborhood, this scheme drastically reduces the distortion to the graph structure yet hides a sensitive link. The trade-off between privacy and utility is dictated by the retention probability of a destination and by the size of the randomization neighborhood. We conduct extensive experiments to evaluate this trade-off using real life social network data.
    @article{amin:www13,
    title={Neighborhood randomization for link privacy in social network analysis},
    author={Milani Fard, Amin and Wang, Ke},
    journal={World Wide Web},
    volume={18},
    number={1},
    pages={9--32},
    year={2015},
    publisher={Springer US}
    }

  • A. Milani Fard, K. Wang, P. S. Yu, Limiting Link Disclosure in Social Network Analysis through Subgraph-Wise Perturbation, 15th International Conference on Extending Database Technology (EDBT), 2012. [Abstract] [BibTeX]
  • Abstract: Link disclosure between two individuals in a social network could be a privacy breach. To limit link disclosure, previous works modeled a social network as an undirected graph and randomized a link over the entire domain of links, which leads to considerable structural distortion to the graph. In this work, we address this issue in two steps. First, we model a social network as a directed graph and randomize the destination of a link while keeping the source of a link intact. The randomization ensures that, if the prior belief about the destination of a link is bounded by some threshold, the posterior belief, given the published graph, is no more than another threshold. Then, we further reduce structural distortion by a subgraph-wise perturbation in which the given graph is partitioned into several subgraphs and randomization of destination nodes is performed within each subgraph. The benefit of subgraph-wise perturbation is that it retains a destination node with a higher retention probability and replaces a destination node with a node from a local neighborhood. We study the trade-off of utility and privacy of subgraph-wise perturbation.
    @inproceedings{amin:edbt12,
    author = {Milani Fard, Amin and Wang, Ke and Yu, Philip S.},
    title = {Limiting Link Disclosure in Social Network Analysis Through Subgraph-wise Perturbation},
    booktitle = {Proceedings of the International Conference on Extending Database Technology (EDBT)},
    year = {2012},
    pages = {109--119},
    publisher = {ACM}
    }

  • A. Milani Fard, Privacy Preserving Web Query Log Publishing: A Survey on Anonymization Techniques, Technical Report, Computing Research Repository, 2012. [Abstract] [BibTeX]
  • Abstract: Releasing Web query logs which contain valuable information for research or marketing, can breach the privacy of search engine users. Therefore rendering query logs to limit linking a query to an individual while preserving the data usefulness for analysis, is an important research problem. This survey provides an overview and discussion on the recent studies on this direction.
    @article{amin:corr12,
    author = {Milani Fard, Amin},
    title = {Privacy Preserving Web Query Log Publishing: A Survey on Anonymization Techniques},
    journal = {Computing Research Repository (CoRR)},
    volume = {abs/1211.2354},
    year = {2012}
    }

  • A. Milani Fard, Clustering-based Web Query Log Anonymization, M.Sc. Thesis, Simon Fraser University (SFU), November 2010. [Abstract] [BibTeX]
  • Abstract: Web query logs data contain information which can be very useful in research or marketing, however, release of such data can seriously breach the privacy of search engine users. These privacy concerns go far beyond just the identifying information in a query such as name, address, and etc., which can refer to a particular individual. It has been shown that even non-identifying personal data can be combined with external publicly available information and pinpoint to an individual as this happened after AOL query logs release in 2006. In this work we model web query logs as unstructured transaction data and present a novel transaction anonymization technique based on clustering and generalization techniques to achieve the k-anonymity privacy. We conduct extensive experiments on the AOL query log data. Our results show that this method results in a higher data utility compared to the state of-the-art transaction anonymization methods.
    @phdthesis{amin:thesis2010,
    author = {Milani Fard, Amin},
    title = {Clustering-based Web Query Log Anonymization},
    series={Electronic Theses and Dissertations (ETDs) 2008+},
    url={http://summit.sfu.ca/item/12814},
    school={Simon Fraser University},
    year={2010},
    month={Nov},
    collection={Electronic Theses and Dissertations (ETDs) 2008+}
    }

  • A. Milani Fard, K. Wang, An Effective Clustering Approach to Web Query Log Anonymization, 5th International Conference on Security and Cryptography, (SECRYPT), 2010. [Abstract] [BibTeX]
  • Abstract: Web query log data contain information useful to research; however, release of such data can re-identify the search engine users issuing the queries. These privacy concerns go far beyond removing explicitly identifying information such as name and address, since non-identifying personal data can be combined with publicly available information to pinpoint to an individual. In this work we model web query logs as unstructured transaction data and present a novel transaction anonymization technique based on clustering and generalization techniques to achieve the k-anonymity privacy. We conduct extensive experiments on the AOL query log data. Our results show that this method results in a higher data utility compared to the state-of-the-art transaction anonymization methods.
    @inproceedings{amin:secrypt10,
    title={An effective clustering approach to web query log anonymization},
    author={Milani Fard, Amin and and Wang, Ke},
    booktitle={Proceedings of the International Conference on Security and Cryptography (SECRYPT)},
    pages={109--119},
    year={2010},
    organization={IEEE}
    }

  • A. Milani Fard, M. Ester, Collaborative Mining in Multiple Social Networks Data for Criminal Group Discovery, Symposium on Social Computing Applications, IEEE International Conference on Social Computing (SocialCom), 2009
  • A. Milani Fard, Competitive-Cooperative Automated Reasoning from Distributed and Multiple Source of Data, in Data Mining and Multiagent Integration, ISBN 978-1-4419-0521-5, Springer US, 2009
  • R. Ghaemi, A. Milani Fard, H. Tabatabaee, M. Sadeghizadeh, Evolutionary Query Optimization for Heterogeneous Distributed Database Systems, in World Academy of Science, Engineering and Technology, V. 43, 2008

  • M. A. Rigi, A. Milani Fard, M. -R. Akbarzadeh -T., Finding Optimal Grid Dimension for Partitioning Linguistic Variables of Fuzzy Concepts, International Journal of Mathematics and Computer Science, ISSN 1814-0424, Volume 3, no. 2, 2008

  • A. Milani Fard, Intelligent Agent based Grid Data Mining using Game Theory and Soft Computing, B.Sc. Thesis, Ferdowsi University of Mashhad (FUM), September 2007
  • A. Milani Fard, V. Salmani, M. Naghibzadeh, S. Khajouie Nejad, H. Ahmadi, Game Theory based Data Mining Technique for Strategy Making of a Soccer Simulation Coach Agent, 6th International Conference on Information Systems Technology and its Applications, (ISTA), 2007
  • A. Milani Fard, A. Deldari, H. Deldari, Quick Grammar Type Recognition: Concepts and Techniques, International conf. on Compilers, Related Technologies and Applications (CoRTA), 2007
  • M. Mohebbi, M. -R. Akbarzadeh -T., A. Milani Fard, Microorganism DNA Pattern Search in a Multi-agent Genomic Engine Framework, World Applied Sciences Journal, V. 2 N. 6, 2007, Also a poster in International Conference on Bioinformatics (InCoB), 2007
  • A. Milani Fard, M. Kahani, R. Ghaemi, H. Tabatabaee, Multi-agent Data Fusion Architecture for Intelligent Web Information Retrieval, International Journal of Intelligent Systems and Technologies, V. 2, N. 3, 2007
  • A. Milani Fard, R. Ghaemi, M. -R. Akbarzadeh -T., H. Akbari, Kavosh: An Intelligent Neuro-Fuzzy Search Engine, 7th IEEE International Conference on Intelligent Systems Design and Application (ISDA), 2007
  • A. Milani Fard, H. Akbari, M. -R. Akbarzadeh -T, Fuzzy Adaptive Resonance Theory for Content-Based Data Retrieval, IEEE International Conference on Innovations in Information Technology (IIT), 2006
  • V. Salmani, A. Milani Fard, M. Naghibzadeh, A Fuzzy Two-Phase Decision Making Approach for Simulated Soccer Agent, IEEE International Conference on Engineering of Intelligent Systems (ICEIS), 2006
  • A. Milani Fard, M. -R. Akbarzadeh -T, F. Varasteh -A, A New Genetic Algorithm Approach for Secure JPEG Steganography, IEEE International Conference on Engineering of Intelligent Systems (ICEIS), 2006