Statically Checking Web API Requests in JavaScript

Many JavaScript applications perform HTTP requests to web APIs, relying on the request URL, HTTP method, and request data to be constructed correctly by string operations. Traditional compile-time error checking, such as calling a non-existent method in Java, are not available for checking whether such requests comply with the requirements of a web API. In this paper, we propose an approach to statically check web API requests in JavaScript. Our approach first extracts a request's URL string, HTTP method, and the corresponding request data using an inter-procedural string analysis, and then checks whether the request conforms to given web API specifications. We evaluated our approach by checking whether web API requests in JavaScript files mined from GitHub are consistent or inconsistent with publicly available API specifications. From the 6575 requests in scope, our approach determined whether the request's URL and HTTP method was consistent or inconsistent with web API specifications with a precision of 96.0%. Our approach also correctly determined whether extracted request data was consistent or inconsistent with the data requirements with a precision of 87.9% for payload data and 99.9% for query data. In a systematic analysis of the inconsistent cases, we found that many of them were due to errors in the client code. The here proposed checker can be integrated with code editors or with continuous integration tools to warn programmers about code containing potentially erroneous requests.Comment: International Conference on Software Engineering, 201

Generating a contract checker for an SLA language

SLAng is a language for expressing Service LevelAgreements (SLAs) under development as part of the Europeanproject TAPAS. It is defined using a meta-model, an instance ofthe Meta-Object Facility (MOF) model, in which the relationshipbetween the syntax of the language and its domain of applicationis explicitly represented, and the violation semantics ofthe language defined using Object Constraint Language (OCL)constraints. The concrete syntax of the language is the XMLMeta-data Interchange (XMI) mapping of the syntactic part ofthe meta-model. In this paper we describe how the Java MetadataInterface (JMI) mapping can be applied to the meta-modelof the language to generate interfaces and classes to create andquery SLAs and relevant service monitoring data in memory;and how an OCL interpreter can be applied to check violationconstraints over this data, resulting in the implementation of acontract checker that is highly likely to respect the semantics ofthe language

Edit and verify

Automated theorem provers are used in extended static checking, where they are the performance bottleneck. Extended static checkers are run typically after incremental changes to the code. We propose to exploit this usage pattern to improve performance. We present two approaches of how to do so and a full solution

Dynamic integration of context model constraints in web service processes

Autonomic Web service composition has been a challenging topic for some years. The context in which composition takes places determines essential aspects. A context model can provide meaningful composition information for services process composition. An ontology-based approach for context information integration is the basis of a constraint approach to dynamically integrate context validation into service processes. The dynamic integration of context constraints into an orchestrated service process is a necessary direction to achieve autonomic service composition

Solving the TTC 2011 Compiler Optimization Task with metatools

The authors' "metatools" are a collection of tools for generic programming. This includes generating Java sources from mathematically well-founded specifications, as well as the creation of strictly typed document object models for XML encoded texts. In this context, almost every computer-internal structure is treated as a "model", and every computation is a kind of model transformation. This concept differs significantly from "classical model transformation" executed by specialized tools and languages. Therefore it seemed promising to the organizers of the TTC 2011, as well as to the authors, to apply metatools to one of the challenges, namely to the "compiler optimization task". This is a report on the resulting experiences.Comment: In Proceedings TTC 2011, arXiv:1111.440

CSP design model and tool support

The CSP paradigm is known as a powerful concept for designing and analysing the architectural and behavioural parts of concurrent software. Although the theory of CSP is useful for mathematicians, the programming language occam has been derived from CSP that is useful for any engineering practice. Nowadays, the concept of occam/CSP can be used for almost every object-oriented programming language. This paper describes a tree-based description model and prototype tool that elevates the use of occam/CSP concepts at the design level and performs code generation to Java, C, C++, and machine-readable CSP for the level of implementation. The tree-based description model can be used to browse through the generated source code. The tool is a kind of browser that is able to assist modern workbenches (like Borland Builder, Microsoft Visual C++ and 20-SIM) with coding concurrency. The tool will guide the user through the design trajectory using support messages and several semantic and syntax rule checks. The machine-readable CSP can be read by FDR, enabling more advanced analysis on the design. Early experiments with the prototype tool show that the browser concept, combined with the tree-based description model, enables a user-friendly way to create a design using the CSP concepts and benefits. The design tool is available from our URL, http://www.rt.el.utwente.nl/javapp