40,122 research outputs found
Session models of navigational behavior of Web applications in EFSM.
While providing better performance, transparency and expressiveness, the main features of the web technologies such as web caching, session and cookies, dynamically generated web pages etc. also make the web applications more complex and error-prone. In this regard, formal verification and specification-based testing play an important role in assessing the correct navigations of the web applications. As the basis for the static analysis or test case generations, the formal models of the web applications should contain information of the navigational behavior comprising the web technologies we are interested in. Here we provide the automated generation of such a model in terms of Extended Finite State Machines from a set of descriptions of the functionality of each individual element of the web applications. The generated model can be used for better quality assurance for web application in formal verification and specification-based testing. We take into account the cookies and dynamic link techniques used in the dynamically generated web pages, as they may have impact on the correct web page navigations. Paper copy at Leddy Library: Theses & Major Papers - Basement, West Bldg. / Call Number: Thesis2005 .C44. Source: Masters Abstracts International, Volume: 44-03, page: 1396. Thesis (M.Sc.)--University of Windsor (Canada), 2005
Model checking: Correct Web page navigations with browser behavior.
While providing better performance, transparency and expressiveness, the main features of the web technologies such as web caching, session and cookies, dynamically generated web pages etc. may also affect the correct understanding of the web applications running on top of them. From the viewpoint of formal verification and specification-based testing, this suggests that the formal model of the web application we use for static analysis or test case generation should contain the abstract behavior of the underlying web application environment. Here we consider the automated generation of such a model in terms of extended finite state machines from a given abstract description of a web application by incorporating the abstract behavioral model of the web browsers in the presence of session/cookies and dynamically generated web pages. The derived model can serve as the formal basis for both model checking and specification-based testing on the web applications where we take into account the effect of the internal caching mechanism to the correct accessibility of the web pages, which can be quite sensitive to the security of the information they carry. In order to check the correctness of the derived model against required properties, we provide the automated translation of the model into Promela. By applying SPIN on Promela models, we present experimental results on the evaluation of the proposed modeling in terms of scalability.Dept. of Computer Science. Paper copy at Leddy Library: Theses & Major Papers - Basement, West Bldg. / Call Number: Thesis2004 .Z543. Source: Masters Abstracts International, Volume: 43-05, page: 1761. Adviser: Jessica Chen. Thesis (M.Sc.)--University of Windsor (Canada), 2004
Verification and Validation of JavaScript
JavaScript is a prototype-based, dynamically typed language with scope chains and higher-order functions. Third party web applications embedded in web pages rely on JavaScript to run inside every browser. Because of its dynamic nature, a JavaScript program is easily exploited by malicious manipulations and safety breach attacks. Therefore, it is highly desirable when developing a JavaScript application to be able to verify that it meets its expected specification and that it is safe. One of the challenges in achieving this objective is that it is hard to statically keep track of the heap-manipulating JavaScript program due to the mutability of data structures. This thesis focuses on developing a verification framework for both functional correctness and safety of JavaScript programs that involve heap-based data structures.
Two automated inference-based verification frameworks are constructed based upon a variant of separation logic. The first framework defines a suitable subset of JavaScript, together with a set of operational semantics rules, a specification language and a set of inference rules. Furthermore, an axiomatic framework is presented to discover both pre/post-conditions of a JavaScript program. Hoare-style specification {Pre}prog{Post}, where program prog contains the language statements. The problem of verifying program can be reduced to the problem of proving that the execution of the statements meets the derived specification language.
The second framework increases the expressiveness of the subset language to include this that can cause safety issues in JavaScript programs. It revises the operational rules and inference rules to manipulate the newly added feature. Furthermore, a safety verification algorithm is defined.
Both verification frameworks have been proved sound, and the results ob- tained from evaluations validate the feasibility and precision of proposed approaches. The outcomes of this thesis confirm that it is possible to anal- yse heap-manipulating JavaScript programs automatically and precisely to discover unsafe programs
Discovery and Selection of Certified Web Services Through Registry-Based Testing and Verification
Reliability and trust are fundamental prerequisites for the establishment of functional relationships among peers in a Collaborative Networked Organisation (CNO), especially in the context of Virtual Enterprises where economic benefits can be directly at stake. This paper presents a novel approach towards effective service discovery and selection that is no longer based on informal, ambiguous and potentially unreliable service descriptions, but on formal specifications that can be used to verify and certify the actual Web service implementations. We propose the use of Stream X-machines (SXMs) as a powerful modelling formalism for constructing the behavioural specification of a Web service, for performing verification through the generation of exhaustive test cases, and for performing validation through animation or model checking during service selection
Transitioning Applications to Semantic Web Services: An Automated Formal Approach
Semantic Web Services have been recognized as a promising technology that exhibits huge commercial potential, and attract significant attention from both industry and the research community. Despite expectations being high, the industrial take-up of Semantic Web Service technologies has been slower than expected. One of the main reasons is that many systems have been developed without considering the potential of the web in integrating services and sharing resources. Without a systematic methodology and proper tool support, the migration from legacy systems to Semantic Web Service-based systems can be a very tedious and expensive process, which carries a definite risk of failure. There is an urgent need to provide strategies which allow the migration of legacy systems to Semantic Web Services platforms, and also tools to support such a strategy. In this paper we propose a methodology for transitioning these applications to Semantic Web Services by taking the advantage of rigorous mathematical methods. Our methodology allows users to migrate their applications to Semantic Web Services platform automatically or semi-automatically
Analysis and Verification of Service Interaction Protocols - A Brief Survey
Modeling and analysis of interactions among services is a crucial issue in
Service-Oriented Computing. Composing Web services is a complicated task which
requires techniques and tools to verify that the new system will behave
correctly. In this paper, we first overview some formal models proposed in the
literature to describe services. Second, we give a brief survey of verification
techniques that can be used to analyse services and their interaction. Last, we
focus on the realizability and conformance of choreographies.Comment: In Proceedings TAV-WEB 2010, arXiv:1009.330
Automated Mapping of UML Activity Diagrams to Formal Specifications for Supporting Containment Checking
Business analysts and domain experts are often sketching the behaviors of a
software system using high-level models that are technology- and
platform-independent. The developers will refine and enrich these high-level
models with technical details. As a consequence, the refined models can deviate
from the original models over time, especially when the two kinds of models
evolve independently. In this context, we focus on behavior models; that is, we
aim to ensure that the refined, low-level behavior models conform to the
corresponding high-level behavior models. Based on existing formal verification
techniques, we propose containment checking as a means to assess whether the
system's behaviors described by the low-level models satisfy what has been
specified in the high-level counterparts. One of the major obstacles is how to
lessen the burden of creating formal specifications of the behavior models as
well as consistency constraints, which is a tedious and error-prone task when
done manually. Our approach presented in this paper aims at alleviating the
aforementioned challenges by considering the behavior models as verification
inputs and devising automated mappings of behavior models onto formal
properties and descriptions that can be directly used by model checkers. We
discuss various challenges in our approach and show the applicability of our
approach in illustrative scenarios.Comment: In Proceedings FESCA 2014, arXiv:1404.043
Leveraging Semantic Web Service Descriptions for Validation by Automated Functional Testing
Recent years have seen the utilisation of Semantic Web Service descriptions for automating a wide range of service-related activities, with a primary focus on service discovery, composition, execution and mediation. An important area which so far has received less attention is service validation, whereby advertised services are proven to conform to required behavioural specifications. This paper proposes a method for validation of service-oriented systems through automated functional testing. The method leverages ontology-based and rule-based descriptions of service inputs, outputs, preconditions and effects (IOPE) for constructing a stateful EFSM specification. The specification is subsequently utilised for functional testing and validation using the proven Stream X-machine (SXM) testing methodology. Complete functional test sets are generated automatically at an abstract level and are then applied to concrete Web services, using test drivers created from the Web service descriptions. The testing method comes with completeness guarantees and provides a strong method for validating the behaviour of Web services
Automatic Software Repair: a Bibliography
This article presents a survey on automatic software repair. Automatic
software repair consists of automatically finding a solution to software bugs
without human intervention. This article considers all kinds of repairs. First,
it discusses behavioral repair where test suites, contracts, models, and
crashing inputs are taken as oracle. Second, it discusses state repair, also
known as runtime repair or runtime recovery, with techniques such as checkpoint
and restart, reconfiguration, and invariant restoration. The uniqueness of this
article is that it spans the research communities that contribute to this body
of knowledge: software engineering, dependability, operating systems,
programming languages, and security. It provides a novel and structured
overview of the diversity of bug oracles and repair operators used in the
literature
SPEEDY: An Eclipse-based IDE for invariant inference
SPEEDY is an Eclipse-based IDE for exploring techniques that assist users in
generating correct specifications, particularly including invariant inference
algorithms and tools. It integrates with several back-end tools that propose
invariants and will incorporate published algorithms for inferring object and
loop invariants. Though the architecture is language-neutral, current SPEEDY
targets C programs. Building and using SPEEDY has confirmed earlier experience
demonstrating the importance of showing and editing specifications in the IDEs
that developers customarily use, automating as much of the production and
checking of specifications as possible, and showing counterexample information
directly in the source code editing environment. As in previous work,
automation of specification checking is provided by back-end SMT solvers.
However, reducing the effort demanded of software developers using formal
methods also requires a GUI design that guides users in writing, reviewing, and
correcting specifications and automates specification inference.Comment: In Proceedings F-IDE 2014, arXiv:1404.578
- ā¦