40 research outputs found
Opportunities in Software Engineering Research for Web API Consumption
Nowadays, invoking third party code increasingly involves calling web
services via their web APIs, as opposed to the more traditional scenario of
downloading a library and invoking the library's API. However, there are also
new challenges for developers calling these web APIs. In this paper, we
highlight a broad set of these challenges and argue for resulting opportunities
for software engineering research to support developers in consuming web APIs.
We outline two specific research threads in this context: (1) web API
specification curation, which enables us to know the signatures of web APIs,
and (2) static analysis that is capable of extracting URLs, HTTP methods etc.
of web API calls. Furthermore, we present new work on how we combine (1) and
(2) to provide IDE support for application developers consuming web APIs. As
web APIs are used broadly, research in supporting the consumption of web APIs
offers exciting opportunities.Comment: Erik Wittern and Annie Ying are both first author
Statically Checking Web API Requests in JavaScript
Many JavaScript applications perform HTTP requests to web APIs, relying on
the request URL, HTTP method, and request data to be constructed correctly by
string operations. Traditional compile-time error checking, such as calling a
non-existent method in Java, are not available for checking whether such
requests comply with the requirements of a web API. In this paper, we propose
an approach to statically check web API requests in JavaScript. Our approach
first extracts a request's URL string, HTTP method, and the corresponding
request data using an inter-procedural string analysis, and then checks whether
the request conforms to given web API specifications. We evaluated our approach
by checking whether web API requests in JavaScript files mined from GitHub are
consistent or inconsistent with publicly available API specifications. From the
6575 requests in scope, our approach determined whether the request's URL and
HTTP method was consistent or inconsistent with web API specifications with a
precision of 96.0%. Our approach also correctly determined whether extracted
request data was consistent or inconsistent with the data requirements with a
precision of 87.9% for payload data and 99.9% for query data. In a systematic
analysis of the inconsistent cases, we found that many of them were due to
errors in the client code. The here proposed checker can be integrated with
code editors or with continuous integration tools to warn programmers about
code containing potentially erroneous requests.Comment: International Conference on Software Engineering, 201
Value Partitioning: A Lightweight Approach to Relational Static Analysis for JavaScript
In static analysis of modern JavaScript libraries, relational analysis at key locations is critical to provide sound and useful results. Prior work addresses this challenge by the use of various forms of trace partitioning and syntactic patterns, which is fragile and does not scale well, or by incorporating complex backwards analysis. In this paper, we propose a new lightweight variant of trace partitioning named value partitioning that refines individual abstract values instead of entire abstract states. We describe how this approach can effectively capture important relational properties involving dynamic property accesses, functions with free variables, and predicate functions. Furthermore, we extend an existing JavaScript analyzer with value partitioning and demonstrate experimentally that it is a simple, precise, and efficient alternative to the existing approaches for analyzing widely used JavaScript libraries
Rehearsal: A Configuration Verification Tool for Puppet
Large-scale data centers and cloud computing have turned system configuration
into a challenging problem. Several widely-publicized outages have been blamed
not on software bugs, but on configuration bugs. To cope, thousands of
organizations use system configuration languages to manage their computing
infrastructure. Of these, Puppet is the most widely used with thousands of
paying customers and many more open-source users. The heart of Puppet is a
domain-specific language that describes the state of a system. Puppet already
performs some basic static checks, but they only prevent a narrow range of
errors. Furthermore, testing is ineffective because many errors are only
triggered under specific machine states that are difficult to predict and
reproduce. With several examples, we show that a key problem with Puppet is
that configurations can be non-deterministic.
This paper presents Rehearsal, a verification tool for Puppet configurations.
Rehearsal implements a sound, complete, and scalable determinacy analysis for
Puppet. To develop it, we (1) present a formal semantics for Puppet, (2) use
several analyses to shrink our models to a tractable size, and (3) frame
determinism-checking as decidable formulas for an SMT solver. Rehearsal then
leverages the determinacy analysis to check other important properties, such as
idempotency. Finally, we apply Rehearsal to several real-world Puppet
configurations.Comment: In proceedings of ACM SIGPLAN Conference on Programming Language
Design and Implementation (PLDI) 201
Detecting Redundant CSS Rules in HTML5 Applications: A Tree-Rewriting Approach
HTML5 applications normally have a large set of CSS (Cascading Style Sheets)
rules for data display. Each CSS rule consists of a node selector (given in an
XPath-like query language) and a declaration block (assigning values to
selected nodes' display attributes). As web applications evolve, maintaining
CSS files can easily become problematic. Some CSS rules will be replaced by new
ones, but these obsolete (hence redundant) CSS rules often remain in the
applications. Not only does this "bloat" the applications, but it also
significantly increases web browsers' processing time. Most works on detecting
redundant CSS rules in HTML5 applications do not consider the dynamic behaviors
of HTML5 (specified in JavaScript); in fact, the only proposed method that
takes these into account is dynamic analysis (a.k.a. testing), which cannot
soundly prove redundancy of CSS rules. In this paper, we introduce an
abstraction of HTML5 applications based on monotonic tree-rewriting and study
its "redundancy problem". We establish the precise complexity of the problem
and various subproblems of practical importance (ranging from P to EXP). In
particular, our algorithm relies on an efficient reduction to an analysis of
symbolic pushdown systems (for which highly optimised solvers are available),
which yields a fast method for checking redundancy in practice. We implemented
our algorithm and demonstrated its efficacy in detecting redundant CSS rules in
HTML5 applications.Comment: 50 page
Automatic Root Cause Quantification for Missing Edges in JavaScript Call Graphs (Extended Version)
Building sound and precise static call graphs for real-world JavaScript
applications poses an enormous challenge, due to many hard-to-analyze language
features. Further, the relative importance of these features may vary depending
on the call graph algorithm being used and the class of applications being
analyzed. In this paper, we present a technique to automatically quantify the
relative importance of different root causes of call graph unsoundness for a
set of target applications. The technique works by identifying the dynamic
function data flows relevant to each call edge missed by the static analysis,
correctly handling cases with multiple root causes and inter-dependent calls.
We apply our approach to perform a detailed study of the recall of a
state-of-the-art call graph construction technique on a set of framework-based
web applications. The study yielded a number of useful insights. We found that
while dynamic property accesses were the most common root cause of missed edges
across the benchmarks, other root causes varied in importance depending on the
benchmark, potentially useful information for an analysis designer. Further,
with our approach, we could quickly identify and fix a recall issue in the call
graph builder we studied, and also quickly assess whether a recent analysis
technique for Node.js-based applications would be helpful for browser-based
code. All of our code and data is publicly available, and many components of
our technique can be re-used to facilitate future studies.Comment: Extended version of ECOOP'22 paper (with appendix
Fission: Secure Dynamic Code-Splitting for JavaScript
Traditional web programming involves the creation of two distinct programs: a client-side front-end, a server-side back-end, and a lot of communications boilerplate. An alternative approach is to use a tierless programming model, where a single program describes the behavior of both the client and the server, and the runtime system takes care of communication. Unfortunately, this usually entails adopting a new language and thus abandoning well-worn libraries and web programming tools.
In this paper, we present our ongoing work on Fission, a platform that uses dynamic tier-splitting and dynamic information flow control to transparently run a single JavaScript program across the client and server. Although static tier-splitting has been studied before, our focus on dynamic approaches presents several new challenges and opportunities. For example, Fission supports characteristic JavaScript features such as eval and sophisticated JavaScript libraries like React. Therefore, programmers can reason about the integrity and confidentiality of information while continuing to use common libraries and programming patterns. Moreover, by unifying the client and server into a single program, Fission allows language-based tools, like type systems and IDEs, to manipulate complete web applications. To illustrate, we use TypeScript to ensure that client-server communication does not go wrong
Weakly Sensitive Analysis for Unbounded Iteration over JavaScript Objects
International audienceJavaScript framework libraries like jQuery are widely used, but complicate program analyses. Indeed, they encode clean high-level constructions such as class inheritance via dynamic object copies and transformations that are harder to reason about. One common pattern used in them consists of loops that copy or transform part or all of the fields of an object. Such loops are challenging to analyze precisely, due to weak updates and as unrolling techniques do not always apply. In this paper, we observe that precise field correspondence relations are required for client analyses (e.g., for call-graph construction), and propose abstractions of objects and program executions that allow to reason separately about the effect of distinct iterations without resorting to full unrolling. We formalize and implement an analysis based on this technique. We assess the performance and precision on the computation of call-graph information on examples from jQuery tutorials
Detecting server-side endpoints in web applications based on static analysis of client-side JavaScript code
Под схемами широковещательного шифрования понимают такие протоколы распространения легально тиражируемой цифровой продукции, которые способны предотвратить несанкционированный доступ к распространяемым данным. Эти схемы широко используются как для распределённого хранения данных, так и для защиты данных при передаче по каналам связи, и исследование таких схем представляется актуальной задачей. Для предотвращения коалиционных атак в схемах широковещательного шифрования используются классы помехоустойчивых кодов со специальными свойствами, в частности c-FP- и c-TA-свойствами. Рассматривается задача оценки нижней и верхней границ мощности коалиции злоумышленников, в пределах которых алгеброгеометрические коды обладают этими свойствами. Ранее были получены границы для одноточечных алгеброгеометрических кодов на кривых общего вида. В работе эти границы уточняются для одноточечных кодов на кривых специального вида; в частности, для кодов на кривых, на которых имеется достаточно много классов эквивалентности после факторизации множества точек кривой по отношению равенства соответствующих координат