6 research outputs found
WaRR: A Tool for High-Fidelity Web Application Record and Replay
We introduce WaRR, a tool that records and replays with high ïŹdelity the interaction between users and modern web applications. WaRR consists of two independent components: the WaRR Recorder and the WaRR Replayer. The WaRR Recorder is embedded in a web browser, thus having access to user actions, and provides a complete interaction traceâthis confers high recording ïŹdelity. The WaRR Replayer uses an enhanced, developer-speciïŹc web browser that enables realistic simulation of user interactionâthis confers high replaying ïŹdelity. We describe two usage scenarios for WaRR that help developers improve the dependability of web applications: testing web applications against realistic human errors and generating user experience reports. WaRR helped us discover bugs in widely-used web applications, such as Google Sites, and offers higher recording ïŹdelity compared to current tools
iProve: A Scalable Approach to Consumer-Verifiable Software Guarantees
Formally proving complex program properties is still considered impractical for systems with over a million lines of code (MLOC). We present iProve, an approach that enables the generation and verification of proofs for interesting program properties in large Java systems. Desired properties are proven in iProve as a combination of two proofs: one of a complex property applied to a very tiny part of the codeâa nucleusâand a proof of a simple property applied to the rest of the codeâthe body. We use iProve to prove properties such as communication security, deadlock immunity, data privacy, and resource usage bounds in Java programs with millions of LOC. iProve scales well, requires no access to source code, and allows nuclei to be reused with an unlimited number of systems and to be written in verification-friendly languages
Mitigating Anonymity Challenges in Automated Testing and Debugging Systems
Modern software often provides automated testing and bug reporting facilities that enable developers to improve the software after release. Alas, this comes at the cost of user anonymity: reported execution traces may identify users. We present a way to mitigate this inherent tension between developer utility and user anonymity: automatically transform execution traces in a way that preserves their utility for testing and debugging while, at the same time, providing k-anonymity to users, i.e., a guarantee that the trace can at most identify the user as being part of a group of k indistinguishable users. We evaluate this approach in the context of an automated testing and bug reporting system for smartphone applications.