20 research outputs found
Modeling and Selection of Software Service Variants
Providers and consumers have to deal with variants, meaning alternative instances of a service?s design, implementation, deployment, or operation, when developing or delivering software services. This work presents service feature modeling to deal with associated challenges, comprising a language to represent software service variants and a set of methods for modeling and subsequent variant selection. This work?s evaluation includes a POC implementation and two real-life use cases
Who you gonna call? Analyzing Web Requests in Android Applications
Relying on ubiquitous Internet connectivity, applications on mobile devices
frequently perform web requests during their execution. They fetch data for
users to interact with, invoke remote functionalities, or send user-generated
content or meta-data. These requests collectively reveal common practices of
mobile application development, like what external services are used and how,
and they point to possible negative effects like security and privacy
violations, or impacts on battery life. In this paper, we assess different ways
to analyze what web requests Android applications make. We start by presenting
dynamic data collected from running 20 randomly selected Android applications
and observing their network activity. Next, we present a static analysis tool,
Stringoid, that analyzes string concatenations in Android applications to
estimate constructed URL strings. Using Stringoid, we extract URLs from 30, 000
Android applications, and compare the performance with a simpler constant
extraction analysis. Finally, we present a discussion of the advantages and
limitations of dynamic and static analyses when extracting URLs, as we compare
the data extracted by Stringoid from the same 20 applications with the
dynamically collected data
Modeling and Selection of Software Service Variants
Providers and consumers have to deal with variants of software services, which are alternative instances of a services design, implementation, deployment, or operation. This work develops the service feature modeling language to represent software service variants and a suite of methods to select variants for development or delivery. An evaluation describes the systems implemented to make use of service feature modeling and its application to two real-world use cases
Statically Checking Web API Requests in JavaScript
Many JavaScript applications perform HTTP requests to web APIs, relying on
the request URL, HTTP method, and request data to be constructed correctly by
string operations. Traditional compile-time error checking, such as calling a
non-existent method in Java, are not available for checking whether such
requests comply with the requirements of a web API. In this paper, we propose
an approach to statically check web API requests in JavaScript. Our approach
first extracts a request's URL string, HTTP method, and the corresponding
request data using an inter-procedural string analysis, and then checks whether
the request conforms to given web API specifications. We evaluated our approach
by checking whether web API requests in JavaScript files mined from GitHub are
consistent or inconsistent with publicly available API specifications. From the
6575 requests in scope, our approach determined whether the request's URL and
HTTP method was consistent or inconsistent with web API specifications with a
precision of 96.0%. Our approach also correctly determined whether extracted
request data was consistent or inconsistent with the data requirements with a
precision of 87.9% for payload data and 99.9% for query data. In a systematic
analysis of the inconsistent cases, we found that many of them were due to
errors in the client code. The here proposed checker can be integrated with
code editors or with continuous integration tools to warn programmers about
code containing potentially erroneous requests.Comment: International Conference on Software Engineering, 201
Opportunities in Software Engineering Research for Web API Consumption
Nowadays, invoking third party code increasingly involves calling web
services via their web APIs, as opposed to the more traditional scenario of
downloading a library and invoking the library's API. However, there are also
new challenges for developers calling these web APIs. In this paper, we
highlight a broad set of these challenges and argue for resulting opportunities
for software engineering research to support developers in consuming web APIs.
We outline two specific research threads in this context: (1) web API
specification curation, which enables us to know the signatures of web APIs,
and (2) static analysis that is capable of extracting URLs, HTTP methods etc.
of web API calls. Furthermore, we present new work on how we combine (1) and
(2) to provide IDE support for application developers consuming web APIs. As
web APIs are used broadly, research in supporting the consumption of web APIs
offers exciting opportunities.Comment: Erik Wittern and Annie Ying are both first author
A mixed-method empirical study of Function-as-a-Service software development in industrial practice
Function-as-a-Service (FaaS) describes cloud computing services that make infrastructure components transparent to application developers, thus falling in the larger group of “serverless” computing models. When using FaaS offerings, such as AWS Lambda, developers provide atomic and short-running code for their functions, and FaaS providers execute and horizontally scale them on-demand. Currently, there is no systematic research on how developers use serverless, what types of applications lend themselves to this model, or what architectural styles and practices FaaS-based applications are based on. We present results from a mixed-method study, combining interviews with practitioners who develop applications and systems that use FaaS, a systematic analysis of grey literature, and a Web-based survey. We find that successfully adopting FaaS requires a different mental model, where systems are primarily constructed by composing pre-existing services, with FaaS often acting as the “glue” that brings these services together. Tooling availability and maturity, especially related to testing and deployment, remains a major difficulty. Further, we find that current FaaS systems lack systematic support for function reuse, and abstractions and programming models for building non-trivial FaaS applications are limited. We conclude with a discussion of implications for FaaS providers, software developers, and researchers
A mixed-method empirical study of Function-as-a-Service software development in industrial practice
Function-as-a-Service (FaaS) describes cloud computing services that make infrastructure components transparent to application developers, thus falling in the larger group of “serverless” computing mod- els. When using FaaS offerings, such as AWS Lambda, developers provide atomic and short-running code for their functions, and FaaS providers execute and horizontally scale them on-demand. Currently, there is nosystematic research on how developers use serverless, what types of applications lend themselves to this model, or what architectural styles and practices FaaS-based applications are based on. We present results from a mixed-method study, combining interviews with practitioners who develop applications and systems that use FaaS, a systematic analysis of grey literature, and a Web-based survey. We find that successfully adopting FaaS requires a different mental model, where systems are primarily constructed by composing pre-existing services, with FaaS often acting as the “glue” that brings these services to- gether. Tooling availability and maturity, especially related to testing and deployment, remains a major difficulty. Further, we find that current FaaS systems lack systematic support for function reuse, and ab- stractions and programming models for building non-trivial FaaS applications are limited. We conclude with a discussion of implications for FaaS providers, software developers, and researchers
A Principled Approach to GraphQL Query Cost Analysis
International audienceThe landscape of web APIs is evolving to meet new client requirements and to facilitate how providers fulfill them. A recent web API model is GraphQL, which is both a query language and a runtime. Using GraphQL, client queries express the data they want to retrieve or mutate, and servers respond with exactly those data or changes. GraphQL's expressiveness is risky for service providers because clients can succinctly request stupendous amounts of data, and responding to overly complex queries can be costly or disrupt service availability. Recent empirical work has shown that many service providers are at risk. Using traditional API management methods is not sufficient, and practitioners lack principled means of estimating and measuring the cost of the GraphQL queries they receive. In this work, we present a linear-time GraphQL query analysis that can measure the cost of a query without executing it. Our approach can be applied in a separate API management layer and used with arbitrary GraphQL backends. In contrast to existing static approaches, our analysis supports common GraphQL conventions that affect query cost, and our analysis is provably correct based on our formal specification of GraphQL semantics. We demonstrate the potential of our approach using a novel GraphQL query-response corpus for two commercial GraphQL APIs. Our query analysis consistently obtains upper cost bounds, tight enough relative to the true response sizes to be actionable for service providers. In contrast, existing static GraphQL query analyses exhibit over-estimates and under-estimates because they fail to support GraphQL conventions