Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 A Sane Approach to Modern Web Application Development Adam Chlipala February 22, 2010.

Published byOscar Owen Modified over 8 years ago

Similar presentations

Presentation on theme: "1 A Sane Approach to Modern Web Application Development Adam Chlipala February 22, 2010."— Presentation transcript:

1 1 A Sane Approach to Modern Web Application Development Adam Chlipala February 22, 2010

2 2 Web 1.0 Hello world! “Applicatio n”

3 3 Forms Page Name: Foo Submit Handler Hello, ! print (“Hello, “ + ENV[“name”] + “!”) Foo This field is called “name.” blah Submit to URL “Bar” Trigger for URL “Bar”

4 4 Database Access Page Name: Foo Submit Handler Hello, Foo! Your balance is $1.23. query (“SELECT balance FROM customers WHERE name = '” + ENV[“name”] + “'”) '; DELETE FROM balance WHERE name <> ' SQL DB

5 5 Saner Languages/Frameworks ● Links ● Ocsigen ● LINQ ● WebSharper ● OPA (“One-Pot Application”) ●...?

6 6 Web 1.0 Components Authenticat ion Main App Users Table Is Y the password of user X? ? What is user X's password? Login Cookie Display a login form here. Which user is this? Tell me the cookie contents, so that I can accidentally include them in a web page!

7 7 Web 2.0 Components Writable Area Main App ? Write a new line to the area. Which lines are there now? Let me mess with your part of the page manually, so I can break all your invariants and output some garbage! Subtree of Dynamic Page Structure Server-Side RPC Handler Save the contents to the server. Restore the contents. Let me call the RPC manually, so I can save contents that I couldn't add the honest way!

8 8 Comet Components Chat Client Main App ? Display the chat GUI in a part of the page of my choosing. Subtree of Dynamic Page Structure Pretend to be the user and send a message to the channel in his name! Persistent Channel for Server Comm. Facebook How Many Zombies Can You Barbecue? Replace chat log with “BRAAAAAINS”!!!

9 9 Combined Application Back to Basics.... Authenticat ion Users Table Login Cookie Writable Area Subtree of Dynamic Page Structure Server-Side RPC Handler How do I dispatch from URLs to all of my different components?

10 10 Code Generation DB Schema “Scaffolding” Standard DB Admin Interface Output program code as strings? Gross! Use run-time reflection? Breaks all the abstractions we just saw.... What is this and how do I use it? The manual? Yeah, it's sometimes even accurate! The source code? :-O Examples? This is what happens today....

11 11 My Solutions ● Strongly-encapsulated web components? – First-class language support for the key pieces of web applications – No loopholes! – Now use the standard abstractions of functional programming. ● Principled metaprogramming? – Statically-typed metaprograms, using language ideas from the world of dependent types.

12 12 Ur/Web Ur, a new general purpose language Inspired by ML and Haskell, but with even richer type system features Ur/Web, a special standard library and compiler Supporting modern web app development Web 1.0: Links, forms, etc. Web 2.0: AJAX and Comet SQL database access

13 13 Advantages Productivity Important pieces of web applications are first-class. New ways of structuring programs. New approach to meta- programming. Security Any code to be interpreted is not “just a string.” Rules out: Cross-site scripting Code injection Malicious file exec. Cross-site req. forgery... Performance Optimizing compiler produces fast & memory-efficient native code. No garbage collection! Domain-specific optimizations

14 14 Hello World! fun main () = return Hello world! Hello world!

15 15 Hello ___! functor Hello(M : sig val text : string end) : sig val main : unit → page end = struct fun main () = return Hello {[M.text]}! Hello {[M.text]}! end

16 16 Two Hellos, Living in Harmony structure World = Hello(struct val text = “world” end) structure Boston = Hello(struct val text = “Boston” end) fun main () = return Pick your poison: World Boston

17 17 Encapsulation structure Auth : sig val loginForm : unit → xbody val whoami : unit → string end = struct table users : {Nam : string, Pw : string} cookie auth : {Nam : string, Pw : string} fun rightInfo r = oneRow (SELECT COUNT(*) FROM users WHERE Nam = {[r.Nam]} AND Pw = {[r.Pw]}) = 1 fun login r = if rightInfo r then setCookie auth r else error “Wrong info!” fun loginForm () = (* Form handled by 'login'... *) fun whoami () = let r = getCookie auth in if rightInfo r then r.Nam else error “Wrong info!” end

18 18 Some Client Code fun main () = return {Auth.loginForm ()} Welcome. You could go somewhere. and somewhere () = user ← Auth.whoami (); if user = “Fred Flintstone” then return Yabba dabba doo! else return Boring and evil () = oneRow (SELECT Pw FROM Auth.user WHERE Nam = 'Admin')

19 19 Functional-Reactive GUIs The Status Quo: A BC D Document Tree (DOM) Script Find the node named “B” and replace its contents. Data Source The Reactive Way: Data Source.... Pure Function A BC D Script Change the value of this data source. Module D

20 20 A Client-Side Counter structure Counter : sig type t val new : unit → t val increment : t → unit val render : t → xbody end = struct type t = source int fun new () = source 0 fun increment c = n ← get c; set c (n + 1) fun render c = <dyn signal={n ← signal c; return {[n]} }/> end

21 21 Counter Client fun main () = c ← Counter.new (); return {Counter.render c} Backup copy: {Counter.render c}

22 22 AJAX The Status Quo: The Modular Way: Web Server Script Web Page URI #1 URI #2 URI #1! (muahaha!) Script RPC Handler Call like a normal function Script Or “open a hole” in the module interface

23 23 A Server-Side List structure ServList : sig type view val new : unit → view val render : view → xbody val add : string → unit end = struct table items : { It : string } fun allItems () = query (SELECT * FROM items) type view = source (list string) fun new () = its ← rpc (allItems ()); source its fun render v = return <dyn signal={its ← signal v; (* Format this list for HTML display *)}/> <button value=”Refresh” onclick={its ← rpc (allItems ()); set v its}/> fun doAdd s = dml (INSERT INTO items VALUES ({[s]})) fun add s = rpc (doAdd s) end

24 24 Comet The Status Quo: Web Server Client #1 Client #2 RPC Hm... I think Client #2 would like to know about this. Asynchronous Message Fantasy World Firewall (no incoming connections) Answer my request with the first message that is meant for me. I don't mind waiting, and I'll reconnect afterward for more messages. Scri pt I want messages! Make sure you forward mine to me! Ditto!! And make sure he can't spy on my messages!!! The Modular Way: Script Persistent channel (a typed, unforgeable capability)

25 25 A More Proactive List table listeners : { Chan : channel unit } fun newListener () = ch ← channel; dml (INSERT INTO listeners VALUES ({[ch]})); return ch fun new () = ch ← rpc (newListener ()); its ← rpc (allItems ()); v ← source its; let fun loop () = dummy ← recv ch; its ← rpc (allItems ()); set v its; loop () in spawn (loop ()); return v end fun doAdd s = dml (INSERT INTO items VALUES ({[s]})); foreach (SELECT * FROM listeners) (fn ch => send ch ())

26 26 Metaprogramming: An Executive Summary Run-time Programming Language (Turing complete) Compile-time Programming Language (AKA, type system) (not Turing complete, but includes basic lambda calculus) Crucial feature: type-level records! Included in Metadata controlling code generation options Metaprogram Sub-Web Metadata's type Type-level program Sub-Web's type Key Property 1: These types are expressive enough to guarantee absence of code injection, abstraction violation, etc.. Key Property 2: Effective static checking that the metaprogram really has the claimed type

27 27 Demo

28 28 For more information... http://www.impredicative.com/ur/

Download ppt "1 A Sane Approach to Modern Web Application Development Adam Chlipala February 22, 2010."

Similar presentations

JQuery MessageBoard. Lets use jQuery and AJAX in combination with a database to update and retrieve information without refreshing the page. Here we will.

JQuery MessageBoard. Lets use jQuery and AJAX in combination with a database to update and retrieve information without refreshing the page. Here we will.
WEB DESIGN TABLES, PAGE LAYOUT AND FORMS. Page Layout Page Layout is an important part of web design Why do you think your page layout is important?

WEB DESIGN TABLES, PAGE LAYOUT AND FORMS. Page Layout Page Layout is an important part of web design Why do you think your page layout is important?
JavaScript FaaDoOEngineers.com FaaDoOEngineers.com.

JavaScript FaaDoOEngineers.com FaaDoOEngineers.com.
CSE341: Programming Languages Lecture 16 Datatype-Style Programming With Lists or Structs Dan Grossman Winter 2013.

CSE341: Programming Languages Lecture 16 Datatype-Style Programming With Lists or Structs Dan Grossman Winter 2013.
By Brian Vees.  SQL Injection  Username Enumeration  Cross Site Scripting (XSS)  Remote Code Execution  String Formatting Vulnerabilities.

By Brian Vees.  SQL Injection  Username Enumeration  Cross Site Scripting (XSS)  Remote Code Execution  String Formatting Vulnerabilities.
Session 6 Server-side programming - ASP. An ASP page is an HTML page interspersed with server-side code. The.ASP extension instead of.HTM denotes server-side.

Session 6 Server-side programming - ASP. An ASP page is an HTML page interspersed with server-side code. The.ASP extension instead of.HTM denotes server-side.
15 Chapter 15 Web Database Development Database Systems: Design, Implementation, and Management, Fifth Edition, Rob and Coronel.

15 Chapter 15 Web Database Development Database Systems: Design, Implementation, and Management, Fifth Edition, Rob and Coronel.
Apache Tomcat Server – installation & use Server-side language-- use Java Server Pages Contrast Client-side languages HTML Forms Servers & Server-side.

Apache Tomcat Server – installation & use Server-side language-- use Java Server Pages Contrast Client-side languages HTML Forms Servers & Server-side.
WHAT IS AJAX? Zack Sheppard [zts2101] WHIM April 19, 2011.

WHAT IS AJAX? Zack Sheppard [zts2101] WHIM April 19, 2011.
8/17/2015CS346 PHP1 Module 1 Introduction to PHP.

8/17/2015CS346 PHP1 Module 1 Introduction to PHP.
Form Handling, Validation and Functions. Form Handling Forms are a graphical user interfaces (GUIs) that enables the interaction between users and servers.

Form Handling, Validation and Functions. Form Handling Forms are a graphical user interfaces (GUIs) that enables the interaction between users and servers.
AJAX Chat Analysis and Design Rui Zhao CS5260 2012SPG UCCS.

AJAX Chat Analysis and Design Rui Zhao CS SPG UCCS.
JavaScript & jQuery the missing manual Chapter 11

JavaScript & jQuery the missing manual Chapter 11
Server-side Scripting Powering the webs favourite services.

Server-side Scripting Powering the webs favourite services.
4-1 INTERNET DATABASE CONNECTOR Colorado Technical University IT420 Tim Peterson.

4-1 INTERNET DATABASE CONNECTOR Colorado Technical University IT420 Tim Peterson.
Overview of Previous Lesson(s) Over View  ASP.NET Pages  Modular in nature and divided into the core sections  Page directives  Code Section  Page.

Overview of Previous Lesson(s) Over View  ASP.NET Pages  Modular in nature and divided into the core sections  Page directives  Code Section  Page.
CSCI 6962: Server-side Design and Programming Secure Web Programming.

CSCI 6962: Server-side Design and Programming Secure Web Programming.
November 13, 2008 Ohio Information Security Forum Attack Surface of Web Applications James Walden Northern Kentucky University

November 13, 2008 Ohio Information Security Forum Attack Surface of Web Applications James Walden Northern Kentucky University
10/5/2015CS346 PHP1 Module 1 Introduction to PHP.

10/5/2015CS346 PHP1 Module 1 Introduction to PHP.
LiveCycle Data Services Introduction Part 2. Part 2? This is the second in our series on LiveCycle Data Services. If you missed our first presentation,

LiveCycle Data Services Introduction Part 2. Part 2? This is the second in our series on LiveCycle Data Services. If you missed our first presentation,

Similar presentations

Ads by Google