Presentation is loading. Please wait.

Presentation is loading. Please wait.

Verifying Interactive Web Programs Daniel R. Licata Shriram Krishnamurthi Brown University.

Published byAmelia Bryan Modified over 9 years ago

Similar presentations

Presentation on theme: "Verifying Interactive Web Programs Daniel R. Licata Shriram Krishnamurthi Brown University."— Presentation transcript:

1 Verifying Interactive Web Programs Daniel R. Licata Shriram Krishnamurthi Brown University

2

3

4

5

6

7

8

9

10

11

12

13

14 Popular Press Quote: But when I clicked on the National [car rental] price […], the site responded with this message: “You have back-buttoned too far”. This was my first experience with “back-button” as a verb. […] Since that was patently untrue, I decoded its true meaning: “We ran out [of cars]”. –M. Slatalla, New York Times, 2003-07-17

15 A Headache for Companies ● Minor problem: Users might get booked into the wrong hotels, onto the wrong flights, etc. ● Major problem: People might embarass you in newspapers and in public talks

16 The Orbitz Property ● Orbitz Property: the user should receive a reservation at the hotel that was displayed on the page he submitted ● In other words, the result does not depend on the page on which you did not click “Reserve” Should all sites have this property?

17

18

19

20

21

22

23

24

25

26

27

28 Question What would Amazon want?

29 The Amazon Property Amazon property: at the end, every book the user added to his shopping cart is actually in his shopping cart These properties are ● not fixed in number ● temporal in nature  model checking

30 Model Checking 1.From the source code of a program, generate a model that captures the behaviors of interest 2.Consume properties written by the developer 3.Automatically check whether or not the model satisfies the properties

31 Model Checking 1.From the source code of a program, generate a model that captures the behaviors of interest 2.Consume properties written by the developer 3.Automatically check whether or not the model satisfies the properties

32 Modelling Web Programs Model = control-flow graph (CFG) What would a model of Orbitz look like?

33 Modelling Orbitz use chosen to compute reserved display hotel list display reservation set chosen use chosen to compute displayed display details for displayed

34 User Operations add Control Flow ● The browser's back-button introduced control flow not present in the original CFG ● Other browser operations do the same How many operations do today's browsers provide?

35 One Browser How can we model all of these operations? Alt+Tab

36 User Operation Calculus ● Express all browser operations in terms of primitive user operations: ● submit form to server ● switch to previously-visited page [Graunke et al., 2003] ● Only need to account for these two operations' control flow

37 Our Model: the WebCFG ● submit corresponds to program's control flow Already in the CFG ● switch permits returning to any previously- visited Web-interaction point Add edges from each Web-interaction node to the successors of all the others (WebCFG)

38 The Orbitz CFG use chosen to compute reserved display hotel list display reservation set chosen use chosen to compute displayed display details for displayed

39 The Orbitz WebCFG use chosen to compute reserved display hotel list display reservation set chosen use chosen to compute displayed display details for displayed

40 Model Checking 1.From the source code of a program, generate a model that captures the behaviors of interest 2.Consume properties written by the developer 3.Automatically check whether or not the model satisfies the properties

41 Properties We want to state properties about Web pages

42 Properties Residence Inn by Marriot Charleston Downtown... Web pages are written as HTML source

43 Properties We want to reason about Web page texts Residence Inn by Marriot Charleston Downtown...

44 Properties How can we associate these texts with the corresponding HTML source? Residence Inn by Marriot Charleston Downtown...

45 Relating Web Page Content to Source ● Parse the text? Too hard ● Static-distance coordinates? Too brittle What else can we do?

46 Relating Web Page Content to Source Residence Inn by Marriot Charleston Downtown... Capitalize on Cascading Style Sheet (CSS) ID tags!

47 Relating Web Page Content to Source ● If the tag is in the HTML, it must be present in the source of the program that generates the page ● This relates Web page text to the Web program source expression that generates it

48 Annotating the WebCFG Residence Inn by Marriot Charleston Downtown... tag=reserved generate reservation page generate reservation text Annotate each WebCFG state with the propositions true in that state

49 Defining our Property Language ● The annotated WebCFG describes the set of traces that potentially occur ● The developer writes an automaton accepting the set of traces that should occur ● Verification is containment of the former in the latter [Vardi and Wolper, 1986]

50 Example Property Password-Page Property: Before reaching an access- controlled page, the user must go through a password page 1 2 violation tag=password-entry tag=access-controlled Note: In properties, tags label transitions

51 Expressing the Orbitz Property Orbitz Property: the user should receive a reservation at the hotel that was displayed on the page he submitted Divide and conquer!

52 Orbitz Subproperty 1 use chosen to compute reserved display hotel list display reservation set chosen use chosen to compute displayed display details for displayed Property: chosen does not change between the computation of displayed and the computation of reserved We need additional propositions to express this property!

53 Orbitz Subproperty 1 use chosen to compute reserved display hotel list display reservation set chosen use chosen to compute displayed display details for displayed Property: chosen does not change between the computation of displayed and the computation of reserved set and join enable reasoning about data

54 Orbitz Subproperty 1 Property: chosen does not change between the computation of displayed and the computation of reserved 1 2 violation (set,chosen) (join,chosen) tag=reserved set and join enable reasoning about data

55 Orbitz Subproperty 2 Property: the value of reserved comes from the value of displayed We need additional propositions to express this property! use chosen to compute reserved display hotel list display reservation set chosen use chosen to compute displayed display details for displayed

56 Orbitz Subproperty 2 Augment CSS tagged propositions with additional information for reasoning about value flow Property: the value of reserved comes from the value of displayed (tagged,displayed,X) (tagged,reserved,  X) (tagged,reserved,  X) 1 2 violation

57 Property Idioms ● Writing these automata correctly is tricky ● The two Orbitz subproperties and the Amazon property occur repeatedly ● We provide abstractions of these properties as idioms in our property language

58 Model Checking 1.From the source code of a program, generate a model that captures the behaviors of interest 2.Consume properties written by the developer 3.Automatically check whether or not the model satisfies the properties

59 Verification Process The model and properties we have described are checkable by language containment

60 The Orbitz WebCFG use chosen to compute reserved display hotel list display reservation set chosen use chosen to compute displayed display details for displayed

61 The Orbitz WebCFG use chosen to compute reserved display hotel list display reservation set chosen use chosen to compute displayed display details for displayed

62 Verification Process ● The model and properties we have described are compatible with the FLAVERS algorithms [Cobleigh, Naumovich, Clarke, and Osterweil, 2001-2002] ● FLAVERS supports “constraint” automata ● We can automatically generate constraints that rule out all the infeasible forward paths

63 Status We have begun to apply our model checker to C ONTINUE, a Web-based conference management application ● Written in Scheme; send/suspend primitive creates Web-interaction points ● MrFlow implements SBA [Heintze, 1994; Flanagan and Felleisen, 1996; Meunier, 2001]

64 Minimization ● Some WebCFG states are not labeled ● We remove these from the model without affecting results ● C ONTINUE : from ~17,000 to ~300 states

65 Future Work ● Better data reasoning (verification conditions) ● Concurrency ● Case studies and more idioms

66 Perspective ● Work encompasses traditional verification ● Structure of Web source programs matters ● Nature of environment models changes

67 The Amazon Idiom

68 The Orbitz Idioms

Download ppt "Verifying Interactive Web Programs Daniel R. Licata Shriram Krishnamurthi Brown University."

Similar presentations

17 HTML, Scripting, and Interactivity Section 17.1 Add an audio file using HTML Create a form using HTML Add text boxes using HTML Add radio buttons and.

17 HTML, Scripting, and Interactivity Section 17.1 Add an audio file using HTML Create a form using HTML Add text boxes using HTML Add radio buttons and.
1. XP 2 * The Web is a collection of files that reside on computers, called Web servers. * Web servers are connected to each other through the Internet.

1. XP 2 * The Web is a collection of files that reside on computers, called Web servers. * Web servers are connected to each other through the Internet.
OWL-S for Amazon Amazon.com publishes a WS to browse its DB and reserve goods –At the time of this experiment Amazon published only the buyer WS –Interaction.

OWL-S for Amazon Amazon.com publishes a WS to browse its DB and reserve goods –At the time of this experiment Amazon published only the buyer WS –Interaction.
XP New Perspectives on Browser and E-mail Basics Tutorial 1 1 Browser and E-mail Basics Tutorial 1.

XP New Perspectives on Browser and Basics Tutorial 1 1 Browser and Basics Tutorial 1.
Automatic Verification Book: Chapter 6. What is verification? Traditionally, verification means proof of correctness automatic: model checking deductive:

Automatic Verification Book: Chapter 6. What is verification? Traditionally, verification means proof of correctness automatic: model checking deductive:
Tutorial 6 Creating a Web Form

Tutorial 6 Creating a Web Form
Rigorous Software Development CSCI-GA 3033-011 Instructor: Thomas Wies Spring 2012 Lecture 13.

Rigorous Software Development CSCI-GA Instructor: Thomas Wies Spring 2012 Lecture 13.
CS 267: Automated Verification Lecture 10: Nested Depth First Search, Counter- Example Generation Revisited, Bit-State Hashing, On-The-Fly Model Checking.

CS 267: Automated Verification Lecture 10: Nested Depth First Search, Counter- Example Generation Revisited, Bit-State Hashing, On-The-Fly Model Checking.
1 Lesson 10 Using JavaScript with Styles HTML and JavaScript BASICS, 4 th Edition Barksdale / Turner.

1 Lesson 10 Using JavaScript with Styles HTML and JavaScript BASICS, 4 th Edition Barksdale / Turner.
HTML5 and CSS3 Illustrated Unit B: Getting Started with HTML

HTML5 and CSS3 Illustrated Unit B: Getting Started with HTML
The Software Model Checker BLAST by Dirk Beyer, Thomas A. Henzinger, Ranjit Jhala and Rupak Majumdar Presented by Yunho Kim Provable Software Lab, KAIST.

The Software Model Checker BLAST by Dirk Beyer, Thomas A. Henzinger, Ranjit Jhala and Rupak Majumdar Presented by Yunho Kim Provable Software Lab, KAIST.
Understand Web Page Development 98-361 Software Development Fundamentals LESSON 4.1.

Understand Web Page Development Software Development Fundamentals LESSON 4.1.
Introduction to Computability Theory

Introduction to Computability Theory
XP Browser and E-mail Basics1. XP Browser and E-mail Basics2 Learn about Web browser software and Web pages The Web is a collection of files that reside.

XP Browser and Basics1. XP Browser and Basics2 Learn about Web browser software and Web pages The Web is a collection of files that reside.
CS 290C: Formal Models for Web Software Lecture 10: Language Based Modeling and Analysis of Navigation Errors Instructor: Tevfik Bultan.

CS 290C: Formal Models for Web Software Lecture 10: Language Based Modeling and Analysis of Navigation Errors Instructor: Tevfik Bultan.
Web Development Using ASP.NET CA – 240 Kashif Jalal Welcome to week – 3-1 of…

Web Development Using ASP.NET CA – 240 Kashif Jalal Welcome to week – 3-1 of…
Dynamic Web Pages. Web Programming  All our web pages so far have been static pages. 1. We create a web page 2. We upload it to the web server 3. People.

Dynamic Web Pages. Web Programming  All our web pages so far have been static pages. 1. We create a web page 2. We upload it to the web server 3. People.
Data Flow Analysis 1 15-411 Compiler Design October 5, 2004 These slides live on the Web. I obtained them from Jeff Foster and he said that he obtained.

Data Flow Analysis Compiler Design October 5, 2004 These slides live on the Web. I obtained them from Jeff Foster and he said that he obtained.
Macromedia Dreamweaver 4 Advanced Level Course. Add Rollovers Rollovers or mouseovers are possibly the most popular effects used in designing Web pages.

Macromedia Dreamweaver 4 Advanced Level Course. Add Rollovers Rollovers or mouseovers are possibly the most popular effects used in designing Web pages.
XP Tutorial 9 New Perspectives on JavaScript, Comprehensive1 Working with Cookies Managing Data in a Web Site Using JavaScript Cookies.

XP Tutorial 9 New Perspectives on JavaScript, Comprehensive1 Working with Cookies Managing Data in a Web Site Using JavaScript Cookies.

Similar presentations

Ads by Google