Academia.eduAcademia.edu

Outline

Title
Abstract
Introduction
Trace Slice Analysis
Conclusions
References
All Topics
Computer Science
Software Engineering

Debugging of Web Applications with Web-TLR

Profile image of Daniel RomeroDaniel Romero

2011, Electronic Proceedings in Theoretical Computer Science

https://doi.org/10.4204/EPTCS.61.5
visibility

description

15 pages

link

1 file

Abstract

WEB-TLR is a Web verification engine that is based on the well-established Rewriting Logic-Maude/LTLR tandem for Web system specification and model-checking. In WEB-TLR, Web applications are expressed as rewrite theories that can be formally verified by using the Maude built-in LTLR model-checker. Whenever a property is refuted, a counterexample trace is delivered that reveals an undesired, erroneous navigation sequence. Unfortunately, the analysis (or even the simple inspection) of such counterexamples may be unfeasible because of the size and complexity of the traces under examination. In this paper, we endow WEB-TLR with a new Web debugging facility that supports the efficient manipulation of counterexample traces. This facility is based on a backward trace-slicing technique for rewriting logic theories that allows the pieces of information that we are interested to be traced back through inverse rewrite sequences. The slicing process drastically simplifies the computation trace by dropping useless data that do not influence the final result. By using this facility, the Web engineer can focus on the relevant fragments of the failing application, which greatly reduces the manual debugging effort and also decreases the number of iterative verifications.

Related papers

WAVer: A Model Checking-based Tool to Verify Web Application Design
Marina Mongiello

Electronic Notes in Theoretical Computer Science, 2006

Web Applications are becoming more and more widespread and efficient, then an increase of their reliability is now strongly required. Hence methods to support design and automatically perform validation of a Web Application (WA) could be helpful. In this paper we present WAVer, a prototype tool for performing the verification of a WA design by means of Symbolic Model Checking techniques. The tool first performs the modeling of the WA and furthermore verify it by means of a model checker. Specifically, the mathematical model of the WA is represented by a Finite State Machine (FSM). Then, by using the CTL formal language, we formalize basic criteria to establish correctness of the application. The prototype system we have implemented embeds a component which automatically imports WA design from a UML tool; CTL specifications are added and translated as source code for NuSMV model checker. Finally, the checker performs verification: if there is a violation of specifications, NuSMV allows to locate errors in WA design and appropriate adjustments are carried out.

View PDFchevron_right
A formal approach for run-time verification of web applications using scope-extended LTL
Alexandre Petrenko

Information and Software Technology, 2013

This article appeared in a journal published by Elsevier. The attached copy is furnished to the author for internal non-commercial research and education use, including for instruction at the authors institution and sharing with colleagues.

View PDFchevron_right
Verifying web applications using bounded model checking
D.t Lee

2004

The authors describe the use of bounded model checking (BMC) for verifying Web application code. Vulnerable sections of code are patched automatically with runtime guards, allowing both verification and assurance to occur without user intervention. Model checking techniques have relatively complexity compared to the typestate-based polynomial-time algorithm (TS) we adopted in an earlier paper, but they offer three benefits-they provide counterexamples, more precise models, and sound and complete verification. Compared to conventional model checking techniques, BMC offers a more practical approach to verifying programs containing large numbers of variables, but requires fixed program diameters to be complete. Formalizing Web application vulnerabilities as a secure information flow problem with fixed diameter allows for BMC application without drawback. Using BMC-produced counterexamples, errors that result from propagations of the same initial error can be reported as a single group rather than individually. This offers two distinct benefits. First, together with the counterexamples themselves, they allow for more descriptive and precise error reports. Second, it allows for automated patching at locations where errors are initially introduced rather than at locations where the propagated errors cause problems. Results from a TS-BMC comparison test using 230 opensource Web applications showed a 41.0% decrease in runtime instrumentations when BMC was used. In the 38 vulnerable projects identified by TS, BMC classified the TS-reported 980 individual errors into 578 groups, with each group requiring a minimal set of patches for repair.

View PDFchevron_right
WebUml: reverse engineering of web applications
Carlo Bellettini

Proceedings of the 2004 ACM …, 2004

Web applications have become complex and crucial for many firms, especially when combined with areas such as CRM (Customer Relationship Management) and BPR (Business Process Reengineering). Since then the scientific community has focused attention to Web application design, development, analysis, testing, by studying and proposing methodologies and tools. This paper describes an automatic tool for the construction of UML models from existing Web applications. This tool, named WebUml, generates class and state diagrams by analysing source code and by interacting with the Web server. This reverse engineering tool is based on source code static analysis and also applies mutational techniques in order to exploit the server side execution engine to accomplish part of the dynamic analysis. This tool will be the core of a testing suite under construction at our laboratory. WebUml generated models (diagrams) will be used as a base for test case generation and coverage analysis.

View PDFchevron_right
Validation of Reverse Engineered Web Application Models
carlo bellettini

2005

Web applications have become complex and crucial for many firms, especially when combined with areas such as CRM (Customer Relationship Management) and BPR (Business Process Reengineering). The scientific community has focused attention to Web application design, development, analysis, testing, by studying and proposing methodologies and tools.

View PDFchevron_right
A model checking-based method for verifying web application design
M. Ruta, Francesco M Donini

Electronic Notes in …, 2006

CITATIONS 16 READS 30 4 authors, including: Abstract Development of Web Applications (WA) needs new methods, techniques and tools to support an engineered project during all the phases of its life cycle. To ensure the reliability of WA it is important they be validated and verified at early design phase. We use Model Checking techniques to perform automated verification of the UML design of a WA. We propose a mathematical model of a WA partitioning the usual Kripke structure into windows, links, pages and actions. Then we specify properties to be checked in a temporal logic, Computation Tree Logic (CTL). Verification is performed adapting the SMV model checker to our formalism. An implemented system that embeds the SMV verifier automatically parses the XMI output of UML tool and builds the SMV model to be verified with respect to specifications. Results of verification proved the benefits of the method.

View PDFchevron_right
Design verification of web applications using symbolic model checking
Francesco M Donini

Web Engineering, 2005

Fast and reliable development of Web Applications (WA) calls for methods that address systematic design, and tools that cover all the aspects of the design process and complement the current implementation technologies. To ensure the reliability of WA it is important that they be validated and verified at early design phase. We focus on black-box, automated verification of the UML design of a WA using Model Checking techniques.

View PDFchevron_right
SiteHopper: Abstracting Navigation State Machines for the Efficient Verification of Web Applications?
Sylvain Hallé

Abstract. A Navigation State Machine (NSM) is a conceptual map of all possible page sequences in a web application that can be used to statically verify navigation properties. The automated extraction of an NSM from a running application is currently an open problem, as the output of existing web crawlers is not appropriate for model checking. This paper presents SiteHopper, a crawler that computes on-the-fly an abstraction of the NSM based on link and page contents.

View PDFchevron_right
A Fast Algebraic Web Verification Service
pedro ojeda

2007

In this paper, we present the rewriting-based, Web verification service WebVerdi-M, which is able to recognize forbidden/incorrect patterns and incomplete/missing Web pages. WebVerdi-M relies on a powerful Web verification engine that is written in Maude, which automatically derives the error symptoms. Thanks to the AC pattern matching supported by Maude and its metalevel facilities, WebVerdi-M enjoys much better performance and usability than a previous implementation of the verification framework. By using the XML Benchmarking tool xmlgen, we develop some scalable experiments which demonstrate the usefulness of our approach.

View PDFchevron_right
Finding Bugs in Web Applications Using Dynamic Test Generation and Explicit-State Model Checking
Adam Kiezun, Julian Dolby

IEEE Transactions on Software Engineering, 2000

Web script crashes and malformed dynamically-generated web pages are common errors, and they seriously impact the usability of web applications. Current tools for web-page validation cannot handle the dynamically generated pages that are ubiquitous on today's Internet. We present a dynamic test generation technique for the domain of dynamic web applications. The technique utilizes both combined concrete and symbolic execution and explicit-state model checking. The technique generates tests automatically, runs the tests capturing logical constraints on inputs, and minimizes the conditions on the inputs to failing tests, so that the resulting bug reports are small and useful in finding and fixing the underlying faults.

View PDFchevron_right

References (18)

  1. α admin 'u := getSession("user") ;
  2. 'adm := selectDB("adminPage") ; if ( 'adm != 'u) then setSession("adminPage", "busy")
  3. else setSession("adminPage", "free")) ;
  4. updateDB( "adminPage", 'u) )
  5. fi and the piece of code that patches α index is: α index 'adm := getSession("adminPage") ; if ('adm = "free") then updateDB("adminPage", "free") fi ;
  6. M. Alpuente, D. Ballis, J. Espert & D. Romero (2011): Backward Trace Slicing for Rewriting Logic Theories. In: The 23rd International Conference on Automated Deduction CADE 2011, Lecture Notes in Computer Science, Springer-Verlag. To appear.
  7. M. Alpuente, D. Ballis, J. Espert & D.l Romero (2010): Model-checking Web Applications with Web-TLR. In: 8th Int'l Symp. on Automated Technology for Verification and Analysis ATVA 2010, Lecture Notes in Computer Science 6252, Springer.Verlag, pp. 341-346. Available at http://dx.doi.org/10.1007/ 978-3-642-15643-4_25.
  8. M. Alpuente, D. Ballis & D. Romero (2009): Specification and Verification of Web Applications in Rewriting Logic. In: Formal Methods, Second World Congress FM 2009, Lecture Notes in Computer Science 5850, Springer.Verlag, pp. 790-805. Available at http://dx.doi.org/10.1007/978-3-642-05089-3_50.
  9. M. Alpuente, D. Ballis, J. Espert & D. Romero (2011): Dynamic Backward Slicing of Rewriting Logic Computations. CoRR abs/1105.2665. Available at http://arxiv.org/abs/1105.2665.
  10. K. Bae & J. Meseguer (2008): A Rewriting-Based Model Checker for the Linear Temporal Logic of Rewriting. In: Proc. of the 9th International Workshop on Rule-Based Programming (RULE'08), Electronic Notes in Theoretical Computer Science, Elsevier.
  11. M. Clavel, F. Durán, S. Eker, P. Lincoln, N. Martí-Oliet, J. Meseguer & C. Talco (2009): Maude Manual (Version 2.4). Technical Report, SRI International, Computer Science Laboratory. Available at http:// maude.cs.uiuc.edu/maude2-manual/.
  12. M. Clavel, F. Durán, S. Eker, P. Lincoln, N. Martí-Oliet, J. Meseguer & C. Talcott (2007): All About Maude: A High-Performance Logical Framework. Lecture Notes in Computer Science 4350, Springer-Verlag. Available at http://dx.doi.org/10.1007/978-3-540-71999-1.
  13. S. Eker, J. Meseguer & A. Sridharanarayanan (2003): The Maude LTL model checker and its implementation. In: Model Checking Software: Proc. 10 th Intl. SPIN Workshop, Lecture Notes in Computer Science 2648, Springer, pp. 230-234. Available at http://dx.doi.org/10.1007/3-540-44829-2_16.
  14. T. R. Fielding & R. N. Taylor (2002): Principled Design of the Modern Web Architecture. ACM Transactions on Internet Technology 2(2), pp. 115-150.
  15. N. Martí-Oliet & J. Meseguer (2002): Rewriting Logic: Roadmap and Bibliography. Theoretical Computer Science 285(2), pp. 121-154.
  16. J. Meseguer (2008): The Temporal Logic of Rewriting: A Gentle Introduction. In: Concurrency, Graphs and Models: Essays Dedicated to Ugo Montanari on the Occasion of his 65th Birthday, 5065, Springer-Verlag, Berlin, Heidelberg, pp. 354-382. Available at http://dx.doi.org/10.1007/978-3-540-68679-8_22.
  17. J. Meseguer S. Escobar, C. Meadows (2006): A Rewriting-Based Inference System for the NRL Protocol Analyzer and its Meta-Logical Properties. Theoretical Computer Science 367(1-2), pp. 162-202. Available at http://dx.doi.org/10.1016/j.tcs.2006.08.035.
  18. F. Weitl, S. Nakajima & B. Freitag (2010): From Counterexamples to Incremental Interactive Tracing of Errors (Schrittweise Fehleranalyse auf der Grundlage von Model-Checking). it -Information Technology 52(5), pp. 295-297. Available at http://dx.doi.org/10.1524/itit.2010.0606.

Related papers

Model-Checking Web Applications with Web-TLR
Daniel Romero

Lecture Notes in Computer Science, 2010

Web-TLR is a software tool designed for model-checking Web applications which is based on rewriting logic. Web applications are expressed as rewrite theories which can be formally verified by using the Maude built-in LTLR model-checker. Web-TLR is equipped with a userfriendly, graphical Web interface that shields the user from unnecessary information. Whenever a property is refuted, an interactive slideshow is generated that allows the user to visually reproduce, step by step, the erroneous navigation trace that underlies the failing model checking computation. This provides deep insight into the system behavior, which helps to debug Web applications.

View PDFchevron_right
Rewriting-based Verification and Debugging of Web Systems
Daniel Romero

Resum L'increment de la complexitat dels sistemes Web ha donat lloc al desenvolupament de sofisticades metodologies formals per a verificar i corregir la informació i els programes a la Web. En general, comprovar si un sistema Web es comporta correctament en respecte a la intenció original del programador així com verificar la seua consistència no son tasques trivials. La prova d'açò es la quantitat d'estudis que existixen a la lliteratura al respecte d'estes comprovacions. A la tesis, abordem dos problemes interessants relacionats a la verificació de sistemes Web. En primer lloc, ampliem un marc previ de verificació Web, basat en reescritura parcial, afegint una tècnica per a la reparació de sistemes Web. Proposem una metodologia de reparació bàsica dotada amb distintes estratègies per optimitzar el nombre d'accions que deuen ser executades per reparar una web donada. A més, desenvolupem un millora del marc de verificació Web que està basada en interpretació abstracta i millora en gran mida la eficiència i la escalabilitat de la tècnica original. En segon lloc, formalizem un marc lògic de re-escritura per l'especificació i 'model-checking' de aplicacions Web dinàmiques. El nostre marc, mos permet simular la navegació d'un usuari i avaluar els scripts Web dins de la aplicació Web, així com verificar importants propietats com per eixample d'abastabilitat i consistència. Quan una propietat es refutada, es mostra un contra-eixample amb la traça errònea. Aquesta informació pot ser analitzada amb la finalitat de depurar l'aplicació Web que esta sent analitzada. Per aquest propòsit, formulem una nova tècnica d'slicing cap enrere sobre les traces donades. Aquesta tècnica consisteix en buscar cap enrere, sobre la traça d'execució, els símbols rellevants del terme (o estat) en el qual estem interessats a observar. Contents xviii Contents

View PDFchevron_right
Specification and Verification of Web Applications in Rewriting Logic
Daniel Romero

Lecture Notes in Computer Science, 2009

This paper presents a Rewriting Logic framework that formalizes the interactions between Web servers and Web browsers through a communicating protocol abstracting HTTP. The proposed framework includes a scripting language that is powerful enough to model the dynamics of complex Web applications by encompassing the main features of the most popular Web scripting languages (e.g. PHP, ASP, Java Servlets). We also provide a detailed characterization of browser actions (e.g. forward/backward navigation, page refresh, and new window/tab openings) via rewrite rules, and show how our models can be naturally model-checked by using the Linear Temporal Logic of Rewriting (LTLR), which is a Linear Temporal Logic specifically designed for model-checking rewrite theories. Our formalization is particularly suitable for verification purposes, since it allows one to perform in-depth analyses of many subtle aspects related to Web interaction. Finally, the framework has been completely implemented in Maude, and we report on some successful experiments that we conducted by using the Maude LTLR model-checker.

View PDFchevron_right
Declarative debugging of missing answers in rewriting logic
Adrian Riesco

2009

Rewriting logic is a logic of change, where rewrites correspond to transitions between states. One of the main characteristics of these transitions is that they can be nondeterministic, that is, given an initial state, there is a set of possible reachable states. Thus, an additional problem when debugging rewrite systems is that, although all the terms obtained could be correct, it is possible that not all the desired terms are computed, i.e., there are missing answers.

View PDFchevron_right
Model Checking the World Wide Web?
Luca de Alfaro

Springer eBooks, 2001

Web design is an inherently error-prone process. To help with the detection of errors in the structure and connectivity of Web pages, we propose to apply model-checking techniques to the analysis of the World Wide Web. Model checking the Web is different in many respects from ordinary model checking of system models, since the Kripke structure of the Web is not known in advance, but can only be explored in a gradual fashion. In particular, the model-checking algorithms cannot be phrased in ordinary µ-calculus, since some operations, such as the computation of sets of predecessor Web pages and the computations of greatest fixpoints, are not possible on the Web. We introduce constructive µ-calculus, a fixpoint calculus similar to µ-calculus, but whose formulas can be effectively evaluated over the Web; and we show that its expressive power is very close to that of ordinary µ-calculus. Constructive µ-calculus can be used not only for phrasing Web model-checking algorithms, but also for the analysis of systems having a large, irregular state space that can be only gradually explored, such as software systems. On the basis of these ideas, we have implemented the Web model checker MCWEB, and we describe some of the issues that arose in its implementation, as well as the type of errors that it was able to find.

View PDFchevron_right

Related topics

  • Software Engineering
  • Web Engineering
  • Rewriting Logic
    • 580 California St., Suite 400
    San Francisco, CA, 94104
    © 2025 Academia. All rights reserved