L18 - CS 290C Formal Models for Web Software Lecture 18 Verification of Data Driven Web Applications Instructor Tevfik Bultan WAVE A Verification

Info iconThis preview shows pages 1–7. Sign up to view the full content.

View Full Document Right Arrow Icon
CS 290C: Formal Models for Web Software Lecture 18: Verification of Data Driven Web Applications Instructor: Tevfik Bultan
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
WAVE: A Verification Tool Wave is a verification tool for web applications Focuses on data driven web applications Such as the web applications targeted by WebML Wave is capable of verifying temporal properties of WebML style web application specifications Temporal properties are specified using a variant of LTL Web application is specified using a core query language
Background image of page 2
Interactive, data-driven web applications Web application generates web pages dynamically by sending queries to a backend database Web application receives input from the user It responds by taking some action, updating its internal state and generating a new web page determined by a query In Wave queries are specified in FO: first order queries FO is an abstraction of the data manipulation core of SQL A run is a sequence of inputs together with the web pages, states and actions generated by the web application
Background image of page 3

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Infinite State Verification Data driven web applications interact with a back-end database Since the possible configurations of the back-end database is unbounded, verification of data-driven web applications is an infinite state verification problem Most infinite state verification problems are undecidable There are two main approaches to handle this: Perform unsound verification by restricting the state space (for example like in Alloy) This approach might miss bugs (false negative) Perform sound verification by mapping the infinite state space to a finite abstraction This approach might generate false alarms (false positive)
Background image of page 4
Infinite State Verification Wave uses a different approach It focuses on a restricted class of systems and implements a sound and complete verification technique for that restricted class For the specifications that are not in that class, Wave can still be used as an unsound verification tool The restricted class of systems analyzed by Wave are called input-bounded systems The range of quantifications in the queries used to specify the system are restricted to the input values Example: for all x, for all y [pay(x,y) => price(x,y)] where pay(x,y) is an input and price is a database relation
Background image of page 5

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Verification with Wave Wave takes a web application specification WA and a property p as input The property p is specified using LTL-F0 LTL-FO is an extension of LTL that allows specification of data related properties Verification approach Explicitly specify the tuples in the database that use only a small set of relevant constants C computed from WA and p. This is called the core of the database and remains unchanged throughout the run At each step in the run, make additional assumptions about the content of the database, needed to determine the next possible configurations. The assumptions involve only a small set of additional values
Background image of page 6
Image of page 7
This is the end of the preview. Sign up to access the rest of the document.

This note was uploaded on 12/27/2011 for the course CMPSC 290h taught by Professor Chong during the Fall '09 term at UCSB.

Page1 / 24

L18 - CS 290C Formal Models for Web Software Lecture 18 Verification of Data Driven Web Applications Instructor Tevfik Bultan WAVE A Verification

This preview shows document pages 1 - 7. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online