{[ promptMessage ]}

Bookmark it

{[ promptMessage ]}

l18 - CS 290C Formal Models for Web Software Lecture 18...

Info icon This preview shows pages 1–8. Sign up to view the full content.

View Full Document Right Arrow Icon
CS 290C: Formal Models for Web Software Lecture 18: Verification of Data Driven Web Applications Instructor: Tevfik Bultan
Image of page 1

Info icon This preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
WAVE: A Verification Tool Wave is a verification tool for web applications Focuses on data driven web applications Such as the web applications targeted by WebML Wave is capable of verifying temporal properties of WebML style web application specifications Temporal properties are specified using a variant of LTL Web application is specified using a core query language
Image of page 2
Interactive, data-driven web applications Web application generates web pages dynamically by sending queries to a backend database Web application receives input from the user It responds by taking some action, updating its internal state and generating a new web page determined by a query In Wave queries are specified in FO: first order queries FO is an abstraction of the data manipulation core of SQL A run is a sequence of inputs together with the web pages, states and actions generated by the web application
Image of page 3

Info icon This preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
Infinite State Verification Data driven web applications interact with a back-end database Since the possible configurations of the back-end database is unbounded, verification of data-driven web applications is an infinite state verification problem Most infinite state verification problems are undecidable There are two main approaches to handle this: Perform unsound verification by restricting the state space (for example like in Alloy) This approach might miss bugs (false negative) Perform sound verification by mapping the infinite state space to a finite abstraction This approach might generate false alarms (false positive)
Image of page 4
Infinite State Verification Wave uses a different approach It focuses on a restricted class of systems and implements a sound and complete verification technique for that restricted class For the specifications that are not in that class, Wave can still be used as an unsound verification tool The restricted class of systems analyzed by Wave are called input-bounded systems The range of quantifications in the queries used to specify the system are restricted to the input values Example: for all x, for all y [pay(x,y) => price(x,y)] where pay(x,y) is an input and price is a database relation
Image of page 5

Info icon This preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
Verification with Wave Wave takes a web application specification WA and a property p as input The property p is specified using LTL-F0 LTL-FO is an extension of LTL that allows specification of data related properties Verification approach Explicitly specify the tuples in the database that use only a small set of relevant constants C computed from WA and p. This is called the core of the database and remains unchanged throughout the run At each step in the run, make additional assumptions about the content of the database, needed to determine the next possible configurations. The assumptions involve only a small set of additional values
Image of page 6
Formal Model
Image of page 7

Info icon This preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
Image of page 8
This is the end of the preview. Sign up to access the rest of the document.

{[ snackBarMessage ]}

What students are saying

  • Left Quote Icon

    As a current student on this bumpy collegiate pathway, I stumbled upon Course Hero, where I can find study resources for nearly all my courses, get online help from tutors 24/7, and even share my old projects, papers, and lecture notes with other students.

    Student Picture

    Kiran Temple University Fox School of Business ‘17, Course Hero Intern

  • Left Quote Icon

    I cannot even describe how much Course Hero helped me this summer. It’s truly become something I can always rely on and help me. In the end, I was not only able to survive summer classes, but I was able to thrive thanks to Course Hero.

    Student Picture

    Dana University of Pennsylvania ‘17, Course Hero Intern

  • Left Quote Icon

    The ability to access any university’s resources through Course Hero proved invaluable in my case. I was behind on Tulane coursework and actually used UCLA’s materials to help me move forward and get everything together on time.

    Student Picture

    Jill Tulane University ‘16, Course Hero Intern