Write a Blog >>
Tue 11 Jul 2017 16:00 - 16:25 at Bren 1414 - The Web Chair(s): Frank Tip

Web applications are difficult to analyze using code-based tools because data-flow and control-flow through the application occurs via both server-side code and client-side pages. Client-side pages are typically specified in a scripting language that is different from the main server-side language; moreover, the pages are generated dynamically from the scripts. To address these issues we propose a static-analysis approach that automatically constructs a model of each page in a given application. A page model is a code fragment in the same language as the server-side code, which faithfully over-approximates the possible elements of the page as well as the control-flows and data-flows due to these elements. The server-side code in conjunction with the page models then becomes a standard (non-web) program, thus amenable to analysis using standard code-based tools. We have implemented our approach in the context of J2EE applications. We demonstrate the versatility and usefulness of our approach by applying three standard analysis tools on the resultant programs from our approach: a concolic-execution based model checker (JPF), a dynamic fault localization tool (Zoltar), and a static slicer (Wala).

Tue 11 Jul
Times are displayed in time zone: (GMT-07:00) Tijuana, Baja California change

16:00 - 17:15: Technical Papers - The Web at Bren 1414
Chair(s): Frank TipNortheastern University
issta-2017-research16:00 - 16:25
Snigdha Athaiya, Raghavan KomondoorIndian Institute of Science, Bangalore
issta-2017-research16:25 - 16:50
Thomas WalshUniversity of Sheffield, UK, Gregory KapfhammerAllegheny College, USA, Phil McMinnUniversity of Sheffield
issta-2017-research16:50 - 17:15
Marco GuarnieriETH Zurich, Switzerland, Petar TsankovETH Zurich, Tristan BuchsEPFL, Switzerland, Mohammad Torabi DashtiETH Zurich, Switzerland, David BasinETH Zurich, Switzerland