Web applications are difficult to analyze using code-based tools because data-flow and control-flow through the application occurs via both server-side code and client-side pages. Client-side pages are typically specified in a scripting language that is different from the main server-side language; moreover, the pages are generated dynamically from the scripts. To address these issues we propose a static-analysis approach that automatically constructs a model of each page in a given application. A page model is a code fragment in the same language as the server-side code, which faithfully over-approximates the possible elements of the page as well as the control-flows and data-flows due to these elements. The server-side code in conjunction with the page models then becomes a standard (non-web) program, thus amenable to analysis using standard code-based tools. We have implemented our approach in the context of J2EE applications. We demonstrate the versatility and usefulness of our approach by applying three standard analysis tools on the resultant programs from our approach: a concolic-execution based model checker (JPF), a dynamic fault localization tool (Zoltar), and a static slicer (Wala).
Tue 11 JulDisplayed time zone: Tijuana, Baja California change
16:00 - 17:15 | |||
16:00 25mTalk | Testing and Analysis of Web Applications using Page Models Technical Papers DOI | ||
16:25 25mTalk | Automated Layout Failure Detection for Responsive Web Pages without an Explicit Oracle Technical Papers Thomas Walsh University of Sheffield, UK, Gregory Kapfhammer Allegheny College, USA, Phil McMinn University of Sheffield DOI | ||
16:50 25mTalk | Test Execution Checkpointing for Web Applications Technical Papers Marco Guarnieri ETH Zurich, Switzerland, Petar Tsankov ETH Zurich, Tristan Buchs EPFL, Switzerland, Mohammad Torabi Dashti ETH Zurich, Switzerland, David Basin ETH Zurich, Switzerland DOI |