dynamic web applications via
play

Dynamic Web Applications via Collaborative Hybrid Analysis Xiaoyin - PowerPoint PPT Presentation

Jan 15, 2024 •109 likes •445 views

Automating Presentation Changes in Dynamic Web Applications via Collaborative Hybrid Analysis Xiaoyin Wang* UC Berkeley Lu Zhang Peking University Tao Xie NC State University Yingfei Xiong Peking University Hong Mei Peking University *

  1. Automating Presentation Changes in Dynamic Web Applications via Collaborative Hybrid Analysis Xiaoyin Wang* UC Berkeley Lu Zhang Peking University Tao Xie NC State University Yingfei Xiong Peking University Hong Mei Peking University * This work was conducted when Xiaoyin Wang was at Peking University.

  2. Dynamic Web Application • Server code generates HTML page according to user inputs Server Post Browser code Fill Form Generate User HTML page HTML page HTML page HTML page

  3. Presentation Changes • A common task in web application development  Correcting display error or HTML syntax error  Adding interface decorations  Changing appearance styles • 7% of 600 bug reports investigated are presentation changes

  4. Challenges • Presentation changes are often identified and reported on the generated HTML pages • Developers have to modify the server- side code accordingly

  5. Challenges Too common for text Generated web page: search <p2><tr>name: <input id = 1 color = BFFFFF value = “default”></input></div>country: <input id = 2 color = BFFFFF value = “country”></input>age: <input id = 3 color = BFFFFF value = “age”></input><tr> </p2> Code generating the web page $color = BFFFFF; echo “<p2>”; echo “ <tr> ”; echo “name:”; echo “<input id =”.$id.” color = ”.color.” value = “default”></input></div>country:”; $id++; echo “<input id =”.$id.” color = ”.$color.” value = “country”></input>age:”; $id++; echo “<input id =”.$id.” color = ”.$color.” value = “age”></input><tr>”; $id++; echo “</p2>”; Affect multiple places

  6. Outline • Motivation • Approach • Empirical Study • Discussion

  7. Usage Scenario Runtime / Server Server HTML page Code x x Identify Change Our tool Auto fixed Developer Needs intervention at code position xxx

  8. Approach Overview : Collaborative Hybrid Analysis • Dynamic String Taint Analysis – Locate the piece of code to change • Static Unexpected Impact Detection – Check whether the change is safe Safe: perform the change automatically Unsafe: report the location to the user

  9. Dynamic String Taint Analysis • Based on the idea of trace-based bidirectionalization [Xiong et al., ASE07]  Add a position tag to each constant string and input string <tr> xx.php 153-155  Copy the tags together with the strings xx.php 153-155 $x = “<tr>” xx.php 153-155 $y = $x xx.php 153-155  Propagate through string operations  Concatenation xx.php 153-155, xx.php 167-172 <tr><input

  10. String Operation Handling • Problem: do we need to reimplemenet all string operations? • Solution: working with finite state transducer [Wassermann and Su, PLDI’07] Constant string A, B, C S1 A/B(tagB) String variable $x, $y T/T(tagT) $y = B.C /C(tagC) replace($x, A, $y) S0 Automatically generated FST with position tag output, based on the runtime value of $y, T = Σ * / A Σ *

  11. Unexpected Impacts • Inner-page impacts X String origin to be changed affects X multiple places in the generated page X • Inter-page impacts X String origin to be changed affects other pages, or X X contents not generated in this execution

  12. Checking unexpected impacts • Inner-page impacts Checking all locations sharing the same string origin are changed consistently • Inter-page impacts Checking whether any unexecuted code data-dependent or control dependent on the changed code

  13. Practical Issues • Insertion:  When a change requires insertion between two variables, human intervention is required  Example: Code: $title = “contact”; echo “<td>”.$title. “</td>” HTML: <td>contact ˽ </td> • Non-constant string origin  When a string origin is not constant (thus cannot be changed directly), human intervention is required

  14. Outline • Motivation • Approach • Empirical Study • Discussion

  15. Study on the bug reports of three web applications • 600 Bug Reports from the early history of 3 popular PHP web projects: SquirrelMail, OrangeHRM, and WebCalendar Project Start End KLoc #Bug #PC Bug Reports Reports (MM/YY) (MM/YY) SquirrelMail 04/00 12/01 8-26 200 7 WebCalendar 06/00 12/02 6-17 200 14 OrangeHRM 03/06 10/06 96-105 200 22 PC Bug Reports: Presentation Change related Bug Reports

  16. Are presentation changes trivial? • Comparison of processing days between PC Bug Reports and All Bug Reports • Presentation changes are not trivial (similar processing days compared with other bug reports) Project / PC Bug Reports All Bug Reports Processing Avg. Range Avg. Range Days SquirrelMail 59.3 0-248 38.8 0- 645 WebCalendar 44.3 0-230 116.5 0-1119 OrangeHRM 20.1 1- 51 18.4 0- 260

  17. Evaluating our approacch • Dataset : 39 presentation change tasks (from 43 reports, in which 4 are duplicate) • Evaluation Oracle : developers’ changes • Research Questions :  How effective is our approach on finding the source locations to change?  How effective is our approach on detecting unexpected impacts?

  18. Evaluation Results Categories Number of tasks Percentage # Correctly Located 39 100.0% # Automatically fixed 23 59.0% # Matched fixes 20 51.3% # Unmatched fixes 3 7.7% # Human Intervention 16 41.0% Required # inner-page impact 1 2.6% # inter-page impact 3 7.7% # insertions 6 15.4% # changing non-constants 6 15.4% Our approach correctly locates all source origins.

  19. Evaluation Results Categories Number of tasks Percentage # Correctly Located 39 100.0% # Automatically fixed 23 59.0% # Matched fixes 20 51.3% # Unmatched fixes 3 7.7% # Human Intervention 16 41.0% Required # inner-page impact 1 2.6% # inter-page impact 3 7.7% # insertions 6 15.4% # changing non-constants 6 15.4% Most automatic changes match the oracles, yet some do not.

  20. Unmatched Auto-fix Bug Report No. 1510677 of OrangeHRM “Feedback information of an operation should be in green when the operation succeeds” Our approach changed “#FF0000” (red) to “#005500” (green). Developer change added a check for whether the operation succeeds, and then set different colors Other unmatched fixes added similar new behavior to the code

  21. Evaluation Results Categories Number of tasks Percentage # Correctly Located 39 100.0% # Automatically fixed 23 59.0% # Matched fixes 20 51.3% # Unmatched fixes 3 7.7% # Human Intervention 16 41.0% Required # inner-page impact 1 2.6% # inter-page impact 3 7.7% # insertions 6 15.4% # changing non-constants 6 15.4% For the rest of the tasks, our approach correctly identifies the need of human intervention.

  22. Outline • Motivation • Approach • Empirical Study • Discussion

  23. Limitations • More suitable for small atomic changes than pervasive or large structure changes • Currently cannot handle web interface generated with Ajax techniques • May generate undesirable code changes

  24. Conclusion • Presentation change being common and non-trivial • Hybrid approach to presentation changes – Dynamic analysis to locate the source code to change – Static analysis to ensure the change is safe • Lightweight approach yet effective

  25. Thanks! Q & A

  26. Evaluation Results • On locating source code and automatic fixing Project #PC tasks #Locating #matched #unmatched auto-fix auto-fix SquirrelMail 6 6 2 0 WebCalendar 12 12 7 2 OrangeHRM 21 21 11 1 Total 39 39 20 3

  27. Evaluation Results • On detecting unexpected impacts and practical issues Project #PC #inner-page #inter-page #insert #non- constant tasks Impact impact SquirrelMail 6 0 0 2 2 WebCalendar 12 1 1 1 0 OrangeHRM 21 0 2 3 4 Total 39 1 3 6 6

  28. Example Task SquirrelMail ---- Bug #601006: “Rejected e - mail link missing a quote” Error HTML page: <BR><STRIKE><A HREF="mailto:mymail@gmail.com? subject=WebCalendar:mycal \> Xiao</a></STRIKE>Rejected"; Buggy Code: echo "<BR><STRIKE><A HREF=\"mailto:" . $tempemail ."? subject=$subject \> " . $tempfullname . "</a></STRIKE> (" . translate("Rejected") . ")\ n"; Result of our tool 1. Locate the “ \ >” in the code as the data origin of the erroneous place in the error HTML page 2. Determine that there is no unexpected impacts and practical issues, so that the fix can be done automatically

  29. Example Task SquirrelMail ---- Bug #601006: “Rejected e - mail link missing a quote” Error HTML page: <BR><STRIKE><A HREF="mailto:mymail@gmail.com? subject=WebCalendar:mycal \> Xiao</a></STRIKE>Rejected"; Buggy Code: echo "<BR><STRIKE><A HREF=\"mailto:" . $tempemail ."? subject=$subject \> " . $tempfullname . "</a></STRIKE> (" . translate("Rejected") . ")\ n"; Result of our tool 1. Locate the “ \ >” in the code as the data origin of the erroneous place in the error HTML page 2. Determine that there is no unexpected impacts and practical issues, so that the fix can be done automatically

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Dynamic Web Applications Authoring, Deploying And Consuming Mixed-Namespace XML T. V. Raman IBM

Dynamic Web Applications Authoring, Deploying And Consuming Mixed-Namespace XML T. V. Raman IBM

Dynamic Web Applications Authoring, Deploying And Consuming Mixed-Namespace XML T. V. Raman IBM Research Dynamic Web Applications p. 1 Outline Characteristics of a Web application. Building on what we have. Whats left to solve.

487 views • 22 slides
Layout Dynamic layout Layout design pattern Layout strategies 2 Dynamic Layout Applications

Layout Dynamic layout Layout design pattern Layout strategies 2 Dynamic Layout Applications

Layout Dynamic layout Layout design pattern Layout strategies 2 Dynamic Layout Applications need to be able to adjust the presentation of our interfaces. We need to dynamically reposition and resize our content in response to: Change in

594 views • 26 slides
Layout Dynamic layout Layout design pattern Layout strategies 2 Dynamic Layout Applications

Layout Dynamic layout Layout design pattern Layout strategies 2 Dynamic Layout Applications

Layout Dynamic layout Layout design pattern Layout strategies 2 Dynamic Layout Applications need to be able to adjust the presentation of our interfaces. We need to dynamically reposition and resize our content in response to: Change in

681 views • 28 slides
Dynamic HistoryDependent VariationalHemivariational Inequalities with Applications

Dynamic HistoryDependent VariationalHemivariational Inequalities with Applications

Dynamic HistoryDependent VariationalHemivariational Inequalities with Applications Stanislaw Mig orski Jagiellonian University in Krakow, Poland Faculty of Mathematics and Computer Science a joint work with Weimin Han and Mircea

818 views • 50 slides
Dynamic control Greedy, turnpike, constraints and some applications Enrique Zuazua 1

Dynamic control Greedy, turnpike, constraints and some applications Enrique Zuazua 1

Dynamic control Greedy, turnpike, constraints and some applications Enrique Zuazua 1 DeustoTech-Bilbao &amp; UAM-Madrid, Spain enrique.zuazua@deusto.es http://cmc.deusto.es Marrakech, Avril 2018 1 ERC Advanced Grant DYCON-Dynamic Control (

985 views • 49 slides
Dynamic Software Updates for C Applications Sebastian Hahn Friday 27 th June, 2014 Software

Dynamic Software Updates for C Applications Sebastian Hahn Friday 27 th June, 2014 Software

Dynamic Software Updates for C Applications Sebastian Hahn Friday 27 th June, 2014 Software Update There are two ways to write error-free programs; only the third one works. Alan Perlis sh DSU for C (AKSS SS 2014) Dynamic

507 views • 31 slides
Overlapping Communities in Dynamic Networks: Their Detection and Mobile Applications Nam P .

Overlapping Communities in Dynamic Networks: Their Detection and Mobile Applications Nam P .

Overlapping Communities in Dynamic Networks: Their Detection and Mobile Applications Nam P . Nguyen, Thang N. Dinh, Sindhura Tokala, My T. Thai Department of Computer and Information Science and Engineering, University of Florida, USA

1.46k views • 87 slides
Dynamic workload Several applications (e.g., multimedia systems) are characterized by highly

Dynamic workload Several applications (e.g., multimedia systems) are characterized by highly

Dynamic workload Several applications (e.g., multimedia systems) are characterized by highly variable computational requirements: load avg time Example: phone call Example: video playing It consists at least of 2 periodic tasks,

441 views • 13 slides
jk: Using Dynamic Analysis to Crawl and Test Modern Web Applications Giancarlo Pellegrino (1) ,

jk: Using Dynamic Analysis to Crawl and Test Modern Web Applications Giancarlo Pellegrino (1) ,

jk: Using Dynamic Analysis to Crawl and Test Modern Web Applications Giancarlo Pellegrino (1) , Constantin Tschrtz (2) , Eric Bodden (2) , and Christian Rossow (1) 18th International Symposium on Research in Attacks, Intrusions and Defenses

732 views • 45 slides
Sp ace frames Organic Architecture Dynamic structures for all architectural applications,

Sp ace frames Organic Architecture Dynamic structures for all architectural applications,

Sp ace frames Organic Architecture Dynamic structures for all architectural applications, Geometries and forms only limited by the designers Imagination. Eye Of Qatar 4400 mtr2 Marina Twin Towers 1800 mtr2 Free Form Al Mansour Gate

221 views • 4 slides
Dynamic Verification of Inter-Parameter Constraints in Web Applications Nathalie Oostvogels

Dynamic Verification of Inter-Parameter Constraints in Web Applications Nathalie Oostvogels

# Dynamic Verification of Inter-Parameter Constraints in Web Applications Nathalie Oostvogels Joeri De Koster Wolfgang De Meuter Third party web services 2 Web API specifications 3 Web API requests request.post( { url:

387 views • 19 slides
Advanced Dynamic Programming in CL: Theory, Algorithms, and Applications (S, 0, n) w 0 w 1 ...

Advanced Dynamic Programming in CL: Theory, Algorithms, and Applications (S, 0, n) w 0 w 1 ...

Advanced Dynamic Programming in CL: Theory, Algorithms, and Applications (S, 0, n) w 0 w 1 ... w n-1 Liang Huang University of Pennsylvania A Little Bit of History... Liang Huang (Penn) Dynamic Programming 2 A Little Bit of History...

2.04k views • 156 slides
AN INTRODUCTION TO PHP create dynamic web applications PHP stands for &quot;PHP: hypertext

AN INTRODUCTION TO PHP create dynamic web applications PHP stands for &quot;PHP: hypertext

1. What Is PHP Programming language created to enable web developers to quickly AN INTRODUCTION TO PHP create dynamic web applications PHP stands for &quot;PHP: hypertext preprocessor&quot;

291 views • 7 slides
Dynamic Modelling of Thermal Energy Storage for Dis istrict Cooling Applications Dr Carlos E.

Dynamic Modelling of Thermal Energy Storage for Dis istrict Cooling Applications Dr Carlos E.

Dynamic Modelling of Thermal Energy Storage for Dis istrict Cooling Applications Dr Carlos E. UGALDE-LOO Reader in Electrical Power Systems School of Engineering, Cardiff University Based on the PhD research work from Mr Hctor BASTIDA

239 views • 21 slides
A Dynamic to Static DSL Compiler for Image Processing Applications Compilers for Parallel

A Dynamic to Static DSL Compiler for Image Processing Applications Compilers for Parallel

A Dynamic to Static DSL Compiler for Image Processing Applications Compilers for Parallel Computing 2016 Pierre Guillou, Benot Pin, Fabien Coelho, Franois Irigoin July 8, 2016, Valladolid, Spain MINES ParisTech, PSL Research University,

325 views • 31 slides
Dynamic request allocation and scheduling for context aware applications subject to a percentile

Dynamic request allocation and scheduling for context aware applications subject to a percentile

Dynamic request allocation and scheduling for context aware applications subject to a percentile response time SLA in a distributed cloud Keerthana Boloor , Rada Chirkova , Tiia Salo and Yannis Viniotis Department of

526 views • 19 slides
Cache Policies Philipp Koehn 21 October 2019 Philipp Koehn Computer Systems Fundamentals: Cache

Cache Policies Philipp Koehn 21 October 2019 Philipp Koehn Computer Systems Fundamentals: Cache

Cache Policies Philipp Koehn 21 October 2019 Philipp Koehn Computer Systems Fundamentals: Cache Policies 21 October 2019 Memory Tradeoff 1 Fastest memory is on same chip as CPU ... but it is not very big (say, 32 KB in L1 cache)

545 views • 29 slides
Introduction to the lambda calculus Polyvios.Pratikakis@imag.fr Based on slides by Jeff Foster,

Introduction to the lambda calculus Polyvios.Pratikakis@imag.fr Based on slides by Jeff Foster,

Introductory Course on Logic and Automata Theory Introduction to the lambda calculus Polyvios.Pratikakis@imag.fr Based on slides by Jeff Foster, UMD Introduction to lambda calculus p. 1/33 History Formal mathematical system Simplest

883 views • 33 slides
Outcome-weighted sampling for Bayesian analysis Themis Sapsis and Antoine Blanchard Department

Outcome-weighted sampling for Bayesian analysis Themis Sapsis and Antoine Blanchard Department

Outcome-weighted sampling for Bayesian analysis Themis Sapsis and Antoine Blanchard Department of Mechanical Engineering Massachusetts Institute of Technology Funding: ONR, AFOSR, Sloan April 23, 2020 1 / 46 Problems-Motivation Risk

924 views • 46 slides
Interpolation CS3220 - Summer 2008 Jonathan Kaldor Interpolation Weve looked at the

Interpolation CS3220 - Summer 2008 Jonathan Kaldor Interpolation Weve looked at the

Interpolation CS3220 - Summer 2008 Jonathan Kaldor Interpolation Weve looked at the problem of model fitting using least squares: given some sample points, determine linear parameters for a model that best fits the data Note:

813 views • 63 slides
... ... e8 9c 4f e5 ff call 0040f79ch 8b f0 mov

... ... e8 9c 4f e5 ff call 0040f79ch 8b f0 mov

... ... e8 9c 4f e5 ff call 0040f79ch 8b f0 mov esi,eax 46 inc esi 8d 85 ac fd ff ff lea eax,[ebp-254h] 33 c9 xor

849 views • 47 slides
Looking at CNN shower Tag vs Pandora shower Tag Francesca Stocker 10.10.2019 Context: Pion

Looking at CNN shower Tag vs Pandora shower Tag Francesca Stocker 10.10.2019 Context: Pion

Looking at CNN shower Tag vs Pandora shower Tag Francesca Stocker 10.10.2019 Context: Pion Charge Exchange and Absorption Channel Pion Shower from Charge Pi0 Pion Absorption Exchange Primary Pion and Charge Inelastic Exchange

491 views • 15 slides
No-signalling assisted zero- error communication via quantum channels and the Lovsz number

No-signalling assisted zero- error communication via quantum channels and the Lovsz number

No-signalling assisted zero- error communication via quantum channels and the Lovsz number Andreas Winter (ICREA &amp; UAB Barcelona) Runyao Duan (UTS Sydney)xxxxxxxxx arXiv:1409.3426 If youve been partying... Hungover Summary 1. C

1.33k views • 87 slides
Adopting the JVM Ola Bini computational metalinguist ola.bini@gmail.com http://olabini.com/blog

Adopting the JVM Ola Bini computational metalinguist ola.bini@gmail.com http://olabini.com/blog

Adopting the JVM Ola Bini computational metalinguist ola.bini@gmail.com http://olabini.com/blog onsdag, 2010 november 03 Your host From Sweden to Chicago through ThoughtWorks Language geek at ThoughtWorks JRuby core developer, Ioke and Seph

923 views • 68 slides

More recommend