madPL seminar: Testing and Analysis of Web Applications using Page Models (Raghavan Komondoor)

Friday, July 14, 2017 -
12:00pm to 1:00pm
Room 4310

Speaker Name: 

Raghavan Komondoor

Speaker Institution: 

Indian Institute of Science




Title: Testing and Analysis of Web Applications using Page Models


Web applications are difficult to analyze using code-based tools because
data-flow and control-flow through the application occurs via both
server-side code and client-side pages. Client-side pages are typically
specified in a scripting language that is different from the main
server-side language; moreover, the pages are generated dynamically from
the scripts. To address these issues we propose a static-analysis approach
that automatically constructs a ``model'' of each page in a given
application. A page model is a code fragment in the same language as the
server-side code, which faithfully over-approximates the possible elements
of the page as well as the control-flows and data-flows due to these
elements. The server-side code in conjunction with the page models then
becomes a standard (non-web) program, thus amenable to analysis using
standard code-based tools.

We have implemented our approach in the context of J2EE applications. We
demonstrate the versatility and usefulness of our approach by applying
three standard analysis tools on the resultant programs from our approach:
a concolic-execution based model checker (JPF), a dynamic fault
localization tool (Zoltar), and a static slicer (Wala).

Speaker bio:

Raghavan Komondoor is an Associate Professor at the Department of Computer
Science and Automation, Indian Institute of Science (IISc), Bangalore. He
obtained his PhD in Computer Sciences from University of Wisconsin-Madison,
advised by Prof. Susan Horwitz. He worked for IBM Research for
several years before moving to IISc. His areas of interest are program
analysis, programming tools, and formal methods for software engineering.