SERVER ENFORCED PROGRAM SAFETY FOR WEB APPLICATION ENGINEERING
Keywords:
Web Applications, Type Safety, Referential Integrity, PersistenceAbstract
As Web application development evolves from initial ad hoc approaches to large scale Web engineering, it is increasingly important to adopt systematic approaches to ensuring safety properties of Web applications. In particular, engineers constructing Web applications should be provided with at least the same guarantees of static safety as in preceding development paradigms; the current absence of such guarantees leads to Web application users being forced to endure failure modes that would never be accepted from conventional applications. We observe that much is known about program safety in the traditional software development domain. Based on this observation, we contend that Web engineering should adopt an evolutionary rather than revolutionary approach to program safety. That is, existing solutions from conventional development should be evolved to match the exigencies of the Web engineering context, rather than engendering solutions that are wholly new. With this evolutionary approach in mind, we introduce a categorisation of the problem area into four major safety properties, each related by analogy to a problem in the conventional development paradigm. Further, we observe that in the Web context, these properties are interrelated, and hence adopt an integrated model for their enforcement. Based on this integrated model, we demonstrate an approach to Web application safety that is both simpler and more powerful than previous, non-integrated, approaches. In contrast to previous systems, our approach as implemented in our WebStore application server achieves the safety goals without recourse to new and unfamiliar programming constructs. Finally, WebStone benchmark results comparing our server to existing mainstream Web application development platforms demonstrate that it provides acceptable performance for a wide range of Web applications.
Downloads
References
Y. Deshpande, S. Murugesan and S. Hansen (2001), Web engineering: Beyond CS, IS and SE Evolutionary
and non-engineering perspectives, in Web Engineering: Managing Diversity and Complexity
of Web Application Development, LNCS 2016, Springer-Verlag, pp. 14–23
S. Murugesan, Y. Deshpande, S. Hansen and A. Ginige (2001), Web engineering: A new discipline
for development of Web-based systems, in Web Engineering: Managing Diversity and Complexity
of Web Application Development, LNCS 2016, Springer-Verlag, pp. 3–13.
D. Ingham, S. Caughey and M. Little (1996), Fixing the “broken-link” problem, The W3Objects approach,
WWW5, Paris, France, http://www5conf.inria.fr/fich html/papers/P32/Overview.
html.
D. Ingham, S. Caughey, M. Little and S.K. Shrivastava (1995) W3Objects: Bringing object-oriented
technology to the Web, WWW4, Boston, USA, http://www.w3.org/Conferences/WWW4/Papers2/
/.
C. Brabrand, A. Moller and M. Schwartzbach (2002), The project, ACM Transactions
on Internet Technology, Vol. 2(2), pp. 79–114.
A. Sandholm and M. Schwartzbach (2000), A type system for dynamic Web documents, in Proceedings
of the 27th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Language
(POPL’00), pp. 290–301.
M.P. Atkinson, and R. Morrison (1985), Procedures as persistent data objects, ACMTransactions
on Programming Languages and Systems, Vol. 7(4), pp. 539–559.
M.P. Atkinson, P.J. Bailey, K.J. Chisholm, W.P. Cockshott and R. Morrison (1983), An approach
to persistent programming, Computer Journal, Vol. 26(4), pp. 360–365.
M.P. Atkinson, and R. Morrison (1995), Orthogonally persistent object systems, VLDB Journal,
Vol. 4(3), pp. 319–401.
T. Olds, H. Detmold, K. Falkner and D.S. Munro (2004), Engineering safe and efficient shareability
within Web systems, in Proceedings of the Sixth Asia Pacific Web Conference (APWEB’04),
Hangzhou, China, LNCS 3007, Springer-Verlag, pp. 697–710.
World Wide Web Consortium (W3C), XML Schema, http://www.w3.org/XML/Schema.
World Wide Web Consortium (W3C), XML Query, http://www.w3.org/XML/Query.
The PHP Group, PHP: Hypertext Preprocessor, http://www.php.net/.
R. Jones and R. Lins. R (1996), Garbage collection: Algorithms for automatic dynamic memory
management, John Wiley and Sons.
P. Wilson (1993), Uniprocessor garbage collection techniques, in Proceedings of the International
Workshop on Memory Management, St. Malo, France, LNCS 637, Springer-Verlag, pp. 1–42.
World Wide Web Consortium (W3C), XForms - The next generation of Web forms, http://www.
w3.org/MarkUp/Forms/.
R. Morrison, D. Balasubramaniam, M. Greenwood, G.N.C. Kirby, K. Mayes, D.S. Munro and
B.C. Warboys (1999), ProcessBase reference manual (version 1.0.6), Universities of Manchester
and St. Andrews.
PS-algol (1988), PS-algol reference manual, 4th edition, Universities of Glasgow and St Andrews,
Technical Report PPRR-12-88.
R. Morrison, A.L. Brown, R.C.H. Connor, Q.I. Cutts, A. Dearle, G.N.C. Kirby and D.S. Munro
(1996), Napier88 reference manual (release 2.2.1), University of St Andrews.
G.N.C. Kirby (1992), Persistent programming with strongly typed linguistic reflection, in Proceeding
of the 25th Hawaii International Conference on System Sciences (HICSS-25), Kauai, Hawaii,
USA, pp. 820–831.
G. Trent and M. Sake, WebStone: The first generation in HTTP server benchmarking, http:
//www.mindcraft.com/webstone/paper.html.
R.B. Miller (1968), Response time in man-computer conversational transactions, in Proceedings of
the 1968 AFIPS Fall Joint Computer Conference, San Francisco, CA, USA, Vol. 33, pp. 267–277.
C. Allison, M. Bramley and J. Serrano (1999), Meeting interactive response targets in distributed
learning environments, The Active Web, Stafford: BCS.ISBN 1-897898-45-2, pp. 93–97.
A. Zakaravicius (2004), Compliant Thread Scheduling, Honours Dissertation, School of Computer
Science, The University of Adelaide.
World Wide Web Consortium (W3C), Resource Description Framework (RDF), http://www.w3.
org/RDF/.
J. Hendler, T. Berners-Lee and E. Miller (2002), Integrating applications on the semantic Web,
Journal of the Institute of Electrical Engineers of Japan, Vol. 122(10), pp. 676-680.
World Wide Web Consortium (W3C), Web Ontology Language (OWL), http://www.w3.org/
/OWL/.
World Wide Web Consortium (W3C), OWL-S: Semantic markup for Web services, http://www.
w3.org/Submission/OWL-S/.
World Wide Web Consortium (W3C), Web Services Addressing working group, http://www.w3.
org/2002/ws/addr/.
D. Florescu, A. Grunhagen and D. Kossmann (2002), XL: An XML programming language for
Web service specification and composition, WWW2002, Honolulu, Hawaii, USA, http://www2002.
org/CDROM/refereed/481/.
E. Meijer, W. Schulte and G. Bierman (2003), Programming with circles, triangles and rectangles,
in Proceedings of XML2003.
E. Meijer and W. Schulte (2003), Unifying tables, objects and documents, in Proceedings of the
Workshop on Declarative Programming in the Context of Object-Oriented Programming (DPCOOL’
, Uppsala, Sweden, pp. 145–166.
M. Benedikt, J. Freire and P. Godefroid (2002), VeriWeb: Automatically testing dynamic Web sites,
WWW2002 Alternate Paper Track, Honolulu, Hawaii, http://www2002.org/CDROM/alternate/
/index.html.
S.K. Shrivastava, G.N. Dixon and G.D. Parrington (1991), An overview of the Arjuna distributed
programming system, IEEE Software, Vol. 8(1), pp. 66–73.
N. Richer and M. Shapiro (2000), The memory behaviour of the WWW, or the WWW considered
as a persistent store, in Proceedings of the 9th International Workshop on Persistent Object
Systems (POS-9), Lillehammer, Norway, LNCS 2135, Springer-Verlag, pp. 161–176.
P. Graunke, S. Krishnamurthi, S. Van Der Hoeven and M. Fellesien (2001), Programming the
Web with high-level programming languages, in Proceedings of the 10th European Symposium on
Programming (ESOP’01), LNCS 2028, Springer-Verlag, pp. 122–136.
M. Hanus (2001), High-level server-side scripting in Curry, in Proceedings of the Third International
Symposium on Practical Aspects of Declarative Languages (PADL’01), LNCS 1990,
Springer-Verlag, pp. 76–92.
C. Queinnec (2000), The influence of browsers on evaluators, or continuations to program Web
servers, in Procedings of the Fifth ACM SIGPLAN International Conference on Functional Programming
(ICFP’00), ACM SIGPLAN Notices, Vol. 35(9), pp. 23–33.
P. Thiemann (2005), An embedded domain-specific language for type-safe server-side Web scripting,
ACM Transactions on Internet Technology, Vol. 5(1), pp. 1–46.
Microsoft Corporation, MSDN library: Overview of the .NET framework (.NET framework
developer’s guide), http://msdn.microsoft.com/library/en-us/cpguide/html/
cpovrintroductiontonetframeworksdk.asp.
R.M. Greenwood, K. Mayes, B.C. Warboys, B.S. Yeomans, D. Balasubramaniam, G.N.C. Kirby
and R. Morrison (2000), System evolution, feedback and compliant architectures, in Proceedings
of the International Workshop on Feedback and Evolution in Software and Business Processes
(FEAST 2000), Imperial College, London, UK.
R. Morrison, D. Balasubramaniam, R.M. Greenwood, G.N.C. Kirby, K. Mayes, D.S. Munro and
B.C. Warboys (2000), An approach to compliance in software architectures, Computing and Control
Engineering, Special Issue on Informatics, Vol. 11(4), pp. 195–200.
R. Morrison, D. Balasubramaniam, R.M. Greenwood, G.N.C. Kirby, K. Mayes, D.S. Munro and
B.C. Warboys (2000), A compliant persistent architecture, Software, Practice & Experience, Vol.
(4), pp. 363–386.
Sun Microsystems, Java Server Pages technology, version 1.1, http://java.sun.com/products/
jsp/.
R. Morrison, R.C.H. Connor, Q.I. Cutts, A. Dearle, A. Farkas, G.N.C. Kirby, R. McGettrick and E.
Zirintsis (1999), Current directions in hyper-programming, in Proceedings of the 3rd International
Andrei Ershov Memorial Conference on Perspectives of System Informatics (PSI), Novosibirsk,
Russia, LNCS 1755, Springer-Verlag, pp. 316–340.
E. Zirintsis, G.N.C. Kirby and R. Morrison (1999), Demonstration of Hyper-Programming in Java,
in Proceedings of the 25th International Conference on Very Large Databases (VLDB’99), Edinburgh,
Scotland, pp. 734–737.
J.D. Fox, H. Detmold and K.E. Falkner (2004). Hyper-programming Web applications, in Proceedings
of the Second Annual Australian Undergraduate Students’ Computing Conference, Melbourne,
Australia, pp. 59–66.
