BeepBeep is a lightweight runtime monitor for AJAX web applications. It transparently checks in real time whether XML messages received and sent by the application satisfy a predefined interface specification.
Activity Recognition Through Complex Event Processing: First Findings
Browser-Based Enforcement of Interface Contracts in Web Applications with BeepBeep (Talk @ CAV 2009)
1. Browser-based Enforcement of
Interface Contracts in Web Applications
with BeepBeep
Sylvain Hallé, Roger Villemaire
University of California Université du Québec à Montréal
Santa Barbara, USA Montréal, CANADA
Sylvain Hallé
2. Some web services
E-Commerce Service
Compute Cloud
PayPal API: billing, express checkout
Shopping: like Amazon
Google Search, Google Maps, GMail, ...
Sylvain Hallé
10. Using web applications
XML request
<cartCreate> MyApplication.com
<item>2</item>
</cartCreate>
<cart>
<id>c</id>
<items>
<item>2</item>
</items>
</cart> XML
response
Sylvain Hallé
22. Constraints on the message trace
You cannot add the same item twice
to the shopping cart
2 2
c
! Atoms are properties over messages...
Sylvain Hallé
23. Constraints on the message trace
You cannot add the same item twice
to the shopping cart
G ( 2
Þ ØF
2
c
(
! Atoms are properties over messages...
! + LTL operators...
Sylvain Hallé
24. Constraints on the message trace
You cannot add the same item twice
to the shopping cart
(
G "i
i
Þ ØF
i
c
(
! Atoms are properties over messages...
! + LTL operators...
! + quantification on elements
Sylvain Hallé
25. Constraints on the message trace
You cannot add the same item twice
to the shopping cart
(
G "i
i
Þ ØF
i
c
(
! Atoms are properties over messages...
! + LTL operators...
! + quantification on elements } LTL-FO+
Sylvain Hallé
36. Adding BeepBeep to a real application
Œ Copy BeepBeep to application folder
http://beepbeep.sourceforge.net
Sylvain Hallé
37. Adding BeepBeep to a real application
Œ Copy BeepBeep to application folder
http://beepbeep.sourceforge.net
Include BeepBeep
Sylvain Hallé
38. Adding BeepBeep to a real application
Œ Copy BeepBeep to application folder
http://beepbeep.sourceforge.net
Include BeepBeep
myapplication.html
<html>
<head>
<title>My Application
</title>
<script type="text/javascript"
href="myapplication.js"/>
</head>
<body>
...
</body>
</html>
Sylvain Hallé
39. Adding BeepBeep to a real application
Œ Copy BeepBeep to application folder
http://beepbeep.sourceforge.net
Include BeepBeep
myapplication.html
<html>
<head>
<title>My Application
</title>
<script type="text/javascript"
href="myapplication.js"/>
<script type="text/javascript"
href="beepbeep.js"/>
</head>
<body>
...
</body>
</html>
Sylvain Hallé
40. Adding BeepBeep to a real application
Œ Copy BeepBeep to application folder
http://beepbeep.sourceforge.net
Include BeepBeep
myapplication.html myapplication.js
<html>
<head> // Initializations
<title>My Application ...
</title>
<script type="text/javascript" req = new XMLHttpRequest();
href="myapplication.js"/>
<script type="text/javascript" ...
href="beepbeep.js"/>
</head> function abc()
<body> {
... ...
</body> req.send(some_message);
</html> }
Sylvain Hallé
41. Adding BeepBeep to a real application
Œ Copy BeepBeep to application folder
http://beepbeep.sourceforge.net
Include BeepBeep
myapplication.html myapplication.js
<html>
<head> // Initializations
<title>My Application ...
</title>
<script type="text/javascript" req = new XMLHttpRequestBB();
href="myapplication.js"/>
<script type="text/javascript" ...
href="beepbeep.js"/>
</head> function abc()
<body> {
... ...
</body> req.send(some_message);
</html> }
Sylvain Hallé
42. Adding BeepBeep to a real application
Ž Obtain (or create) a contract file with LTL-FO+ formulae
# ---------------------------------------------------------------
# BeepBeep contract file for the Amazon ECS
# ---------------------------------------------------------------
% To create a cart, you must put at least one item
; G ([x1 /CartCreate/Operation] (((x1) = ({CartCreate})) ->
(<x2 /CartCreate/Items/Item/ASIN> ({TRUE}))))
% You can only create a cart once
; G ([x1 /CartCreate/Operation] (((x1) = ({CartCreate})) ->
(X (G (!(<x2 /CartCreate/Operation> ((x2) = ({CartCreate}))))))))
% No CartAdd can occur before a CartCreate
; (!(<x1 /CartAdd/Operation> ((x1) = ({CartAdd})))) U
(<x2 /CartCreate/Operation> ((x2) = ({CartCreate})))
% You cannot add the same item twice to the shopping cart
; G ([i /CartCreate/Items/Item/ASIN] (X (G
([j /CartAdd/Items/Item/ASIN] (!((i) = (j)))))))
Sylvain Hallé
44. Experimental results
Sample property: "each car entering in a parking lot must exit
before entering again"
< 5 ms/msg.
Time per message (ms)
Trace length
Hallé & Villemaire, EDOC 2008
Sylvain Hallé
48. Take-home points
1. Constraints involving temporal operators and quantification
on message contents arise naturally in real web applications
Sylvain Hallé
49. Take-home points
1. Constraints involving temporal operators and quantification
on message contents arise naturally in real web applications
2. An extension of LTL can formalize them: LTL-FO+
Sylvain Hallé
50. Take-home points
1. Constraints involving temporal operators and quantification
on message contents arise naturally in real web applications
2. An extension of LTL can formalize them: LTL-FO+
3. Runtime monitoring of these constraints can be done
efficiently, even with quantification
Sylvain Hallé
51. Take-home points
1. Constraints involving temporal operators and quantification
on message contents arise naturally in real web applications
2. An extension of LTL can formalize them: LTL-FO+
3. Runtime monitoring of these constraints can be done
efficiently, even with quantification
4. BeepBeep is a tool that allows it with
minimal modifications on real applications
http://beepbeep.sourceforge.net/
Sylvain Hallé