Programming the Interactive Web - PowerPoint PPT Presentation

1 / 160
About This Presentation
Title:

Programming the Interactive Web

Description:

This was my first experience with 'back-button' as a verb. ... body bgcolor=yellow table td p id='reserved' Residence Inn by. Marriot Charleston ... – PowerPoint PPT presentation

Number of Views:47
Avg rating:3.0/5.0
Slides: 161
Provided by: shrir6
Category:

less

Transcript and Presenter's Notes

Title: Programming the Interactive Web


1
(No Transcript)
2
(No Transcript)
3
(No Transcript)
4
(No Transcript)
5
(No Transcript)
6
(No Transcript)
7
(No Transcript)
8
(No Transcript)
9
(No Transcript)
10
(No Transcript)
11
(No Transcript)
12
(No Transcript)
13
Popular Press
  • But when I clicked on the National car rental
    price , the site responded with this message
    You have back-buttoned too far. This was my
    first experience with back-button as a verb.
    Since that was patently untrue, I decoded
    its true meaning We ran out of cars.
  • M. Slatalla, New York Times, 2003-07-17

14
A Headache for Companies
  • Minor problem Users might get booked into the
    wrong hotels, onto the wrong flights, etc.
  • Major problem People might embarrass you in
    newspapers and in public talks

15
Programming and Verifying the Interactive Web
  • Shriram Krishnamurthi
  • Brown University

16
Where You See This
  • URLs become simple
  • https//onepass.continental.com/asp/statement.asp
  • URLs become complex
  • http//maps.yahoo.com/py/ddResults.py?PytTmapta
    rnametardescnewnamenewdescnewHashnewTHas
    hnewStsnewTStstlttlnsltslnnewFLUse
    AddressBelownewaddr3007SantaMonicaBoulevard
    newcszsantamonica,canewcountryusnewTFLUseA
    ddressBelownewtaddr2815SantaMonicaBoulevard
    newtcszSantaMonica,CA904042409newtcountryus
    SubmitGetDirections

17
Programming InteractiveWeb Scripts
18
Adding Two Numbers(Console)
  • n1 read Enter first
  • n2 read Enter second
  • print
  • sum d\n
  • (n1 n2)
  • exit

19
Two User Interfaces
Enter first
Enter second
20
Interacting with Web Scripts
21
Interacting with Web Scripts
22
Interacting with Web Scripts
23
Interacting with Web Scripts
24
Interacting with Web Scripts
25
Interacting with Web Scripts
26
Program Transformation
  • n1 read
  • Enter first
  • n2 read
  • Enter second
  • print
  • sum d\n
  • (n1 n2)
  • exit
  • n1 read/web
  • ltformgtEnter first lt/formgt
  • n2 read/web
  • ltformgtEnter second lt/formgt
  • print
  • ltpgtsum
  • (n1 n2)lt/pgt
  • exit

27
A Central Problem
  • Web scripts write a page, then terminate (ie, the
    stack is erased)
  • When the user replies, another script reads the
    forms bindings and performs the next step (ie,
    it must restore the stack)

28
Consequently
n1 read/web ltformgtEnter first lt/formgt n2
read/web ltformgtEnter second lt/formgt print
ltpgtsum (n1 n2)lt/pgt exit
29
More Program Transformation
  • n1 read/web
  • ltformgtEnter first lt/formgt
  • n2 read/web
  • ltformgtEnter second lt/formgt
  • print
  • ltpgtsum
  • (n1 n2)lt/pgt
  • exit
  • Main () print
  • ltform actionf1gt
  • Enter first
  • ltinput namen1gt
  • lt/formgt
  • f1 (form) print
  • ltform actionf2gt
  • ltinput hidden namen1
  • valueform.n1gt
  • Enter second
  • ltinput namen2gt
  • lt/formgt
  • f2 (form) print
  • The sum is
  • form.n1 form.n2

30
Problems
  • Generating the programs is taxing
  • Programmer must manually track numerous
    dependencies
  • Mistakes have frustrating consequences(or
    silently introduce dynamic scope)

31
Observation
n1 read/web ltformgtEnter first lt/formgt n2
read/web ltformgtEnter second lt/formgt print
ltpgtsum (n1 n2)lt/pgt exit
n1 read/web ltformgtEnter first lt/formgt n2
read/web ltformgtEnter second lt/formgt print
ltpgtsum (n1 n2)lt/pgt exit
32
The Key Insight
  • The manual decomposition
  • implements the
  • continuation-passing style
  • transformation!

33
In More Detail
  • Technically, it composes
  • transformation of code into continuation-passing
    style
  • lambda-lifting
  • closure-conversion
  • Each of these has a formal, correctness-preserving
    foundation

34
An API With Heavy Lifting
  • APIs offer form, cookie, c primitives
  • Build a richer API with read/web
  • Programmers
  • Stand up for your rights
  • make language designers work harder!

35
Two Approaches to a Better API
  • A Web compiler that
  • Automatically splits programs by form
  • Automatically propagates fields
  • Guarantees behavior preservation
  • Direct support from the languageserver

36
Web Programming in PLT Scheme
  • The DrScheme Web Server

37
The Real Primitive
  • read/web lies slightly
  • n1 read/web
  • ltform action???gtEnter firstlt/formgt
  • We provide send/suspend
  • n1 send/suspend k
  • ltform actionkgtEnter firstlt/formgt

send/suspend generates the URL that resumes
computation
38
Generated URLs
  • send/suspend generates a URL of the form
  • http//host/servlets/pc-member.scmid28129579972
    5
  • In more detail
  • http//
  • host/servlets/
  • pc-member.scm
  • id281295799725

39
Addition Servlet
  • n1 send/suspend k
  • ltform actionkgtEnter firstlt/formgt
  • n2 send/suspend k
  • ltform actionkgtEnter secondlt/formgt
  • print
  • ltpgtsum
  • (n1 n2)lt/pgt
  • exit

40
Addition Servlet
http//host/servlets/add.scmid281295799725
  • n1 send/suspend k
  • ltform actionkgtEnter firstlt/formgt
  • n2 send/suspend k
  • ltform actionkgtEnter secondlt/formgt
  • print
  • ltpgtsum
  • (n1 n2)lt/pgt
  • exit

41
Addition Servlet
http//host/servlets/add.scmid281348792908
with memory of the value of n1
  • n1 send/suspend k
  • ltform actionkgtEnter firstlt/formgt
  • n2 send/suspend k
  • ltform actionkgtEnter secondlt/formgt
  • print
  • ltpgtsum
  • (n1 n2)lt/pgt
  • exit

42
Interacting with Web Scripts
/add.ssid17k3959569765
n1 1729
/add.ssid17k11058911710
43
Applications
  • Weve done more than just add numbers

44
The CONTINUE Server
  • Conference submission/review manager
  • Used by several conferences Softvis 2005, CSFW
    2005, FOAL 2005, ISSTA 2004, LMO 2005, TAV-WEB
    2004, PADL 2004/3/2/1, FDPE 2003, Scheme 2003/2,
    ...

45
Scenario
46
Email Confirmation Servlet
  • addr send/suspend k
  • ltform actionkgtEmaillt/formgt

send/suspend k ignore response send_mail
(addr, k) ltpgtWe sent mail to addrlt/pgt
add_to_database (addr)
47
Scenario
48
Scenario
49
One-Shot Guest URLs
  • guest_review
  • send/suspend k
  • ltform actionkgt
  • Overall Rating ltinput gt
  • Expertise ltinput gt
  • lt/formgt

50
One-Shot Guest URLs
  • guest_review
  • send/finish k
  • ltform actionkgt
  • Overall Rating ltinput gt
  • Expertise ltinput gt
  • lt/formgt

51
The Subtlety of Interaction
52
Whats in a URL?
  • Lets go back to this URL
  • http//maps.yahoo.com/py/ddResults.py?PytTmapta
    rnametardescnewnamenewdescnewHashnewTHas
    hnewStsnewTStstlttlnsltslnnewFLUse
    AddressBelownewaddr3007SantaMonicaBoulevard
    newcszsantamonica,canewcountryusnewTFLUseA
    ddressBelownewtaddr2815SantaMonicaBoulevard
    newtcszSantaMonica,CA904042409newtcountryus
    SubmitGetDirections

53
Whats in a URL?
  • Lets go back to this URL
  • http//maps.yahoo.com/py/ddResults.py?PytTmapta
    rnametardescnewnamenewdescnewHashnewTHas
    hnewStsnewTStstlttlnsltslnnewFLUse
    AddressBelownewaddr3007SantaMonicaBoulevard
    newcszsantamonica,canewcountryusnewTFLUseA
    ddressBelownewtaddr2815SantaMonicaBoulevard
    newtcszSantaMonica,CA904042409newtcountryus
    SubmitGetDirections

54
Whats in a URL?
  • Write it differently
  • http//maps.yahoo.com/py/ddResults.py?
    newaddr3007SantaMonicaBoulevard
  • newcszsantamonica,ca
  • newcountryus
  • newtaddr2815SantaMonicaBoulevard
  • newtcszSantaMonica,CA904042409
  • newtcountryus
  • SubmitGetDirections

55
Whats in a URL?
  • Or
  • http//maps.yahoo.com/py/ddResults.py?
  • newaddr 3007SantaMonicaBoulevard
  • newcsz santamonica,ca
  • newcountry us
  • newtaddr 2815SantaMonicaBoulevard
  • newtcsz SantaMonica,CA904042409
  • newtcountry us
  • Submit GetDirections

It looks like a function call!
56
The Real Picture
The script and the user are coroutines
Event lines
script
user
57
Control Flow Back Button
A silent action!
58
Control Flow Cloning
script
user
59
Control Flow Bookmarks
60
What Programmers Need
  • Multiply-resumable and
  • restartable coroutines
  • Thats what send/suspend really implements

61
(No Transcript)
62
(No Transcript)
63
(No Transcript)
64
(No Transcript)
65
(No Transcript)
66
(No Transcript)
67
(No Transcript)
68
(No Transcript)
69
(No Transcript)
70
(No Transcript)
71
(No Transcript)
72
(No Transcript)
73
Question
  • What would Amazon want?

74
Information Flow
  • Operations reveal two kinds of information
  • local to each copy of a page
  • Orbitz hotel selection
  • shared by all pages
  • Amazon shopping cart

? lexical scope
? mutable state
75
Conclusion
76
Interactive Web Programs
  • Program structure is mangled
  • Web interactions are complex
  • Semantics provides good foundations
  • APIs matter send/suspend is not alone

77
Sample of Other Work
  • Continuation-passing has significant downside
  • doesnt interact well with foreign language code
  • destroys the stack ? hurts tools like debuggers
    and stack inspectors
  • Challenge devise a better compilation algorithm
  • Result use lightweight stack inspection ICFP 05

78
Parting Thoughts
  • JavaScript is changing Web applications
  • Declarative languages win on the Web
  • Keep eating our own dogfood!

79
Collaborators
  • Faculty
  • Matthias Felleisen
  • Robby Findler
  • Matthew Flatt
  • Brown Undergrads
  • Pete Hopkins
  • PhD Students
  • Paul Graunke
  • Greg Pettyjohn

80
Debugging
81
Safety Errors
82
Safety Errors
83
Stepping Through Code
84
Stepping Through Code
85
Performance
86
PLT Web Server/ApacheStatic Documents
  • ratio of connections/second

Clients
87
PLT Web Server/ApacheInteractive Content
Clients
Clients
1k files
10k files
88
Perceived and Measured Costof CONTINUE Server
  • Almost as fast with and without caching
  • Measurement

89
Programming and Verifying the Interactive Web
  • Shriram Krishnamurthi
  • Brown University

90
Web Programs
  • Two subtleties
  • Program structure is mangled
  • User can upset programs control-flow
  • Continuation-based programming provides a
    baseline for tackling these problems now we can
    get to semantic errors

91
Verifying Temporal Behavior
92
The Orbitz Property
  • Orbitz Property the user should receive a
    reservation at the hotel that was displayed on
    the page he submitted
  • Should all sites behave thus?

93
The Amazon Property
  • Amazon property at the end, every book the user
    added to his shopping cart is actually in his
    shopping cart

94
Properties
  • These properties are
  • not fixed in number
  • temporal in nature
  • ? model checking

95
Model Checking
  • From source, generate model that captures
    behaviors of interest
  • Consume developers properties
  • Automatically check whether or not the model
    satisfies the properties

96
Model Checking
  • From source, generate model that captures
    behaviors of interest
  • Consume developers properties
  • Automatically check whether or not the model
    satisfies the properties

97
Modelling Web Programs
  • Model control-flow graph (CFG)
  • What would a model of Orbitz look like?

98
Modelling Orbitz
display hotel list
set chosen
use chosen to compute displayed
use chosen to compute reserved
display reservation
display details for displayed
99
One Browser
AltTab
  • How can we model all these operations?

100
User Operation Calculus
  • Express all browser operations in terms of
    primitive operations
  • submit form to server
  • switch to previously-visited page

101
The Orbitz CFG
display hotel list
set chosen
use chosen to compute displayed
use chosen to compute reserved
display reservation
display details for displayed
102
The Orbitz WebCFG
display hotel list
set chosen
use chosen to compute displayed
use chosen to compute reserved
display reservation
display details for displayed
103
Model Checking
  • From source, generate model that captures
    behaviors of interest
  • Consume developers properties
  • Automatically check whether or not the model
    satisfies the properties

104
Atomic Propositions
lthtmlgt ltbody bgcoloryellowgt lttablegt lttdgt
ltpgt Residence Inn by Marriot
Charleston Downtown ... lt/htmlgt
105
Relating Web Page Contentto Source
  • Parse the text?
  • Too hard
  • Static-distance coordinates?
  • Too brittle
  • What else can we do?

106
Relating Web Page Contentto Source
lthtmlgt ltbody bgcoloryellowgt lttablegt lttdgt
ltp idreservedgt Residence Inn by
Marriot Charleston Downtown ... lt/htmlgt
107
Annotating the WebCFG
Annotate each WebCFG state with the propositions
true in that state
lthtmlgt ltbody bgcoloryellowgt lttablegt lttdgt
ltp idreservedgt Residence Inn by
Marriot Charleston Downtown ... lt/htmlgt
generate reservation page
generate reservation text
tagreserved
108
Verification Process
  • Annotated WebCFG describes the set of traces that
    potentially occur
  • Property defines traces that may occur
  • Verification is containment of the former in the
    latter
  • Vardi and Wolper, 1986

109
Example Property
  • Before reaching an access-controlled page, the
    user must go through a password page

Note In properties,tags label transitions
110
The Orbitz Property
  • Value of reserved comes from the value of
    displayed
  • Value of chosen does not change between
    computation of displayed and computation of
    reserved

111
Orbitz Subproperty 1
  • Value of chosen does not change between
    computation of displayed and computation of
    reserved
  • Track value mutations

112
Orbitz Subproperty 1
Property chosen does not change between the
computation of displayed and the computation of
reserved
(set,chosen) (join,chosen)
1
2
violation
tagreserved
113
Orbitz Subproperty 2
  • Value of reserved comes from the value of
    displayed
  • Augment tagged propositions for reasoning about
    value flow

114
Orbitz Subproperty 2
X
Property the value of reserved comes from the
value of displayed
(tagged,displayed,X)
1
2
(tagged,reserved,?X)
violation
(tagged,reserved,??X)
?X
??X
115
Model Checking
  • From source, generate model that captures
    behaviors of interest
  • Consume developers properties
  • Automatically check whether or not the model
    satisfies the properties

116
The Orbitz WebCFG
display hotel list
set chosen
use chosen to compute displayed
use chosen to compute reserved
display reservation
display details for displayed
117
The Orbitz WebCFG
display hotel list
set chosen
use chosen to compute displayed
use chosen to compute reserved
display reservation
display details for displayed
118
Algorithm
  • NYSTNYD paths
  • make state machine precise
  • adapt language containment algorithm
  • FLAVERS algorithm has constraint automata to
    eliminate infeasible paths

119
(No Transcript)
120
Representative Feature
121
Access-Control
  • Policy maps ltsubject, action, resourcegtto a
    decision (permit, deny, )
  • Representation matters
  • matrix gets too large
  • people play multiple roles
  • policies are distributed
  • ? policies are becoming software
  • New standards include XACML, EPAL, etc.

122
System Structure
123
System Structure


124
Verifying Information Access
125
CONTINUE Properties
  • Someone not PC Chair or Admin cannot see reviews
    for conflicted papers
  • PC members may edit reviews they own
  • Someone not PC Chair or Admin may not set the PC
    Meeting flag

126
Gradebook
127
Running Example
  • Roles
  • Faculty, Student
  • Actions
  • Assign, View, Receive
  • Resources
  • InternalGrades, ExternalGrades

128
Properties
  • No Student can Assign ExternalGrades
  • Faculty can Assign both InternalGrades and
    ExternalGrades
  • No single person can both Receive and Assign
    ExternalGrades

129
Basic Policy
  • Requests for Students to Receive ExternalGrades
    succeed
  • Requests for Faculty to Assign or View
    ExternalGrades succeed

130
Verify Basic Policy
  • Requests for Students to Receive ExternalGrades
    succeed
  • Requests for Faculty to Assign or View
    ExternalGrades succeed
  • No Student can Assign ExternalGrades
  • Faculty can Assign both InternalGrades and
    ExternalGrades
  • No single person can both Receive and Assign
    ExternalGrades

131
Verify Constrained Basic Policy
  • Requests for Students to Receive ExternalGrades
    succeed
  • Requests for Faculty to Assign or View
    ExternalGrades succeed
  • Faculty are disjoint from Students
  • No Student can Assign ExternalGrades
  • Faculty can Assign both InternalGrades and
    ExternalGrades
  • No single person can both Receive and Assign
    ExternalGrades

132
Verify Revised TA Policy
  • Requests for Students to Receive ExternalGrades
    succeed
  • Requests for Faculty to Assign or View
    ExternalGrades succeed
  • TAs can View and Assign InternalGrades but not
    ExternalGrades
  • Faculty are disjoint from Students
  • No Student can Assign ExternalGrades
  • Faculty can Assign both InternalGrades and
    ExternalGrades
  • No single person can both Receive and Assign
    ExternalGrades

133
Verify Family Policy
  • Requests for Students to Receive ExternalGrades
    succeed
  • Requests for Faculty to Assign or View
    ExternalGrades succeed
  • TAs can View and Assign InternalGrades but not
    ExternalGrades
  • FacultyFamily can Receive ExternalGrades
  • Disjointness constraint
  • No Student can Assign ExternalGrades
  • Faculty can Assign both InternalGrades and
    ExternalGrades
  • No single person can both Receive and Assign
    ExternalGrades

134
Margrave Response
  • Fails when someone is both Faculty and
    FacultyFamily
  • No Student can Assign ExternalGrades
  • Faculty can Assign both InternalGrades and
    ExternalGrades
  • No single person can both Receive and Assign
    ExternalGrades

Spouses can be faculty too!
135
Properties?!?
136
Policies Without Properties
  • Working policy P1
  • Modified policy P2
  • Testing reveals intended change
  • But

137
TA Policy Minus Constrained Basic Policy
  • Requests for Students to Receive ExternalGrades
    succeed
  • Requests for Faculty to Assign or View
    ExternalGrades succeed
  • TAs have the same privileges as Faculty
  • Faculty are disjoint from Students
  • Requests for Students to Receive ExternalGrades
    succeed
  • Requests for Faculty to Assign or View
    ExternalGrades succeed
  • Faculty are disjoint from Students

138
Output
  • Faculty 0 0 0 0 0 0 0 0
  • Student 0 0 0 0 1 1 1 1
  • ExtGrades 0 0 1 1 0 0 1 1
  • IntGrades 1 1 0 0 1 1 0 0
  • Assign 0 1 0 1 0 1 0 1
  • View 1 0 1 0 1 0 1 0
  • Receive 0 0 0 0 0 0 0 0
  • TA 1 1 1 1 1 1 1 1
  • N N N N N N N N
  • 2 2 2 2 2 2 2 2
  • P P P P P P P P

139
Output
  • Faculty 0 0 0 0 0 0 0 0
  • Student 0 0 0 0 1 1 1 1
  • ExtGrades 0 0 1 1 0 0 1 1
  • IntGrades 1 1 0 0 1 1 0 0
  • Assign 0 1 0 1 0 1 0 1
  • View 1 0 1 0 1 0 1 0
  • Receive 0 0 0 0 0 0 0 0
  • TA 1 1 1 1 1 1 1 1
  • N N N N N N N N
  • 2 2 2 2 2 2 2 2
  • P P P P P P P P
  • Faculty 0 0 0 0
  • Student 0 0 1 1
  • ExtGrades 0 1 0 1
  • IntGrades 1 0 1 0
  • Assign 1 1 1 1
  • View 0 0 0 0
  • Receive 0 0 0 0
  • TA 1 1 1 1
  • N N N N
  • 2 2 2 2
  • P P P P

Show cases involving grade assignment
140
Output
  • Faculty 0 0 0 0
  • Student 0 0 1 1
  • ExtGrades 0 1 0 1
  • IntGrades 1 0 1 0
  • Assign 1 1 1 1
  • View 0 0 0 0
  • Receive 0 0 0 0
  • TA 1 1 1 1
  • N N N N
  • 2 2 2 2
  • P P P P
  • Faculty 0 0
  • Student 0 1
  • ExtGrades 1 1
  • IntGrades 0 0
  • Assign 1 1
  • View 0 0
  • Receive 0 0
  • TA 1 1
  • N N
  • 2 2
  • P P

Show cases involving external grades
141
Output
  • Student
  • TA
  • Faculty 0 0
  • Student 0 1
  • ExtGrades 1 1
  • IntGrades 0 0
  • Assign 1 1
  • View 0 0
  • Receive 0 0
  • TA 1 1
  • N N
  • 2 2
  • P P

Show all roles
142
Supported Queries
  • Restrict by change type (eg, D-gtP)
  • Restrict to boolean combinations of specific
    roles, actions, resources
  • List roles, actions, resources occurring in
    change
  • Emptiness

143
Implementation
144
Possibilities
  • Reasoning is largely propositional
  • CNF/DNF
  • Prolog
  • SAT solving (w/ an interface like Alloy?)
  • Decision diagrams

145
Multi-TerminalDecision Diagrams
  • Faculty (f) can assign (a) grades (g)
  • Students (s) can receive (r) grades (g)

146
Rules and Rule Combination
147
Constraints
  • Faculty are disjoint from Students
  • Exclude (Faculty ? Students)

X
148
Policy Differencing
  • Decision diagram with 16 terminals
  • permit?permit, permit?deny, deny?permit,
    deny?not-applicable,
  • Built from policies using minor variations of
    standard decision diagram combinators
  • Uniform representation is valuable!

149
Back to the Case Study
150
CONTINUE Performance
  • Policy has 50 MTDD variables
  • Policy has 1268 nodes (817 w/ constraints)
  • Twelve properties each lt 10ms
  • Memory 316,288 bytes over baseline
  • Change 2ms, 1133 nodes, 16.3Kb memory

151
Context
152
Temporal problems
Role problems
Instance problems
153
Temporal Policies
  • Coarse-grained
  • Fine-grained
  • Dont allow access to a papers other reviews
    until the PC member has submitted their own review

Submit
Review
Respond
Meet
154
Temporal problems
Changeanalysis
Programanalysis
Role problems
Instance problems
155
One Conference Doesnt Fit All
Submit
Review
Respond
Meet
Submit
Review
Respond
Submit
Review
Deliberate
Feedback
Respond
156
Conclusion
157
Perspective
  • Structure of Web source programs matters
  • Change query/verification may become a
    lightweight formal method
  • JavaScript affects both forms of verification
  • 10ms is interesting

158
Parting Thoughts
  • Interesting, important verification arena
  • New face of multi-lingual programming
  • Creating robust (conference) software

159
Collaborators
  • Faculty
  • Kathi Fisler
  • Brown Undergrads
  • Pete Hopkins
  • Dan Licata
  • Leo Meyerovich
  • Michael Tschantz

160
  • PLT Scheme (DrScheme Environment)
  • http//www.drscheme.org/
  • CONTINUE (Conference Manager)
  • http//continue.cs.brown.edu/
  • Margrave (XACML Analysis)
  • http//www.cs.brown.edu/ research/plt/software/
    margrave/

161
The Amazon Idiom
162
The Orbitz Idioms
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Programming the Interactive Web" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!