research-article

Cross-language program slicing for dynamic web applications

Authors:

Hung Viet Nguyen,

Christian Kästner,

Tien N. NguyenAuthors Info & Claims

ESEC/FSE 2015: Proceedings of the 2015 10th Joint Meeting on Foundations of Software Engineering

Pages 369 - 380

https://doi.org/10.1145/2786805.2786872

Published: 30 August 2015 Publication History

Abstract

During software maintenance, program slicing is a useful technique to assist developers in understanding the impact of their changes. While different program-slicing techniques have been proposed for traditional software systems, program slicing for dynamic web applications is challenging since the client-side code is generated from the server-side code and data entities are referenced across different languages and are often embedded in string literals in the server-side program. To address those challenges, we introduce WebSlice, an approach to compute program slices across different languages for web applications. We first identify data-flow dependencies among data entities for PHP code based on symbolic execution. We also compute SQL queries and a conditional DOM that represents client-code variations and construct the data flows for embedded languages: SQL, HTML, and JavaScript. Next, we connect the data flows across different languages and across PHP pages. Finally, we compute a program slice for a given entity based on the established data flows. Running WebSlice on five real-world, open-source PHP systems, we found that, out of 40,670 program slices, 10% cross languages, 38% cross files, and 13% cross string fragments, demonstrating the potential benefit of tool support for cross-language program slicing in dynamic web applications.

References

[1]

Cross-language program slicing for dynamic web applications. http://home.engineering.iastate.edu/~hungnv/ Research/WebSlice.

[2]

JavaBDD website. http://javabdd.sourceforge.net/.

[3]

Quercus interpreter for PHP. http://quercus.caucho.com/.

[4]

M. Alkhalaf, T. Bultan, and J. L. Gallegos. Verifying client-side input validation functions using string analysis. In Proceedings of the 34th International Conference on Software Engineering, pages 947–957. IEEE Press, 2012.

Digital Library

[5]

R. S. Arnold and S. A. Bohner. Impact analysis - towards a framework for comparison. In Proceedings of the Conference on Software Maintenance, pages 292–301. IEEE Computer Society, 1993.

Digital Library

[6]

S. Artzi, J. Dolby, S. H. Jensen, A. Møller, and F. Tip. A framework for automated testing of Javascript web applications. In Proceedings of the 33rd International Conference on Software Engineering, pages 571–580. ACM, 2011.

Digital Library

[7]

J.-F. Bergeretti and B. A. Carré. Information-flow and data-flow analysis of while-programs. ACM Trans. Program. Lang. Syst., 7(1):37–61, Jan. 1985.

Digital Library

[8]

D. Binkley and K. Gallagher. Program slicing. Journal of Advanced Computing, 43:1–50, 1996.

[9]

D. Binkley, N. Gold, M. Harman, S. Islam, J. Krinke, and S. Yoo. ORBS: Language-independent program slicing. In Proceedings of the 22nd ACM SIGSOFT International Symposium on Foundations of Software Engineering, pages 109–120. ACM, 2014.

Digital Library

[10]

D. Binkley and M. Harman. A survey of empirical results on program slicing. Journal of Advanced Computing, 62:105–178, 2004.

[11]

G. Canfora, A. Cimitile, and A. D. Lucia. Conditioned program slicing. Inf. Soft. Technology, 40(11-12):595–608, 1998.

[12]

A. de Lucia, A. R. Fasolino, and M. Munro. Understanding function behaviors through program slicing. In Proceedings of the 4th International Workshop on Program Comprehension, pages 9–18. IEEE Computer Society, 1996.

Digital Library

[13]

G. A. Di Lucca and M. Di Penta. Integrating static and dynamic analysis to improve the comprehension of existing web applications. In Proceedings of the Seventh IEEE International Symposium on Web Site Evolution, pages 87–94. IEEE Computer Society, 2005.

Digital Library

[14]

J. Field, G. Ramalingam, and F. Tip. Parametric program slicing. In Proceedings of the 22nd ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, pages 379–392. ACM, 1995.

Digital Library

[15]

K. Gallagher, D. Binkley, and M. Harman. Stop-list slicing. In Proceedings of the Sixth IEEE International Workshop on Source Code Analysis and Manipulation, pages 11–20. IEEE Computer Society, 2006.

Digital Library

[16]

P. Gazzillo and R. Grimm. SuperC: Parsing all of C by taming the preprocessor. In Proceedings of the 33rd ACM SIGPLAN Conference on Programming Language Design and Implementation, pages 323–334. ACM, 2012.

Digital Library

[17]

M. Harman and S. Danicic. Amorphous program slicing. In Proceedings of the 5th International Workshop on Program Comprehension, pages 70–79. IEEE Computer Society, 1997.

Digital Library

[18]

M. Harman, S. Danicic, Y. Sivagurunathan, and D. Simpson. The next 700 slicing criteria. In Proceedings of the 2nd U.K. Workshop on Program Comprehension, 1996.

[19]

M. Harman and K. Gallagher. Program slicing. Inform. Softw. Technol., 40:577–582, 1998.

[20]

M. Harman and R. Hierons. An overview of program slicing. Softw. Focus, 3:85–92, 2001.

[21]

M. Harman, R. Hierons, C. Fox, S. Danicic, and J. Howroyd. Pre/post conditioned slicing. In Proceedings of the IEEE International Conference on Software Maintenance, pages 138–147. IEEE Computer Society, 2001.

Digital Library

[22]

J. Hatcliff, M. B. Dwyer, and H. Zheng. Slicing software for model construction. Higher Order Symbolic Computation, 13(4):315–353, 2000.

Digital Library

[23]

S. Horwitz, T. Reps, and D. Binkley. Interprocedural slicing using dependence graphs. In Proceedings of the ACM SIGPLAN 1988 Conference on Programming Language Design and Implementation, pages 35–46. ACM, 1988.

Digital Library

[24]

R. Jhala and R. Majumdar. Path slicing. In Proceedings of the 2005 ACM SIGPLAN Conference on Programming Language Design and Implementation, pages 38–47. ACM, 2005.

Digital Library

[25]

C. Kästner, P. G. Giarrusso, T. Rendel, S. Erdweg, K. Ostermann, and T. Berger. Variability-aware parsing in the presence of lexical macros and conditional compilation. In Proceedings of the 2011 ACM International Conference on Object Oriented Programming Systems Languages and Applications, pages 805–824. ACM, 2011.

Digital Library

[26]

A. Kieyzun, P. J. Guo, K. Jayaraman, and M. D. Ernst. Automatic creation of SQL injection and cross-site scripting attacks. In Proceedings of the 31st International Conference on Software Engineering, pages 199–209. IEEE Computer Society, 2009.

Digital Library

[27]

B. Korel and J. Laski. Dynamic program slicing. Inf. Process. Lett., 29(3):155–163, Oct. 1988.

Digital Library

[28]

A. D. Lucia. Program slicing: Methods and applications. In Proceedings of the 1st IEEE International Workshop on Source Code Analysis and Manipulation, pages 142–149. IEEE Computer Society, 2001.

[29]

J. Maras, J. Carlson, and I. Crnkovic. Client-side web application slicing. In 26th IEEE/ACM International Conference on Automated Software Engineering (ASE), pages 504–507. IEEE Press, 2011.

Digital Library

[30]

A. Maule, W. Emmerich, and D. S. Rosenblum. Impact analysis of database schema changes. In Proceedings of the 30th International Conference on Software Engineering, pages 451–460. ACM, 2008.

Digital Library

[31]

A. Mesbah and A. van Deursen. Invariant-based automatic testing of AJAX user interfaces. In Proceedings of the 31st International Conference on Software Engineering, pages 210–220. IEEE Computer Society, 2009.

Digital Library

[32]

Y. Minamide. Static approximation of dynamically generated web pages. In Proceedings of the International Conference on World Wide Web (WWW), pages 432–441, 2005.

Digital Library

[33]

M. N. Ngo and H. B. K. Tan. Applying static analysis for automated extraction of database interactions in web applications. Information and Software Technology, 50(3):160–175, 2008.

Digital Library

[34]

H. V. Nguyen, C. Kästner, and T. N. Nguyen. Building call graphs for embedded client-side code in dynamic web applications. In Proceedings of the 22nd ACM SIGSOFT International Symposium on Foundations of Software Engineering, pages 518–529. ACM, 2014.

Digital Library

[35]

H. V. Nguyen, H. A. Nguyen, T. T. Nguyen, A. T. Nguyen, and T. Nguyen. Dangling references in multi-configuration and dynamic PHP-based web applications. In Proceedings of the IEEE/ACM 28th International Conference on Automated Software Engineering (ASE), pages 399–409. IEEE Press, 2013.

[36]

H. V. Nguyen, H. A. Nguyen, T. T. Nguyen, and T. N. Nguyen. Auto-locating and fix-propagating for HTML validation errors to PHP server-side code. In Proceedings of the 2011 26th IEEE/ACM International Conference on Automated Software Engineering, pages 13–22. IEEE Computer Society, 2011.

Digital Library

[37]

A. Nishimatsu, M. Jihira, S. Kusumoto, and K. Inoue. Call-mark slicing: An efficient and economical way of reducing slice. In Proceedings of the 21st International Conference on Software Engineering, pages 422–431. ACM, 1999.

Digital Library

[38]

A. Orso, S. Sinha, and M. Harrold. Incremental slicing based on data-dependence types. In Proceedings of the IEEE International Conference on Software Maintenance, pages 158–167. IEEE Computer Society, 2001.

Digital Library

[39]

K. J. Ottenstein and L. M. Ottenstein. The program dependence graph in a software development environment. In Proceedings of the First ACM SIGSOFT/SIGPLAN Software Engineering Symposium on Practical Software Development Environments, pages 177–184. ACM, 1984.

Digital Library

[40]

F. Ricca and P. Tonella. Web application slicing. In Proceedings of the IEEE International Conference on Software Maintenance, pages 148–157. IEEE Computer Society, 2001.

Digital Library

[41]

F. Ricca and P. Tonella. Construction of the system dependence graph for web application slicing. In Proceedings of the Second IEEE International Workshop on Source Code Analysis and Manipulation, pages 123–132. IEEE Press, 2002.

Digital Library

[42]

H. Samimi, M. Schäfer, S. Artzi, T. Millstein, F. Tip, and L. Hendren. Automated repair of HTML generation errors in PHP applications using string constraint solving. In Proceedings of the 34th International Conference on Software Engineering, pages 277–287. IEEE Press, 2012.

Digital Library

[43]

P. Saxena, D. Akhawe, S. Hanna, F. Mao, S. McCamant, and D. Song. A symbolic execution framework for JavaScript. In Proceedings of the 2010 IEEE Symposium on Security and Privacy, pages 513–528. IEEE Computer Society, 2010.

Digital Library

[44]

M. Schur, A. Roth, and A. Zeller. Mining behavior models from enterprise web applications. In Proceedings of the 2013 9th Joint ESEC/FSE Meeting on Foundations of Software Engineering, pages 422–432. ACM, 2013.

Digital Library

[45]

J. Silva. A vocabulary of program slicing-based techniques. ACM Comput. Surv., 44(3):12:1–12:41, June 2012.

Digital Library

[46]

M. Sridharan, S. J. Fink, and R. Bodik. Thin slicing. In Proceedings of the 2007 ACM SIGPLAN Conference on Programming Language Design and Implementation, pages 112–122. ACM, 2007.

Digital Library

[47]

F. Tip. A survey of program slicing techniques. Technical report, Amsterdam, The Netherlands, 1994.

Digital Library

[48]

P. Tonella and F. Ricca. Web application slicing in presence of dynamic code generation. Journal of Automated Software Engineering, 12(2):259–288, 2005.

Digital Library

[49]

G. Wassermann and Z. Su. Static detection of cross-site scripting vulnerabilities. In Proceedings of the 30th International Conference on Software Engineering, pages 171–180. ACM, 2008.

Digital Library

[50]

Y. Xie and A. Aiken. Static detection of security vulnerabilities in scripting languages. In Proceedings of the 15th Conference on USENIX Security Symposium - Volume 15. USENIX Association, 2006.

Digital Library

[51]

B. Xu, J. Qian, X. Zhang, Z. Wu, and L. Chen. A brief survey of program slicing. SIGSOFT Softw. Eng. Notes, 30(2):1–36, 2005.

Digital Library

[52]

F. Yu, M. Alkhalaf, and T. Bultan. Patching vulnerabilities with sanitization synthesis. In Proceedings of the 33rd International Conference on Software Engineering (ICSE), pages 251–260. IEEE Press, 2011.

Digital Library

Cited By

Hirsch THofer B(2024)Reducing the Length of Dynamic and Relevant Slices by Pruning Boolean ExpressionsElectronics10.3390/electronics1306114613:6(1146)Online publication date: 20-Mar-2024
https://doi.org/10.3390/electronics13061146
Galindo CPérez SSilva J(2024)The expression dependence graphJournal of Logical and Algebraic Methods in Programming10.1016/j.jlamp.2024.101016(101016)Online publication date: Sep-2024
https://doi.org/10.1016/j.jlamp.2024.101016
Staicu CRahaman SKiss ÁBackes MCalandrino JTroncoso C(2023)Bilingual problemsProceedings of the 32nd USENIX Conference on Security Symposium10.5555/3620237.3620580(6133-6150)Online publication date: 9-Aug-2023
https://dl.acm.org/doi/10.5555/3620237.3620580
Show More Cited By

Index Terms

Cross-language program slicing for dynamic web applications
1. Theory of computation
  1. Semantics and reasoning
    1. Program semantics

Recommendations

A brief survey of program slicing

Program slicing is a technique to extract program parts with respect to some special computation. Since Weiser first proposed the notion of slicing in 1979, hundreds of papers have been presented in this area. Tens of variants of slicing have been ...
Abstract Program Slicing: An Abstract Interpretation-Based Approach to Program Slicing

In the present article, we formally define the notion of abstract program slicing, a general form of program slicing where properties of data are considered instead of their exact value. This approach is applied to a language with numeric and reference ...
Instant Lift Web Applications

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

ESEC/FSE 2015: Proceedings of the 2015 10th Joint Meeting on Foundations of Software Engineering

August 2015

1068 pages

ISBN:9781450336758

DOI:10.1145/2786805

General Chair:
Elisabetta Di Nitto
Politecnico di Milano, Italy
,
Program Chairs:
Mark Harman
University College London, UK
,
Patrick Heymans
University of Namur, Belgium

Copyright © 2015 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGSOFT: ACM Special Interest Group on Software Engineering

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 30 August 2015

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Funding Sources

National Science Foundation

Conference

ESEC/FSE'15

Sponsor:

SIGSOFT

ESEC/FSE'15: Joint Meeting of the European Software Engineering Conference and the ACM SIGSOFT Symposium on the Foundations of Software Engineering

August 30 - September 4, 2015

Bergamo, Italy

Acceptance Rates

Overall Acceptance Rate 112 of 543 submissions, 21%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

26
Total Citations
View Citations
470
Total Downloads

Downloads (Last 12 months)29
Downloads (Last 6 weeks)6

Reflects downloads up to 14 Sep 2024

Other Metrics

View Author Metrics

Citations

Cited By

Hirsch THofer B(2024)Reducing the Length of Dynamic and Relevant Slices by Pruning Boolean ExpressionsElectronics10.3390/electronics1306114613:6(1146)Online publication date: 20-Mar-2024
https://doi.org/10.3390/electronics13061146
Galindo CPérez SSilva J(2024)The expression dependence graphJournal of Logical and Algebraic Methods in Programming10.1016/j.jlamp.2024.101016(101016)Online publication date: Sep-2024
https://doi.org/10.1016/j.jlamp.2024.101016
Staicu CRahaman SKiss ÁBackes MCalandrino JTroncoso C(2023)Bilingual problemsProceedings of the 32nd USENIX Conference on Security Symposium10.5555/3620237.3620580(6133-6150)Online publication date: 9-Aug-2023
https://dl.acm.org/doi/10.5555/3620237.3620580
Yang HLi WCai HRoychoudhury ACadar CKim M(2022)Language-agnostic dynamic analysis of multilingual code: promises, pitfalls, and prospectsProceedings of the 30th ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering10.1145/3540250.3560880(1621-1626)Online publication date: 7-Nov-2022
https://dl.acm.org/doi/10.1145/3540250.3560880
Tanwar JKumar Sharma SMittal M(2022)Using Query-Based System with Slicing for Web Services Optimization2022 10th International Conference on Reliability, Infocom Technologies and Optimization (Trends and Future Directions) (ICRITO)10.1109/ICRITO56286.2022.9964812(1-5)Online publication date: 13-Oct-2022
https://doi.org/10.1109/ICRITO56286.2022.9964812
Grichi MAbidi MJaafar FEghan EAdams B(2021)On the Impact of Interlanguage Dependencies in Multilanguage Systems Empirical Case Study on Java Native Interface Applications (JNI)IEEE Transactions on Reliability10.1109/TR.2020.302487370:1(428-440)Online publication date: Mar-2021
https://doi.org/10.1109/TR.2020.3024873
Shen BZhang WYu AWei ZLiang GZhao HJin Z(2021)Cross-language Code Coupling Detection: A Preliminary Study on Android Applications2021 IEEE International Conference on Software Maintenance and Evolution (ICSME)10.1109/ICSME52107.2021.00040(378-388)Online publication date: Sep-2021
https://doi.org/10.1109/ICSME52107.2021.00040
Ryu SPark JPark J(2019)Toward Analysis and Bug Finding in JavaScript Web Applications in the WildIEEE Software10.1109/MS.2018.11011340836:3(74-82)Online publication date: May-2019
https://doi.org/10.1109/MS.2018.110113408
Binkley DGold NIslam SKrinke JYoo S(2019)A comparison of tree- and line-oriented observational slicingEmpirical Software Engineering10.1007/s10664-018-9675-9Online publication date: 24-Jan-2019
https://doi.org/10.1007/s10664-018-9675-9
Nguyen HPhan HKästner CNguyen T(2019)Exploring output-based coverage for testing PHP web applicationsAutomated Software Engineering10.1007/s10515-018-0246-526:1(59-85)Online publication date: 1-Mar-2019
https://dl.acm.org/doi/10.1007/s10515-018-0246-5
Show More Cited By

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents