Domain-­Driven Model Inference Applied To Web Applications Sébastien Salva, William Durand — July 22, 2014 / SERP'14 0 

No content

Context 100+ applications running in production Not (fully) covered by tests Documentation may be outdated MUST be maintained! 

The only way to ensure stability while fixing a bug is to learn how the application behaves. 

But writing such models is an heavy task and error prone. A first classic solution is to express these behaviours with formal models, e.g. Input Output Symbolic Transition Systems. 

Hence the need for a model inference approach. 

Model Inference 

Inference is the act or process of reaching a conclusion about something from known facts or evidence. 

What about doing the same, programmatically? A (human) domain expert can deduce the meaning of an application execution by reading its traces. 

An expert system is a computer system that emulates the decision-making ability of a human expert. 

Model Inference Framework 

Model Generator Layers 

Rules a rule can only be applied a limited number of times on the same knowledge base the inference rules are Modus Ponens no implicit knowledge elimination 

Layer 1: Trace Filtering 1. Cleaning-up the trace set given as input, removing noise, a.k.a. irrelevant traces 2. Transforming "raw" traces into structured traces p HTTP requests and responses related to assets (CSS files, JavaScript files, images) are meaningless. 

Structured HTTP Traces Let t = req1, resp1, ..., reqn, respn be a raw HTTP trace composed of an alternate sequence of HTTP request reqi and HTTP response respi. The structured HTTP trace σ of t is the sequence (a1(p), θ1)... (an(p), θn) where: ai is the HTTP verb used to perform the request in reqi, p is the parameter set {URI, request, response}, θi is a valuation p → Dp which assigns a value to each variables of p. θ is deduced from the values extracted from reqi and respi. The resulting trace set derived from raw traces is denoted ST. 

Example GET("https://github.com/", req0, resp0) GET("https://github.com/login", ...) POST("https://github.com/session", ...) GET("https://github.com/", ...) GET("https://github.com/willdurand", ...) GET("https://github.com/willdurand/Geocoder", ...) POST("https://github.com/logout", ...) GET("https://github.com/", ...) 

Layer 2: Transformation Of The Traces Into IOSTSs 1. Translating a structured trace set ST into a run set SR 2. Deriving a first IOSTS δ1 from SR Based on δ1, it should be possible to generate a different model M, but we must preserve the following relation: traces(M) = ST 

Example 

Layers 3-­N: IOSTS Abstraction Composed of rules that emulate the ability of a human expert to simplify transitions, to analyze transition syntax in order to deduce more meaningful information related to the targeted application, and to construct more abstract models. Each layer takes an IOSTS given by the direct lower one. It represents the current base of facts. 

Layer 3 Layer 3 contains low level, generic rules that can be reused against different applications. Example rule "Identify Login Page" when $t: Transition( Action == GET, Guard.response.content contains('login-form') ) then modify ($t) { Assign.add("isLoginPage := true") } end 

Layer 3 -­ Example 

Layer 4 Layer 4 allows to infer a more abstract model composed of more expressive actions. Example rule "Identify Authentication" when $t1: Transition(Action == GET, Assign contains "isLoginPage:= true", $t1final := Lfinal) $t2: Transition(Action == PostRedirection, Linit == $t1lfinal, $t2linit := Linit) not Transition(Linit == $t2linit) then insert(new Transition("Authentication", Guard($t1.Guard,$t2.Guard), Assign($t1.Assign, $t2.Assign), $t1.Linit, $t2.Lfinal )) retract($t1) retract($t2) end 

Layer 4 -­ Example 

Need More? 

Conclusion 

Cons Writing (and maintaining) rules is harder than expected Preserving traces(M) = ST is not easy 

Pros Original approach to derive IOSTS models It Works™ 

Future Work Applying such a framework on industrial systems (WIP) Generating test cases for regression testing Finding a better way to write rules 

Thank You. Questions?