research-article

NodeMOP: runtime verification for Node.js applications

Authors:

Filippo Schiavio,

Daniele Bonetta,

Walter BinderAuthors Info & Claims

SAC '19: Proceedings of the 34th ACM/SIGAPP Symposium on Applied Computing

Pages 1794 - 1801

https://doi.org/10.1145/3297280.3297456

Published: 08 April 2019 Publication History

Abstract

Node.js has become one of the most popular frameworks for general-purpose and server-side application development in JavaScript. However, due to its dynamic, asynchronous, event-driven programming model, Node.js applications are considered error-prone, and their correctness is hard to verify. Monitoring-Oriented Programming (MOP) is a Runtime Verification (RV) paradigm that aims at improving the safety and reliability of a software system. To the best of our knowledge, no practical RV framework targets JavaScript and Node.js applications.

In this paper, we introduce NodeMOP, a novel RV framework for JavaScript that allows one to apply RV to Node.js applications. Using NodeMOP, we have formalized two properties related to popular asynchronous APIs based on the Node.js documentation, one from the file-system module and the other from the HTTP module. NodeMOP also supports error recovery by allowing developers to define custom handlers in case of property violations. We showcase NodeMOP with our specified properties on examples of Node.js API misuse. We also evaluate the overhead of NodeMOP with benchmarks based on the introduced examples.

References

[1]

Christoffer Quist Adamsen, Anders Møller, Rezwana Karim, Manu Sridharan, Frank Tip, and Koushik Sen. 2017. Repairing Event Race Errors by Controlling Nondeterminism (ICSE). IEEE Press, Piscataway, NJ, USA, 289--299.

Digital Library

[2]

Saba Alimadadi, Sheldon Sequeira, Ali Mesbah, and Karthik Pattabiraman. 2014. Understanding JavaScript Event-based Interactions (ICSE). ACM, New York, NY, USA, 367--377.

Digital Library

[3]

Davide Ancona, Viviana Bono, and Mario Bravetti. 2016. Behavioral Types in Programming Languages. Now Publishers Inc., Hanover, MA, USA.

Digital Library

[4]

Davide Ancona, Angelo Ferrando, and Viviana Mascardi. 2016. Comparing Trace Expressions and Linear Temporal Logic for Runtime Verification. In Essays Dedicated to Frank De Boer on Theory and Practice of Formal Methods - Volume 9660. Springer-Verlag, Berlin, Heidelberg, 47--64.

Digital Library

[5]

Davide Ancona, Angelo Ferrando, and Viviana Mascardi. 2017. Parametric Runtime Verification of Multiagent Systems. In AAMAS '17. 1457--1459.

Digital Library

[6]

Davide Ancona, Luca Franceschini, Giorgio Delzanno, Maurizio Leotta, Marina Ribaudo, and Filippo Ricca. 2017. Towards Runtime Monitoring of Node.js and Its Application to the Internet of Things. In ALP4IoT. 27--42.

[7]

Esben Andreasen, Liang Gong, Anders Møller, Michael Pradel, Marija Selakovic, Koushik Sen, and Cristian-Alexandru Staicu. 2017. A Survey of Dynamic Analysis and Test Generation for JavaScript. ACM Comput. Surv. 50, 5, Article 66 (Sept. 2017), 36 pages.

Digital Library

[8]

Walter Binder, Daniele Bonetta, Cesare Pautasso, Achille Peternier, Diego Milano, Heiko Schuldt, Nenad Stojnic, Boi Faltings, and Immanuel Trummer. 2011. Towards self-organizing service-oriented architectures. In SERVICES 2011. IEEE, 115--121.

Digital Library

[9]

Daniele Bonetta, Achille Peternier, Cesare Pautasso, and Walter Binder. 2010. A multicore-aware runtime architecture for scalable service composition (APSCC '10). IEEE, 83--90.

Digital Library

[10]

Feng Chen and Grigore Roşu. 2003. Towards Monitoring-Oriented Programming: A Paradigm Combining Specification and Implementation (Electronic Notes in Theoretical Computer Science. RV '03), Vol. 89(2). Elsevier, 108--127.

[11]

Feng Chen and Grigore Roşu. 2005. Java-MOP: A Monitoring Oriented Programming Environment for Java. In TACAS '05 (LNCS), Vol. 3440. Springer-Verlag, 546--550.

Digital Library

[12]

Feng Chen and Grigore Roşu. 2007. MOP: An Efficient and Generic Runtime Verification Framework. In OOPSLA. ACM press, 569--588.

Digital Library

[13]

Feng Chen and Grigore Roşu. 2009. Parametric Trace Slicing and Monitoring (TACAS '09). Springer-Verlag, Berlin, Heidelberg, 246--261.

Digital Library

[14]

Normann Decker, Franziska Kühn, and Daniel Thoma. 2014. Runtime Verification of Web Services for Interconnected Medical Devices (ISSRE '14). 235--244.

Digital Library

[15]

Tzilla Elrad, Robert E. Filman, and Atef Bader. 2001. Aspect-oriented Programming: Introduction. Commun. ACM 44, 10 (Oct. 2001), 29--32.

Digital Library

[16]

Node.js Foundation. 2018. About | Node.js. https://nodejs.org/en/about/

[17]

Node.js Foundation. 2018. File System | Node.js v8.11.3 Documentation. https://nodejs.org/docs/latest-v8.x/api/fs.html

[18]

Node.js Foundation. 2018. HTTP | Node.js v8.11.3 Documentation. https://nodejs.org/docs/latest-v8.x/api/http.html

[19]

Sylvain Hallé, Tevfik Bultan, Graham Hughes, Muath Alkhalaf, and Roger Villemaire. 2010. Runtime Verification of Web Service Interface Contracts. IEEE Computer 43, 3 (2010), 59--66.

Digital Library

[20]

Sylvain Hallé and Roger Villemaire. 2010. Runtime Verification for the Web. In Runtime Verification, Howard Barringer, Ylies Falcone, Bernd Finkbeiner, Klaus Havelund, Insup Lee, Gordon Pace, Grigore Roşu, Oleg Sokolsky, and Nikolai Tillmann (Eds.). Springer Berlin Heidelberg, Berlin, Heidelberg, 106--121.

Digital Library

[21]

Quinn Hanam, Fernando S. de M. Brito, and Ali Mesbah. 2016. Discovering Bug Patterns in JavaScript (FSE 2016). 144--156.

Digital Library

[22]

Casper S. Jensen, Anders Møller, Veselin Raychev, Dimitar Dimitrov, and Martin Vechev. 2015. Stateless Model Checking of Event-driven Applications (OOPSLA). ACM, New York, NY, USA, 57--73.

Digital Library

[23]

Gregor Kiczales, Erik Hilsdale, Jim Hugunin, Mik Kersten, Jeffrey Palm, and William G. Griswold. 2001. An Overview of AspectJ (ECOOP). Springer-Verlag, London, UK, UK, 327--353.

Digital Library

[24]

Gregor Kiczales, John Lamping, Anurag Mendhekar, Chris Maeda, Cristina Lopes, Jean-Marc Loingtier, and John Irwin. 1997. Aspect-Oriented Programming. In ECOOP. 220--242.

[25]

Oracle Labs. 2018. GraalVM. https://www.graalvm.org/

[26]

Oracle Labs. 2018. graalvm/graaljs: A Javascript implementation built on GraalVM. https://github.com/graalvm/graaljs

[27]

Martin Leucker and Christian Schallhart. 2009. A brief account of runtime verification. The Journal of Logic and Algebraic Programming 78, 5 (2009), 293 -- 303. The 1st Workshop on Formal Languages and Analysis of Contract-Oriented Software (FLACOS).

[28]

Magnus Madsen, Ondřej Lhoták, and Frank Tip. 2017. A Model for Reasoning About JavaScript Promises. Proc. ACM Program. Lang. 1, OOPSLA, Article 86 (2017), 24 pages.

Digital Library

[29]

S. Malakuti, M. Aksit, and C. Bockisch. 2011. Distribution-Transparency in Runtime Verification. 328--335.

Digital Library

[30]

S. Malakuti, C. Bockisch, and M. Aksit. 2009. Applying the Composition Filter Model for Runtime Verification of Multiple-Language Software (ISSRE '09). 31--40.

Digital Library

[31]

Somayeh Malakuti Khah Olun Abadi, Jong Hyuk Park, Mohammad Obaidat, Mehmet Aksit, and Christoph Bockisch. 2011. Runtime Verification in Distributed Computing. Journal of convergence 2, 1 (30 6 2011), 1--10.

[32]

P. O. Meredith, D. Jin, F. Chen, and G. Rosu. 2008. Efficient Monitoring of Parametric Context-Free Patterns (ASE '08). IEEE Computer Society, Washington, DC, USA, 148--157.

Digital Library

[33]

James Newsome and Dawn Xiaodong Song. 2005. Dynamic Taint Analysis for Automatic Detection, Analysis, and Signature Generation of Exploits on Commodity Software. In NDSS.

[34]

npm Inc. 2018. npm. https://www.npmjs.com/

[35]

Formal Systems Laboratory (FSL) of the Department of Computer Science at the University of Illinois. 2018. MOP4 Syntax. http://fsl.cs.illinois.edu/index.php/MOP4_Syntax

[36]

Boris Petrov, Martin Vechev, Manu Sridharan, and Julian Dolby. 2012. Race Detection for Web Applications. SIGPLAN Not. 47, 6 (June 2012), 251--262.

Digital Library

[37]

Michael Pradel and Koushik Sen. 2015. The Good, the Bad, and the Ugly: An Empirical Study of Implicit Type Conversions in JavaScript. In ECOOP, John Tang Boyland (Ed.), Vol. 37. Dagstuhl, Germany, 519--541.

[38]

Koushik Sen, Swaroop Kalasapur, Tasneem Brutch, and Simon Gibbs. 2013. Jalangi: A Selective Record-replay and Dynamic Analysis Framework for JavaScript (ESEC/FSE). ACM, New York, NY, USA, 488--498.

Digital Library

[39]

Haiyang Sun, Daniele Bonetta, Christian Humer, and Walter Binder. 2018. Efficient Dynamic Analysis for Node.Js (CC). ACM, New York, NY, USA, 196--206.

Digital Library

[40]

Haiyang Sun, Alexander North, and Walter Binder. 2017. Multi-Process Runtime Verification for Android (APSEC '17). 701--706.

[41]

Haiyang Sun, Andrea Rosà, Omar Javed, and Walter Binder. 2017. ADRENALIN-RV: Android Runtime Verification Using Load-Time Weaving (ICST '17). 532--539.

[42]

ASM Team. 2018. ASM. https://asm.ow2.io/

[43]

ECMAScript Team. 2018. ECMAScript®2018 Language Specification. https://www.ecma-international.org/ecma-262/9.0/index.html

[44]

JavaMOP Team. 2018. Javamop/Usage.md at master - runtimeverification/java-mop. https://github.com/runtimeverification/javamop/blob/master/docs/Usage.md

[45]

Thomas Würthinger, Christian Wimmer, Christian Humer, Andreas Wöß, Lukas Stadler, Chris Seaton, Gilles Duboscq, Doug Simon, and Matthias Grimmer. 2017. Practical Partial Evaluation for High-performance Dynamic Language Runtimes. SIGPLAN Not. 52, 6 (June 2017), 662--676.

Digital Library

Cited By

Scull Pupo ANicolay JBoix E(2023)Brigadier: A Datalog-based IAST framework for Node.js Applications2023 IEEE International Conference on Software Analysis, Evolution and Reengineering (SANER)10.1109/SANER56733.2023.00054(509-521)Online publication date: Mar-2023
https://doi.org/10.1109/SANER56733.2023.00054
Leroy DLelandais BOudot MCombemale BVisser EKolovos DSöderberg E(2021)Monilogging for executable domain-specific languagesProceedings of the 14th ACM SIGPLAN International Conference on Software Language Engineering10.1145/3486608.3486906(2-15)Online publication date: 17-Oct-2021
https://dl.acm.org/doi/10.1145/3486608.3486906
Chen YJuristo N(2021)NodeSRTProceedings of the 43rd International Conference on Software Engineering: Companion Proceedings10.1109/ICSE-Companion52605.2021.00055(126-128)Online publication date: 25-May-2021
https://dl.acm.org/doi/10.1109/ICSE-Companion52605.2021.00055
Show More Cited By

Index Terms

NodeMOP: runtime verification for Node.js applications
1. General and reference
  1. Cross-computing tools and techniques
    1. Verification
2. Software and its engineering
  1. Software organization and properties
    1. Software functional properties
      1. Correctness

Recommendations

A Bottom-Up Approach to Teaching Server-Side Web Development Skills (Abstract Only)
SIGCSE '15: Proceedings of the 46th ACM Technical Symposium on Computer Science Education

When dealing with the topic of back-end programming many CS web development courses typically focus on how to use a popular web framework, for example Spring MVC or Ruby on Rails. The problem with this approach is that students will most likely end up ...
Programming Web Services on the Cloud with Node.js: (Abstract Only)
SIGCSE '18: Proceedings of the 49th ACM Technical Symposium on Computer Science Education

Node.js is one of the hottest open source web platforms currently available. It's used by companies like PayPal, DowJones, Walmart, Netflix, and Yahoo. Node.js allows you to use JavaScript to write all kinds of network servers in just a few lines of ...
Programming Web Services on the Cloud with Node.js (Abstract Only)
SIGCSE '16: Proceedings of the 47th ACM Technical Symposium on Computing Science Education

Web services (a.k.a. web APIs) allow developers to build web and mobile applications using data from multiple online sources. This workshop is aimed at CS instructors that wish to teach how to use and write web services using Node.js on a cloud ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

SAC '19: Proceedings of the 34th ACM/SIGAPP Symposium on Applied Computing

April 2019

2682 pages

ISBN:9781450359337

DOI:10.1145/3297280

Conference Chairs:
Chih-Cheng Hung
Kennesaw State University, Marietta, Georgia
,
George A. Papadopoulos
University of Cyprus, Nicosia, Cyprus

Copyright © 2019 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGAPP: ACM Special Interest Group on Applied Computing

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 08 April 2019

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

SAC '19

Sponsor:

SIGAPP

SAC '19: The 34th ACM/SIGAPP Symposium on Applied Computing

April 8 - 12, 2019

Limassol, Cyprus

Acceptance Rates

Overall Acceptance Rate 1,650 of 6,669 submissions, 25%

Upcoming Conference

SAC '25

Sponsor:
sigapp

The 40th ACM/SIGAPP Symposium on Applied Computing

March 31 - April 4, 2025

Catania , Italy

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

5
Total Citations
View Citations
155
Total Downloads

Downloads (Last 12 months)12
Downloads (Last 6 weeks)2

Reflects downloads up to 06 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

Scull Pupo ANicolay JBoix E(2023)Brigadier: A Datalog-based IAST framework for Node.js Applications2023 IEEE International Conference on Software Analysis, Evolution and Reengineering (SANER)10.1109/SANER56733.2023.00054(509-521)Online publication date: Mar-2023
https://doi.org/10.1109/SANER56733.2023.00054
Leroy DLelandais BOudot MCombemale BVisser EKolovos DSöderberg E(2021)Monilogging for executable domain-specific languagesProceedings of the 14th ACM SIGPLAN International Conference on Software Language Engineering10.1145/3486608.3486906(2-15)Online publication date: 17-Oct-2021
https://dl.acm.org/doi/10.1145/3486608.3486906
Chen YJuristo N(2021)NodeSRTProceedings of the 43rd International Conference on Software Engineering: Companion Proceedings10.1109/ICSE-Companion52605.2021.00055(126-128)Online publication date: 25-May-2021
https://dl.acm.org/doi/10.1109/ICSE-Companion52605.2021.00055
Ahmadpanah MBalliu MHedin DOlsson LSabelfeld A(2021)Securing Node-RED ApplicationsProtocols, Strands, and Logic10.1007/978-3-030-91631-2_1(1-21)Online publication date: 19-Nov-2021
https://doi.org/10.1007/978-3-030-91631-2_1
Schürmann JTegeler TSteffen B(2020)Guaranteeing Type Consistency in Collective Adaptive SystemsLeveraging Applications of Formal Methods, Verification and Validation: Engineering Principles10.1007/978-3-030-61470-6_19(311-328)Online publication date: 20-Oct-2020
https://dl.acm.org/doi/10.1007/978-3-030-61470-6_19

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents