Cited By
View all- Wang PBangert JKern C(2021)If It's Not Secure, It Should Not CompileProceedings of the 43rd International Conference on Software Engineering10.1109/ICSE43902.2021.00123(1360-1372)Online publication date: 22-May-2021
Client Insourcing: Bringing Ops In-House for Seamless Re-engineering of Full-Stack JavaScript Applications
Authors: 
Kijin An, Eli TilevichAuthors Info & Claims
Kijin An, Eli TilevichAuthors Info & ClaimsPages 179 - 189
Abstract
Modern web applications are distributed across a browser-based client and a cloud-based server. Distribution provides access to remote resources, accessed over the web and shared by clients. Much of the complexity of inspecting and evolving web applications lies in their distributed nature. Also, the majority of mature program analysis and transformation tools works only with centralized software. Inspired by business process re-engineering, in which remote operations can be insourced back in house to restructure and outsource anew, we bring an analogous approach to the re-engineering of web applications. Our target domain are full-stack JavaScript applications that implement both the client and server code in this language. Our approach is enabled by Client Insourcing, a novel automatic refactoring that creates a semantically equivalent centralized version of a distributed application. This centralized version is then inspected, modified, and redistributed to meet new requirements. After describing the design and implementation of Client Insourcing, we demonstrate its utility and value in addressing changes in security, reliability, and performance requirements. By reducing the complexity of the non-trivial program inspection and evolution tasks performed to meet these requirements, our approach can become a helpful aid in the re-engineering of web applications in this domain.
References
[1]
Saba Alimadadi, Ali Mesbah, and Karthik Pattabiraman. 2016. Understanding Asynchronous Interactions in Full-stack JavaScript. In Proceedings of the 38th International Conference on Software Engineering(ICSE ’16). 1169–1180.
[2]
Kijin An. 2019. Facilitating the Evolutionary Modifications in Distributed Apps via Automated Refactoring. In Web Engineering. Springer International Publishing, 548–553.
[3]
Kijin An and Eli Tilevich. 2019. Catch & Release: An Approach to Debugging Distributed Full-Stack JavaScript Applications. In Web Engineering. 459–473.
[4]
Kijin An and Eli Tilevich. 2020. D-Goldilocks: Automatic Redistribution of Remote Functionalities for Performance and Efficiency. In 2020 IEEE 27th International Conference on Software Analysis, Evolution and Reengineering (SANER). IEEE, 251–260.
[5]
Earl T. Barr, Mark Harman, Yue Jia, Alexandru Marginean, and Justyna Petke. 2015. Automated Software Transplantation. In Proceedings of the 2015 International Symposium on Software Testing and Analysis(ISSTA 2015). 257–269.
[6]
[6] Bookworm.2019. https://github.com/davidwoodsandersen/Bookworm.
[7]
Eric J Byrne. 1992. A conceptual foundation for software re-engineering. In Proceedings of the Conference on Software Maintenance. 226–235.
[8]
Laurent Christophe, Coen De Roover, Elisa Gonzalez Boix, and Wolfgang De Meuter. 2018. Orchestrating Dynamic Analyses of Distributed Processes for Full-stack JavaScript Programs. In Proceedings of the 17th ACM SIGPLAN International Conference on Generative Programming: Concepts and Experiences(GPCE 2018). 107–118.
[9]
[9] ConfApp.2019. https://github.com/tkssharma/Ionic-conferenceApp.
[10]
Leonardo De Moura and Nikolaj Bjørner. 2008. Z3: An efficient SMT solver. In International conference on Tools and Algorithms for the Construction and Analysis of Systems. Springer, 337–340.
[11]
[11] Donuts.2019. https://github.com/VinniiOtchkov/Donuts.
[12]
[12] EmployeeDir.2019. https://github.com/ccoenraets/employee-directory-services.
[13]
Matthew Fredrikson and Benjamin Livshits. 2014. ZØ: An Optimizing Distributing Zero-Knowledge Compiler. In 23rd USENIX Security Symposium (USENIX Security 14). 909–924.
[14]
Liang Gong, Michael Pradel, and Koushik Sen. 2015. JITProf: Pinpointing JIT-unfriendly JavaScript Code. In Proceedings of the 2015 10th Joint Meeting on Foundations of Software Engineering(ESEC/FSE 2015). 357–368.
[15]
Liang Gong, Michael Pradel, Manu Sridharan, and Koushik Sen. 2015. DLint: Dynamically Checking Bad Coding Practices in JavaScript. In Proceedings of the 2015 International Symposium on Software Testing and Analysis(ISSTA 2015). 94–105.
[16]
Marco Guarnieri, Petar Tsankov, Tristan Buchs, Mohammad Torabi Dashti, and David Basin. 2017. Test execution checkpointing for web applications. In Proceedings of the 26th ACM SIGSOFT International Symposium on Software Testing and Analysis. 203–214.
[17]
Salvatore Guarnieri and Benjamin Livshits. 2009. GATEKEEPER: Mostly Static Enforcement of Security and Reliability Policies for JavaScript Code. In USENIX Security Symposium. 78–85.
[18]
Salvatore Guarnieri, Marco Pistoia, Omer Tripp, Julian Dolby, Stephen Teilhet, and Ryan Berg. 2011. Saving the World Wide Web from vulnerable JavaScript. In Proceedings of the 2011 International Symposium on Software Testing and Analysis. ACM, 177–187.
[19]
Michael Hilton, Arpit Christi, Danny Dig, Michał Moskal, Sebastian Burckhardt, and Nikolai Tillmann. 2014. Refactoring local to cloud data types for mobile apps. In Proceedings of the 1st International Conference on Mobile Software Engineering and Systems. 83–92.
[20]
Simon Holm Jensen, Manu Sridharan, Koushik Sen, and Satish Chandra. 2015. MemInsight: platform-independent memory debugging for JavaScript. In Proceedings of the 2015 10th Joint Meeting on Foundations of Software Engineering.
[21]
Y. Kwon and E. Tilevich. 2012. Energy-Efficient and Fault-Tolerant Distributed Mobile Execution. In 2012 IEEE 32nd International Conference on Distributed Computing Systems. 586–595.
[22]
Guodong Li, Esben Andreasen, and Indradeep Ghosh. 2014. SymJS: Automatic Symbolic Testing of JavaScript Web Applications. In Proceedings of the 22nd ACM SIGSOFT International Symposium on Foundations of Software Engineering(FSE 2014). 449–459.
[23]
Mario Linares-Vásquez, Kevin Moran, and Denys Poshyvanyk. 2017. Continuous, evolutionary and large-scale: A new perspective for automated mobile app testing. In 2017 IEEE International Conference on Software Maintenance and Evolution (ICSME). 399–410.
[24]
Yin Liu, Kijin An, and Eli Tilevich. 2018. RT-Trust: Automated Refactoring for Trusted Execution Under Real-Time Constraints. In Proceedings of the 17th ACM SIGPLAN International Conference on Generative Programming: Concepts and Experiences(GPCE 2018). ACM, 175–187.
[25]
Yin Liu, Kijin An, and Eli Tilevich. 2020. RT-Trust: Automated refactoring for different trusted execution environments under real-time constraints. Journal of Computer Languages 56 (2020), 100939. https://doi.org/10.1016/j.cola.2019.100939
[26]
Qingzhou Luo, Farah Hariri, Lamyaa Eloussi, and Darko Marinov. 2014. An Empirical Analysis of Flaky Tests. In Proceedings of the 22Nd ACM SIGSOFT International Symposium on Foundations of Software Engineering(FSE 2014). 643–653.
[27]
Magnus Madsen, Ondřej Lhoták, and Frank Tip. 2017. A Model for Reasoning About JavaScript Promises. Proceedings of the ACM on Programming LanguagesOOPSLA (Oct. 2017), 86:1–86:24.
[28]
Magnus Madsen, Frank Tip, and Ondřej Lhoták. 2015. Static Analysis of Event-driven Node.Js JavaScript Applications. In Proceedings of the 2015 ACM SIGPLAN International Conference on Object-Oriented Programming, Systems, Languages, and Applications(OOPSLA 2015). 505–519.
[29]
Josip Maras, Jan Carlson, and Ivica Crnkovi. 2012. Extracting Client-side Web Application Code. In Proceedings of the 21st International Conference on World Wide Web(WWW ’12). 819–828.
[30]
[30] med-chem rules.2019. https://github.com/acarl005/med-chem-rules.
[31]
James Mickens, Jeremy Elson, and Jon Howell. 2010. Mugshot: Deterministic Capture and Replay for Javascript Applications. In Proceedings of the 7th USENIX Conference on Networked Systems Design and Implementation(NSDI’10). 11–11.
[32]
Marija Mikic-Rakic and Nenad Medvidovic. 2006. A classification of disconnected operation techniques. In 32nd EUROMICRO Conference on Software Engineering and Advanced Applications (EUROMICRO’06). IEEE, 144–151.
[33]
Kivanç Muşlu, Bilge Soran, and Jochen Wuttke. 2011. Finding Bugs by Isolating Unit Tests. In Proceedings of the 19th ACM SIGSOFT Symposium and the 13th European Conference on Foundations of Software Engineering(ESEC/FSE ’11). 496–499.
[34]
David A Patterson. 2004. Latency lags bandwith. Commun. ACM (2004).
[35]
Jelica Protic, Milo Tomasevic, and Veljko Milutinovic. 1996. Distributed shared memory: Concepts and systems. IEEE Parallel & Distributed Technology: Systems & Applications (1996).
[36]
[36] realty-rest.2019. https://github.com/ccoenraets/ionic2-realty-rest.
[37]
[37] recipebook.2019. https://github.com/9bitStudios/recipebook.
[38]
[38] res-postgresql.2019. https://github.com/u4bi-sev/node-postgresql.
[39]
Ganesh Samarthyam, Girish Suryanarayana, and Tushar Sharma. 2016. Refactoring for software architecture smells. In Proceedings of the 1st International Workshop on Software Refactoring. ACM, 1–4.
[40]
Prateek Saxena, Devdatta Akhawe, Steve Hanna, Feng Mao, Stephen McCamant, and Dawn Song. 2010. A symbolic execution framework for JavaScript. In 2010 IEEE Symposium on Security and Privacy. IEEE, 513–528.
[41]
M. Selakovic and M. Pradel. 2016. Performance Issues and Optimizations in JavaScript: An Empirical Study. In 2016 IEEE/ACM 38th International Conference on Software Engineering (ICSE). 61–72.
[42]
Koushik Sen, Swaroop Kalasapur, Tasneem Brutch, and Simon Gibbs. 2013. Jalangi: A Selective Record-replay and Dynamic Analysis Framework for JavaScript. In Proceedings of the 2013 9th Joint Meeting on Foundations of Software Engineering(ESEC/FSE 2013). 488–498.
[43]
Koushik Sen, George Necula, Liang Gong, and Wontae Choi. 2015. MultiSE: Multi-path Symbolic Execution Using Value Summaries. In Proceedings of the 2015 10th Joint Meeting on Foundations of Software Engineering(ESEC/FSE 2015).
[44]
[44] shopping cart.2019. https://github.com/ComeAlongErica/full-stack-express-lab-shopping-cart.
[45]
Stelios Sidiroglou-Douskos, Eric Lahtinen, Anthony Eden, Fan Long, and Martin Rinard. 2017. CodeCarbonCopy. In Proceedings of the 2017 11th Joint Meeting on Foundations of Software Engineering(ESEC/FSE 2017). 95–105.
[46]
Chungha Sung, Markus Kusano, Nishant Sinha, and Chao Wang. 2016. Static DOM Event Dependency Analysis for Testing Web Applications. In Proceedings of the 2016 24th ACM SIGSOFT International Symposium on Foundations of Software Engineering(FSE 2016). 447–459.
[47]
[47] theBrownNode.2019. https://github.com/clintcparker/theBrownNode.
[48]
John Vilk and Emery D Berger. 2018. BLeak: automatically debugging memory leaks in web applications. In Proceedings of the 39th ACM SIGPLAN Conference on Programming Language Design and Implementation. 15–29.
[49]
Xudong Wang, Xuanzhe Liu, Ying Zhang, and Gang Huang. 2012. Migration and execution of JavaScript applications between mobile devices and cloud. In Proceedings of the 3rd annual conference on Systems, programming, and applications: software for humanity. 83–84.
[50]
Xiao Xiao, Shi Han, Charles Zhang, and Dongmei Zhang. 2015. Uncovering JavaScript performance code smells relevant to type mutations. In Asian Symposium on Programming Languages and Systems. 335–355.
Index Terms
- Client Insourcing: Bringing Ops In-House for Seamless Re-engineering of Full-Stack JavaScript Applications
Index terms have been assigned to the content through auto-classification.
Recommendations
Enhancing Web App Execution with Automated Reengineering
WWW '20: Companion Proceedings of the Web Conference 2020The execution of modern web applications is affected by distribution, mobility, and heterogeneity. The design-time assumptions of web applications rarely correspond to their runtime conditions. As a result, the efficiency, performance, and reliability ...
Finding Server-Side Endpoints with Static Analysis of Client-Side JavaScript
Computer Security. ESORICS 2023 International WorkshopsAbstractDetermining server HTTP endpoints — essentially, revealing server’s attack surface — is a crucial step of every black-box web security scanner. An indispensable method of doing that is inferring server endpoints from client side, discovering what ...
Comments
Information & Contributors
Information
Published In
April 2020
3143 pages
Copyright © 2020 ACM.
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
Sponsors
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 20 April 2020
Check for updates
Author Tags
Qualifiers
- Research-article
- Research
- Refereed limited
Conference
WWW '20
Sponsor:
Acceptance Rates
Overall Acceptance Rate 1,899 of 8,196 submissions, 23%
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- View Citations1Total Citations
- 243Total Downloads
- Downloads (Last 12 months)15
- Downloads (Last 6 weeks)0
Reflects downloads up to 11 Aug 2024
Other Metrics
Citations
Cited By
View all- Wang PBangert JKern C(2021)If It's Not Secure, It Should Not CompileProceedings of the 43rd International Conference on Software Engineering10.1109/ICSE43902.2021.00123(1360-1372)Online publication date: 22-May-2021
View Options
Get Access
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign inFull Access
View options
View or Download as a PDF file.
PDFeReader
View online with eReader.
eReaderHTML Format
View this article in HTML Format.
HTML Format