reverse engineering finite state machines from rich internet applications
DESCRIPTION
In the last years, Rich Internet Applications (RIAs) have emerged as a new generation of web applications offering greater usability and interactivity than traditional ones. A combination of web technologies give RIAs new client-side elaboration capacity, new presentation features, and different communication mechanisms between client and server side, making them very similar to desktop applications and able to provide richer user experiences. At the same time, RIAs introduce new issues and challenges in all the web application lifecycle activities. As an example, a key problem with RIAs consists of defining suitable models for representing them from several points of view and defining Reverse Engineering processes for obtaining them effectively. This paper proposes a model based on Finite State Machines for representing the behaviour offered by a RIA implemented with Ajax-based techniques, and presents a reverse engineering process and a tool for producing this model. The reverse engineering process is based on dynamic analysis of the RIA and employs clustering techniques based on equivalence criteria for solving the problem of state explosion of the state machine. A case study illustrated in the paper shows the results of a preliminary experiment where the proposed process has been executed with success for reverse engineering the behaviour of an existing RIA.TRANSCRIPT
Reverse Engineering Finite Reverse Engineering Finite State Machines from Rich State Machines from Rich
Internet ApplicationsInternet Applications
Domenico AmalfitanoDomenico Amalfitano
Anna Rita FasolinoAnna Rita Fasolino
Porfirio Tramontana Porfirio Tramontana
Dipartimento di Informatica e Dipartimento di Informatica e SistemisticaSistemistica
University of Naples Federico II, ItalyUniversity of Naples Federico II, Italy
Porfirio Tramontana – WCRE 2008 – Antwerp – 10/15/2008Porfirio Tramontana – WCRE 2008 – Antwerp – 10/15/2008 22
MotivationMotivation
In the last years, Rich Internet Applications (RIAs) have emerged as a new generation of web applications offering greater usability and interactivity than traditional ones. Web pages have been transformed in complex GUIs with
synchronous and asynchronous interactions with the user and with the resources
Key problems: to define models that are suitable for RIAs
representation to define Reverse Engineering techniques for the
abstraction of the proposed model
Porfirio Tramontana – WCRE 2008 – Antwerp – 10/15/2008Porfirio Tramontana – WCRE 2008 – Antwerp – 10/15/2008 33
RIA pages vs plain HTML pagesRIA pages vs plain HTML pages
Complex interactions between the user and Complex interactions between the user and the RIA in the browser environment are the RIA in the browser environment are designed and implemented in Javascriptdesigned and implemented in Javascript A simple model comprehending only pages and A simple model comprehending only pages and
forms (e.g. the Conallen model) is not more suitable forms (e.g. the Conallen model) is not more suitable to describe RIAsto describe RIAs
Javascript event handlers can be associated to Javascript event handlers can be associated to any DOM element and are able to modify the any DOM element and are able to modify the DOM instance itselfDOM instance itself
XHR objects are also able to manage Http XHR objects are also able to manage Http communications communications
Porfirio Tramontana – WCRE 2008 – Antwerp – 10/15/2008Porfirio Tramontana – WCRE 2008 – Antwerp – 10/15/2008 44
RIA Interactions Conceptual modelRIA Interactions Conceptual model
Server Page
Client Interface
DOM
DOM Element
1
1
1..*
1..*
1..*Transition
+End Transition Timestamp
Http Request
XHR RequestWeb Page Request
Server Resource
*
1
*
1
Event Listener
+Builds
1
*
*1..*
Raised Event
+Timestamp
Event Handler
1
*
1
0..1
0..*1
User Event Listener
Time Event Listener
Http Response Event Listener
0..*1
1
1
• A Client A Client Interface Interface correspond to correspond to the DOM the DOM instanced at a instanced at a given time in given time in the browserthe browser
• The raise of an The raise of an event to which event to which an event an event handler is handler is associated can associated can cause a cause a transition to transition to another client another client interface (i.e. a interface (i.e. a variation of the variation of the DOM)DOM)
Porfirio Tramontana – WCRE 2008 – Antwerp – 10/15/2008Porfirio Tramontana – WCRE 2008 – Antwerp – 10/15/2008 55
Transition GraphTransition Graph
RIA interactions can be modelled as a Transition RIA interactions can be modelled as a Transition Graph, whereGraph, where
each node is associated with a distinct Client Interfaceeach node is associated with a distinct Client Interface each edge corresponds to the raise of an event each edge corresponds to the raise of an event
The event handler execution causes the variation between Client The event handler execution causes the variation between Client Interfaces.Interfaces.
Porfirio Tramontana – WCRE 2008 – Antwerp – 10/15/2008Porfirio Tramontana – WCRE 2008 – Antwerp – 10/15/2008 66
Reverse Engineering Process 1/2Reverse Engineering Process 1/2
Event Waiting
entry/DOM Extraction
Start Tracing Event Handling Completion Waiting
entry/Transition Tracingexit/End transition Tracing
Raised Event
Event Handling Completed
End Tracing
In order to reconstruct the model of a RIA, a three steps In order to reconstruct the model of a RIA, a three steps process has been proposedprocess has been proposed
The Extraction step is obtained by dynamic analysisThe Extraction step is obtained by dynamic analysis
A user navigates the RIA while it is monitored.A user navigates the RIA while it is monitored. Probes applied externally to the DOM structure allow the Probes applied externally to the DOM structure allow the tracing of the complete cycle of event raising/handling with a tracing of the complete cycle of event raising/handling with a non-invasive approachnon-invasive approach
For each observed Client Interface the complete set of tags, For each observed Client Interface the complete set of tags, attributes and event handlers is storedattributes and event handlers is stored
Porfirio Tramontana – WCRE 2008 – Antwerp – 10/15/2008Porfirio Tramontana – WCRE 2008 – Antwerp – 10/15/2008 77
Reverse Engineering Process 2/2Reverse Engineering Process 2/2
In this step the retrieved information are analyzed in order to abstract the In this step the retrieved information are analyzed in order to abstract the FSM Model of the RIAFSM Model of the RIA
Two open issues:Two open issues: When a Client Interface should be considered equivalent to a previously visited When a Client Interface should be considered equivalent to a previously visited
one?one? What DOM elements and properties should be considered in order to compare What DOM elements and properties should be considered in order to compare
two Client Interfaces?two Client Interfaces?
Two possible criteria to cluster together a pair of Client Interfaces have Two possible criteria to cluster together a pair of Client Interfaces have been proposed:been proposed:
Criterion C1 considers equivalent two Client Interfaces if the corresponding DOM Criterion C1 considers equivalent two Client Interfaces if the corresponding DOM structures include the same set of DOM elements with the same registered structures include the same set of DOM elements with the same registered event listeners and handlersevent listeners and handlers
Criterion C2 considers equivalent two Client Interfaces if the criterion C1 is Criterion C2 considers equivalent two Client Interfaces if the criterion C1 is satisfied and the set of Http requests and time event listeners are equivalent, satisfied and the set of Http requests and time event listeners are equivalent, too. too.
A Concept Assignment step, assisted by an expert, must be carried in A Concept Assignment step, assisted by an expert, must be carried in order to assess if the applied equivalence criterion has been able to cluster order to assess if the applied equivalence criterion has been able to cluster together Client Interfaces corresponding to actual Interaction Statestogether Client Interfaces corresponding to actual Interaction States
Porfirio Tramontana – WCRE 2008 – Antwerp – 10/15/2008Porfirio Tramontana – WCRE 2008 – Antwerp – 10/15/2008 88
RE-RIA ToolRE-RIA Tool
ExtractorGUI
Abstractor
ReverseEngineering
ProcessManager
BrowserDOM
Extractor
Clustering
FSMAbstractor
DataBase<<artifact>> Statechart
Diagram
<<artifact>>
Trace Extractor
DOM Querying
• The Tool supports the proposed Reverse Engineering Process The Tool supports the proposed Reverse Engineering Process • It is realised in Java with JavaXPCOM library in order to embed a It is realised in Java with JavaXPCOM library in order to embed a Mozilla instance into the toolMozilla instance into the tool
Porfirio Tramontana – WCRE 2008 – Antwerp – 10/15/2008Porfirio Tramontana – WCRE 2008 – Antwerp – 10/15/2008 99
An example (1/2)An example (1/2)
• Based on Based on FilmDBFilmDB Ajax Ajax application for data application for data management of a personal management of a personal movie archive. movie archive.
• Five Users Sessions Five Users Sessions corresponding to the corresponding to the entering/exiting the personal entering/exiting the personal movie area use case scenarios movie area use case scenarios were exercised by a user and were exercised by a user and traced and collected by the tooltraced and collected by the tool
• A Transition Graph with 60 A Transition Graph with 60 nodes and 59 edges was nodes and 59 edges was preliminary obtainedpreliminary obtained
SCHERMATA FILMDBSCHERMATA FILMDB
Porfirio Tramontana – WCRE 2008 – Antwerp – 10/15/2008Porfirio Tramontana – WCRE 2008 – Antwerp – 10/15/2008 1010
Example (2/2)Example (2/2)
• The C1 criterion was able to The C1 criterion was able to reduce the TG to 8 nodes and reduce the TG to 8 nodes and 22 transitions22 transitions
• A Concept Assignment A Concept Assignment activity revealed that some activity revealed that some nodes could not be associated nodes could not be associated with meaningful states, but had with meaningful states, but had to be split into further logical to be split into further logical states. states.
• The C2 criterion produced a The C2 criterion produced a TG with 12 nodes and 23 TG with 12 nodes and 23 transitions that was validated transitions that was validated by the Concept Assignment by the Concept Assignment activityactivity
Porfirio Tramontana – WCRE 2008 – Antwerp – 10/15/2008Porfirio Tramontana – WCRE 2008 – Antwerp – 10/15/2008 1111
Conclusions and Future WorksConclusions and Future Works
This paper presented the initial results of a research This paper presented the initial results of a research project that aims at defining and validating project that aims at defining and validating techniques for reverse engineering software techniques for reverse engineering software representation models from Rich Internet representation models from Rich Internet Applications. Applications.
The proposing clustering criteria seems to be useful The proposing clustering criteria seems to be useful for the abstraction of a compact behaviour model of for the abstraction of a compact behaviour model of the RIA interfacesthe RIA interfaces Further criteria that are able to reduce the Concept Further criteria that are able to reduce the Concept
Assignment step effort will be proposed in futureAssignment step effort will be proposed in future The suitability of the obtained model to specific The suitability of the obtained model to specific
tasks, such as GUI testing, quality evaluation, tasks, such as GUI testing, quality evaluation, migration to services will be explored in future worksmigration to services will be explored in future works
Porfirio Tramontana – WCRE 2008 – Antwerp – 10/15/2008Porfirio Tramontana – WCRE 2008 – Antwerp – 10/15/2008 1212