Bounded verification of Ruby on Rails data models

Nijjar, Jaideep; Bultan, Tevfik

doi:10.1145/2001420.2001429

Cited by 21 publications

(21 citation statements)

References 20 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…There are several significant differences in this paper compared to the work presented in [16]: 1) In this paper we use an unbounded verification approach based on SMT-solvers as opposed to the bounded SAT-based verification approach used in [16]. 2) This paper directly constructs formulas in the theory of uninterpreted functions from verification queries about a given Rails data model, whereas the approach presented in [16] translates data models to Alloy specifications which Alloy Analyzer then converts to boolean SAT formulas. 3) We present a novel data model projection technique that simplifies the generated formula by removing constraints about the data model that are not relevant to the property being verified, improving the performance of the analysis.…”

Section: Methodsmentioning

confidence: 81%

“…4) We present experimental analysis demonstrating the performance of the proposed verification approach on five open source Rails applications. 5) We experimentally compare the unbounded verification approach presented in this paper with the bounded verification approach presented in [16] and show that the unbounded verification approach presented in this paper is more efficient.…”

Section: Methodsmentioning

confidence: 99%

“…The data models of all five applications were run through the ActiveRecord to Alloy translator that was implemented in our previous work [16]. The same measurements were taken as with Z3, but over an increasing bound from at most 10 objects for each class to at most 35 objects for each class.…”

Section: Methodsmentioning

confidence: 99%

“…This paper builds on our earlier work on bounded verification of Rails data models [16]. There are several significant differences in this paper compared to the work presented in [16]: 1) In this paper we use an unbounded verification approach based on SMT-solvers as opposed to the bounded SAT-based verification approach used in [16].…”

Section: Methodsmentioning

confidence: 99%

See 3 more Smart Citations

Unbounded data model verification using SMT solvers

Nijjar

Bultan

2012

Proceedings of the 27th IEEE/ACM International Conference on Automated Software Engineering

Self Cite

View full text Add to dashboard Cite

The growing influence of web applications in every aspect of society makes their dependability an immense concern. A fundamental building block of web applications that use the Model-View-Controller (MVC) pattern is the data model, which specifies the object classes and the relations among them. We present an approach for unbounded, automated verification of data models that 1) extracts a formal data model from an Object Relational Mapping, 2) converts verification queries about the data model to queries about the satisfiability of formulas in the theory of uninterpreted functions, and 3) uses a Satisfiability Modulo Theories (SMT) solver to check the satisfiability of the resulting formulas. We implemented this approach and applied it to five opensource Rails applications. Our results demonstrate that the proposed approach is feasible, and is more efficient than SAT-based bounded verification.

show abstract

Section: Methodsmentioning

confidence: 81%

Section: Methodsmentioning

confidence: 99%

Section: Methodsmentioning

confidence: 99%

Section: Methodsmentioning

confidence: 99%

See 2 more Smart Citations

Unbounded data model verification using SMT solvers

Nijjar

Bultan

2012

Proceedings of the 27th IEEE/ACM International Conference on Automated Software Engineering

Self Cite

View full text Add to dashboard Cite

show abstract

“…Bordbar and Anastasakis [4], for example, model a user's interaction with a web application using UML, and perform bounded verification of properties of that interaction by translating the UML model into Alloy using UML2Alloy; other approaches ( [22,34,29]) perform similar tasks but provide less automation. Nijjar and Bultan [27] translate Rails data models into Alloy to find inconsistencies, but do not examine controller code. Bocić and Bultan [3] and Near and Jackson [24] check Rails code, but require the user to write a specification.…”

Section: Related Workmentioning

confidence: 99%

Finding security bugs in web applications using a catalog of access control patterns

Near

Jackson

2016

Proceedings of the 38th International Conference on Software Engineering

View full text Add to dashboard Cite

We propose a specification-free technique for finding missing security checks in web applications using a catalog of access control patterns in which each pattern models a common access control use case. Our implementation, Space, checks that every data exposure allowed by an application's code matches an allowed exposure from a security pattern in our catalog. The only user-provided input is a mapping from application types to the types of the catalog; the rest of the process is entirely automatic. In an evaluation on the 50 most watched Ruby on Rails applications on Github, Space reported 33 possible bugs-23 previously unknown security bugs, and 10 false positives.

show abstract

Incremental Analysis of Evolving Alloy Models

Wang

Gligoric

et al. 2019

Tools and Algorithms for the Construction and Analysis of Systems

View full text Add to dashboard Cite

Alloy is a well-known tool-set for building and analyzing software designs and models. Alloy's key strengths are its intuitive notation based on relational logic, and its powerful analysis engine backed by propositional satisfiability (SAT) solvers to help users find subtle design flaws. However, scaling the analysis to the designs of real-world systems remains an important technical challenge. This paper introduces a new approach, iAlloy, for more efficient analysis of Alloy models. Our key insight is that users often make small and frequent changes and repeatedly run the analyzer when developing Alloy models, and the development cost can be reduced with the incremental analysis over these changes. iAlloy is based on two techniques-a static technique based on a lightweight impact analysis and a dynamic technique based on solution re-use-which in many cases helps avoid potential costly SAT solving. Experimental results show that iAlloy significantly outperforms Alloy analyzer in the analysis of evolving Alloy models with more than 50% reduction in SAT solver calls on average, and up to 7x speedup.

show abstract

Bounded verification of Ruby on Rails data models

Cited by 21 publications

References 20 publications

Unbounded data model verification using SMT solvers

Unbounded data model verification using SMT solvers

Finding security bugs in web applications using a catalog of access control patterns

Incremental Analysis of Evolving Alloy Models

Contact Info

Product

Resources

About