Web applications have become a major platform to deliver various services to the general public, largely due to the increasing popularity of cloud services for hosting web applications and handheld devices for accessing web applications. Poor-quality web applications can lead to significant problems, including user dissatisfaction and financial losses. A key challenge imposed by web applications is due to their request-driven nature; they expose services to users and serve requests with application-defined request-handler methods. Under this request-driven paradigm, inter-request control and data dependencies exist although each request is served independently. However, tracking these dependencies across requests is challenging because of the diversity and complexity of languages and frameworks for implementing web applications. Existing techniques targeting web applications lack any inter-request analysis capability, and they may miss performance-optimization opportunities and security issues that can only be exposed in the inter-request context.
This project promotes inter-request analysis to handle the problems just cited. To build a solid foundation for inter-request analysis, this project designs and develops techniques that can effectively and efficiently capture and express control and data dependencies across requests. The proposed techniques combine statistical mining approaches with a hybrid of static and dynamic analyses. The generated workflow and dataflow models provide necessary inter-request knowledge for various analyses to extend the scope. With the inter-request workflow- and dataflow-modeling framework, this project explores performance optimization and workflow monitoring to improve the quality of web applications regarding performance, correctness, and security. From the success of previous research on inter-procedural and inter-thread analyses for handling the abstraction of procedures and threads, the concept of inter-request analysis can greatly benefit web applications and other request-driven applications through both technique development and student education.
This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.
