reverse engineering techniques: from web applications to rich internet applications
DESCRIPTION
Web systems evolved in the last years starting from static websites to Web applications, up to Ajax-based Rich Internet Applications (RIAs). Reverse Engineering techniques followed the same evolution, too. The authors and many other WSE contributors proposed a lot of innovative and effective ideas providing important advances in the reverse engineering field. In this paper, we will show the historical evolution of reverse engineering approaches for Web Systems with particular attention to the ones presented in the WSE events.TRANSCRIPT
Reverse Engineering Techniques: from Web Applications to Rich
Internet Applications
Porfirio Tramontana
Domenico Amalfitano
Anna Rita Fasolino
Dipartimento di Ingegneria Elettrica e Tecnologie dell’Informazione
University of Naples Federico II, Italy
WSE & Reverse Engineering
Reverse Engineering has been one of the most discussed topics in WSE events
Common topics of WSE:
Modeling
Reverse Engineering, reengineering, refactoring
Migration from legacy systems, to Web Applications, to Rich Internet Applications
Test case Generation
Documentation Generation
Porfirio Tramontana - WSE 2013 - Eindhoven - 09/28/2013 2
Web Systems Modeling, 3 papers in 1999-2001 (and a paper in 2006)
Reverse Engineering, Comprehension, Maintenance, Documentation of:
Web Sites, 7 papers in 2000-2008
Web Applications, 6 papers in 2000-2009
Rich Internet Applications, 3 papers in 2010-2011
Porfirio Tramontana - WSE 2013 - Eindhoven - 09/28/2013 3
WSE & Reverse Engineering
Porfirio Tramontana - WSE 2013 - Eindhoven - 09/28/2013 4
Web Site Nature And Modeling
Web Sites
Web Applications
Rich Internet Applications
Reverse Engineering, Comprehension, Maintenance, Documentation
1999 2001 2002 2003 2006 2008 2009 2010 2011 2013
1 2
22
15
16
12
7
6
23
20
17 9
13
18
24
25 27
34 37
36
WSE Timeline 2000
In the first WSE editions, there was discussions about the nature of the Web Sites and the models needed for their design 1999: G. Antoniol, G. Canfora, A. Cimitile, and A. De Lucia, “WEB Sites: Files, Programs or
databases?,”
2001: H. M. Kienle and H. A. Muller, “Leveraging program analysis for Web site reverse engineering
The first models for Web Site design were adaptations of data models (RMM, WebML) 2000: G. Antoniol, G. Canfora, G. Casazza, and A. De Lucia, “Web Site Reengineering Using
RMM”
The evolution of Web Sites to Web Applications caused a corresponding evolution of models towards UML based ones 2006: F. Ricca, M. Di Penta, M. Torchiano, P. Tonella, and M. Ceccato, “An empirical study
on the usefulness of Conallen’s stereotypes inWeb application comprehension,”
Porfirio Tramontana - WSE 2013 - Eindhoven - 09/28/2013 5
Timeline 1: Web Site Nature and Modeling
Reverse Engineering suitable models describe Web Applications at a higher level of details 2002: P. Tonella and F. Ricca, “Dynamic model extraction and statistical analysis of Web
applications,”
2002: G. A. Di Lucca, A. R. Fasolino, and P. Tramontana, “Towards a better comprehensibility of web applications: lessons learned from reverse engineering experiments,”
Models supporting Web 2.0 applications extended the ones suitable for Web applications 2006: R. Djemaa, I. Amous, and A. Hamadou, “WA-UML: Towards a UML extension for
modelling Adaptive Web Applications
Porfirio Tramontana - WSE 2013 - Eindhoven - 09/28/2013 6
Timeline 1: Web Site Nature and Modeling
Porfirio Tramontana - WSE 2013 - Eindhoven - 09/28/2013 7
2000: RMM Model
G. Antoniol, G. Canfora, G. Casazza, and A. De Lucia, “Web Site Reengineering Using RMM,”
Porfirio Tramontana - WSE 2013 - Eindhoven - 09/28/2013 8
2002: Dynamic Model
P. Tonella and F. Ricca, “Dynamic model extraction and statistical analysis of Web applications,”
Porfirio Tramontana - WSE 2013 - Eindhoven - 09/28/2013 9
2002: Web Application Model
G. A. Di Lucca, A. R. Fasolino, F. Pace, P. Tramontana, and U. De Carlini, “WARE: a tool for the reverse engineering of Web applications,”
Porfirio Tramontana - WSE 2013 - Eindhoven - 09/28/2013 10
2010: RIA Dynamic Model
UserSession
Userevent
+Type
DomObject
+XPath
DomChange
+Type
ExecutedLOC
+Text
Exception
+Message
ServerResponse
+Status
1..*+Next
+Previous
0..1
0..1
1
0..*
JS FunctionExecution
+Function name+File name
1..*0..*
Call >
1
0..* 1
0..*
+Event Handler
1
1
Raise>
0..*
1
Fired > 1
0..*
+handled by 0..1
0..1
Server Call
+Asynchronous+HTTP Request
+made by
0..*
1
10..1
Attribute
+Name+Value
0..*1
1
0..1
D. Amalfitano, A. R. Fasolino, A. Polcaro, and P. Tramontana, “Comprehending Ajax Web Applications by the DynaRIA Tool,”
Reverse Engineering for migrating …
… from HTML to XML
Kirda et al., 2001;
… from Web Sites to Web Applications … By abstracting a data model, Estievenart et al, 2003
Reverse Engineering for reuse … … of clones, Aversano et al., 2001
Reverse Engineering for reengineering …
… based on dynamic analysis and statistic data, Tonella and Ricca, 2002 and 2008
… to improve the navigability, Scanniello et al., 2008
Porfirio Tramontana - WSE 2013 - Eindhoven - 09/28/2013 11
Timeline 2: Reverse Engineering of Web Sites
Part of the ‘source’ code is generated at run-time Static analysis is not able to recover anything
Dynamic analysis is not able to cover anything
Business logic, GUI and data management are often interleaved
Di Lucca et al., 2001, 2002, 2003, statically analyzed the source code, abstracted detail level diagrams, reconstructed modular architecture and and abstracted business level UML diagrams
Hassan and Holt, 2001 extracted architectural diagrams from a combination of static and dynamic analysis
Ricca et al., 2002, extracted Conallen’s diagram from dynamic analysis information Bernardi et al., 2008, et Alalfi et al. 2009, focused on more specific reverse
engineering tasks
Porfirio Tramontana - WSE 2013 - Eindhoven - 09/28/2013 13
Timeline 3: Reverse Engineering of Web Applications
2001: A. E. Hassan and R. C. Holt, “Towards a better understanding of Web applications,”
2002: G. A. Di Lucca, A. R. Fasolino, and P. Tramontana, “Towards a better comprehensibility of web applications: lessons learned from reverse engineering experiments,”
2003: G. A. Di Lucca, A. R. Fasolino, P. Tramontana, and U. De Carlini, “Abstracting business level UML diagrams from Web applications,”
2003: P. Tonella, F. Ricca, E. Pianta, and C. Girardi, “Evaluation methods for Web application clustering,”
2006: F. Ricca, M. Di Penta, M. Torchiano, P. Tonella, and M. Ceccato, “An empirical study on the usefulness of Conallen’s stereotypes inWeb application comprehension,”
2008: M. L. Bernardi, G. A. Di Lucca, and D. Distante, “Reverse engineering of Web Applications to abstract user-centered conceptual models,”
2009: M. H. Alalfi, J. R. Cordy, and T. R. Dean, “WAFA: Fine-grained dynamic analysis of web applications,”
Porfirio Tramontana - WSE 2013 - Eindhoven - 09/28/2013 14
Timeline 3: References
RIAs introduced further levels of dynamicity into Web Applications and increasing the difficulties of tasks such as architecture reconstruction and crawling.
Asynchronous calls
Client side code run-time self-modification
Pure dynamic analysis approaches have been proposed … … for test case generation, by Amalfitano et al., 2010
… for redocumentation, Amalfitano et al., 2011
… for comprehension, McIntosh et al., 2011
Porfirio Tramontana - WSE 2013 - Eindhoven - 09/28/2013 15
Timeline 4: Reverse Engineering of Rich Internet Applications
Future Perspectives
Reverse Engineering of Web Applications loses interest because:
Web Applications are not more realized from the scratch but their coding is heavily supported by visual tools for code generation and frameworks libraries
With Wordpress, CMS, ..., Web applications are essentially ‘configured’ instead of developed from scratch
Web applications are not more so different from other typologies of applications
Development models, paradigms and patterns can be the same of traditional applications
E.g. a Web Application can represent only a possible user interface for a remote user
Porfirio Tramontana - WSE 2013 - Eindhoven - 09/28/2013 17
Future Perspectives
But …
Many of the static and dynamic analysis techniques initially proposed for Web applications have recently proven their usefulness in the context of mobile applications. E.g.: Android applications are quite similar to RIAs:
They are both based on event-based GUIs
They are both based on client-server synchronous and asynchronous interactions.
Porfirio Tramontana - WSE 2013 - Eindhoven - 09/28/2013 18