ABSTRACT
Software has become so complex that it is increasingly hard to have a complete understanding of how a particular system will behave. Web applications, their user interfaces in particular, are built with a wide variety of technologies making them particularly hard to debug and maintain. Reverse engineering techniques, either through static analysis of the code or dynamic analysis of the running application, can be used to help gain this understanding. Each type of technique has its limitations. With static analysis it is difficult to have good coverage of highly dynamic applications, while dynamic analysis faces problems with guaranteeing that generated models fully capture the behavior of the system. This paper proposes a new hybrid approach for the reverse engineering of web applications' user interfaces. The approach combines dynamic analyzes of the application at runtime, with static analyzes of the source code of the event handlers found during interaction. Information derived from the source code is both directly added to the generated models, and used to guide the dynamic analysis.
- Amalfitano, D., Fasolino, A. R., and Tramontana, P. Reverse Engineering Finite State Machines from Rich Internet Applications. In Proc. 15th WCRE, IEEE Computer Society (2008), 69--73. Google ScholarDigital Library
- Bellucci, F., Ghiani, G., Paternò, F., and Porta, C. Automatic reverse engineering of interactive dynamic web applications to support adaptation across platforms. In Proc. IUI '12, ACM Press (2012), 217--226. Google ScholarDigital Library
- Bouillon, L., Limbourg, Q., Vanderdonckt, J., and Mirchotte, B. Reverse engineering of web pages based on derivations and transformations. In Proc. LA-Web '05, IEEE Computer Society (2005), 3--. Google ScholarDigital Library
- Eilam, E. Reversing: Secrets of Reverse Engineering. Wiley, 2005. Google ScholarDigital Library
- Gimblett, A., and Thimbleby, H. User Interface Model Discovery : Towards a Generic Approach. In Proc. EICS '10, ACM Press (2010), 145--154. Google ScholarDigital Library
- Guha, A., Krishnamurthi, S., and Jim, T. Using static analysis for Ajax intrusion detection. In Proc. 18th WWW '09, ACM, Ed., ACM Press (2009), 561--570. Google ScholarDigital Library
- Ko, A. J., and Zhang, X. Feedlack detects missing feedback in web applications. In Proc. CHI '11, ACM Press (2011), 2177--2186. Google ScholarDigital Library
- Li, P., and Wohlstadter, E. View-based maintenance of graphical user interfaces. In Proc. 7th AOSD '08, ACM Press (2008), 156--167. Google ScholarDigital Library
- Memon, A., Banerjee, I., and Nagarajan, A. GUI ripping: reverse engineering of graphical user interfaces for testing. In Proc. 10th WCRE '03, IEEE Computer Society (2003), 260--269. Google ScholarDigital Library
- Mesbah, A., Bozdag, E., and van Deursen, A. Crawling AJAX by Inferring User Interface State Changes. In Proc. ICWE '08, IEEE Computer Society (2008), 122--134. Google ScholarDigital Library
- Morgado, I. C., Paiva, A. C. R., and Faria, J. a. P. Dynamic Reverse Engineering of Graphical User Interfaces. International Journal On Advances in Software 5, 3 (2012), 224--236.Google Scholar
- Morgado, I. C., Paiva, A. C. R., Faria, J. P., and Camacho, R. GUI reverse engineering with machine learning. In Proc. RAISE '12, IEEE Computer Society (2012), 27--31.Google ScholarCross Ref
- Silva, C. E. Reverse engineering of rich internet applications. Master's thesis, Escola de Engenharia, Universidade do Minho, 2009.Google Scholar
- Silva, J. C., Silva, C. E., Gonçalo, R., Saraiva, J., and Campos, J. C. The GUISurfer tool: towards a language independent approach to reverse engineering GUI code. In Proc. EICS '10, ACM Press (2010), 181--186. Google ScholarDigital Library
- Staiger, S. Static Analysis of Programs with Graphical User Interface. In Proc. CSMR '07, IEEE Computer Society (2007), 252--264. Google ScholarDigital Library
- Systa, T. On the relationships between static and dynamic models in reverse engineering Java software. In Proc. 6th WCRE 1999, IEEE Computer Society (1999), 304--313. Google ScholarDigital Library
Index Terms
- Combining static and dynamic analysis for the reverse engineering of web applications
Recommendations
Combined Static and Dynamic Analysis
Static analysis is usually faster than dynamic analysis but less precise. Therefore it is often desirable to retain information from static analysis for run-time verification, or to compare the results of both techniques. However, this requires writing ...
Reverse engineering techniques: From web applications to rich Internet applications
WSE '13: Proceedings of the 2013 IEEE 15th International Symposium on Web Systems Evolution (WSE)Web systems evolved in the last years starting from static websites to Web applications, up to Ajax-based Rich Internet Applications (RIAs). Reverse Engineering techniques followed the same evolution, too. The authors and many other WSE contributors ...
Why is dynamic analysis not used as extensively as static analysis: an industrial study
SER&IPs 2014: Proceedings of the 1st International Workshop on Software Engineering Research and Industrial PracticesCode Assessments using static and dynamic analyses are important for the maintenance of code quality of software in the industry. These analyses, though understood to be beneficial, have several practical limitations. The intent of our study was to ...
Comments