Managing data constraints in database-backed web applications

Database-backed web applications manipulate large amounts of persistent data, and such applications often contain constraints that restrict data length, data value, and other data properties. Such constraints are critical in ensuring the reliability and usability of these applications. In this paper, we present a comprehensive study on where data constraints are expressed, what they are about, how often they evolve, and how their violations are handled. The results show that developers struggle with maintaining consistent data constraints and checking them across different components and versions of their web applications, leading to various problems. Guided by our study, we developed checking tools and API enhancements that can automatically detect such problems and improve the quality of such applications.

[1]  Alin Deutsch,et al.  A verifier for interactive, data-driven web applications , 2005, SIGMOD '05.

[2]  Alessandro Orso,et al.  ViewPoints: differential string analysis for discovering client- and server-side input validation inconsistencies , 2012, ISSTA 2012.

[3]  Joseph P. Near,et al.  Derailer: interactive security analysis for web applications , 2014, ASE.

[4]  Tao Xie,et al.  Guided test generation for database applications via synthesized database interactions , 2014, ACM Trans. Softw. Eng. Methodol..

[5]  Ahmed E. Hassan,et al.  Detecting performance anti-patterns for applications developed using object-relational mapping , 2014, ICSE.

[6]  Armando Solar-Lezama,et al.  Precise, dynamic information flow for database-backed applications , 2015, PLDI.

[7]  Denny Damara Enterprise content management system , 2015 .

[8]  Srdjan Capkun,et al.  Verena: End-to-End Integrity Protection for Web Applications , 2016, 2016 IEEE Symposium on Security and Privacy (SP).

[9]  Ahmed E. Hassan,et al.  Finding and Evaluating the Performance Impact of Redundant Data Access for Applications that are Developed Using Object-Relational Mapping Frameworks , 2016, IEEE Transactions on Software Engineering.

[10]  Michael Pradel,et al.  Performance Issues and Optimizations in JavaScript: An Empirical Study , 2016, 2016 IEEE/ACM 38th International Conference on Software Engineering (ICSE).

[11]  Genny Tortora,et al.  Synchronization of Queries and Views Upon Schema Evolutions , 2016, ACM Trans. Database Syst..

[12]  Bin Wu,et al.  Wander Join: Online Aggregation via Random Walks , 2016, SIGMOD Conference.

[13]  Precise, dynamic information flow for database-backed applications , 2016, PLDI.

[14]  Alvin Cheung,et al.  Leveraging Lock Contention to Improve OLTP Application Performance , 2016, Proc. VLDB Endow..

[15]  Paolo Papotti,et al.  Generating Concise Entity Matching Rules , 2017, SIGMOD Conference.

[16]  Alvin Cheung,et al.  Understanding Database Performance Inefficiencies in Real-world Web Applications , 2017, CIKM.

[17]  Alvin Cheung,et al.  HoTTSQL: proving query rewrites with univalent SQL semantics , 2016, ACM-SIGPLAN Symposium on Programming Language Design and Implementation.

[18]  Alvin Cheung,et al.  Cosette: An Automated Prover for SQL , 2017, CIDR.

[19]  Alvin Cheung,et al.  Speeding up symbolic reasoning for relational queries , 2018, Proc. ACM Program. Lang..

[20]  Tevfik Bultan,et al.  Inductive verification of data model invariants in web applications using first-order logic , 2018, Automated Software Engineering.

[21]  Alvin Cheung,et al.  How not to Structure Your Database-Backed Web Applications: A Study of Performance Bugs in the Wild , 2018, 2018 IEEE/ACM 40th International Conference on Software Engineering (ICSE).

[22]  Isil Dillig,et al.  Verifying equivalence of database-driven applications , 2017, Proc. ACM Program. Lang..

[23]  Alvin Cheung,et al.  PowerStation: automatically detecting and fixing inefficiencies of database-backed web applications in IDE , 2018, ESEC/SIGSOFT FSE.

[24]  Alvin Cheung,et al.  Generating Application-specific Data Layouts for In-memory Databases , 2019, Proc. VLDB Endow..

[25]  Isil Dillig,et al.  Synthesizing database programs for schema refactoring , 2019, PLDI.