Example of value-oriented dependence graph

At server side, there are various techniques to develop dynamic web page such as ASP.NET with C#, JSP, and PHP. At client side, HTML and JavaScript are used widely to support the development of the web applications. Hence, we only consider the ASP.NET with C# language, and the other language such as HTML, JavaScript can be considered by simple extension. In Table 1, according to different levels with page, function, and code we classify patterns of the nodes and the edges in the value-oriented dependence graph. In Table 2,

16

according to different variables with input, global, and branch predicate we classify patterns of these variables in the value-oriented dependence graph.

Table 1. Property of Patterns of Different level

Level Pattern

Page Node .aspx

Page Edge Response.Redirect

Page Edge NavigateUrl

Function Node (protected| private |

public)?[ ](void|bool|int|float)

Function Edge Function caller

Code Node (if|else|for|while|switch)

Code Edge Flow chart

17

Table 2. Property of Patterns of Different variable

Level Pattern

Input Variable <asp:TextBox ID=/‖(a-zA-Z0-9)+/‖

Input Variable <asp:DropDownList ID=/‖(a-zA-Z0-9)+ /‖

Input Variable <asp:ListBox ID=/‖(a-zA-Z0-9)+ /‖

Input Variable <asp:CheckBox ID=/‖(a-zA-Z0-9)+ /‖

Input Variable <asp:CheckBoxList ID=/‖(a-zA-Z0-9)+ /‖

Input Variable <asp:RadioButton ID=/‖(a-zA-Z0-9)+ /‖

Input Variable <asp:RadioButtonList ID=/‖(a-zA-Z0-9)+

/‖

Global Variable Session[/ ―(a-zA-Z0-9)+ /‖]=

Global Variable =Session[/ ―(a-zA-Z0-9)+ /‖]

Branch predicate variable if((a-zA-Z0-9_>=<&|())+) Branch predicate variable while((a-zA-Z0-9_>=<&|())+) Branch predicate variable for((a-zA-Z0-9_>=<&|())+)

Branch predicate variable do

while((a-zA-Z0-9_>=<&|())+)

Branch predicate variable Switch

case 1: (a-zA-Z0-9_>=<&|())+

case 2: (a-zA-Z0-9_>=<&|())+

…

case i: (a-zA-Z0-9_>=<&|())+

…

The Example 2 is given to illustrate the value-oriented dependence graph construction algorithm, where Figures 6-1 to 6-11 show the results after executing steps 1 to 11, respectively.

18

Example 2:

The Example 2 continues Example 1. According to the source code of each page,

―Property of Patterns of Different level‖ in Table 1, and ―Property of Patterns of Different variable‖ in Table 2, we can construct the value-oriented dependence graph.

Since the pattern of page node is ―.aspx‖, after executing step 1, we can construct each page to the node in page-level as shown in Figure 6-1.

Folder Default.aspx Default.cs Show.aspx Show.cs Sales.aspx Sales.cs

Figure 6-1. Value-oriented dependence graph after executing Step 1 of VDG algorithm

Since the pattern of function node is ―(protected| private | public)?[ ](void|bool|int|float)‖

in Table 1, after executing step 2, we can construct each function for the given page to the node in function-level and connect the given page and the function with corresponding edge as shown in Figure 6-2.

Page-level Show.cs

protected void Page_Load(object sender, EventArgs e)

{ } Function-level

Figure 6-2. Value-oriented dependence graph after executing Step 2 of VDG algorithm

Default Pay Sales

Page_Load Show

19

Since the pattern of code node is ―(if|else|for|while|switch)‖ in Table 1, after executing step 3, we can construct each basic block for the given function to the node in code-level, and connect the function and the basic block with corresponding edge as shown in Figure 6-3.

……….

Int32 a=0;

if (int.Parse(vquantity2) <= 0)

{ Function-level

……….

Label3.Visible = false;

} else

{ Code-level

……….

Session["total"] = a.ToString();

Total.Text = Session["total"].ToString();

} ………..

Figure 6-3. Value-oriented dependence graph after executing Step 3 of VDG algorithm

Since the pattern of page edge is ―Response.Redirect‖ and ―NavigateUrl‖ in Table 1, after executing step 4, we can connect nodes in page-level with corresponding edges as shown in Figure 6-4.

Default.aspx

………..

<asp:TextBox ID="quantity1" runat="server">

</asp:TextBox>

<asp:HyperLink ID="HyperLink1" NavigateUrl="~/Sales.aspx"

Figure 6-4. Value-oriented dependence graph after executing Step 4 of VDG algorithm CPay1 CPay2 CPay3

Page_Load

Default Sales

20

Since the pattern of function edge in Table 1, after executing step 5, we can connect nodes in function-level with corresponding edges as shown in Figure 6-5.

protected void Page_Load(object sender, EventArgs e) { show(); }

Figure 6-5. Value-oriented dependence graph after executing Step 5 of VDG algorithm

Since the pattern of code edge in Table 1, after executing step 6, we can connect nodes in code-level with corresponding edges as shown in Figure 6-6.

……….

Int32 a=0;

if (int.Parse(vquantity2) <= 0)

{

……….

Label3.Visible = false;

} else

{ ……….

Session["total"] = a.ToString();

Total.Text = Session["total"].ToString();

} ………..

Figure 6-6. Value-oriented dependence graph after executing Step 6 of VDG algorithm

Since the pattern of input variable in Table 2, after executing step 7, we can construct input variables of each page as shown in Figure 6-7.

Page_Load show

CPay1

CPay2

C_Pay3

21

Figure 6-7. Value-oriented dependence graph after executing Step 7 of VDG algorithm

Since the pattern of global variable in Table 2, after executing step 8, we can construct global variables of each page as shown in Figure 6-8.

Pay.cs

………..

a = 500 * int.Parse(vquantity1);

Session["total"] = a.ToString();

Total.Text = Session["total"].ToString();

………..

Figure 6-8. Value-oriented dependence graph after executing Step 8 of VDG algorithm

Since the pattern of input variable, after executing step 9, we can construct tainted variables of each page as shown in Figure 6-9.

Pay.cs

………..

string vquantity1=Request.Params["quantity1"];

a = 500 * int.Parse(vquantity1);

Session["total"] = a.ToString();

………..

Figure 6-9. Value-oriented dependence graph after executing Step 9 of VDG algorithm Default

22

Since the pattern of branch predicate variables in Table 2, after executing step 10, we can construct branch predicate variables of each page as shown in Figure 6-10.

Pay.cs

………

if (Session["total"] != null) {

if (vquantity1 == null)

Figure 6-10. Value-oriented dependence graph after executing Step 10 of VDG algorithm

Since the branch predicate variables and tainted variable, after executing step 11, we can construct tainted variables in branch predicate of each page as shown in Figure 6-11.

TBP (P_i)= (



Figure 6-11. Value-oriented dependence graph after executing Step 11 of VDG algorithm