Web applications development is usually based on a three layer architecture that divides applications into client interface, business logic and database layers. In practice, applications are developed in heterogeneous programming language environments, and in particular, the application logic is specified using general purpose programming languages to define computations and specialized query languages to access information stored in databases. The two language paradigms have several mismatches making the integration between layers on of the most important aspects of web application development. This prototype focus on bridging the gap between layers, avoiding the usage of dialects and programming conventions in layers interaction, and communication code not subject to effective mechanical verifications.
LiveWeb is a typed core language for web applications that integrates interface, business logic and database manipulation operations. Interactions between layers are represented at a higher level of abstraction providing basic safety of properties and elimination of common programming errors.
LiveWeb language contains three programming elements: entities, screens and actions. Entities are containers of structured persistent data implemented in database tables. Operations over entities mimic a subset of the standard query language (SQL). Screens are abstractions over a user interface definition language whose values are web pages. Screens may be parameterized and some of the user interface expressions may contain general purpose expressions to be executed back at the server. Actions are abstractions over general purpose expressions comprising operations over entities, screens and other values.
LiveWeb system is composed by two separate interaction modes: execution mode and development mode. The first mode is similar to a normal interaction with a common Web Server and contains a Data Database and the Language Interpreter. Development mode consists in a web based IDE for managing actions, screens and entities, and allows to publish new applications definitions. Upon submitting new definitions, the Language Type Checker and the CVC3 SMT Solver statically check the entire application, and only allows to publish applications considered sound by both. A Code Database is used to keep track of the modifications performed on each definition.
Luis Caires.
Miguel Domingues
João Seco
Mário Pires
Hugo Vieira
Caires, L, Pérez, J.A., Seco, J.C, Vieira, H.T.: Type-based Access Control in Data-centric Systems
Caires, L., Seco, J.C., Perez, J., Vieira, H.T.: Type based access control to database entities
Talk at RADICAL 2010 [slides]
Seco, J.C., Perez, J.A., Vieira, H.T., Caires, L.: Language Based Security for Database Access Control
Talk at Second Meeting: NET-SCIP Workshop on Security [abstract]
Domingues, M.B., Seco, J.C.: Liveweb - Core Language for Web Applications.
In: Proceedings of InForum 2010. Universidade do Minho (September 2010) [pdf | slides]
Domingues, M.B.: Core Language for Web Applications.
MSc Thesis (July 2010) [pdf]
Latest Version: v0.1
Install Instructions:
This work is partially supported by the FCT funded Certified Interfaces project NGN44-CMUPortugal.