Abstract
Consumption of REST services has become a popular means of invoking code provided by third parties, particularly in web applications. Nowadays programmers of web applications can choose TypeScript over JavaScript to benefit from static type checking that enables validating calls to local functions or to those provided by libraries. Errors in calls to REST services, however, can only be found at runtime. In this paper, we present SRS, a language that extends the support of static analysis to calls to REST services, with the ability to statically find common errors such as missing or invalid data in REST calls and misuse of the results from such calls. SRS features a syntax similar to JavaScript and is equipped with a rich collection of types and primitives to natively support REST calls that are statically validated against specifications of the corresponding APIs written in the HeadREST language.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Anderson, C., Giannini, P., Drossopoulou, S.: Towards type inference for JavaScript. In: Black, A.P. (ed.) ECOOP 2005. LNCS, vol. 3586, pp. 428–452. Springer, Heidelberg (2005). https://doi.org/10.1007/11531142_19
Aué, J., Aniche, M.F., Lobbezoo, M., van Deursen, A.: An exploratory study on faults in web API integration in a large-scale payment company. In: Proceedings of the 40th International Conference on Software Engineering: Software Engineering in Practice, ICSE, pp. 13–22. ACM (2018). https://doi.org/10.1145/3183519.3183537
Axios: Promise based HTTP client for the browser and node.js. https://github.com/axios/axios
Barnett, M., Fähndrich, M., Leino, K.R.M., Müller, P., Schulte, W., Venter, H.: Specification and verification: the Spec# experience. Commun. ACM 54(6), 81–91 (2011)
Barnett, M., Chang, B.-Y.E., DeLine, R., Jacobs, B., Leino, K.R.M.: Boogie: a modular reusable verifier for object-oriented programs. In: de Boer, F.S., Bonsangue, M.M., Graf, S., de Roever, W.-P. (eds.) FMCO 2005. LNCS, vol. 4111, pp. 364–387. Springer, Heidelberg (2006). https://doi.org/10.1007/11804192_17
Bierman, G.M., Abadi, M., Torgersen, M.: Understanding TypeScript. In: Jones, R. (ed.) ECOOP 2014. LNCS, vol. 8586, pp. 257–281. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-662-44202-9_11
Bierman, G.M., Gordon, A.D., Hritcu, C., Langworthy, D.E.: Semantic subtyping with an SMT solver. J. Funct. Program. 22(1), 31–105 (2012). https://doi.org/10.1017/S0956796812000032
Burnay, N., et al.: Communication contracts for distributed systems development. http://rss.di.fc.ul.pt/confident
Burnay, N., Lopes, A., Vasconcelos, V.T.: SafeRESTScript: statically checking REST API consumers. arXiv:2007.08048 (2020). http://arxiv.org/abs/2007.08048
Chugh, R., Herman, D., Jhala, R.: Dependent types for JavaScript. In: Proceedings of the 27th Annual ACM SIGPLAN Conference on Object-Oriented Programming, Systems, Languages, and Applications, OOPSLA, pp. 587–606. ACM (2012). https://doi.org/10.1145/2384616.2384659
Dart: The Dart programming language. https://www.dartlang.org/
Dezfuli-Arjomandi, A.: Introducing RESTyped: end-to-end typing for REST APIs with TypeScript (2017). https://blog.falcross.com/introducing-restyped-end-to-end-typing-for-rest-apis-with-typescript/
Dunfield, J., Krishnaswami, N.R.: Complete and easy bidirectional typechecking for higher-rank polymorphism. In: ACM SIGPLAN International Conference on Functional Programming, ICFP, pp. 429–442. ACM (2013). https://doi.org/10.1145/2500365.2500582
Facebook: Flow: a static type checker for JavaScript. https://flow.org/
Ferreira, F., Pientka, B.: Bidirectional elaboration of dependently typed programs. In: Proceedings of the 16th International Symposium on Principles and Practice of Declarative Programming, pp. 161–174. ACM (2014). https://doi.org/10.1145/2643135.2643153
Fielding, R.T., Taylor, R.N.: Principled design of the modern web architecture. ACM Trans. Internet Technol. 2(2), 115–150 (2002). https://doi.org/10.1145/514183.514185
GitLab: GitLab OpenAPI documentation. https://gitlab.com/gitlab-org/gitlab-foss/blob/swagger-api/doc/api/wikis.md
Gregorio, J., Fielding, R.T., Hadley, M., Nottingham, M., Orchard, D.: URI template. RFC 6570, pp. 1–34 (2012). https://doi.org/10.17487/RFC6570
Harmony, A.: Instagram API. https://apiharmony-open.mybluemix.net/public/apis/instagram#get_locations_search
Herman, M.: Instagram search app. https://github.com/mjhea0/thinkful-mentor/blob/master/frontend/instagram-search/app.js
Hoare, C.A.R.: An axiomatic basis for computer programming. Commun. ACM 12(10), 576–580 (1969). https://doi.org/10.1145/363235.363259
JSHint: JSHint, a static code analysis tool for JavaScript. https://jshint.com/about/
Leino, K.R.M.: Dafny: an automatic program verifier for functional correctness. In: Clarke, E.M., Voronkov, A. (eds.) LPAR 2010. LNCS (LNAI), vol. 6355, pp. 348–370. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-17511-4_20
Levin, G.: The rise of REST API (2015). https://blog.restcase.com/the-rise-of-rest-api/
Meyer, B.: Object-Oriented Software Construction, 2nd edn. Prentice-Hall, Upper Saddle River (1997)
de Moura, L., Bjørner, N.: Z3: an efficient SMT solver. In: Ramakrishnan, C.R., Rehof, J. (eds.) TACAS 2008. LNCS, vol. 4963, pp. 337–340. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-78800-3_24
Oostvogels, N., Koster, J.D., Meuter, W.D.: Static typing of complex presence constraints in interfaces. In: 32nd European Conference on Object-Oriented Programming, ECOOP. LIPIcs, vol. 109, pp. 14:1–14:27. Schloss Dagstuhl - Leibniz-Zentrum für Informatik (2018). https://doi.org/10.4230/LIPIcs.ECOOP.2018.14
Pearce, D.J., Groves, L.: Whiley: a platform for research in software verification. In: Erwig, M., Paige, R.F., Van Wyk, E. (eds.) SLE 2013. LNCS, vol. 8225, pp. 238–248. Springer, Cham (2013). https://doi.org/10.1007/978-3-319-02654-1_13
Pierce, B.C., Turner, D.N.: Local type inference. In: POPL 1998, Proceedings of the 25th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, San Diego, CA, USA, 19–21 January 1998, pp. 252–265. ACM (1998). https://doi.org/10.1145/268946.268967
Richardson, L., Ruby, S.: RESTful Web Services - Web Services for the Real World. O’Reilly, Sebastopol (2007)
Sun, K., Ryu, S.: Analysis of JavaScript programs: challenges and research trends. ACM Comput. Surv. 50(4), 59:1–59:34 (2017). https://doi.org/10.1145/3106741
Thiemann, P.: Towards a type system for analyzing JavaScript programs. In: Sagiv, M. (ed.) ESOP 2005. LNCS, vol. 3444, pp. 408–422. Springer, Heidelberg (2005). https://doi.org/10.1007/978-3-540-31987-0_28
Utting, M., Pearce, D.J., Groves, L.: Making Whiley boogie!. In: Polikarpova, N., Schneider, S. (eds.) IFM 2017. LNCS, vol. 10510, pp. 69–84. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-66845-1_5
Vasconcelos, V.T., Martins, F., Lopes, A., Burnay, N.: HeadREST: a specification language for RESTful APIs. In: Boreale, M., Corradini, F., Loreti, M., Pugliese, R. (eds.) Models, Languages, and Tools for Concurrent and Distributed Programming. LNCS, vol. 11665, pp. 428–434. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-21485-2_23
Vekris, P., Cosman, B., Jhala, R.: Refinement types for TypeScript. In: Proceedings of the 37th ACM SIGPLAN Conference on Programming Language Design and Implementation, PLDI, pp. 310–325. ACM (2016). https://doi.org/10.1145/2908080.2908110
Waye, L., Chong, S., Dimoulas, C.: Whip: higher-order contracts for modern services. PACMPL 1(ICFP), 36:1–36:28 (2017). https://doi.org/10.1145/3110280
Wittern, E., Ying, A.T.T., Zheng, Y., Dolby, J., Laredo, J.A.: Statically checking web API requests in JavaScript. In: Proceedings of the 39th International Conference on Software Engineering, ICSE, pp. 244–254. IEEE/ACM (2017). https://doi.org/10.1109/ICSE.2017.30
Wittern, E., et al.: Opportunities in software engineering research for web API consumption. In: 1st IEEE/ACM International Workshop on API Usage and Evolution, WAPI@ICSE, pp. 7–10. IEEE Computer Society (2017). https://doi.org/10.1109/WAPI.2017.1
Acknowledgements
This work was supported by FCT through the LASIGE Research Unit, ref. UIDB/00408/2020, and by project Confident ref. PTDC/EEI-CTP/4503/2014.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this paper
Cite this paper
Burnay, N., Lopes, A., Vasconcelos, V.T. (2020). Statically Checking REST API Consumers. In: de Boer, F., Cerone, A. (eds) Software Engineering and Formal Methods. SEFM 2020. Lecture Notes in Computer Science(), vol 12310. Springer, Cham. https://doi.org/10.1007/978-3-030-58768-0_15
Download citation
DOI: https://doi.org/10.1007/978-3-030-58768-0_15
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-58767-3
Online ISBN: 978-3-030-58768-0
eBook Packages: Computer ScienceComputer Science (R0)