Formalizing (Web) Standards
Most popular technologies are based on informal or semi-formal standards that lack a rigid formal semantics. Typical examples include web technologies such as the DOM or HTML, which are defined by the Web Hypertext Application Technology Working Group (WHATWG) and the World Wide Web Consortium (W3C). While there might be API specifications and test cases meant to assert the compliance of implementations, the actual standard is rarely accompanied by a formal model that would lend itself for, e. g., verifying the security or safety properties of real systems.
Even when such a formalization of a standard exists, two important questions arise: first, to what extent does the formal model comply with the standard and, second, to what extent does a concrete implementation comply with the formal model and the assumptions made during the verification of certain properties?
In this paper, we present an approach that brings all three involved artifacts—the (semi-)formal standard, the formalization of the standard, and the implementations—closer together by combining verification, symbolic execution, and specification-based testing.
KeywordsStandard compliance Compliance tests DOM
- 3.Brucker, A.D., Herzberg, M.: The core DOM. Archive of Formal Proofs (2018, submitted). http://www.isa-afp.org/entries/Core_DOM.shtml. Formal proof development
- 4.Brucker, A.D., Herzberg, M.: A formal semantics of the core DOM in Isabelle/HOL. In: WWW 2018 Companion: The 2018 Web Conference Companion. ACM Press (2018). https://doi.org/10.1145/3184558.3185980
- 10.W3C: W3C DOM4 (2015). https://www.w3.org/TR/dom/
- 11.W3C: Web IDL (2017). https://heycam.github.io/webidl/
- 12.W3C: Web platform test: DOM. https://github.com/w3c/web-platform-tests/tree/master/dom. Accessed 10 Nov 2017
- 13.WHATWG: DOM - living standard (2017). https://dom.spec.whatwg.org/commit-snapshots/6253e53af2fbfaa6d25ad09fd54280d8083b2a97/. Accessed 24 Mar 2017