Formalization and Automated Verification of RESTful Behavior

  • Uri Klein
  • Kedar S. Namjoshi
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6806)


REST is a software architectural style used for the design of highly scalable web applications. Interest in REST has grown rapidly over the past decade, spurred by the growth of open web APIs. On the other hand, there is also considerable confusion surrounding REST: many examples of supposedly RESTful APIs violate key REST constraints. We show that the constraints of REST and of RESTful HTTP can be precisely formulated within temporal logic. This leads to methods for model checking and run-time verification of RESTful behavior. We formulate several relevant verification questions and analyze their complexity.


  1. 1.
    Abdulla, P.A., Cerans, K., Jonsson, B., Tsay, Y.K.: General decidability theorems for infinite-state systems. In: LICS (1996)Google Scholar
  2. 2.
    Aho, A.V., Lam, M.S., Sethi, R., Ullman, J.D.: Compilers: Principles, Techniques, & Tools, 2nd edn. Addison-Wesley, Reading (2007)zbMATHGoogle Scholar
  3. 3.
    Bizer, C., Heath, T., Idehen, K., Berners-Lee, T.: Linked data on the web (LDOW2008). In: WWW, pp. 1265–1266 (2008), talk by Tim Berners-Lee at TED (2009),
  4. 4.
    Clarke, E.M., Emerson, E.A.: Design and synthesis of synchronization skeletons using branching time temporal logic. In: Kozen, D. (ed.) Logic of Programs 1981. LNCS, vol. 131, Springer, Heidelberg (1982)CrossRefGoogle Scholar
  5. 5.
    Emerson, E., Clarke, E.: Proving correctness of parallel programs using fixpoints. In: de Bakker, J.W., van Leeuwen, J. (eds.) ICALP 1980. LNCS, vol. 85, Springer, Heidelberg (1980)Google Scholar
  6. 6.
    Erenkrantz, J.R., Gorlick, M.M., Suryanarayana, G., Taylor, R.N.: From representations to computations: the evolution of web architectures. In: ESEC/SIGSOFT FSE, pp. 255–264 (2007)Google Scholar
  7. 7.
    Fielding, R., Gettys, J., Mogul, J., Frystyk, H., Masinter, L., Leach, P., Berners-Lee, T.: W3C RFC 2616 (June 1999),
  8. 8.
    Fielding, R.T.: Architectural Styles and the Design of Network-based Software Architectures. Ph.D. thesis, University of California, Irving (2000)Google Scholar
  9. 9.
  10. 10.
  11. 11.
    German, S., Sistla, A.: Reasoning about systems with many processes. Journal of the ACM (1992)Google Scholar
  12. 12.
    Herlihy, M., Wing, J.M.: Linearizability: A correctness condition for concurrent objects. ACM Trans. Program. Lang. Syst. 12(3), 463–492 (1990)CrossRefGoogle Scholar
  13. 13.
    Hernández, A.G., García, M.N.M.: A formal definition of RESTful semantic web services. In: WS-REST, pp. 39–45 (2010)Google Scholar
  14. 14.
    Holzmann, G.J.: The SPIN Model Checker. Addison-Wesley, Reading (2003), Google Scholar
  15. 15.
    Klein, U., Namjoshi, K.S.: Formalization and Automated Verification of RESTful Behavior. Tech. rep., Bell Labs; Courant Institute of Mathematical Sciences, NYU TR2011-938 (2011)Google Scholar
  16. 16.
    Lichtenstein, O., Pnueli, A., Zuck, L.: The glory of the past. In: Proc. of the Conf. on Logics of Programs (1985)Google Scholar
  17. 17.
    Milner, R.: Communication and Concurrency. Prentice-Hall, Englewood Cliffs (1990)zbMATHGoogle Scholar
  18. 18.
    Namjoshi, K.S.: Symmetry and completeness in the analysis of parameterized systems. In: Cook, B., Podelski, A. (eds.) VMCAI 2007. LNCS, vol. 4349, pp. 299–313. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  19. 19.
    Papadimitriou, C.H.: Computational Complexity. Addison-Wesley, Reading (1994)zbMATHGoogle Scholar
  20. 20.
    Pnueli, A.: The temporal logic of programs. In: FOCS (1977)Google Scholar
  21. 21.
    Pnueli, A., Ruah, S., Zuck, L.D.: Automatic deductive verification with invisible invariants. In: Margaria, T., Yi, W. (eds.) TACAS 2001. LNCS, vol. 2031, pp. 82–97. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  22. 22.
    Pnueli, A., Rosner, R.: On the synthesis of a reactive module. In: POPL, pp. 179–190 (1989)Google Scholar
  23. 23.
    Queille, J., Sifakis, J.: Specification and verification of concurrent systems in CESAR. In: Dezani-Ciancaglini, M., Montanari, U. (eds.) Programming 1982. LNCS, vol. 137, Springer, Heidelberg (1982)CrossRefGoogle Scholar
  24. 24.
    Vardi, M., Wolper, P.: An automata-theoretic approach to automatic program verification. In: IEEE Symposium on Logic in Computer Science (1986)Google Scholar
  25. 25.
    Visser, W., Havelund, K., Brat, G.P., Park, S., Lerda, F.: Model checking programs. Autom. Softw. Eng. 10(2), 203–232 (2003), CrossRefGoogle Scholar
  26. 26.
    SOAP version 1.2 part 1: Messaging framework (second edition). W3C Recommendation (2007),
  27. 27.
    Uniform Resource Identifier (URI): Generic Syntax. W3C RFC 3986 (2005)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2011

Authors and Affiliations

  • Uri Klein
    • 1
  • Kedar S. Namjoshi
    • 2
  1. 1.Courant Institute of Mathematical SciencesNew York UniversityUSA
  2. 2.Bell Labs, Alcatel-LucentUSA

Personalised recommendations