SDF, Stratego and Spoofax provide a platform for development of domain-specific programming languages. On this platform, the WebDSL project started out as a case study in language engineering, and grew into a reliable tool for rapid prototyping and continuous development of web applications. Our team led by Eelco Visser develops and operates several web applications to support academic workflows. EvaTool governs the process of course quality control, importing questionnaire data, and providing lecturers and education directors with a platform to discuss and agree on improvements. WebLab is an online learning management system with a focus on programming education, with support for lab work and digital exams, used by over 40 courses. Conf Researchr is a domain-specific content management system for creating and hosting integrated websites for conferences with multiple co-located events, used by all ACM SIGPLAN and SIGSOFT conferences. MyStudyPlanning is an application for composition of individual study programs by students and verification of those programs by the exam board, used by multiple faculties at the Delft University of Technology. These tools served as practical case studies for applying the research, and ensure the continued development of the underlying platform. ... Read more

Information systems store and organize data, and manage business processes concerned with that data. Information systems aim to support operations, management and decision-making in organizations. Web applications are ideal for implementing information systems. Although existing web frameworks provide abstractions for creating web applications, there are three major issues with current web frameworks. Insufficient or leaky abstraction: web programming concerns are not sufficiently covered or abstractions contain accidental complexity. Lack of static verification: application faults are not removed during development. Security flaws: web application security issues are not sufficiently addressed in the framework, web programmers are exposed to many possible security faults.

How can the benefits of web frameworks be provided for web programming while avoiding the major issues of abstraction, static verification, and security? We propose a domain-specific language (DSL) solution. The challenge is to design a language that provides abstractions for all kinds of web programming tasks with the web framework issues in mind. We designed multiple sublanguages to address web programming concerns, and integrated them to form the WebDSL web programming language. WebDSL incorporates better abstraction for web programming concepts, has static checks on the application code with accurate error reporting, and automatically addresses security concerns in the code generation and runtime.

The primary concerns in web programming are user interfaces and data handling. Which features do we need from a user interface language? These features include both the rendering of data persisted in the database, as well as providing input-handling components to enter new data and update existing data. Additionally, data invariants need to be enforced by the system. How can a DSL provide these features in an integrated way? These are language-design challenges that are investigated in this dissertation. The user interface sublanguage of WebDSL contains several unique improvements compared to existing approaches: form submits that are safe from hidden data tampering; prevention of input identifier mismatch in action handlers; safe composition of input templates; automatic enforcement of Cross-Site Request Forgery protection; expressive data validation; and partial page updates without explicit JavaScript or DOM manipulation.

Access control is essential for the security and integrity of interactive web applications. Existing solutions for access control often consist of libraries or generic implementations of fixed policies. These rarely have clear interfacing capabilities, and they require manual extension and integration with the application code, which is error-prone. WebDSL provides a declarative access control sublanguage, which is entirely integrated with other language components and automatically weaves checks into the application code. Errors related to inconsistent application of access control checks are avoided. The access control language shows that various policies can be expressed with simple constraints, allowing concise and transparent mechanisms to be constructed.

Our work on abstractions for web programming resulted in several scientific and software contributions: The design and implementation of a linguistically integrated domain-specific language for web programming that combines abstractions for web programming concerns covering transparent persistence, user interfaces, data validation, access control, and internal site search. Sublanguages for the various concerns are integrated through static verification to prevent inconsistencies, with immediate feedback in the integrated development environment (IDE) and error messages in terms of domain concepts. WebDSL is the largest programming language created with the Stratego program transformation language and the Spoofax language workbench, in which the DSL compiler and IDE have been iteratively developed. This iterative development is a recurring pattern of discovering new abstractions, domain-specific language abstraction, and reimplementation using new core abstractions tailored to the language. To validate WebDSL, we have created several real-world applications in the domain of research and education for external clients.

In our research we aim to create solutions for problems in web engineering and language engineering by developing concepts, methods, techniques, and tools. We aim to create more than just prototypes by continuing maintenance and development beyond the proof of concept. For over 10 years, we have developed WebDSL, and created and operated practical applications for external clients. For example, EvaTool is a course evaluation application that supports processes for analyzing student feedback by lecturers and other staff. WebLab is an online learning management system with a focus on programming education (students complete programming assignments in the browser), with support for lab work and digital exams, used in dozens of courses at TU Delft. Conf Researchr is a domain-specific content management system for creating and hosting integrated websites for conferences with multiple co-located events, used by all ACM SIGPLAN and SIGSOFT conferences. MyStudyPlanning is an application for composition of individual study plans by students and verification of those plans by the exam board, used by multiple faculties at TU Delft. ... Read more

Conferences are great opportunities for sharing research, debating solutions, and networking. For the organizing committee there is a considerable deal of complexity and effort required to provide attendees and organizers with ways to find and manage programs, sessions, papers, tracks, talks, and authors. Eelco Visser found an opportunity to provide an integrated solution to these problems by designing the Conf Researchr conference management system in 2014 using our own domain-specific web programming language WebDSL. In this paper, we highlight the impact Eelco had on conference management, and how Conf Researchr evolved to become the platform of choice for hosting over 900 conference and workshop editions in SIGPLAN and SIGSOFT, among other areas of computer science research. ... Read more

Web applications are ideal for implementing information systems; they can organize and persist the data in a database, do not require installation on client machines, and can be instantly updated everywhere. However, web programming is complex due to its heterogeneous nature, causing web frameworks to suffer from insufficient or leaky abstraction, weak static consistency checking, and security features that are not enforced. We developed the WebDSL web programming language, which supports direct expression of intent, strong static consistency checking, linguistic abstractions for web programming concerns, and automatically enforces security features for web applications. We have used WebDSL for over 10 years to create information systems for academic workflows with thousands of users. Based on our experiences with these applications, we improved the WebDSL compiler and runtime to increase robustness, performance, and security of applications. In this experience report, we reflect on the lessons learned and improvements made to the language runtime. ... Read more

Derived values are values calculated from base values. They can be expressed in object-oriented languages by means of getters calculating the derived value, and in relational or logic databases by means of (materialized) views. However, switching to a different calculation strategy (for example caching) in object-oriented programming requires invasive code changes, and the databases limit expressiveness by disallowing recursive aggregation. In this paper, we present IceDust, a data modeling language for expressing derived attribute values without committing to a calculation strategy. IceDust provides three strategies for calculating derived values in persistent object graphs: Calculate-on-Read, Calculate-on-Write, and Calculate-Eventually. We have developed a path-based abstract interpretation that provides static dependency analysis to generate code for these strategies. Benchmarks show that different strategies perform better in different scenarios. In addition we have conducted a case study that suggests that derived value calculations of systems used in practice can be expressed in IceDust. ... Read more