Write a Blog >>
Wed 11 Nov 2020 01:30 - 01:32 at Virtual room 2 - Cloud / Services 2

The landscape of web APIs is evolving to meet new client requirements and to facilitate how providers fulfill them. A recent web API model is GraphQL, which is both a query language and a runtime. Using GraphQL, client queries express the data they want to retrieve or mutate, and servers respond with exactly those data or changes. GraphQL’s expressiveness is risky for service providers because clients can succinctly request stupendous amounts of data, and responding to overly complex queries can be costly or disrupt service availability. Recent empirical work has shown that many service providers are at risk. Using traditional API management methods is not sufficient, and practitioners lack principled means of estimating and measuring the cost of the GraphQL queries they receive.
In this work, we present a linear-time GraphQL query analysis that can measure the cost of a query without executing it. Our approach can be applied in a separate API management layer and used with arbitrary GraphQL backends. In contrast to existing static approaches, our analysis supports common GraphQL conventions that affect query cost, and our analysis is provably correct based on our formal specification of GraphQL semantics.
We demonstrate the potential of our approach using a novel GraphQL query-response corpus for two commercial GraphQL APIs. Our query analysis consistently obtains upper cost bounds, tight enough relative to the true response sizes to be actionable for service providers. In contrast, existing static GraphQL query analyses exhibit over-estimates and under-estimates because they fail to support GraphQL conventions.

Conference Day
Wed 11 Nov

Displayed time zone: (UTC) Coordinated Universal Time change

01:30 - 02:00
01:30
2m
Talk
A Principled Approach to GraphQL Query Cost AnalysisACM SIGSOFT Distinguished Paper Award
Research Papers
Alan ChaIBM Research, USA, Erik WitternIBM, USA, Guillaume BaudartIBM Research, USA, James C. DavisPurdue University, USA, Louis MandelIBM Research, USA, Jim A. LaredoIBM Research, USA
DOI Pre-print Media Attached
01:33
1m
Talk
Block Public Access: Trust Safety Verification of Access Control Policies
Research Papers
Malik BouchetAmazon, USA, Byron CookAmazon, Bryant CutlerAmazon, USA, Anna DruzkinaAmazon, USA, Andrew GacekAmazon, USA, Liana HadareanAmazon, Ranjit JhalaAmazon, USA, Brad MarshallAmazon, USA, Dan PeeblesAmazon, USA, Neha RungtaAmazon Web Services, Cole SchlesingerAmazon, USA, Chriss StephensAmazon, USA, Carsten VarmingAmazon, USA, Andy WarfieldAmazon, USA
DOI
01:35
1m
Talk
Efficient Incident Identification from Multi-dimensional Issue Reports via Meta-heuristic Search
Research Papers
Jiazhen GuFudan University, China, Chuan LuoMicrosoft Research, China, Si QinMicrosoft Research, n.n., Bo QiaoMicrosoft Research, China, Qingwei LinMicrosoft Research, China, Hongyu ZhangUniversity of Newcastle, Australia, Ze LiMicrosoft, USA, Yingnong DangMicrosoft, USA, Shaowei CaiInstitute of Software at Chinese Academy of Sciences, China, Wei-Cheng WuUniversity of Southern California, USA, Yangfan ZhouFudan University, China, Murali ChintalapatiMicrosoft, n.n., Dongmei ZhangMicrosoft Research, China
DOI
01:37
1m
Talk
Graph-Based Trace Analysis for Microservice Architecture Understanding and Problem Diagnosis
Industry Papers
Xiaofeng GuoFudan University, China, Xin PengFudan University, China, Hanzhang WangeBay, Wanxue LieBay, USA, Huai JiangeBay, USA, Dan DingFudan University, China, Tao XiePeking University, Liangfei SueBay, USA
DOI
01:39
1m
Talk
Real-Time Incident Prediction for Online Service Systems
Research Papers
Nengwen ZhaoTsinghua University, Junjie ChenTianjin University, China, Zhou WangBizSeer, China, Xiao PengBeijing University of Posts and Telecommunications, China, Gang WangChina EverBright Bank, Yong WuChina EverBright Bank, Fang ZhouChina EverBright Bank, Zhen FengEverBright Bank, China, Xiaohui NieEverBright Bank, China, Wenchi ZhangTsinghua University, China, Kaixin SuiBizSeer, Dan PeiBizSeer, China
DOI
01:41
1m
Talk
Scaling Static Taint Analysis to Industrial SOA Applications: A Case Study at Alibaba
Industry Papers
Jie WangPeking University, China / Ant Group, China / Alibaba Group, China, Yunguang WuAnt Group, China, Gang ZhouAnt Group, China, Yiming YuAnt Group, China, Zhenyu GuoAnt Group, China, Yingfei XiongPeking University
DOI
01:43
17m
Talk
Conversations on Cloud / Services 2
Paper Presentations
Alan ChaIBM Research, USA, Andrew Gacek, Jiazhen Gu, Jie WangInstitute of Software, Chinese Academy of Sciences, Nengwen ZhaoTsinghua University, Xiaofeng GuoFudan University, China, M: Satish ChandraFacebook, USA