detecting non-local violations of api contracts in large software systems
DESCRIPTION
Eric Bodden McGill University. Detecting non-local violations of API contracts in large software systems. public class Logging { private static Writer w ; public static void init( OutputStream os ) { w = new PrintWriter ( os ); } public static void log(String s ) { - PowerPoint PPT PresentationTRANSCRIPT
![Page 1: Detecting non-local violations of API contracts in large software systems](https://reader036.vdocuments.mx/reader036/viewer/2022062520/56815f53550346895dce3224/html5/thumbnails/1.jpg)
Detecting non-localviolations of API
contracts inlarge software
systems
Eric Bodden McGill University
![Page 2: Detecting non-local violations of API contracts in large software systems](https://reader036.vdocuments.mx/reader036/viewer/2022062520/56815f53550346895dce3224/html5/thumbnails/2.jpg)
![Page 3: Detecting non-local violations of API contracts in large software systems](https://reader036.vdocuments.mx/reader036/viewer/2022062520/56815f53550346895dce3224/html5/thumbnails/3.jpg)
3
public class Logging {
private static Writer w;
public static void init(OutputStream os) {w = new PrintWriter(os);
}
public static void log(String s) {w.write(s);
}
public static void logAll(Reader r) {StreamUtil.copyAll(r,w);
}
}
![Page 4: Detecting non-local violations of API contracts in large software systems](https://reader036.vdocuments.mx/reader036/viewer/2022062520/56815f53550346895dce3224/html5/thumbnails/4.jpg)
One month later…
![Page 5: Detecting non-local violations of API contracts in large software systems](https://reader036.vdocuments.mx/reader036/viewer/2022062520/56815f53550346895dce3224/html5/thumbnails/5.jpg)
5
public class Logging {
private static Writer w;
public static void init(OutputStream os) {w = new PrintWriter(os);
}
public static void log(String s) {w.write(s);
}
public static void logAll(Reader r) {StreamUtil.copyAll(r,w);
}
}
![Page 6: Detecting non-local violations of API contracts in large software systems](https://reader036.vdocuments.mx/reader036/viewer/2022062520/56815f53550346895dce3224/html5/thumbnails/6.jpg)
static void copyAll(Reader r, Writer w) {
int buffer = 0;try {
do {buffer = r.read();w.write(buffer);
} while(buffer!=-1);} finally {
r.close();w.close();
}}
6
![Page 7: Detecting non-local violations of API contracts in large software systems](https://reader036.vdocuments.mx/reader036/viewer/2022062520/56815f53550346895dce3224/html5/thumbnails/7.jpg)
One hour later…
![Page 8: Detecting non-local violations of API contracts in large software systems](https://reader036.vdocuments.mx/reader036/viewer/2022062520/56815f53550346895dce3224/html5/thumbnails/8.jpg)
8
public class Logging {
private static Writer w;
public static void init(OutputStream os) {w = new PrintWriter(os);
}
public static void log(String s) {w.write(s);
}
public static void logAll(Reader r) {StreamUtil.copyAll(r,w);
}
}
![Page 9: Detecting non-local violations of API contracts in large software systems](https://reader036.vdocuments.mx/reader036/viewer/2022062520/56815f53550346895dce3224/html5/thumbnails/9.jpg)
9
![Page 10: Detecting non-local violations of API contracts in large software systems](https://reader036.vdocuments.mx/reader036/viewer/2022062520/56815f53550346895dce3224/html5/thumbnails/10.jpg)
![Page 11: Detecting non-local violations of API contracts in large software systems](https://reader036.vdocuments.mx/reader036/viewer/2022062520/56815f53550346895dce3224/html5/thumbnails/11.jpg)
![Page 12: Detecting non-local violations of API contracts in large software systems](https://reader036.vdocuments.mx/reader036/viewer/2022062520/56815f53550346895dce3224/html5/thumbnails/12.jpg)
12
public class Logging {
private static Writer w;
public static void init(OutputStream os) {w = new PrintWriter(os);
}
public static void log(String s) {w.write(s);
}
public static void logAll(Reader r) {StreamUtil.copyAll(r,w);
}
}
Possible API violation on Writer w
I’m feeling lucky Show API contract Ignore
w implements type Writer, whose contract is violated.At this line, w may be in state closed. – Why?The operation write(String) is not allowed in that state.
![Page 13: Detecting non-local violations of API contracts in large software systems](https://reader036.vdocuments.mx/reader036/viewer/2022062520/56815f53550346895dce3224/html5/thumbnails/13.jpg)
![Page 14: Detecting non-local violations of API contracts in large software systems](https://reader036.vdocuments.mx/reader036/viewer/2022062520/56815f53550346895dce3224/html5/thumbnails/14.jpg)
14
public class Logging {
private static Writer w;
public static void init(OutputStream os) {w = new PrintWriter(os);
}
public static void log(String s) {w.write(s);
}
public static void logAll(Reader r) {StreamUtil.copyAll(r,w);
}
}
API violation on Writer w
StreamUtil.copyAll(..) Show API contract Ignore
w implements type Writer, whose contract is violated.w is currently in state closed, caused by StreamUtil.copyAll(..)The operation write(String) is not allowed in that state.
![Page 15: Detecting non-local violations of API contracts in large software systems](https://reader036.vdocuments.mx/reader036/viewer/2022062520/56815f53550346895dce3224/html5/thumbnails/15.jpg)
Detectingnon-local violationsof API contracts in
large software systems
![Page 16: Detecting non-local violations of API contracts in large software systems](https://reader036.vdocuments.mx/reader036/viewer/2022062520/56815f53550346895dce3224/html5/thumbnails/16.jpg)
Pure runtime
monitoring
Current approach…
![Page 17: Detecting non-local violations of API contracts in large software systems](https://reader036.vdocuments.mx/reader036/viewer/2022062520/56815f53550346895dce3224/html5/thumbnails/17.jpg)
17
abc compiler
“no writeafter close”
![Page 18: Detecting non-local violations of API contracts in large software systems](https://reader036.vdocuments.mx/reader036/viewer/2022062520/56815f53550346895dce3224/html5/thumbnails/18.jpg)
18
Current approach: Tracematchestracematch(Writer w) {
sym close after returning:call(* Writer.close()) && target(w);
sym write before:call(* Writer.write(..)) && target(w);
close write{
System.out.println(“Writer ”+w+“ was closed!”);
}}
![Page 19: Detecting non-local violations of API contracts in large software systems](https://reader036.vdocuments.mx/reader036/viewer/2022062520/56815f53550346895dce3224/html5/thumbnails/19.jpg)
close write
w1.close();
w1.write(“foo”);
w1.write(“foo”);
true falsew = o(w1) falsew = o(w1)
{System.out.println(
“Writer ”+w+“ was closed!”);
}
19
![Page 20: Detecting non-local violations of API contracts in large software systems](https://reader036.vdocuments.mx/reader036/viewer/2022062520/56815f53550346895dce3224/html5/thumbnails/20.jpg)
![Page 21: Detecting non-local violations of API contracts in large software systems](https://reader036.vdocuments.mx/reader036/viewer/2022062520/56815f53550346895dce3224/html5/thumbnails/21.jpg)
Problem 1:
How to capture an
API contract precisely
and concisely?
![Page 22: Detecting non-local violations of API contracts in large software systems](https://reader036.vdocuments.mx/reader036/viewer/2022062520/56815f53550346895dce3224/html5/thumbnails/22.jpg)
22
Problem 2:
Potentially large
runtime overhead
![Page 23: Detecting non-local violations of API contracts in large software systems](https://reader036.vdocuments.mx/reader036/viewer/2022062520/56815f53550346895dce3224/html5/thumbnails/23.jpg)
23
Problem 3:No static
guarantees
![Page 24: Detecting non-local violations of API contracts in large software systems](https://reader036.vdocuments.mx/reader036/viewer/2022062520/56815f53550346895dce3224/html5/thumbnails/24.jpg)
24
“no writeafter close”
novel static API specification language(s)
4 novel staticprogram analyses
![Page 25: Detecting non-local violations of API contracts in large software systems](https://reader036.vdocuments.mx/reader036/viewer/2022062520/56815f53550346895dce3224/html5/thumbnails/25.jpg)
![Page 26: Detecting non-local violations of API contracts in large software systems](https://reader036.vdocuments.mx/reader036/viewer/2022062520/56815f53550346895dce3224/html5/thumbnails/26.jpg)
26
Current approach: Tracematchestracematch(Writer w) {
sym close after returning:call(* Writer.close()) && target(w);
sym write before:call(* Writer.write(..)) && target(w);
close write{
System.out.println(“Writer ”+w+“ was closed!”);
}}
![Page 27: Detecting non-local violations of API contracts in large software systems](https://reader036.vdocuments.mx/reader036/viewer/2022062520/56815f53550346895dce3224/html5/thumbnails/27.jpg)
Good:
Can reason aboutsingle objects.
![Page 28: Detecting non-local violations of API contracts in large software systems](https://reader036.vdocuments.mx/reader036/viewer/2022062520/56815f53550346895dce3224/html5/thumbnails/28.jpg)
Even better:
Can reason about combinations
of objects.
![Page 29: Detecting non-local violations of API contracts in large software systems](https://reader036.vdocuments.mx/reader036/viewer/2022062520/56815f53550346895dce3224/html5/thumbnails/29.jpg)
Good:
Semantics of regular
expression matching well understood.
![Page 30: Detecting non-local violations of API contracts in large software systems](https://reader036.vdocuments.mx/reader036/viewer/2022062520/56815f53550346895dce3224/html5/thumbnails/30.jpg)
Bad:
Regular expressions bad at stating required
events.
“always close after open”
“open ¬close”?
![Page 31: Detecting non-local violations of API contracts in large software systems](https://reader036.vdocuments.mx/reader036/viewer/2022062520/56815f53550346895dce3224/html5/thumbnails/31.jpg)
Bad:
Little reuse.
“no write after close”and
“always close after open”
requires two tracematches!
![Page 32: Detecting non-local violations of API contracts in large software systems](https://reader036.vdocuments.mx/reader036/viewer/2022062520/56815f53550346895dce3224/html5/thumbnails/32.jpg)
Goal:Make API specifications
precise and concise
![Page 33: Detecting non-local violations of API contracts in large software systems](https://reader036.vdocuments.mx/reader036/viewer/2022062520/56815f53550346895dce3224/html5/thumbnails/33.jpg)
Plan
Investigate a number ofactual programs
![Page 34: Detecting non-local violations of API contracts in large software systems](https://reader036.vdocuments.mx/reader036/viewer/2022062520/56815f53550346895dce3224/html5/thumbnails/34.jpg)
Plan
Investigate a number ofactual programs
What APIs do programs use?
![Page 35: Detecting non-local violations of API contracts in large software systems](https://reader036.vdocuments.mx/reader036/viewer/2022062520/56815f53550346895dce3224/html5/thumbnails/35.jpg)
Plan
Investigate a number ofactual programs
What mistakes do people make?
![Page 36: Detecting non-local violations of API contracts in large software systems](https://reader036.vdocuments.mx/reader036/viewer/2022062520/56815f53550346895dce3224/html5/thumbnails/36.jpg)
Plan
Investigate a number ofactual programs
What specifications would have avoided
those mistakes?
![Page 37: Detecting non-local violations of API contracts in large software systems](https://reader036.vdocuments.mx/reader036/viewer/2022062520/56815f53550346895dce3224/html5/thumbnails/37.jpg)
Goal
findreoccurrin
gpatterns
![Page 38: Detecting non-local violations of API contracts in large software systems](https://reader036.vdocuments.mx/reader036/viewer/2022062520/56815f53550346895dce3224/html5/thumbnails/38.jpg)
90 / 10
concisespecifications
fall-backsolution
![Page 39: Detecting non-local violations of API contracts in large software systems](https://reader036.vdocuments.mx/reader036/viewer/2022062520/56815f53550346895dce3224/html5/thumbnails/39.jpg)
![Page 40: Detecting non-local violations of API contracts in large software systems](https://reader036.vdocuments.mx/reader036/viewer/2022062520/56815f53550346895dce3224/html5/thumbnails/40.jpg)
4 novel static program analyses
![Page 41: Detecting non-local violations of API contracts in large software systems](https://reader036.vdocuments.mx/reader036/viewer/2022062520/56815f53550346895dce3224/html5/thumbnails/41.jpg)
First static
analysis:
“QuickCheck”
![Page 42: Detecting non-local violations of API contracts in large software systems](https://reader036.vdocuments.mx/reader036/viewer/2022062520/56815f53550346895dce3224/html5/thumbnails/42.jpg)
42
count( ) = 2
count( ) = 0
close write
![Page 43: Detecting non-local violations of API contracts in large software systems](https://reader036.vdocuments.mx/reader036/viewer/2022062520/56815f53550346895dce3224/html5/thumbnails/43.jpg)
Second static
analysis:
“Consistent-
shadows analysis”
![Page 44: Detecting non-local violations of API contracts in large software systems](https://reader036.vdocuments.mx/reader036/viewer/2022062520/56815f53550346895dce3224/html5/thumbnails/44.jpg)
close write
[close,write]
44
![Page 45: Detecting non-local violations of API contracts in large software systems](https://reader036.vdocuments.mx/reader036/viewer/2022062520/56815f53550346895dce3224/html5/thumbnails/45.jpg)
o1 o2
{c1} {w1,w2}x
{c1, w1}
{c1, w2}45
new PrintWriter();
w1w2c1
[close,write]
![Page 46: Detecting non-local violations of API contracts in large software systems](https://reader036.vdocuments.mx/reader036/viewer/2022062520/56815f53550346895dce3224/html5/thumbnails/46.jpg)
Third static analysis:
“Flow-sensitive
unnecessary shadows analysis”
![Page 47: Detecting non-local violations of API contracts in large software systems](https://reader036.vdocuments.mx/reader036/viewer/2022062520/56815f53550346895dce3224/html5/thumbnails/47.jpg)
47
w = i(w1)-s1,s2
w1.close();
w1.write(“foo”);
w1.write(“foo”);
//s1
//s2
//s3
true false false
w =i(w1)-s1true true false
w = i(w1)-s1w ≠ i(w1)-s2V
w = i(w1)-s1,s2
close write
![Page 48: Detecting non-local violations of API contracts in large software systems](https://reader036.vdocuments.mx/reader036/viewer/2022062520/56815f53550346895dce3224/html5/thumbnails/48.jpg)
4th static analysis:“run-once loop optimization”
![Page 49: Detecting non-local violations of API contracts in large software systems](https://reader036.vdocuments.mx/reader036/viewer/2022062520/56815f53550346895dce3224/html5/thumbnails/49.jpg)
49
1
![Page 50: Detecting non-local violations of API contracts in large software systems](https://reader036.vdocuments.mx/reader036/viewer/2022062520/56815f53550346895dce3224/html5/thumbnails/50.jpg)
50
|.........|.........|.........|.........|.........|.........|.........|.........|.........|.........|.
|.........|.........|.........|.........|.........|.........|.........|.........|.........|.........|.
|.........|.........|.........|.........|.........|.........|.........|.........|.........|.........|.
Results
102 program/tracematch combinationsstatic guarantees in 77 cases
less than 10 shadows in 12 casesless than 10% overhead in 9 cases
|.........|.........|.........|.........|.........|.........|.........|.........|.........|.........|.
Found 5 programs with bugs or questionable code.
![Page 51: Detecting non-local violations of API contracts in large software systems](https://reader036.vdocuments.mx/reader036/viewer/2022062520/56815f53550346895dce3224/html5/thumbnails/51.jpg)
51
2008 2009
Timeline for completion2007 2008
now
case study
design spec. language(s)
openfrontend
start dissertation
![Page 52: Detecting non-local violations of API contracts in large software systems](https://reader036.vdocuments.mx/reader036/viewer/2022062520/56815f53550346895dce3224/html5/thumbnails/52.jpg)
![Page 53: Detecting non-local violations of API contracts in large software systems](https://reader036.vdocuments.mx/reader036/viewer/2022062520/56815f53550346895dce3224/html5/thumbnails/53.jpg)
![Page 54: Detecting non-local violations of API contracts in large software systems](https://reader036.vdocuments.mx/reader036/viewer/2022062520/56815f53550346895dce3224/html5/thumbnails/54.jpg)
![Page 55: Detecting non-local violations of API contracts in large software systems](https://reader036.vdocuments.mx/reader036/viewer/2022062520/56815f53550346895dce3224/html5/thumbnails/55.jpg)
![Page 56: Detecting non-local violations of API contracts in large software systems](https://reader036.vdocuments.mx/reader036/viewer/2022062520/56815f53550346895dce3224/html5/thumbnails/56.jpg)
private final void FillBuff() {...try {
if ((i = inputStream.read(...)) == -1) {inputStream.close();throw new java.io.IOException();
}else
maxNextCharInd += i;return;
}...
}
Jython / Reader (1/2)
![Page 57: Detecting non-local violations of API contracts in large software systems](https://reader036.vdocuments.mx/reader036/viewer/2022062520/56815f53550346895dce3224/html5/thumbnails/57.jpg)
57
Jython / Reader (2/2)static String getLine(BufferedReader reader, int line) { if (reader == null) return ""; try { String text=null; for(int i=0; i < line; i++) { text = reader.readLine(); } return text; } catch (IOException ioe) { return null; }}
![Page 58: Detecting non-local violations of API contracts in large software systems](https://reader036.vdocuments.mx/reader036/viewer/2022062520/56815f53550346895dce3224/html5/thumbnails/58.jpg)
58
Jython / hasNext (delegate)public Iterator iterator() { return new Iterator() { Iterator i = list.iterator(); public void remove() { throw new UnsupportedOperationException(); } public boolean hasNext() { return i.hasNext();
} public Object next() { return i.next();
} };}
![Page 59: Detecting non-local violations of API contracts in large software systems](https://reader036.vdocuments.mx/reader036/viewer/2022062520/56815f53550346895dce3224/html5/thumbnails/59.jpg)
59
pmd / HasNext (old version)private List markUsages(IDataFlowNode inode) {
...for (Iterator k = ((List)entry.getValue())
.iterator();k.hasNext();) {addAccess(k, inode);
}...
}
...
private void addAccess(Iterator k, IDataFlowNode inode) {
NameOccurrence occurrence =(NameOccurrence) k.next();
... }
![Page 60: Detecting non-local violations of API contracts in large software systems](https://reader036.vdocuments.mx/reader036/viewer/2022062520/56815f53550346895dce3224/html5/thumbnails/60.jpg)
60
pmd / HasNext (fixed version)private List markUsages(IDataFlowNode inode) {
... for (NameOccurrence occurrence: entry.getValue())
{addAccess(occurrence, inode);
}...
}
...
private void addAccess(NameOccurrence occurrence,IDataFlowNode inode) {
... }
![Page 61: Detecting non-local violations of API contracts in large software systems](https://reader036.vdocuments.mx/reader036/viewer/2022062520/56815f53550346895dce3224/html5/thumbnails/61.jpg)
![Page 62: Detecting non-local violations of API contracts in large software systems](https://reader036.vdocuments.mx/reader036/viewer/2022062520/56815f53550346895dce3224/html5/thumbnails/62.jpg)
Benchmark programs
62
antlr hsqldbbloat jythonchart luceneeclipse pmdfop xalan
pentaho scimark
![Page 63: Detecting non-local violations of API contracts in large software systems](https://reader036.vdocuments.mx/reader036/viewer/2022062520/56815f53550346895dce3224/html5/thumbnails/63.jpg)
63
TracematchesASyncIteration HasNextElem
FailSafeEnum LeakingSync
FailSafeIter Reader
HashMap Writer
HasNext …
+ program specific tracematches
![Page 64: Detecting non-local violations of API contracts in large software systems](https://reader036.vdocuments.mx/reader036/viewer/2022062520/56815f53550346895dce3224/html5/thumbnails/64.jpg)
64