1 / 64

Detecting non-local violations of API contracts in large software systems

Eric Bodden McGill University. Detecting non-local violations of API contracts in large software systems. public class Logging { private static Writer w ; public static void init( OutputStream os ) { w = new PrintWriter ( os ); } public static void log(String s ) {

adah
Download Presentation

Detecting non-local violations of API contracts in large software systems

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Eric Bodden McGill University Detecting non-localviolations of API contracts inlarge software systems

  2. public class Logging { private static Writer w; public staticvoid init(OutputStreamos) { w = new PrintWriter(os); } public static void log(String s) { w.write(s); } public static voidlogAll(Reader r) { StreamUtil.copyAll(r,w); } }

  3. One month later…

  4. public class Logging { private static Writer w; public staticvoid init(OutputStreamos) { w = new PrintWriter(os); } public static void log(String s) { w.write(s); } public static voidlogAll(Reader r) { StreamUtil.copyAll(r,w); } }

  5. static voidcopyAll(Reader r, Writer w) { intbuffer = 0; try { do { buffer = r.read(); w.write(buffer); } while(buffer!=-1); } finally { r.close(); w.close(); } }

  6. One hour later…

  7. public class Logging { private static Writer w; public staticvoid init(OutputStreamos) { w = new PrintWriter(os); } public static void log(String s) { w.write(s); } public static voidlogAll(Reader r) { StreamUtil.copyAll(r,w); } }

  8. public class Logging { private static Writer w; public staticvoid init(OutputStreamos) { w = new PrintWriter(os); } public static void log(String s) { w.write(s); } public static voidlogAll(Reader r) { StreamUtil.copyAll(r,w); } } Possible API violation on Writer w I’m feeling lucky Show API contract Ignore

  9. API violation on Writer w public class Logging { private static Writer w; public staticvoid init(OutputStreamos) { w = new PrintWriter(os); } public static void log(String s) { w.write(s); } public static voidlogAll(Reader r) { StreamUtil.copyAll(r,w); } } • StreamUtil.copyAll(..) Show API contract Ignore

  10. Detectingnon-local violationsof API contracts inlarge software systems

  11. Pure runtime monitoring • Current approach…

  12. “no writeafter close” abc compiler

  13. Current approach: Tracematches tracematch(Writer w) { sym close after returning: call(* Writer.close()) && target(w);sym write before: call(* Writer.write(..)) && target(w); close write { System.out.println( “Writer ”+w+“ was closed!”); } }

  14. close write true w = o(w1) false false w = o(w1) w1.close(); w1.write(“foo”); w1.write(“foo”); • { • System.out.println( “Writer ”+w+“ was closed!”); • }

  15. Problem 1: • How to capture an API contract precisely and concisely?

  16. Problem 2: • Potentially largeruntime overhead

  17. Problem 3: • No static guarantees

  18. novel static API specification language(s) “no writeafter close” 4 novel staticprogram analyses

  19. Current approach: Tracematches tracematch(Writer w) { sym close after returning: call(* Writer.close()) && target(w);sym write before: call(* Writer.write(..)) && target(w); close write { System.out.println( “Writer ”+w+“ was closed!”); } }

  20. Good: • Can reason aboutsingle objects.

  21. Even better: • Can reason about combinationsof objects.

  22. Good: • Semantics of regular expression matching well understood.

  23. Bad: • Regular expressions bad at stating required events. • “always close after open” • “open ¬close” • ?

  24. Bad: • Little reuse. • “no write after close” • and • “always close after open” • requires two tracematches!

  25. Goal: Make API specificationsprecise and concise

  26. Plan • Investigate a number ofactual programs

  27. Plan • Investigate a number ofactual programs • What APIs do programs use?

  28. Plan • Investigate a number ofactual programs • What mistakes do people make?

  29. Plan • Investigate a number ofactual programs • What specifications would have avoided those mistakes?

  30. Goal • findreoccurring • patterns

  31. fall-back • solution • concise • specifications • 90 / 10

  32. 4 novel static program analyses

  33. First static analysis: • “Quick • Check”

  34. close write count( ) = 0 count( ) = 2

  35. Second static analysis: “Consistent-shadows analysis”

  36. close write [close,write]

  37. [close,write] w1 w2 c1 {c1} {w1,w2} x new PrintWriter(); {c1, w1} o2 o1 • {c1, w2}

  38. Third static analysis: “Flow-sensitive unnecessary shadows analysis”

  39. close write w = i(w1)-s1 true false false w = i(w1)-s1,s2 true true w = i(w1)-s1,s2 w ≠ i(w1)-s2 false V w =i(w1)-s1 w1.close(); w1.write(“foo”); w1.write(“foo”); //s1 //s2 //s3

  40. 4th static analysis: “run-once loop optimization”

  41. 1

  42. Results • |.........|.........|.........|.........|.........|.........|.........|.........|.........|.........|. • |.........|.........|.........|.........|.........|.........|.........|.........|.........|.........|. • |.........|.........|.........|.........|.........|.........|.........|.........|.........|.........|. • |.........|.........|.........|.........|.........|.........|.........|.........|.........|.........|. • 102 program/tracematch combinations • static guarantees in 77 cases • Found 5 programs with bugs or questionable code. • less than 10 shadows in 12 cases • less than 10% overhead in 9 cases

More Related