240 likes | 344 Views
Automatic Extraction of Object-Oriented Component Interfaces. John Whaley Michael C. Martin Monica S. Lam Computer Systems Laboratory Stanford University July 24, 2002. Motivation. Component programming is widespread. Interface specifications are important!
E N D
Automatic Extraction of Object-Oriented Component Interfaces John Whaley Michael C. Martin Monica S. LamComputer Systems LaboratoryStanford UniversityJuly 24, 2002
Motivation • Component programming is widespread. • Interface specifications are important! • Misunderstanding the API is a common source of error • Ideally, we want formal specifications. • However, many components don’t have any specifications, formal or informal! • Our goal: automatic generation of interface specifications • For large, object-oriented programs • Partial specifications ISSTA 2002
Why Automatic Extraction? • Documentation • Based on the actual code, so no divergence • Rules for static or dynamic checkers • Find errors in API usage • Find API bugs • Discrepancy between code & intended API • Dynamic extraction: • Evaluation of test coverage ISSTA 2002
Overview • Component Model • Product of Finite State Machines • Static Analysis • Dynamic Analysis and Checker • Implemented for Java • Analyzed >1 million lines of code • Java class libraries • Java 2 Enterprise Edition • Java network libraries • joeq virtual machine ISSTA 2002
Example: File • Use a Finite State Machine (FSM) to express ordering constraints. read START open close END write ISSTA 2002
A Simple OO Component Model • Each object follows an FSM model. • One state per method, plus START & END states. • Method call causes a transition to a new state. read m1 m2 open close START END m1 ; m2 is legal,new state is m2 write ISSTA 2002
START set_a get_a set_b get_b END Problem 1 • An object has two fields, a and b. • Each field must be set before being read. • Solution: a product of FSMs, one for each field. START set_a set_b set_a get_b get_a get_b ISSTA 2002
set_b get_a get_a set_a START get_b set_b get_b START set_a START END END END Splitting by fields set_a set_b get_b get_a Separate by fields into different, independent submodels. ISSTA 2002
create START Problem 2 Model for Socket • getFileDescriptor is state-preserving. • Solution: distinguish betweenstate-modifying and state-preserving. start START START connect connect getFileDescriptor getFileDescriptor close END ISSTA 2002
create START State-preserving methods start START getFileDescriptor connect m1 m2 m1 is state-modifying m2 is state-preserving m1 ; m2 is legal,new state is m1 close END ISSTA 2002
Summary of Model • Product of FSMs • Per-thread, per-instance • One submodel per field • Interprocedural mod-ref analysis • Identifies methods belonging to submodel • Separates state-modifying and state-preserving methods. • One submodel per Java interface • Implementation not required. ISSTA 2002
Extraction Techniques ISSTA 2002
START connect read Static Model Extractor • Defensive programming • Implementation throws exceptions (user or system defined) on illegal input. public void connect() { connection = new Socket(); }public void read() { if (connection == null) throw new IOException();} connection connection ISSTA 2002
Detecting Illegal Transitions • Only support simple predicates • Comparisons with constants, implicit null pointer checks • Find <source, target> pairs such that: • Source must execute: • field = const ; • Target must execute: • if (field == const)throw exception; ISSTA 2002
Algorithm • Source method: Constant propagation • Constant at exit node • Target method: Control dependence • Throw of exception is control dependent on predicate ISSTA 2002
Dynamic Extractor • Goal: find the legal transitions that occur during an execution of the program • Java bytecode instrumentation • For each thread, each instance of a class: • Track last state-modifying method for each submodel. • Same mechanism for dynamic checking • Instead of adding to model, flag exception. ISSTA 2002
Experiences • We applied our tool to several real-life applications. ISSTA 2002
Automatic documentation • java.util.AbstractList.ListItrslice on lastRet field (static) START next,previous set add remove ISSTA 2002
START begin Automatic documentation J2EE TransactionManager (dynamic) start commit suspend rollback resume END ISSTA 2002
Test coverage J2EE IIOPOutputStream(dynamic) No self-edges implies amax recursion depth of 1 START increaseRecursionDepth increaseRecursionDepth simpleWriteObject decreaseRecursionDepth END ISSTA 2002
create Upper/lower bound of model SocketImpl model(dynamic) start START (+static) getFileDescriptor availablegetInputStreamgetOutputStream connect close END ISSTA 2002
load load Finding API bugs • Applied our tool to the joeq virtual machine START START Expected APIfor jq_Method: Actual APIfor jq_Method: prepare setOffset prepare compile compile ISSTA 2002
Related Work • Dynamic • Daikon (Ernst99) • DIDUCE (Hangal02) • K-limited FSM extraction (Reiss01) • Machine-learning (Ammons02) • Static • Metal (Engler00) • Vault (DeLine01), NIL, Hermes (Strom86) • SLAM toolkit (Ball01) • ESC (Detlefs98) • ESC + Daikon (Flanagan01, Nimmer02) ISSTA 2002
Conclusion • Product of FSM • Model is simple, but useful • Upper/lower bound: static/dynamic • Useful for: • Documentation generation • Test coverage • Rules for automatic checkers • Finding API bugs ISSTA 2002