Large-Scale API Protocol Mining for Automated Bug Detection
|
|
- Elijah Craig
- 6 years ago
- Views:
Transcription
1 Large-Scale API Protocol Mining for Automated Bug Detection Michael Pradel Department of Computer Science ETH Zurich 1
2 Motivation LinkedList pinconnections =...; Iterator i = pinconnections.iterator(); while ( i.hasnext() ) { PinLink curr = (PinLink) i.next(); if (... ) { pinconnections.remove(curr); } } (from DaCapo benchmarks) 2
3 Motivation LinkedList pinconnections =...; Iterator i = pinconnections.iterator(); while ( i.hasnext() ) { PinLink curr = (PinLink) i.next(); if (... ) { pinconnections.remove(curr); } } (from DaCapo benchmarks) Don t modify a collection while iterating over it! 2
4 API Usage Constraints Program Constraints API call x before y eventually call x don t call x while calling y and z 3
5 API Usage Constraints Program Constraints API call x before y eventually call x Protocols! x don t call x while calling y and z y z 3
6 Protocol Mining Problem: No protocols specified API Training Programs 4
7 Protocol Mining Problem: No protocols specified API Training Programs Mining x y z 4
8 Protocol Mining Problem: No protocols specified API Target Program Training Programs Mining x y Bug finding z 4
9 Big Picture Protocol mining Bug finding 5
10 Big Picture Protocol mining Bug finding Other applications 5
11 Big Picture Protocol mining Bug finding Other applications 5
12 Big Picture static vs. dynamic Protocol mining API-based vs. client-based Bug finding single- vs. multi-object Other applications 5
13 Big Picture static vs. dynamic Protocol mining single- vs. multi-object API-based vs. client-based Bug finding static Other applications verification dynamic testing verification testing 5
14 Big Picture static vs. dynamic Protocol mining single- vs. multi-object API-based vs. client-based Bug finding static Other applications verification dynamic testing verification testing 5
15 Part 1: Protocol Mining 6
16 Protocol Mining - Overview Program & Input Protocols Execution trace Subtraces 7
17 Protocol Mining - Overview Program & Input Protocols Execution trace Subtraces 7
18 Execution Traces List l = new LinkedList(); l.add(new Foo()); Iterator i = l.iterator(); OutputStream s = new FileOutputStream("f"); while (i.hasnext()) { Foo f = i.next(); if (f.isok()) s.write(f.getdata()); } s.close(); 8
19 Execution Traces List l = new LinkedList(); l.add(new Foo()); Iterator i = l.iterator(); OutputStream s = new FileOutputStream("f"); while (i.hasnext()) { Foo f = i.next(); if (f.isok()) s.write(f.getdata()); } s.close(); AspectJ instrumentation 8
20 Execution Traces List l = new LinkedList(); l.add(new Foo()); Iterator i = l.iterator(); OutputStream s = new FileOutputStream("f"); while (i.hasnext()) { Foo f = i.next(); if (f.isok()) s.write(f.getdata()); } s.close(); AspectJ instrumentation new LinkedList 1 1.add(2) 3 1.iterator 4 new FileOS(6) 5 4.hasNext 4.next 5.write(7) 4.hasNext 5.close 8
21 Protocol Mining - Overview Program & Input Protocols Execution trace Subtraces 9
22 Protocol Mining - Overview Program & Input Protocols Execution trace Subtraces 9
23 Subtraces new LinkedList 1 1.add(2) 3 1.iterator 4 new FileOS(6) 5 4.hasNext 4.next 5.write(7) 4.hasNext 5.close 10
24 Subtraces new LinkedList 1 1.add(2) 3 1.iterator 4 new FileOS(6) 5 4.hasNext 4.next 5.write(7) 4.hasNext 5.close Different API usages intermingled! 10
25 Subtraces new LinkedList 1 1.add(2) 3 1.iterator 4 new FileOS(6) 5 4.hasNext 4.next 5.write(7) 4.hasNext 5.close Core object x: Calls to x Calls to parameters passed to x Calls to objects returned by x 10
26 Subtraces new LinkedList 1 1.add(2) 3 1.iterator 4 new FileOS(6) 5 4.hasNext 4.next 5.write(7) 4.hasNext 5.close new LinkedList 1 1.add(2) 3 1.iterator 4 4.hasNext 4.next 4.hasNext 4.hasNext 4.next 4.hasNext new FileOS(6) 5 5.write(7) 5.close 10
27 Protocol Mining - Overview Program & Input Protocols Execution trace Subtraces 11
28 Protocol Mining - Overview Program & Input Protocols Execution trace Subtraces 11
29 Group Subtraces Group by set of involved types LinkedList, Iterator Iterator FileOS 12
30 Generate Protocols Finite state machine Method state Consecutive call transition 13
31 Generate Protocols Finite state machine Method state Consecutive call transition new LinkedList l l.add l.add l.iterator i i.hasnext i.hasnext i.next l.add l.add i.hasnext l.add 13
32 Generate Protocols Finite state machine Method state Consecutive call transition new LinkedList l l.add l.iterator i i.hasnext i.hasnext l.add i.next l.add 13
33 Scalability Bottleneck: Large execution traces 14
34 Scalability Bottleneck: Large execution traces Pass 1: Find core objects and associated objects 14
35 Scalability Bottleneck: Large execution traces Pass 1: Find core objects and associated objects Pass 2: Extract calls for each subtrace 14
36 Scalability Bottleneck: Large execution traces Pass 1: Find core objects and associated objects Pass 2: Extract calls for each subtrace Mine millions of events in a few minutes 14
37 Examples ZipFile and Enumeration e.hasmore Elements new ZipFile f f.entries e e.hasmore Elements f.close e.hasmore Elements e.next Element 15
38 Examples URL and InputStream new URL u u.openstream s s.close 16
39 Evaluation Are examples convincing enough? 20+ mining approaches OK/ Not OK Use for some task 17
40 Evaluation Are examples convincing enough? 20+ mining approaches OK/ Not OK Use for some task Neither reproducible nor comparable! 17
41 Evaluation Framework? Precision and recall OK 18
42 Evaluation Framework? Precision and recall Method constraint groups OK 18
43 Example Mined protocol M format println close Formatter println Reference protocol Formatter format locale, out, ioexception flush close ioexception close format, locale, out, ioexception 19
44 Example Mined protocol M format println close Formatter println Reference protocol Formatter format locale, out, ioexception flush close ioexception Precision: How much of M is correct? 23% format, locale, out, ioexception close 19
45 Example Mined protocol M format println close Formatter println Reference protocol Formatter format locale, out, ioexception flush close ioexception Recall: How complete is M? 9% format, locale, out, ioexception close 19
46 Results 12 training programs 32 reference protocols 20
47 Learn More from Many Teachers? Empirical study: How does mining more programs influence the results? programs 21
48 API Coverage Types and methods covered in mined protocols 22
49 API Coverage Types and methods covered in mined protocols More programs Higher coverage 22
50 Recall Recall of mined protocols 23
51 Recall Recall of mined protocols More programs Higher recall 23
52 Part 2: Bug Finding 24
53 Bug Finding API Target Program Training Programs Mining x y Bug finding z 25
54 Bug Finding API Target Program Training Programs Mining x y Bug finding z 25
55 Overview Analysis 26
56 Overview Analysis Runtime verification Static checking 26
57 Overview Analysis What is a protocol violation? Runtime verification Static checking 26
58 Overview Analysis What is a protocol violation? Runtime verification Static checking 26
59 Incomplete Specifications Protocols = Incomplete specifications new LinkedList l l.add l.iterator i i.hasnext i.hasnext l.add i.next l.add 27
60 Incomplete Specifications Protocols = Incomplete specifications new LinkedList l l.add l.iterator i i.hasnext i.hasnext l.add i.next i.hasnext? l.add 27
61 What is a Protocol Violation? new LinkedList l l.add l.iterator i i.hasnext i.hasnext l.add i.next l.add Setup phase: bind parameters Liable phase: all parameters bound violation: take non-existing transition end in non-final state 28
62 State Partitioning Protocol transformation: Setup states vs. liable states new LinkedList l l.add l.iterator i i.hasnext i.hasnext l.add i.next l.add 29
63 State Partitioning Protocol transformation: Setup states vs. liable states new LinkedList l l.add l.iterator i i.hasnext i.hasnext l.add i.next setup l.add 29
64 State Partitioning Protocol transformation: Setup states vs. liable states new LinkedList l l.add l.iterator i liable i.hasnext i.hasnext l.add i.next l.add 29
65 State Partitioning Protocol transformation: Setup states vs. liable states new LinkedList l l.add l.iterator i i.hasnext i.hasnext l.add i.next ambiguous split l.add 29
66 State Partitioning Protocol transformation: Setup states vs. liable states new LinkedList l l.add l.iterator i i.hasnext i.hasnext i.next l.add l.add l.add 29
67 State Partitioning Protocol transformation: Setup states vs. liable states new LinkedList l l.add l.iterator i i.hasnext i.hasnext i.next setup l.add l.add liable l.add 29
68 Overview Analysis Runtime verification Static checking 30
69 Overview Analysis Runtime verification Static checking 30
70 Dynamic Protocol Checking Input Runtime verification (JavaMOP) 31
71 Dynamic Protocol Checking Input Runtime verification (JavaMOP) Challenge 1: Check many different execution paths 31
72 Dynamic Protocol Checking Input Runtime verification (JavaMOP) Challenge 1: Check many different execution paths Challenge 2: Monitoring mined protocols 31
73 Randomly Generated Input Challenge 1: Check many different execution paths Input 32
74 Randomly Generated Input Challenge 1: Check many different execution paths Input Random test generation 32
75 Randomly Generated Input Challenge 1: Check many different execution paths Input Random test generation Call sequences that trigger an exception 32
76 Randomly Generated Input Challenge 1: Check many different execution paths Input Non-exceptional sequences Random test generation Call sequences that trigger an exception 32
77 Protocol Monitoring Challenge 2: Monitoring mined protocols l = new LinkedList() new LinkedList l i.iterator i i.hasnext i.next 33
78 Protocol Monitoring Challenge 2: Monitoring mined protocols l = new LinkedList() new LinkedList l i.iterator i i.hasnext l i.next 33
79 Protocol Monitoring Challenge 2: Monitoring mined protocols l = new LinkedList() new LinkedList l i.iterator i i.hasnext l i.next 33
80 Protocol Monitoring Challenge 2: Monitoring mined protocols l = new LinkedList() Violation!? new LinkedList l i.iterator i i.hasnext l i.next 33
81 Protocol Monitoring Challenge 2: Monitoring mined protocols l = new LinkedList() i1 = l.iterator() i2.next() new LinkedList l i.iterator i i.hasnext l i.next 33
82 Protocol Monitoring Challenge 2: Monitoring mined protocols l = new LinkedList() i1 = l.iterator() i2.next() new LinkedList l i.iterator i i.hasnext (l,i1) i.next 33
83 Protocol Monitoring Challenge 2: Monitoring mined protocols l = new LinkedList() i1 = l.iterator() i2.next() new LinkedList l i.iterator i i.hasnext i2 (l,i1) i.next 33
84 Protocol Monitoring Challenge 2: Monitoring mined protocols l = new LinkedList() i1 = l.iterator() i2.next() Violation!? new LinkedList l i.iterator i i.hasnext i2 (l,i1) i.next 33
85 Protocol Monitoring Challenge 2: Monitoring mined protocols l = new LinkedList() i1 = l.iterator() i2.next() Naive approach Violation!? gives too many violations new LinkedList l i.iterator i i.hasnext i2 (l,i1) i.next 33
86 Explicit Fail Transitions Fail only in liable states new LinkedList l i.iterator i i.hasnext i.next i.next i.hasnext F 34
87 Explicit Fail Transitions Fail only in liable states new LinkedList l i.iterator i i.hasnext i.next Violation: Reach fail state End in non-final, liable state i.next F i.hasnext 34
88 Evaluation Questions Find relevant issues by monitoring mined protocols? How useful is generated input? Setup: DaCapo benchmarks, 1.6 MLOC Java 35
89 Results Randomly generated Protocol violations Program Test cases Total Relevant avrora 15, batik 3, daytrader 32, eclipse fop 6, h2 7, lucene 1, pmd 1, sunflow 4, tomcat 14, xalan 21, Bug (exception, unexpected behavior) or code smell (performance/maintainability problem) Sum 160,
90 Results Randomly generated Protocol violations Program Test cases Total Relevant avrora 15, batik 3, daytrader 32, eclipse fop 6, h2 7, lucene 1, pmd 1, sunflow 4, tomcat 14, xalan 21, Sum 160, Bug (exception, unexpected behavior) or code smell (performance/maintainability problem) 85% true positives 36
91 Examples try { is = u.openstream(); r = new InputStreamReader(is, "UTF-8"); br = new BufferedReader(r); } finally { if ( is!= null ){ try { is.close(); } catch ( IOException ignored ){} is = null; } if ( r!= null ){ try{ r.close(); } catch ( IOException ignored ){} r = null; } if ( br == null ){ try{ br.close(); } catch ( IOException ignored ){} br = null; } } 37
92 Examples try { is = u.openstream(); r = new InputStreamReader(is, "UTF-8"); br = new BufferedReader(r); } finally { if ( is!= null ){ try { is.close(); } catch ( IOException ignored ){} is = null; } if ( r!= null ){ try{ r.close(); } catch ( IOException ignored ){} r = null; } if ( br == null ){ try{ br.close(); } catch ( IOException ignored ){} br = null; } } Reader never closed 37
93 Examples Iterator i = pinconnections.iterator(); PinLink currlink = (PinConnect.PinLink) i.next(); currlink.propagatesignals(); while (i.hasnext()) { currlink = (PinConnect.PinLink) i.next(); currlink.propagatesignals(); } 38
94 Examples Iterator i = pinconnections.iterator(); PinLink currlink = (PinConnect.PinLink) i.next(); currlink.propagatesignals(); while (i.hasnext()) { currlink = (PinConnect.PinLink) i.next(); currlink.propagatesignals(); } Incorrect iterator usage 38
95 Normal vs. Generated Input 39
96 Overview Analysis Runtime verification Static checking 40
97 Overview Analysis Runtime verification Static checking 40
98 State of the Art + specification Typestate checking Anomaly detection 41
99 State of the Art + specification Typestate checking + Precise - Needs specification Anomaly detection + Automatic - Imprecise 41
100 State of the Art + specification Typestate checking + Precise - Needs specification Anomaly detection + Automatic - Imprecise Combine both! Precise checker for mined multi-object protocols 41
101 Static Protocol requires="..." ) Relationship constraints Fusion analysis f() g() h() Pruning f() g() h() Joint work with Ciera Jaspan and Jonathan Aldrich (ISR, CMU) 42
102 Fusion Static analysis to check API usages Good match with mined protocols: Reasons about interacting objects Distinguishes setup from checking C. Jaspan and J. Aldrich Checking Framework Interactions with Relationships ECOOP 09 43
103 Relationship-based Analysis Relationships = Tuples of objects void m() { }.. Effects: Add/remove objects Requirements: Check before call 44
104 Relationship-based Analysis Relationships = Tuples of objects Keep track of protocol execution (e.g., current state) void m() { }.. Effects: Add/remove objects Requirements: Check before call Check protocol constraints if in liable state 44
105 Example LinkedList l = new LinkedList(); Iterator i = l.iterator(); i.next(); new LinkedList l i.iterator i i.hasnext i.next 45
106 Example LinkedList l = new LinkedList(); l r state2, l r iterator Iterator i = l.iterator(); i.next(); new LinkedList l i.iterator i i.hasnext i.next 45
107 Example LinkedList l = new LinkedList(); Iterator i = l.iterator(); i.next(); l r state2, l r iterator l r state3, i r state3, i r hasnext, (l, i) r protocol new LinkedList l i.iterator i i.hasnext i.next 45
108 Example LinkedList l = new LinkedList(); l r state2, l r iterator Iterator i = l.iterator(); l r state3, i r state3, i r hasnext, (l, i) r protocol i.next(); i / r next new LinkedList l i.iterator i i.hasnext i.next 45
109 Results Program Warnings Total Bugs Code smells True pos. exception or unexpected behavior avrora % batik % daytrader eclipse % fop % h % jython % lucene % pmd % sunflow tomcat % xalan % maintainability or performance issue Total % 46
110 Results Program Warnings Total Bugs Code smells True pos. exception or unexpected behavior avrora % batik % daytrader eclipse % fop % h % jython % lucene % pmd % sunflow tomcat % xalan % Total % maintainability or performance issue Few false positives! 46
111 Examples LinkedList pinconnections =...; Iterator i = pinconnections.iterator(); while ( i.hasnext() ) { PinLink curr = (PinLink) i.next(); if (... ) { pinconnections.remove(curr); } } 47
112 Examples LinkedList pinconnections =...; Iterator i = pinconnections.iterator(); while ( i.hasnext() ) { PinLink curr = (PinLink) i.next(); if (... ) { pinconnections.remove(curr); } } Concurrent modification 47
113 Examples BufferedReader in = null; try { in = new BufferedReader(...);... in.close(); } finally { if (in!= null) { try { in.close(); } catch (IOException e) {... } } } 48
114 Examples BufferedReader in = null; try { in = new BufferedReader(...);... in.close(); } finally { if (in!= null) { try { in.close(); } catch (IOException e) {... } } } Duplicate close 48
115 Summary: Bug Finding Clear definition of protocol violation setup liable Static and dynamic checking: Both are practical Complement each other 49
116 Conclusion An attractive tool to help programmers understand large systems pinpoint problem areas Supplements other approaches: Reveals multi-object bugs Easy to use 50
117 Thank you! 51
118 52
119 What is a Violation? hasnext hasnext next next vs. next new write Writer close Negative protocols Positive protocols 53
120 What is a Violation? hasnext hasnext next next vs. next write new Writer close Negative protocols Positive protocols Reaching final state Taking non-existing transition Not reaching final state 53
121 Related Work (Mining) Gabel & Su, FSE 2008 Language learning algorithm with pre-defined micro-patterns Don t consider dataflow Lee, Chen & Rosu, ICSE 2011 First, learn related events; then, mine sliced trace with PFSA learner Require unit tests for first step 54
122 Template 55
123 Template 56
124 Template 57
125 Template 58
126 Template 59
127 60
Statically Checking API Protocol Conformance with Mined Multi-Object Specifications
Statically Checking API Protocol Conformance with Mined Multi-Object Specifications Michael Pradel Department of Computer Science ETH Zurich, Switzerland Ciera Jaspan Jonathan Aldrich Institute for Software
More informationLeveraging Test Generation and Specification Mining for Automated Bug Detection without False Positives
Leveraging Test Generation and Specification Mining for Automated Bug Detection without False Positives Michael Pradel and Thomas R. Gross Department of Computer Science ETH Zurich 1 Motivation API usage
More informationAdaptive Multi-Level Compilation in a Trace-based Java JIT Compiler
Adaptive Multi-Level Compilation in a Trace-based Java JIT Compiler Hiroshi Inoue, Hiroshige Hayashizaki, Peng Wu and Toshio Nakatani IBM Research Tokyo IBM Research T.J. Watson Research Center October
More informationThe RV System Tutorial
The RV System Tutorial Patrick Meredith and Grigore Rosu joint work with Feng Chen, Dongyun Jin, Dennis Griffith, Michael Ilseman Runtime Verification, Inc. University of Illinois The RV System!"#$%&'(%)!"#*)+,'-(!9&('/+
More informationPlural and : Protocols in Practice. Jonathan Aldrich Workshop on Behavioral Types April School of Computer Science
Plural and : Protocols in Practice Jonathan Aldrich Workshop on Behavioral Types April 2011 School of Computer Science Empirical Study: Protocols in Java Object Protocol [Beckman, Kim, & A to appear in
More informationChronicler: Lightweight Recording to Reproduce Field Failures
Chronicler: Lightweight Recording to Reproduce Field Failures Jonathan Bell, Nikhil Sarda and Gail Kaiser Columbia University, New York, NY USA What happens when software crashes? Stack Traces Aren
More informationHow Good Are the Specs?
How Good Are the Specs? A Study of the Bug-Finding Effectiveness of Existing Java API Specifications Owolabi Legunsen, Wajih Ul Hassan, Xinyue Xu Grigore Rosu and Darko Marinov ASE 2016 Singapore, Singapore
More informationTrace-based JIT Compilation
Trace-based JIT Compilation Hiroshi Inoue, IBM Research - Tokyo 1 Trace JIT vs. Method JIT https://twitter.com/yukihiro_matz/status/533775624486133762 2 Background: Trace-based Compilation Using a Trace,
More informationA Trace-based Java JIT Compiler Retrofitted from a Method-based Compiler
A Trace-based Java JIT Compiler Retrofitted from a Method-based Compiler Hiroshi Inoue, Hiroshige Hayashizaki, Peng Wu and Toshio Nakatani IBM Research Tokyo IBM Research T.J. Watson Research Center April
More informationMOPBox: A Library Approach to Runtime Verification
MOPBox: A Library Approach to Runtime Verification (Tool Demonstration) Eric Bodden eric.bodden@cased.de Center for Advanced Security Research Darmstadt Software Technology Group Technische Universität
More informationLu Fang, University of California, Irvine Liang Dou, East China Normal University Harry Xu, University of California, Irvine
Lu Fang, University of California, Irvine Liang Dou, East China Normal University Harry Xu, University of California, Irvine 2015-07-09 Inefficient code regions [G. Jin et al. PLDI 2012] Inefficient code
More informationManagement. Software Quality. Dr. Stefan Wagner Technische Universität München. Garching 28 May 2010
Technische Universität München Software Quality Management Dr. Stefan Wagner Technische Universität München Garching 28 May 2010 Some of these slides were adapted from the tutorial "Clone Detection in
More informationEngineering Abstractions in Model Checking and Testing. Michael Achenbach Klaus Ostermann
Engineering Abstractions in Model Checking and Testing Michael Achenbach Klaus Ostermann 1 This Talk What is abstraction engineering? How can we integrate abstractions with current tools? What more is
More informationA Dynamic Evaluation of the Precision of Static Heap Abstractions
A Dynamic Evaluation of the Precision of Static Heap Abstractions OOSPLA - Reno, NV October 20, 2010 Percy Liang Omer Tripp Mayur Naik Mooly Sagiv UC Berkeley Tel-Aviv Univ. Intel Labs Berkeley Tel-Aviv
More informationIBM Research - Tokyo 数理 計算科学特論 C プログラミング言語処理系の最先端実装技術. Trace Compilation IBM Corporation
数理 計算科学特論 C プログラミング言語処理系の最先端実装技術 Trace Compilation Trace JIT vs. Method JIT https://twitter.com/yukihiro_matz/status/533775624486133762 2 Background: Trace-based Compilation Using a Trace, a hot path identified
More informationFile IO. Computer Science and Engineering College of Engineering The Ohio State University. Lecture 20
File IO Computer Science and Engineering College of Engineering The Ohio State University Lecture 20 I/O Package Overview Package java.io Core concept: streams Ordered sequences of data that have a source
More informationStatic Detection of Brittle Parameter Typing
Static Detection of Brittle Parameter Typing Michael Pradel, Severin Heiniger, and Thomas R. Gross Department of Computer Science ETH Zurich 1 Motivation void m(a a) {... } Object A.. B C D E F 2 Motivation
More informationEach command-line argument is placed in the args array that is passed to the static main method as below :
1. Command-Line Arguments Any Java technology application can use command-line arguments. These string arguments are placed on the command line to launch the Java interpreter after the class name: public
More informationDynamic Vertical Memory Scalability for OpenJDK Cloud Applications
Dynamic Vertical Memory Scalability for OpenJDK Cloud Applications Rodrigo Bruno, Paulo Ferreira: INESC-ID / Instituto Superior Técnico, University of Lisbon Ruslan Synytsky, Tetiana Fydorenchyk: Jelastic
More informationProbabilistic Calling Context
Probabilistic Calling Context Michael D. Bond Kathryn S. McKinley University of Texas at Austin Why Context Sensitivity? Static program location not enough at com.mckoi.db.jdbcserver.jdbcinterface.execquery():213
More informationIdentifying the Sources of Cache Misses in Java Programs Without Relying on Hardware Counters. Hiroshi Inoue and Toshio Nakatani IBM Research - Tokyo
Identifying the Sources of Cache Misses in Java Programs Without Relying on Hardware Counters Hiroshi Inoue and Toshio Nakatani IBM Research - Tokyo June 15, 2012 ISMM 2012 at Beijing, China Motivation
More informationDetecting and Fixing Memory-Related Performance Problems in Managed Languages
Detecting and Fixing -Related Performance Problems in Managed Languages Lu Fang Committee: Prof. Guoqing Xu (Chair), Prof. Alex Nicolau, Prof. Brian Demsky University of California, Irvine May 26, 2017,
More informationAutomatic Generation of Program Specifications
Automatic Generation of Program Specifications Jeremy Nimmer MIT Lab for Computer Science http://pag.lcs.mit.edu/ Joint work with Michael Ernst Jeremy Nimmer, page 1 Synopsis Specifications are useful
More informationJava Input/Output. 11 April 2013 OSU CSE 1
Java Input/Output 11 April 2013 OSU CSE 1 Overview The Java I/O (Input/Output) package java.io contains a group of interfaces and classes similar to the OSU CSE components SimpleReader and SimpleWriter
More informationRV: A Run'me Verifica'on Framework for Monitoring, Predic'on and Mining
RV: A Run'me Verifica'on Framework for Monitoring, Predic'on and Mining Patrick Meredith Grigore Rosu University of Illinois at Urbana Champaign (UIUC) Run'me Verifica'on, Inc. (joint work with Dongyun
More informationDarshan Institute of Engineering & Technology for Diploma Studies
Streams A stream is a sequence of data. In Java a stream is composed of bytes. In java, 3 streams are created for us automatically. 1. System.out : standard output stream 2. System.in : standard input
More information1 Runtime Verification using JavaMOP
1 Runtime Verification using JavaMOP Venkatesh Vinayakarao, IIIT Delhi. Monitor Oriented Programming (MOP) 1 is a framework for runtime verification using the concept of monitors. JavaMop 2 is a Java implementation
More informationCourse 7 25 November Adrian Iftene
Course 7 25 November 2013 Adrian Iftene adiftene@info.uaic.ro 1 Recapitulation course 6 AOP AOP Profiler Tracing Pooling PostSharp Spring Framework Runtime Verification Model Checking MOP Java MOP 2 Concern
More informationNDSeq: Runtime Checking for Nondeterministic Sequential Specs of Parallel Correctness
EECS Electrical Engineering and Computer Sciences P A R A L L E L C O M P U T I N G L A B O R A T O R Y NDSeq: Runtime Checking for Nondeterministic Sequential Specs of Parallel Correctness Jacob Burnim,
More informationString Deduplication for Java-based Middleware in Virtualized Environments
String Deduplication for Java-based Middleware in Virtualized Environments Michihiro Horie, Kazunori Ogata, Kiyokuni Kawachiya, Tamiya Onodera IBM Research - Tokyo Duplicated strings found on Web Application
More informationPhosphor: Illuminating Dynamic. Data Flow in Commodity JVMs
Phosphor: Illuminating Dynamic Fork me on Github Data Flow in Commodity JVMs Jonathan Bell and Gail Kaiser Columbia University, New York, NY USA Dynamic Data Flow Analysis: Taint Tracking Output that is
More informationTowards Parallel, Scalable VM Services
Towards Parallel, Scalable VM Services Kathryn S McKinley The University of Texas at Austin Kathryn McKinley Towards Parallel, Scalable VM Services 1 20 th Century Simplistic Hardware View Faster Processors
More informationCombined Static and Dynamic Automated Test Generation
Combined Static and Dynamic Automated Test Generation Sai Zhang University of Washington Joint work with: David Saff, Yingyi Bu, Michael D. Ernst 1 Unit Testing for Object-oriented Programs Unit test =
More informationA Story of Parametric Trace Slicing, Garbage and Static Analysis
A Story of Parametric Trace Slicing, Garbage and Static Analysis Giles Reger School of Computer Science, University of Manchester, UK PrePost 2017 Giles Reger A Story of Parametric Trace Slicing, Garbage
More informationStatic Analysis of C++ Projects with CodeSonar
Static Analysis of C++ Projects with CodeSonar John Plaice, Senior Scientist, GrammaTech jplaice@grammatech.com 25 July 2017, Meetup C++ de Montréal Abstract Static program analysis consists of the analysis
More informationA staged static program analysis to improve the performance of runtime monitoring
A staged static program analysis to improve the performance of runtime monitoring Eric Bodden 1, Laurie Hendren 1, Ondřej Lhoták 2 1 McGill University, Montréal, Québec, Canada 2 University of Waterloo,
More informationProgram Testing and Analysis: Manual Testing Prof. Dr. Michael Pradel Software Lab, TU Darmstadt
Program Testing and Analysis: Manual Testing Prof. Dr. Michael Pradel Software Lab, TU Darmstadt Partly based on slides from Peter Müller, ETH Zurich 1 Warm-up Quiz What does the following code print?
More informationSoftware Architecture and Engineering: Part II
Software Architecture and Engineering: Part II ETH Zurich, Spring 2016 Prof. http://www.srl.inf.ethz.ch/ Framework SMT solver Alias Analysis Relational Analysis Assertions Second Project Static Analysis
More informationProgramming Languages and Techniques (CIS120)
Programming Languages and Techniques (CIS120) Lecture 30 April 4, 2018 I/O & Histogram Demo Chapters 28 HW7: Chat Server Announcements No penalty for late submission by tomorrow (which is a HARD deadline!)
More informationAutomatic Testing of Sequential and Concurrent Substitutability
Automatic Testing of Sequential and Concurrent Substitutability Michael Pradel and Thomas R. Gross Department of Computer Science ETH Zurich 1 Motivation void bar(foo f) { f.m();... } bar() expects functionality
More informationTowards Categorizing and Formalizing the JDK API
Towards Categorizing and Formalizing the JDK API ABSTRACT Choonghwan Lee University of Illinois Urbana, IL 61801, U.S.A. clee83@illinois.edu Patrick O Neil Meredith University of Illinois Urbana, IL 61801,
More informationInput from Files. Buffered Reader
Input from Files Buffered Reader Input from files is always text. You can convert it to ints using Integer.parseInt() We use BufferedReaders to minimize the number of reads to the file. The Buffer reads
More informationLightweight Data Race Detection for Production Runs
Lightweight Data Race Detection for Production Runs Swarnendu Biswas, UT Austin Man Cao, Ohio State University Minjia Zhang, Microsoft Research Michael D. Bond, Ohio State University Benjamin P. Wood,
More informationCOMP 213. Advanced Object-oriented Programming. Lecture 20. Network Programming
COMP 213 Advanced Object-oriented Programming Lecture 20 Network Programming Network Programming A network consists of several computers connected so that data can be sent from one to another. Network
More informationThe Checker Framework: pluggable static analysis for Java
The Checker Framework: pluggable static analysis for Java http://checkerframework.org/ Werner Dietl University of Waterloo https://ece.uwaterloo.ca/~wdietl/ Joint work with Michael D. Ernst and many others.
More informationCSE 403: Software Engineering, Fall courses.cs.washington.edu/courses/cse403/16au/ Static Analysis. Emina Torlak
CSE 403: Software Engineering, Fall 2016 courses.cs.washington.edu/courses/cse403/16au/ Static Analysis Emina Torlak emina@cs.washington.edu Outline What is static analysis? How does it work? Free and
More informationJoint Entity Resolution
Joint Entity Resolution Steven Euijong Whang, Hector Garcia-Molina Computer Science Department, Stanford University 353 Serra Mall, Stanford, CA 94305, USA {swhang, hector}@cs.stanford.edu No Institute
More informationContinuous Object Access Profiling and Optimizations to Overcome the Memory Wall and Bloat
Continuous Object Access Profiling and Optimizations to Overcome the Memory Wall and Bloat Rei Odaira, Toshio Nakatani IBM Research Tokyo ASPLOS 2012 March 5, 2012 Many Wasteful Objects Hurt Performance.
More informationToward Efficient Strong Memory Model Support for the Java Platform via Hybrid Synchronization
Toward Efficient Strong Memory Model Support for the Java Platform via Hybrid Synchronization Aritra Sengupta, Man Cao, Michael D. Bond and Milind Kulkarni 1 PPPJ 2015, Melbourne, Florida, USA Programming
More informationPrinciples of Software Construction: Objects, Design, and Concurrency (Part 2: Designing (Sub )Systems)
Principles of Software Construction: Objects, Design, and Concurrency (Part 2: Designing (Sub )Systems) More Analysis for Functional Correctness Jonathan Aldrich Charlie Garrod School of Computer Science
More informationA Serializability Violation Detector for Shared-Memory Server Programs
A Serializability Violation Detector for Shared-Memory Server Programs Min Xu Rastislav Bodík Mark Hill University of Wisconsin Madison University of California, Berkeley Serializability Violation Detector:
More informationCS 112 Introduction to Computing II. Wayne Snyder Computer Science Department Boston University
9/5/6 CS Introduction to Computing II Wayne Snyder Department Boston University Today: Arrays (D and D) Methods Program structure Fields vs local variables Next time: Program structure continued: Classes
More informationProfile-Guided Program Simplification for Effective Testing and Analysis
Profile-Guided Program Simplification for Effective Testing and Analysis Lingxiao Jiang Zhendong Su Program Execution Profiles A profile is a set of information about an execution, either succeeded or
More informationPreventing Defects. SWE 795, Spring 2017 Software Engineering Environments
Preventing Defects SWE 795, Spring 2017 Software Engineering Environments Today Part 1 (Lecture)(~60 mins) Part 2 (HW3 Checkpoint Presentations)(20 mins) Break! Part 3 (Discussion)(~60 mins) Discussion
More informationcontext free grammars
context free grammars in JavaMOP CS 119 a property can be seen as a language defined by a grammar 2 http://fsl.cs.uiuc.edu/index.php/special:cfgplugin Instances of MOP MOP JavaMOP BusMOP HardwareMOP languages
More informationCode verification. CSE 331 University of Washington. Michael Ernst
Code verification CSE 331 University of Washington Michael Ernst Specification and verification To find an error, compare two things Mental model Verification Specification Program Example input & output
More informationOutline. iterator review iterator implementation the Java foreach statement testing
Outline iterator review iterator implementation the Java foreach statement testing review: Iterator methods a Java iterator only provides two or three operations: E next(), which returns the next element,
More informationUsing Type Annotations to Improve Your Code
Using Type Annotations to Improve Your Code Birds-of-a-Feather Session Werner Dietl, University of Waterloo Michael Ernst, University of Washington Open for questions Survey: Did you attend the tutorial?
More informationCS-152: Software Testing
CS-152: Software Testing Neal Holtschulte July 2, 2013 Software Testing Outline Terminology Assertions and when to use them Try-catch and when to use them What are Exceptions Further resources Practice
More informationMEMORY MANAGEMENT TEST-CASE GENERATION OF C PROGRAMS USING BOUNDED MODEL CHECKING
FEDERAL UNIVERSITY OF AMAZONAS INSTITUTE OF COMPUTING GRADUATE PROGRAM IN COMPUTER SCIENCE MEMORY MANAGEMENT TEST-CASE GENERATION OF C PROGRAMS USING BOUNDED MODEL CHECKING Herbert Rocha, Raimundo Barreto,
More informationOptimizing for Bugs Fixed
Optimizing for Bugs Fixed The Design Principles behind the Clang Static Analyzer Anna Zaks, Manager of Program Analysis Team @ Apple What is This Talk About? LLVM/clang project Overview of the Clang Static
More informationSri Vidya College of Engineering & Technology Question Bank
1. What is exception? UNIT III EXCEPTION HANDLING AND I/O Part A Question Bank An exception is an event, which occurs during the execution of a program, that disrupts the normal flow of the program s instructions.
More informationCore Java Contents. Duration: 25 Hours (1 Month)
Duration: 25 Hours (1 Month) Core Java Contents Java Introduction Java Versions Java Features Downloading and Installing Java Setup Java Environment Developing a Java Application at command prompt Java
More informationSourcererCC -- Scaling Code Clone Detection to Big-Code
SourcererCC -- Scaling Code Clone Detection to Big-Code What did this paper do? SourcererCC a token-based clone detector, that can detect both exact and near-miss clones from large inter project repositories
More informationEfficient Parametric Runtime Verification with Deterministic String Rewriting
Efficient Parametric Runtime Verification with Deterministic String Rewriting Patrick Meredith University of Illinois at Urbana-Champaign Urbana IL, USA pmeredit@illinois.edu Grigore Roşu University of
More informationExceptions. Produced by. Introduction to the Java Programming Language. Eamonn de Leastar
Exceptions Introduction to the Java Programming Language Produced by Eamonn de Leastar edeleastar@wit.ie Department of Computing, Maths & Physics Waterford Institute of Technology http://www.wit.ie http://elearning.wit.ie
More informationITI Introduction to Computing II
ITI 1121. Introduction to Computing II Iterator 1 (part I) Marcel Turcotte School of Electrical Engineering and Computer Science Version of March 26, 2013 Abstract These lecture notes are meant to be looked
More informationShin Hwei Tan Darko Marinov Lin Tan Gary T. Leavens University of Illinois. University of Illinois
Shin Hwei Tan Darko Marinov Lin Tan Gary T. Leavens University of Illinois University of Illinois University of Waterloo University of Central Florida 1 /* * Returns a synchronized map backed by the given
More informationDLint: Dynamically Checking Bad Coding Practices in JavaScript
DLint: Dynamically Checking Bad Coding Practices in JavaScript Lian Gong, Michael Pradel, Manu Sridharan and Koushik Sen Presented by Adriano Lages dos Santos Belo Horizonte - 16/04/2015 Introduction Javascript
More informationFully Automatic and Precise Detection of Thread Safety Violations
Fully Automatic and Precise Detection of Thread Safety Violations Michael Pradel and Thomas R. Gross Department of Computer Science ETH Zurich 1 Motivation Thread-safe classes: Building blocks for concurrent
More informationLecture 4: Exceptions. I/O
Lecture 4: Exceptions. I/O Outline Access control. Class scope Exceptions I/O public class Malicious { public static void main(string[] args) { maliciousmethod(new CreditCard()); } static void maliciousmethod(creditcard
More informationCS 251 Intermediate Programming Java I/O Streams
CS 251 Intermediate Programming Java I/O Streams Brooke Chenoweth University of New Mexico Spring 2018 Basic Input/Output I/O Streams mostly in java.io package File I/O mostly in java.nio.file package
More informationCS193j, Stanford Handout #26. Files and Streams
CS193j, Stanford Handout #26 Summer, 2003 Manu Kumar Files and Streams File The File class represents a file or directory in the file system. It provides platform independent ways to test file attributes,
More informationI/O STREAM (REQUIRED IN THE FINAL)
I/O STREAM (REQUIRED IN THE FINAL) STREAM A stream is a communication channel that a program has with the outside world. It is used to transfer data items in succession. An Input/Output (I/O) Stream represents
More informationToday Program Analysis for finding bugs, especially security bugs problem specification motivation approaches remaining issues
Finding Bugs Last time Run-time reordering transformations Today Program Analysis for finding bugs, especially security bugs problem specification motivation approaches remaining issues CS553 Lecture Finding
More informationToday. Book-keeping. File I/O. Subscribe to sipb-iap-java-students. Inner classes. Debugging tools
Today Book-keeping File I/O Subscribe to sipb-iap-java-students Inner classes http://sipb.mit.edu/iap/java/ Debugging tools Problem set 1 questions? Problem set 2 released tomorrow 1 2 So far... Reading
More informationITI Introduction to Computing II
ITI 1121. Introduction to Computing II Iterator 1 (part I) Marcel Turcotte School of Electrical Engineering and Computer Science Version of March 24, 2013 Abstract These lecture notes are meant to be looked
More informationCSCE 548 Building Secure Software Software Analysis Basics
CSCE 548 Building Secure Software Software Analysis Basics Professor Lisa Luo Spring 2018 Previous Class Ø Android Background Ø Two Android Security Problems: 1. Android App Repackaging o Very easy to
More informationTowards Garbage Collection Modeling
Towards Garbage Collection Modeling Peter Libič Petr Tůma Department of Distributed and Dependable Systems Faculty of Mathematics and Physics, Charles University Malostranské nám. 25, 118 00 Prague, Czech
More informationObject-Oriented Programming Design. Topic : Streams and Files
Electrical and Computer Engineering Object-Oriented Topic : Streams and Files Maj Joel Young Joel Young@afit.edu. 18-Sep-03 Maj Joel Young Java Input/Output Java implements input/output in terms of streams
More informationCS 315 Software Design Homework 3 Preconditions, Postconditions, Invariants Due: Sept. 29, 11:30 PM
CS 315 Software Design Homework 3 Preconditions, Postconditions, Invariants Due: Sept. 29, 11:30 PM Objectives Defining a wellformed method to check class invariants Using assert statements to check preconditions,
More informationTransaction Management: Concurrency Control, part 2
Transaction Management: Concurrency Control, part 2 CS634 Class 16 Slides based on Database Management Systems 3 rd ed, Ramakrishnan and Gehrke Locking for B+ Trees Naïve solution Ignore tree structure,
More informationLocking for B+ Trees. Transaction Management: Concurrency Control, part 2. Locking for B+ Trees (contd.) Locking vs. Latching
Locking for B+ Trees Transaction Management: Concurrency Control, part 2 Slides based on Database Management Systems 3 rd ed, Ramakrishnan and Gehrke CS634 Class 16 Naïve solution Ignore tree structure,
More informationStatic Analysis in Practice
in Practice 17-654/17-754: Analysis of Software Artifacts Jonathan Aldrich 1 Quick Poll Who is familiar and comfortable with design patterns? e.g. what is a Factory and why use it? 2 1 Outline: in Practice
More informationTirgul 1. Course Guidelines. Packages. Special requests. Inner classes. Inner classes - Example & Syntax
Tirgul 1 Today s topics: Course s details and guidelines. Java reminders and additions: Packages Inner classes Command Line rguments Primitive and Reference Data Types Guidelines and overview of exercise
More informationChecking Framework Interactions with Relationships. Ciera Jaspan Advised by Jonathan Aldrich OOPSLA Doctoral Symposium
Checking Framework Interactions with Relationships Ciera Jaspan Advised by Jonathan Aldrich OOPSLA Doctoral Symposium Motivating example: DropDownList Can add drop down lists to a web page Can change the
More informationDebugging Reinvented: Asking and Answering Why and Why Not Questions about Program Behavior
Debugging Reinvented: Asking and Answering Why and Why Not Questions about Program Behavior Andrew J. Ko and Brad A. Myers School of Computer Science, Carnegie Mellon University Presenter: Shaosong Li
More informationPIC 20A Streams and I/O
PIC 20A Streams and I/O Ernest Ryu UCLA Mathematics Last edited: December 7, 2017 Why streams? Often, you want to do I/O without paying attention to where you are reading from or writing to. You can read
More informationCS 201, Fall 2016 Dec 2nd Exam 3
CS 201, Fall 2016 Dec 2nd Exam 3 Name: Question 1. [6 points] State a big-o upper bound on the worst-case running time of the following method, where the problem size N is the number of elements in the
More informationSeminar in Software Engineering Presented by Dima Pavlov, November 2010
Seminar in Software Engineering-236800 Presented by Dima Pavlov, November 2010 1. Introduction 2. Overview CBMC and SAT 3. CBMC Loop Unwinding 4. Running CBMC 5. Lets Compare 6. How does it work? 7. Conclusions
More informationNo Source Code. EEC 521: Software Engineering. Specification-Based Testing. Advantages
No Source Code : Software Testing Black-Box Testing Test-Driven Development No access to source code So test cases don t worry about structure Emphasis is only on ensuring that the contract is met Specification-Based
More informationMidterm Logistics. Midterm tonight, 7PM 10PM Exam location by last name:
File Processing Midterm Logistics Midterm tonight, 7PM 10PM Exam location by last name: Last names starts with A-J: Hewlett 200 Last names starts with K-O: Braun Auditorium Last names starts with P-S:
More informationSocket programming. Complement for the programming assignment INFO-0010
Socket programming Complement for the programming assignment INFO-0010 Outline Socket definition Briefing on the Socket API A simple example in Java Multi-threading and Synchronization Example : HTTP protocol
More informationITI Introduction to Computing II
ITI 1121. Introduction to Computing II Iterator 1 (part I) Marcel Turcotte School of Electrical Engineering and Computer Science Version of March 26, 2013 Abstract These lecture notes are meant to be looked
More informationSafety Checks and Semantic Understanding via Program Analysis Techniques
Safety Checks and Semantic Understanding via Program Analysis Techniques Nurit Dor Joint Work: EranYahav, Inbal Ronen, Sara Porat Goal Find properties of a program Anti-patterns that indicate potential
More informationRelated reading: Effectively Prioritizing Tests in Development Environment Introduction to Software Engineering Jonathan Aldrich
Test Prioritization Related reading: Effectively Prioritizing Tests in Development Environment 15-413 Introduction to Software Engineering Jonathan Aldrich Test Prioritization: Motivation Goal: find and
More information6.092 Introduction to Software Engineering in Java January (IAP) 2009
MIT OpenCourseWare http://ocw.mit.edu 6.092 Introduction to Software Engineering in Java January (IAP) 2009 For information about citing these materials or our Terms of Use, visit: http://ocw.mit.edu/terms.
More informationCMPT 473 Software Quality Assurance. Managing Bugs. Nick Sumner
CMPT 473 Software Quality Assurance Managing Bugs Nick Sumner Bugs! So far, we've been trying to find & avoid them Test, test, test! 2 Bugs! So far, we've been trying to find & avoid them Test, test, test!
More information6.005 Elements of Software Construction Fall 2008
MIT OpenCourseWare http://ocw.mit.edu 6.005 Elements of Software Construction Fall 2008 For information about citing these materials or our Terms of Use, visit: http://ocw.mit.edu/terms. 6.005 elements
More information7. Testing and Debugging Concurrent Programs
7. Testing and Debugging Concurrent Programs The purpose of testing is to find program failures => A successful test is a test that causes a program to fail. Ideally, tests are designed before the program
More information