Automatic Testing of Sequential and Concurrent Substitutability

Similar documents
Fully Automatic and Precise Detection of Thread Safety Violations

Leveraging Test Generation and Specification Mining for Automated Bug Detection without False Positives

FULLY AUTOMATIC AND PRECISE DETECTION OF THREAD SAFETY VIOLATIONS

JAVA MOCK TEST JAVA MOCK TEST II

Objects and Iterators

AP COMPUTER SCIENCE JAVA CONCEPTS IV: RESERVED WORDS

Index. Index. More information. block statements 66 y 107 Boolean 107 break 55, 68 built-in types 107

Static Detection of Brittle Parameter Typing

Advanced JML Erik Poll Radboud University Nijmegen

Design by Contract: An Overview

Advances in Programming Languages

Graphical Interface and Application (I3305) Semester: 1 Academic Year: 2017/2018 Dr Antoun Yaacoub

CMSC 132: Object-Oriented Programming II

Creating Java Programs with Greenfoot

Name Return type Argument list. Then the new method is said to override the old one. So, what is the objective of subclass?

Inheritance. One class inherits from another if it describes a specialized subset of objects Terminology:

Advanced MEIC. (Lesson #18)

Concurrency Quiz: Java Threads

Object Orientation. A Crash Course Intro

More on Objects in JAVA TM

A Short Summary of Javali

1- Differentiate between extends and implements keywords in java? 2- What is wrong with this code:

Rules and syntax for inheritance. The boring stuff

Nomen est Omen: Exploring and Exploiting Name Similarities between Arguments and Parameters

Type Hierarchy. Comp-303 : Programming Techniques Lecture 9. Alexandre Denault Computer Science McGill University Winter 2004

Core Java - SCJP. Q2Technologies, Rajajinagar. Course content

Example: Count of Points

Java Threads and intrinsic locks

Inheritance (Part 5) Odds and ends

The Java Memory Model

1 Shyam sir JAVA Notes

17. Assertions. Outline. Built-in tests. Built-in tests 3/29/11. Jelle Slowack, Bart Smets, Glenn Van Loon, Tom Verheyen

17. Assertions. Jelle Slowack, Bart Smets, Glenn Van Loon, Tom Verheyen

Enforcing Singularity

CSE 331 Software Design & Implementation

C++ Inheritance and Encapsulation

Bugs in software. Using Static Analysis to Find Bugs. David Hovemeyer

Zhifu Pei CSCI5448 Spring 2011 Prof. Kenneth M. Anderson

Type Hierarchy. Lecture 6: OOP, autumn 2003

Semantic Analysis. CSE 307 Principles of Programming Languages Stony Brook University

Universe Type System for Eiffel. Annetta Schaad

Overview. CMSC 330: Organization of Programming Languages. Concurrency. Multiprocessors. Processes vs. Threads. Computation Abstractions

Software Engineering CSC40232: SOFTWARE ENGINEERING. Guest Lecturer: Jin Guo SOLID Principles sarec.nd.edu/courses/se2017

Inheritance. Improving Structure with Inheritance. Dr. Siobhán Drohan Mairead Meagher. Produced by:

COMP 110/L Lecture 19. Kyle Dewey

The Java Memory Model

Runtime Atomicity Analysis of Multi-threaded Programs

Building Java Programs. Inheritance and Polymorphism

Homework 6. Yuji Shimojo CMSC 330. Instructor: Prof. Reginald Y. Haseltine

Administrivia. Java Review. Objects and Variables. Demo. Example. Example: Assignments

Specification tips and pitfalls

15CS45 : OBJECT ORIENTED CONCEPTS

Synchronization SPL/2010 SPL/20 1

Outline. Subtype Polymorphism, Subtyping vs. Subclassing, Liskov Substitution Principle. Benefits of Subtype Polymorphism. Subtype Polymorphism

CMSC131. Inheritance. Object. When we talked about Object, I mentioned that all Java classes are "built" on top of that.

This is a talk given by me to the Northwest C++ Users Group on May 19, 2010.

Inheritance, Polymorphism, and Interfaces

Design issues for objectoriented. languages. Objects-only "pure" language vs mixed. Are subclasses subtypes of the superclass?

Using Type Annotations to Improve Your Code

Announcements. Subtype Polymorphism, Subtyping vs. Subclassing, Liskov Substitution Principle. Intuition: Type Signature is a Specification.

Inheritance. Transitivity

COMP 250 Fall inheritance Nov. 17, 2017

DOWNLOAD PDF CORE JAVA APTITUDE QUESTIONS AND ANSWERS

Feedback-controlled Random Test Generation

Active Testing for Concurrent Programs

Contracts. Dr. C. Constantinides. June 5, Department of Computer Science and Software Engineering Concordia University Montreal, Canada 1/71

Class-level reuse with inheritance Behavioral subtyping

The Singleton Pattern. Design Patterns In Java Bob Tarr

Argument Passing All primitive data types (int etc.) are passed by value and all reference types (arrays, strings, objects) are used through refs.

A Third Look At Java. Chapter Seventeen Modern Programming Languages, 2nd ed. 1

Basic Object-Oriented Concepts. 5-Oct-17

What s Conformance? Conformance. Conformance and Class Invariants Question: Conformance and Overriding

Lecture 11 Subtypes and Subclasses

A simple map: Hashtable

Objects, Subclassing, Subtyping, and Inheritance

COURSE 2 DESIGN PATTERNS

HAS-A Relationship. Association is a relationship where all objects have their own lifecycle and there is no owner.

CSE 331 Software Design and Implementation. Lecture 12 Subtypes and Subclasses

Audience. Revising the Java Thread/Memory Model. Java Thread Specification. Revising the Thread Spec. Proposed Changes. When s the JSR?

C12a: The Object Superclass and Selected Methods

Program Verification (6EC version only)

Java Programming. Manuel Oriol, March 22nd, 2007

Exercise 3 Subtyping and Behavioral Subtyping October 13, 2017

Static Analysis for Safe Concurrency

In this lab we will practice creating, throwing and handling exceptions.

a correct statement? You need to know what the statement is supposed to do.

Learning from Bad Examples. CSCI 5828: Foundations of Software Engineering Lecture 25 11/18/2014

W4118: concurrency error. Instructor: Junfeng Yang

UC Santa Barbara. CS189A - Capstone. Christopher Kruegel Department of Computer Science UC Santa Barbara

Definition of DJ (Diminished Java)

Software Engineering Design & Construction

ITI Introduction to Computing II

Advances in Programming Languages

CMSC 433 Programming Language Technologies and Paradigms. Concurrency

n HW5 out, due Tuesday October 30 th n Part 1: Questions on material we ll cover today n Part 2: BFS using your graph from HW4

CMSC 132: Object-Oriented Programming II

CS455: Introduction to Distributed Systems [Spring 2019] Dept. Of Computer Science, Colorado State University

Fortgeschrittene objektorientierte Programmierung (Advanced Object-Oriented Programming)

Creating Java Programs with Greenfoot

CSCI-142 Exam 1 Review September 25, 2016 Presented by the RIT Computer Science Community

Transcription:

Automatic Testing of Sequential and Concurrent Substitutability Michael Pradel and Thomas R. Gross Department of Computer Science ETH Zurich 1

Motivation void bar(foo f) { f.m();... } bar() expects functionality from Foo.m() 2

Motivation void bar(foo f) { Foo f.m();... } Foo.. bar() expects functionality from Foo.m()... even if Foo has subclasses 2

Substitutability A subclass object should behave like a superclass object when being used through the superclass type. [Liskov1987] 3

Sequential + Concurrent Substitutability: Matters in sequential and concurrent programs Sequence of calls on an object Partial order of calls on an object 4

The Problem How to enforce substitutability? Language restrictions: Not powerful enough Verification: Not practical 5

The Problem How to enforce substitutability? Language restrictions: Not powerful enough Verification: Not practical class Super { m(object o) {..} } class Sub extends Super { m(foo o) {..} } 5

The Problem How to enforce substitutability? Language restrictions: Not powerful enough Verification: Not practical 5

The Problem How to enforce substitutability? Language restrictions: Not powerful enough Verification: Not practical In practice: 1/3 of all subclasses broken (for Java classes from 26 popular libraries) 5

Real-World Example TreeMap m =... m.put(23, m); m.polllastentry(); m.hashcode(); Apache Commons Collections, Bug 394 6

Real-World Example TreeMap m =... m.put(23, m); m.polllastentry(); m.hashcode(); TreeMap OK FastTreeMap StackOverflow- Error Apache Commons Collections, Bug 394 6

Real-World Example TreeMap m =... m.put(23, m); m.polllastentry(); m.hashcode(); Problem: May surprise clients of TreeMap TreeMap OK FastTreeMap StackOverflow- Error Apache Commons Collections, Bug 394 6

This Talk Automatic and precise detection of unsafe substitutes 7

This Talk Automatic and precise detection of unsafe substitutes Subclass that behaves differently from its superclass 7

This Talk Only input: Classes to test Automatic and precise detection of unsafe substitutes Subclass that behaves differently from its superclass 7

This Talk Only input: Classes to test Only output: Unsafe substitutes Automatic and precise detection of unsafe substitutes Subclass that behaves differently from its superclass 7

Overview Superclass and subclass Test generation Generic test Superclass oracle Warning about unsafe substitute 8

Overview Superclass and subclass Test generation Generic test Superclass oracle Warning about unsafe substitute 8

Generic Tests. (sequence of calls to prepare arguments) Super s = new Super(..) OR new Sub(..). (calls to s from one or more threads) 9

Generic Tests. (sequence of calls to prepare arguments) Super s = new Super(..) OR new Sub(..) Run the same test with either class. (calls to s from one or more threads) 9

Generic Tests. (sequence of calls to prepare arguments) Super s = new Super(..) OR new Sub(..). (calls to s from one or more threads) 9

Generic Tests. (sequence of calls to prepare arguments) Super s = new Super(..) OR new Sub(..). (calls to s from one or more threads) 9

Test Generation Feedback-directed, random generation of sequential and concurrent tests [PLDI 2012] TreeMap m = new TreeMap() OR new FastTreeMap(); m.put(23, m); Randomly selected m.polllastentry(); methods with m.hashcode(); random arguments 10

Challenge: Constructors TreeMap m = new TreeMap(map1) OR new FastTreeMap(map2) Goal: Problem: Semantically equivalent Super and Sub instances Constructors are not inherited in Java 11

Constructor Mappings Heuristic: Map constructors by argument types and pass same arguments Super(int, Foo) Sub(int, Foo) TreeMap() FastTreeMap() 12

Overview Superclass and subclass Test generation Generic test Superclass oracle Warning about unsafe substitute 13

Overview Superclass and subclass Test generation Generic test Superclass oracle Warning about unsafe substitute 13

Superclass Oracle Idea: Warn if Sub s behavior diverges from Super s behavior Sequential tests: Compare two executions Concurrent tests: Compare two sets of executions 14

Output Oracle Warn if return values differ Primitives & String: Compare values Reference values: Compare nullness 15

Output Oracle Warn if return values differ Primitives & String: Compare values Reference values: Compare nullness Example: TreeMap m = new TreeMap(); m.put(23, m); // null m.polllastentry(); // non-null TreeMap m = new FastTreeMap(); m.put(23, m); // null m.polllastentry(); // null 15

Output Oracle Warn if return values differ Primitives & String: Compare values Reference values: Compare nullness Example: TreeMap m = new TreeMap(); m.put(23, m); // null m.polllastentry(); // non-null TreeMap m = new FastTreeMap(); m.put(23, m); // null m.polllastentry(); // null Warning 15

Crash Oracle Warn if Sub leads to exception or deadlock, but Super doesn t 16

Crash Oracle Warn if Sub leads to exception or deadlock, but Super doesn t Example: TreeMap m = new TreeMap(); m.put(23, m); // OK m.polllastentry(); // OK m.hashcode(); // OK TreeMap m = new FastTreeMap(); m.put(23, m); // OK m.polllastentry(); // OK m.hashcode(); // Exception 16

Crash Oracle Warn if Sub leads to exception or deadlock, but Super doesn t Example: TreeMap m = new TreeMap(); m.put(23, m); // OK m.polllastentry(); // OK m.hashcode(); // OK TreeMap m = new FastTreeMap(); m.put(23, m); // OK m.polllastentry(); // OK m.hashcode(); // Exception Warning 16

Overview Superclass and subclass Test generation Generic test Superclass oracle Warning about unsafe substitute 17

Evaluation: Setup 145 class pairs from 26 real-world Java libraries 116 sequentially used 29 concurrently used Apache Commons Collections, dom4j, itext, and libraries in Qualitas corpus Stop testing after a fixed number of tests 18

Results: Output Oracle 42% of all subclasses are output-diverging substitutes Most of them (93%) are benign 19

Example: Output-divergent Namespace ns = new Namespace("a", "b"); boolean b = ns.supportsparent(); // false Namespace ns = new DefaultNamespace("a", "b"); boolean b = ns.supportsparent(); // true 20

Example: Output-divergent Namespace ns = new Namespace("a", "b"); boolean b = ns.supportsparent(); // false Namespace ns = new DefaultNamespace("a", "b"); boolean b = ns.supportsparent(); // true Different behavior but not a bug 20

Reasons for False Positives Ad-hoc reflection String representations differ Constructor mismatch: Heuristic fails 21

Results: Crash Oracle 30% of all subclasses are crashing substitutes All issues are bugs that should be fixed 22

Example: Crashing (1) TreeMap m = new TreeMap(); m.put(23, m); // OK m.polllastentry(); // OK m.hashcode(); // OK TreeMap m = new FastTreeMap(); m.put(23, m); // OK m.polllastentry(); // OK m.hashcode(); // Exception Apache Commons Collections, Bug 394 23

Example: Crashing (2) Properties p = new Properties(); p.setproperty("a", "b"); Thread 1 Thread 2 p.remove("a"); p.clear(); OK Properties p = new PropertyMap(); p.setproperty("a", "b"); Thread 1 Thread 2 p.remove("a"); p.clear(); Exception JBoss Common, Bug 126 24

Root Causes for Bugs Sub imposes stronger precondition Sub removes methods (UnsupportedOperationException) Sub removes synchronization Propagated unsafety 25

Root Causes for Bugs Sub imposes stronger precondition Sub removes methods (UnsupportedOperationException) Sub removes synchronization A Propagated unsafety B C 25

Feedback from Developers Reported 10 bugs (e.g., JBoss, Commons Collections) 8 of them fixed by now 3 other bugs found and fixed independently of us 26

Conclusion Substitutability: Broken in practice Automatic testing approach Crash oracle: Only real bugs Need better language support for avoiding substitutability problems 27

Automatic Testing of Sequential and Concurrent Substitutability Thank you! Michael Pradel Artifacts for download: http://mp.binaervarianz.de/icse2013/ 28

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback