detecting problems in the database access code of large
play

Detecting Problems in the Database Access Code of Large Scale - PowerPoint PPT Presentation

May 21, 2023 •309 likes •632 views

Detecting Problems in the Database Access Code of Large Scale Systems An industrial Experience Report 1 Existing static analysis tools focus on language-related problems PMD Google error-prone Coverity FindBugs Facebook Infer However,

  1. Detecting Problems in the Database Access Code of Large Scale Systems An industrial Experience Report 1

  2. Existing static analysis tools focus on language-related problems PMD Google error-prone Coverity FindBugs Facebook Infer However, many problems are related to how developers use different frameworks 2

  3. Over 67% of Java developers use Object-Relational Mapping (Hibernate) to access databases 67% 22% Existing static analysis tools provide mostly rudimentary support for JDBC! 3

  4. Over 40% of Java web application developers use Spring Developers use Spring to manage database transactions in web applications None of the static analysis tools support Spring! 4

  5. There is a huge need for framework- specific tools Developers leverage MANY frameworks, but existing tools only support detecting language-related problems. 5

  6. An example class with Java ORM code User class is User.java mapped to “ user” @Entity table in DB @Table(name = “user”) @DynamicUpdate Performance- public class User{ related configs @Column(name=“id”) id is mapped to the private int id; column “id” in the @Column(name=“name”) user table String userName; A user can belong @OneToMany(fetch= FetchType.EAGER ) to multiple teams List<Team> teams; Eagerly retrieve public void setName(String n){ associated teams userName = n; when retrieving a } 6 … other getter and setter methods user object

  7. Accessing the database using ORM select u from user where u.id = 1; User u = findUserByID(1); ORM update user set database name=“Peter” where user.id = 1; u.setName(“Peter”); Objects SQLs 7

  8. Transaction management using Spring Create a DB @Transaction ( Propogation.REQUIRED ) transaction getUser(){ … Entire business logic will updateUserGroup(u) be executed with the … same DB transaction } By using ORM and Spring, developers can focus more on the business logic and functionality 8

  9. Implementing DBChecker • DBChecker looks for both functional and performance bug patterns • DBChecker is integrated in industrial practice Source code 9

  10. Overview of the presentation Lessons learned when Bug patterns adopting the tool in practice 10

  11. Overview of the presentation Lessons learned when Bug patterns adopting the tool in practice More patterns and learned lessons in the paper 11

  12. ORM excessive data bug pattern Class User{ Eagerly retrieve @ EAGER teams from DB List<Team> teams; } User u = findUserById(1); Objects u.getName(); EOF User Table Team Table join Team data is never SQL used! 12

  13. Detecting excessive data using static analysis Class User{ First find all the objects that @ EAGER eagerly retrieve data from DB List<Team> teams; } User user = findUserByID(1); Identify all the data usages of ORM-managed objects user team user.getName(); Check if the eagerly retrieved data is ever used user team 13

  14. Nested transaction bug pattern Create a DB @Transaction ( Propogation. transaction REQUIRED ) getUser(){ @Transaction ( Propogation. updateUserGroup(u) REQUIRES_NEW ) … } Create a child transaction, and suspend parent transaction until child is finished Misconfigurations can cause unexpected transaction timeout, deadlock, or other performance-related problems 14

  15. Detecting nested transaction bug pattern @Transaction ( Propogation. Parse all transaction REQUIRED ) configurations getUser(){ … Identify all methods with the updateUserGroup(u) annotation … } Propogation.REQUIRED Traverse the call graph to identify calls potential misconfigurations Propogation.REQUIRS_NEW 15

  16. Limitation of current static analysis tools @Transaction ( Propo gation.REQUIRED ) @EAGER Annotations are lost Do not consider how when converting source developers configure code to byte code frameworks Many Many problems configurations are are related to set through framework annotations configurations 16

  17. Overview of the presentation Lessons learned when Bug patterns adopting the tool in practice Most discussed bug patterns are related to incorrect usage of frameworks 17

  18. Overview of the presentation Lessons learned when Bug patterns adopting the tool in practice Most discussed bug patterns are related to incorrect usage of frameworks 18

  19. Handling a large number of detection results • Developers have limited time to fix detected problems • Most existing static analysis frameworks do not prioritize the detected instances for the same bug pattern 19

  20. Prioritizing based on DB tables User • Problems related to large or frequently-accessed tables are Time zone ranked higher (more likely to be performance bottlenecks) • Problems related to highly dependable tables are ranked higher 20

  21. Developers have different backgrounds • Not all developers are familiar with these frameworks and databases • Developers may not take the problems seriously if they don’t understand the impact 21

  22. Educating developers about the detected problems • We hosted several workshops to educate developers about the impact and cause of the problems • Walk developers through examples of detected problems • May learn new bug patterns from developers 22

  23. Overview of the presentation Lessons learned when Bug patterns adopting the tool in practice Most discussed bug We prioritize problems patterns are related to based on DB tables, and incorrect usage of educate developers about frameworks the problems 23

  24. 24

  25. 25

  26. 26

  27. 27

  28. 28

  29. 29

  30. 30

  31. 31

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

from Raw Files into Database Systems Presenter: Hefu Chai Motivation Problems with database

from Raw Files into Database Systems Presenter: Hefu Chai Motivation Problems with database

Invisible loading: Access-Driven Data Transfer from Raw Files into Database Systems Presenter: Hefu Chai Motivation Problems with database systems High time -to-first-analysis Large scientific datasets and social networks

490 views • 30 slides
Detecting Large-Scale System Problems by Mining Console Logs Author : Wei Xu, Ling Huang,

Detecting Large-Scale System Problems by Mining Console Logs Author : Wei Xu, Ling Huang,

Detecting Large-Scale System Problems by Mining Console Logs Author : Wei Xu, Ling Huang, Armando Fox, David Patterson, Michael Jordan Conference: ICML 2010 SOSP2009, ICDM 2009 Reporter: Zhe Fu Outline SOSP 09 ICML 10 Offline Analysis

935 views • 48 slides
Managing Large Code Projects 15-110 Wednesday 11/11 Learning Goals Implement helper

Managing Large Code Projects 15-110 Wednesday 11/11 Learning Goals Implement helper

Managing Large Code Projects 15-110 Wednesday 11/11 Learning Goals Implement helper functions in code to break up large problems into solvable subtasks Recognize the four core rules of code maintenance Use the input command and

1.07k views • 62 slides
CS 61: Database Systems Access via programming languages Agenda 1. Direct database access 2.

CS 61: Database Systems Access via programming languages Agenda 1. Direct database access 2.

CS 61: Database Systems Access via programming languages Agenda 1. Direct database access 2. Web APIs 3. Node.js 2 Python can directly query the database Steps to access MySQL from Python 1. Install connector to MySQL: sudo pip install

578 views • 14 slides
by Mining Console Logs Wei Xu* Ling Huang Armando Fox* David Patterson* Michael Jordan*

by Mining Console Logs Wei Xu* Ling Huang Armando Fox* David Patterson* Michael Jordan*

UC Berkeley Detecting Large-Scale System Problems by Mining Console Logs Wei Xu* Ling Huang Armando Fox* David Patterson* Michael Jordan* Intel Labs Berkeley *UC Berkeley 1 Why console logs? Detecting problems in large scale

323 views • 14 slides
Database Management System CEN 351 Course Description A database management system (DBMS) is

Database Management System CEN 351 Course Description A database management system (DBMS) is

Database Management System CEN 351 Course Description A database management system (DBMS) is a computer application program designed for the efficient and effective storage, access and update of large volumes of information. This course

399 views • 7 slides
Example: bank and its A TM mac hines. 4. Supp orts secure, atomic access to

Example: bank and its A TM mac hines. 4. Supp orts secure, atomic access to

What is a Database Managemen t System? 1. Manages v ery large amoun ts of data. 2. Supp orts ecien t access to v ery large amoun ts of data. 3. Supp orts concurren t access to v.l.a.d. Example: bank

393 views • 14 slides
How Do I Ask Questions? For your convenience, there are two ways to ask questions two ways to

How Do I Ask Questions? For your convenience, there are two ways to ask questions two ways to

Thank you for joining us today! If you havent dialed into the audio (telephone) portion, please do so now: 1-866-516-5393 Access Code: 33403311 Access Code: 33403311 If you are experiencing technical problems with the GoToWebinar

446 views • 21 slides
What is a Database Managemen t System? 1. Manages v ery large amoun ts of data. 2.

What is a Database Managemen t System? 1. Manages v ery large amoun ts of data. 2.

What is a Database Managemen t System? 1. Manages v ery large amoun ts of data. 2. Supp orts ecien t access to v ery large amoun ts of data. 3. Supp orts concurren t access to v.l.a.d. 4. Supp orts secure,

720 views • 23 slides
Database design III Courses(code, period, name, teacher) code name code, period teacher

Database design III Courses(code, period, name, teacher) code name code, period teacher

Quiz time! Whats wrong with this schema? Database design III Courses(code, period, name, teacher) code name code, period teacher Functional dependencies cont. {(TDA356, 2, Databases, Niklas Broberg), BCNF and 3NF

92 views • 8 slides
Database Access via Programming Languages 5DV119 Introduction to Database Management Ume a

Database Access via Programming Languages 5DV119 Introduction to Database Management Ume a

Database Access via Programming Languages 5DV119 Introduction to Database Management Ume a University Department of Computing Science Stephen J. Hegner hegner@cs.umu.se http://www.cs.umu.se/~hegner Database Access via Programming

348 views • 20 slides
Database Utilities 10/17/2007 DC/Win Database Utilities Opening Database Utilities From File on

Database Utilities 10/17/2007 DC/Win Database Utilities Opening Database Utilities From File on

Database Utilities 10/17/2007 DC/Win Database Utilities Opening Database Utilities From File on the Menu Bar DC/Win Database Utilities Options Vary Depending on Database Two Types of Databases Sequel (SQL) Database Access Database

460 views • 6 slides
What is a database system ? Database: a large, integrated collection of data. Models a real

What is a database system ? Database: a large, integrated collection of data. Models a real

2 What is a database system ? Database: a large, integrated collection of data. Models a real world enterprise Entities (teams, games) Relationships (Orphan Pamuk received the Nobel Prize) Course introduction Constraints (

246 views • 7 slides
Goals Database Administration All large and small databases need database Database

Goals Database Administration All large and small databases need database Database

PHP Miscellaneous $db-&gt;insert_id IT420: Database Management and Retrieves the ID generated for an Organization AUTO_INCREMENT column by the previous INSERT query Return value: Managing Multi-user The ID generated for an

140 views • 11 slides
TraffickStop: Detecting and Measuring Illicit Traffic Monetization Through Large-scale DNS

TraffickStop: Detecting and Measuring Illicit Traffic Monetization Through Large-scale DNS

TraffickStop: Detecting and Measuring Illicit Traffic Monetization Through Large-scale DNS Analysis Baojun Liu, Zhou Li, Peiyuan Zong, Chaoyi Lu , Haixin Duan, Ying Liu, Sumayah Alrwais, Xiaofeng Wang, Shuang Hao, Yaoqi Jia, Yiming Zhang, Kai

819 views • 30 slides
Sponsored by Call-In #: 1-650-479-3207 | Access Code: 668 656 008 Enter your question in the

Sponsored by Call-In #: 1-650-479-3207 | Access Code: 668 656 008 Enter your question in the

Sponsored by Call-In #: 1-650-479-3207 | Access Code: 668 656 008 Enter your question in the Q&amp;A box found by hovering over the menu at the top of your screen. You can submit a question any time during the webinar. Any problems - use the

1.12k views • 59 slides
Normal Random Variable X is a Normal Random Variable : X ~ N( , 2 ) Probability

Normal Random Variable X is a Normal Random Variable : X ~ N( , 2 ) Probability

Normal Random Variable X is a Normal Random Variable : X ~ N( , 2 ) Probability Density Function (PDF): 1 2 2 2 ( x ) / f ( x ) e where x 2 E [ X ]

361 views • 18 slides
Digital Publishing and the Open Web Pla3orm Bill McCoy

Digital Publishing and the Open Web Pla3orm Bill McCoy

Digital Publishing and the Open Web Pla3orm Bill McCoy &lt;bmccoy@idpf.org&gt; 1 1 1 0 1 1 0 0 Ebooks are now available on all kinds of devices 1 0 1 1 0 1 1 0 0 0 0 0 1 1 1 0 1 1 0

463 views • 30 slides
Joining in Lucene Martijn van Groningen martijn.vangroningen@searchworkings.com Lucene Committer

Joining in Lucene Martijn van Groningen martijn.vangroningen@searchworkings.com Lucene Committer

Joining in Lucene Martijn van Groningen martijn.vangroningen@searchworkings.com Lucene Committer &amp; PMC Member Monday, June 4, 2012 Joining Introduction Data is often relational, but Lucenes document model is not. Support for

223 views • 19 slides
The Road Ahead Design Philosophy Application protocol examples ftp http

The Road Ahead Design Philosophy Application protocol examples ftp http

CS640: Introduction to Computer Networks Aditya Akella Lecture 4 - Design Philosophy, Application Protocols and Performance The Road Ahead Design Philosophy Application protocol examples ftp http Performance Delay

344 views • 13 slides
Nouns, V erbs, and Sentences 98-348: Lecture 2 Nouns, verbs and sentences 98-348: Lecture 2

Nouns, V erbs, and Sentences 98-348: Lecture 2 Nouns, verbs and sentences 98-348: Lecture 2

Nouns, V erbs, and Sentences 98-348: Lecture 2 Nouns, verbs and sentences 98-348: Lecture 2 Any questions about the homework? Everyone read one word at var snimma ndvera byg goanna, er goin hfu sett Migar ok

383 views • 34 slides
University Credits 4.0 Project Group Proposal 2020/2021 whoami Interim Professor for IT security

University Credits 4.0 Project Group Proposal 2020/2021 whoami Interim Professor for IT security

University Credits 4.0 Project Group Proposal 2020/2021 whoami Interim Professor for IT security Research in Software Security Java Security Vulnerability Analysis Usability in Security Type Systems Ben Hermann ben.hermann@upb.de Static

362 views • 12 slides
DS504/CS586: Big Data Analytics Graph Mining Prof. Yanhua Li Time: 6:00pm 8:50pm R Location:

DS504/CS586: Big Data Analytics Graph Mining Prof. Yanhua Li Time: 6:00pm 8:50pm R Location:

Welcome to DS504/CS586: Big Data Analytics Graph Mining Prof. Yanhua Li Time: 6:00pm 8:50pm R Location: AK232 Fall 2016 Graph Data: Social Networks Facebook social graph 4-degrees of separation [Backstrom-Boldi-Rosa-Ugander-Vigna, 2011]

645 views • 40 slides
Modelling Requirements for Content Recommendation Systems Sarah Bouraga 1 , 2 Ivan Jureta 1 , 2 ,

Modelling Requirements for Content Recommendation Systems Sarah Bouraga 1 , 2 Ivan Jureta 1 , 2 ,

Modelling Requirements for Content Recommendation Systems Sarah Bouraga 1 , 2 Ivan Jureta 1 , 2 , 3 ephane Faulkner 1 , 2 St iStar 2016 Department of Business Administration, University of Namur PReCISE Research Center, University of Namur

473 views • 28 slides

More recommend