i want you to fight bad code
play

I WANT YOU TO FIGHT BAD CODE! Get the tools & demos from: - PowerPoint PPT Presentation

Feb 04, 2023 •309 likes •582 views

I WANT YOU TO FIGHT BAD CODE! Get the tools & demos from: http://types.cs.washington.edu/ checker-framework/2012-oscon/ Developing and Using Pluggable Type Systems Werner M. Dietl Michael D. Ernst University of Washington Computer

  1. I WANT YOU TO FIGHT BAD CODE! Get the tools & demos from: http://types.cs.washington.edu/ checker-framework/2012-oscon/

  2. Developing and Using Pluggable Type Systems Werner M. Dietl Michael D. Ernst University of Washington Computer Science & Engineering

  3. Software has too many errors

  4. Java's type system is too weak ● Type checking prevents many errors int i = “hello”; ● Type checking doesn't prevent enough errors System.console().readLine(); Collections.emptyList().add(“one”); dbStatement.executeQuery(userInput); W. Dietl - cs.washington.edu 4

  5. Better type systems can help! ● Null-pointer exceptions [Fähndrich & Leino '03] ● Unwanted mutations [Tschantz & Ernst '05] ● Concurrency errors [Boyapati et al. '02, Cunningham et al. '07] ● … many more! Theory Practice Decades! W. Dietl - cs.washington.edu 5

  6. Static type systems 0 errors, Crashes 0 warnings Source Compiler, Executable Code Type Checker W. Dietl - cs.washington.edu 6

  7. Pluggable type checkers Compiler, Source Executable Type Checker Code Pluggable Type Checker Fix Bugs Warnings Add Annotations W. Dietl - cs.washington.edu 7

  8. Pluggable type checkers Compiler, Source Executable Type Checker Code Pluggable Pluggable Pluggable Type Checker Type Checker Type Checker Fix Bugs Warnings Add Annotations W. Dietl - cs.washington.edu 8

  9. Java 8 extends annotation syntax ● Annotations on all occurrences of types @Untainted String query; List< @NonNull String> strings; myGraph = ( @Immutable Graph) tmpGraph; class UnmodifiableList<T> implements @Readonly List< @Readonly T> {} ● Stored in classfile ● Handled by javac, javap, javadoc, … ● You can use it with Java 5/6/7! ● Backward compatible: write in /*@comments*/ 9

  10. The Checker Framework ● A framework for pluggable type checkers ● “Plugs” into the OpenJDK compiler ● Easy to use javac -processor EncryptionChecker … ● Eclipse plug-in, Ant and Maven integration W. Dietl - cs.washington.edu 10

  11. Example: Regular expressions String regex = getUserInput(); Pattern pat = Pattern.compile(regex); Matcher mat = pat.matcher(content); if (mat.matches()) { println("Group: " + mat.group(4)); } else { println("No match!"); } 11

  12. Regular expression type system ● What runtime exceptions do you wish to prevent? PatternSyntaxException and IndexOutOfBoundsException. ● What properties of data should always hold? Indicate strings containing valid regexs and group counts. ● What operations are legal and illegal? Matcher.group only on regex with minimum group count. W. Dietl - cs.washington.edu 12

  13. Example: Encrypted communication void send( @Encrypted String msg) {…} @Encrypted String msg1 = ...; send(msg1); // OK String msg2 = ...; send(msg2); // Warning! W. Dietl - cs.washington.edu 13

  14. Encryption type system ● What runtime exceptions do you wish to prevent? Invalid information flow. ● What properties of data should always hold? Separate encrypted and plain strings. ● What operations are legal and illegal? Forbid sending unencrypted data. W. Dietl - cs.washington.edu 14

  15. Our experience ● Checkers reveal important latent bugs ● Ran on >3 million LOC of real-world code ● Found hundreds of user-visible bugs ● Annotation overhead is low ● Mean 2.6 annotations per kLOC W. Dietl - cs.washington.edu 15

  16. Null-pointer crash in Google Collections class ForMapWithDefault { @Nullable Object defaultValue; public int hashCode() { return map.hashCode() + defaultValue.hashCode(); } java.lang.NullPointerException } ● Found 9 such crashes, despite: ● 45000 tests (2/3 of the LOC) ● Uses FindBugs @Nullable annotations, no FindBugs warnings W. Dietl - cs.washington.edu 16

  17. Building checkers is easy Example: Ensure encrypted communication void send( @Encrypted String msg) {…} @Encrypted String msg1 = ...; send(msg1); // OK String msg2 = ....; send(msg2); // Warning! Unqualified The complete checker: Encrypted @TypeQualifier @Target(ElementType.TYPE_USE) @SubtypeOf(Unqualified.class) public @interface Encrypted {} 17

  18. Building complex checkers is possible Nullness Checker is actually 3 checkers: ● Nullness itself ● Correct object initialization ● Correct usage of keys in map accesses Refined defaulting: ● Refined flow-sensitive inference ● Heuristics for Map.get behavior W. Dietl - cs.washington.edu 18

  19. SQL injection demo Goal: no SQL injection attacks possible ● Uses @Tainted and @Untainted annotations Open-source blogging software 1. Download personalblog.zip demo 2. Go into directory personalblog-demo 3. Requires 8 annotations; we wrote 6 4. Follow me along! W. Dietl - cs.washington.edu 19

  20. Brainstorming new type checkers ● What runtime exceptions do you wish to prevent? ● What properties of data should always hold? ● What operations are legal and illegal? ● Type-system checkable properties: ● Dependency on values ● Not on program structure, timing, ... W. Dietl - cs.washington.edu 20

  21. Possible type systems ● String normalization (address, dates, ...) ● File existence, legal operations ● Units of measurement and precisions ● Positive/negative numbers ● Network transfer completed ● Type state systems ● String interning ● Bitfields, legal drinking age, fake enumerations W. Dietl - cs.washington.edu 21

  22. A sampling of type checkers Property you care about: Annotation to use: ● Tainting @Tainted ● Java type signatures @BinaryName ● Null dereferences @Nullable ● Concurrency @Lock, @GuardedBy ● Mutability & side effects @Immutable ● Fake enumerations @SwingCompassDirection ● Internationalization @Localized ● Regular expressions @Regex ● Object encapsulation @Rep, @Peer, @Any ● Energy efficiency @Approx, @Precise ● Equality tests @Interned 22

  23. Your turn to improve your code! 1. Choose a project you care about ● Or, try pircbot (download from tutorial page) 2. Improve it ● Apply an existing checker to your code, or ● Create a new domain-specific type checker W. Dietl - cs.washington.edu 23

  24. Checker Framework: Much More! ● Powerful framework to develop sophisticated type checkers ● Inference tools ● Annotation tools to insert annotations ● Specification files for libraries W. Dietl - cs.washington.edu 24

  25. What to do next ● Improve your projects using type checkers ● Develop your own type checkers ● Contribute to the Checker Framework project ● Problems or suggestions? Give us feedback! W. Dietl - cs.washington.edu 25

  26. I WANT YOU TO FIGHT BAD CODE! Get the tools & demos from: http://types.cs.washington.edu/ checker-framework/2012-oscon/

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

ARENA FIGHT BEST FRENCH KICKBOXING &amp; MMA FIGHTS ARENA FIGHT / 2019 / COMPETITION /

ARENA FIGHT BEST FRENCH KICKBOXING &amp; MMA FIGHTS ARENA FIGHT / 2019 / COMPETITION /

ARENA FIGHT BEST FRENCH KICKBOXING &amp; MMA FIGHTS ARENA FIGHT / 2019 / COMPETITION / VISIBILITY / FIGHTERS / MEDIA RIGHTS ARENA FIGHT ARENA FIGHT is the new top fight sport competition series launched in France in 2019. Committed to

108 views • 10 slides
Exercise 4: Fight Club Karl Gmeiner 2015 Exercise 4: Fight Club 1 Exercise 4: Fight Club The

Exercise 4: Fight Club Karl Gmeiner 2015 Exercise 4: Fight Club 1 Exercise 4: Fight Club The

Exercise 4: Fight Club Karl Gmeiner 2015 Exercise 4: Fight Club 1 Exercise 4: Fight Club The first rule of this exercise is, do not talk about this exercise. Implement a round and text-based fighter game. In this game, you can create fighters

196 views • 3 slides
LEARNING TO FIGHT EXODUS 17:8-16 New Experience: Israel must learn to fight EXODUS 17:8-16 At

LEARNING TO FIGHT EXODUS 17:8-16 New Experience: Israel must learn to fight EXODUS 17:8-16 At

LEARNING TO FIGHT EXODUS 17:8-16 New Experience: Israel must learn to fight EXODUS 17:8-16 At Rephidim, Amalek came and fought against Israel. Moses said to Joshua, Select some men for us and go fight against Amalek. Tomorrow I will stand

855 views • 49 slides
LOCAL ACTION PLANS FOR FIGHT AGAINST FIGHT AGAINST CORRUPTIOON AT THE LOCAL LEVEL ZRENJANIN

LOCAL ACTION PLANS FOR FIGHT AGAINST FIGHT AGAINST CORRUPTIOON AT THE LOCAL LEVEL ZRENJANIN

LOCAL ACTION PLANS FOR FIGHT AGAINST FIGHT AGAINST CORRUPTIOON AT THE LOCAL LEVEL ZRENJANIN POEGA KRAGUJEVAC NI GOAL OF PRESENTATION Presenting the process of creation of Local Action Plans for fight against corruption (LAPs) in

337 views • 21 slides
1 Timothy 6:12-16 (NIV) 12 Fight the good fight of the faith. Take hold of the eternal life to

1 Timothy 6:12-16 (NIV) 12 Fight the good fight of the faith. Take hold of the eternal life to

1 Timothy 6:12-16 (NIV) 12 Fight the good fight of the faith. Take hold of the eternal life to which you were called when you made your good confession in the presence of many witnesses. 1 Timothy 6:12-16 (NIV) 13 In the sight of God, who

651 views • 11 slides
Fight the Good Fight 1 Timothy 1-2:6 1 Timothy 1:1 11 Paul, an apostle of Christ Jesus by

Fight the Good Fight 1 Timothy 1-2:6 1 Timothy 1:1 11 Paul, an apostle of Christ Jesus by

Fight the Good Fight 1 Timothy 1-2:6 1 Timothy 1:1 11 Paul, an apostle of Christ Jesus by the command of God our Savior and of Christ Jesus our hope, To Timothy my true son in the faith: Grace, mercy and peace from God the Father and

639 views • 16 slides
How America Can Win the Fight Against Obesity the Fight Against Obesity Dr. Derek J. Robinson

How America Can Win the Fight Against Obesity the Fight Against Obesity Dr. Derek J. Robinson

How America Can Win the Fight Against Obesity the Fight Against Obesity Dr. Derek J. Robinson VP of Enterprise Quality, VP of Enterprise Quality, Health Care Service Corporation Prevalence* of Self-Reported Obesity Among U.S. Adults Adults

351 views • 7 slides
80% of Code Red 2 Code Red 2 re-re- Code Red 1 and Code Red 2 Code Red 2 re- cleaned up

80% of Code Red 2 Code Red 2 re-re- Code Red 1 and Code Red 2 Code Red 2 re- cleaned up

Slammer s Bandwidth-Limited Growth 80% of Code Red 2 Code Red 2 re-re- Code Red 1 and Code Red 2 Code Red 2 re- cleaned up due to released Jan 2004 Nimda endemic dies off released with Oct. onset of Blaster (and 2005; not since

450 views • 34 slides
Table 7: Battle of the Sexes Woman Prize Fight Ballet Prize Fight 2,1 0 , 0 Man

Table 7: Battle of the Sexes Woman Prize Fight Ballet Prize Fight 2,1 0 , 0 Man

Table 7: Battle of the Sexes Woman Prize Fight Ballet Prize Fight 2,1 0 , 0 Man Ballet 0 , 0 1,2 Payoffs to: (Man, Woman). 1 Lets do Battle of the Sexes with communi- cation. Woman can say Ballet or Fight first.

339 views • 14 slides
Disputes between Nation- States Class 4 What is interstate conflict? What can states fight

Disputes between Nation- States Class 4 What is interstate conflict? What can states fight

Disputes between Nation- States Class 4 What is interstate conflict? What can states fight over? What can states fight over? Territory Access to natural resources. Ideology Security Hegemony Domestic Pressure for War

709 views • 43 slides
OVERVIEW Lecture : Sucessful judoka Kumi kata (grip fight) Nage waza (standing fight)

OVERVIEW Lecture : Sucessful judoka Kumi kata (grip fight) Nage waza (standing fight)

23/09/13 TECNICA e TATICA no Judo de Alto Rendimento Maringa 25/08/13 Emanuela Pierantozzi Exercise and Sport Sciences Course, University of Genoa 1 OVERVIEW Lecture : Sucessful judoka Kumi kata (grip fight) Nage waza (standing

728 views • 28 slides
5th Report on Local Policies to fight Climate Change PRESENTATION Climate change is a global

5th Report on Local Policies to fight Climate Change PRESENTATION Climate change is a global

5th Report on Local Policies to fight Climate Change PRESENTATION Climate change is a global problem, but it requires to act locally in order to address it. Therefore, the role of cities and towns is essential in the fight against climate

60 views • 4 slides
FULL CONTACT IN FULL HD FIGHT box HD Experience thrilling Feel the excitement of watching live

FULL CONTACT IN FULL HD FIGHT box HD Experience thrilling Feel the excitement of watching live

FULL CONTACT IN FULL HD FIGHT box HD Experience thrilling Feel the excitement of watching live fights in HD quality broadcasts from the best fjghting events in HD quality. for all fight fans FightBox HD will place you inside the ring during

789 views • 19 slides
NEW STYLES PREVIEW 2014 FIGHT SPORTS EVOLVED. AN EXCLUSIVE, CUTTING EDGE TRAINING LINE

NEW STYLES PREVIEW 2014 FIGHT SPORTS EVOLVED. AN EXCLUSIVE, CUTTING EDGE TRAINING LINE

NEW STYLES PREVIEW 2014 FIGHT SPORTS EVOLVED. AN EXCLUSIVE, CUTTING EDGE TRAINING LINE THAT REDEFINES THE PERFORMANCE, PROTECTION, &amp; AESTHETICS OF FIGHT SPORTS EQUIPMENT. EVERLAST PRIME 1 COMBINES UNPRECEDENTED CUSHIONING

447 views • 16 slides
CHILDHOOD OBESITY The Causes &amp; What We Can Do to Fight It M ichelle Cardel , Ph.D., R.D. A

CHILDHOOD OBESITY The Causes &amp; What We Can Do to Fight It M ichelle Cardel , Ph.D., R.D. A

CHILDHOOD OBESITY The Causes &amp; What We Can Do to Fight It M ichelle Cardel , Ph.D., R.D. A ssistant Professor, Department of Heal th Outcomes &amp; Policy Uni versity of Florida College of M edicine Implementation Science Biomedical

770 views • 57 slides
system to Torbjrn Furuseth MD, CFO Company presentation fight cancer August Pareto

system to Torbjrn Furuseth MD, CFO Company presentation fight cancer August Pareto

Activating the patients Activating the immune system to fight cancer immune system to Torbjrn Furuseth MD, CFO Company presentation fight cancer August Pareto Securities Conference 2018 September 5, 2019 IMPORTANT NOTICE AND

639 views • 26 slides
Taintscope: A Checksum-Aware Directed Fuzzing Tool for Automatic Software Vulnerability Detection

Taintscope: A Checksum-Aware Directed Fuzzing Tool for Automatic Software Vulnerability Detection

Taintscope: A Checksum-Aware Directed Fuzzing Tool for Automatic Software Vulnerability Detection Tielei Wang Tao Wei Guofei Gu Wei Zou March 12, 2014 Tielei Wang, Tao Wei, Guofei Gu, Wei Zou Taintscope Taintscope is: A Fuzzing tool

742 views • 42 slides
The Impact of Equivalent, Redundant and Quasi Mutants on Database Schema Mutation Analysis Chris

The Impact of Equivalent, Redundant and Quasi Mutants on Database Schema Mutation Analysis Chris

The Impact of Equivalent, Redundant and Quasi Mutants on Database Schema Mutation Analysis Chris J. Wright Gregory M. Kapfhammer Phil McMinn The Impact of Equivalent, Redundant and Quasi Mutants on Database Schema Mutation Analysis Chris J.

2.11k views • 162 slides
Do Redundant Mutants Affect the Effectiveness and Efficiency of Mutation Analysis? Ren Just 1

Do Redundant Mutants Affect the Effectiveness and Efficiency of Mutation Analysis? Ren Just 1

Do Redundant Mutants Affect the Effectiveness and Efficiency of Mutation Analysis? Ren Just 1 &amp; Gregory M. Kapfhammer 2 &amp; Franz Schweiggert 1 1 Ulm University, Germany 2 Allegheny College, USA 7th International Workshop on Mutation

781 views • 67 slides
Science, Intersubjective Validity, and Judicial Legitimacy Richard B. Katskee The problems

Science, Intersubjective Validity, and Judicial Legitimacy Richard B. Katskee The problems

Science, Intersubjective Validity, and Judicial Legitimacy Richard B. Katskee The problems associated with discovering truth in the courtroom are well known. Eyewitness testimony is notoriously unreliable. Statistics are almost endlessly

250 views • 21 slides
HCV NS3/4A protease inhibitors for the treatment of HCV infected patients TMC435 Oliver

HCV NS3/4A protease inhibitors for the treatment of HCV infected patients TMC435 Oliver

HCV NS3/4A protease inhibitors for the treatment of HCV infected patients TMC435 Oliver Lenz Tibotec BVBA, Beerse, Belgium; AREVIR-GenaFor-Meeting, Bonn 2011 Current HCV Treatment Goal = Sustained Virologic Response

447 views • 21 slides
BioArctic AB DNB Nordic Healthcare Conference Gunilla Osswald, PhD, CEO December 14, 2017

BioArctic AB DNB Nordic Healthcare Conference Gunilla Osswald, PhD, CEO December 14, 2017

BioArctic AB DNB Nordic Healthcare Conference Gunilla Osswald, PhD, CEO December 14, 2017 Disclaimer This presentation has been prepared and produced by BioArctic AB (publ) (BioArctic) solely for the benefit of investment analysis of

559 views • 14 slides
Page 22 sur 23

Page 22 sur 23

Panorama Europe 03 juin 2019 Industrie &amp; Grand Est Entreprise Affaires Sociales Institutions Numrique Agriculture Politique Coopration rgionale dcentralise Recherche &amp; Education &amp; Culture Innovation Energie &amp;

598 views • 23 slides
Building an OpenLayers 3 map viewer with React @PirminKalberer Sourcepole AG, Switzerland

Building an OpenLayers 3 map viewer with React @PirminKalberer Sourcepole AG, Switzerland

FOSS4G 2015 Building an OpenLayers 3 map viewer with React @PirminKalberer Sourcepole AG, Switzerland www.sourcepole.com FOSS4G Seoul 17.9.15 OpenLayers 3 + React About Sourcepole &gt; QGIS &gt; Core dev. &amp; Project Steering Commitee &gt;

565 views • 22 slides

More recommend