recovering system specific rules from software
play

Recovering System Specific Rules from Software Repositories Chadd - PowerPoint PPT Presentation

Apr 10, 2024 •312 likes •560 views

Recovering System Specific Rules from Software Repositories Chadd Williams Jeff Hollingsworth Problem How much do you know about your 10 year old code base? didnt someone rewrite the matrix objects? how do you transform an

  1. Recovering System Specific Rules from Software Repositories Chadd Williams Jeff Hollingsworth

  2. Problem � How much do you know about your 10 year old code base? – didn’t someone rewrite the matrix objects? • how do you transform an image now? � Implicit rules build up over time – little or no documentation – failure to understand implicit rules causes bugs • 32% of bugs detected during maintenance 1 � We can discover implicit rules by looking at code changes [1] Matsumura, T., Monden, A., Matsumoto, K., The Detection of Faulty Code Violating Implicit Coding Rules, IWPSE ’02 2/ 12 2/ 12 Uni ver si t y of M Uni ver si t y of M ar yl and ar yl and

  3. Implicit Rule � Function Usage Pattern – how functions are invoked with respect to each other in the source code – describe relationships between functions – static analysis - intraprocedural HDC hdc = BeginPaint( hwnd, &ps ); mdi = HeapAlloc(GetProcessHeap()); if( hdc ) if (!mdi) DrawIcon( hdc, x, y, hIcon ); HeapFree(GetProcessHeap(), 0, cs); EndPaint( hwnd, &ps ); Conditionally Called After Called After 3/ 12 3/ 12 Uni ver si t y of M Uni ver si t y of M ar yl and ar yl and

  4. Function Usage Pattern Miner � Find new instances of relationships – where that instance was not found in the revision immediately prior int foo(){ int foo(){ open(); open(); Change read(); } } new instance new instance of read() of read() called after called after open() open() � Preliminary filtering heuristic – function calls within 10 source lines of code • many APIs contain functions that are called in quick succession • error handling is near error producing function 4/ 12 4/ 12 Uni ver si t y of M Uni ver si t y of M ar yl and ar yl and

  5. Classification of Mined Data � Each mined instance is classified by how it entered the source code: – both of the function calls were added • instance added in full – one function call was added • the added function completed the pairing • bug fix? refactoring? – neither of the function calls were added • deleted code? control flow change? int foo(){ int foo(){ int foo(){ open(); open(); read(); Change Change read(); } close(); } } 5/ 12 5/ 12 Uni ver si t y of M Uni ver si t y of M ar yl and ar yl and

  6. Rating Mined Relationships � Determine support and confidence for each mined relationship – confidence of foo() -> bar() • in what percent of instances that start with foo(), is foo() follow by bar() ? – support of foo() -> bar() • what percent, of all instances found, are foo() -> bar() ? – present a sorted list to the user • sort on support then confidence 6/ 12 6/ 12 Uni ver si t y of M Uni ver si t y of M ar yl and ar yl and

  7. Preliminary Case Study � Mined Wine CVS repository – 15,666 unique relationships added > > 9 times – 862 unique relationships added > > 99 times � What relationships are found in CVS? – how was it added to the source code? – compare to relationships in the latest version of the source code � How can this help us find bugs? � Can we mine data for a specific API? 7/ 12 7/ 12 Uni ver si t y of M Uni ver si t y of M ar yl and ar yl and

  8. How do the Top 25 of the lists differ? � Most similar to latest version � Least similar to latest version – added one function call – added both function calls • sum of differences in ranking: 41 • sum of differences in ranking: 91 • items unique to one list: 28 • items unique to one list: 8 Relationships found in the Latest Version of Relationships Created By Adding the Source Code One Function Call Called After Relationship Called After Relationship COUNT COUNT fprintf fprintf 2606 fprintf fprintf 12671 VariantChangeTypeEx VariantChangeTypeEx 6700 RtlFreeHeap GetProcessHeap 1782 GetProcAddress GetProcAddress 3605 RtlAllocateHeap GetProcessHeap 1251 HeapFree GetProcessHeap 3577 HeapFree GetProcessHeap 1200 printf printf 3098 GetProcAddress GetProcAddress 1100 HeapAlloc GetProcessHeap 2851 HeapAlloc GetProcessHeap 816 memcmp memcmp 2294 GetProcessHeap RtlFreeHeap 768 GetProcessHeap GetProcessHeap 1985 GetProcessHeap HeapFree 480 GetProcAddress VariantChangeTypeEx 1747 memcmp memcmp 342 GetDlgItem GetDlgItem 1742 GetProcessHeap GetProcessHeap 233 8/ 12 8/ 12 Uni ver si t y of M Uni ver si t y of M ar yl and ar yl and

  9. What relationships were found? � EnterCriticalSection -> LeaveCriticalSection – in latest version: 939 times � How were the instances created? – add both function calls: 1,277 times – add one function call: 5 times – added one function but did not complete the pairing: 82 times • 78 of these uncompleted pairings were because of the 10 line heuristic EnterCri EnterCriticalSection ticalSection( &(This-> ( &(This->lock) ); lock) ); uR uRef ef = ++(This->r = ++(This->ref ef); ); if (T if (This->driver) his->driver) IDsCap aptu tureDri Driver_ er_Add ddRef(This- This- >driver); >driver); Leav LeaveCriticalSection eCriticalSection( &(This-> ( &(This->lock) ); lock) ); 9/ 12 9/ 12 Uni ver si t y of M Uni ver si t y of M ar yl and ar yl and

  10. How can this help us find bugs? � Profile of a bug plagued relationship – created often by adding one function call – rarely created by adding two function calls � Possible bug – TREEVIEW_UpdateScrollBars -> TREEVIEW_Invalidate – update the scroll bars after adding items – invalidate the Treeview so it gets redrawn for ( Each Item In the List ) { for ( Each Item In the List ) { TREEV TREEVIE IEW_D W_DrawItem( Item(infoPt nfoPtr, hdc, w , hdc, wine neIt Item); em); } TREEVIE TREEV IEW_U W_Upda dateScrol teScrollBars ars (infoPtr); (infoPtr); . . . . . . return; return; 10/ 12 10/ 12 Uni ver si t y of M Uni ver si t y of M ar yl and ar yl and

  11. Mining Relationships for an API � What relationships are found between functions declared in an API? � msiquery.c - database access API – two sets of functions: • Msi Foo ( , LPCSTR, ) and MSI_ Foo ( , LPCWSTR, ) – MsiDatabaseOpenViewA -> MsiViewExecute – MSI_DatabaseOpenViewW -> MSI_ViewExecute � Heap access functions – HeapAlloc(GetProcessHeap(), . . . ) – HeapAlloc() -> HeapFree() 11/ 12 11/ 12 Uni ver si t y of M Uni ver si t y of M ar yl and ar yl and

  12. Future Work � Apply our tool to more projects – projects that use a common external library � Track removed usage patterns � Better filtering heuristic – control flow based – data flow based � How do we use the patterns we find? hdc = BeginPaint( hwnd hdc hwnd, &ps ); – documentation if( hdc hdc ) DrawIcon( hdc hdc, x, y, hIcon ); – feed patterns to static source EndPaint( hwnd hwnd, &ps ); code checkers to find violations 12/ 12 12/ 12 Uni ver si t y of M Uni ver si t y of M ar yl and ar yl and

  13. ar yl and ar yl and Uni ver si t y of M Uni ver si t y of M 13/ 12 13/ 12

  14. Backup Slides 14/ 12 14/ 12 Uni ver si t y of M Uni ver si t y of M ar yl and ar yl and

  15. How do the Top 25 of the lists differ? � Difference metric – distance between rankings of common items – number of items unique to each list � Most similar to latest version – Added both function calls • sum of differences in ranking: 50 • items unique to one list: 18 � Least similar to latest version – Added one function call • sum of differences in ranking: 12 • items unique to one list: 48 15/ 12 15/ 12 Uni ver si t y of M Uni ver si t y of M ar yl and ar yl and

  16. Source Code Change History � We can discover implicit rules by looking at code changes – every change is committed – changes highlight misunderstood code – changes highlight new code � Studying each commit gives fine-grain knowledge – how quickly does a rule emerge? – how fast is a rule adopted? – how often is it used later? 16/ 12 16/ 12 Uni ver si t y of M Uni ver si t y of M ar yl and ar yl and

  17. Debug functions in Wine � Many of the relationships involve a debug statement – overwhelmed the rest of the results – filtered from the data – future work: • what can we determine about the proper use of debug statements? if (RegOpenKeyA(HKEY, name, &key)) { RegCloseKey(key); TRACE(message); } 17/ 12 17/ 12 Uni ver si t y of M Uni ver si t y of M ar yl and ar yl and

  18. Relations highlighted by CVS mining � Data Flow Functionality – GetDlgItem -> EnableWindow case W case W M M _USER: _USER: Enabl eW Enabl eW i ndow ( G i ndow ( G et Dl gI t em et Dl gI t em ( … … ) , FALSE) ; ) , FALSE) ; Enabl eW Enabl eW i ndow i ndow ( G ( G et Dl gI t em et Dl gI t em ( … … ) , FALSE) ; ) , FALSE) ; Enabl eW Enabl eW i ndow i ndow ( G ( G et Dl gI t em ( … et Dl gI t em … ) , FALSE) ; ) , FALSE) ; Set Focus Set Focus ( G ( G et Dl gI t em ( hwnd et Dl gI t em hwnd, I DC_TO , I DC_TO O O LBARBTN_LBO LBARBTN_LBO X) ) ; X) ) ; r et ur n TRUE; r et ur n TRUE; 18/ 12 18/ 12 Uni ver si t y of M Uni ver si t y of M ar yl and ar yl and

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Metal, Continued Reading: Checking System Rules Using System-Specific, Programmer-Written

Metal, Continued Reading: Checking System Rules Using System-Specific, Programmer-Written

Metal, Continued Reading: Checking System Rules Using System-Specific, Programmer-Written Compiler Extensions 17-654/17-754 Analysis of Software Artifacts Jonathan Aldrich Assertion Side-Effects Flags error if assert() has side effects

422 views • 13 slides
Where Did My Architecture Go? Preserving and recovering the design of software in its

Where Did My Architecture Go? Preserving and recovering the design of software in its

Where Did My Architecture Go? Preserving and recovering the design of software in its implementation QCON London March 2011 Eoin Woods www.eoinwoods.info Content Losing Design in the Code Key Design Constructs My Example

915 views • 68 slides
Network, I/O and Peripherals: Device-Specific Power Management Selected Chapters of System

Network, I/O and Peripherals: Device-Specific Power Management Selected Chapters of System

Network, I/O and Peripherals: Device-Specific Power Management Selected Chapters of System Software Engineering: Energy-Aware System Software Timo H onig, Christopher Eibel Department of Computer Science 4 Distributed Systems and Operating

713 views • 19 slides
Recovering from a Split Brain (starring pg_waldump and pg_rewind) About Me Software Engineer

Recovering from a Split Brain (starring pg_waldump and pg_rewind) About Me Software Engineer

Recovering from a Split Brain (starring pg_waldump and pg_rewind) About Me Software Engineer Team DB Braintree Payments PostgreSQL Contributor Background PostgreSQL clusters are often deployed with at least two nodes: a

606 views • 34 slides
SESSION C ASSESSING THE SPECIFIC RULES INTRODUCTION 17-18 April 2014 Tokyo, Japan Yiannis

SESSION C ASSESSING THE SPECIFIC RULES INTRODUCTION 17-18 April 2014 Tokyo, Japan Yiannis

SESSION C ASSESSING THE SPECIFIC RULES INTRODUCTION 17-18 April 2014 Tokyo, Japan Yiannis Poulopoulos, Rio Tinto Schedule for this session Short introduction of the Guidelines to be discussed (specific rules) The IMF perspective,

357 views • 6 slides
SOFTWARE SYSTEM ENGINEERING: A TUTORIAL Richard H. Thayer : INTRODUCTION

SOFTWARE SYSTEM ENGINEERING: A TUTORIAL Richard H. Thayer : INTRODUCTION

SOFTWARE SYSTEM ENGINEERING: A TUTORIAL Richard H. Thayer : INTRODUCTION INTRODUCTION Specific of software Getting Large Getting Large Getting complex System System A collection of elements related in a

191 views • 18 slides
Recovering System Capacity Costs: Generation and Transmission Presentation to the CPUC Rates

Recovering System Capacity Costs: Generation and Transmission Presentation to the CPUC Rates

Recovering System Capacity Costs: Generation and Transmission Presentation to the CPUC Rates Forum Tom Beach Principal Consultant Crossborder Energy December 11, 2017 Noncoincident and Monthly Demand Charges Are (Mostly) a Relic of Obsolete

218 views • 5 slides
A NEXT -GEN LEARNING MANAGEMENT SYSTEM WHAT IS LMS? A Learning Management System (LMS) is a

A NEXT -GEN LEARNING MANAGEMENT SYSTEM WHAT IS LMS? A Learning Management System (LMS) is a

A NEXT -GEN LEARNING MANAGEMENT SYSTEM WHAT IS LMS? A Learning Management System (LMS) is a software application or Web based technology used to plan, implement and assess a specific learning process. LMS includes Teacher and Student

493 views • 24 slides
Commission Meeting Gaming System Software and Hardware January 13, 2016 Background Existing

Commission Meeting Gaming System Software and Hardware January 13, 2016 Background Existing

Massachusetts State Lottery Commission Meeting Gaming System Software and Hardware January 13, 2016 Background Existing host system was installed in 1997 Integrated system that requires specific terminal hardware Existing hardware

308 views • 19 slides
Position: Synergetic Effects of Software and Hardware Parameters on the LSM System Authors:

Position: Synergetic Effects of Software and Hardware Parameters on the LSM System Authors:

Position: Synergetic Effects of Software and Hardware Parameters on the LSM System Authors: Jinghuan Yu, Heejin Yoon* Sam H. Noh*, Young-ri Choi*, Chun Jason Xue * Log Structured Merge-tree (LSM) Specific designs for HDD and write-intensive

632 views • 11 slides
The BRI and Recovering from COVID-19 Economically 1. Lessons to be learned from the 2008 financial

The BRI and Recovering from COVID-19 Economically 1. Lessons to be learned from the 2008 financial

The BRI and Recovering from COVID-19 Economically 1. Lessons to be learned from the 2008 financial crisis. 2. A Matter of economic principle. 3. Chinas version of the American System of Political Economy. Hussein Askary Belt and Road

401 views • 29 slides
Domain-specific front-end for virtual Domain-specific front-end for virtual system modeling

Domain-specific front-end for virtual Domain-specific front-end for virtual system modeling

Domain-specific front-end for virtual Domain-specific front-end for virtual system modeling Workshop on Graphical Modeling Language Development at ECMFA 2012 Janne Vatjus-Anttila, Jari Kreku, Kari Tiensyrj VTT Technical Research Centre of

320 views • 20 slides
Swedish Equestrian Federation Risk Management Rules Revision New Rules 2015

Swedish Equestrian Federation Risk Management Rules Revision New Rules 2015

Swedish Equestrian Federation Risk Management Rules Revision New Rules 2015 Following new FEI Rules National Categories Specific Qualifications M65 vs Base0/Base20 Guidelines Updating CD / TD guidelines Dimensions

618 views • 17 slides
Synthesizing Software Verifiers from Proof Rules Corneliu Popeea Technical University Munich

Synthesizing Software Verifiers from Proof Rules Corneliu Popeea Technical University Munich

Synthesizing Software Verifiers from Proof Rules Corneliu Popeea Technical University Munich Joint work with Sergey Grebenshchikov, Nuno Lopes and Andrey Rybalchenko Developing verifiers today Program Model transition system, program with

463 views • 30 slides
React + Redux @ Scale @dcousineau Rules Rules Scalability is the capability of a system,

React + Redux @ Scale @dcousineau Rules Rules Scalability is the capability of a system,

React + Redux @ Scale @dcousineau Rules Rules Scalability is the capability of a system, network, or process to handle a growing amount of work, or its potential to be enlarged to accommodate that growth. Wikipedia Part 1: React

1.01k views • 84 slides
How to build an Identity Management System on Linux Simo Sorce Principal Software Engineer Red

How to build an Identity Management System on Linux Simo Sorce Principal Software Engineer Red

How to build an Identity Management System on Linux Simo Sorce Principal Software Engineer Red Hat, Inc. What is an Identity Management System and why should I care ? In a nutshell: an IdM system is a set of services and rules to manage

586 views • 22 slides
CBVP2103 MDI (Multiple Document Interface) forms are forms that are created to hold other

CBVP2103 MDI (Multiple Document Interface) forms are forms that are created to hold other

CBVP2103 MDI (Multiple Document Interface) forms are forms that are created to hold other forms. The MDI form is often referred to as the parent, and the forms displayed within the MDI parent are often called children. In VB.NET, a

454 views • 10 slides
TO JOIN BY TELEPHONE: TO JOIN BY TELEPHONE: Phone: (5 Phone: (510) 2 ) 210-8882 0-8882 | Access

TO JOIN BY TELEPHONE: TO JOIN BY TELEPHONE: Phone: (5 Phone: (510) 2 ) 210-8882 0-8882 | Access

The Of The Office of the Compr ce of the Comproller ller of Currency Begins at 3:45 pm f Currency Begins at 3:45 pm TO JOIN BY TELEPHONE: TO JOIN BY TELEPHONE: Phone: (5 Phone: (510) 2 ) 210-8882 0-8882 | Access Code: 1 Access Code: 199 1

159 views • 11 slides
A Search-Based Approach for Bayesian Inference of the T -cell Signaling Network Bradley Broom

A Search-Based Approach for Bayesian Inference of the T -cell Signaling Network Bradley Broom

BIOT -2007 A Search-Based Approach for Bayesian Inference of the T -cell Signaling Network Bradley Broom Mitchell Koch Dept. of Bioinf. & Comp. Biology Dept. of Computer Science M.D. Anderson Cancer Center Rice University

414 views • 27 slides
Strong SO(10)-inspired leptogenesis predictions and justification Reference papers:

Strong SO(10)-inspired leptogenesis predictions and justification Reference papers:

Luca Marzola Strong SO(10)-inspired leptogenesis predictions and justification Reference papers: E. Bertuzzo, P . Di Bari, L.M. - Nucl.Phys.B849:521-548,2011 P . Di Bari, L. M. - in preparation Rencontres de Moriond, E.W.

436 views • 15 slides
Lecture 5 Cryptographic Hash Functions Read: Chapter 5 in KPS 1 Purpose CHF one of the

Lecture 5 Cryptographic Hash Functions Read: Chapter 5 in KPS 1 Purpose CHF one of the

Lecture 5 Cryptographic Hash Functions Read: Chapter 5 in KPS 1 Purpose CHF one of the most important tools in modern cryptography and security In crypto, CHF instantiates a Random Oracle paradigm In security, used in a variety

673 views • 40 slides
On witnessing arbitrary bipartite entanglement in measurement device independent way Sibasish

On witnessing arbitrary bipartite entanglement in measurement device independent way Sibasish

On witnessing arbitrary bipartite entanglement in measurement device independent way Sibasish Ghosh Optics & Quantum Information Group The Institute of Mathematical Sciences C. I. T. Campus, Taramani Chennai - 600 113 [In collaboration

829 views • 55 slides
The complete characterization of the minimum size supertail Esmeralda L. N astase Xavier

The complete characterization of the minimum size supertail Esmeralda L. N astase Xavier

Introduction The Supertail Main Theorem Future Work The complete characterization of the minimum size supertail Esmeralda L. N astase Xavier University Joint work with P. Sissokho Illinois State University May 18, 2019 E. N astase

778 views • 50 slides
4B447-

4B447-

4B447- %

679 views • 33 slides

More recommend