verifying object construction
play

Verifying Object Construction How to use the builder pattern with - PowerPoint PPT Presentation

Sep 17, 2023 •280 likes •849 views

Verifying Object Construction How to use the builder pattern with the type safety of constructors Martin Kellogg a , Manli Ran b , Manu Sridharan b , Martin Schf c , Michael D. Ernst a,c a University of Washington b University of California,

  1. Verifying Object Construction How to use the builder pattern with the type safety of constructors Martin Kellogg a , Manli Ran b , Manu Sridharan b , Martin Schäf c , Michael D. Ernst a,c a University of Washington b University of California, Riverside c Amazon Web Services 1

  2. Object construction APIs public class UserIdentity { private final String name; // required private final int id; // required private final String nickname; // optional } 2

  3. Object construction APIs public class UserIdentity { private final String name; // required private final int id; // required private final String nickname; // optional } public UserIdentity ( String name, int id); public UserIdentity ( String name, int id, String nickname); 3

  4. Object construction APIs public UserIdentity ( String name, int id); public UserIdentity ( String name, int id, String nickname); new UserIdentity ( “myName” ); 4

  5. Object construction APIs public UserIdentity ( String name, int id); public UserIdentity ( String name, int id, String nickname); new UserIdentity ( “myName” ); error: constructor UserIdentity in class UserIdentity cannot be applied to given types; new UserIdentity("myName"); ^ required: String,int found: String reason: actual and formal argument lists differ in length 5

  6. Pros and cons of constructors + compile-time verification that arguments are sensible 6

  7. Pros and cons of constructors + compile-time verification that arguments are sensible - user must define each by hand - exponentially many in number of optional parameters - arguments are positional (hard to read code) 7

  8. The builder pattern public class UserIdentity { public static UserIdentityBuilder builder (); public class UserIdentityBuilder { public UserIdentityBuilder name (); public UserIdentityBuilder id (); public UserIdentityBuilder nickname (); public UserIdentity build (); } ... } 8

  9. The builder pattern UserIdentity identity = UserIdentity . builder () . name (username) . id (userId) . build (); 9

  10. Pros and cons of the builder pattern + Flexible and easy to read + Frameworks implement automatically 10

  11. The builder pattern UserIdentity identity = UserIdentity . builder () . name (username) . id (userId) . build (); . build (); 11

  12. The builder pattern UserIdentity identity = UserIdentity . builder () . name (username) . build (); Possible outcomes: Run-time error (bad!) ● Malformed object is used (worst!) ● 12

  13. The builder pattern UserIdentity identity = UserIdentity . builder () . name (username) . build (); Possible outcomes: Run-time error (bad!) ● Malformed object is used (worst!) ● 13

  14. Pros and cons of the builder pattern + Flexible and easy to read + Frameworks implement automatically - No guarantee that required arguments provided 14

  15. Pros and cons of the builder pattern + Flexible and easy to read + Frameworks implement automatically - No guarantee that required arguments provided 15

  16. Pros and cons of the builder pattern + Flexible and easy to read + Frameworks implement automatically - No guarantee that required arguments provided “We get this feature request every other week” - Reinier Zwitserloot, Lombok project lead 16

  17. Pros and cons of the builder pattern + Flexible and easy to read + Frameworks implement automatically Our approach: ● Provides type safety for uses of the builder pattern ● Keeps advantages of builder pattern vs. constructors - No guarantee that required arguments provided “We get this feature request every other week” - Reinier Zwitserloot, Lombok project lead 17

  18. Builder correctness as a typestate analysis UserIdentity identity = UserIdentity . builder () . name (username) . id (userId) . build (); 18

  19. Builder correctness as a typestate analysis … UserIdentity identity = UserIdentity . builder () . name (username) name() build() id() … . id (userId) . build (); … name() id() … 19

  20. Builder correctness as a typestate analysis … UserIdentity identity = UserIdentity . builder () . name (username) name() build() id() … . id (userId) . build (); … name() id() build() … X 20

  21. Builder correctness as a typestate analysis … UserIdentity identity = UserIdentity . builder () . name (username) name() build() id() … . id (userId) . build (); … Problem: name() id() Arbitrary typestate analysis is build() … expensive: a whole-program X alias analysis is required for soundness 21

  22. Builder correctness as a typestate analysis … UserIdentity identity = UserIdentity . builder () . name (username) name() build() id() … . id (userId) . build (); … name() id() Key insight: build() Transitions flow … X in one direction! 22

  23. Builder correctness as a typestate analysis … UserIdentity identity = UserIdentity . builder () . name (username) name() build() id() … . id (userId) . build (); … name() id() Key insight: build() Transitions flow … X in one direction! 23

  24. Builder correctness as a typestate analysis … UserIdentity identity = UserIdentity . builder () . name (username) name() build() id() … . id (userId) . build (); … name() id() Key insight: build() Transitions flow … X in one direction! 24

  25. accumulation Builder correctness as a typestate analysis … UserIdentity identity = UserIdentity . builder () . name (username) name() build() id() … . id (userId) . build (); “accumulation analysis” … name() id() Key insight: build() Transitions flow … X in one direction! 25

  26. Advantages of accumulation analysis ● always safe to under-approximate 26

  27. Advantages of accumulation analysis ● always safe to under-approximate does not require alias analysis for soundness 27

  28. Advantages of accumulation analysis ● always safe to under-approximate does not require alias analysis for soundness ● can be implemented modularly (e.g., as a type system) 28

  29. Advantages of a type system ● provides guarantees ● no alias analysis + modular ⇒ scalable ● type inference reduces need for annotations 29

  30. build() ’s specification build ( @CalledMethods ({ “name”, “id” }) UserIdentityBuilder this ); 30

  31. Results (1 of 3): security vulnerabilities Lines of code 9.1M Vulnerabilities found 16 False warnings 3 Annotations 34 31

  32. Contributions ● Static safety of constructors with flexibility of builders ● Accumulation analysis : special case of typestate ○ Does not require whole-program alias analysis https://github.com/kelloggm/object-construction-checker 32

  33. 33

  34. Accumulation doesn’t need alias analysis UserIdentityBuilder b = UserIdentity.builder (); b. name (username); UserIdentityBuilder b2 = b; b2. id (userId) UserIdentity identity = b. build (); 34

  35. Accumulation doesn’t need alias analysis UserIdentityBuilder b = UserIdentity.builder (); b. name (username); UserIdentityBuilder b2 = b; b2. id (userId) UserIdentity identity = b. build (); False positive here is worst-case scenario 35

  36. Why typestate needs alias analysis read() File f = …; f. open (); open() File f2 = f; close() open() f. close (); f2. read (); read(), X close() 36

  37. Why typestate needs alias analysis read() File f = …; f. open (); open() File f2 = f; close() open() f. close (); f2. read (); read(), X close() No alias analysis leads to false negative 37

  38. Example: Netflix/SimianArmy public List < Image > describeImages ( String ... imageIds) { DescribeImagesRequest request = new DescribeImagesRequest(); if (imageIds != null ) { request. setImageIds ( Arrays . asList (imageIds)); } DescribeImagesResult result = ec2client. describeImages (request); return result. getImages (); } 38

  39. The builder pattern @Builder public class UserIdentity { private final String name; // required private final int id; // required private final String nickname; // optional } 39

  40. The builder pattern @Builder public class UserIdentity { private final @NonNull String name; private final @NonNull int id; private final String nickname; // optional } 40

  41. The builder pattern @Builder public class UserIdentity { private final @NonNull String name; private final @NonNull int id; private final String nickname; // optional } UserIdentity identity = UserIdentity . builder () . name (username) . id (userId) . build (); 41

  42. Type hierarchy @CalledMethods({}) Object @CalledMethods({“name”}) Object @CalledMethods({“name”, “id”}) Object 42

  43. What’s the type of b ? UserIdentityBuilder b = UserIdentity.builder (); b. name (username); b. id (userId) UserIdentity identity = b. build (); 43

  44. What’s the type of b ? @CalledMethods({}) UserIdentityBuilder b = UserIdentity.builder (); b. name (username); b. id (userId) UserIdentity identity = b. build (); 44

  45. What’s the type of b ? @CalledMethods({}) UserIdentityBuilder b = UserIdentity.builder (); @CalledMethods({“name”}) b. name (username); b. id (userId) UserIdentity identity = b. build (); 45

  46. What’s the type of b ? @CalledMethods({}) UserIdentityBuilder b = UserIdentity.builder (); @CalledMethods({“name”}) b. name (username); b. id (userId) @CalledMethods({“name”, “id”}) UserIdentity identity = b. build (); 46

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

The UK Construction Industrys Shows they have a basic level of health and safety awareness.

The UK Construction Industrys Shows they have a basic level of health and safety awareness.

11/23/2018 What is CSCS? A Skills Certification Scheme introduced in 1995, construction operatives, supervisors and managers. Provides the construction industry with a means of verifying qualifications and training. The UK Construction

245 views • 5 slides
On Bringing Object-Oriented Software Metrics into the Model-Based World Verifying ISO 26262

On Bringing Object-Oriented Software Metrics into the Model-Based World Verifying ISO 26262

On Bringing Object-Oriented Software Metrics into the Model-Based World Verifying ISO 26262 Compliance in Simulink Lukas Murer, Torben Stolte Tanja Hebecker, Michael Lipaczewski Uwe Mhrstdt, Frank Ortmeier Motivation Functional safety

589 views • 21 slides
Object oriented programming classes, objects self construction encapsulation

Object oriented programming classes, objects self construction encapsulation

Object oriented programming classes, objects self construction encapsulation Object Orie iented Programming Programming paradigm (example of other paradigms are functional programming where the focus is on functions, lambdas

455 views • 27 slides
Object oriented programming classes, objects self construction encapsulation

Object oriented programming classes, objects self construction encapsulation

Object oriented programming classes, objects self construction encapsulation Object Orie iented Programming Programming paradigm (example of other paradigms are functional programming where the focus is on functions, lambdas

473 views • 28 slides
Verifying filesystems in ACL2 Towards verifying file recovery tools Mihir Mehta Department of

Verifying filesystems in ACL2 Towards verifying file recovery tools Mihir Mehta Department of

Verifying filesystems in ACL2 Towards verifying file recovery tools Mihir Mehta Department of Computer Science University of Texas at Austin mihir@cs.utexas.edu 10 November, 2017 1/34 Outline Motivation and related work Our approach

681 views • 34 slides
Object Oriented Object 3 Programming Object 1 Object 2 Object 4 For : COP 3330. Object

Object Oriented Object 3 Programming Object 1 Object 2 Object 4 For : COP 3330. Object

4/13/2017 OOP Object Oriented Object 3 Programming Object 1 Object 2 Object 4 For : COP 3330. Object oriented Programming (Using C++) ht t p: / / www. com pgeom . com / ~pi yush/ t each/ 3330 Objects: State (fields), Behavior (member

632 views • 6 slides
Verifying filesystems in ACL2 Towards verifying file recovery tools Mihir Mehta Department of

Verifying filesystems in ACL2 Towards verifying file recovery tools Mihir Mehta Department of

Verifying filesystems in ACL2 Towards verifying file recovery tools Mihir Mehta Department of Computer Science University of Texas at Austin mihir@cs.utexas.edu 09 March, 2017 Overview 1. Why we need a verified filesystem 2. Our approach

514 views • 29 slides
Advanced Approaches to Object Recognition and 3D Model Construction from Heterogeneous Data

Advanced Approaches to Object Recognition and 3D Model Construction from Heterogeneous Data

Advanced Approaches to Object Recognition and 3D Model Construction from Heterogeneous Data Evgeny Burnaev Skoltech, ADASE group Joint with Alexander Notchenko Supervised Deep Learning data Type Supervision 2D Image classification, Class

836 views • 45 slides
Java CS2704: Object-Oriented Software Design and Construction Constantinos Phanouriou

Java CS2704: Object-Oriented Software Design and Construction Constantinos Phanouriou

Java CS2704: Object-Oriented Software Design and Construction Constantinos Phanouriou Department of Computer Science Virginia Tech CS2704 (Spring 2000) 1 Java language Java is Just another Object Oriented language Its syntax

686 views • 30 slides
Principles of Software Construction: Objects, Design, and Concurrency Object-Oriented Programming

Principles of Software Construction: Objects, Design, and Concurrency Object-Oriented Programming

Principles of Software Construction: Objects, Design, and Concurrency Object-Oriented Programming in Java Josh Bloch Charlie Garrod Darya Melicher 17-214 1 Administrivia Homework 1 due Thursday 11:59 p.m. Everyone must read and sign

860 views • 48 slides
Principles of Software Construction: Objects, Design, and Concurrency Testing and Object Methods

Principles of Software Construction: Objects, Design, and Concurrency Testing and Object Methods

Principles of Software Construction: Objects, Design, and Concurrency Testing and Object Methods in Java Josh Bloch Charlie Garrod 17-214 1 Administrivia Homework 1 due Today 11:59 p.m. Everyone must read and sign our collaboration

755 views • 42 slides
Principles of Software Construction: Objects, Design, and Concurrency Object-Oriented Programming

Principles of Software Construction: Objects, Design, and Concurrency Object-Oriented Programming

Principles of Software Construction: Objects, Design, and Concurrency Object-Oriented Programming in Java Josh Bloch Charlie Garrod 17-214 1 Administrivia Homework 1 due Thursday 11:59 p.m., EDT Everyone must read and sign our

555 views • 33 slides
Principles of Software Construction: Objects, Design, and Concurrency Object-Oriented Programming

Principles of Software Construction: Objects, Design, and Concurrency Object-Oriented Programming

Principles of Software Construction: Objects, Design, and Concurrency Object-Oriented Programming in Java Josh Bloch Charlie Garrod 17-214 1 Administrivia Homework 1 due Thursday 11:59 p.m. Everyone must read and sign our

596 views • 45 slides
Java AWT CS2704: Object-Oriented Software Design and Construction Constantinos Phanouriou

Java AWT CS2704: Object-Oriented Software Design and Construction Constantinos Phanouriou

Java AWT CS2704: Object-Oriented Software Design and Construction Constantinos Phanouriou Department of Computer Science Virginia Tech CS2704 (Spring 2000) 1 Abstract Windowing Toolkit (AWT) AWT classes form 3 categories: Graphics

548 views • 18 slides
Self- -Verifying Verifying Self Self-Verifying * * Dining Philosophers Dining Philosophers

Self- -Verifying Verifying Self Self-Verifying * * Dining Philosophers Dining Philosophers

Self- -Verifying Verifying Self Self-Verifying * * Dining Philosophers Dining Philosophers Dining Philosophers Peter Welch and Neil Brown Peter Welch and Neil Brown School of Computing, University of Kent, UK School of Computing,

675 views • 44 slides
Specifying and Verifying Concurrent Algorithms with Histories and Subjectivity Ilya

Specifying and Verifying Concurrent Algorithms with Histories and Subjectivity Ilya

Specifying and Verifying Concurrent Algorithms with Histories and Subjectivity Ilya Sergey Aleks Nanevski Anindya Banerjee ESOP 2015 A logic-based approach for Specifying and Verifying Concurrent Algorithms An

2.36k views • 186 slides
Hybrid Systems Modeling, Analysis and Control Radu Grosu Vienna University of Technology Lecture

Hybrid Systems Modeling, Analysis and Control Radu Grosu Vienna University of Technology Lecture

Hybrid Systems Modeling, Analysis and Control Radu Grosu Vienna University of Technology Lecture 10 HA with Affine Dynamics Flows of continuous variables: x = A x + B u Invariants and guards: A x c Actions: x : = A x Symbolic

671 views • 43 slides
Types of Correspondence Problems and Data Sets 1 1 Correspondence Registration 2

Types of Correspondence Problems and Data Sets 1 1 Correspondence Registration 2

Types of Correspondence Problems and Data Sets 1 1 Correspondence Registration 2 Correspondence Problem Classification How many meshes? Two: Pairwise registration More than two: multi-view registration Initial registration

565 views • 23 slides
Neural Topological SLAM for Visual Navigation CVPR-2020 Webpage:

Neural Topological SLAM for Visual Navigation CVPR-2020 Webpage:

Neural Topological SLAM for Visual Navigation CVPR-2020 Webpage: https://devendrachaplot.github.io/projects/Neural-Topological-SLAM Abhinav Ruslan Devendra Singh Saurabh Gupta Salakhutdinov Gupta Chaplot Semantic Priors and

821 views • 55 slides
L AB N OTES : O DOMETRY , ROS R EFERENCE F RAMES I NSTRUCTOR : G IANNI A. D I C ARO A T Y P I C A

L AB N OTES : O DOMETRY , ROS R EFERENCE F RAMES I NSTRUCTOR : G IANNI A. D I C ARO A T Y P I C A

16-311-Q I NTRODUCTION TO R OBOTICS L AB N OTES : O DOMETRY , ROS R EFERENCE F RAMES I NSTRUCTOR : G IANNI A. D I C ARO A T Y P I C A L R E S U LT F R O M O D O M E T RY This the path the robot has estimated using odometry measures 2 D E

260 views • 15 slides
Circular Security for Symmetric Key Bit Encryption from LWE Rishab Goyal Venkata Koppula Brent

Circular Security for Symmetric Key Bit Encryption from LWE Rishab Goyal Venkata Koppula Brent

Separating Semantic and Circular Security for Symmetric Key Bit Encryption from LWE Rishab Goyal Venkata Koppula Brent Waters n-Circular Security [C amenisch L ysyanskya 01] PK 1 PK 1 . . . . . . PK n PK n Enc PKn (0) Enc PKn (SK 1 ) Enc PK1

1.07k views • 89 slides
201ab Quantitative methods Visualization E D V UL | UCSD Psychology Visualization failure

201ab Quantitative methods Visualization E D V UL | UCSD Psychology Visualization failure

201ab Quantitative methods Visualization E D V UL | UCSD Psychology Visualization failure modes Cool vs informative visualizations Ways graphs can mislead Making a graph pretty ggplot: grammar of graphics E D V UL | UCSD

871 views • 68 slides
Graphics Writing Functions Marco Chiarandini Department of Mathematics &amp; Computer Science

Graphics Writing Functions Marco Chiarandini Department of Mathematics &amp; Computer Science

FF505/FY505 Computational Science Lecture 3 Graphics Writing Functions Marco Chiarandini Department of Mathematics &amp; Computer Science University of Southern Denmark Graphics Random Number Generators Outline Functions 1. Graphics 2D

584 views • 36 slides
WS Calibration Program and GUI in python 18/11/2014 Carolina Bianchini BE-BI-BL Outline Wire

WS Calibration Program and GUI in python 18/11/2014 Carolina Bianchini BE-BI-BL Outline Wire

WS Calibration Program and GUI in python 18/11/2014 Carolina Bianchini BE-BI-BL Outline Wire scanner calibration Old vs New method GUI: Interface Elements Behind the code How to use the GUI to generate Calibration Executable file

388 views • 35 slides

More recommend