SlideShare a Scribd company logo

ICSE2016 - Detecting Problems in Database Access Code of Large Scale Systems - An Industrial Experience Report

Download as PPTX, PDF
Concordia University
Concordia University

1) The document discusses an industrial experience report on detecting problems in database access code of large scale Java systems. It focuses on problems related to how developers use frameworks like Hibernate, Spring, and JDBC rather than language-level problems. 2) Existing static analysis tools provide limited support for detecting bugs related to the configuration and use of these frameworks. The paper presents "DBChecker", a tool that looks for functional and performance bug patterns related to incorrect usage of ORM frameworks and transaction management frameworks. 3) When adopting DBChecker in practice, the tool prioritizes detected problems based on the database tables impacted, and developers were educated on the tool through workshops to improve understanding of detected issues. Handling

Technology
1 of 31
Detecting Problems in the Database Access Code of Large Scale Systems An industrial Experience Report 1 Mohamed Nasser, Parminder Flora Tse-Hsun(Peter) Chen Ahmed E. HassanWeiyi Shang
Existing static analysis tools focus on language-related problems 2 Coverity PMD Google error-prone Facebook InferFindBugs However, many problems are related to how developers use different frameworks
Over 67% of Java developers use Object-Relational Mapping (Hibernate) to access databases 3 Existing static analysis tools provide mostly rudimentary support for JDBC! 22%67%
Over 40% of Java web application developers use Spring 4 Developers use Spring to manage database transactions in web applications None of the static analysis tools support Spring!
There is a huge need for framework- specific tools 5 Developers leverage MANY frameworks, but existing tools only support detecting language-related problems.
An example class with Java ORM code 6 @Entity @Table(name = “user”) @DynamicUpdate public class User{ @Column(name=“id”) private int id; @Column(name=“name”) String userName; @OneToMany(fetch=FetchType.EAGER) List<Team> teams; public void setName(String n){ userName = n; } … other getter and setter methods User.java User class is mapped to “user” table in DB id is mapped to the column “id” in the user table A user can belong to multiple teams Eagerly retrieve associated teams when retrieving a user object Performance- related configs
Accessing the database using ORM 7 User u = findUserByID(1); ORM database select u from user where u.id = 1; u.setName(“Peter”); update user set name=“Peter” where user.id = 1; Objects SQLs
Transaction management using Spring 8 @Transaction(Propogation.REQUIRED) getUser(){ … updateUserGroup(u) … } By using ORM and Spring, developers can focus more on the business logic and functionality Create a DB transaction Entire business logic will be executed with the same DB transaction
Implementing DBChecker 9 Source code • DBChecker looks for both functional and performance bug patterns • DBChecker is integrated in industrial practice
Overview of the presentation 10 Bug patterns Lessons learned when adopting the tool in practice
Overview of the presentation 11 Bug patterns Lessons learned when adopting the tool in practice More patterns and learned lessons in the paper
ORM excessive data bug pattern Class User{ @EAGER List<Team> teams; } User u = findUserById(1); u.getName(); EOF 12 Objects SQL Eagerly retrieve teams from DB User Table Team Table join Team data is never used!
Detecting excessive data using static analysis 13 First find all the objects that eagerly retrieve data from DB Class User{ @EAGER List<Team> teams; } Identify all the data usages of ORM-managed objects User user = findUserByID(1); Check if the eagerly retrieved data is ever used user.getName(); user team user team
Nested transaction bug pattern 14 @Transaction(Propogation. REQUIRED) getUser(){ updateUserGroup(u) … } Create a DB transaction @Transaction(Propogation. REQUIRES_NEW) Create a child transaction, and suspend parent transaction until child is finished Misconfigurations can cause unexpected transaction timeout, deadlock, or other performance-related problems
Detecting nested transaction bug pattern 15 @Transaction(Propogation. REQUIRED) getUser(){ … updateUserGroup(u) … } Parse all transaction configurations Identify all methods with the annotation Propogation.REQUIRED Propogation.REQUIRS_NEW calls Traverse the call graph to identify potential misconfigurations
Limitation of current static analysis tools 16 Annotations are lost when converting source code to byte code Do not consider how developers configure frameworks @Transaction(Propo gation.REQUIRED) @EAGER Many problems are related to framework configurations Many configurations are set through annotations
Overview of the presentation 17 Bug patterns Lessons learned when adopting the tool in practice Most discussed bug patterns are related to incorrect usage of frameworks
Overview of the presentation 18 Bug patterns Lessons learned when adopting the tool in practice Most discussed bug patterns are related to incorrect usage of frameworks
Handling a large number of detection results 19 • Developers have limited time to fix detected problems • Most existing static analysis frameworks do not prioritize the detected instances for the same bug pattern
20 Prioritizing based on DB tables User Time zone • Problems related to large or frequently-accessed tables are ranked higher (more likely to be performance bottlenecks) • Problems related to highly dependable tables are ranked higher
Developers have different backgrounds 21 • Not all developers are familiar with these frameworks and databases • Developers may not take the problems seriously if they don’t understand the impact
Educating developers about the detected problems 22 • We hosted several workshops to educate developers about the impact and cause of the problems • Walk developers through examples of detected problems • May learn new bug patterns from developers
Overview of the presentation 23 Bug patterns Lessons learned when adopting the tool in practice Most discussed bug patterns are related to incorrect usage of frameworks We prioritize problems based on DB tables, and educate developers about the problems
24
25
26
27
28
29
30
31 Tse-Hsun (Peter) Chen http://petertsehsun.github.io

Recommended

MSR2016 - An Empirical Study on the Practice of Maintaining Object-Relational...
MSR2016 - An Empirical Study on the Practice of Maintaining Object-Relational...MSR2016 - An Empirical Study on the Practice of Maintaining Object-Relational...
MSR2016 - An Empirical Study on the Practice of Maintaining Object-Relational...Concordia University
 
CSER2016 - Detecting Problems in Database Access Code of Large Scale Systems
CSER2016 - Detecting Problems in Database Access Code of Large Scale SystemsCSER2016 - Detecting Problems in Database Access Code of Large Scale Systems
CSER2016 - Detecting Problems in Database Access Code of Large Scale SystemsConcordia University
 
FSE2016 - CacheOptimizer: Helping Developers Configure Caching Frameworks for...
FSE2016 - CacheOptimizer: Helping Developers Configure Caching Frameworks for...FSE2016 - CacheOptimizer: Helping Developers Configure Caching Frameworks for...
FSE2016 - CacheOptimizer: Helping Developers Configure Caching Frameworks for...Concordia University
 
Improving the Performance of Database-Centric Applications Through Program An...
Improving the Performance of Database-Centric Applications Through Program An...Improving the Performance of Database-Centric Applications Through Program An...
Improving the Performance of Database-Centric Applications Through Program An...Concordia University
 
TSE 2016 - Finding and Evaluating the Performance Impact of Redundant Data Ac...
TSE 2016 - Finding and Evaluating the Performance Impact of Redundant Data Ac...TSE 2016 - Finding and Evaluating the Performance Impact of Redundant Data Ac...
TSE 2016 - Finding and Evaluating the Performance Impact of Redundant Data Ac...Concordia University
 
ICSE2014 - Detecting Performance Anti-patterns for Applications Developed usi...
ICSE2014 - Detecting Performance Anti-patterns for Applications Developed usi...ICSE2014 - Detecting Performance Anti-patterns for Applications Developed usi...
ICSE2014 - Detecting Performance Anti-patterns for Applications Developed usi...Concordia University
 
ICSE2017 - Analytics Driven Load Testing: An Industrial Experience Report on ...
ICSE2017 - Analytics Driven Load Testing: An Industrial Experience Report on ...ICSE2017 - Analytics Driven Load Testing: An Industrial Experience Report on ...
ICSE2017 - Analytics Driven Load Testing: An Industrial Experience Report on ...Concordia University
 
Icse2018 autonomic
Icse2018 autonomicIcse2018 autonomic
Icse2018 autonomicConcordia University
 

Recommended

MSR2016 - An Empirical Study on the Practice of Maintaining Object-Relational...
MSR2016 - An Empirical Study on the Practice of Maintaining Object-Relational...MSR2016 - An Empirical Study on the Practice of Maintaining Object-Relational...
MSR2016 - An Empirical Study on the Practice of Maintaining Object-Relational...Concordia University
 
CSER2016 - Detecting Problems in Database Access Code of Large Scale Systems
CSER2016 - Detecting Problems in Database Access Code of Large Scale SystemsCSER2016 - Detecting Problems in Database Access Code of Large Scale Systems
CSER2016 - Detecting Problems in Database Access Code of Large Scale SystemsConcordia University
 
FSE2016 - CacheOptimizer: Helping Developers Configure Caching Frameworks for...
FSE2016 - CacheOptimizer: Helping Developers Configure Caching Frameworks for...FSE2016 - CacheOptimizer: Helping Developers Configure Caching Frameworks for...
FSE2016 - CacheOptimizer: Helping Developers Configure Caching Frameworks for...Concordia University
 
Improving the Performance of Database-Centric Applications Through Program An...
Improving the Performance of Database-Centric Applications Through Program An...Improving the Performance of Database-Centric Applications Through Program An...
Improving the Performance of Database-Centric Applications Through Program An...Concordia University
 
TSE 2016 - Finding and Evaluating the Performance Impact of Redundant Data Ac...
TSE 2016 - Finding and Evaluating the Performance Impact of Redundant Data Ac...TSE 2016 - Finding and Evaluating the Performance Impact of Redundant Data Ac...
TSE 2016 - Finding and Evaluating the Performance Impact of Redundant Data Ac...Concordia University
 
ICSE2014 - Detecting Performance Anti-patterns for Applications Developed usi...
ICSE2014 - Detecting Performance Anti-patterns for Applications Developed usi...ICSE2014 - Detecting Performance Anti-patterns for Applications Developed usi...
ICSE2014 - Detecting Performance Anti-patterns for Applications Developed usi...Concordia University
 
ICSE2017 - Analytics Driven Load Testing: An Industrial Experience Report on ...
ICSE2017 - Analytics Driven Load Testing: An Industrial Experience Report on ...ICSE2017 - Analytics Driven Load Testing: An Industrial Experience Report on ...
ICSE2017 - Analytics Driven Load Testing: An Industrial Experience Report on ...Concordia University
 
Icse2018 autonomic
Icse2018 autonomicIcse2018 autonomic
Icse2018 autonomicConcordia University
 
iPerfDetector: Characterizing and Detecting Performance Anti-patterns in iOS ...
iPerfDetector: Characterizing and Detecting Performance Anti-patterns in iOS ...iPerfDetector: Characterizing and Detecting Performance Anti-patterns in iOS ...
iPerfDetector: Characterizing and Detecting Performance Anti-patterns in iOS ...Concordia University
 
SQL Injections (Part 1)
SQL Injections (Part 1)SQL Injections (Part 1)
SQL Injections (Part 1)n|u - The Open Security Community
 
SQL Injection
SQL InjectionSQL Injection
SQL InjectionAsish Kumar Rath
 
SQL Injection in JAVA
SQL Injection in JAVASQL Injection in JAVA
SQL Injection in JAVAHossein Yavari
 
Sql injection attacks
Sql injection attacksSql injection attacks
Sql injection attacksKumar
 
SQL Injections - A Powerpoint Presentation
SQL Injections - A Powerpoint PresentationSQL Injections - A Powerpoint Presentation
SQL Injections - A Powerpoint PresentationRapid Purple
 
SharePoint underground (Unmanaged Code and SharePoint Internals)
SharePoint underground (Unmanaged Code and SharePoint Internals)SharePoint underground (Unmanaged Code and SharePoint Internals)
SharePoint underground (Unmanaged Code and SharePoint Internals)Karla Ponce
 
A first look at the integration of machine learning models in complex autonom...
A first look at the integration of machine learning models in complex autonom...A first look at the integration of machine learning models in complex autonom...
A first look at the integration of machine learning models in complex autonom...Concordia University
 
Web Security: SQL Injection
Web Security: SQL InjectionWeb Security: SQL Injection
Web Security: SQL InjectionVortana Say
 
java code and document security
java code and document securityjava code and document security
java code and document securityAnkit Desai
 
Sql injection - security testing
Sql injection - security testingSql injection - security testing
Sql injection - security testingNapendra Singh
 
Approaches to detect and prevent sql injection in web applications
Approaches to detect and prevent sql injection in web applicationsApproaches to detect and prevent sql injection in web applications
Approaches to detect and prevent sql injection in web applicationsSandeep Kumbhar
 
seminar report on Sql injection
seminar report on Sql injectionseminar report on Sql injection
seminar report on Sql injectionJawhar Ali
 
SQL Injection Attacks cs586
SQL Injection Attacks cs586SQL Injection Attacks cs586
SQL Injection Attacks cs586Stacy Watts
 
Semantic DEX Components
Semantic DEX ComponentsSemantic DEX Components
Semantic DEX ComponentsDavid Price
 
professional fuzzy type-ahead rummage around in xml type-ahead search techni...
professional fuzzy type-ahead rummage around in xml type-ahead search techni...professional fuzzy type-ahead rummage around in xml type-ahead search techni...
professional fuzzy type-ahead rummage around in xml type-ahead search techni...Kumar Goud
 
Testclass [Autosaved]
Testclass [Autosaved]Testclass [Autosaved]
Testclass [Autosaved]Suraj Singh
 
Greensql2007
Greensql2007Greensql2007
Greensql2007Kaustav Sengupta
 
Sql injections - with example
Sql injections - with exampleSql injections - with example
Sql injections - with examplePrateek Chauhan
 
Icse2014 v3
Icse2014 v3Icse2014 v3
Icse2014 v3SAIL_QU
 
Java Web Programming on Google Cloud Platform [2/3] : Datastore
Java Web Programming on Google Cloud Platform [2/3] : DatastoreJava Web Programming on Google Cloud Platform [2/3] : Datastore
Java Web Programming on Google Cloud Platform [2/3] : DatastoreIMC Institute
 
Introduction to Datastore
Introduction to DatastoreIntroduction to Datastore
Introduction to DatastoreSoftware Park Thailand
 

More Related Content

What's hot

iPerfDetector: Characterizing and Detecting Performance Anti-patterns in iOS ...
iPerfDetector: Characterizing and Detecting Performance Anti-patterns in iOS ...iPerfDetector: Characterizing and Detecting Performance Anti-patterns in iOS ...
iPerfDetector: Characterizing and Detecting Performance Anti-patterns in iOS ...Concordia University
 
Sql injection attacks
Sql injection attacksSql injection attacks
Sql injection attacksKumar
 
SQL Injections - A Powerpoint Presentation
SQL Injections - A Powerpoint PresentationSQL Injections - A Powerpoint Presentation
SQL Injections - A Powerpoint PresentationRapid Purple
 
SharePoint underground (Unmanaged Code and SharePoint Internals)
SharePoint underground (Unmanaged Code and SharePoint Internals)SharePoint underground (Unmanaged Code and SharePoint Internals)
SharePoint underground (Unmanaged Code and SharePoint Internals)Karla Ponce
 
A first look at the integration of machine learning models in complex autonom...
A first look at the integration of machine learning models in complex autonom...A first look at the integration of machine learning models in complex autonom...
A first look at the integration of machine learning models in complex autonom...Concordia University
 
Web Security: SQL Injection
Web Security: SQL InjectionWeb Security: SQL Injection
Web Security: SQL InjectionVortana Say
 
java code and document security
java code and document securityjava code and document security
java code and document securityAnkit Desai
 
Sql injection - security testing
Sql injection - security testingSql injection - security testing
Sql injection - security testingNapendra Singh
 
Approaches to detect and prevent sql injection in web applications
Approaches to detect and prevent sql injection in web applicationsApproaches to detect and prevent sql injection in web applications
Approaches to detect and prevent sql injection in web applicationsSandeep Kumbhar
 
seminar report on Sql injection
seminar report on Sql injectionseminar report on Sql injection
seminar report on Sql injectionJawhar Ali
 
SQL Injection Attacks cs586
SQL Injection Attacks cs586SQL Injection Attacks cs586
SQL Injection Attacks cs586Stacy Watts
 
Semantic DEX Components
Semantic DEX ComponentsSemantic DEX Components
Semantic DEX ComponentsDavid Price
 
professional fuzzy type-ahead rummage around in xml type-ahead search techni...
professional fuzzy type-ahead rummage around in xml type-ahead search techni...professional fuzzy type-ahead rummage around in xml type-ahead search techni...
professional fuzzy type-ahead rummage around in xml type-ahead search techni...Kumar Goud
 
Testclass [Autosaved]
Testclass [Autosaved]Testclass [Autosaved]
Testclass [Autosaved]Suraj Singh
 
Sql injections - with example
Sql injections - with exampleSql injections - with example
Sql injections - with examplePrateek Chauhan
 

What's hot (19)

iPerfDetector: Characterizing and Detecting Performance Anti-patterns in iOS ...
iPerfDetector: Characterizing and Detecting Performance Anti-patterns in iOS ...iPerfDetector: Characterizing and Detecting Performance Anti-patterns in iOS ...
iPerfDetector: Characterizing and Detecting Performance Anti-patterns in iOS ...
 
SQL Injections (Part 1)
SQL Injections (Part 1)SQL Injections (Part 1)
SQL Injections (Part 1)
 
SQL Injection
SQL InjectionSQL Injection
SQL Injection
 
SQL Injection in JAVA
SQL Injection in JAVASQL Injection in JAVA
SQL Injection in JAVA
 
Sql injection attacks
Sql injection attacksSql injection attacks
Sql injection attacks
 
SQL Injections - A Powerpoint Presentation
SQL Injections - A Powerpoint PresentationSQL Injections - A Powerpoint Presentation
SQL Injections - A Powerpoint Presentation
 
SharePoint underground (Unmanaged Code and SharePoint Internals)
SharePoint underground (Unmanaged Code and SharePoint Internals)SharePoint underground (Unmanaged Code and SharePoint Internals)
SharePoint underground (Unmanaged Code and SharePoint Internals)
 
A first look at the integration of machine learning models in complex autonom...
A first look at the integration of machine learning models in complex autonom...A first look at the integration of machine learning models in complex autonom...
A first look at the integration of machine learning models in complex autonom...
 
Web Security: SQL Injection
Web Security: SQL InjectionWeb Security: SQL Injection
Web Security: SQL Injection
 
java code and document security
java code and document securityjava code and document security
java code and document security
 
Sql injection - security testing
Sql injection - security testingSql injection - security testing
Sql injection - security testing
 
Approaches to detect and prevent sql injection in web applications
Approaches to detect and prevent sql injection in web applicationsApproaches to detect and prevent sql injection in web applications
Approaches to detect and prevent sql injection in web applications
 
seminar report on Sql injection
seminar report on Sql injectionseminar report on Sql injection
seminar report on Sql injection
 
SQL Injection Attacks cs586
SQL Injection Attacks cs586SQL Injection Attacks cs586
SQL Injection Attacks cs586
 
Semantic DEX Components
Semantic DEX ComponentsSemantic DEX Components
Semantic DEX Components
 
professional fuzzy type-ahead rummage around in xml type-ahead search techni...
professional fuzzy type-ahead rummage around in xml type-ahead search techni...professional fuzzy type-ahead rummage around in xml type-ahead search techni...
professional fuzzy type-ahead rummage around in xml type-ahead search techni...
 
Testclass [Autosaved]
Testclass [Autosaved]Testclass [Autosaved]
Testclass [Autosaved]
 
Greensql2007
Greensql2007Greensql2007
Greensql2007
 
Sql injections - with example
Sql injections - with exampleSql injections - with example
Sql injections - with example
 

Similar to ICSE2016 - Detecting Problems in Database Access Code of Large Scale Systems - An Industrial Experience Report

Icse2014 v3
Icse2014 v3Icse2014 v3
Icse2014 v3SAIL_QU
 
Java Web Programming on Google Cloud Platform [2/3] : Datastore
Java Web Programming on Google Cloud Platform [2/3] : DatastoreJava Web Programming on Google Cloud Platform [2/3] : Datastore
Java Web Programming on Google Cloud Platform [2/3] : DatastoreIMC Institute
 
Eagle from eBay at China Hadoop Summit 2015
Eagle from eBay at China Hadoop Summit 2015Eagle from eBay at China Hadoop Summit 2015
Eagle from eBay at China Hadoop Summit 2015Hao Chen
 
12_Data_Storage_Part_2.pptx
12_Data_Storage_Part_2.pptx12_Data_Storage_Part_2.pptx
12_Data_Storage_Part_2.pptxFaezNasir
 
Basic of Big Data
Basic of Big Data Basic of Big Data
Basic of Big Data Amar kumar
 
Network Device Database Management with REST using Jersey
Network Device Database Management with REST using JerseyNetwork Device Database Management with REST using Jersey
Network Device Database Management with REST using JerseyPayal Jain
 
S03 hybrid app_and_gae_datastore_v1.0
S03 hybrid app_and_gae_datastore_v1.0S03 hybrid app_and_gae_datastore_v1.0
S03 hybrid app_and_gae_datastore_v1.0Sun-Jin Jang
 
Building Large Scale PHP Web Applications with Laravel 4
Building Large Scale PHP Web Applications with Laravel 4Building Large Scale PHP Web Applications with Laravel 4
Building Large Scale PHP Web Applications with Laravel 4Darwin Biler
 
DataFinder: A Python Application for Scientific Data Management
DataFinder: A Python Application for Scientific Data ManagementDataFinder: A Python Application for Scientific Data Management
DataFinder: A Python Application for Scientific Data ManagementAndreas Schreiber
 
Extend your REST API
Extend your REST APIExtend your REST API
Extend your REST APIAlexey Tokar
 
Hibernate training at HarshithaTechnologySolutions @ Nizampet
Hibernate training at HarshithaTechnologySolutions @ NizampetHibernate training at HarshithaTechnologySolutions @ Nizampet
Hibernate training at HarshithaTechnologySolutions @ NizampetJayarajus
 
Organizing the Data Chaos of Scientists
Organizing the Data Chaos of ScientistsOrganizing the Data Chaos of Scientists
Organizing the Data Chaos of ScientistsAndreas Schreiber
 
Microsoft Entity Framework
Microsoft Entity FrameworkMicrosoft Entity Framework
Microsoft Entity FrameworkMahmoud Tolba
 
Advanced Web Development
Advanced Web DevelopmentAdvanced Web Development
Advanced Web DevelopmentRobert J. Stein
 
Android App Development 05 : Saving Data
Android App Development 05 : Saving DataAndroid App Development 05 : Saving Data
Android App Development 05 : Saving DataAnuchit Chalothorn
 

Similar to ICSE2016 - Detecting Problems in Database Access Code of Large Scale Systems - An Industrial Experience Report (20)

Icse2014 v3
Icse2014 v3Icse2014 v3
Icse2014 v3
 
Java Web Programming on Google Cloud Platform [2/3] : Datastore
Java Web Programming on Google Cloud Platform [2/3] : DatastoreJava Web Programming on Google Cloud Platform [2/3] : Datastore
Java Web Programming on Google Cloud Platform [2/3] : Datastore
 
Introduction to Datastore
Introduction to DatastoreIntroduction to Datastore
Introduction to Datastore
 
Eagle from eBay at China Hadoop Summit 2015
Eagle from eBay at China Hadoop Summit 2015Eagle from eBay at China Hadoop Summit 2015
Eagle from eBay at China Hadoop Summit 2015
 
Data access
Data accessData access
Data access
 
12_Data_Storage_Part_2.pptx
12_Data_Storage_Part_2.pptx12_Data_Storage_Part_2.pptx
12_Data_Storage_Part_2.pptx
 
Basic of Big Data
Basic of Big Data Basic of Big Data
Basic of Big Data
 
Network Device Database Management with REST using Jersey
Network Device Database Management with REST using JerseyNetwork Device Database Management with REST using Jersey
Network Device Database Management with REST using Jersey
 
S03 hybrid app_and_gae_datastore_v1.0
S03 hybrid app_and_gae_datastore_v1.0S03 hybrid app_and_gae_datastore_v1.0
S03 hybrid app_and_gae_datastore_v1.0
 
Building Large Scale PHP Web Applications with Laravel 4
Building Large Scale PHP Web Applications with Laravel 4Building Large Scale PHP Web Applications with Laravel 4
Building Large Scale PHP Web Applications with Laravel 4
 
DataFinder: A Python Application for Scientific Data Management
DataFinder: A Python Application for Scientific Data ManagementDataFinder: A Python Application for Scientific Data Management
DataFinder: A Python Application for Scientific Data Management
 
Extend your REST API
Extend your REST APIExtend your REST API
Extend your REST API
 
Hibernate training at HarshithaTechnologySolutions @ Nizampet
Hibernate training at HarshithaTechnologySolutions @ NizampetHibernate training at HarshithaTechnologySolutions @ Nizampet
Hibernate training at HarshithaTechnologySolutions @ Nizampet
 
Organizing the Data Chaos of Scientists
Organizing the Data Chaos of ScientistsOrganizing the Data Chaos of Scientists
Organizing the Data Chaos of Scientists
 
IT6701-Information management question bank
IT6701-Information management question bankIT6701-Information management question bank
IT6701-Information management question bank
 
Hibernate3 q&a
Hibernate3 q&aHibernate3 q&a
Hibernate3 q&a
 
Microsoft Entity Framework
Microsoft Entity FrameworkMicrosoft Entity Framework
Microsoft Entity Framework
 
Rajesh Ramasamy
Rajesh RamasamyRajesh Ramasamy
Rajesh Ramasamy
 
Advanced Web Development
Advanced Web DevelopmentAdvanced Web Development
Advanced Web Development
 
Android App Development 05 : Saving Data
Android App Development 05 : Saving DataAndroid App Development 05 : Saving Data
Android App Development 05 : Saving Data
 

Recently uploaded

EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?Antenna Manufacturer Coco
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 

Recently uploaded (20)

EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 

ICSE2016 - Detecting Problems in Database Access Code of Large Scale Systems - An Industrial Experience Report

  • 1. Detecting Problems in the Database Access Code of Large Scale Systems An industrial Experience Report 1 Mohamed Nasser, Parminder Flora Tse-Hsun(Peter) Chen Ahmed E. HassanWeiyi Shang
  • 2. Existing static analysis tools focus on language-related problems 2 Coverity PMD Google error-prone Facebook InferFindBugs However, many problems are related to how developers use different frameworks
  • 3. Over 67% of Java developers use Object-Relational Mapping (Hibernate) to access databases 3 Existing static analysis tools provide mostly rudimentary support for JDBC! 22%67%
  • 4. Over 40% of Java web application developers use Spring 4 Developers use Spring to manage database transactions in web applications None of the static analysis tools support Spring!
  • 5. There is a huge need for framework- specific tools 5 Developers leverage MANY frameworks, but existing tools only support detecting language-related problems.
  • 6. An example class with Java ORM code 6 @Entity @Table(name = “user”) @DynamicUpdate public class User{ @Column(name=“id”) private int id; @Column(name=“name”) String userName; @OneToMany(fetch=FetchType.EAGER) List<Team> teams; public void setName(String n){ userName = n; } … other getter and setter methods User.java User class is mapped to “user” table in DB id is mapped to the column “id” in the user table A user can belong to multiple teams Eagerly retrieve associated teams when retrieving a user object Performance- related configs
  • 7. Accessing the database using ORM 7 User u = findUserByID(1); ORM database select u from user where u.id = 1; u.setName(“Peter”); update user set name=“Peter” where user.id = 1; Objects SQLs
  • 8. Transaction management using Spring 8 @Transaction(Propogation.REQUIRED) getUser(){ … updateUserGroup(u) … } By using ORM and Spring, developers can focus more on the business logic and functionality Create a DB transaction Entire business logic will be executed with the same DB transaction
  • 9. Implementing DBChecker 9 Source code • DBChecker looks for both functional and performance bug patterns • DBChecker is integrated in industrial practice
  • 10. Overview of the presentation 10 Bug patterns Lessons learned when adopting the tool in practice
  • 11. Overview of the presentation 11 Bug patterns Lessons learned when adopting the tool in practice More patterns and learned lessons in the paper
  • 12. ORM excessive data bug pattern Class User{ @EAGER List<Team> teams; } User u = findUserById(1); u.getName(); EOF 12 Objects SQL Eagerly retrieve teams from DB User Table Team Table join Team data is never used!
  • 13. Detecting excessive data using static analysis 13 First find all the objects that eagerly retrieve data from DB Class User{ @EAGER List<Team> teams; } Identify all the data usages of ORM-managed objects User user = findUserByID(1); Check if the eagerly retrieved data is ever used user.getName(); user team user team
  • 14. Nested transaction bug pattern 14 @Transaction(Propogation. REQUIRED) getUser(){ updateUserGroup(u) … } Create a DB transaction @Transaction(Propogation. REQUIRES_NEW) Create a child transaction, and suspend parent transaction until child is finished Misconfigurations can cause unexpected transaction timeout, deadlock, or other performance-related problems
  • 15. Detecting nested transaction bug pattern 15 @Transaction(Propogation. REQUIRED) getUser(){ … updateUserGroup(u) … } Parse all transaction configurations Identify all methods with the annotation Propogation.REQUIRED Propogation.REQUIRS_NEW calls Traverse the call graph to identify potential misconfigurations
  • 16. Limitation of current static analysis tools 16 Annotations are lost when converting source code to byte code Do not consider how developers configure frameworks @Transaction(Propo gation.REQUIRED) @EAGER Many problems are related to framework configurations Many configurations are set through annotations
  • 17. Overview of the presentation 17 Bug patterns Lessons learned when adopting the tool in practice Most discussed bug patterns are related to incorrect usage of frameworks
  • 18. Overview of the presentation 18 Bug patterns Lessons learned when adopting the tool in practice Most discussed bug patterns are related to incorrect usage of frameworks
  • 19. Handling a large number of detection results 19 • Developers have limited time to fix detected problems • Most existing static analysis frameworks do not prioritize the detected instances for the same bug pattern
  • 20. 20 Prioritizing based on DB tables User Time zone • Problems related to large or frequently-accessed tables are ranked higher (more likely to be performance bottlenecks) • Problems related to highly dependable tables are ranked higher
  • 21. Developers have different backgrounds 21 • Not all developers are familiar with these frameworks and databases • Developers may not take the problems seriously if they don’t understand the impact
  • 22. Educating developers about the detected problems 22 • We hosted several workshops to educate developers about the impact and cause of the problems • Walk developers through examples of detected problems • May learn new bug patterns from developers
  • 23. Overview of the presentation 23 Bug patterns Lessons learned when adopting the tool in practice Most discussed bug patterns are related to incorrect usage of frameworks We prioritize problems based on DB tables, and educate developers about the problems
  • 24. 24
  • 25. 25
  • 26. 26
  • 27. 27
  • 28. 28
  • 29. 29
  • 30. 30