SlideShare a Scribd company logo

Global Mutable State Analysis in Spring MVC Applications

Download as PPTX, PDF
J
jsinglet
TechnologyEducation
1 of 31
Global Mutable State Analysis in Spring MVC Applications Formal Methods @ UCF John L. Singleton University of Central Florida
The Problem: Global Mutable State • Web applications make extensive use of a form of Global Mutable State called “session.” • The behavior of session closely resembles global variables, which are widely considered a form of code smell. • But more importantly, the use of global variables increase module coupling. Formal Methods @ UCF
Goal: Investigate Use of Global Mutable State in Spring-Based Web Applications • Test Hypothesis: “The use of global mutable state leads to tighter coupling and therefore results in lower program reliability.” • Static Analysis Question: Which program executions may be influenced by the modification of a given GMS variable. Formal Methods @ UCF
Approach: Static Analysis of SpringBased Web Applications • Since Verily already has support for static checking, the tool was built within Verily. • Verily internally leverages ANTLR to handle parsing and AST building. • Build data sets for finding problematic uses of GMS and making specific recommendations about use of GMS in web applications. Formal Methods @ UCF
Analysis Method Our tool performed 4 types of graph analysis: • • • • Module Variable Behavior (read/write >=0) Behavior (read/write > 0 – must use the value) Additionally, we generated plot data for computing metrics we define in this presentation.
Module Example • Large Squares represent modules. • “Points” represent use of a single GMS variable. • Multiple arrows leaving a point implies multiple usages within a module. • Arrows point to module in which the variable is modified Formal Methods @ UCF Shared Issues Application
Variable Example • Variable analysis gives more specific information about the use of variables. • Line number, module, etc. • Useful for interpreting the other two types of behavior analysis. • These networks are huge and hard to display in slides. ELTabique Application Formal Methods @ UCF
Behavior Example (with single writes) • Behavior analysis makes it easy to visualize application GMS behavior. • Possible to quickly classify the type of behavior being used for a specific GMS variable. • With writes shows variables that are only written to but never read. NCLodger Application Formal Methods @ UCF
Behavior Example (w/o single writes) • Same type of analysis as other type of Behavior analysis. • Excludes GMS variables that are written to but never used again. MivProject Application Formal Methods @ UCF
Results Formal Methods @ UCF
Network Classification Analysis revealed several different types of networks. • These networks appear to recur in application designs. • Each subnetwork represents the behavior over a GMS variable. Formal Methods @ UCF
Type 1: Ideal GMS Usage • The ideal usage of GMS is such that there exists exactly one universal sink in a subgraph. • Lowest amount of cross module coupling. • (Verily’s GMS recipe enforces this check) Formal Methods @ UCF
Type 2: Less Ideal GMS Usage • This type of network has multiple sinks and multiple reads within the network. • Multiple Reads, Multiple Writes Formal Methods @ UCF
Type 3: Least Ideal GMS Usage • This type of network has many different write operations compared to the number of reads. • This results in the highest form of coupling since it crosses the most number of modules. • High Writes, Low Reads Formal Methods @ UCF
Quantifying GMS Use We define two sets for analyzing these networks: Formal Methods @ UCF
Quantifying GMS Use: GMC We then calculate Global Mutable Coupling as a measure of GMS use: Formal Methods @ UCF
Quantifying GMS Use: Network Impact Formal Methods @ UCF
Example: The Ideal Case • For both networks, GMC = 1 and are therefore ideal. • Note that we don’t consider more “readers” to increase the value of GMC. Formal Methods @ UCF
Example: Less Ideal Cases • GMC = 16, which shows a high degree of coupling impact. • Modifications in 4 different program points influence the network in two difference places. Formal Methods @ UCF
Example: Less Ideal Cases • GMC = 49, which shows a very high degree of coupling impact. • This application is coupled across 7 possible modules. Formal Methods @ UCF
Case Studies Formal Methods @ UCF
Source Data To inform our analysis, we randomly pulled projects off of Github that made use of Spring MVC and Global Mutable State There are approximately 184,000 such projects available for analysis. Our analysis was based on the following projects: • • • • • MivProject TwitterApp SharedIssues NCLodger EITabique Formal Methods @ UCF
GMS Analysis: MivProject Read/Write + Network Size (GMI Value Inside Circle) 5 4.5 4 [CELLRANGE] 3.5 Reads 3 2.5 2 [CELLRANGE] [CELLRANGE] [CELLRANGE] 1 [CELLRANGE] [CELLRANGE] [CELLRANGE] [CELLRANGE] 1.5 [CELLRANGE] 0.5 0 -2 -1 0 1 2 3 4 Writes Formal Methods @ UCF 5 6 7 8 9
GMS Analysis: MivProject Formal Methods @ UCF
GMS Analysis: SOEN387 Read/Write + Network Size (GMI Value Inside Circle) 14 12 [CELLRANGE] 10 Reads 8 [CELLRANGE] [CELLRANGE] 6 [CELLRANGE] 4 2 [CELLRANGE] 0 -2 -1 0 1 2 3 4 Writes Formal Methods @ UCF 5 6 7 8 9
GMS Analysis: SOEN387 Formal Methods @ UCF
Other Findings Formal Methods @ UCF
Many Usages of GMS are to Deliver Information to Other Tiers Formal Methods @ UCF
The Use of Session in Web Applications Can Be Quite Complex Formal Methods @ UCF
And Even Beautiful… Formal Methods @ UCF
Thank You • To learn more about Verily: • http://goverily.org • More about Formal Methods @ UCF: • http://www.eecs.ucf.edu/~leavens/formal-methods-lab/ Formal Methods @ UCF

Recommended

Beyond Strong Consistency
Beyond Strong ConsistencyBeyond Strong Consistency
Beyond Strong Consistencyjsinglet
 
Consistency in Distributed Systems
Consistency in Distributed SystemsConsistency in Distributed Systems
Consistency in Distributed SystemsShane Johnson
 
Consistency in Distributed Systems, Part 2
Consistency in Distributed Systems, Part 2Consistency in Distributed Systems, Part 2
Consistency in Distributed Systems, Part 2DATAVERSITY
 
CAP, PACELC, and Determinism
CAP, PACELC, and DeterminismCAP, PACELC, and Determinism
CAP, PACELC, and DeterminismDaniel Abadi
 
Lightning talk: highly scalable databases and the PACELC theorem
Lightning talk: highly scalable databases and the PACELC theoremLightning talk: highly scalable databases and the PACELC theorem
Lightning talk: highly scalable databases and the PACELC theoremVishal Bardoloi
 
Varshneya samdarshi lmu_symposium_2016
Varshneya samdarshi lmu_symposium_2016Varshneya samdarshi lmu_symposium_2016
Varshneya samdarshi lmu_symposium_2016GRNsight
 
Anguiano varshneya lmu_symposium_2015
Anguiano varshneya lmu_symposium_2015Anguiano varshneya lmu_symposium_2015
Anguiano varshneya lmu_symposium_2015GRNsight
 
Southwick anguiano lmu-symposium_presentation_20140329
Southwick anguiano lmu-symposium_presentation_20140329Southwick anguiano lmu-symposium_presentation_20140329
Southwick anguiano lmu-symposium_presentation_20140329GRNsight
 

Recommended

Beyond Strong Consistency
Beyond Strong ConsistencyBeyond Strong Consistency
Beyond Strong Consistencyjsinglet
 
Consistency in Distributed Systems
Consistency in Distributed SystemsConsistency in Distributed Systems
Consistency in Distributed SystemsShane Johnson
 
Consistency in Distributed Systems, Part 2
Consistency in Distributed Systems, Part 2Consistency in Distributed Systems, Part 2
Consistency in Distributed Systems, Part 2DATAVERSITY
 
CAP, PACELC, and Determinism
CAP, PACELC, and DeterminismCAP, PACELC, and Determinism
CAP, PACELC, and DeterminismDaniel Abadi
 
Lightning talk: highly scalable databases and the PACELC theorem
Lightning talk: highly scalable databases and the PACELC theoremLightning talk: highly scalable databases and the PACELC theorem
Lightning talk: highly scalable databases and the PACELC theoremVishal Bardoloi
 
Varshneya samdarshi lmu_symposium_2016
Varshneya samdarshi lmu_symposium_2016Varshneya samdarshi lmu_symposium_2016
Varshneya samdarshi lmu_symposium_2016GRNsight
 
Anguiano varshneya lmu_symposium_2015
Anguiano varshneya lmu_symposium_2015Anguiano varshneya lmu_symposium_2015
Anguiano varshneya lmu_symposium_2015GRNsight
 
Southwick anguiano lmu-symposium_presentation_20140329
Southwick anguiano lmu-symposium_presentation_20140329Southwick anguiano lmu-symposium_presentation_20140329
Southwick anguiano lmu-symposium_presentation_20140329GRNsight
 
Process synchronization
Process synchronizationProcess synchronization
Process synchronizationlodhran-hayat
 
Reactiveness All The Way - SW Architecture 2015 Conference
Reactiveness All The Way - SW Architecture 2015 ConferenceReactiveness All The Way - SW Architecture 2015 Conference
Reactiveness All The Way - SW Architecture 2015 ConferenceTamir Dresher
 
Southwick britain gr_nsight_cmsi402-presentation_20140508
Southwick britain gr_nsight_cmsi402-presentation_20140508Southwick britain gr_nsight_cmsi402-presentation_20140508
Southwick britain gr_nsight_cmsi402-presentation_20140508GRNsight
 
Dahlquist so calsysbio_20140131
Dahlquist so calsysbio_20140131Dahlquist so calsysbio_20140131
Dahlquist so calsysbio_20140131GRNsight
 
Real time operating systems (rtos) concepts 7
Real time operating systems (rtos) concepts 7Real time operating systems (rtos) concepts 7
Real time operating systems (rtos) concepts 7Abu Bakr Ramadan
 
Email2git: Extending cregit to Link Review Emails to Commits
Email2git: Extending cregit to Link Review Emails to Commits Email2git: Extending cregit to Link Review Emails to Commits
Email2git: Extending cregit to Link Review Emails to Commits Isabella Ferreira
 
API Performance testing with Gatling
API Performance testing with GatlingAPI Performance testing with Gatling
API Performance testing with GatlingTetiana Polishchuk
 
Abstract
AbstractAbstract
AbstractMalek Mhedhebi
 
Beyond Fault Tolerance with Actor Programming
Beyond Fault Tolerance with Actor ProgrammingBeyond Fault Tolerance with Actor Programming
Beyond Fault Tolerance with Actor ProgrammingFabio Tiriticco
 
Clonal Plasticity & Operator Placement
Clonal Plasticity & Operator PlacementClonal Plasticity & Operator Placement
Clonal Plasticity & Operator PlacementFoCAS Initiative
 
Testing Neural Program Analyzers (ASE-LBR 2019)
Testing Neural Program Analyzers (ASE-LBR 2019)Testing Neural Program Analyzers (ASE-LBR 2019)
Testing Neural Program Analyzers (ASE-LBR 2019)Rafiqul Rabin
 
SE_Unit 2.pdf it is a process model of it student
SE_Unit 2.pdf it is a process model of it studentSE_Unit 2.pdf it is a process model of it student
SE_Unit 2.pdf it is a process model of it studentRAVALCHIRAG1
 
Synthesizing Knowledge from Software Development Artifacts
Synthesizing Knowledge from Software Development ArtifactsSynthesizing Knowledge from Software Development Artifacts
Synthesizing Knowledge from Software Development ArtifactsJeongwhan Choi
 
Models of SDLC (Software Development Life Cycle / Program Development Life Cy...
Models of SDLC (Software Development Life Cycle / Program Development Life Cy...Models of SDLC (Software Development Life Cycle / Program Development Life Cy...
Models of SDLC (Software Development Life Cycle / Program Development Life Cy...Amity University | FMS - DU | IMT | Stratford University | KKMI International Institute | AIMA | DTU
 
ppt2.pptx
ppt2.pptxppt2.pptx
ppt2.pptxJOHNNYGALLA2
 
RTDesignWithUMLUseCase.ppt
RTDesignWithUMLUseCase.pptRTDesignWithUMLUseCase.ppt
RTDesignWithUMLUseCase.pptShashikanth
 
process models- software engineering
process models- software engineeringprocess models- software engineering
process models- software engineeringArun Nair
 
An Adjacent Analysis of the Parallel Programming Model Perspective: A Survey
An Adjacent Analysis of the Parallel Programming Model Perspective: A Survey An Adjacent Analysis of the Parallel Programming Model Perspective: A Survey
An Adjacent Analysis of the Parallel Programming Model Perspective: A SurveyIRJET Journal
 
Testing of Object-Oriented Software
Testing of Object-Oriented SoftwareTesting of Object-Oriented Software
Testing of Object-Oriented SoftwarePraveen Penumathsa
 
Generating test cases using UML Communication Diagram
Generating test cases using UML Communication Diagram Generating test cases using UML Communication Diagram
Generating test cases using UML Communication Diagram Praveen Penumathsa
 
DISE - Introduction to Software Engineering
DISE - Introduction to Software EngineeringDISE - Introduction to Software Engineering
DISE - Introduction to Software EngineeringRasan Samarasinghe
 
Module 3.1.pptx
Module 3.1.pptxModule 3.1.pptx
Module 3.1.pptx8840VinayShelke
 

More Related Content

What's hot

Process synchronization
Process synchronizationProcess synchronization
Process synchronizationlodhran-hayat
 
Reactiveness All The Way - SW Architecture 2015 Conference
Reactiveness All The Way - SW Architecture 2015 ConferenceReactiveness All The Way - SW Architecture 2015 Conference
Reactiveness All The Way - SW Architecture 2015 ConferenceTamir Dresher
 
Southwick britain gr_nsight_cmsi402-presentation_20140508
Southwick britain gr_nsight_cmsi402-presentation_20140508Southwick britain gr_nsight_cmsi402-presentation_20140508
Southwick britain gr_nsight_cmsi402-presentation_20140508GRNsight
 
Dahlquist so calsysbio_20140131
Dahlquist so calsysbio_20140131Dahlquist so calsysbio_20140131
Dahlquist so calsysbio_20140131GRNsight
 
Real time operating systems (rtos) concepts 7
Real time operating systems (rtos) concepts 7Real time operating systems (rtos) concepts 7
Real time operating systems (rtos) concepts 7Abu Bakr Ramadan
 
Email2git: Extending cregit to Link Review Emails to Commits
Email2git: Extending cregit to Link Review Emails to Commits Email2git: Extending cregit to Link Review Emails to Commits
Email2git: Extending cregit to Link Review Emails to Commits Isabella Ferreira
 
API Performance testing with Gatling
API Performance testing with GatlingAPI Performance testing with Gatling
API Performance testing with GatlingTetiana Polishchuk
 
Beyond Fault Tolerance with Actor Programming
Beyond Fault Tolerance with Actor ProgrammingBeyond Fault Tolerance with Actor Programming
Beyond Fault Tolerance with Actor ProgrammingFabio Tiriticco
 
Clonal Plasticity & Operator Placement
Clonal Plasticity & Operator PlacementClonal Plasticity & Operator Placement
Clonal Plasticity & Operator PlacementFoCAS Initiative
 

What's hot (10)

Process synchronization
Process synchronizationProcess synchronization
Process synchronization
 
Reactiveness All The Way - SW Architecture 2015 Conference
Reactiveness All The Way - SW Architecture 2015 ConferenceReactiveness All The Way - SW Architecture 2015 Conference
Reactiveness All The Way - SW Architecture 2015 Conference
 
Southwick britain gr_nsight_cmsi402-presentation_20140508
Southwick britain gr_nsight_cmsi402-presentation_20140508Southwick britain gr_nsight_cmsi402-presentation_20140508
Southwick britain gr_nsight_cmsi402-presentation_20140508
 
Dahlquist so calsysbio_20140131
Dahlquist so calsysbio_20140131Dahlquist so calsysbio_20140131
Dahlquist so calsysbio_20140131
 
Real time operating systems (rtos) concepts 7
Real time operating systems (rtos) concepts 7Real time operating systems (rtos) concepts 7
Real time operating systems (rtos) concepts 7
 
Email2git: Extending cregit to Link Review Emails to Commits
Email2git: Extending cregit to Link Review Emails to Commits Email2git: Extending cregit to Link Review Emails to Commits
Email2git: Extending cregit to Link Review Emails to Commits
 
API Performance testing with Gatling
API Performance testing with GatlingAPI Performance testing with Gatling
API Performance testing with Gatling
 
Abstract
AbstractAbstract
Abstract
 
Beyond Fault Tolerance with Actor Programming
Beyond Fault Tolerance with Actor ProgrammingBeyond Fault Tolerance with Actor Programming
Beyond Fault Tolerance with Actor Programming
 
Clonal Plasticity & Operator Placement
Clonal Plasticity & Operator PlacementClonal Plasticity & Operator Placement
Clonal Plasticity & Operator Placement
 

Similar to Global Mutable State Analysis in Spring MVC Applications

Testing Neural Program Analyzers (ASE-LBR 2019)
Testing Neural Program Analyzers (ASE-LBR 2019)Testing Neural Program Analyzers (ASE-LBR 2019)
Testing Neural Program Analyzers (ASE-LBR 2019)Rafiqul Rabin
 
SE_Unit 2.pdf it is a process model of it student
SE_Unit 2.pdf it is a process model of it studentSE_Unit 2.pdf it is a process model of it student
SE_Unit 2.pdf it is a process model of it studentRAVALCHIRAG1
 
Synthesizing Knowledge from Software Development Artifacts
Synthesizing Knowledge from Software Development ArtifactsSynthesizing Knowledge from Software Development Artifacts
Synthesizing Knowledge from Software Development ArtifactsJeongwhan Choi
 
RTDesignWithUMLUseCase.ppt
RTDesignWithUMLUseCase.pptRTDesignWithUMLUseCase.ppt
RTDesignWithUMLUseCase.pptShashikanth
 
process models- software engineering
process models- software engineeringprocess models- software engineering
process models- software engineeringArun Nair
 
An Adjacent Analysis of the Parallel Programming Model Perspective: A Survey
An Adjacent Analysis of the Parallel Programming Model Perspective: A Survey An Adjacent Analysis of the Parallel Programming Model Perspective: A Survey
An Adjacent Analysis of the Parallel Programming Model Perspective: A SurveyIRJET Journal
 
Testing of Object-Oriented Software
Testing of Object-Oriented SoftwareTesting of Object-Oriented Software
Testing of Object-Oriented SoftwarePraveen Penumathsa
 
Generating test cases using UML Communication Diagram
Generating test cases using UML Communication Diagram Generating test cases using UML Communication Diagram
Generating test cases using UML Communication Diagram Praveen Penumathsa
 
DISE - Introduction to Software Engineering
DISE - Introduction to Software EngineeringDISE - Introduction to Software Engineering
DISE - Introduction to Software EngineeringRasan Samarasinghe
 
Software vjhghjjkhjkkkghhjhEngineering.pdf
Software vjhghjjkhjkkkghhjhEngineering.pdfSoftware vjhghjjkhjkkkghhjhEngineering.pdf
Software vjhghjjkhjkkkghhjhEngineering.pdfavishekpradhan24
 
A Low-Cost IoT Application for the Urban Traffic of Vehicles, Based on Wirele...
A Low-Cost IoT Application for the Urban Traffic of Vehicles, Based on Wirele...A Low-Cost IoT Application for the Urban Traffic of Vehicles, Based on Wirele...
A Low-Cost IoT Application for the Urban Traffic of Vehicles, Based on Wirele...Fatima Qayyum
 
Soft engg introduction and process models
Soft engg introduction and process modelsSoft engg introduction and process models
Soft engg introduction and process modelssnehalkulkarni74
 
Neel Sundaresan - Teaching a machine to code
Neel Sundaresan - Teaching a machine to codeNeel Sundaresan - Teaching a machine to code
Neel Sundaresan - Teaching a machine to codeMLconf
 
software Engineering process
software Engineering processsoftware Engineering process
software Engineering processRaheel Aslam
 
Hybrid Knowledge Bases for Real-Time Robotic Reasoning
Hybrid Knowledge Bases for Real-Time Robotic ReasoningHybrid Knowledge Bases for Real-Time Robotic Reasoning
Hybrid Knowledge Bases for Real-Time Robotic ReasoningHassan Rifky
 

Similar to Global Mutable State Analysis in Spring MVC Applications (20)

Testing Neural Program Analyzers (ASE-LBR 2019)
Testing Neural Program Analyzers (ASE-LBR 2019)Testing Neural Program Analyzers (ASE-LBR 2019)
Testing Neural Program Analyzers (ASE-LBR 2019)
 
SE_Unit 2.pdf it is a process model of it student
SE_Unit 2.pdf it is a process model of it studentSE_Unit 2.pdf it is a process model of it student
SE_Unit 2.pdf it is a process model of it student
 
Synthesizing Knowledge from Software Development Artifacts
Synthesizing Knowledge from Software Development ArtifactsSynthesizing Knowledge from Software Development Artifacts
Synthesizing Knowledge from Software Development Artifacts
 
Models of SDLC (Software Development Life Cycle / Program Development Life Cy...
Models of SDLC (Software Development Life Cycle / Program Development Life Cy...Models of SDLC (Software Development Life Cycle / Program Development Life Cy...
Models of SDLC (Software Development Life Cycle / Program Development Life Cy...
 
ppt2.pptx
ppt2.pptxppt2.pptx
ppt2.pptx
 
RTDesignWithUMLUseCase.ppt
RTDesignWithUMLUseCase.pptRTDesignWithUMLUseCase.ppt
RTDesignWithUMLUseCase.ppt
 
process models- software engineering
process models- software engineeringprocess models- software engineering
process models- software engineering
 
An Adjacent Analysis of the Parallel Programming Model Perspective: A Survey
An Adjacent Analysis of the Parallel Programming Model Perspective: A Survey An Adjacent Analysis of the Parallel Programming Model Perspective: A Survey
An Adjacent Analysis of the Parallel Programming Model Perspective: A Survey
 
Testing of Object-Oriented Software
Testing of Object-Oriented SoftwareTesting of Object-Oriented Software
Testing of Object-Oriented Software
 
Generating test cases using UML Communication Diagram
Generating test cases using UML Communication Diagram Generating test cases using UML Communication Diagram
Generating test cases using UML Communication Diagram
 
DISE - Introduction to Software Engineering
DISE - Introduction to Software EngineeringDISE - Introduction to Software Engineering
DISE - Introduction to Software Engineering
 
Module 3.1.pptx
Module 3.1.pptxModule 3.1.pptx
Module 3.1.pptx
 
Software vjhghjjkhjkkkghhjhEngineering.pdf
Software vjhghjjkhjkkkghhjhEngineering.pdfSoftware vjhghjjkhjkkkghhjhEngineering.pdf
Software vjhghjjkhjkkkghhjhEngineering.pdf
 
DITEC - Software Engineering
DITEC - Software EngineeringDITEC - Software Engineering
DITEC - Software Engineering
 
A Low-Cost IoT Application for the Urban Traffic of Vehicles, Based on Wirele...
A Low-Cost IoT Application for the Urban Traffic of Vehicles, Based on Wirele...A Low-Cost IoT Application for the Urban Traffic of Vehicles, Based on Wirele...
A Low-Cost IoT Application for the Urban Traffic of Vehicles, Based on Wirele...
 
Soft engg introduction and process models
Soft engg introduction and process modelsSoft engg introduction and process models
Soft engg introduction and process models
 
Deploying at will - SEI
Deploying at will - SEI Deploying at will - SEI
Deploying at will - SEI
 
Neel Sundaresan - Teaching a machine to code
Neel Sundaresan - Teaching a machine to codeNeel Sundaresan - Teaching a machine to code
Neel Sundaresan - Teaching a machine to code
 
software Engineering process
software Engineering processsoftware Engineering process
software Engineering process
 
Hybrid Knowledge Bases for Real-Time Robotic Reasoning
Hybrid Knowledge Bases for Real-Time Robotic ReasoningHybrid Knowledge Bases for Real-Time Robotic Reasoning
Hybrid Knowledge Bases for Real-Time Robotic Reasoning
 

Recently uploaded

"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embeddingZilliz
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Manik S Magar
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfRankYa
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr LapshynFwdays
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 

Recently uploaded (20)

"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embedding
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdf
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 

Global Mutable State Analysis in Spring MVC Applications

  • 1. Global Mutable State Analysis in Spring MVC Applications Formal Methods @ UCF John L. Singleton University of Central Florida
  • 2. The Problem: Global Mutable State • Web applications make extensive use of a form of Global Mutable State called “session.” • The behavior of session closely resembles global variables, which are widely considered a form of code smell. • But more importantly, the use of global variables increase module coupling. Formal Methods @ UCF
  • 3. Goal: Investigate Use of Global Mutable State in Spring-Based Web Applications • Test Hypothesis: “The use of global mutable state leads to tighter coupling and therefore results in lower program reliability.” • Static Analysis Question: Which program executions may be influenced by the modification of a given GMS variable. Formal Methods @ UCF
  • 4. Approach: Static Analysis of SpringBased Web Applications • Since Verily already has support for static checking, the tool was built within Verily. • Verily internally leverages ANTLR to handle parsing and AST building. • Build data sets for finding problematic uses of GMS and making specific recommendations about use of GMS in web applications. Formal Methods @ UCF
  • 5. Analysis Method Our tool performed 4 types of graph analysis: • • • • Module Variable Behavior (read/write >=0) Behavior (read/write > 0 – must use the value) Additionally, we generated plot data for computing metrics we define in this presentation.
  • 6. Module Example • Large Squares represent modules. • “Points” represent use of a single GMS variable. • Multiple arrows leaving a point implies multiple usages within a module. • Arrows point to module in which the variable is modified Formal Methods @ UCF Shared Issues Application
  • 7. Variable Example • Variable analysis gives more specific information about the use of variables. • Line number, module, etc. • Useful for interpreting the other two types of behavior analysis. • These networks are huge and hard to display in slides. ELTabique Application Formal Methods @ UCF
  • 8. Behavior Example (with single writes) • Behavior analysis makes it easy to visualize application GMS behavior. • Possible to quickly classify the type of behavior being used for a specific GMS variable. • With writes shows variables that are only written to but never read. NCLodger Application Formal Methods @ UCF
  • 9. Behavior Example (w/o single writes) • Same type of analysis as other type of Behavior analysis. • Excludes GMS variables that are written to but never used again. MivProject Application Formal Methods @ UCF
  • 11. Network Classification Analysis revealed several different types of networks. • These networks appear to recur in application designs. • Each subnetwork represents the behavior over a GMS variable. Formal Methods @ UCF
  • 12. Type 1: Ideal GMS Usage • The ideal usage of GMS is such that there exists exactly one universal sink in a subgraph. • Lowest amount of cross module coupling. • (Verily’s GMS recipe enforces this check) Formal Methods @ UCF
  • 13. Type 2: Less Ideal GMS Usage • This type of network has multiple sinks and multiple reads within the network. • Multiple Reads, Multiple Writes Formal Methods @ UCF
  • 14. Type 3: Least Ideal GMS Usage • This type of network has many different write operations compared to the number of reads. • This results in the highest form of coupling since it crosses the most number of modules. • High Writes, Low Reads Formal Methods @ UCF
  • 15. Quantifying GMS Use We define two sets for analyzing these networks: Formal Methods @ UCF
  • 16. Quantifying GMS Use: GMC We then calculate Global Mutable Coupling as a measure of GMS use: Formal Methods @ UCF
  • 17. Quantifying GMS Use: Network Impact Formal Methods @ UCF
  • 18. Example: The Ideal Case • For both networks, GMC = 1 and are therefore ideal. • Note that we don’t consider more “readers” to increase the value of GMC. Formal Methods @ UCF
  • 19. Example: Less Ideal Cases • GMC = 16, which shows a high degree of coupling impact. • Modifications in 4 different program points influence the network in two difference places. Formal Methods @ UCF
  • 20. Example: Less Ideal Cases • GMC = 49, which shows a very high degree of coupling impact. • This application is coupled across 7 possible modules. Formal Methods @ UCF
  • 22. Source Data To inform our analysis, we randomly pulled projects off of Github that made use of Spring MVC and Global Mutable State There are approximately 184,000 such projects available for analysis. Our analysis was based on the following projects: • • • • • MivProject TwitterApp SharedIssues NCLodger EITabique Formal Methods @ UCF
  • 23. GMS Analysis: MivProject Read/Write + Network Size (GMI Value Inside Circle) 5 4.5 4 [CELLRANGE] 3.5 Reads 3 2.5 2 [CELLRANGE] [CELLRANGE] [CELLRANGE] 1 [CELLRANGE] [CELLRANGE] [CELLRANGE] [CELLRANGE] 1.5 [CELLRANGE] 0.5 0 -2 -1 0 1 2 3 4 Writes Formal Methods @ UCF 5 6 7 8 9
  • 25. GMS Analysis: SOEN387 Read/Write + Network Size (GMI Value Inside Circle) 14 12 [CELLRANGE] 10 Reads 8 [CELLRANGE] [CELLRANGE] 6 [CELLRANGE] 4 2 [CELLRANGE] 0 -2 -1 0 1 2 3 4 Writes Formal Methods @ UCF 5 6 7 8 9
  • 28. Many Usages of GMS are to Deliver Information to Other Tiers Formal Methods @ UCF
  • 29. The Use of Session in Web Applications Can Be Quite Complex Formal Methods @ UCF
  • 31. Thank You • To learn more about Verily: • http://goverily.org • More about Formal Methods @ UCF: • http://www.eecs.ucf.edu/~leavens/formal-methods-lab/ Formal Methods @ UCF