SlideShare a Scribd company logo

Global Mutable State Analysis in Spring MVC Applications

Download as PPTX, PDF
J
jsinglet
TechnologyEducation
1 of 31
Global Mutable State Analysis in Spring MVC Applications Formal Methods @ UCF John L. Singleton University of Central Florida
The Problem: Global Mutable State • Web applications make extensive use of a form of Global Mutable State called “session.” • The behavior of session closely resembles global variables, which are widely considered a form of code smell. • But more importantly, the use of global variables increase module coupling. Formal Methods @ UCF
Goal: Investigate Use of Global Mutable State in Spring-Based Web Applications • Test Hypothesis: “The use of global mutable state leads to tighter coupling and therefore results in lower program reliability.” • Static Analysis Question: Which program executions may be influenced by the modification of a given GMS variable. Formal Methods @ UCF
Approach: Static Analysis of SpringBased Web Applications • Since Verily already has support for static checking, the tool was built within Verily. • Verily internally leverages ANTLR to handle parsing and AST building. • Build data sets for finding problematic uses of GMS and making specific recommendations about use of GMS in web applications. Formal Methods @ UCF
Analysis Method Our tool performed 4 types of graph analysis: • • • • Module Variable Behavior (read/write >=0) Behavior (read/write > 0 – must use the value) Additionally, we generated plot data for computing metrics we define in this presentation.
Module Example • Large Squares represent modules. • “Points” represent use of a single GMS variable. • Multiple arrows leaving a point implies multiple usages within a module. • Arrows point to module in which the variable is modified Formal Methods @ UCF Shared Issues Application
Variable Example • Variable analysis gives more specific information about the use of variables. • Line number, module, etc. • Useful for interpreting the other two types of behavior analysis. • These networks are huge and hard to display in slides. ELTabique Application Formal Methods @ UCF
Behavior Example (with single writes) • Behavior analysis makes it easy to visualize application GMS behavior. • Possible to quickly classify the type of behavior being used for a specific GMS variable. • With writes shows variables that are only written to but never read. NCLodger Application Formal Methods @ UCF
Behavior Example (w/o single writes) • Same type of analysis as other type of Behavior analysis. • Excludes GMS variables that are written to but never used again. MivProject Application Formal Methods @ UCF
Results Formal Methods @ UCF
Network Classification Analysis revealed several different types of networks. • These networks appear to recur in application designs. • Each subnetwork represents the behavior over a GMS variable. Formal Methods @ UCF
Type 1: Ideal GMS Usage • The ideal usage of GMS is such that there exists exactly one universal sink in a subgraph. • Lowest amount of cross module coupling. • (Verily’s GMS recipe enforces this check) Formal Methods @ UCF
Type 2: Less Ideal GMS Usage • This type of network has multiple sinks and multiple reads within the network. • Multiple Reads, Multiple Writes Formal Methods @ UCF
Type 3: Least Ideal GMS Usage • This type of network has many different write operations compared to the number of reads. • This results in the highest form of coupling since it crosses the most number of modules. • High Writes, Low Reads Formal Methods @ UCF
Quantifying GMS Use We define two sets for analyzing these networks: Formal Methods @ UCF
Quantifying GMS Use: GMC We then calculate Global Mutable Coupling as a measure of GMS use: Formal Methods @ UCF
Quantifying GMS Use: Network Impact Formal Methods @ UCF
Example: The Ideal Case • For both networks, GMC = 1 and are therefore ideal. • Note that we don’t consider more “readers” to increase the value of GMC. Formal Methods @ UCF
Example: Less Ideal Cases • GMC = 16, which shows a high degree of coupling impact. • Modifications in 4 different program points influence the network in two difference places. Formal Methods @ UCF
Example: Less Ideal Cases • GMC = 49, which shows a very high degree of coupling impact. • This application is coupled across 7 possible modules. Formal Methods @ UCF
Case Studies Formal Methods @ UCF
Source Data To inform our analysis, we randomly pulled projects off of Github that made use of Spring MVC and Global Mutable State There are approximately 184,000 such projects available for analysis. Our analysis was based on the following projects: • • • • • MivProject TwitterApp SharedIssues NCLodger EITabique Formal Methods @ UCF
GMS Analysis: MivProject Read/Write + Network Size (GMI Value Inside Circle) 5 4.5 4 [CELLRANGE] 3.5 Reads 3 2.5 2 [CELLRANGE] [CELLRANGE] [CELLRANGE] 1 [CELLRANGE] [CELLRANGE] [CELLRANGE] [CELLRANGE] 1.5 [CELLRANGE] 0.5 0 -2 -1 0 1 2 3 4 Writes Formal Methods @ UCF 5 6 7 8 9
GMS Analysis: MivProject Formal Methods @ UCF
GMS Analysis: SOEN387 Read/Write + Network Size (GMI Value Inside Circle) 14 12 [CELLRANGE] 10 Reads 8 [CELLRANGE] [CELLRANGE] 6 [CELLRANGE] 4 2 [CELLRANGE] 0 -2 -1 0 1 2 3 4 Writes Formal Methods @ UCF 5 6 7 8 9
GMS Analysis: SOEN387 Formal Methods @ UCF
Other Findings Formal Methods @ UCF
Many Usages of GMS are to Deliver Information to Other Tiers Formal Methods @ UCF
The Use of Session in Web Applications Can Be Quite Complex Formal Methods @ UCF
And Even Beautiful… Formal Methods @ UCF
Thank You • To learn more about Verily: • http://goverily.org • More about Formal Methods @ UCF: • http://www.eecs.ucf.edu/~leavens/formal-methods-lab/ Formal Methods @ UCF

Recommended

Beyond Strong Consistency
Beyond Strong ConsistencyBeyond Strong Consistency
Beyond Strong Consistencyjsinglet
 
Consistency in Distributed Systems
Consistency in Distributed SystemsConsistency in Distributed Systems
Consistency in Distributed SystemsShane Johnson
 
Consistency in Distributed Systems, Part 2
Consistency in Distributed Systems, Part 2Consistency in Distributed Systems, Part 2
Consistency in Distributed Systems, Part 2DATAVERSITY
 
CAP, PACELC, and Determinism
CAP, PACELC, and DeterminismCAP, PACELC, and Determinism
CAP, PACELC, and DeterminismDaniel Abadi
 
Lightning talk: highly scalable databases and the PACELC theorem
Lightning talk: highly scalable databases and the PACELC theoremLightning talk: highly scalable databases and the PACELC theorem
Lightning talk: highly scalable databases and the PACELC theoremVishal Bardoloi
 
Varshneya samdarshi lmu_symposium_2016
Varshneya samdarshi lmu_symposium_2016Varshneya samdarshi lmu_symposium_2016
Varshneya samdarshi lmu_symposium_2016GRNsight
 
Anguiano varshneya lmu_symposium_2015
Anguiano varshneya lmu_symposium_2015Anguiano varshneya lmu_symposium_2015
Anguiano varshneya lmu_symposium_2015GRNsight
 
Southwick anguiano lmu-symposium_presentation_20140329
Southwick anguiano lmu-symposium_presentation_20140329Southwick anguiano lmu-symposium_presentation_20140329
Southwick anguiano lmu-symposium_presentation_20140329GRNsight
 

Recommended

Beyond Strong Consistency
Beyond Strong ConsistencyBeyond Strong Consistency
Beyond Strong Consistencyjsinglet
 
Consistency in Distributed Systems
Consistency in Distributed SystemsConsistency in Distributed Systems
Consistency in Distributed SystemsShane Johnson
 
Consistency in Distributed Systems, Part 2
Consistency in Distributed Systems, Part 2Consistency in Distributed Systems, Part 2
Consistency in Distributed Systems, Part 2DATAVERSITY
 
CAP, PACELC, and Determinism
CAP, PACELC, and DeterminismCAP, PACELC, and Determinism
CAP, PACELC, and DeterminismDaniel Abadi
 
Lightning talk: highly scalable databases and the PACELC theorem
Lightning talk: highly scalable databases and the PACELC theoremLightning talk: highly scalable databases and the PACELC theorem
Lightning talk: highly scalable databases and the PACELC theoremVishal Bardoloi
 
Varshneya samdarshi lmu_symposium_2016
Varshneya samdarshi lmu_symposium_2016Varshneya samdarshi lmu_symposium_2016
Varshneya samdarshi lmu_symposium_2016GRNsight
 
Anguiano varshneya lmu_symposium_2015
Anguiano varshneya lmu_symposium_2015Anguiano varshneya lmu_symposium_2015
Anguiano varshneya lmu_symposium_2015GRNsight
 
Southwick anguiano lmu-symposium_presentation_20140329
Southwick anguiano lmu-symposium_presentation_20140329Southwick anguiano lmu-symposium_presentation_20140329
Southwick anguiano lmu-symposium_presentation_20140329GRNsight
 
Process synchronization
Process synchronizationProcess synchronization
Process synchronizationlodhran-hayat
 
Reactiveness All The Way - SW Architecture 2015 Conference
Reactiveness All The Way - SW Architecture 2015 ConferenceReactiveness All The Way - SW Architecture 2015 Conference
Reactiveness All The Way - SW Architecture 2015 ConferenceTamir Dresher
 
Southwick britain gr_nsight_cmsi402-presentation_20140508
Southwick britain gr_nsight_cmsi402-presentation_20140508Southwick britain gr_nsight_cmsi402-presentation_20140508
Southwick britain gr_nsight_cmsi402-presentation_20140508GRNsight
 
Dahlquist so calsysbio_20140131
Dahlquist so calsysbio_20140131Dahlquist so calsysbio_20140131
Dahlquist so calsysbio_20140131GRNsight
 
Real time operating systems (rtos) concepts 7
Real time operating systems (rtos) concepts 7Real time operating systems (rtos) concepts 7
Real time operating systems (rtos) concepts 7Abu Bakr Ramadan
 
Email2git: Extending cregit to Link Review Emails to Commits
Email2git: Extending cregit to Link Review Emails to Commits Email2git: Extending cregit to Link Review Emails to Commits
Email2git: Extending cregit to Link Review Emails to Commits Isabella Ferreira
 
API Performance testing with Gatling
API Performance testing with GatlingAPI Performance testing with Gatling
API Performance testing with GatlingTetiana Polishchuk
 
Abstract
AbstractAbstract
AbstractMalek Mhedhebi
 
Beyond Fault Tolerance with Actor Programming
Beyond Fault Tolerance with Actor ProgrammingBeyond Fault Tolerance with Actor Programming
Beyond Fault Tolerance with Actor ProgrammingFabio Tiriticco
 
Clonal Plasticity & Operator Placement
Clonal Plasticity & Operator PlacementClonal Plasticity & Operator Placement
Clonal Plasticity & Operator PlacementFoCAS Initiative
 
Testing Neural Program Analyzers (ASE-LBR 2019)
Testing Neural Program Analyzers (ASE-LBR 2019)Testing Neural Program Analyzers (ASE-LBR 2019)
Testing Neural Program Analyzers (ASE-LBR 2019)Rafiqul Rabin
 
SE_Unit 2.pdf it is a process model of it student
SE_Unit 2.pdf it is a process model of it studentSE_Unit 2.pdf it is a process model of it student
SE_Unit 2.pdf it is a process model of it studentRAVALCHIRAG1
 
Synthesizing Knowledge from Software Development Artifacts
Synthesizing Knowledge from Software Development ArtifactsSynthesizing Knowledge from Software Development Artifacts
Synthesizing Knowledge from Software Development ArtifactsJeongwhan Choi
 
Models of SDLC (Software Development Life Cycle / Program Development Life Cy...
Models of SDLC (Software Development Life Cycle / Program Development Life Cy...Models of SDLC (Software Development Life Cycle / Program Development Life Cy...
Models of SDLC (Software Development Life Cycle / Program Development Life Cy...Amity University | FMS - DU | IMT | Stratford University | KKMI International Institute | AIMA | DTU
 
ppt2.pptx
ppt2.pptxppt2.pptx
ppt2.pptxJOHNNYGALLA2
 
RTDesignWithUMLUseCase.ppt
RTDesignWithUMLUseCase.pptRTDesignWithUMLUseCase.ppt
RTDesignWithUMLUseCase.pptShashikanth
 
process models- software engineering
process models- software engineeringprocess models- software engineering
process models- software engineeringArun Nair
 
An Adjacent Analysis of the Parallel Programming Model Perspective: A Survey
An Adjacent Analysis of the Parallel Programming Model Perspective: A Survey An Adjacent Analysis of the Parallel Programming Model Perspective: A Survey
An Adjacent Analysis of the Parallel Programming Model Perspective: A SurveyIRJET Journal
 
Testing of Object-Oriented Software
Testing of Object-Oriented SoftwareTesting of Object-Oriented Software
Testing of Object-Oriented SoftwarePraveen Penumathsa
 
Generating test cases using UML Communication Diagram
Generating test cases using UML Communication Diagram Generating test cases using UML Communication Diagram
Generating test cases using UML Communication Diagram Praveen Penumathsa
 
DISE - Introduction to Software Engineering
DISE - Introduction to Software EngineeringDISE - Introduction to Software Engineering
DISE - Introduction to Software EngineeringRasan Samarasinghe
 
Module 3.1.pptx
Module 3.1.pptxModule 3.1.pptx
Module 3.1.pptx8840VinayShelke
 

More Related Content

What's hot

Process synchronization
Process synchronizationProcess synchronization
Process synchronizationlodhran-hayat
 
Reactiveness All The Way - SW Architecture 2015 Conference
Reactiveness All The Way - SW Architecture 2015 ConferenceReactiveness All The Way - SW Architecture 2015 Conference
Reactiveness All The Way - SW Architecture 2015 ConferenceTamir Dresher
 
Southwick britain gr_nsight_cmsi402-presentation_20140508
Southwick britain gr_nsight_cmsi402-presentation_20140508Southwick britain gr_nsight_cmsi402-presentation_20140508
Southwick britain gr_nsight_cmsi402-presentation_20140508GRNsight
 
Dahlquist so calsysbio_20140131
Dahlquist so calsysbio_20140131Dahlquist so calsysbio_20140131
Dahlquist so calsysbio_20140131GRNsight
 
Real time operating systems (rtos) concepts 7
Real time operating systems (rtos) concepts 7Real time operating systems (rtos) concepts 7
Real time operating systems (rtos) concepts 7Abu Bakr Ramadan
 
Email2git: Extending cregit to Link Review Emails to Commits
Email2git: Extending cregit to Link Review Emails to Commits Email2git: Extending cregit to Link Review Emails to Commits
Email2git: Extending cregit to Link Review Emails to Commits Isabella Ferreira
 
API Performance testing with Gatling
API Performance testing with GatlingAPI Performance testing with Gatling
API Performance testing with GatlingTetiana Polishchuk
 
Beyond Fault Tolerance with Actor Programming
Beyond Fault Tolerance with Actor ProgrammingBeyond Fault Tolerance with Actor Programming
Beyond Fault Tolerance with Actor ProgrammingFabio Tiriticco
 
Clonal Plasticity & Operator Placement
Clonal Plasticity & Operator PlacementClonal Plasticity & Operator Placement
Clonal Plasticity & Operator PlacementFoCAS Initiative
 

What's hot (10)

Process synchronization
Process synchronizationProcess synchronization
Process synchronization
 
Reactiveness All The Way - SW Architecture 2015 Conference
Reactiveness All The Way - SW Architecture 2015 ConferenceReactiveness All The Way - SW Architecture 2015 Conference
Reactiveness All The Way - SW Architecture 2015 Conference
 
Southwick britain gr_nsight_cmsi402-presentation_20140508
Southwick britain gr_nsight_cmsi402-presentation_20140508Southwick britain gr_nsight_cmsi402-presentation_20140508
Southwick britain gr_nsight_cmsi402-presentation_20140508
 
Dahlquist so calsysbio_20140131
Dahlquist so calsysbio_20140131Dahlquist so calsysbio_20140131
Dahlquist so calsysbio_20140131
 
Real time operating systems (rtos) concepts 7
Real time operating systems (rtos) concepts 7Real time operating systems (rtos) concepts 7
Real time operating systems (rtos) concepts 7
 
Email2git: Extending cregit to Link Review Emails to Commits
Email2git: Extending cregit to Link Review Emails to Commits Email2git: Extending cregit to Link Review Emails to Commits
Email2git: Extending cregit to Link Review Emails to Commits
 
API Performance testing with Gatling
API Performance testing with GatlingAPI Performance testing with Gatling
API Performance testing with Gatling
 
Abstract
AbstractAbstract
Abstract
 
Beyond Fault Tolerance with Actor Programming
Beyond Fault Tolerance with Actor ProgrammingBeyond Fault Tolerance with Actor Programming
Beyond Fault Tolerance with Actor Programming
 
Clonal Plasticity & Operator Placement
Clonal Plasticity & Operator PlacementClonal Plasticity & Operator Placement
Clonal Plasticity & Operator Placement
 

Similar to Global Mutable State Analysis in Spring MVC Applications

Testing Neural Program Analyzers (ASE-LBR 2019)
Testing Neural Program Analyzers (ASE-LBR 2019)Testing Neural Program Analyzers (ASE-LBR 2019)
Testing Neural Program Analyzers (ASE-LBR 2019)Rafiqul Rabin
 
SE_Unit 2.pdf it is a process model of it student
SE_Unit 2.pdf it is a process model of it studentSE_Unit 2.pdf it is a process model of it student
SE_Unit 2.pdf it is a process model of it studentRAVALCHIRAG1
 
Synthesizing Knowledge from Software Development Artifacts
Synthesizing Knowledge from Software Development ArtifactsSynthesizing Knowledge from Software Development Artifacts
Synthesizing Knowledge from Software Development ArtifactsJeongwhan Choi
 
RTDesignWithUMLUseCase.ppt
RTDesignWithUMLUseCase.pptRTDesignWithUMLUseCase.ppt
RTDesignWithUMLUseCase.pptShashikanth
 
process models- software engineering
process models- software engineeringprocess models- software engineering
process models- software engineeringArun Nair
 
An Adjacent Analysis of the Parallel Programming Model Perspective: A Survey
An Adjacent Analysis of the Parallel Programming Model Perspective: A Survey An Adjacent Analysis of the Parallel Programming Model Perspective: A Survey
An Adjacent Analysis of the Parallel Programming Model Perspective: A SurveyIRJET Journal
 
Testing of Object-Oriented Software
Testing of Object-Oriented SoftwareTesting of Object-Oriented Software
Testing of Object-Oriented SoftwarePraveen Penumathsa
 
Generating test cases using UML Communication Diagram
Generating test cases using UML Communication Diagram Generating test cases using UML Communication Diagram
Generating test cases using UML Communication Diagram Praveen Penumathsa
 
DISE - Introduction to Software Engineering
DISE - Introduction to Software EngineeringDISE - Introduction to Software Engineering
DISE - Introduction to Software EngineeringRasan Samarasinghe
 
Software vjhghjjkhjkkkghhjhEngineering.pdf
Software vjhghjjkhjkkkghhjhEngineering.pdfSoftware vjhghjjkhjkkkghhjhEngineering.pdf
Software vjhghjjkhjkkkghhjhEngineering.pdfavishekpradhan24
 
A Low-Cost IoT Application for the Urban Traffic of Vehicles, Based on Wirele...
A Low-Cost IoT Application for the Urban Traffic of Vehicles, Based on Wirele...A Low-Cost IoT Application for the Urban Traffic of Vehicles, Based on Wirele...
A Low-Cost IoT Application for the Urban Traffic of Vehicles, Based on Wirele...Fatima Qayyum
 
Soft engg introduction and process models
Soft engg introduction and process modelsSoft engg introduction and process models
Soft engg introduction and process modelssnehalkulkarni74
 
Neel Sundaresan - Teaching a machine to code
Neel Sundaresan - Teaching a machine to codeNeel Sundaresan - Teaching a machine to code
Neel Sundaresan - Teaching a machine to codeMLconf
 
software Engineering process
software Engineering processsoftware Engineering process
software Engineering processRaheel Aslam
 
Hybrid Knowledge Bases for Real-Time Robotic Reasoning
Hybrid Knowledge Bases for Real-Time Robotic ReasoningHybrid Knowledge Bases for Real-Time Robotic Reasoning
Hybrid Knowledge Bases for Real-Time Robotic ReasoningHassan Rifky
 

Similar to Global Mutable State Analysis in Spring MVC Applications (20)

Testing Neural Program Analyzers (ASE-LBR 2019)
Testing Neural Program Analyzers (ASE-LBR 2019)Testing Neural Program Analyzers (ASE-LBR 2019)
Testing Neural Program Analyzers (ASE-LBR 2019)
 
SE_Unit 2.pdf it is a process model of it student
SE_Unit 2.pdf it is a process model of it studentSE_Unit 2.pdf it is a process model of it student
SE_Unit 2.pdf it is a process model of it student
 
Synthesizing Knowledge from Software Development Artifacts
Synthesizing Knowledge from Software Development ArtifactsSynthesizing Knowledge from Software Development Artifacts
Synthesizing Knowledge from Software Development Artifacts
 
Models of SDLC (Software Development Life Cycle / Program Development Life Cy...
Models of SDLC (Software Development Life Cycle / Program Development Life Cy...Models of SDLC (Software Development Life Cycle / Program Development Life Cy...
Models of SDLC (Software Development Life Cycle / Program Development Life Cy...
 
ppt2.pptx
ppt2.pptxppt2.pptx
ppt2.pptx
 
RTDesignWithUMLUseCase.ppt
RTDesignWithUMLUseCase.pptRTDesignWithUMLUseCase.ppt
RTDesignWithUMLUseCase.ppt
 
process models- software engineering
process models- software engineeringprocess models- software engineering
process models- software engineering
 
An Adjacent Analysis of the Parallel Programming Model Perspective: A Survey
An Adjacent Analysis of the Parallel Programming Model Perspective: A Survey An Adjacent Analysis of the Parallel Programming Model Perspective: A Survey
An Adjacent Analysis of the Parallel Programming Model Perspective: A Survey
 
Testing of Object-Oriented Software
Testing of Object-Oriented SoftwareTesting of Object-Oriented Software
Testing of Object-Oriented Software
 
Generating test cases using UML Communication Diagram
Generating test cases using UML Communication Diagram Generating test cases using UML Communication Diagram
Generating test cases using UML Communication Diagram
 
DISE - Introduction to Software Engineering
DISE - Introduction to Software EngineeringDISE - Introduction to Software Engineering
DISE - Introduction to Software Engineering
 
Module 3.1.pptx
Module 3.1.pptxModule 3.1.pptx
Module 3.1.pptx
 
Software vjhghjjkhjkkkghhjhEngineering.pdf
Software vjhghjjkhjkkkghhjhEngineering.pdfSoftware vjhghjjkhjkkkghhjhEngineering.pdf
Software vjhghjjkhjkkkghhjhEngineering.pdf
 
DITEC - Software Engineering
DITEC - Software EngineeringDITEC - Software Engineering
DITEC - Software Engineering
 
A Low-Cost IoT Application for the Urban Traffic of Vehicles, Based on Wirele...
A Low-Cost IoT Application for the Urban Traffic of Vehicles, Based on Wirele...A Low-Cost IoT Application for the Urban Traffic of Vehicles, Based on Wirele...
A Low-Cost IoT Application for the Urban Traffic of Vehicles, Based on Wirele...
 
Soft engg introduction and process models
Soft engg introduction and process modelsSoft engg introduction and process models
Soft engg introduction and process models
 
Deploying at will - SEI
Deploying at will - SEI Deploying at will - SEI
Deploying at will - SEI
 
Neel Sundaresan - Teaching a machine to code
Neel Sundaresan - Teaching a machine to codeNeel Sundaresan - Teaching a machine to code
Neel Sundaresan - Teaching a machine to code
 
software Engineering process
software Engineering processsoftware Engineering process
software Engineering process
 
Hybrid Knowledge Bases for Real-Time Robotic Reasoning
Hybrid Knowledge Bases for Real-Time Robotic ReasoningHybrid Knowledge Bases for Real-Time Robotic Reasoning
Hybrid Knowledge Bases for Real-Time Robotic Reasoning
 

Recently uploaded

Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessPixlogix Infotech
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 

Recently uploaded (20)

Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 

Global Mutable State Analysis in Spring MVC Applications

  • 1. Global Mutable State Analysis in Spring MVC Applications Formal Methods @ UCF John L. Singleton University of Central Florida
  • 2. The Problem: Global Mutable State • Web applications make extensive use of a form of Global Mutable State called “session.” • The behavior of session closely resembles global variables, which are widely considered a form of code smell. • But more importantly, the use of global variables increase module coupling. Formal Methods @ UCF
  • 3. Goal: Investigate Use of Global Mutable State in Spring-Based Web Applications • Test Hypothesis: “The use of global mutable state leads to tighter coupling and therefore results in lower program reliability.” • Static Analysis Question: Which program executions may be influenced by the modification of a given GMS variable. Formal Methods @ UCF
  • 4. Approach: Static Analysis of SpringBased Web Applications • Since Verily already has support for static checking, the tool was built within Verily. • Verily internally leverages ANTLR to handle parsing and AST building. • Build data sets for finding problematic uses of GMS and making specific recommendations about use of GMS in web applications. Formal Methods @ UCF
  • 5. Analysis Method Our tool performed 4 types of graph analysis: • • • • Module Variable Behavior (read/write >=0) Behavior (read/write > 0 – must use the value) Additionally, we generated plot data for computing metrics we define in this presentation.
  • 6. Module Example • Large Squares represent modules. • “Points” represent use of a single GMS variable. • Multiple arrows leaving a point implies multiple usages within a module. • Arrows point to module in which the variable is modified Formal Methods @ UCF Shared Issues Application
  • 7. Variable Example • Variable analysis gives more specific information about the use of variables. • Line number, module, etc. • Useful for interpreting the other two types of behavior analysis. • These networks are huge and hard to display in slides. ELTabique Application Formal Methods @ UCF
  • 8. Behavior Example (with single writes) • Behavior analysis makes it easy to visualize application GMS behavior. • Possible to quickly classify the type of behavior being used for a specific GMS variable. • With writes shows variables that are only written to but never read. NCLodger Application Formal Methods @ UCF
  • 9. Behavior Example (w/o single writes) • Same type of analysis as other type of Behavior analysis. • Excludes GMS variables that are written to but never used again. MivProject Application Formal Methods @ UCF
  • 11. Network Classification Analysis revealed several different types of networks. • These networks appear to recur in application designs. • Each subnetwork represents the behavior over a GMS variable. Formal Methods @ UCF
  • 12. Type 1: Ideal GMS Usage • The ideal usage of GMS is such that there exists exactly one universal sink in a subgraph. • Lowest amount of cross module coupling. • (Verily’s GMS recipe enforces this check) Formal Methods @ UCF
  • 13. Type 2: Less Ideal GMS Usage • This type of network has multiple sinks and multiple reads within the network. • Multiple Reads, Multiple Writes Formal Methods @ UCF
  • 14. Type 3: Least Ideal GMS Usage • This type of network has many different write operations compared to the number of reads. • This results in the highest form of coupling since it crosses the most number of modules. • High Writes, Low Reads Formal Methods @ UCF
  • 15. Quantifying GMS Use We define two sets for analyzing these networks: Formal Methods @ UCF
  • 16. Quantifying GMS Use: GMC We then calculate Global Mutable Coupling as a measure of GMS use: Formal Methods @ UCF
  • 17. Quantifying GMS Use: Network Impact Formal Methods @ UCF
  • 18. Example: The Ideal Case • For both networks, GMC = 1 and are therefore ideal. • Note that we don’t consider more “readers” to increase the value of GMC. Formal Methods @ UCF
  • 19. Example: Less Ideal Cases • GMC = 16, which shows a high degree of coupling impact. • Modifications in 4 different program points influence the network in two difference places. Formal Methods @ UCF
  • 20. Example: Less Ideal Cases • GMC = 49, which shows a very high degree of coupling impact. • This application is coupled across 7 possible modules. Formal Methods @ UCF
  • 22. Source Data To inform our analysis, we randomly pulled projects off of Github that made use of Spring MVC and Global Mutable State There are approximately 184,000 such projects available for analysis. Our analysis was based on the following projects: • • • • • MivProject TwitterApp SharedIssues NCLodger EITabique Formal Methods @ UCF
  • 23. GMS Analysis: MivProject Read/Write + Network Size (GMI Value Inside Circle) 5 4.5 4 [CELLRANGE] 3.5 Reads 3 2.5 2 [CELLRANGE] [CELLRANGE] [CELLRANGE] 1 [CELLRANGE] [CELLRANGE] [CELLRANGE] [CELLRANGE] 1.5 [CELLRANGE] 0.5 0 -2 -1 0 1 2 3 4 Writes Formal Methods @ UCF 5 6 7 8 9
  • 25. GMS Analysis: SOEN387 Read/Write + Network Size (GMI Value Inside Circle) 14 12 [CELLRANGE] 10 Reads 8 [CELLRANGE] [CELLRANGE] 6 [CELLRANGE] 4 2 [CELLRANGE] 0 -2 -1 0 1 2 3 4 Writes Formal Methods @ UCF 5 6 7 8 9
  • 28. Many Usages of GMS are to Deliver Information to Other Tiers Formal Methods @ UCF
  • 29. The Use of Session in Web Applications Can Be Quite Complex Formal Methods @ UCF
  • 31. Thank You • To learn more about Verily: • http://goverily.org • More about Formal Methods @ UCF: • http://www.eecs.ucf.edu/~leavens/formal-methods-lab/ Formal Methods @ UCF