SlideShare ist ein Scribd-Unternehmen logo

Hidden Truths in Dead Software Paths

Ben Hermann
Ben Hermann

Approaches and techniques for statically finding a multitude of issues in source code have been developed in the past. A core property of these approaches is that they are usually targeted towards finding only a very specific kind of issue and that the effort to develop such an analysis is significant. This strictly limits the number of kinds of issues that can be detected. In this paper, we discuss a generic approach based on the detection of infeasible paths in code that can discover a wide range of code smells ranging from useless code that hinders comprehension to real bugs. Code issues are identified by calculating the difference between the control-flow graph that contains all technically possible edges and the corresponding graph recorded while performing a more precise analysis using abstract interpretation. We have evaluated the approach using the Java Development Kit as well as the Qualitas Corpus (a curated collection of over 100 Java Applications) and were able to find thousands of issues across a wide range of categories.

Software
1 von 18
Downloaden Sie, um offline zu lesen
Hidden Truths in Dead Software Paths Michael Eichberg, Ben Hermann, Mira Mezini, and Leonid Glanz ESEC/FSE 2015, Bergamo, Italy
When is a path dead? if  (maxBits  >  4  ||  maxBits  <  8)  {        maxBits  =  8;   }   if  (maxBits  >  8)  {        maxBits  =  16;   } OpenJDK 8 update 25, com.sun.imageio.plugins.png.PNGMetadata, line 1842ff Hidden inside a 278 LOC method
Hypothesis In well-written code every path between an instruction and all its successors is eventually taken A path that will never be taken indicates an issue
Identifying Infeasible Paths public  static  X  doX(SomeType[]  array)  {   if  (array  !=  null  ||  array.length  >  0)  {  (a)  }   //  …  (b)   }//  (ex) 1: public static X doX(SomeType[] array){ 2: if (array != null || array.length > 0) {(a) } 5: // … (b) 6: }// (ex) ifnonnull array arraylength array ifgt (>0) (a) (b) (ex) (B) Corresponding CFG true true false false (A) Java Source Code. ifnonnull array arraylength array ifgt (>0) (C) Computed AIFG false Java Bytecode Java Bytecode :- array is null CFG
Identifying Infeasible Paths 1: public static X doX(SomeType[] array){ 2: if (array != null || array.length > 0) {(a) } 5: // … (b) 6: }// (ex) ifnonnull array arraylength array ifgt (>0) (a) (b) (ex) (B) Corresponding CFG true true false false ifnonnull array arraylength array ifgt (>0) (a) (b) (ex) (C) Computed AIFG true true false false relevant missing edge a missing edge Java Bytecode Java Bytecode :- array is null :- array not null 1: public static X doX(SomeType[] array){ 2: if (array != null || array.length > 0) {(a) } 5: // … (b) 6: }// (ex) ifnonnull array arraylength array ifgt (>0) (a) (b) (ex) (B) Corresponding CFG true true false false ifnonnull array arraylength array ifgt (>0) (a) (b) (ex) (C) Computed AIFG true true false false relevant missing edge a missing edge Java Bytecode Java Bytecode :- array is null :- array not null CFG AIFG
Abstract Interpretation Not targeted at a specific goal Not a whole program analysis, but instead everything may be an entry point Inter-procedural, path-, flow-, object- and context-sensitive
 with configurable call chain length (typically low)
Abstract Interpretation Integers support all arithmetic operations (of the JVM) maximum size for intervals before we consider them as AnyInt float, long, double at type level reference values objects distinguished by their allocation site alias- and path-sensitive
Post-Processing Compiler Generated Dead Code The Intricacies of Java Established Idioms Assertions Reflection and Reflection-like Mechanisms
Post-Processing Compiler Generated Dead Code void  conditionInFinally(java.io.File  f)  {   boolean  completed  =  false;   try  {   f.canExecute();   completed  =  true;   }  finally  {     if  (completed)  doSomething();  }   } Finally blocks are included twice by Java compilers
Post-Processing The Intricacies of Java Throwable  doFail()  {  throw  new  Exception();  }   Object  compute(Object  o)  {   if  (o  ==  null)  {  return  doFail();  }   else  return  o;   }
Post-Processing Established Idioms switch  (i)  {   case  1:  break;   //  complete  enumerable  of  all  cases   default:  throw  new  UnknownError();   }
Post-Processing Assertions Reflection and Reflection-like Mechanisms
Study: JDK 8 Update 25 Category Percentage Null Confusion 54 % Range Double Checks 11 % Dead Extensibility 9 % Unsupported Operation Usage 7 % Unexpected Return Value 5 % Forgotten Constant 4 % Confused Language Semantics 3 % Type Confusion 3 % Confused Conjunctions 2 % Obviously Useless Code 1 % False Positives 1 % • Found 556 issues • For 19 we found no source code • 279 of 537 were considered irrelevant • The remaining 258 issues were manually inspected
Null Confusion Infeasible path because of too much checks for null Infeasible path because of too less checks for null if  (o  ==  null)  return  doSomething();   if  (o  ==  null)  return  doSomeOtherThing(); int  num  =  array.length;   if  (array  ==  null)     throw  InvalidArgumentException();
Range Double Checks if  (extendableSpaces  <=  0)  return;   int  adjustment  =  (target  -­‐  currentSpan);   int  spaceAddon  =  (extendableSpaces  >  0)  ?   adjustment  /  extendableSpaces  :  0; OpenJDK 8 update 25, javax.swing.text.ParagraphView$Row.layoutMajorAxis, line 1095ff
Dead Extensibility //  For  now  we  set  owner  to  null.  In  the   future,  it  may  be  
 //  passed  as  an  argument.  
 Window  owner  =  null;  
 if  (owner  instanceof  Frame)  {  ...  } OpenJDK 8 update 25, javax.print.ServiceUI.printDialog, line 189ff
Summary General analysis approach to find various different and complex issues Dead Path detection using Abstract Interpretation We evaluated on the JDK (and on the Qualitas Corpus) We filter out irrelevant issues
Thanks and please try it out http://www.opal-­‐project.de/tools/bugpicker/ And also see my other talk on a Capability Model for Java on Friday’s 11:30 session R8.c in the same room

Empfohlen

Symbolic Execution (introduction and hands-on)
Symbolic Execution (introduction and hands-on)Symbolic Execution (introduction and hands-on)
Symbolic Execution (introduction and hands-on)Emilio Coppa
 
Measuring maintainability; software metrics explained
Measuring maintainability; software metrics explainedMeasuring maintainability; software metrics explained
Measuring maintainability; software metrics explainedDennis de Greef
 
Java Questioner for
Java Questioner for Java Questioner for
Java Questioner for Abhay Korat
 
C++ Presentation
C++ PresentationC++ Presentation
C++ PresentationCarson Wilber
 
Analyzing the Dolphin-emu project
Analyzing the Dolphin-emu projectAnalyzing the Dolphin-emu project
Analyzing the Dolphin-emu projectPVS-Studio
 
Control Statements, Array, Pointer, Structures
Control Statements, Array, Pointer, StructuresControl Statements, Array, Pointer, Structures
Control Statements, Array, Pointer, Structuresindra Kishor
 
EMBEDDED SYSTEMS 4&5
EMBEDDED SYSTEMS 4&5EMBEDDED SYSTEMS 4&5
EMBEDDED SYSTEMS 4&5PRADEEP
 
C++17 introduction - Meetup @EtixLabs
C++17 introduction - Meetup @EtixLabsC++17 introduction - Meetup @EtixLabs
C++17 introduction - Meetup @EtixLabsStephane Gleizes
 

Empfohlen

Symbolic Execution (introduction and hands-on)
Symbolic Execution (introduction and hands-on)Symbolic Execution (introduction and hands-on)
Symbolic Execution (introduction and hands-on)Emilio Coppa
 
Measuring maintainability; software metrics explained
Measuring maintainability; software metrics explainedMeasuring maintainability; software metrics explained
Measuring maintainability; software metrics explainedDennis de Greef
 
Java Questioner for
Java Questioner for Java Questioner for
Java Questioner for Abhay Korat
 
C++ Presentation
C++ PresentationC++ Presentation
C++ PresentationCarson Wilber
 
Analyzing the Dolphin-emu project
Analyzing the Dolphin-emu projectAnalyzing the Dolphin-emu project
Analyzing the Dolphin-emu projectPVS-Studio
 
Control Statements, Array, Pointer, Structures
Control Statements, Array, Pointer, StructuresControl Statements, Array, Pointer, Structures
Control Statements, Array, Pointer, Structuresindra Kishor
 
EMBEDDED SYSTEMS 4&5
EMBEDDED SYSTEMS 4&5EMBEDDED SYSTEMS 4&5
EMBEDDED SYSTEMS 4&5PRADEEP
 
C++17 introduction - Meetup @EtixLabs
C++17 introduction - Meetup @EtixLabsC++17 introduction - Meetup @EtixLabs
C++17 introduction - Meetup @EtixLabsStephane Gleizes
 
Quiz test JDBC
Quiz test JDBCQuiz test JDBC
Quiz test JDBCvacbalolenvadi90
 
Handling Exceptions In C &amp; C++ [Part B] Ver 2
Handling Exceptions In C &amp; C++ [Part B] Ver 2Handling Exceptions In C &amp; C++ [Part B] Ver 2
Handling Exceptions In C &amp; C++ [Part B] Ver 2ppd1961
 
College1
College1College1
College1Sudharsan S
 
C++11
C++11C++11
C++11Quang Trần Duy
 
Solid C++ by Example
Solid C++ by ExampleSolid C++ by Example
Solid C++ by ExampleOlve Maudal
 
C programming session3
C programming session3C programming session3
C programming session3Keroles karam khalil
 
Summary of C++17 features
Summary of C++17 featuresSummary of C++17 features
Summary of C++17 featuresBartlomiej Filipek
 
C++ vs C#
C++ vs C#C++ vs C#
C++ vs C#sudipv
 
Cs2251 daa
Cs2251 daaCs2251 daa
Cs2251 daaSrinivasan Lakshmanan
 
Isorc18 keynote
Isorc18 keynoteIsorc18 keynote
Isorc18 keynoteAbhik Roychoudhury
 
(chapter 5) A Concise and Practical Introduction to Programming Algorithms in...
(chapter 5) A Concise and Practical Introduction to Programming Algorithms in...(chapter 5) A Concise and Practical Introduction to Programming Algorithms in...
(chapter 5) A Concise and Practical Introduction to Programming Algorithms in...Frank Nielsen
 
The Goal and The Journey - Turning back on one year of C++14 Migration
The Goal and The Journey - Turning back on one year of C++14 MigrationThe Goal and The Journey - Turning back on one year of C++14 Migration
The Goal and The Journey - Turning back on one year of C++14 MigrationJoel Falcou
 
Deep C
Deep CDeep C
Deep COlve Maudal
 
Cpp17 and Beyond
Cpp17 and BeyondCpp17 and Beyond
Cpp17 and BeyondComicSansMS
 
What has to be paid attention when reviewing code of the library you develop
What has to be paid attention when reviewing code of the library you developWhat has to be paid attention when reviewing code of the library you develop
What has to be paid attention when reviewing code of the library you developAndrey Karpov
 
What is to loop in c++
What is to loop in c++What is to loop in c++
What is to loop in c++03446940736
 
Fast, Private and Verifiable: Server-aided Approximate Similarity Computation...
Fast, Private and Verifiable: Server-aided Approximate Similarity Computation...Fast, Private and Verifiable: Server-aided Approximate Similarity Computation...
Fast, Private and Verifiable: Server-aided Approximate Similarity Computation...Mateus S. H. Cruz
 
Java level 1 Quizzes
Java level 1 QuizzesJava level 1 Quizzes
Java level 1 QuizzesSteven Luo
 
C language
C languageC language
C languageMohamed Bedair
 
Os Reindersfinal
Os ReindersfinalOs Reindersfinal
Os Reindersfinaloscon2007
 
Price of an Error
Price of an ErrorPrice of an Error
Price of an ErrorAndrey Karpov
 
Java Performance MythBusters
Java Performance MythBustersJava Performance MythBusters
Java Performance MythBustersSebastian Zarnekow
 

Weitere ähnliche Inhalte

Was ist angesagt?

Handling Exceptions In C &amp; C++ [Part B] Ver 2
Handling Exceptions In C &amp; C++ [Part B] Ver 2Handling Exceptions In C &amp; C++ [Part B] Ver 2
Handling Exceptions In C &amp; C++ [Part B] Ver 2ppd1961
 
Solid C++ by Example
Solid C++ by ExampleSolid C++ by Example
Solid C++ by ExampleOlve Maudal
 
C++ vs C#
C++ vs C#C++ vs C#
C++ vs C#sudipv
 
(chapter 5) A Concise and Practical Introduction to Programming Algorithms in...
(chapter 5) A Concise and Practical Introduction to Programming Algorithms in...(chapter 5) A Concise and Practical Introduction to Programming Algorithms in...
(chapter 5) A Concise and Practical Introduction to Programming Algorithms in...Frank Nielsen
 
The Goal and The Journey - Turning back on one year of C++14 Migration
The Goal and The Journey - Turning back on one year of C++14 MigrationThe Goal and The Journey - Turning back on one year of C++14 Migration
The Goal and The Journey - Turning back on one year of C++14 MigrationJoel Falcou
 
Cpp17 and Beyond
Cpp17 and BeyondCpp17 and Beyond
Cpp17 and BeyondComicSansMS
 
What has to be paid attention when reviewing code of the library you develop
What has to be paid attention when reviewing code of the library you developWhat has to be paid attention when reviewing code of the library you develop
What has to be paid attention when reviewing code of the library you developAndrey Karpov
 
What is to loop in c++
What is to loop in c++What is to loop in c++
What is to loop in c++03446940736
 
Fast, Private and Verifiable: Server-aided Approximate Similarity Computation...
Fast, Private and Verifiable: Server-aided Approximate Similarity Computation...Fast, Private and Verifiable: Server-aided Approximate Similarity Computation...
Fast, Private and Verifiable: Server-aided Approximate Similarity Computation...Mateus S. H. Cruz
 
Java level 1 Quizzes
Java level 1 QuizzesJava level 1 Quizzes
Java level 1 QuizzesSteven Luo
 
Os Reindersfinal
Os ReindersfinalOs Reindersfinal
Os Reindersfinaloscon2007
 

Was ist angesagt? (20)

Quiz test JDBC
Quiz test JDBCQuiz test JDBC
Quiz test JDBC
 
Handling Exceptions In C &amp; C++ [Part B] Ver 2
Handling Exceptions In C &amp; C++ [Part B] Ver 2Handling Exceptions In C &amp; C++ [Part B] Ver 2
Handling Exceptions In C &amp; C++ [Part B] Ver 2
 
College1
College1College1
College1
 
C++11
C++11C++11
C++11
 
Solid C++ by Example
Solid C++ by ExampleSolid C++ by Example
Solid C++ by Example
 
C programming session3
C programming session3C programming session3
C programming session3
 
Summary of C++17 features
Summary of C++17 featuresSummary of C++17 features
Summary of C++17 features
 
C++ vs C#
C++ vs C#C++ vs C#
C++ vs C#
 
Cs2251 daa
Cs2251 daaCs2251 daa
Cs2251 daa
 
Isorc18 keynote
Isorc18 keynoteIsorc18 keynote
Isorc18 keynote
 
(chapter 5) A Concise and Practical Introduction to Programming Algorithms in...
(chapter 5) A Concise and Practical Introduction to Programming Algorithms in...(chapter 5) A Concise and Practical Introduction to Programming Algorithms in...
(chapter 5) A Concise and Practical Introduction to Programming Algorithms in...
 
The Goal and The Journey - Turning back on one year of C++14 Migration
The Goal and The Journey - Turning back on one year of C++14 MigrationThe Goal and The Journey - Turning back on one year of C++14 Migration
The Goal and The Journey - Turning back on one year of C++14 Migration
 
Deep C
Deep CDeep C
Deep C
 
Cpp17 and Beyond
Cpp17 and BeyondCpp17 and Beyond
Cpp17 and Beyond
 
What has to be paid attention when reviewing code of the library you develop
What has to be paid attention when reviewing code of the library you developWhat has to be paid attention when reviewing code of the library you develop
What has to be paid attention when reviewing code of the library you develop
 
What is to loop in c++
What is to loop in c++What is to loop in c++
What is to loop in c++
 
Fast, Private and Verifiable: Server-aided Approximate Similarity Computation...
Fast, Private and Verifiable: Server-aided Approximate Similarity Computation...Fast, Private and Verifiable: Server-aided Approximate Similarity Computation...
Fast, Private and Verifiable: Server-aided Approximate Similarity Computation...
 
Java level 1 Quizzes
Java level 1 QuizzesJava level 1 Quizzes
Java level 1 Quizzes
 
C language
C languageC language
C language
 
Os Reindersfinal
Os ReindersfinalOs Reindersfinal
Os Reindersfinal
 

Ähnlich wie Hidden Truths in Dead Software Paths

Mathematicians: Trust, but Verify
Mathematicians: Trust, but VerifyMathematicians: Trust, but Verify
Mathematicians: Trust, but VerifyAndrey Karpov
 
100 bugs in Open Source C/C++ projects
100 bugs in Open Source C/C++ projects 100 bugs in Open Source C/C++ projects
100 bugs in Open Source C/C++ projects Andrey Karpov
 
Orthogonal Functional Architecture
Orthogonal Functional ArchitectureOrthogonal Functional Architecture
Orthogonal Functional ArchitectureJohn De Goes
 
"Why is there no artificial intelligence yet?" Or, analysis of CNTK tool kit ...
"Why is there no artificial intelligence yet?" Or, analysis of CNTK tool kit ..."Why is there no artificial intelligence yet?" Or, analysis of CNTK tool kit ...
"Why is there no artificial intelligence yet?" Or, analysis of CNTK tool kit ...PVS-Studio
 
100 bugs in Open Source C/C++ projects
100 bugs in Open Source C/C++ projects100 bugs in Open Source C/C++ projects
100 bugs in Open Source C/C++ projectsPVS-Studio
 
Haskell for data science
Haskell for data scienceHaskell for data science
Haskell for data scienceJohn Cant
 
Java coding pitfalls
Java coding pitfallsJava coding pitfalls
Java coding pitfallstomi vanek
 
What You Need to Know about Lambdas
What You Need to Know about LambdasWhat You Need to Know about Lambdas
What You Need to Know about LambdasRyan Knight
 
Java 5 6 Generics, Concurrency, Garbage Collection, Tuning
Java 5 6 Generics, Concurrency, Garbage Collection, TuningJava 5 6 Generics, Concurrency, Garbage Collection, Tuning
Java 5 6 Generics, Concurrency, Garbage Collection, TuningCarol McDonald
 
20160520 what youneedtoknowaboutlambdas
20160520 what youneedtoknowaboutlambdas20160520 what youneedtoknowaboutlambdas
20160520 what youneedtoknowaboutlambdasshinolajla
 
Os Reindersfinal
Os ReindersfinalOs Reindersfinal
Os Reindersfinaloscon2007
 
200 Open Source Projects Later: Source Code Static Analysis Experience
200 Open Source Projects Later: Source Code Static Analysis Experience200 Open Source Projects Later: Source Code Static Analysis Experience
200 Open Source Projects Later: Source Code Static Analysis ExperienceAndrey Karpov
 
Consider this code using the ArrayBag of Section 5.2 and the Locat.docx
Consider this code using the ArrayBag of Section 5.2 and the Locat.docxConsider this code using the ArrayBag of Section 5.2 and the Locat.docx
Consider this code using the ArrayBag of Section 5.2 and the Locat.docxmaxinesmith73660
 
Unit I Advanced Java Programming Course
Unit I Advanced Java Programming CourseUnit I Advanced Java Programming Course
Unit I Advanced Java Programming Courseparveen837153
 

Ähnlich wie Hidden Truths in Dead Software Paths (20)

Price of an Error
Price of an ErrorPrice of an Error
Price of an Error
 
Java Performance MythBusters
Java Performance MythBustersJava Performance MythBusters
Java Performance MythBusters
 
Forgive me for i have allocated
Forgive me for i have allocatedForgive me for i have allocated
Forgive me for i have allocated
 
Mathematicians: Trust, but Verify
Mathematicians: Trust, but VerifyMathematicians: Trust, but Verify
Mathematicians: Trust, but Verify
 
100 bugs in Open Source C/C++ projects
100 bugs in Open Source C/C++ projects 100 bugs in Open Source C/C++ projects
100 bugs in Open Source C/C++ projects
 
Orthogonal Functional Architecture
Orthogonal Functional ArchitectureOrthogonal Functional Architecture
Orthogonal Functional Architecture
 
"Why is there no artificial intelligence yet?" Or, analysis of CNTK tool kit ...
"Why is there no artificial intelligence yet?" Or, analysis of CNTK tool kit ..."Why is there no artificial intelligence yet?" Or, analysis of CNTK tool kit ...
"Why is there no artificial intelligence yet?" Or, analysis of CNTK tool kit ...
 
Klee and angr
Klee and angrKlee and angr
Klee and angr
 
100 bugs in Open Source C/C++ projects
100 bugs in Open Source C/C++ projects100 bugs in Open Source C/C++ projects
100 bugs in Open Source C/C++ projects
 
Haskell for data science
Haskell for data scienceHaskell for data science
Haskell for data science
 
Java coding pitfalls
Java coding pitfallsJava coding pitfalls
Java coding pitfalls
 
What You Need to Know about Lambdas
What You Need to Know about LambdasWhat You Need to Know about Lambdas
What You Need to Know about Lambdas
 
Java 5 6 Generics, Concurrency, Garbage Collection, Tuning
Java 5 6 Generics, Concurrency, Garbage Collection, TuningJava 5 6 Generics, Concurrency, Garbage Collection, Tuning
Java 5 6 Generics, Concurrency, Garbage Collection, Tuning
 
core java
core java core java
core java
 
Symbolic Execution And KLEE
Symbolic Execution And KLEESymbolic Execution And KLEE
Symbolic Execution And KLEE
 
20160520 what youneedtoknowaboutlambdas
20160520 what youneedtoknowaboutlambdas20160520 what youneedtoknowaboutlambdas
20160520 what youneedtoknowaboutlambdas
 
Os Reindersfinal
Os ReindersfinalOs Reindersfinal
Os Reindersfinal
 
200 Open Source Projects Later: Source Code Static Analysis Experience
200 Open Source Projects Later: Source Code Static Analysis Experience200 Open Source Projects Later: Source Code Static Analysis Experience
200 Open Source Projects Later: Source Code Static Analysis Experience
 
Consider this code using the ArrayBag of Section 5.2 and the Locat.docx
Consider this code using the ArrayBag of Section 5.2 and the Locat.docxConsider this code using the ArrayBag of Section 5.2 and the Locat.docx
Consider this code using the ArrayBag of Section 5.2 and the Locat.docx
 
Unit I Advanced Java Programming Course
Unit I Advanced Java Programming CourseUnit I Advanced Java Programming Course
Unit I Advanced Java Programming Course
 

Kürzlich hochgeladen

PREDICTING RIVER WATER QUALITY ppt presentation
PREDICTING RIVER WATER QUALITY ppt presentationPREDICTING RIVER WATER QUALITY ppt presentation
PREDICTING RIVER WATER QUALITY ppt presentationvaddepallysandeep122
 
SensoDat: Simulation-based Sensor Dataset of Self-driving Cars
SensoDat: Simulation-based Sensor Dataset of Self-driving CarsSensoDat: Simulation-based Sensor Dataset of Self-driving Cars
SensoDat: Simulation-based Sensor Dataset of Self-driving CarsChristian Birchler
 
Exploring Selenium_Appium Frameworks for Seamless Integration with HeadSpin.pdf
Exploring Selenium_Appium Frameworks for Seamless Integration with HeadSpin.pdfExploring Selenium_Appium Frameworks for Seamless Integration with HeadSpin.pdf
Exploring Selenium_Appium Frameworks for Seamless Integration with HeadSpin.pdfkalichargn70th171
 
Software Coding for software engineering
Software Coding for software engineeringSoftware Coding for software engineering
Software Coding for software engineeringssuserb3a23b
 
Odoo 14 - eLearning Module In Odoo 14 Enterprise
Odoo 14 - eLearning Module In Odoo 14 EnterpriseOdoo 14 - eLearning Module In Odoo 14 Enterprise
Odoo 14 - eLearning Module In Odoo 14 Enterprisepreethippts
 
cpct NetworkING BASICS AND NETWORK TOOL.ppt
cpct NetworkING BASICS AND NETWORK TOOL.pptcpct NetworkING BASICS AND NETWORK TOOL.ppt
cpct NetworkING BASICS AND NETWORK TOOL.pptrcbcrtm
 
Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...
Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...
Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...Cizo Technology Services
 
Unveiling the Future: Sylius 2.0 New Features
Unveiling the Future: Sylius 2.0 New FeaturesUnveiling the Future: Sylius 2.0 New Features
Unveiling the Future: Sylius 2.0 New FeaturesŁukasz Chruściel
 
Comparing Linux OS Image Update Models - EOSS 2024.pdf
Comparing Linux OS Image Update Models - EOSS 2024.pdfComparing Linux OS Image Update Models - EOSS 2024.pdf
Comparing Linux OS Image Update Models - EOSS 2024.pdfDrew Moseley
 
React Server Component in Next.js by Hanief Utama
React Server Component in Next.js by Hanief UtamaReact Server Component in Next.js by Hanief Utama
React Server Component in Next.js by Hanief UtamaHanief Utama
 
Precise and Complete Requirements? An Elusive Goal
Precise and Complete Requirements? An Elusive GoalPrecise and Complete Requirements? An Elusive Goal
Precise and Complete Requirements? An Elusive GoalLionel Briand
 
Implementing Zero Trust strategy with Azure
Implementing Zero Trust strategy with AzureImplementing Zero Trust strategy with Azure
Implementing Zero Trust strategy with AzureDinusha Kumarasiri
 
办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样
办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样
办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样umasea
 
SpotFlow: Tracking Method Calls and States at Runtime
SpotFlow: Tracking Method Calls and States at RuntimeSpotFlow: Tracking Method Calls and States at Runtime
SpotFlow: Tracking Method Calls and States at Runtimeandrehoraa
 
MYjobs Presentation Django-based project
MYjobs Presentation Django-based projectMYjobs Presentation Django-based project
MYjobs Presentation Django-based projectAnoyGreter
 
英国UN学位证,北安普顿大学毕业证书1:1制作
英国UN学位证,北安普顿大学毕业证书1:1制作英国UN学位证,北安普顿大学毕业证书1:1制作
英国UN学位证,北安普顿大学毕业证书1:1制作qr0udbr0
 
Cyber security and its impact on E commerce
Cyber security and its impact on E commerceCyber security and its impact on E commerce
Cyber security and its impact on E commercemanigoyal112
 
Balasore Best It Company|| Top 10 IT Company || Balasore Software company Odisha
Balasore Best It Company|| Top 10 IT Company || Balasore Software company OdishaBalasore Best It Company|| Top 10 IT Company || Balasore Software company Odisha
Balasore Best It Company|| Top 10 IT Company || Balasore Software company Odishasmiwainfosol
 
How to submit a standout Adobe Champion Application
How to submit a standout Adobe Champion ApplicationHow to submit a standout Adobe Champion Application
How to submit a standout Adobe Champion ApplicationBradBedford3
 

Kürzlich hochgeladen (20)

PREDICTING RIVER WATER QUALITY ppt presentation
PREDICTING RIVER WATER QUALITY ppt presentationPREDICTING RIVER WATER QUALITY ppt presentation
PREDICTING RIVER WATER QUALITY ppt presentation
 
SensoDat: Simulation-based Sensor Dataset of Self-driving Cars
SensoDat: Simulation-based Sensor Dataset of Self-driving CarsSensoDat: Simulation-based Sensor Dataset of Self-driving Cars
SensoDat: Simulation-based Sensor Dataset of Self-driving Cars
 
Exploring Selenium_Appium Frameworks for Seamless Integration with HeadSpin.pdf
Exploring Selenium_Appium Frameworks for Seamless Integration with HeadSpin.pdfExploring Selenium_Appium Frameworks for Seamless Integration with HeadSpin.pdf
Exploring Selenium_Appium Frameworks for Seamless Integration with HeadSpin.pdf
 
Software Coding for software engineering
Software Coding for software engineeringSoftware Coding for software engineering
Software Coding for software engineering
 
Odoo 14 - eLearning Module In Odoo 14 Enterprise
Odoo 14 - eLearning Module In Odoo 14 EnterpriseOdoo 14 - eLearning Module In Odoo 14 Enterprise
Odoo 14 - eLearning Module In Odoo 14 Enterprise
 
Odoo Development Company in India | Devintelle Consulting Service
Odoo Development Company in India | Devintelle Consulting ServiceOdoo Development Company in India | Devintelle Consulting Service
Odoo Development Company in India | Devintelle Consulting Service
 
cpct NetworkING BASICS AND NETWORK TOOL.ppt
cpct NetworkING BASICS AND NETWORK TOOL.pptcpct NetworkING BASICS AND NETWORK TOOL.ppt
cpct NetworkING BASICS AND NETWORK TOOL.ppt
 
Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...
Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...
Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...
 
Unveiling the Future: Sylius 2.0 New Features
Unveiling the Future: Sylius 2.0 New FeaturesUnveiling the Future: Sylius 2.0 New Features
Unveiling the Future: Sylius 2.0 New Features
 
Comparing Linux OS Image Update Models - EOSS 2024.pdf
Comparing Linux OS Image Update Models - EOSS 2024.pdfComparing Linux OS Image Update Models - EOSS 2024.pdf
Comparing Linux OS Image Update Models - EOSS 2024.pdf
 
React Server Component in Next.js by Hanief Utama
React Server Component in Next.js by Hanief UtamaReact Server Component in Next.js by Hanief Utama
React Server Component in Next.js by Hanief Utama
 
Precise and Complete Requirements? An Elusive Goal
Precise and Complete Requirements? An Elusive GoalPrecise and Complete Requirements? An Elusive Goal
Precise and Complete Requirements? An Elusive Goal
 
Implementing Zero Trust strategy with Azure
Implementing Zero Trust strategy with AzureImplementing Zero Trust strategy with Azure
Implementing Zero Trust strategy with Azure
 
办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样
办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样
办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样
 
SpotFlow: Tracking Method Calls and States at Runtime
SpotFlow: Tracking Method Calls and States at RuntimeSpotFlow: Tracking Method Calls and States at Runtime
SpotFlow: Tracking Method Calls and States at Runtime
 
MYjobs Presentation Django-based project
MYjobs Presentation Django-based projectMYjobs Presentation Django-based project
MYjobs Presentation Django-based project
 
英国UN学位证,北安普顿大学毕业证书1:1制作
英国UN学位证,北安普顿大学毕业证书1:1制作英国UN学位证,北安普顿大学毕业证书1:1制作
英国UN学位证,北安普顿大学毕业证书1:1制作
 
Cyber security and its impact on E commerce
Cyber security and its impact on E commerceCyber security and its impact on E commerce
Cyber security and its impact on E commerce
 
Balasore Best It Company|| Top 10 IT Company || Balasore Software company Odisha
Balasore Best It Company|| Top 10 IT Company || Balasore Software company OdishaBalasore Best It Company|| Top 10 IT Company || Balasore Software company Odisha
Balasore Best It Company|| Top 10 IT Company || Balasore Software company Odisha
 
How to submit a standout Adobe Champion Application
How to submit a standout Adobe Champion ApplicationHow to submit a standout Adobe Champion Application
How to submit a standout Adobe Champion Application
 

Hidden Truths in Dead Software Paths

  • 1. Hidden Truths in Dead Software Paths Michael Eichberg, Ben Hermann, Mira Mezini, and Leonid Glanz ESEC/FSE 2015, Bergamo, Italy
  • 2. When is a path dead? if  (maxBits  >  4  ||  maxBits  <  8)  {        maxBits  =  8;   }   if  (maxBits  >  8)  {        maxBits  =  16;   } OpenJDK 8 update 25, com.sun.imageio.plugins.png.PNGMetadata, line 1842ff Hidden inside a 278 LOC method
  • 3. Hypothesis In well-written code every path between an instruction and all its successors is eventually taken A path that will never be taken indicates an issue
  • 4. Identifying Infeasible Paths public  static  X  doX(SomeType[]  array)  {   if  (array  !=  null  ||  array.length  >  0)  {  (a)  }   //  …  (b)   }//  (ex) 1: public static X doX(SomeType[] array){ 2: if (array != null || array.length > 0) {(a) } 5: // … (b) 6: }// (ex) ifnonnull array arraylength array ifgt (>0) (a) (b) (ex) (B) Corresponding CFG true true false false (A) Java Source Code. ifnonnull array arraylength array ifgt (>0) (C) Computed AIFG false Java Bytecode Java Bytecode :- array is null CFG
  • 5. Identifying Infeasible Paths 1: public static X doX(SomeType[] array){ 2: if (array != null || array.length > 0) {(a) } 5: // … (b) 6: }// (ex) ifnonnull array arraylength array ifgt (>0) (a) (b) (ex) (B) Corresponding CFG true true false false ifnonnull array arraylength array ifgt (>0) (a) (b) (ex) (C) Computed AIFG true true false false relevant missing edge a missing edge Java Bytecode Java Bytecode :- array is null :- array not null 1: public static X doX(SomeType[] array){ 2: if (array != null || array.length > 0) {(a) } 5: // … (b) 6: }// (ex) ifnonnull array arraylength array ifgt (>0) (a) (b) (ex) (B) Corresponding CFG true true false false ifnonnull array arraylength array ifgt (>0) (a) (b) (ex) (C) Computed AIFG true true false false relevant missing edge a missing edge Java Bytecode Java Bytecode :- array is null :- array not null CFG AIFG
  • 6. Abstract Interpretation Not targeted at a specific goal Not a whole program analysis, but instead everything may be an entry point Inter-procedural, path-, flow-, object- and context-sensitive
 with configurable call chain length (typically low)
  • 7. Abstract Interpretation Integers support all arithmetic operations (of the JVM) maximum size for intervals before we consider them as AnyInt float, long, double at type level reference values objects distinguished by their allocation site alias- and path-sensitive
  • 8. Post-Processing Compiler Generated Dead Code The Intricacies of Java Established Idioms Assertions Reflection and Reflection-like Mechanisms
  • 9. Post-Processing Compiler Generated Dead Code void  conditionInFinally(java.io.File  f)  {   boolean  completed  =  false;   try  {   f.canExecute();   completed  =  true;   }  finally  {     if  (completed)  doSomething();  }   } Finally blocks are included twice by Java compilers
  • 10. Post-Processing The Intricacies of Java Throwable  doFail()  {  throw  new  Exception();  }   Object  compute(Object  o)  {   if  (o  ==  null)  {  return  doFail();  }   else  return  o;   }
  • 11. Post-Processing Established Idioms switch  (i)  {   case  1:  break;   //  complete  enumerable  of  all  cases   default:  throw  new  UnknownError();   }
  • 13. Study: JDK 8 Update 25 Category Percentage Null Confusion 54 % Range Double Checks 11 % Dead Extensibility 9 % Unsupported Operation Usage 7 % Unexpected Return Value 5 % Forgotten Constant 4 % Confused Language Semantics 3 % Type Confusion 3 % Confused Conjunctions 2 % Obviously Useless Code 1 % False Positives 1 % • Found 556 issues • For 19 we found no source code • 279 of 537 were considered irrelevant • The remaining 258 issues were manually inspected
  • 14. Null Confusion Infeasible path because of too much checks for null Infeasible path because of too less checks for null if  (o  ==  null)  return  doSomething();   if  (o  ==  null)  return  doSomeOtherThing(); int  num  =  array.length;   if  (array  ==  null)     throw  InvalidArgumentException();
  • 15. Range Double Checks if  (extendableSpaces  <=  0)  return;   int  adjustment  =  (target  -­‐  currentSpan);   int  spaceAddon  =  (extendableSpaces  >  0)  ?   adjustment  /  extendableSpaces  :  0; OpenJDK 8 update 25, javax.swing.text.ParagraphView$Row.layoutMajorAxis, line 1095ff
  • 16. Dead Extensibility //  For  now  we  set  owner  to  null.  In  the   future,  it  may  be  
 //  passed  as  an  argument.  
 Window  owner  =  null;  
 if  (owner  instanceof  Frame)  {  ...  } OpenJDK 8 update 25, javax.print.ServiceUI.printDialog, line 189ff
  • 17. Summary General analysis approach to find various different and complex issues Dead Path detection using Abstract Interpretation We evaluated on the JDK (and on the Qualitas Corpus) We filter out irrelevant issues
  • 18. Thanks and please try it out http://www.opal-­‐project.de/tools/bugpicker/ And also see my other talk on a Capability Model for Java on Friday’s 11:30 session R8.c in the same room