STATIC PROBLEMS

DETECTION Overview and Tool Demonstration

Kamil Ježek kjezek@kiv.zcu.cz

Přemek Brada brada@kiv.zcu.cz

Západočeská univerzita v Plzni

Katedra informatiky a výpočetní techniky

What We Detect

LinkageError ClassCastException

NoSuchMethodError

IncompatibleClassChangeError

…

and more Recompilable problems

Duplicated and redundant libraries

Brief Example

LineIterator it = ... String line = it.next();

class LineIterator { Object next(); }

Where We Detect Problems

• Binaries (modules, libraries)

Source

code

Is This Real Problem?

75% of programs

riddled with static errors

Probable Cause

51% developers

unfamiliar with problem

Compatibility May Be Tricky

public class Main {

public static void main(String[] args) {

Object n = new LineIterator().next();

}

}

public class LineIterator {

public String next() {

return …;

}

}

JVM and Compiler Differences

public class Main {

public static void main(String[] args) {

LineIterator it = …

Object n = it.next();

}

}

public class LineIterator {

public Object next() {

return …;

}

}

public interface LineIterator {

public Object next();

}

v1 v2

Evidence in Real Life Software

Popular projects • Apache Roller

• Commons-IO

Even Maven is not answer

Example 1: Apache Roller

Apache Roller links to two httpcore versions

Impact on Apache Roller

Method releaseConnection() invoked by

Spring-web missing in httpcore 4.1

• Reported and acknowledged

Example 2: Apache Commons-io

Commons-io is distributed in two packages

Impact of Apache Commons-IO

Maven Central Repository

org.apache.commons used by 542 projects

commons-io used by 293 projects

We Propose Solution

JAR files Reverse

Engineering Verification Report

Architecture

Another integration

Eclipse Plugin

Maven Plugin

Backward Compatibility

Composition Verification

Reverse Engineering

Detected Problems

● Missing dependencies (1)

● Inconsistent dependencies (2)

● Redundant dependencies (3)

● Duplicated dependencies (4)

Source code

(1)

(2)

(4)

(3)

Reverse Engineering

class LineIterator {

Object next(...) { … }

}

class Client {

private iterate(...) {

LineIterator it = IOUtils.lineIterator(…);

while (it.hasNext()) {

String data = it.next();

}

Consumer Changed in 2.x Provider

<<Class>>

LineIterator

<<Method>>

next

<<Return>>

Object

<<Class>>

LineIterator

<<Method>>

next

<<Return>>

String

Verification

>

≥

<

≤

=

≠

?

Consumer Provider

<<Class>>

LineIterator

<<Method>>

next

<<Return>>

Object

<<Class>>

LineIterator

<<Method>>

next

<<Return>>

String

Impact Demonstration

• Problem with duplicated Commons-IO

• Based on semi-real Booking web application

Web Page With Bug

Standard Debug I

Standard Debug II

• Log analysis (when enabled)

2015-04-15 17:17:58.538 WARN [org.eclipse.jetty.util.thread.QueuedThreadPool:run:577] -

java.lang.NoSuchMethodError: org.apache.commons.io.LineIterator.next()Ljava/lang/String;

at cz.zcu.kiv.examples.booking.preferences.RatingLoader.load(RatingLoader.java:29)

at cz.zcu.kiv.examples.booking.server.RunServer$2.handle(RunServer.java:53)

at spark.webserver.MatcherFilter.doFilter(MatcherFilter.java:139)

at spark.webserver.JettyHandler.doHandle(JettyHandler.java:54)

Our Way: Maven plugin • > mvn install

cz.zcu.kiv.examples.booking.preferences.RatingLoader

#4 <>-- org.apache.commons.io.LineIterator

Method: next

Generalised Return type: java.lang.String x java.lang.Object

=============================================================

Duplicated <>-- org.apache.commons.io.LineIterator

#5 /../.m2/repository/../commons-io-1.3.2.jar

-> #4

#6 /../.m2/repository/../commons-io-2.1.jar

---------------------------------------------------------------------------------

Must remove /../.m2/repository/../commons-io-1.3.2.jar

-> #5

---------------------------------------------------------------------------------

Redundant /../.m2/repository/../jetty-security-9.0.2.v20130417.jar

Eclipse Plugin

Easy to Fix Now

<dependency>

<groupId>commons-io</groupId>

<artifactId>commons-io</artifactId>

<version>1.3.2 2.1</version>

<type>jar</type>

<scope>compile</scope>

</dependency>

Result is Working System

We Offer

• Presented tools

• Customization

• Development of new features

Conclusion

• Automatic tools

• Problems detected early in development

• Solve current problems

• Cheaper and more robust software

Discussion

Questions now

or

Kamil Ježek kjezek@kiv.zcu.cz

Přemek Brada brada@kiv.zcu.cz

Západočeská univerzita v Plzni

Katedra informatiky a výpočetní techniky