Mithun Acharya

Mining API patterns as partial orders from source code: from usage scenarios to specifications

A software system interacts with third-party libraries through various APIs. Using these library APIs often needs tofollow certain usage patterns. Furthermore, ordering rules (specifications) exist between APIs, and these rules govern the secure and robust operation of the system using these APIs. But these patterns and rules may not be well documented by the API developers. Previous approaches mine frequent association rules, itemsets, or subsequences that capture API call patterns shared by API client code. However, these frequent API patterns cannot completely capture some useful orderings shared by APIs, especially when multiple APIs are involved across different procedures. In this paper, we present a framework to automatically extract usage scenarios among user-specified APIs as partial orders, directly from the source code (API client code). We adapt a model checker to generate interprocedural control-flow-sensitive static traces related to the APIs of interest. Different API usage scenarios are extracted from the static traces by our scenario extraction algorithm and fed to a miner. The miner summarizes different usage scenarios as compact partial orders. Specifications are extracted from the frequent partial orders using our specification extraction algorithm. Our experience of applying the framework on 72 X11 clients with 200K LOC in total has shown that theextracted API partial orders are useful in assisting effective API reuse and checking.

Practical change impact analysis based on static program slicing for industrial software systems

Change impact analysis, i.e., knowing the potential consequences of a software change, is critical for the risk analysis, developer effort estimation, and regression testing of evolving software. Static program slicing is an attractive option for enabling routine change impact analysis for newly committed changesets during daily software build. For small programs with a few thousand lines of code, static program slicing scales well and can assist precise change impact analysis. However, as we demonstrate in this paper, static program slicing faces unique challenges when applied routinely on large and evolving industrial software systems. Despite recent advances in static program slicing, to our knowledge, there have been no studies of static change impact analysis applied on large and evolving industrial software systems. In this paper, we share our experiences in designing a static change impact analysis framework for such software systems. We have implemented our framework as a tool called Imp and have applied Imp on an industrial codebase with over a million lines of C/ C++ code with promising empirical results.

Secure comparison of encrypted data in wireless sensor networks

End-to-end encryption schemes that support operations over ciphertext are of utmost importance for commercial private party wireless sensor network implementations to become meaningful and profitable. For wireless sensor networks, we demonstrated in our previous work that privacy homomorphisms, when used for this purpose, offer two striking advantages apart from end-to-end concealment of data and ability to operate on ciphertexts: flexibility by keyless aggregation and conservation and balancing of aggregator backbone energy. We offered proof of concept by applying a certain privacy homomorphism for sensor network applications that rely on the addition operation. But a large class of aggregator functions like median computation or finding maximum/minimum rely exclusively on comparison operations. Unfortunately, as shown by Rivest, et al., any privacy homomorphism is insecure even against ciphertext that only attacks if they support comparison operations. In this paper we show that a particular order preserving encryption scheme achieves the above mentioned energy benefits and flexibility when used to support comparison operations over encrypted texts for wireless sensor networks, while also managing to hide the plaintext distribution and being secure against ciphertext only attacks. The scheme is shown to have reasonable memory and computation overhead when applied for wireless sensor networks.

Mining Interface Specifications for Generating Checkable Robustness Properties

A software system interacts with its environment through interfaces. Improper handling of exceptional returns from system interfaces can cause robustness problems. Robustness of software systems are governed by various temporal properties related to interfaces. Static verification has been shown to be effective in checking these temporal properties. But manually specifying these properties is cumbersome and requires the knowledge of interface specifications, which are often either unavailable or undocumented. In this paper, we propose a novel framework to automatically infer system-specific interface specifications from program source code. We use a model checker to generate traces related to the interfaces. From these model checking traces, we infer interface specification details such as return value on success or failure. Based on these inferred specifications, we translate generically specified interface robustness rules to concrete robustness properties verifiable by static checking. Hence the generic rules can be specified at an abstract level that needs no knowledge of the source code, system, or interfaces. We implement our framework for an existing static analyzer that employs push down model checking and apply the analyzer to the well known POSIX-API system interfaces. We found 28 robustness violations in 10 open source packages using our framework

Mining API Error-Handling Specifications from Source Code

API error-handling specifications are often not documented, necessitating automated specification mining. Automated mining of error-handling specifications is challenging for procedural languages such as C, which lack explicit exception-handling mechanisms. Due to the lack of explicit exception handling, error-handling code is often scattered across different procedures and files making it difficult to mine error-handling specifications through manual inspection of source code. In this paper, we present a novel framework for mining API error-handling specifications automatically from API client code, without any user input. In our framework, we adapt a trace generation technique to distinguish and generate static traces representing different API run-time behaviors. We apply data mining techniques on the static traces to mine specifications that define correct handling of API errors. We then use the mined specifications to detect API error-handling violations. Our framework mines 62 error-handling specifications and detects 264 real error-handling defects from the analyzed open source packages.

Improving software reliability and productivity via mining program source code

A software system interacts with third-party libraries through various APIs. Insufficient documentation and constant refactorings of third-party libraries make API library reuse difficult and error prone. Using these library APIs often needs to follow certain usage patterns. These patterns aid developers in addressing commonly faced programming problems such as what checks should precede or follow API calls, how to use a given set of APIs for a given task, or what API method sequence should be used to obtain one object from another. Ordering rules (specifications) also exist between APIs, and these rules govern the secure and robust operation of the system using these APIs. These patterns and rules may not be well documented by the API developers. Furthermore, usage patterns and specifications might change with library refactorings, requiring changes in the software that reuse the library. To address these issues, we develop novel techniques (and their supporting tools) based on mining source code, assisting developers in productively reusing third party libraries to build reliable and secure software.

Mining Health Models for Performance Monitoring of Services

Online services such as search and live applications rely on large infrastructures in data centers, consisting of both stateless servers (e.g., web servers) and stateful servers (e.g., database servers). Acceptable performance of such infrastructures, and hence the availability of online services, rely on a very large number of parameters such as per-process resources and configurable system/application parameters. These parameters are available for collection as performance counters distributed across various machines, but services have had a hard time determining which performance counters to monitor and what thresholds to use for performance alarms in a production environment. In this paper, we present a novel framework called PerfAnalyzer, a storage-efficient and pro-active performance monitoring framework for correlating service health with performance counters. PerfAnalyzer automatically infers and builds health models for any service by running the standard suite of predeployment tests for the service and data mining the resulting performance counter data-set. A filtered set of performance counters and thresholds of alarms are produced by our framework. The health model inferred by our framework can then be used to detect performance degradation and collect detailed data for root-cause analysis in a production environment. We have applied PerfAnalyzer on five simple stress scenarios – CPU, memory, I/O, disk, and network, and two real system – Microsoft’s SQL Server 2005 and IIS 7.0 Web Server, with promising results.

Effective Generation of Interface Robustness Properties for Static Analysis

A software system interacts with its environment through system interfaces. Robustness of software systems are governed by various temporal properties related to these interfaces, whose violation leads to system crashes and security compromises. These properties can be formally specified for system interfaces and statically verified against a software system. But manually specifying a large number of interface properties for static verification is often inaccurate or incomplete, apart from being cumbersome. In this paper, we propose a novel framework that effectively generates interface properties for static checking from a few generic, high level robustness rules that capture interface behavior. We implement our framework for an existing static analyzer with simple dataflow extensions and apply it on POSIX-API system interfaces used in 10 Redhat-9.0 open source packages. The results show that the framework can effectively generate a large number of useful interface properties from a few generically specified rules

Code drones

We propose and explore a new paradigm called Code Drones in which every software artifact such as a class is an intelligent and socially active entity. In this paradigm, humanized artifacts take the lead and choreograph (socially, in collaboration with other intelligent software artifacts and humans) automated software engineering solutions to a myriad of development and maintenance challenges,including API migration, reuse, documentation, testing, patching, and refactoring. We discuss the implications of having social and intelligent/cognitive software artifacts that guide their own self-improvement.

Automatic generation and inference of interface properties from program source code

Our research proposes a novel framework to automatically infer system-specific interface properties from program source code using static model-checking traces.