Premek Brada

Broken promises: An empirical study into evolution problems in Java programs caused by library upgrades

It has become common practice to build programs by using libraries. While the benefits of reuse are well known, an often overlooked risk are system runtime failures due to API changes in libraries that evolve independently. Traditionally, the consistency between a program and the libraries it uses is checked at build time when the entire system is compiled and tested. However, the trend towards partially upgrading systems by redeploying only evolved library versions results in situations where these crucial verification steps are skipped. For Java programs, partial upgrades create additional interesting problems as the compiler and the virtual machine use different rule sets to enforce contracts between the providers and the consumers of APIs. We have studied the extent of the problem on the qualitas corpus, a data set consisting of Java open-source programs widely used in empirical studies. In this paper, we describe the study and report its key findings. We found that the above mentioned issues do occur in practice, albeit not on a wide scale.

Automated Versioning in OSGi: A Mechanism for Component Software Consistency Guarantee

Consistency of component software is a crucial condition required for correct program execution. The existing consistency controls of OSGi at build time or in runtime cannot prevent type mismatch failures caused by independent client and server bundle development. This paper describes our solution to this problem using automated versioning of components. Version identifiers are generated from results of subtype-based comparison of component representations, thus achieving a consistent and formally backed interpretation of the version numbering scheme. The implementation of the approach allows its integration into standard OSGi bundle development and build cycle.

Enhanced Type-based Component Compatibility Using Deployment Context Information

Consistency and compatibility in component-based applications have been the subject of many methods and approaches, from formally sound ones with difficult practical implementation to pragmatic rules for comparing version meta-data which offer only weak guarantees. This is especially true of many industrial component frameworks in routine use. In this paper we contribute a formal description of a method which ensures application run-time type consistency, by performing type-based substitutability checks as part of the component binding and update processes. The method takes into account the environment of the currently deployed component version and uses its so-called contextual complement in the checks. This novel approach overcomes the limitations of the standard notion of compatibility by allowing non-contravariant differences on the required side of the component?s surface. The method was successfully implemented for the OSGi component framework, and in later parts of the paper we share the experiences gained through the implementation.

How Java APIs break - An empirical study

ContextIt has become common practice to build programs by using libraries. While the benefits of reuse are well known, an often overlooked risk are system runtime failures due to API changes in libraries that evolve independently. Traditionally, the consistency between a program and the libraries it uses is checked at build time when the entire system is compiled and tested. However, the trend towards partially upgrading systems by redeploying only evolved library versions results in situations where these crucial verification steps are skipped. For Java programs, partial upgrades create additional interesting problems as the compiler and the virtual machine use different rule sets to enforce contracts between the providers and the consumers of APIs. ObjectiveWe have studied the extent of the problem in real world programs. We were interested in two aspects: the compatibility of API changes as libraries evolve, and the impact this has on programs using these libraries. MethodThis study is based on the qualitas corpus version 20120401. A data set consisting of 109 Java open-source programs and 564 program versions was used from this corpus. We have investigated two types of library dependencies: explicit dependencies to embedded libraries, and dependencies defined by symbolic references in Maven build files that are resolved at build time. We have used JaCC for API analysis, this tool is based on the popular ASM byte code analysis library. ResultsWe found that for most of the programs we investigated, APIs are unstable as incompatible changes are common. Surprisingly, there are more compatibility problems in projects that use automated dependency resolution. However, we found only a few cases where this has an actual impact on other programs using such an API. ConclusionIt is concluded that API instability is common and causes problems for programs using these APIs. Therefore, better tools and methods are needed to safeguard library evolution.

Supplying Compiler's Static Compatibility Checks by the Analysis of Third-Party Libraries

Statically typed languages and their compile time checks prevent a lot of runtime errors thanks to type mismatches detection, namely calls of incompatible methods. Since current applications typically include tens of already compiled third-party libraries, the compile checks are powerless to detect their mutual dependencies. However, the calls among third-party library methods are not less error prone due to bugs or wrong library usage. These all lead to runtime failures. In this paper, we describe a partial solution to this problem based on the static analysis of third-party libraries and verification of their dependencies. This verification is invoked as the application is compiled and assembled, essentially supplying the compiler detecting errors before the application runs. This approach promises improved error detection of complex applications on the static type checking level.

Lowering Visual Clutter in Large Component Diagrams

Nowadays component applications can easily consist of hundreds or thousands of components and it is thus difficult to understand their structure. Diagram visualisation does not help much because of visual clutter caused by big amount of elements and connections, especially in the case of flat component models. This paper describes a novel approach of removing a large part of connections from the diagram while preserving the information about component interconnections. It uses a separated components area to show the components with big amount of connections. For each component in this area, clustered interfaces are shown instead of all interfaces, with the ability to show details on demand. The main idea of this technique can be used in a similar way to reduce the clutter in node-link graphs. To show the effect of this technique we discuss example lines reductions for several component applications.

Design of a Component-Based Simulation Framework for Component Testing Using SpringDM

In this paper, we present the design of a simulation framework aimed to support testing of real components in a simulation environment. This enables thorough tests of software components without the need to create their models.

What Java developers know about compatibility, and why this matters

Real-world programs are neither monolithic nor static—they are constructed using platform and third party libraries, and both programs and libraries continuously evolve in response to change pressure. In case of the Java language, rules defined in the Java Language and Java Virtual Machine Specifications define when library evolution is safe. These rules distinguish between three types of compatibility—binary, source and behavioural. We claim that some of these rules are counter intuitive and not well-understood by many developers. We present the results of a survey where we quizzed developers about their understanding of the various types of compatibility. 414 developers responded to our survey. We find that while most programmers are familiar with the rules of source compatibility, they generally lack knowledge about the rules of binary and behavioural compatibility. This can be problematic when organisations switch from integration builds to technologies that require dynamic linking, such as OSGi. We have assessed the gravity of the problem by studying how often linkage-related problems are referenced in issue tracking systems, and find that they are common.

Software Components Compatibility Verification Based on Static Byte-Code Analysis

Current enterprise systems are widely implemented using statically typed languages such as Java. One of the reasons are strong type checks at compile time that help prevent runtime errors. The static type checks are also well integrated into current development tools. One of the less explored area are, however, static type checks of binary software components. Since current software usually contains a large amount of third-party components, the compilers can no longer cover the static type checks of the final product, especially the inter-dependencies of the components are out of their reach. In this work, we propose an approach that analyses the byte-code of Java classes to reconstruct the mutual dependencies of respective components first. Then, the dependencies are examined to find any type inconsistencies. As a result, this approach detects dependency problems early in the development phase and prevents undesirable run time product failures caused by them.

SimCo – Hybrid Simulator for Testing of Component Based Applications

Testing of component-based applications is important in order to ensure that third-party components do not compromise the functionality or properties of the whole system. However, thorough testing of functionality, behaviour and extra-functional properties is a tedious and time consuming process. In this paper we present an approach to discrete event simulation testing of components and component sets. Its unique feature is the ability to execute a mixture of real, implemented components and simulated mock-ups of the remaining parts of the application. Together, this approach allows faster testing on a wide scale of different inputs for tested components. At the same time, the use of actual components increases the confidence in the simulation test results. The approach has been implemented using the OSGi platform in the form of the SimCo framework and toolset, for which the key architectural considerations are discussed together with a short case study illustrating its usage.