detecting problems in the database access code of large
play

Detecting Problems in the Database Access Code of Large Scale - PowerPoint PPT Presentation

May 21, 2023 •309 likes •632 views

Detecting Problems in the Database Access Code of Large Scale Systems An industrial Experience Report 1 Existing static analysis tools focus on language-related problems PMD Google error-prone Coverity FindBugs Facebook Infer However,

  1. Detecting Problems in the Database Access Code of Large Scale Systems An industrial Experience Report 1

  2. Existing static analysis tools focus on language-related problems PMD Google error-prone Coverity FindBugs Facebook Infer However, many problems are related to how developers use different frameworks 2

  3. Over 67% of Java developers use Object-Relational Mapping (Hibernate) to access databases 67% 22% Existing static analysis tools provide mostly rudimentary support for JDBC! 3

  4. Over 40% of Java web application developers use Spring Developers use Spring to manage database transactions in web applications None of the static analysis tools support Spring! 4

  5. There is a huge need for framework- specific tools Developers leverage MANY frameworks, but existing tools only support detecting language-related problems. 5

  6. An example class with Java ORM code User class is User.java mapped to “ user” @Entity table in DB @Table(name = “user”) @DynamicUpdate Performance- public class User{ related configs @Column(name=“id”) id is mapped to the private int id; column “id” in the @Column(name=“name”) user table String userName; A user can belong @OneToMany(fetch= FetchType.EAGER ) to multiple teams List<Team> teams; Eagerly retrieve public void setName(String n){ associated teams userName = n; when retrieving a } 6 … other getter and setter methods user object

  7. Accessing the database using ORM select u from user where u.id = 1; User u = findUserByID(1); ORM update user set database name=“Peter” where user.id = 1; u.setName(“Peter”); Objects SQLs 7

  8. Transaction management using Spring Create a DB @Transaction ( Propogation.REQUIRED ) transaction getUser(){ … Entire business logic will updateUserGroup(u) be executed with the … same DB transaction } By using ORM and Spring, developers can focus more on the business logic and functionality 8

  9. Implementing DBChecker • DBChecker looks for both functional and performance bug patterns • DBChecker is integrated in industrial practice Source code 9

  10. Overview of the presentation Lessons learned when Bug patterns adopting the tool in practice 10

  11. Overview of the presentation Lessons learned when Bug patterns adopting the tool in practice More patterns and learned lessons in the paper 11

  12. ORM excessive data bug pattern Class User{ Eagerly retrieve @ EAGER teams from DB List<Team> teams; } User u = findUserById(1); Objects u.getName(); EOF User Table Team Table join Team data is never SQL used! 12

  13. Detecting excessive data using static analysis Class User{ First find all the objects that @ EAGER eagerly retrieve data from DB List<Team> teams; } User user = findUserByID(1); Identify all the data usages of ORM-managed objects user team user.getName(); Check if the eagerly retrieved data is ever used user team 13

  14. Nested transaction bug pattern Create a DB @Transaction ( Propogation. transaction REQUIRED ) getUser(){ @Transaction ( Propogation. updateUserGroup(u) REQUIRES_NEW ) … } Create a child transaction, and suspend parent transaction until child is finished Misconfigurations can cause unexpected transaction timeout, deadlock, or other performance-related problems 14

  15. Detecting nested transaction bug pattern @Transaction ( Propogation. Parse all transaction REQUIRED ) configurations getUser(){ … Identify all methods with the updateUserGroup(u) annotation … } Propogation.REQUIRED Traverse the call graph to identify calls potential misconfigurations Propogation.REQUIRS_NEW 15

  16. Limitation of current static analysis tools @Transaction ( Propo gation.REQUIRED ) @EAGER Annotations are lost Do not consider how when converting source developers configure code to byte code frameworks Many Many problems configurations are are related to set through framework annotations configurations 16

  17. Overview of the presentation Lessons learned when Bug patterns adopting the tool in practice Most discussed bug patterns are related to incorrect usage of frameworks 17

  18. Overview of the presentation Lessons learned when Bug patterns adopting the tool in practice Most discussed bug patterns are related to incorrect usage of frameworks 18

  19. Handling a large number of detection results • Developers have limited time to fix detected problems • Most existing static analysis frameworks do not prioritize the detected instances for the same bug pattern 19

  20. Prioritizing based on DB tables User • Problems related to large or frequently-accessed tables are Time zone ranked higher (more likely to be performance bottlenecks) • Problems related to highly dependable tables are ranked higher 20

  21. Developers have different backgrounds • Not all developers are familiar with these frameworks and databases • Developers may not take the problems seriously if they don’t understand the impact 21

  22. Educating developers about the detected problems • We hosted several workshops to educate developers about the impact and cause of the problems • Walk developers through examples of detected problems • May learn new bug patterns from developers 22

  23. Overview of the presentation Lessons learned when Bug patterns adopting the tool in practice Most discussed bug We prioritize problems patterns are related to based on DB tables, and incorrect usage of educate developers about frameworks the problems 23

  24. 24

  25. 25

  26. 26

  27. 27

  28. 28

  29. 29

  30. 30

  31. 31

Recommend

from Raw Files into Database Systems Presenter: Hefu Chai Motivation Problems with database

from Raw Files into Database Systems Presenter: Hefu Chai Motivation Problems with database

Invisible loading: Access-Driven Data Transfer from Raw Files into Database Systems Presenter: Hefu Chai Motivation Problems with database systems High time -to-first-analysis Large scientific datasets and social networks

490 views • 30 slides
Detecting Large-Scale System Problems by Mining Console Logs Author : Wei Xu, Ling Huang,

Detecting Large-Scale System Problems by Mining Console Logs Author : Wei Xu, Ling Huang,

Detecting Large-Scale System Problems by Mining Console Logs Author : Wei Xu, Ling Huang, Armando Fox, David Patterson, Michael Jordan Conference: ICML 2010 SOSP2009, ICDM 2009 Reporter: Zhe Fu Outline SOSP 09 ICML 10 Offline Analysis

935 views • 48 slides
Managing Large Code Projects 15-110 Wednesday 11/11 Learning Goals Implement helper

Managing Large Code Projects 15-110 Wednesday 11/11 Learning Goals Implement helper

Managing Large Code Projects 15-110 Wednesday 11/11 Learning Goals Implement helper functions in code to break up large problems into solvable subtasks Recognize the four core rules of code maintenance Use the input command and

1.07k views • 62 slides
CS 61: Database Systems Access via programming languages Agenda 1. Direct database access 2.

CS 61: Database Systems Access via programming languages Agenda 1. Direct database access 2.

CS 61: Database Systems Access via programming languages Agenda 1. Direct database access 2. Web APIs 3. Node.js 2 Python can directly query the database Steps to access MySQL from Python 1. Install connector to MySQL: sudo pip install

578 views • 14 slides
by Mining Console Logs Wei Xu* Ling Huang Armando Fox* David Patterson* Michael Jordan*

by Mining Console Logs Wei Xu* Ling Huang Armando Fox* David Patterson* Michael Jordan*

UC Berkeley Detecting Large-Scale System Problems by Mining Console Logs Wei Xu* Ling Huang Armando Fox* David Patterson* Michael Jordan* Intel Labs Berkeley *UC Berkeley 1 Why console logs? Detecting problems in large scale

323 views • 14 slides
Database Management System CEN 351 Course Description A database management system (DBMS) is

Database Management System CEN 351 Course Description A database management system (DBMS) is

Database Management System CEN 351 Course Description A database management system (DBMS) is a computer application program designed for the efficient and effective storage, access and update of large volumes of information. This course

399 views • 7 slides
Example: bank and its A TM mac hines. 4. Supp orts secure, atomic access to

Example: bank and its A TM mac hines. 4. Supp orts secure, atomic access to

What is a Database Managemen t System? 1. Manages v ery large amoun ts of data. 2. Supp orts ecien t access to v ery large amoun ts of data. 3. Supp orts concurren t access to v.l.a.d. Example: bank

393 views • 14 slides
How Do I Ask Questions? For your convenience, there are two ways to ask questions two ways to

How Do I Ask Questions? For your convenience, there are two ways to ask questions two ways to

Thank you for joining us today! If you havent dialed into the audio (telephone) portion, please do so now: 1-866-516-5393 Access Code: 33403311 Access Code: 33403311 If you are experiencing technical problems with the GoToWebinar

446 views • 21 slides
What is a Database Managemen t System? 1. Manages v ery large amoun ts of data. 2.

What is a Database Managemen t System? 1. Manages v ery large amoun ts of data. 2.

What is a Database Managemen t System? 1. Manages v ery large amoun ts of data. 2. Supp orts ecien t access to v ery large amoun ts of data. 3. Supp orts concurren t access to v.l.a.d. 4. Supp orts secure,

720 views • 23 slides
Database design III Courses(code, period, name, teacher) code name code, period teacher

Database design III Courses(code, period, name, teacher) code name code, period teacher

Quiz time! Whats wrong with this schema? Database design III Courses(code, period, name, teacher) code name code, period teacher Functional dependencies cont. {(TDA356, 2, Databases, Niklas Broberg), BCNF and 3NF

92 views • 8 slides
Database Access via Programming Languages 5DV119 Introduction to Database Management Ume a

Database Access via Programming Languages 5DV119 Introduction to Database Management Ume a

Database Access via Programming Languages 5DV119 Introduction to Database Management Ume a University Department of Computing Science Stephen J. Hegner hegner@cs.umu.se http://www.cs.umu.se/~hegner Database Access via Programming

348 views • 20 slides
Database Utilities 10/17/2007 DC/Win Database Utilities Opening Database Utilities From File on

Database Utilities 10/17/2007 DC/Win Database Utilities Opening Database Utilities From File on

Database Utilities 10/17/2007 DC/Win Database Utilities Opening Database Utilities From File on the Menu Bar DC/Win Database Utilities Options Vary Depending on Database Two Types of Databases Sequel (SQL) Database Access Database

460 views • 6 slides
What is a database system ? Database: a large, integrated collection of data. Models a real

What is a database system ? Database: a large, integrated collection of data. Models a real

2 What is a database system ? Database: a large, integrated collection of data. Models a real world enterprise Entities (teams, games) Relationships (Orphan Pamuk received the Nobel Prize) Course introduction Constraints (

246 views • 7 slides
Goals Database Administration All large and small databases need database Database

Goals Database Administration All large and small databases need database Database

PHP Miscellaneous $db-&gt;insert_id IT420: Database Management and Retrieves the ID generated for an Organization AUTO_INCREMENT column by the previous INSERT query Return value: Managing Multi-user The ID generated for an

140 views • 11 slides
TraffickStop: Detecting and Measuring Illicit Traffic Monetization Through Large-scale DNS

TraffickStop: Detecting and Measuring Illicit Traffic Monetization Through Large-scale DNS

TraffickStop: Detecting and Measuring Illicit Traffic Monetization Through Large-scale DNS Analysis Baojun Liu, Zhou Li, Peiyuan Zong, Chaoyi Lu , Haixin Duan, Ying Liu, Sumayah Alrwais, Xiaofeng Wang, Shuang Hao, Yaoqi Jia, Yiming Zhang, Kai

819 views • 30 slides
Sponsored by Call-In #: 1-650-479-3207 | Access Code: 668 656 008 Enter your question in the

Sponsored by Call-In #: 1-650-479-3207 | Access Code: 668 656 008 Enter your question in the

Sponsored by Call-In #: 1-650-479-3207 | Access Code: 668 656 008 Enter your question in the Q&amp;A box found by hovering over the menu at the top of your screen. You can submit a question any time during the webinar. Any problems - use the

1.12k views • 59 slides
Detecting and Countering Insider Threats: the Insider Threat Can Policy-Based Access Control

Detecting and Countering Insider Threats: the Insider Threat Can Policy-Based Access Control

Introduction Insiders and Detecting and Countering Insider Threats: the Insider Threat Can Policy-Based Access Control Help? Trust and Trustworthi- ness Access Control and Trustwor- Jason Crampton 1 Michael Huth 2 thiness 1 Information

470 views • 25 slides
12/6/2013 Detecting Fakes Image Forensics: Detecting Forged Photos 1.Detecting photorealistic

12/6/2013 Detecting Fakes Image Forensics: Detecting Forged Photos 1.Detecting photorealistic

12/6/2013 Detecting Fakes Image Forensics: Detecting Forged Photos 1.Detecting photorealistic graphics 2.Detecting manipulated images Photo manipulation is the application of image editing techniques to photographs in order to create an

306 views • 13 slides
DETECTING ILLICIT DISCHARGES AND ILLEGAL CONNECTIONS (IC/ID) Workshop on Identifying Problems

DETECTING ILLICIT DISCHARGES AND ILLEGAL CONNECTIONS (IC/ID) Workshop on Identifying Problems

DETECTING ILLICIT DISCHARGES AND ILLEGAL CONNECTIONS (IC/ID) Workshop on Identifying Problems Overview Our MS4 Permits with the Regional Water Boards require us to inspect our facilities for spills, dumpings, illegal pipes, connections

483 views • 27 slides
Databases CS111 Part 1 Part 2 Know what a database is. Learning how to use Microsoft Access , a

Databases CS111 Part 1 Part 2 Know what a database is. Learning how to use Microsoft Access , a

Databases CS111 Part 1 Part 2 Know what a database is. Learning how to use Microsoft Access , a database management system Understand why they are useful and when you might want to use one. - Create a database Have a basic understanding of

800 views • 37 slides
UNVEIL: A Large-Scale, Automated Approach to Detecting Ransomware Paul Weliczko

UNVEIL: A Large-Scale, Automated Approach to Detecting Ransomware Paul Weliczko

UNVEIL: A Large-Scale, Automated Approach to Detecting Ransomware Paul Weliczko https://arstechnica.com/information-technology/2012/11/mushrooming-growth-of-ransomware- extorts-5-million-a-year/

298 views • 13 slides
Recursion a programming strategy for solving large problems Think divide and

Recursion a programming strategy for solving large problems Think divide and

Recursion a programming strategy for solving large problems Think divide and conquer Solve large problem by splitting into smaller problems of same kind Induction A mathematical strategy for proving statements

557 views • 31 slides
An Overview of Techniques for Detecting Software Variability Concepts in Source Code Angela

An Overview of Techniques for Detecting Software Variability Concepts in Source Code Angela

1/30 An Overview of Techniques for Detecting Software Variability Concepts in Source Code Angela Lozano Universit catholique de Louvain, Belgium Monday 5 December 2011 2/30 Variability Customized and Affordable Maximize reuse of

544 views • 32 slides
Setting DBMS must allow concurrent access to databases. Database Usage Imagine a bank

Setting DBMS must allow concurrent access to databases. Database Usage Imagine a bank

Setting DBMS must allow concurrent access to databases. Database Usage Imagine a bank where account information is (and Construction) stored in a database not allowing concurrent access. Then only one person could do a Transactions

475 views • 10 slides

More recommend