i want you to fight bad code
play

I WANT YOU TO FIGHT BAD CODE! Get the tools & demos from: - PowerPoint PPT Presentation

Feb 04, 2023 •309 likes •582 views

I WANT YOU TO FIGHT BAD CODE! Get the tools & demos from: http://types.cs.washington.edu/ checker-framework/2012-oscon/ Developing and Using Pluggable Type Systems Werner M. Dietl Michael D. Ernst University of Washington Computer

  1. I WANT YOU TO FIGHT BAD CODE! Get the tools & demos from: http://types.cs.washington.edu/ checker-framework/2012-oscon/

  2. Developing and Using Pluggable Type Systems Werner M. Dietl Michael D. Ernst University of Washington Computer Science & Engineering

  3. Software has too many errors

  4. Java's type system is too weak ● Type checking prevents many errors int i = “hello”; ● Type checking doesn't prevent enough errors System.console().readLine(); Collections.emptyList().add(“one”); dbStatement.executeQuery(userInput); W. Dietl - cs.washington.edu 4

  5. Better type systems can help! ● Null-pointer exceptions [Fähndrich & Leino '03] ● Unwanted mutations [Tschantz & Ernst '05] ● Concurrency errors [Boyapati et al. '02, Cunningham et al. '07] ● … many more! Theory Practice Decades! W. Dietl - cs.washington.edu 5

  6. Static type systems 0 errors, Crashes 0 warnings Source Compiler, Executable Code Type Checker W. Dietl - cs.washington.edu 6

  7. Pluggable type checkers Compiler, Source Executable Type Checker Code Pluggable Type Checker Fix Bugs Warnings Add Annotations W. Dietl - cs.washington.edu 7

  8. Pluggable type checkers Compiler, Source Executable Type Checker Code Pluggable Pluggable Pluggable Type Checker Type Checker Type Checker Fix Bugs Warnings Add Annotations W. Dietl - cs.washington.edu 8

  9. Java 8 extends annotation syntax ● Annotations on all occurrences of types @Untainted String query; List< @NonNull String> strings; myGraph = ( @Immutable Graph) tmpGraph; class UnmodifiableList<T> implements @Readonly List< @Readonly T> {} ● Stored in classfile ● Handled by javac, javap, javadoc, … ● You can use it with Java 5/6/7! ● Backward compatible: write in /*@comments*/ 9

  10. The Checker Framework ● A framework for pluggable type checkers ● “Plugs” into the OpenJDK compiler ● Easy to use javac -processor EncryptionChecker … ● Eclipse plug-in, Ant and Maven integration W. Dietl - cs.washington.edu 10

  11. Example: Regular expressions String regex = getUserInput(); Pattern pat = Pattern.compile(regex); Matcher mat = pat.matcher(content); if (mat.matches()) { println("Group: " + mat.group(4)); } else { println("No match!"); } 11

  12. Regular expression type system ● What runtime exceptions do you wish to prevent? PatternSyntaxException and IndexOutOfBoundsException. ● What properties of data should always hold? Indicate strings containing valid regexs and group counts. ● What operations are legal and illegal? Matcher.group only on regex with minimum group count. W. Dietl - cs.washington.edu 12

  13. Example: Encrypted communication void send( @Encrypted String msg) {…} @Encrypted String msg1 = ...; send(msg1); // OK String msg2 = ...; send(msg2); // Warning! W. Dietl - cs.washington.edu 13

  14. Encryption type system ● What runtime exceptions do you wish to prevent? Invalid information flow. ● What properties of data should always hold? Separate encrypted and plain strings. ● What operations are legal and illegal? Forbid sending unencrypted data. W. Dietl - cs.washington.edu 14

  15. Our experience ● Checkers reveal important latent bugs ● Ran on >3 million LOC of real-world code ● Found hundreds of user-visible bugs ● Annotation overhead is low ● Mean 2.6 annotations per kLOC W. Dietl - cs.washington.edu 15

  16. Null-pointer crash in Google Collections class ForMapWithDefault { @Nullable Object defaultValue; public int hashCode() { return map.hashCode() + defaultValue.hashCode(); } java.lang.NullPointerException } ● Found 9 such crashes, despite: ● 45000 tests (2/3 of the LOC) ● Uses FindBugs @Nullable annotations, no FindBugs warnings W. Dietl - cs.washington.edu 16

  17. Building checkers is easy Example: Ensure encrypted communication void send( @Encrypted String msg) {…} @Encrypted String msg1 = ...; send(msg1); // OK String msg2 = ....; send(msg2); // Warning! Unqualified The complete checker: Encrypted @TypeQualifier @Target(ElementType.TYPE_USE) @SubtypeOf(Unqualified.class) public @interface Encrypted {} 17

  18. Building complex checkers is possible Nullness Checker is actually 3 checkers: ● Nullness itself ● Correct object initialization ● Correct usage of keys in map accesses Refined defaulting: ● Refined flow-sensitive inference ● Heuristics for Map.get behavior W. Dietl - cs.washington.edu 18

  19. SQL injection demo Goal: no SQL injection attacks possible ● Uses @Tainted and @Untainted annotations Open-source blogging software 1. Download personalblog.zip demo 2. Go into directory personalblog-demo 3. Requires 8 annotations; we wrote 6 4. Follow me along! W. Dietl - cs.washington.edu 19

  20. Brainstorming new type checkers ● What runtime exceptions do you wish to prevent? ● What properties of data should always hold? ● What operations are legal and illegal? ● Type-system checkable properties: ● Dependency on values ● Not on program structure, timing, ... W. Dietl - cs.washington.edu 20

  21. Possible type systems ● String normalization (address, dates, ...) ● File existence, legal operations ● Units of measurement and precisions ● Positive/negative numbers ● Network transfer completed ● Type state systems ● String interning ● Bitfields, legal drinking age, fake enumerations W. Dietl - cs.washington.edu 21

  22. A sampling of type checkers Property you care about: Annotation to use: ● Tainting @Tainted ● Java type signatures @BinaryName ● Null dereferences @Nullable ● Concurrency @Lock, @GuardedBy ● Mutability & side effects @Immutable ● Fake enumerations @SwingCompassDirection ● Internationalization @Localized ● Regular expressions @Regex ● Object encapsulation @Rep, @Peer, @Any ● Energy efficiency @Approx, @Precise ● Equality tests @Interned 22

  23. Your turn to improve your code! 1. Choose a project you care about ● Or, try pircbot (download from tutorial page) 2. Improve it ● Apply an existing checker to your code, or ● Create a new domain-specific type checker W. Dietl - cs.washington.edu 23

  24. Checker Framework: Much More! ● Powerful framework to develop sophisticated type checkers ● Inference tools ● Annotation tools to insert annotations ● Specification files for libraries W. Dietl - cs.washington.edu 24

  25. What to do next ● Improve your projects using type checkers ● Develop your own type checkers ● Contribute to the Checker Framework project ● Problems or suggestions? Give us feedback! W. Dietl - cs.washington.edu 25

  26. I WANT YOU TO FIGHT BAD CODE! Get the tools & demos from: http://types.cs.washington.edu/ checker-framework/2012-oscon/

Recommend

ARENA FIGHT BEST FRENCH KICKBOXING &amp; MMA FIGHTS ARENA FIGHT / 2019 / COMPETITION /

ARENA FIGHT BEST FRENCH KICKBOXING &amp; MMA FIGHTS ARENA FIGHT / 2019 / COMPETITION /

ARENA FIGHT BEST FRENCH KICKBOXING &amp; MMA FIGHTS ARENA FIGHT / 2019 / COMPETITION / VISIBILITY / FIGHTERS / MEDIA RIGHTS ARENA FIGHT ARENA FIGHT is the new top fight sport competition series launched in France in 2019. Committed to

108 views • 10 slides
Exercise 4: Fight Club Karl Gmeiner 2015 Exercise 4: Fight Club 1 Exercise 4: Fight Club The

Exercise 4: Fight Club Karl Gmeiner 2015 Exercise 4: Fight Club 1 Exercise 4: Fight Club The

Exercise 4: Fight Club Karl Gmeiner 2015 Exercise 4: Fight Club 1 Exercise 4: Fight Club The first rule of this exercise is, do not talk about this exercise. Implement a round and text-based fighter game. In this game, you can create fighters

196 views • 3 slides
LEARNING TO FIGHT EXODUS 17:8-16 New Experience: Israel must learn to fight EXODUS 17:8-16 At

LEARNING TO FIGHT EXODUS 17:8-16 New Experience: Israel must learn to fight EXODUS 17:8-16 At

LEARNING TO FIGHT EXODUS 17:8-16 New Experience: Israel must learn to fight EXODUS 17:8-16 At Rephidim, Amalek came and fought against Israel. Moses said to Joshua, Select some men for us and go fight against Amalek. Tomorrow I will stand

855 views • 49 slides
LOCAL ACTION PLANS FOR FIGHT AGAINST FIGHT AGAINST CORRUPTIOON AT THE LOCAL LEVEL ZRENJANIN

LOCAL ACTION PLANS FOR FIGHT AGAINST FIGHT AGAINST CORRUPTIOON AT THE LOCAL LEVEL ZRENJANIN

LOCAL ACTION PLANS FOR FIGHT AGAINST FIGHT AGAINST CORRUPTIOON AT THE LOCAL LEVEL ZRENJANIN POEGA KRAGUJEVAC NI GOAL OF PRESENTATION Presenting the process of creation of Local Action Plans for fight against corruption (LAPs) in

337 views • 21 slides
1 Timothy 6:12-16 (NIV) 12 Fight the good fight of the faith. Take hold of the eternal life to

1 Timothy 6:12-16 (NIV) 12 Fight the good fight of the faith. Take hold of the eternal life to

1 Timothy 6:12-16 (NIV) 12 Fight the good fight of the faith. Take hold of the eternal life to which you were called when you made your good confession in the presence of many witnesses. 1 Timothy 6:12-16 (NIV) 13 In the sight of God, who

651 views • 11 slides
Fight the Good Fight 1 Timothy 1-2:6 1 Timothy 1:1 11 Paul, an apostle of Christ Jesus by

Fight the Good Fight 1 Timothy 1-2:6 1 Timothy 1:1 11 Paul, an apostle of Christ Jesus by

Fight the Good Fight 1 Timothy 1-2:6 1 Timothy 1:1 11 Paul, an apostle of Christ Jesus by the command of God our Savior and of Christ Jesus our hope, To Timothy my true son in the faith: Grace, mercy and peace from God the Father and

639 views • 16 slides
How America Can Win the Fight Against Obesity the Fight Against Obesity Dr. Derek J. Robinson

How America Can Win the Fight Against Obesity the Fight Against Obesity Dr. Derek J. Robinson

How America Can Win the Fight Against Obesity the Fight Against Obesity Dr. Derek J. Robinson VP of Enterprise Quality, VP of Enterprise Quality, Health Care Service Corporation Prevalence* of Self-Reported Obesity Among U.S. Adults Adults

351 views • 7 slides
80% of Code Red 2 Code Red 2 re-re- Code Red 1 and Code Red 2 Code Red 2 re- cleaned up

80% of Code Red 2 Code Red 2 re-re- Code Red 1 and Code Red 2 Code Red 2 re- cleaned up

Slammer s Bandwidth-Limited Growth 80% of Code Red 2 Code Red 2 re-re- Code Red 1 and Code Red 2 Code Red 2 re- cleaned up due to released Jan 2004 Nimda endemic dies off released with Oct. onset of Blaster (and 2005; not since

450 views • 34 slides
Table 7: Battle of the Sexes Woman Prize Fight Ballet Prize Fight 2,1 0 , 0 Man

Table 7: Battle of the Sexes Woman Prize Fight Ballet Prize Fight 2,1 0 , 0 Man

Table 7: Battle of the Sexes Woman Prize Fight Ballet Prize Fight 2,1 0 , 0 Man Ballet 0 , 0 1,2 Payoffs to: (Man, Woman). 1 Lets do Battle of the Sexes with communi- cation. Woman can say Ballet or Fight first.

339 views • 14 slides
Disputes between Nation- States Class 4 What is interstate conflict? What can states fight

Disputes between Nation- States Class 4 What is interstate conflict? What can states fight

Disputes between Nation- States Class 4 What is interstate conflict? What can states fight over? What can states fight over? Territory Access to natural resources. Ideology Security Hegemony Domestic Pressure for War

709 views • 43 slides
OVERVIEW Lecture : Sucessful judoka Kumi kata (grip fight) Nage waza (standing fight)

OVERVIEW Lecture : Sucessful judoka Kumi kata (grip fight) Nage waza (standing fight)

23/09/13 TECNICA e TATICA no Judo de Alto Rendimento Maringa 25/08/13 Emanuela Pierantozzi Exercise and Sport Sciences Course, University of Genoa 1 OVERVIEW Lecture : Sucessful judoka Kumi kata (grip fight) Nage waza (standing

728 views • 28 slides
5th Report on Local Policies to fight Climate Change PRESENTATION Climate change is a global

5th Report on Local Policies to fight Climate Change PRESENTATION Climate change is a global

5th Report on Local Policies to fight Climate Change PRESENTATION Climate change is a global problem, but it requires to act locally in order to address it. Therefore, the role of cities and towns is essential in the fight against climate

60 views • 4 slides
FULL CONTACT IN FULL HD FIGHT box HD Experience thrilling Feel the excitement of watching live

FULL CONTACT IN FULL HD FIGHT box HD Experience thrilling Feel the excitement of watching live

FULL CONTACT IN FULL HD FIGHT box HD Experience thrilling Feel the excitement of watching live fights in HD quality broadcasts from the best fjghting events in HD quality. for all fight fans FightBox HD will place you inside the ring during

789 views • 19 slides
NEW STYLES PREVIEW 2014 FIGHT SPORTS EVOLVED. AN EXCLUSIVE, CUTTING EDGE TRAINING LINE

NEW STYLES PREVIEW 2014 FIGHT SPORTS EVOLVED. AN EXCLUSIVE, CUTTING EDGE TRAINING LINE

NEW STYLES PREVIEW 2014 FIGHT SPORTS EVOLVED. AN EXCLUSIVE, CUTTING EDGE TRAINING LINE THAT REDEFINES THE PERFORMANCE, PROTECTION, &amp; AESTHETICS OF FIGHT SPORTS EQUIPMENT. EVERLAST PRIME 1 COMBINES UNPRECEDENTED CUSHIONING

447 views • 16 slides
CHILDHOOD OBESITY The Causes &amp; What We Can Do to Fight It M ichelle Cardel , Ph.D., R.D. A

CHILDHOOD OBESITY The Causes &amp; What We Can Do to Fight It M ichelle Cardel , Ph.D., R.D. A

CHILDHOOD OBESITY The Causes &amp; What We Can Do to Fight It M ichelle Cardel , Ph.D., R.D. A ssistant Professor, Department of Heal th Outcomes &amp; Policy Uni versity of Florida College of M edicine Implementation Science Biomedical

770 views • 57 slides
system to Torbjrn Furuseth MD, CFO Company presentation fight cancer August Pareto

system to Torbjrn Furuseth MD, CFO Company presentation fight cancer August Pareto

Activating the patients Activating the immune system to fight cancer immune system to Torbjrn Furuseth MD, CFO Company presentation fight cancer August Pareto Securities Conference 2018 September 5, 2019 IMPORTANT NOTICE AND

639 views • 26 slides
The fight against SPAM An Internet Number Resources

The fight against SPAM An Internet Number Resources

The fight against SPAM An Internet Number Resources Management Perspec5ve By Amreesh D. Phokeer 04/12/2015 Overview 1. Background 2. Sta2s2cs 3.

474 views • 32 slides
Ex. 8.4 7-4-2-1 code Codeconverter 7-4-2-1-code to BCD-code. When encoding the digits 0 ... 9

Ex. 8.4 7-4-2-1 code Codeconverter 7-4-2-1-code to BCD-code. When encoding the digits 0 ... 9

Ex. 8.4 7-4-2-1 code Codeconverter 7-4-2-1-code to BCD-code. When encoding the digits 0 ... 9 sometimes in the past a code having weights 7-4-2-1 instead of the binary code weights 8-4-2-1 was used. In the cases where a digit's code word

830 views • 66 slides
The Role of Food Pantries in the fight against Obesity

The Role of Food Pantries in the fight against Obesity

The Role of Food Pantries in the fight against Obesity Ka#e S. Mar#n, Ph.D. Assistant Professor Department of Nutri2on &amp; Public Health University

638 views • 44 slides
Camp Prosperity: Enlist! Joining the Fight for Working Families July 18, 2018 Welcome Carmen

Camp Prosperity: Enlist! Joining the Fight for Working Families July 18, 2018 Welcome Carmen

Camp Prosperity: Enlist! Joining the Fight for Working Families July 18, 2018 Welcome Carmen Shorter Senior Manager for Learning Prosperity Now Camp Prosperity Webinar Series Wednesdays from 2-3:30 pm July 18 ENLIST! Join the Fight to

616 views • 43 slides
SOCIAL EXCLUSION &amp; INEQUALITY? Thursday 15 June 2017 What strategy to fight poverty, social

SOCIAL EXCLUSION &amp; INEQUALITY? Thursday 15 June 2017 What strategy to fight poverty, social

WHAT STRATEGY TO FIGHT POVERTY, SOCIAL EXCLUSION &amp; INEQUALITY? Thursday 15 June 2017 What strategy to fight poverty, social exclusion &amp; inequality? Brussels, 15 June 2017 Panel 1: What strategy to fight poverty? EAPN proposals

294 views • 15 slides
We will win this fight, because kindness is infectious. #TheFilipinoCan CNPF CORPORATE

We will win this fight, because kindness is infectious. #TheFilipinoCan CNPF CORPORATE

Source of Photo: Philippine Inquirer We will win this fight, because kindness is infectious. #TheFilipinoCan CNPF CORPORATE PRESENTATION MAY 2020 Company Overview FULL-YEAR FINANCIALS SNAPSHOT Century Pacific Food, Inc. is one of the

576 views • 53 slides
How to fight the coronavirus SARS-CoV-2 and its disease, COVID-19 Michael Lin, PhD-MD Lin Lab

How to fight the coronavirus SARS-CoV-2 and its disease, COVID-19 Michael Lin, PhD-MD Lin Lab

How to fight the coronavirus SARS-CoV-2 and its disease, COVID-19 Michael Lin, PhD-MD Lin Lab Briefing 2020-03-13 Warning: Contains facts Bonus: Hand sanitizer recipe 3/16/20 This is not a pretty powerpoint This is an informational

362 views • 34 slides
We will win this fight, because kindness is infectious. #TheFilipinoCan CNPF CORPORATE

We will win this fight, because kindness is infectious. #TheFilipinoCan CNPF CORPORATE

Source of Photo: Philippine Inquirer We will win this fight, because kindness is infectious. #TheFilipinoCan CNPF CORPORATE PRESENTATION AUGUST 2020 Company Overview FULL-YEAR FINANCIALS SNAPSHOT Century Pacific Food, Inc. is one of the

604 views • 59 slides

More recommend