verifying object construction
play

Verifying Object Construction How to use the builder pattern with - PowerPoint PPT Presentation

Sep 17, 2023 •280 likes •849 views

Verifying Object Construction How to use the builder pattern with the type safety of constructors Martin Kellogg a , Manli Ran b , Manu Sridharan b , Martin Schf c , Michael D. Ernst a,c a University of Washington b University of California,

  1. Verifying Object Construction How to use the builder pattern with the type safety of constructors Martin Kellogg a , Manli Ran b , Manu Sridharan b , Martin Schäf c , Michael D. Ernst a,c a University of Washington b University of California, Riverside c Amazon Web Services 1

  2. Object construction APIs public class UserIdentity { private final String name; // required private final int id; // required private final String nickname; // optional } 2

  3. Object construction APIs public class UserIdentity { private final String name; // required private final int id; // required private final String nickname; // optional } public UserIdentity ( String name, int id); public UserIdentity ( String name, int id, String nickname); 3

  4. Object construction APIs public UserIdentity ( String name, int id); public UserIdentity ( String name, int id, String nickname); new UserIdentity ( “myName” ); 4

  5. Object construction APIs public UserIdentity ( String name, int id); public UserIdentity ( String name, int id, String nickname); new UserIdentity ( “myName” ); error: constructor UserIdentity in class UserIdentity cannot be applied to given types; new UserIdentity("myName"); ^ required: String,int found: String reason: actual and formal argument lists differ in length 5

  6. Pros and cons of constructors + compile-time verification that arguments are sensible 6

  7. Pros and cons of constructors + compile-time verification that arguments are sensible - user must define each by hand - exponentially many in number of optional parameters - arguments are positional (hard to read code) 7

  8. The builder pattern public class UserIdentity { public static UserIdentityBuilder builder (); public class UserIdentityBuilder { public UserIdentityBuilder name (); public UserIdentityBuilder id (); public UserIdentityBuilder nickname (); public UserIdentity build (); } ... } 8

  9. The builder pattern UserIdentity identity = UserIdentity . builder () . name (username) . id (userId) . build (); 9

  10. Pros and cons of the builder pattern + Flexible and easy to read + Frameworks implement automatically 10

  11. The builder pattern UserIdentity identity = UserIdentity . builder () . name (username) . id (userId) . build (); . build (); 11

  12. The builder pattern UserIdentity identity = UserIdentity . builder () . name (username) . build (); Possible outcomes: Run-time error (bad!) ● Malformed object is used (worst!) ● 12

  13. The builder pattern UserIdentity identity = UserIdentity . builder () . name (username) . build (); Possible outcomes: Run-time error (bad!) ● Malformed object is used (worst!) ● 13

  14. Pros and cons of the builder pattern + Flexible and easy to read + Frameworks implement automatically - No guarantee that required arguments provided 14

  15. Pros and cons of the builder pattern + Flexible and easy to read + Frameworks implement automatically - No guarantee that required arguments provided 15

  16. Pros and cons of the builder pattern + Flexible and easy to read + Frameworks implement automatically - No guarantee that required arguments provided “We get this feature request every other week” - Reinier Zwitserloot, Lombok project lead 16

  17. Pros and cons of the builder pattern + Flexible and easy to read + Frameworks implement automatically Our approach: ● Provides type safety for uses of the builder pattern ● Keeps advantages of builder pattern vs. constructors - No guarantee that required arguments provided “We get this feature request every other week” - Reinier Zwitserloot, Lombok project lead 17

  18. Builder correctness as a typestate analysis UserIdentity identity = UserIdentity . builder () . name (username) . id (userId) . build (); 18

  19. Builder correctness as a typestate analysis … UserIdentity identity = UserIdentity . builder () . name (username) name() build() id() … . id (userId) . build (); … name() id() … 19

  20. Builder correctness as a typestate analysis … UserIdentity identity = UserIdentity . builder () . name (username) name() build() id() … . id (userId) . build (); … name() id() build() … X 20

  21. Builder correctness as a typestate analysis … UserIdentity identity = UserIdentity . builder () . name (username) name() build() id() … . id (userId) . build (); … Problem: name() id() Arbitrary typestate analysis is build() … expensive: a whole-program X alias analysis is required for soundness 21

  22. Builder correctness as a typestate analysis … UserIdentity identity = UserIdentity . builder () . name (username) name() build() id() … . id (userId) . build (); … name() id() Key insight: build() Transitions flow … X in one direction! 22

  23. Builder correctness as a typestate analysis … UserIdentity identity = UserIdentity . builder () . name (username) name() build() id() … . id (userId) . build (); … name() id() Key insight: build() Transitions flow … X in one direction! 23

  24. Builder correctness as a typestate analysis … UserIdentity identity = UserIdentity . builder () . name (username) name() build() id() … . id (userId) . build (); … name() id() Key insight: build() Transitions flow … X in one direction! 24

  25. accumulation Builder correctness as a typestate analysis … UserIdentity identity = UserIdentity . builder () . name (username) name() build() id() … . id (userId) . build (); “accumulation analysis” … name() id() Key insight: build() Transitions flow … X in one direction! 25

  26. Advantages of accumulation analysis ● always safe to under-approximate 26

  27. Advantages of accumulation analysis ● always safe to under-approximate does not require alias analysis for soundness 27

  28. Advantages of accumulation analysis ● always safe to under-approximate does not require alias analysis for soundness ● can be implemented modularly (e.g., as a type system) 28

  29. Advantages of a type system ● provides guarantees ● no alias analysis + modular ⇒ scalable ● type inference reduces need for annotations 29

  30. build() ’s specification build ( @CalledMethods ({ “name”, “id” }) UserIdentityBuilder this ); 30

  31. Results (1 of 3): security vulnerabilities Lines of code 9.1M Vulnerabilities found 16 False warnings 3 Annotations 34 31

  32. Contributions ● Static safety of constructors with flexibility of builders ● Accumulation analysis : special case of typestate ○ Does not require whole-program alias analysis https://github.com/kelloggm/object-construction-checker 32

  33. 33

  34. Accumulation doesn’t need alias analysis UserIdentityBuilder b = UserIdentity.builder (); b. name (username); UserIdentityBuilder b2 = b; b2. id (userId) UserIdentity identity = b. build (); 34

  35. Accumulation doesn’t need alias analysis UserIdentityBuilder b = UserIdentity.builder (); b. name (username); UserIdentityBuilder b2 = b; b2. id (userId) UserIdentity identity = b. build (); False positive here is worst-case scenario 35

  36. Why typestate needs alias analysis read() File f = …; f. open (); open() File f2 = f; close() open() f. close (); f2. read (); read(), X close() 36

  37. Why typestate needs alias analysis read() File f = …; f. open (); open() File f2 = f; close() open() f. close (); f2. read (); read(), X close() No alias analysis leads to false negative 37

  38. Example: Netflix/SimianArmy public List < Image > describeImages ( String ... imageIds) { DescribeImagesRequest request = new DescribeImagesRequest(); if (imageIds != null ) { request. setImageIds ( Arrays . asList (imageIds)); } DescribeImagesResult result = ec2client. describeImages (request); return result. getImages (); } 38

  39. The builder pattern @Builder public class UserIdentity { private final String name; // required private final int id; // required private final String nickname; // optional } 39

  40. The builder pattern @Builder public class UserIdentity { private final @NonNull String name; private final @NonNull int id; private final String nickname; // optional } 40

  41. The builder pattern @Builder public class UserIdentity { private final @NonNull String name; private final @NonNull int id; private final String nickname; // optional } UserIdentity identity = UserIdentity . builder () . name (username) . id (userId) . build (); 41

  42. Type hierarchy @CalledMethods({}) Object @CalledMethods({“name”}) Object @CalledMethods({“name”, “id”}) Object 42

  43. What’s the type of b ? UserIdentityBuilder b = UserIdentity.builder (); b. name (username); b. id (userId) UserIdentity identity = b. build (); 43

  44. What’s the type of b ? @CalledMethods({}) UserIdentityBuilder b = UserIdentity.builder (); b. name (username); b. id (userId) UserIdentity identity = b. build (); 44

  45. What’s the type of b ? @CalledMethods({}) UserIdentityBuilder b = UserIdentity.builder (); @CalledMethods({“name”}) b. name (username); b. id (userId) UserIdentity identity = b. build (); 45

  46. What’s the type of b ? @CalledMethods({}) UserIdentityBuilder b = UserIdentity.builder (); @CalledMethods({“name”}) b. name (username); b. id (userId) @CalledMethods({“name”, “id”}) UserIdentity identity = b. build (); 46

Recommend

The UK Construction Industrys Shows they have a basic level of health and safety awareness.

The UK Construction Industrys Shows they have a basic level of health and safety awareness.

11/23/2018 What is CSCS? A Skills Certification Scheme introduced in 1995, construction operatives, supervisors and managers. Provides the construction industry with a means of verifying qualifications and training. The UK Construction

245 views • 5 slides
On Bringing Object-Oriented Software Metrics into the Model-Based World Verifying ISO 26262

On Bringing Object-Oriented Software Metrics into the Model-Based World Verifying ISO 26262

On Bringing Object-Oriented Software Metrics into the Model-Based World Verifying ISO 26262 Compliance in Simulink Lukas Murer, Torben Stolte Tanja Hebecker, Michael Lipaczewski Uwe Mhrstdt, Frank Ortmeier Motivation Functional safety

589 views • 21 slides
Object oriented programming classes, objects self construction encapsulation

Object oriented programming classes, objects self construction encapsulation

Object oriented programming classes, objects self construction encapsulation Object Orie iented Programming Programming paradigm (example of other paradigms are functional programming where the focus is on functions, lambdas

455 views • 27 slides
Object oriented programming classes, objects self construction encapsulation

Object oriented programming classes, objects self construction encapsulation

Object oriented programming classes, objects self construction encapsulation Object Orie iented Programming Programming paradigm (example of other paradigms are functional programming where the focus is on functions, lambdas

473 views • 28 slides
Verifying filesystems in ACL2 Towards verifying file recovery tools Mihir Mehta Department of

Verifying filesystems in ACL2 Towards verifying file recovery tools Mihir Mehta Department of

Verifying filesystems in ACL2 Towards verifying file recovery tools Mihir Mehta Department of Computer Science University of Texas at Austin mihir@cs.utexas.edu 10 November, 2017 1/34 Outline Motivation and related work Our approach

681 views • 34 slides
Object Oriented Object 3 Programming Object 1 Object 2 Object 4 For : COP 3330. Object

Object Oriented Object 3 Programming Object 1 Object 2 Object 4 For : COP 3330. Object

4/13/2017 OOP Object Oriented Object 3 Programming Object 1 Object 2 Object 4 For : COP 3330. Object oriented Programming (Using C++) ht t p: / / www. com pgeom . com / ~pi yush/ t each/ 3330 Objects: State (fields), Behavior (member

632 views • 6 slides
Verifying filesystems in ACL2 Towards verifying file recovery tools Mihir Mehta Department of

Verifying filesystems in ACL2 Towards verifying file recovery tools Mihir Mehta Department of

Verifying filesystems in ACL2 Towards verifying file recovery tools Mihir Mehta Department of Computer Science University of Texas at Austin mihir@cs.utexas.edu 09 March, 2017 Overview 1. Why we need a verified filesystem 2. Our approach

514 views • 29 slides
Advanced Approaches to Object Recognition and 3D Model Construction from Heterogeneous Data

Advanced Approaches to Object Recognition and 3D Model Construction from Heterogeneous Data

Advanced Approaches to Object Recognition and 3D Model Construction from Heterogeneous Data Evgeny Burnaev Skoltech, ADASE group Joint with Alexander Notchenko Supervised Deep Learning data Type Supervision 2D Image classification, Class

836 views • 45 slides
Java CS2704: Object-Oriented Software Design and Construction Constantinos Phanouriou

Java CS2704: Object-Oriented Software Design and Construction Constantinos Phanouriou

Java CS2704: Object-Oriented Software Design and Construction Constantinos Phanouriou Department of Computer Science Virginia Tech CS2704 (Spring 2000) 1 Java language Java is Just another Object Oriented language Its syntax

686 views • 30 slides
Principles of Software Construction: Objects, Design, and Concurrency Object-Oriented Programming

Principles of Software Construction: Objects, Design, and Concurrency Object-Oriented Programming

Principles of Software Construction: Objects, Design, and Concurrency Object-Oriented Programming in Java Josh Bloch Charlie Garrod Darya Melicher 17-214 1 Administrivia Homework 1 due Thursday 11:59 p.m. Everyone must read and sign

860 views • 48 slides
Principles of Software Construction: Objects, Design, and Concurrency Testing and Object Methods

Principles of Software Construction: Objects, Design, and Concurrency Testing and Object Methods

Principles of Software Construction: Objects, Design, and Concurrency Testing and Object Methods in Java Josh Bloch Charlie Garrod 17-214 1 Administrivia Homework 1 due Today 11:59 p.m. Everyone must read and sign our collaboration

755 views • 42 slides
Principles of Software Construction: Objects, Design, and Concurrency Object-Oriented Programming

Principles of Software Construction: Objects, Design, and Concurrency Object-Oriented Programming

Principles of Software Construction: Objects, Design, and Concurrency Object-Oriented Programming in Java Josh Bloch Charlie Garrod 17-214 1 Administrivia Homework 1 due Thursday 11:59 p.m., EDT Everyone must read and sign our

555 views • 33 slides
Principles of Software Construction: Objects, Design, and Concurrency Object-Oriented Programming

Principles of Software Construction: Objects, Design, and Concurrency Object-Oriented Programming

Principles of Software Construction: Objects, Design, and Concurrency Object-Oriented Programming in Java Josh Bloch Charlie Garrod 17-214 1 Administrivia Homework 1 due Thursday 11:59 p.m. Everyone must read and sign our

596 views • 45 slides
Java AWT CS2704: Object-Oriented Software Design and Construction Constantinos Phanouriou

Java AWT CS2704: Object-Oriented Software Design and Construction Constantinos Phanouriou

Java AWT CS2704: Object-Oriented Software Design and Construction Constantinos Phanouriou Department of Computer Science Virginia Tech CS2704 (Spring 2000) 1 Abstract Windowing Toolkit (AWT) AWT classes form 3 categories: Graphics

548 views • 18 slides
Self- -Verifying Verifying Self Self-Verifying * * Dining Philosophers Dining Philosophers

Self- -Verifying Verifying Self Self-Verifying * * Dining Philosophers Dining Philosophers

Self- -Verifying Verifying Self Self-Verifying * * Dining Philosophers Dining Philosophers Dining Philosophers Peter Welch and Neil Brown Peter Welch and Neil Brown School of Computing, University of Kent, UK School of Computing,

675 views • 44 slides
Specifying and Verifying Concurrent Algorithms with Histories and Subjectivity Ilya

Specifying and Verifying Concurrent Algorithms with Histories and Subjectivity Ilya

Specifying and Verifying Concurrent Algorithms with Histories and Subjectivity Ilya Sergey Aleks Nanevski Anindya Banerjee ESOP 2015 A logic-based approach for Specifying and Verifying Concurrent Algorithms An

2.36k views • 186 slides
Verifying Trigonometric Identities A trigonometric identity is simply an identity involving

Verifying Trigonometric Identities A trigonometric identity is simply an identity involving

Verifying Trigonometric Identities A trigonometric identity is simply an identity involving trigonometric functions. We learn to verify and spend time verifying trigonometric identities because the practice we get verifying trigonometric

661 views • 46 slides
Verifying the SET Protocol: Overview Lawrence C Paulson, Computer Laboratory, University of

Verifying the SET Protocol: Overview Lawrence C Paulson, Computer Laboratory, University of

Verifying the SET Protocol: Overview Lawrence C Paulson, Computer Laboratory, University of Cambridge (Joint with Giampaolo Bella and Fabio Massacci) Plan of Talk The SET Protocol Defining the Formal Models Verifying the

570 views • 24 slides
Specifying Interfaces Object Design: Chapter 9, Object Design ! Object design is the process of

Specifying Interfaces Object Design: Chapter 9, Object Design ! Object design is the process of

Object-Oriented Software Engineering Using UML, Patterns, and Java Specifying Interfaces Object Design: Chapter 9, Object Design ! Object design is the process of adding details to the requirements analysis and making implementation decisions

500 views • 28 slides
Object-Oriented Databases Object Oriented Databases ODMG Standard Object Model, Object

Object-Oriented Databases Object Oriented Databases ODMG Standard Object Model, Object

Object-Oriented Databases Object Oriented Databases ODMG Standard Object Model, Object Definition Language, Object Query Language Programming Language Bindings Outlook October 17, 2008 Michael Grossniklaus Department of

786 views • 27 slides
Verifying Authentication Properties of C Protocol Code Using VCC Franois Dupressoir (Open

Verifying Authentication Properties of C Protocol Code Using VCC Franois Dupressoir (Open

Verifying Authentication Properties of C Protocol Code Using VCC Franois Dupressoir (Open University) Andrew D. Gordon (MSR Cambridge) Jan Jrjens (TU Dortmund) Verifying Security Code Assume a security API specification.

397 views • 24 slides
Verification Games Verifying Fire Hydrants 10 mins http://pygy.co/bQn

Verification Games Verifying Fire Hydrants 10 mins http://pygy.co/bQn

Street-level Imagery Collection - HackMD https://hackmd.io/HjjiW4msTXKghSEzs5NNZw?view Intro to Mapillary Verification Games Verifying Fire Hydrants 10 mins http://pygy.co/bQn (http://pygy.co/bQn) Verifying Crossings 10

354 views • 10 slides
Xerox/DOM Presentation Fall 2016 CONTENTS 1. Verifying Eligibility 2. Taxonomy Code Placement

Xerox/DOM Presentation Fall 2016 CONTENTS 1. Verifying Eligibility 2. Taxonomy Code Placement

Xerox/DOM Presentation Fall 2016 CONTENTS 1. Verifying Eligibility 2. Taxonomy Code Placement 3. Prior Authorization 4. Timely Filing Limits 5. Envision Web Portal Verifying Eligibility It is the responsibility of the Medicaid Provider to

602 views • 21 slides
A heuristic method for formally verifying real inequalities Robert Y. Lewis Vrije Universiteit

A heuristic method for formally verifying real inequalities Robert Y. Lewis Vrije Universiteit

A heuristic method for formally verifying real inequalities Robert Y. Lewis Vrije Universiteit Amsterdam June 27, 2018 Motivation Specific topic for today: verifying systems of nonlinear inequalities over R 0 n , n &lt; ( K /

1.02k views • 39 slides

More recommend