1 / 16

Design/Architecture Pattern Detection

Design/Architecture Pattern Detection. A look at methods of detecting the presence of patterns within a program’s source code – with a possible goal to verify the correct use of security patterns. Dr. Michael VanHilst 1 September 2007. Task of Pattern Detection. Given a set of patterns, P

hao
Télécharger la présentation

Design/Architecture Pattern Detection

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Design/Architecture Pattern Detection A look at methods of detecting the presence of patterns within a program’s source code – with a possible goal to verify the correct use of security patterns. Dr. Michael VanHilst 1 September 2007

  2. Task of Pattern Detection • Given a set of patterns, P • Given a program, X • Identify the presence of all patterns p in X, where p is an element of P Our potential objective • Given sets of security patterns for specific security concerns • Confirm use of a known security pattern for each concern

  3. Not “Pattern Mining” • Given a set of successful applications • Identify recurring patterns that solve interesting problems • This is not matching Robert Martin, Discovering patterns in existing applications, Pattern Languages of Program Design, 1995

  4. Structural Pattern Matching Candidate matches to structural patterns • Graph matching (pattern = microarchitecture) • Nodes are classes • Arcs are relationships • Inheritance, aggregation, association • Add delegation/call relation • Extracted from class & sequence diagram • creational & behavioral patterns harder

  5. Variations on Structure Matching • Various parsing strategies to generate class and call graphs from code • Different matching criteria • Different search algorithms • The fact that classes in a pattern have direct relationships to each other greatly reduces state explosions in many search algorithms

  6. Structure Matching Papers • Rudolf K. Keller , Reinhard Schauer , Sébastien Robitaille , Patrick Pagé, Pattern-based reverse-engineering of design components, Proceedings of the 21st international conference on Software engineering, p.226-235, May 16-22, 1999, Los Angeles, California, United States • Jochen Seemann , Jürgen Wolff von Gudenberg, Pattern-based design recovery of Java software, ACM SIGSOFT Software Engineering Notes, v.23 n.6, p.10-16, Nov. 1998 • G. Antoniol , R. Fiutem , L. Cristoforetti, Design Pattern Recovery in Object-Oriented Software, Proceedings of the 6th International Workshop on Program Comprehension, p.153, June 24-26, 1998 (most cited paper) • Istituto per la Ricerca Scientifica e Tecnologica Povo (Trento), Italy • J. Bansiya. Automating design-pattern identication - DP++ is a tool for C++ programs. Dr. Dobbs Journal, 1998. • Brown, K. (1997). Design reverse-engineering and automated design pattern detection in Smalltalk. thesis • Christian Kramer , Lutz Prechelt, Design Recovery by Automated Search for Structural Design Patterns in Object-Oriented Software, Proceedings of the 3rd Working Conference on Reverse Engineering (WCRE '96), p.208, November 08-10, 1996 (delegation check was manual) • Uni Karlsruhe

  7. Pattern Ambiguity Client Abstraction VirtualImplementor action() Operation() Virtual OperationImp() Bridge ConcreteImplementor Concrete OperationImp() Client Invoker VirtualCommand command() Operation() Virtual Execute() Command Receiver ConcreteCommand action() Concrete Execute()

  8. MAISA • General structure recognition tool using constraint satisfaction • Add more constraints to improve accuracy • Parse code to intermediate UML models • Define constraints on model properties • (works for select structure patterns, not behavior) J. Gustafsson, L. Nenonen, and J. Paakki, University of Helsinki, 2000 – many papers

  9. Pattern Fingerprints • Extend property characterizations to prune candidate classes in a pattern • Booleans for large/small class, deep/shallow inheritance, mostly class/instance variables, etc. • Train pattern recognizer on tagged corpus • Claim greater accuracy (80% vs. 40%) Y.G. Gueheneuc, H. Sahraoui, F. Zaidi, Fingerprinting design patterns, 11th Working Conference on Reverse Engineering (WCRE’04), pp. 172–181. (University of Montreal, many papers)

  10. Behavior Matching • Query by Logic Meta Programming • Founded in Abstract Interpretation • Queries can have abstract/fuzzy values • Keeps structure models and properties • Adds execution trace • Recognizes Visitor based on its visit-then-execute trace Coen De Roover, Kris Gybels, Theo D'Hondt: Towards Abstract Interpretation for Recovering Design Information. Electr. Notes Theor. Comput. Sci. 131: 15-25 (2005) (Free University, Brussels)

  11. Formal Content Analysis • Concepts have complete partial orders that form lattices • Concept lattices allow variations • not all mammals have legs • all legless mammals share other properties • Properties are still class relations and characteristics • Similar patterns form neighborhoods Frank Buchli, Detecting Software Patterns Using Formal Concept Analysis, thesis, University of Bern, 2003 (advisor Oscar Nierstrasz).

  12. Detecting Patterns in Comments • “To identify the application of a pattern we search the log messages for the pattern name co-occurring with keywords taken from the pattern’s intend (italic words in the appendix) or the word ‘pattern.’” • Michael Hasler, “A Quantitative Study of the Application of Design Patterns in Java”, Working Papers on Information Processing and Information Management Nr. 01/2003, Institute of Information Processing and Information Management

  13. Theorem Prover • Uses sigma calculus denotational semantics • Theorem prover based on reduction rules • Reduction rules make it easier to express equivalence variations (reduce this to that) • Reduction rules scale to patterns of patterns • Richer property and relationship semantics J. M. Smith and D. Stotts. SPQR: flexible automated design pattern extraction from source code. In Proc. Of the 18th IEEE International Conference on Automated Software Engineering, pages 215-224, October 2003. (UNC, results?)

  14. Basic Pattern Components Client Objectifier action() Virtual Operation() Objectifier ConcreteObjectifier Concrete Operation() Initiator Handler makeRequest() handleRequest() Object Recursion Terminator Recursor handleRequest() handleRequest()

  15. Task of Pattern Detection • Given a set of patterns, P • Given a program, X • Identify the presence of all patterns p in X, where p is an element of P Our potential objective • Given sets of security patterns for specific security concerns • Confirm use of a known security pattern for each concern

  16. Security Pattern Verification? • Probabilistic matching doesn’t give much assurance (bad) • SPQR is formal and gives proof (good) • SPQR requires writing denotational semantics (bad) • Most work demonstrate only simple examples • Security patterns are large, perhaps less prone to ambiguity • We know what we seek (small search space)

More Related