Predicting problems caused by component upgrades

We present a new, automatic technique to assess whether replacing a component of a software system by a purportedly compatible component may change the behavior of the system. The technique operates before integrating the new component into the system or running system tests, permitting quicker and cheaper identification of problems. It takes into account the system's use of the component, because a particular component upgrade may be desirable in one context but undesirable in another. No formal specifications are required, permitting detection of problems due either to errors in the component or to errors in the system. Both external and internal behaviors can be compared, enabling detection of problems that are not immediately reflected in the output.The technique generates an operational abstraction for the old component in the context of the system and generates an operational abstraction for the new component in the context of its test suite; an operational abstraction is a set of program properties that generalizes over observed run-time behavior. If automated logical comparison indicates that the new component does not make all the guarantees that the old one did, then the upgrade may affect system behavior and should not be performed without further scrutiny. In case studies, the technique identified several incompatibilities among software components.

[1]  George C. Necula,et al.  Translation validation for an optimizing compiler , 2000, PLDI '00.

[2]  Craig Schaffert,et al.  An introduction to Trellis/Owl , 1986, OOPLSA '86.

[3]  Toby Bloom,et al.  Dynamic module replacement in a distributed programming system , 1983 .

[4]  Gary T. Leavens,et al.  Forcing behavioral subtyping through specification inheritance , 1996, Proceedings of IEEE 18th International Conference on Software Engineering.

[5]  Timothy W. Curry,et al.  Profiling and Tracing Dynamic Library Usage Via Interposition , 1994, USENIX Summer.

[6]  Debra J. Richardson,et al.  Approaches to specification-based testing , 1989, TAV3.

[7]  Michael D. Ernst,et al.  Invariant inference for static checking: , 2002, SIGSOFT '02/FSE-10.

[8]  William G. Griswold,et al.  Automated support for program refactoring using invariants , 2001, Proceedings IEEE International Conference on Software Maintenance. ICSM 2001.

[9]  Jonathan E. Cook,et al.  Highly reliable upgrading of components , 1999, Proceedings of the 1999 International Conference on Software Engineering (IEEE Cat. No.99CB37002).

[10]  William G. Griswold,et al.  Dynamically discovering likely program invariants to support program evolution , 1999, Proceedings of the 1999 International Conference on Software Engineering (IEEE Cat. No.99CB37002).

[11]  Oscar Nierstrasz,et al.  Regular types for active objects , 1993, OOPSLA '93.

[12]  Ophir Frieder,et al.  On-the-fly program modification: systems for dynamic updating , 1993, IEEE Software.

[13]  Michael D. Ernst,et al.  Automatic generation of program specifications , 2002, ISSTA '02.

[14]  Gary T. Leavens,et al.  Concepts of behavioral subtyping and a sketch of their extension to component-based systems , 2000 .

[15]  Yonghao Chen,et al.  A semantic foundation for specification matching , 2000 .

[16]  Christophe Meudec,et al.  Automatic generation of software test cases from formal specifications , 1998 .

[17]  Michael D. Ernst,et al.  Selecting Predicates for Implications in Program Analysis , 2002 .

[18]  Wuu Yang,et al.  A program integration algorithm that accommodates semantics-preserving transformations , 1992, SDE 4.

[19]  Johann Schumann,et al.  NORA/HAMMR: making deduction-based software component retrieval practical , 1997, Proceedings 12th IEEE International Conference Automated Software Engineering.

[20]  Nii Lartey Dodoo,et al.  Selecting predicates for conditional invariant detection using cluster analysis , 2002 .

[21]  Cliff B. Jones,et al.  Systematic software development using VDM , 1986, Prentice Hall International Series in Computer Science.

[22]  Michael D. Ernst,et al.  Dynamically discovering likely program invariants , 2000 .

[23]  Peyman Oreizy,et al.  Architecture-based runtime software evolution , 1998, Proceedings of the 20th International Conference on Software Engineering.

[24]  Larry Carter,et al.  Distrbution and Abstract Types in Emerald , 1987, IEEE Transactions on Software Engineering.

[25]  Albert L. Baker,et al.  JML: A Notation for Detailed Design , 1999, Behavioral Specifications of Businesses and Systems.

[26]  Toby Bloom,et al.  Reconfiguration in Argus , 1992, CDS.

[27]  Jeremy Dick,et al.  Automating the Generation and Sequencing of Test Cases from Model-Based Specifications , 1993, FME.

[28]  Maurice Herlihy,et al.  A Value Transmission Method for Abstract Data Types , 1982, TOPL.

[29]  Valérie Issarny,et al.  A dynamic reconfiguration service for CORBA , 1998, Proceedings. Fourth International Conference on Configurable Distributed Systems (Cat. No.98EX159).

[30]  David Detlefs,et al.  Simplify: a theorem prover for program checking , 2005, JACM.

[31]  Frank Tip,et al.  A survey of program slicing techniques , 1994, J. Program. Lang..

[32]  G. G. Stokes "J." , 1890, The New Yale Book of Quotations.

[33]  James M. Purtilo,et al.  Surgeon: a packager for dynamically reconfigurable distributed applications , 1992, Softw. Eng. J..

[34]  Edsger W. Dijkstra,et al.  Guarded commands, nondeterminacy and formal derivation of programs , 1975, Commun. ACM.

[35]  M. F.,et al.  Bibliography , 1985, Experimental Gerontology.

[36]  Michael D. Ernst,et al.  Improving test suites via operational abstraction , 2003, 25th International Conference on Software Engineering, 2003. Proceedings..

[37]  Sriram Sankar,et al.  Structural specification-based testing with ADL , 1996, ISSTA '96.

[38]  William G. Griswold,et al.  Quickly detecting relevant program invariants , 2000, Proceedings of the 2000 International Conference on Software Engineering. ICSE 2000 the New Millennium.

[39]  Luca Cardelli,et al.  A Semantics of Multiple Inheritance , 1984, Inf. Comput..

[40]  George C. Necula,et al.  The design and implementation of a certifying compiler , 1998, PLDI.

[41]  Scott Nettles,et al.  Dynamic software updating , 2001, PLDI '01.

[42]  Jeannette M. Wing,et al.  A behavioral notion of subtyping , 1994, TOPL.

[43]  Greg Nelson,et al.  Fast Decision Procedures Based on Congruence Closure , 1980, JACM.

[44]  Jeannette M. Wing,et al.  Specification matching of software components , 1995, TSEM.

[45]  Sabine Moisan,et al.  Behavioral Substitutability in Component Frameworks: a Formal Approach , 2003 .

[46]  Charles Gregory Nelson,et al.  Techniques for program verification , 1979 .

[47]  Benjamin Morse,et al.  A C/C++ front end for the Daikon dynamic invariant detection system , 2002 .

[48]  John V. Guttag,et al.  Modularity in the Presence of Subclassing , 1996 .

[49]  Cormac Flanagan,et al.  Avoiding exponential explosion: generating compact verification conditions , 2001, POPL '01.

[50]  Michael D. Ernst,et al.  Invariant inference for static checking: an empirical evaluation , 2002, SOEN.

[51]  Greg Nelson,et al.  Extended static checking for Java , 2002, PLDI '02.

[52]  Pierre America,et al.  A parallel object-oriented language with inheritance and subtyping , 1990, OOPSLA/ECOOP '90.

[53]  K. Rustan M. Leino,et al.  An Extended Static Checker for Modular-3 , 1998, CC.

[54]  Michael D. Ernst Practical Fine-Grained Static Slicing of Optimized Code , 1994 .

[55]  Thomas W. Reps,et al.  Precise interprocedural dataflow analysis via graph reachability , 1995, POPL '95.