Title: Role-Based Exploration of Object-Oriented Programs
1Role-Based Explorationof Object-Oriented Programs
- Brian Demsky and Martin Rinard
- MIT Laboratory for Computer Science
2Research Goal
- Help developers discover and understand
- Different states of objects in computation
- Relationships between objects in different states
- How states and actions interact
- How objects change state in response to program
actions - Assumptions that program actions make on the
states of accessed objects
3Basic Approach
- Automatically examine execution of program
- Extract information about states and actions
- Graphically and interactively present information
4Outline
- Challenges
- Example
- Roles and Object States
- Extracted Information
- Presenting Information to Developer
- Extensions and Customization
- Experience
- Related Work
- Conclusion
5Challenges
- Given a program, automatically infer an
appropriate set of abstract object states for
that program - Relate the object states to important structural
and functional properties of the program - Present this information to the developer
6Role Separation Predicates
- Set of predicates (role separation predicates)
- Evaluate predicates on each object
- Objects with the same values for the predicates
are in the same state - We call each state a role
- We say that an object plays its role
7Role Separation PredicatesSet of Predicates
ra
rb
rc
State
o1
o2
o3
o4
o5
Objects
P1(o1)T P2(o1)T P3(o1)T
P1(o2)F P2(o2)T P3(o2)T
P1(o3)F P2(o3)T P3(o3)T
P1(o4)T P2(o4)F P3(o4)T
P1(o5)T P2(o5)F P3(o5)T
8Choosing Predicates
- Each predicate should capture some aspect of some
conceptual role that an object might play - One obvious category of predicates
- Predicates that capture the class of the object
- How do we select other predicates?
- Examine common information representation
strategies - Select predicates that capture the distinctions
that these patterns are designed to represent
9Example
Developer
Salesperson
salesperson
developer
manages
manages
Employee
10Properties
- Interesting invariants
- Only an employee who is a salesperson should make
a sale - Only an employee who is a developer should check
code in to the code base - How can we tell a salesperson from a developer?
11Examples of Employees Playing Developer and
Salesperson Roles
12Examples of Employees Playing Developer and
Salesperson Roles
Developer
developer
Employee
Developer
developer
Employee
13Examples of Employees Playing Developer and
Salesperson Roles
SalesPerson
Developer
salesperson
developer
Employee
Employee
SalesPerson
salesperson
Employee
Developer
SalesPerson
developer
salesperson
Employee
Employee
14Solution
- Heap Alias Predicates
- Captures whether a given field of a given class
points to object in question - Formal Predicate
- Pc.f(o) is true if o has a reference from the f
field of an instance of class c - Example
- PDeveloper.developer(o) is true if o is a
developer
15Role Changes
Developer
SalesPerson
Developer
SalesPerson
developer
salesperson
developer
salesperson
Employee
Employee
Employee
- Employees can migrate through careers
- Roles can capture these changes of an objects
referencing state and of the functional
constraints placed on the object
16More Properties
- Property Only managers are sent to management
training seminars - How can we identify managers?
17Instances of an Employee Playing Managing and
Non-managing Roles
Employee
Employee
Employee
18Instances of an Employee Playing Managing and
Non-managing Roles
Employee
Employee
Employee
manages
Employee
Vector of Developer SalesPerson
Employee
Employee
manages
manages
Vector of Developer SalesPerson
Vector of Developer SalesPerson
19Solution
- Non-null field predicates
- Capture what references an object has to other
objects - Formal Predicates
- Pg(o) is true if o has the non-null field g,
false otherwise - Example
- Pmanages(o) is true if o is a manager
20Role Separation Criteria
- For each class c
- Pc(o) object o has class c
- For each class and field pair ltc,fgt
- Pc.f(o) there is a reference to o from the
field f of an instance of c - For each field g
- Pg(o) object o has a non-null field g
- For key local and global variables v
- Pv(o) object o is reachable from v
- For each fields f,g
- Pf,g(o) object o has the cyclic path o.f.go
- For key methods m and parameters n
- Pm,n(o) object o has been parameter n of method
m
21Role Description
- Role developer Employee w/manages
- Class Employee
- Heap Aliases Developer.developer,
- Non-null Fields manages
PEmployee(o) T PDeveloper.developer(o)T
Pmanages(o) T
Developer.developer
manages
22Dynamic Role Inference
- Instrument execution of the program
- Run program to generate a trace of heap
operations - Dynamically compute
- Roles that each object plays
- Transitions between roles
- Roles of methods parameters
23When Do We Evaluate Roles?
- Goal Evaluate roles when objects have consistent
states - Objects are likely to have consistent states at
method entry and exit points - By default our tool evaluates the roles of
objects at method boundaries - The developer can modify this default policy
24Role Naming Heuristic
manages Vector w/ elementData
elementData
manages
Class java.lang.Vector
- The role name assigned to this role description
is manages Vector w/ elementData - manages refers to the heap alias to the object
- Vector is the class name of the object
- elementData refers to the non-null field of the
object - The tool allows the developer to manually provide
more descriptive names for a role, and we have
done so in some cases to improve readability
25Roles and Functional Properties
26Role Transition Diagram
Initial Employee
developer Employee
salesperson Employee
this arg of Developer.ltinitgt
this arg of SalesPerson.ltinitgt
this arg of assignEmployees
developer Employee w/ manages
this arg of assignEmployees
this arg of SalesPerson.ltinitgt
salesperson Employee w/ manages
developer salesperson Employee
restructureCompany
this arg of assignEmployees
developer salesperson w/ manages
27Role Transition Diagram
Initial Employee
developer Employee
salesperson Employee
this arg of Developer.ltinitgt
this arg of SalesPerson.ltinitgt
this arg of assignEmployees
developer Employee w/ manages
this arg of assignEmployees
this arg of SalesPerson.ltinitgt
salesperson Employee w/ manages
developer salesperson Employee
restructureCompany
this arg of assignEmployees
developer salesperson w/ manages
28Enhanced Method Interfaces
- Our tool can generate an enhanced method
interface which includes - the roles of the parameters
- the role changes that the method performs
- We believe developers will find this sort of
information useful for understanding - assumptions that methods make
- effects of a method on objects it accesses
29Enhanced Method Interface
- Developer.ltinitgt(Developer, Employee)
- Calling Context
- (InitialDeveloper, InitialEmployee)
- Return Context
- (Developer,
- developer Employee)
- Role Changes
- InitialDeveloper -gt Developer
- InitialEmployee -gt developer Employee
30Structural Properties
31Role Relationship Diagram
developer Employee
developer
developer
developer Employee w/ manages
developer salesperson Employee w/ manages
Developer
developer
developer
developer salesperson Employee
32Role Relationship Diagram
developer Employee
developer
developer
developer salesperson Employee w/ manages
developer Employee w/ manages
Developer
developer
developer
developer salesperson Employee
33Interactive Support
- Our tool uses a graphical web-based interface to
communicate inferred properties - The tool presents
- Role transition diagrams for each class
- A role relationship diagram
- Links from the diagrams to the appropriate
- role descriptions
- enhanced method interfaces
34Role Relationship Diagram
developer Employee
developer
developer
developer Employee w/ manages
developer salesperson Employee w/ manages
Developer
developer
developer
developer salesperson Employee
35Role Relationship Diagram
developer Employee
developer
developer
developer Employee w/ manages
developer salesperson Employee w/ manages
developer Employee w/ manages
Developer
developer
developer
developer salesperson Employee
36Role Description
- Role developer Employee w/manages satisfies
- Class Employee
- Heap Aliases Developer.developer
- Non-null Fields manages
manages
Developer.developer
37Role Description
- Role developer Employee w/manages satisfies
- Class Employee
- Heap Aliases Developer.developer
- Non-null Fields manages
Employee
manages
Developer.developer
38Role Transition Diagram
Initial Employee
developer Employee
salesperson Employee
this arg of Developer.ltinitgt
this arg of SalesPerson.ltinitgt
this arg of assignEmployees
developer Employee w/ manages
this arg of assignEmployees
this arg of SalesPerson.ltinitgt
salesperson Employee w/ manages
developer salesperson Employee
restructureCompany
this arg of assignEmployees
developer salesperson w/ manages
39Role Transition Diagram
Initial Employee
developer Employee
salesperson Employee
this arg of Developer.ltinitgt
this arg of SalesPerson.ltinitgt
this arg of assignEmployees
developer Employee w/ manages
this arg of assignEmployees
this arg of SalesPerson.ltinitgt
salesperson Employee w/ manages
salesperson Employee w/ manages
developer salesperson Employee
restructureCompany
this arg of assignEmployees
developer salesperson w/ manages
40Role Description
- Role salesperson Employee w/manages satisfies
- Class Employee
- Heap Aliases SalesPerson.salesperson
- Non-null Fields manages
manages
SalesPerson.salesperson
41Extensions
42Role Subspaces
- Different activities require exploration at
varying levels of detail - The developer may initially need very coarse
information then later explore certain aspects in
greater detail - The developer may coarsen aspects of objects
orthogonal to the developers current interest - Role subspaces provide a means to manage role
separation predicates - Developers specify a role subspace by specifying
a subset of role separation criteria - Multiple role subspaces can be used simultaneously
43Role Subspaces
PEmployee(o) Pmanages(o) PDeveloper.developer(o)
PSalesPerson.salesperson(o)
Role Subspace Class Employee Non-null
Fields manages
.
.
.
44Role Transition Diagram
InitialEmployee
this arg of assignEmployee
Employee w/ manages
45Multiple Object Data Structures
Employee
manages
Vector
Array
Developer
Developer
Developer
SalesPerson
46Multiple Object Data Structures
Employee
manages
Developer
Developer
Developer
SalesPerson
47Customization
- Our web-based interface allows the developer to
control the analysis. The developer can - Define multiple role subspaces
- View projections of role transition diagrams and
role relationship diagrams onto the defined role
subspaces - Declare methods atomic to hide internal role
changes - Declare a set of methods to be considered in the
method invocation history of objects
48Experience
- We used our tool on a variety of different
applications - JhttpServer a simple web server
- Jess an expert system shell
- Direct-To an air-traffic control tool
49JhttpServer
50Role Transition Diagram for Socket
Initial Socket
Socket
ServerSocket
Socket w/ address
ServerSocket w/fd
Garbage
Socket w/fd
bound ServerSocket
Socket w/o output
Socket w/ input
listening ServerSocket
Socket w/o fd
Socket w/ output
51Role Transition Diagram for Socket
Initial Socket
Socket
ServerSocket
Socket w/ address
ServerSocket w/fd
Garbage
Socket w/fd
bound ServerSocket
Socket w/o output
Socket w/ input
listening ServerSocket
Socket w/o fd
Socket w/ output
52Role Transition Diagram for Socket
Initial Socket
Socket
ServerSocket
Socket w/ address
ServerSocket w/fd
Garbage
Socket w/fd
bound ServerSocket
Socket w/o output
Socket w/ input
listening ServerSocket
Socket w/o fd
Socket w/ output
53Role Transition Diagram for Socket
Initial Socket
Socket
ServerSocket
Socket w/ address
ServerSocket w/fd
this arg of bind
Garbage
Socket w/fd
bound ServerSocket
this arg of listen
Socket w/o output
Socket w/ input
listening ServerSocket
Socket w/o fd
Socket w/ output
54Jess
55Role Transition Diagram
InitialLengthNode
this arg of Node1.ltinitgt this arg of
LengthNode.ltinitgt, this arg of Node.ltinitgt
LengthNode w/ successor engine
1st arg of Successor.ltinitgt
node LengthNode
this arg of Node.freeze
LengthNode w/ successorArray
Jess.run_jess
Garbage
56Role Description
- Role node LengthNode satisfies
- Class LengthNode
- Heap Aliases Successor.node
- Non-null Fields engine, successor
PLengthNode(o) T PSuccessor.node(o)
T Pengine(o) T Psuccessor(o) T
engine
Successor.node
successor
57Role Description
- Role LengthNode w/ successorArray satisfies
- Class LengthNode
- Heap Aliases Successor.node
- Non-null Fields engine, successorArray
PLengthNode(o) T PSuccessor.node(o)
T Pengine(o) T PsuccessorArray(o) T
engine
Successor.node
successorArray
58Jess
- Most nodes have exactly one Successor object
referring to them
Successor.node
- The MergeNode class has exactly two Successor
objects referring to it
Successor.node
Successor.node
59Direct-To
60Role Transition Diagram for Flight
Flight w/ fPlan
Initial Flight
Flight w/ flightID
Flight w/ track
Flight in flightlist
Flight w/ trajectory with nextFix
Flight w/ aircraftType
Flight w/ trajectory
Flight w/ flightType
61Role Transition Diagram for Flight
Flight w/ fPlan
Initial Flight
Flight w/ flightID
Flight w/ track
Flight in flightlist
Flight w/ trajectory with nextFix
Flight w/ aircraftType
Flight w/ trajectory
Flight w/ flightType
62Role Transition Diagram for Flight
Flight w/ fPlan
Initial Flight
Flight w/ flightID
Flight w/ track
Flight in flightlist
Flight w/ trajectory with nextFix
Flight w/ aircraftType
Flight w/ trajectory
Flight w/ flightType
63Role Transition Diagram for Point4d
Initial Point4d
Velocity.vector Point4d
currentPos Point4d
Track.pos Point4d
Point4d in array
Garbage
64Role Transition Diagram for Point4d
Initial Point4d
Velocity.vector Point4d
currentPos Point4d
Track.pos Point4d
Point4d in array
Garbage
65Role Transition Diagram for Point4d
Initial Point4d
Velocity.vector Point4d
currentPos Point4d
Track.pos Point4d
Point4d in array
Garbage
66Role Transition Diagram for Point4d
Initial Point4d
Velocity.vector Point4d
currentPos Point4d
Track.pos Point4d
Point4d in array
Garbage
67How is This Useful?
- Program exploration - to discover
- The different conceptual roles that objects play
- Important referencing relationships between
objects playing different roles - Constraints between roles and actions of program
- Debugging to check that the program respects
- Structural object referencing constraints
- Functional constraints between actions and object
roles - Specification generation to automatically
produce models of the program and objects it
manipulates - Documentation of key properties
- Starting point for static verification
68Related Work
- Design formalisms
- Object models such as
- Syntropy (Cook and Daniels 94)
- Fusion (Coleman 93)
- Catalysis (DSouza Wells 99)
- Alloy (Jackson 00)
- Dream (Riddle, Sayler, Segal, Wileden 77)
- Design patterns
- Role-based conceptual design methods (Jacobs,
Fowler, Familiar)
69Related Work
- Program understanding tools
- Algebraic invariants - Daikon (Ernst, Czeisler,
Griswold, Notkin 00) - Object model extraction Womble (Jackson,
Waingold 99) - Static analysis
- Shape Analysis (Sagiv 97, Hendren 90)
- Role Analysis (Kuncak, Lam, Rinard 02)
70Conclusion
- Type systems have been a primary mechanism for
capturing object properties - Standard systems give each object a single type
for its entire lifetime in computation - Changing object states underemphasized
- Our technology focuses on changing states
- More precise structural properties
- More precise functional properties
- Better understanding of the program
- Goal is to make changing object states a central
aspect of software engineering tools