global mutable state analysis in spring mvc applications

Global Mutable State Analysis in Spring MVC Applications

John L. Singleton

University of Central Florida

Formal Methods @ UCF

The Problem: Global Mutable State

• Web applications make extensive use of a form of Global Mutable State called “session.”

• The behavior of session closely resembles global variables, which are widely considered a form of code smell.

• But more importantly, the use of global variables increase module coupling.

Formal Methods @ UCF

Goal: Investigate Use of Global Mutable State in Spring-Based Web Applications• Test Hypothesis:

“The use of global mutable state leads to tighter coupling and therefore results in lower program reliability.”

• Static Analysis Question:

Which program executions may be influenced by the modification of a given GMS variable.

Formal Methods @ UCF

Approach: Static Analysis of Spring-Based Web Applications

• Since Verily already has support for static checking, the tool was built within Verily.

• Verily internally leverages ANTLR to handle parsing and AST building.

• Build data sets for finding problematic uses of GMS and making specific recommendations about use of GMS in web applications.

Formal Methods @ UCF

Analysis Method

Our tool performed 4 types of graph analysis:• Module • Variable• Behavior (read/write >=0)• Behavior (read/write > 0 – must use the value)

Additionally, we generated plot data for computing metrics we define in this presentation.

Module Example

Formal Methods @ UCF

• Large Squares represent modules.

• “Points” represent use of a single GMS variable.

• Multiple arrows leaving a point implies multiple usages within a module.

• Arrows point to module in which the variable is modified

Shared Issues Application

Variable Example

Formal Methods @ UCF

• Variable analysis gives more specific information about the use of variables.

• Line number, module, etc.

• Useful for interpreting the other two types of behavior analysis.

• These networks are huge and hard to display in slides.

ELTabique Application

Behavior Example (with single writes)

Formal Methods @ UCF

• Behavior analysis makes it easy to visualize application GMS behavior.

• Possible to quickly classify the type of behavior being used for a specific GMS variable.

• With writes shows variables that are only written to but never read.

NCLodger Application

Behavior Example (w/o single writes)

Formal Methods @ UCF

• Same type of analysis as other type of Behavior analysis.

• Excludes GMS variables that are written to but never used again.

MivProject Application

Results

Formal Methods @ UCF

Network Classification

Analysis revealed several different types of networks.

• These networks appear to recur in application designs.

• Each subnetwork represents the behavior over a GMS variable.

Formal Methods @ UCF

Type 1: Ideal GMS Usage

• The ideal usage of GMS is such that there exists exactly one universal sink in a subgraph.

• Lowest amount of cross module coupling.

• (Verily’s GMS recipe enforces this check)

Formal Methods @ UCF

Type 2: Less Ideal GMS Usage

• This type of network has multiple sinks and multiple reads within the network.

• Multiple Reads, Multiple Writes

Formal Methods @ UCF

Type 3: Least Ideal GMS Usage

• This type of network has many different write operations compared to the number of reads.

• This results in the highest form of coupling since it crosses the most number of modules.

• High Writes, Low Reads

Formal Methods @ UCF

Quantifying GMS Use

We define two sets for analyzing these networks:

Formal Methods @ UCF

Quantifying GMS Use: GMC

We then calculate Global Mutable Coupling as a measure of GMS use:

Formal Methods @ UCF

Quantifying GMS Use: Network Impact

Formal Methods @ UCF

Example: The Ideal Case

Formal Methods @ UCF

• For both networks, GMC = 1 and are therefore ideal.

• Note that we don’t consider more “readers” to increase the value of GMC.

Example: Less Ideal Cases

Formal Methods @ UCF

• GMC = 16, which shows a high degree of coupling impact.

• Modifications in 4 different program points influence the network in two difference places.

Example: Less Ideal Cases

Formal Methods @ UCF

• GMC = 49, which shows a very high degree of coupling impact.

• This application is coupled across 7 possible modules.

Case Studies

Formal Methods @ UCF

Source Data

Formal Methods @ UCF

To inform our analysis, we randomly pulled projects off of Github that made use of Spring MVC and Global Mutable State

There are approximately 184,000 such projects available for analysis.

Our analysis was based on the following projects:

• MivProject• TwitterApp• SharedIssues• NCLodger• EITabique

GMS Analysis: MivProject

Formal Methods @ UCF

0 1 2 3 4 5 6 7 80

0.5

1

1.5

2

2.5

3

3.5

4

4.5

0.0071430.007143000 1.4

0.160714 0.342857

0.0071430.007143

0.1607140.010714

0.007143

0.017857

0.2857140.0071430.007143 0.1285710.1285710.0071430.0071430.007143

Read/Write + Network Size(GMI Value Inside Circle)

Writes

Rea

ds

GMS Analysis: MivProject

Formal Methods @ UCF

GMS Analysis: SOEN387

Formal Methods @ UCF

0 1 2 3 4 5 6 7 80

2

4

6

8

10

12

14

0.930233

1.8895351.889535

5.412791

0.523256

0

1.889535

Read/Write + Network Size(GMI Value Inside Circle)

Writes

Rea

ds

GMS Analysis: SOEN387

Formal Methods @ UCF

Other Findings

Formal Methods @ UCF

Many Usages of GMS are to Deliver Information to Other Tiers

Formal Methods @ UCF

The Use of Session in Web Applications Can Be Quite Complex

Formal Methods @ UCF

And Even Beautiful…

Formal Methods @ UCF

Thank You

• To learn more about Verily:• http://goverily.org

• More about Formal Methods @ UCF:• http://www.eecs.ucf.edu/~leavens/formal-methods-lab/

Formal Methods @ UCF