Design architecture pattern detection l.jpg
Sponsored Links
This presentation is the property of its rightful owner.
1 / 16

Design/Architecture Pattern Detection PowerPoint PPT Presentation


  • 184 Views
  • Updated On :
  • Presentation posted in: General

Design/Architecture Pattern Detection. A look at methods of detecting the presence of patterns within a program’s source code – with a possible goal to verify the correct use of security patterns. Dr. Michael VanHilst 1 September 2007. Task of Pattern Detection. Given a set of patterns, P

Download Presentation

Design/Architecture Pattern Detection

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Design/Architecture Pattern Detection

A look at methods of detecting the presence of patterns within a program’s source code – with a possible goal to verify the correct use of security patterns.

Dr. Michael VanHilst

1 September 2007


Task of Pattern Detection

  • Given a set of patterns, P

  • Given a program, X

  • Identify the presence of all patterns p in X, where p is an element of P

    Our potential objective

  • Given sets of security patterns for specific security concerns

  • Confirm use of a known security pattern for each concern


Not “Pattern Mining”

  • Given a set of successful applications

  • Identify recurring patterns that solve interesting problems

  • This is not matching

    Robert Martin, Discovering patterns in existing applications, Pattern Languages of Program Design, 1995


Structural Pattern Matching

Candidate matches to structural patterns

  • Graph matching (pattern = microarchitecture)

  • Nodes are classes

  • Arcs are relationships

    • Inheritance, aggregation, association

    • Add delegation/call relation

  • Extracted from class & sequence diagram

  • creational & behavioral patterns harder


Variations on Structure Matching

  • Various parsing strategies to generate class and call graphs from code

  • Different matching criteria

  • Different search algorithms

    • The fact that classes in a pattern have direct relationships to each other greatly reduces state explosions in many search algorithms


Structure Matching Papers

  • Rudolf K. Keller , Reinhard Schauer , Sébastien Robitaille , Patrick Pagé, Pattern-based reverse-engineering of design components, Proceedings of the 21st international conference on Software engineering, p.226-235, May 16-22, 1999, Los Angeles, California, United States

  • Jochen Seemann , Jürgen Wolff von Gudenberg, Pattern-based design recovery of Java software, ACM SIGSOFT Software Engineering Notes, v.23 n.6, p.10-16, Nov. 1998

  • G. Antoniol , R. Fiutem , L. Cristoforetti, Design Pattern Recovery in Object-Oriented Software, Proceedings of the 6th International Workshop on Program Comprehension, p.153, June 24-26, 1998 (most cited paper)

    • Istituto per la Ricerca Scientifica e Tecnologica Povo (Trento), Italy

  • J. Bansiya. Automating design-pattern identication - DP++ is a tool for C++ programs. Dr. Dobbs Journal, 1998.

  • Brown, K. (1997). Design reverse-engineering and automated design pattern detection in Smalltalk. thesis

  • Christian Kramer , Lutz Prechelt, Design Recovery by Automated Search for Structural Design Patterns in Object-Oriented Software, Proceedings of the 3rd Working Conference on Reverse Engineering (WCRE '96), p.208, November 08-10, 1996 (delegation check was manual)

    • Uni Karlsruhe


Pattern Ambiguity

Client

Abstraction

VirtualImplementor

action()

Operation()

Virtual OperationImp()

Bridge

ConcreteImplementor

Concrete OperationImp()

Client

Invoker

VirtualCommand

command()

Operation()

Virtual Execute()

Command

Receiver

ConcreteCommand

action()

Concrete Execute()


MAISA

  • General structure recognition tool using constraint satisfaction

  • Add more constraints to improve accuracy

  • Parse code to intermediate UML models

  • Define constraints on model properties

  • (works for select structure patterns, not behavior)

    J. Gustafsson, L. Nenonen, and J. Paakki, University of Helsinki, 2000 – many papers


Pattern Fingerprints

  • Extend property characterizations to prune candidate classes in a pattern

    • Booleans for large/small class, deep/shallow inheritance, mostly class/instance variables, etc.

  • Train pattern recognizer on tagged corpus

  • Claim greater accuracy (80% vs. 40%)

    Y.G. Gueheneuc, H. Sahraoui, F. Zaidi, Fingerprinting design patterns, 11th Working Conference on Reverse Engineering (WCRE’04), pp. 172–181. (University of Montreal, many papers)


Behavior Matching

  • Query by Logic Meta Programming

  • Founded in Abstract Interpretation

    • Queries can have abstract/fuzzy values

  • Keeps structure models and properties

  • Adds execution trace

  • Recognizes Visitor based on its visit-then-execute trace

    Coen De Roover, Kris Gybels, Theo D'Hondt: Towards Abstract Interpretation for Recovering Design Information. Electr. Notes Theor. Comput. Sci. 131: 15-25 (2005) (Free University, Brussels)


Formal Content Analysis

  • Concepts have complete partial orders that form lattices

  • Concept lattices allow variations

    • not all mammals have legs

    • all legless mammals share other properties

  • Properties are still class relations and characteristics

  • Similar patterns form neighborhoods

    Frank Buchli, Detecting Software Patterns Using Formal Concept Analysis, thesis, University of Bern, 2003 (advisor Oscar Nierstrasz).


Detecting Patterns in Comments

  • “To identify the application of a pattern we search the log messages for the pattern name co-occurring with keywords taken from the pattern’s intend (italic words in the appendix) or the word ‘pattern.’”

  • Michael Hasler, “A Quantitative Study of the Application of Design Patterns in Java”, Working Papers on Information Processing and Information Management Nr. 01/2003, Institute of Information Processing and Information Management


Theorem Prover

  • Uses sigma calculus denotational semantics

  • Theorem prover based on reduction rules

  • Reduction rules make it easier to express equivalence variations (reduce this to that)

  • Reduction rules scale to patterns of patterns

  • Richer property and relationship semantics

    J. M. Smith and D. Stotts. SPQR: flexible automated design pattern extraction from source code. In Proc. Of the 18th IEEE International Conference on Automated Software Engineering, pages 215-224, October 2003. (UNC, results?)


Basic Pattern Components

Client

Objectifier

action()

Virtual Operation()

Objectifier

ConcreteObjectifier

Concrete Operation()

Initiator

Handler

makeRequest()

handleRequest()

Object Recursion

Terminator

Recursor

handleRequest()

handleRequest()


Task of Pattern Detection

  • Given a set of patterns, P

  • Given a program, X

  • Identify the presence of all patterns p in X, where p is an element of P

    Our potential objective

  • Given sets of security patterns for specific security concerns

  • Confirm use of a known security pattern for each concern


Security Pattern Verification?

  • Probabilistic matching doesn’t give much assurance (bad)

  • SPQR is formal and gives proof (good)

  • SPQR requires writing denotational semantics (bad)

  • Most work demonstrate only simple examples

  • Security patterns are large, perhaps less prone to ambiguity

  • We know what we seek (small search space)


  • Login