Design architecture pattern detection l.jpg
This presentation is the property of its rightful owner.
Sponsored Links
1 / 16

Design/Architecture Pattern Detection PowerPoint PPT Presentation


  • 172 Views
  • Updated On :
  • Presentation posted in: General

Design/Architecture Pattern Detection. A look at methods of detecting the presence of patterns within a program’s source code – with a possible goal to verify the correct use of security patterns. Dr. Michael VanHilst 1 September 2007. Task of Pattern Detection. Given a set of patterns, P

Download Presentation

Design/Architecture Pattern Detection

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Design architecture pattern detection l.jpg

Design/Architecture Pattern Detection

A look at methods of detecting the presence of patterns within a program’s source code – with a possible goal to verify the correct use of security patterns.

Dr. Michael VanHilst

1 September 2007


Task of pattern detection l.jpg

Task of Pattern Detection

  • Given a set of patterns, P

  • Given a program, X

  • Identify the presence of all patterns p in X, where p is an element of P

    Our potential objective

  • Given sets of security patterns for specific security concerns

  • Confirm use of a known security pattern for each concern


Not pattern mining l.jpg

Not “Pattern Mining”

  • Given a set of successful applications

  • Identify recurring patterns that solve interesting problems

  • This is not matching

    Robert Martin, Discovering patterns in existing applications, Pattern Languages of Program Design, 1995


Structural pattern matching l.jpg

Structural Pattern Matching

Candidate matches to structural patterns

  • Graph matching (pattern = microarchitecture)

  • Nodes are classes

  • Arcs are relationships

    • Inheritance, aggregation, association

    • Add delegation/call relation

  • Extracted from class & sequence diagram

  • creational & behavioral patterns harder


Variations on structure matching l.jpg

Variations on Structure Matching

  • Various parsing strategies to generate class and call graphs from code

  • Different matching criteria

  • Different search algorithms

    • The fact that classes in a pattern have direct relationships to each other greatly reduces state explosions in many search algorithms


Structure matching papers l.jpg

Structure Matching Papers

  • Rudolf K. Keller , Reinhard Schauer , Sébastien Robitaille , Patrick Pagé, Pattern-based reverse-engineering of design components, Proceedings of the 21st international conference on Software engineering, p.226-235, May 16-22, 1999, Los Angeles, California, United States

  • Jochen Seemann , Jürgen Wolff von Gudenberg, Pattern-based design recovery of Java software, ACM SIGSOFT Software Engineering Notes, v.23 n.6, p.10-16, Nov. 1998

  • G. Antoniol , R. Fiutem , L. Cristoforetti, Design Pattern Recovery in Object-Oriented Software, Proceedings of the 6th International Workshop on Program Comprehension, p.153, June 24-26, 1998 (most cited paper)

    • Istituto per la Ricerca Scientifica e Tecnologica Povo (Trento), Italy

  • J. Bansiya. Automating design-pattern identication - DP++ is a tool for C++ programs. Dr. Dobbs Journal, 1998.

  • Brown, K. (1997). Design reverse-engineering and automated design pattern detection in Smalltalk. thesis

  • Christian Kramer , Lutz Prechelt, Design Recovery by Automated Search for Structural Design Patterns in Object-Oriented Software, Proceedings of the 3rd Working Conference on Reverse Engineering (WCRE '96), p.208, November 08-10, 1996 (delegation check was manual)

    • Uni Karlsruhe


Pattern ambiguity l.jpg

Pattern Ambiguity

Client

Abstraction

VirtualImplementor

action()

Operation()

Virtual OperationImp()

Bridge

ConcreteImplementor

Concrete OperationImp()

Client

Invoker

VirtualCommand

command()

Operation()

Virtual Execute()

Command

Receiver

ConcreteCommand

action()

Concrete Execute()


Maisa l.jpg

MAISA

  • General structure recognition tool using constraint satisfaction

  • Add more constraints to improve accuracy

  • Parse code to intermediate UML models

  • Define constraints on model properties

  • (works for select structure patterns, not behavior)

    J. Gustafsson, L. Nenonen, and J. Paakki, University of Helsinki, 2000 – many papers


Pattern fingerprints l.jpg

Pattern Fingerprints

  • Extend property characterizations to prune candidate classes in a pattern

    • Booleans for large/small class, deep/shallow inheritance, mostly class/instance variables, etc.

  • Train pattern recognizer on tagged corpus

  • Claim greater accuracy (80% vs. 40%)

    Y.G. Gueheneuc, H. Sahraoui, F. Zaidi, Fingerprinting design patterns, 11th Working Conference on Reverse Engineering (WCRE’04), pp. 172–181. (University of Montreal, many papers)


Behavior matching l.jpg

Behavior Matching

  • Query by Logic Meta Programming

  • Founded in Abstract Interpretation

    • Queries can have abstract/fuzzy values

  • Keeps structure models and properties

  • Adds execution trace

  • Recognizes Visitor based on its visit-then-execute trace

    Coen De Roover, Kris Gybels, Theo D'Hondt: Towards Abstract Interpretation for Recovering Design Information. Electr. Notes Theor. Comput. Sci. 131: 15-25 (2005) (Free University, Brussels)


Formal content analysis l.jpg

Formal Content Analysis

  • Concepts have complete partial orders that form lattices

  • Concept lattices allow variations

    • not all mammals have legs

    • all legless mammals share other properties

  • Properties are still class relations and characteristics

  • Similar patterns form neighborhoods

    Frank Buchli, Detecting Software Patterns Using Formal Concept Analysis, thesis, University of Bern, 2003 (advisor Oscar Nierstrasz).


Detecting patterns in comments l.jpg

Detecting Patterns in Comments

  • “To identify the application of a pattern we search the log messages for the pattern name co-occurring with keywords taken from the pattern’s intend (italic words in the appendix) or the word ‘pattern.’”

  • Michael Hasler, “A Quantitative Study of the Application of Design Patterns in Java”, Working Papers on Information Processing and Information Management Nr. 01/2003, Institute of Information Processing and Information Management


Theorem prover l.jpg

Theorem Prover

  • Uses sigma calculus denotational semantics

  • Theorem prover based on reduction rules

  • Reduction rules make it easier to express equivalence variations (reduce this to that)

  • Reduction rules scale to patterns of patterns

  • Richer property and relationship semantics

    J. M. Smith and D. Stotts. SPQR: flexible automated design pattern extraction from source code. In Proc. Of the 18th IEEE International Conference on Automated Software Engineering, pages 215-224, October 2003. (UNC, results?)


Basic pattern components l.jpg

Basic Pattern Components

Client

Objectifier

action()

Virtual Operation()

Objectifier

ConcreteObjectifier

Concrete Operation()

Initiator

Handler

makeRequest()

handleRequest()

Object Recursion

Terminator

Recursor

handleRequest()

handleRequest()


Task of pattern detection15 l.jpg

Task of Pattern Detection

  • Given a set of patterns, P

  • Given a program, X

  • Identify the presence of all patterns p in X, where p is an element of P

    Our potential objective

  • Given sets of security patterns for specific security concerns

  • Confirm use of a known security pattern for each concern


Security pattern verification l.jpg

Security Pattern Verification?

  • Probabilistic matching doesn’t give much assurance (bad)

  • SPQR is formal and gives proof (good)

  • SPQR requires writing denotational semantics (bad)

  • Most work demonstrate only simple examples

  • Security patterns are large, perhaps less prone to ambiguity

  • We know what we seek (small search space)


  • Login