Presentation is loading. Please wait.

Presentation is loading. Please wait.

Copyright © 2015 NTT DATA Corporation Kazuo Kobori, NTT DATA Corporation Makoto Matsushita, Osaka University Katsuro Inoue, Osaka University SANER2015.

Published byKimberly Richards Modified over 9 years ago

Similar presentations

Presentation on theme: "Copyright © 2015 NTT DATA Corporation Kazuo Kobori, NTT DATA Corporation Makoto Matsushita, Osaka University Katsuro Inoue, Osaka University SANER2015."— Presentation transcript:

1 Copyright © 2015 NTT DATA Corporation Kazuo Kobori, NTT DATA Corporation Makoto Matsushita, Osaka University Katsuro Inoue, Osaka University SANER2015 Evolution Analysis for Accessibility Excessiveness in Java

2 2 Copyright © 2015 NTT DATA Corporation Introduction Access Modifier in Java controls the access of other classes to class/field/method. Proper use of access modifiers and controlling visibility are essential to well- encapsulated Java programming [1]. A discrepancy between the declared accessibility and actual usage of a field or method is called Accessibility Excessiveness (AE) here AE can be a cause of program faults due to unintended use of the fields or methods. Access Modifier Same Class PackageSubclassAny Class PublicOK ProtectedOK - DefaultOK -- PrivateOK--- [1] K. Arnold, J. Gosling and D. Holmes, “The Java Programming Language 4th Edition”, Prentice Hall, 2005

3 3 Copyright © 2015 NTT DATA Corporation Example of Research Motivation public class X { private String str = null; private void setString( ) { // (1) str = "hello"; } int getLength() { // (2) return str.length(); } public int getCorrectLength() { this.setString(); return this.getLength(); } We would like to get the length of String type variable “str” NullPointerException is happen. This procedure is implemented in public method “getCorrectLength()” to be called by external classes. public If the access modifier of method “getLength()” is not private but public (1) Substitute some string for variable “str” by calling method “setString()”. (2) Get the length of variable “str” by calling method “getLength()” Then, external class can execute (2) before execution of (1) private

4 4 Copyright © 2015 NTT DATA Corporation Existence of AE would be a bad smell of program 1.Immature Design and Programming Issues: 2.Maintenance Issues: 3.Security Vulnerability Issues: This problem shows the immaturity and carelessness of the designer and developer. Intentionally set AE for future use or for the purpose of being called from other programs. This is also mentioned in our tool implementation. It’s so difficult to judge an AE was made carelessly or intentionally. Developer’s manual judgments support is necessary for our tool. This is a future work. It needs strict investigation including consideration of using reflection. Method call using reflection would be detected by dynamic analysis approach. However, dynamic analysis is not easy for developers because it needs enough execution traces. An attacker may access an AE field and/or method. This is main target issue in our research.

5 5 Copyright © 2015 NTT DATA Corporation Contributions of this paper 1.Support developer to find AE from their programs. 2.Support developer to find the appropriate timing of AE analysis. We propose an AE classification model for the fields/methods of Java program. Based on this model, we also define AE metrics, which would be an indicator of bad smell of the target program. We present empirical results of AE analyses for various OSS systems, including transition patterns and evolution pattern of AE metrics.

6 6 Copyright © 2015 NTT DATA Corporation AE classification model The vertical column shows the declaration of an access modifier for a field or method in the source code. The horizontal row shows its actual usage from other objects. Each element in AE classification is an Accessibility Excessive identifier (AE id) which identifies each AE case. PublicProtectedDefaultPrivateNoAccess Publicpub-pubpub-propub-defpub-pripub-na Protectedxpro-propro-defpro-pripro-na Defaultxxdef-defdef-pridef-na Privatexxxpri-pripri-na

7 7 Copyright © 2015 NTT DATA Corporation AE classification model Categorize the classification into 3 groups 7 PublicProtectedDefaultPrivateNoAccess Publicpub-pubpub-propub-defpub-pripub-na Protectedxpro-propro-defpro-pripro-na Defaultxxdef-defdef-pridef-na Privatexxxpri-pripri-na (3) NA Those fields/methods are declared but they are never used. (1) AE Declaration scope is broader than actual usage scope. (2) Proper There is no discrepancy between the declaration and actual usage.

8 8 Copyright © 2015 NTT DATA Corporation AE analysis tool “ModiChecker” 1.ModiChecker reports all AE list and metrics. 2.Developer selects AE to be fixed. 3.ModiChecker fixes code automatically. MASU - http://sourceforge.net/projects/masu/

9 9 Copyright © 2015 NTT DATA Corporation Research Questions RQ1: Are the AE fields and methods are fixed in the next version? What is the AE state transition in the versions? We would like to step forward to analyze the evolution of source code. When AEs are created, changed and fixed?

10 10 Copyright © 2015 NTT DATA Corporation Target OSS projects 7 OSS projects were investigated in our research. –They have long development histories with sufficient version numbers.

11 11 Copyright © 2015 NTT DATA Corporation RQ1: What is the AE state transition in the versions? Transition Diagram of Access Modifiers between two versions –4 status –18 transition pattern Proper No Access AE No Existence a,p b c d e,q f g h i,r o l j m k n

12 12 Copyright © 2015 NTT DATA Corporation State Transition Ratio of Fields Transitions modifying AE are less than 1%. Transitions of “Not changed” are 53-97%. From “No Existence”, “Proper” is the largest transition destination.

13 13 Copyright © 2015 NTT DATA Corporation State Transition Ratio of Methods Transitions modifying AE are less than 1%. Transitions of “Not changed” are 51-96%. From “No Existence”, “No Access” is the largest transition destination.

14 14 Copyright © 2015 NTT DATA Corporation Answer to RQ1 RQ1: Are the AE fields/methods are fixed in the next version? What is the AE state transition in the versions? Answer to RQ1: Changing AE for the fields/methods are generally infrequent. Once AE is created, it’s fairly stable in the software evolution When is the best timing for developers to check AEs? RQ2: Do the AE metric values change over OSS evolution? If so, what is the evolution pattern?

15 15 Copyright © 2015 NTT DATA Corporation Change of # of AE Fields in Two Consecutive Versions of Ant Top 7 large AE field changings are occurred at the major version releases. Top 2 significant large AE field changing are “pro-pri” and “pub-pri”. Examined 22 versions of Ant from version 1.1 to 1.8.4, including 7 major version releases and 15 minor version releases.

16 16 Copyright © 2015 NTT DATA Corporation Change of # of AE Methods in Two Consecutive Versions of Ant Top 7 large AE method changings are occurred at the major version releases. Top 1 significant large AE method changing is “pub-na”. AE method changing means that the absolute value of the difference of the number of AE methods in two versions.

17 17 Copyright © 2015 NTT DATA Corporation Answer to RQ2 RQ2: Do the AE metric values change over OSS evolution? If so, what is the evolution pattern? Answer to RQ2: The numbers of some AE ids for fields and methods are largely changed at the major version releases, compared to the minor version releases. To confirm this, we have also conducted Mann-Whitney U test for each AE id with 5% significance level.

18 18 Copyright © 2015 NTT DATA Corporation Discussion: Correlation coefficient between AE and LOC LOC vs # of AE Fields LOC vs # of AE Methods Total Amount 0.930.98 Change Amount 0.850.69 Pearson's correlation coefficient There is a strong correlation between the total LOC and AE fields/methods. On the other hand, the correlation coefficient between the source code changes and the AE fields/methods changes is not so high. Change amount means that the absolute value of the difference of the number of AE fields in two versions.

19 19 Copyright © 2015 NTT DATA Corporation Conclusion Once AE is created, it’s fairly stable in the software evolution. We understood that it would be better for developers that they would like to check AEs before releasing new major version to find out potential bugs effectively. 1.For supporting developer to find AE from their programs. 2.For Supporting developer to find the appropriate timing of AE analysis. AE analysis tool “ModiChecker” implementing AE classification model supports developer to find AE from their programs. ModiChecker also supports them to fix the AE automatically.

20 Copyright © 2011 NTT DATA Corporation Copyright © 2013 NTT DATA Corporation

21 21 Copyright © 2015 NTT DATA Corporation Discussion 1.Summary 2.Open Question How can we judge whether AE was made carelessly or intentionally. -> Ask to developer. We defined Accessibility Excessiveness (AE) and found Once AE is created, it’s fairly stable. So we suggested releasing new major version is good timing to analyze AE.

22 22 Copyright © 2015 NTT DATA Corporation Example of Research Motivation Current program Main job Other objects Initialization Public method A Public method B Class X Directly invoke B Invoke Future modification OKOK 22

23 23 Copyright © 2015 NTT DATA Corporation Special cases 1.Interface and Abstract Method 1.They are detected and reported as No Access 2.Overriding Method 1.They are detected and reported as AE between the access modifier of the overridden method and its actual usage. 2.In dynamic binding cases, if a class accesses a method of a superclass, ModiChecker will consider that class also accesses the method of all subclasses of the superclass.

Download ppt "Copyright © 2015 NTT DATA Corporation Kazuo Kobori, NTT DATA Corporation Makoto Matsushita, Osaka University Katsuro Inoue, Osaka University SANER2015."

Similar presentations

OO Programming in Java Objectives for today: Overriding the toString() method Polymorphism & Dynamic Binding Interfaces Packages and Class Path.

OO Programming in Java Objectives for today: Overriding the toString() method Polymorphism & Dynamic Binding Interfaces Packages and Class Path.
Based on Java Software Development, 5th Ed. By Lewis &Loftus

Based on Java Software Development, 5th Ed. By Lewis &Loftus
Chapter 1 Object-Oriented Concepts. A class consists of variables called fields together with functions called methods that act on those fields.

Chapter 1 Object-Oriented Concepts. A class consists of variables called fields together with functions called methods that act on those fields.
Object-oriented Software Change Dynamic Impact Analysis Lulu Huang and Yeong-Tae Song Dept. of Computer and Information Sciences Towson University Towson,

Object-oriented Software Change Dynamic Impact Analysis Lulu Huang and Yeong-Tae Song Dept. of Computer and Information Sciences Towson University Towson,
METHOD OVERRIDING 1.Sub class can override the methods defined by the super class. 2.Overridden Methods in the sub classes should have same name, same.

METHOD OVERRIDING 1.Sub class can override the methods defined by the super class. 2.Overridden Methods in the sub classes should have same name, same.
A Metric for Software Readability by Raymond P.L. Buse and Westley R. Weimer Presenters: John and Suman.

A Metric for Software Readability by Raymond P.L. Buse and Westley R. Weimer Presenters: John and Suman.
Min Zhang School of Computer Science University of Hertfordshire

Min Zhang School of Computer Science University of Hertfordshire
Chapter 8 Inheritance Part 2. © 2004 Pearson Addison-Wesley. All rights reserved8-2 Outline Creating Subclasses Overriding Methods Class Hierarchies Inheritance.

Chapter 8 Inheritance Part 2. © 2004 Pearson Addison-Wesley. All rights reserved8-2 Outline Creating Subclasses Overriding Methods Class Hierarchies Inheritance.
ITEC200 – Week03 Inheritance and Class Hierarchies.

ITEC200 – Week03 Inheritance and Class Hierarchies.
Inheritance The objectives of this chapter are: To explore the concept and implications of inheritance Polymorphism To define the syntax of inheritance.

Inheritance The objectives of this chapter are: To explore the concept and implications of inheritance Polymorphism To define the syntax of inheritance.
Inheritance. Extending Classes It’s possible to create a class by using another as a starting point  i.e. Start with the original class then add methods,

Inheritance. Extending Classes It’s possible to create a class by using another as a starting point  i.e. Start with the original class then add methods,
Inheritance and Class Hierarchies Chapter 3. Chapter 3: Inheritance and Class Hierarchies2 Chapter Objectives To understand inheritance and how it facilitates.

Inheritance and Class Hierarchies Chapter 3. Chapter 3: Inheritance and Class Hierarchies2 Chapter Objectives To understand inheritance and how it facilitates.
(c) University of Washington03-1 CSC 143 Java Inheritance Reading: Ch. 10.

(c) University of Washington03-1 CSC 143 Java Inheritance Reading: Ch. 10.
Inheritance using Java

Inheritance using Java
C++ Object Oriented 1. Class and Object The main purpose of C++ programming is to add object orientation to the C programming language and classes are.

C++ Object Oriented 1. Class and Object The main purpose of C++ programming is to add object orientation to the C programming language and classes are.
Copyright © 2011 Pearson Education, Inc. Publishing as Pearson Addison-Wesley Taken from slides of Starting Out with C++ Early Objects Seventh Edition.

Copyright © 2011 Pearson Education, Inc. Publishing as Pearson Addison-Wesley Taken from slides of Starting Out with C++ Early Objects Seventh Edition.
“is a”  Define a new class DerivedClass which extends BaseClass class BaseClass { // class contents } class DerivedClass : BaseClass { // class.

“is a”  Define a new class DerivedClass which extends BaseClass class BaseClass { // class contents } class DerivedClass : BaseClass { // class.
CISC6795: Spring 6795 1 Object-Oriented Programming: Polymorphism.

CISC6795: Spring Object-Oriented Programming: Polymorphism.
Software Engineering Laboratory, Department of Computer Science, Graduate School of Information Science and Technology, Osaka University What Kinds of.

Software Engineering Laboratory, Department of Computer Science, Graduate School of Information Science and Technology, Osaka University What Kinds of.
Software Engineering Laboratory, Department of Computer Science, Graduate School of Information Science and Technology, Osaka University 1 Refactoring.

Software Engineering Laboratory, Department of Computer Science, Graduate School of Information Science and Technology, Osaka University 1 Refactoring.

Similar presentations

Ads by Google