Hoan Nguyen Robert Dyer Tien N Nguyen Hridesh Rajan currently at the Bowling Green State University Lack of API specifications is a critical SE problem Specifications Pre Q Post ie behavioral specifications ID: 371346
Download Presentation The PPT/PDF document "Mining Preconditions of APIs in Large-Sc..." is the property of its rightful owner. Permission is granted to download and print the materials on this web site for personal, non-commercial use only, and to display it on your personal computer provided you do not modify the materials and that you retain all copyright notices contained in the materials. By downloading content from our website, you accept the terms of this agreement.
Slide1
Mining Preconditions of APIs in Large-Scale Code Corpus
Hoan
Nguyen
Robert Dyer*
Tien
N. Nguyen
Hridesh Rajan
*currently at the Bowling Green State UniversitySlide2
Lack of API specifications is a critical SE problem
Specifications: Pre { Q } Post, i.e. behavioral specificationsSelf-perpetuating cycle affecting high assurance systems: since APIs are not specified, lot harder and costlier to specify client code
Specification inference: given code auto-create specs
Existing work has focused on single project. Consequently, inference bounded by project-specific conditions
Big code: readily available, large # of projects (10
3 – 106)
Q: Will consensus across large number of projects help? Goal: show feasibility, effectiveness for preconditionsTechnique to infer preconditions, apply to a large chunk of JDK
Compare with expert-written preconditions from JML specsHigh precision, identify missing and new preconditions
2Slide3
3
void m(…) {//pre: ?
…
lib.api(); …} //post: ?
void m(…) {//pre: P
… lib.api(); //
pre: ? …} //post: QReason, verify
void m(…) {//
pre:P
? … lib.api
(); //
pre: ?
…
} //
post:Q
?
Missing Spec
void m(…) {//pre: P
…
lib.api
(); //
pre: P’ …} //post: Q
Our workSlide4
4
0
<= beginIndex
beginIndex
<=
endIndex
endIndex <= length();
public
String substring(
int
beginIndex
,
int
endIndex
)
throws
StringIndexOutOfBoundsException
;
Preconditions: Constraints on receiver and parameters that
m
ust be
true right before calling the
API
Challenges:
Manually specifying can be costly.
Not too many APIs are released with preconditions.Slide5
5
Can we mine preconditions automatically?Slide6
6
Related work: focuses on single projects
[Ernst et al. 99, Flanagan et al. 01, Weimer
et al. 05, Wei et al. 11, Ramanathan et al. 07]Slide7
7
Challenge:
separate project specific constraints (chaff) mixed with API specific preconditions (wheat)Slide8
8
This work: use consensus across large number of projects to separate wheat from chaffSlide9
9
Key Ideas
Preconditions can be mined from guarded conditions at the call sites of the code using the APIs
Preconditions
mined from multiple projects in a large-scale code corpus can be used to filter out chaffSlide10
10
Client code of API
String.substring
(int,int) in project
SeMoA at revision 1929
completePath_.substring(servletPathStart
, extraPathStart)
servletPathStart >= 0
extraPathStart >= 0servletPathStart <= completePath_.length()
extraPathStart <= completePath_.length()
servletPathStart
<=
extraPathStart
Key Ideas
Preconditions can be mined from guarded conditions at the call sites of the code using the APIs
Preconditions mined from multiple projects in a large-scale code corpus can be used to filter out
chaffSlide11
11
Entry
Exit
string.substring
(start, end)
c1
start > end
Exit
do_true
do_false
true
false
true
false
substring (
int
,
int
): {start <= end}
client method
class
String
...
substring (
int
,
int
)
...
Build CFG
API call is control-dependent on exactly one branch of the condition
Key Ideas
Preconditions can be mined from guarded conditions at the call sites of the code using the
APIs: a.
extract
,
b. normalize
Preconditions mined from multiple projects in a large-scale code corpus can be used to filter out
chaffSlide12
12
s < t
t > s
s – t < 0
t – s > 0
s – t == 0
s == t
s <= 12
Key Ideas
Preconditions can be mined from guarded conditions at the call sites of the code using the
APIs:
a. extract
,
b.
normalize
Preconditions mined from multiple projects in a large-scale code corpus can be used to filter out
chaffSlide13
13
s < t
t > s
s – t < 0
t – s > 0
s – t == 0
s == t
s < t
Normalize
s <= 12
Key Ideas
Preconditions can be mined from guarded conditions at the call sites of the code using the
APIs:
a. extract
,
b.
normalize
Preconditions mined from multiple projects in a large-scale code corpus can be used to filter out
chaffSlide14
14
s < t
t > s
s – t < 0
t – s > 0
s – t == 0
s == t
s < t
s == t
Normalize
s <= 12
Key Ideas
Preconditions can be mined from guarded conditions at the call sites of the code using the
APIs:
a. extract
,
b.
normalize
Preconditions mined from multiple projects in a large-scale code corpus can be used to filter out
chaffSlide15
15
completePath_.substring
(
servletPathStart, extraPathStart)
completePath_.charAt
(
servletPathStart) == ‘/’
completePath_.charAt(extraPathStart) == ‘/’
Key Ideas
Preconditions can be mined from guarded conditions at the call sites of the code using the APIs
Preconditions mined from multiple projects in a large-scale code corpus can be used to filter out chaffSlide16
16
api
()
C1
C3
C2
api
()
C1
C3
C2
api
()
C1
C3
C2
Key Ideas
Preconditions can be mined from guarded conditions at the call sites of the code using the APIs
Preconditions mined from multiple projects in a large-scale code corpus can be used to filter out chaffSlide17
17
api
()
C1
C3
C2
api
()
C1
C3
C2
api
()
C1
C3
C2
api
()
C1
C3
C2
api
()
C1
C3
C2
api
()
C1
C3
C2
api
()
C1
C3
C2
api
()
C1
C3
C2
api
()
C1
C3
C2
Key Ideas
Preconditions can be mined from guarded conditions at the call sites of the code using the APIs
Preconditions mined from multiple projects in a large-scale code corpus can be used to filter out chaffSlide18
18
api
()
C1
C3
C2
api
()
C1
C3
C2
api
()
C1
C3
C2
api
()
C1
C3
C2
api
()
C1
C3
C2
api
()
C1
C3
C2
api
()
C1
C3
C2
api
()
C1
C3
C2
api
()
C1
C3
C2
api
()
C1
C3
C2
api
()
C1
C3
C2
api
()
C1
C3
C2
api
()
C1
C3
C2
api
()
C1
C3
C2
api
()
C1
C3
C2
api
()
C1
C3
C2
api
()
C1
C3
C2
api
()
C1
C3
C2
api
()
C1
C3
C2
api
()
C1
C3
C2
api
()
C1
C3
C2
Key Ideas
Preconditions can be mined from guarded conditions at the call sites of the code using the APIs
Preconditions mined from multiple projects in a large-scale code corpus can be used to filter out chaffSlide19
api
()
C1
C3
C2
C2
api
()
C1
C3
api
()
C1
C3
C2
19
api
()
C1
C3
C2
api
()
C1
C3
C2
api
()
C1
C3
C2
api
()
C1
C3
C2
api
()
C1
C3
C2
api
()
C1
C3
C2
api
()
C1
C3
C2
api
()
C1
C3
C2
api
()
C1
C3
C2
api
()
C1
C3
C2
api
()
C1
C3
C2
api
()
C1
C3
C2
api
()
C1
C3
C2
api
()
C1
C3
C2
api
()
C1
C3
C2
api
()
C1
C3
C2
api
()
C1
C3
C2
api
()
C1
C3
C2
api
()
C1
C3
C2
api
()
C1
C3
C2
api
()
C1
C3
C2
api
()
C1
C3
C2
api
()
C1
C3
C2
api
()
C1
C3
C2
api
()
C1
C3
C2
api
()
C1
C3
C2
api
()
C1
C3
C2
api
()
C1
C3
C2
api
()
C1
C3
C2
api
()
C1
C3
C2
api
()
C1
C3
C2
api
()
C1
C3
C2
api
()
C1
C3
C2
api
()
C1
C3
C2
api
()
C1
C3
C2
api
()
C1
C3
C2
api
()
C1
C3
C2
api
()
C1
C3
C2
api
()
C1
C3
C2
Key Ideas
Preconditions can be mined from guarded conditions at the call sites of the code using the APIs
Preconditions mined from multiple projects in a large-scale code corpus can be used to filter out chaffSlide20
20
api
()
C1
C3
C2
C2
api
()
C1
C3
api
()
C1
C3
C2
api
()
C1
C3
C2
api
()
C1
C3
C2
api
()
C1
C3
C2
api
()
C1
C3
C2
api
()
C1
C3
C2
api
()
C1
C3
C2
api
()
C1
C3
C2
api
()
C1
C3
C2
api
()
C1
C3
C2
api
()
C1
C3
C2
api
()
C1
C3
C2
api
()
C1
C3
C2
api
()
C1
C3
C2
api
()
C1
C3
C2
api
()
C1
C3
C2
api
()
C1
C3
C2
api
()
C1
C3
C2
api
()
C1
C3
C2
api
()
C1
C3
C2
api
()
C1
C3
C2
api
()
C1
C3
C2
api
()
C1
C3
C2
api
()
C1
C3
C2
api
()
C1
C3
C2
api
()
C1
C3
C2
api
()
C1
C3
C2
api
()
C1
C3
C2
api
()
C1
C3
C2
api
()
C1
C3
C2
api
()
C1
C3
C2
api
()
C1
C3
C2
api
()
C1
C3
C2
api
()
C1
C3
C2
api
()
C1
C3
C2
api
()
C1
C3
C2
api
()
C1
C3
C2
api
()
C1
C3
C2
api
()
C1
C3
C2
api
()
C1
C3
C2
api
()
C1
C3
C2
C2
api
()
C1
C3
api
()
C1
C3
C2
api
()
C1
C3
C2
api
()
C1
C3
C2
api
()
C1
C3
C2
api
()
C1
C3
C2
api
()
C1
C3
C2
api
()
C1
C3
C2
api
()
C1
C3
C2
api
()
C1
C3
C2
api
()
C1
C3
C2
api
()
C1
C3
C2
api
()
C1
C3
C2
api
()
C1
C3
C2
api
()
C1
C3
C2
api
()
C1
C3
C2
api
()
C1
C3
C2
api
()
C1
C3
C2
api
()
C1
C3
C2
api
()
C1
C3
C2
api
()
C1
C3
C2
api
()
C1
C3
C2
api
()
C1
C3
C2
api
()
C1
C3
C2
api
()
C1
C3
C2
api
()
C1
C3
C2
api
()
C1
C3
C2
api
()
C1
C3
C2
api
()
C1
C3
C2
api
()
C1
C3
C2
api
()
C1
C3
C2
api
()
C1
C3
C2
api
()
C1
C3
C2
api
()
C1
C3
C2
api
()
C1
C3
C2
api
()
C1
C3
C2
api
()
C1
C3
C2
api
()
C1
C3
C2
api
()
C1
C3
C2
api
()
C1
C3
C2
api
()
C1
C3
C2
api
()
C1
C3
C2
C2
api
()
C1
C3
api
()
C1
C3
C2
api
()
C1
C3
C2
api
()
C1
C3
C2
api
()
C1
C3
C2
api
()
C1
C3
C2
api
()
C1
C3
C2
api
()
C1
C3
C2
api
()
C1
C3
C2
api
()
C1
C3
C2
api
()
C1
C3
C2
api
()
C1
C3
C2
api
()
C1
C3
C2
api
()
C1
C3
C2
api
()
C1
C3
C2
api
()
C1
C3
C2
api
()
C1
C3
C2
api
()
C1
C3
C2
api
()
C1
C3
C2
api
()
C1
C3
C2
api
()
C1
C3
C2
api
()
C1
C3
C2
api
()
C1
C3
C2
api
()
C1
C3
C2
api
()
C1
C3
C2
api
()
C1
C3
C2
api
()
C1
C3
C2
api
()
C1
C3
C2
api
()
C1
C3
C2
api
()
C1
C3
C2
api
()
C1
C3
C2
api
()
C1
C3
C2
api
()
C1
C3
C2
api
()
C1
C3
C2
api
()
C1
C3
C2
api
()
C1
C3
C2
api
()
C1
C3
C2
api
()
C1
C3
C2
api
()
C1
C3
C2
api
()
C1
C3
C2
api
()
C1
C3
C2
api
()
C1
C3
C2
C2
api
()
C1
C3
api
()
C1
C3
C2
api
()
C1
C3
C2
api
()
C1
C3
C2
api
()
C1
C3
C2
api
()
C1
C3
C2
api
()
C1
C3
C2
api
()
C1
C3
C2
api
()
C1
C3
C2
api
()
C1
C3
C2
api
()
C1
C3
C2
api
()
C1
C3
C2
api
()
C1
C3
C2
api
()
C1
C3
C2
api
()
C1
C3
C2
api
()
C1
C3
C2
api
()
C1
C3
C2
api
()
C1
C3
C2
api
()
C1
C3
C2
api
()
C1
C3
C2
api
()
C1
C3
C2
api
()
C1
C3
C2
api
()
C1
C3
C2
api
()
C1
C3
C2
api
()
C1
C3
C2
api
()
C1
C3
C2
api
()
C1
C3
C2
api
()
C1
C3
C2
api
()
C1
C3
C2
api
()
C1
C3
C2
api
()
C1
C3
C2
api
()
C1
C3
C2
api
()
C1
C3
C2
api
()
C1
C3
C2
api
()
C1
C3
C2
api
()
C1
C3
C2
api
()
C1
C3
C2
api
()
C1
C3
C2
api
()
C1
C3
C2
api
()
C1
C3
C2
api
()
C1
C3
C2
Key Ideas
Preconditions can be mined from guarded conditions at the call sites of the code using the APIs
Preconditions mined from multiple projects in a large-scale code corpus can be used to filter out chaffSlide21
21
Client method
M
1Conditions
0 <= start
start <= endend <= lengthcontains(‘@’)
Build CFG
ExtractandNormalize
api
(...)
Key Ideas
Preconditions can be mined from guarded conditions at the call sites of the code using the APIs
Preconditions mined from multiple projects in a large-scale code corpus can be used to filter out chaffSlide22
22
Client method
M
1Conditions
0 <= start
start <= endend <= lengthcontains(‘@’)
Build CFG
ExtractandNormalize
Infer
0 <= start
start <= end
end <= length
Client method
M
N
0 < start
start <= end
end <= length
ends(‘\n’)
Client method
M
2
...
Preconditions
0 = start
start <= end
end <= length
starts(‘/’)
api
(...)
Build CFG
Extract
and
Normalize
Build CFG
Extract
and
Normalize
Filter
and
Rank
Candidate
Preconditions
0 <= start
start <= end
end <= length
contains(‘@’)
api
(...)
api
(...)
Key Ideas
Preconditions can be mined from guarded conditions at the call sites of the code using the APIs
Preconditions mined from multiple projects in a large-scale code corpus can be used to filter out
chaff: a. infer, b. filter and rankSlide23
23
s < t
t > s
s – t < 0
t – s > 0
s – t == 0
s == t
s < t
s == t
s <= t
Normalize
Infer
s <= 12
Key Ideas
Preconditions can be mined from guarded conditions at the call sites of the code using the APIs
Preconditions mined from multiple projects in a large-scale code corpus can be used to filter out
chaff: a.
infer
, b. filter and rankSlide24
24
s < t
t > s
s – t < 0
t – s > 0
s – t == 0
s == t
s < t
s == t
s <= t
s <= 12
confidence >
confidence <
s <= t
Normalize
Filter and Rank
Infer
s <= 12
s <= 12
Key Ideas
Preconditions can be mined from guarded conditions at the call sites of the code using the APIs
Preconditions mined from multiple projects in a large-scale code corpus can be used to filter out
chaff: a. infer, b.
filter and rankSlide25
25
Are mined preconditions useful?
How accurately do we mine preconditions?Slide26
Evaluation – Accuracy
26
Data collection
SourceForgeApache
Projects3,413
146Total source files497,453132,951
Total classes600,274173,120Total methods4,735,151
1,243,911Total SLOCs
92,495,41025,117,837Total used JDK classes
806 (63%)
918 (72%)
Total used JDK methods
7,592 (63%)
6,109 (55%)
Total method calls
22,308,251
5,544,437
Total JDK method calls
5,588,487
1,271,210
Almost 120 millions SLOCsSlide27
Evaluation – Accuracy
27
Data collection
SourceForgeApache
Projects3,413
146Total source files497,453132,951
Total classes600,274173,120Total methods4,735,151
1,243,911Total SLOCs
92,495,41025,117,837Total used JDK classes
806 (63%)
918 (72%)
Total used JDK methods
7,592 (63%)
6,109 (55%)
Total method calls
22,308,251
5,544,437
Total JDK method calls
5,588,487
1,271,210
63% (55%) JDK methods are used in
SourceForge
(Apache)Slide28
Evaluation – Accuracy
28
Data collection
SourceForgeApache
Projects3,413
146Total source files497,453132,951
Total classes600,274173,120Total methods4,735,151
1,243,911Total SLOCs
92,495,41025,117,837Total used JDK classes
806 (63%)
918 (72%)
Total used JDK methods
7,592 (63%)
6,109 (55%)
Total method calls
22,308,251
5,544,437
Total JDK method calls
5,588,487
1,271,210
One-fourth of method calls are to
JDK APIsSlide29
Evaluation – Accuracy
29
Data collection
Building ground-truthExtracting preconditions from published formal specification for JDK APIs
on JML website797 Methods, 1155 preconditions
/*@ public
normal_behavior @
requires 0 <=
beginIndex
@
&&
beginIndex
<=
endIndex
@
&&
endIndex
<= length();
@
…
/*@
public
behavior
@
…
@
signals
(
NoSuchElementException
)
isEmpty
();
@*/
www.jmlspecs.org
Slide30
Accuracy over Preconditions
30
Precision
RecallTimeSourceForge84%
79%17h35m
Apache82%75%34m
Both83%80%18h03m
~ 1 minute to come up with a preconditionSlide31
Accuracy over Preconditions
31
Precision
RecallTimeSourceForge84%
79%17h35m
Apache82%75%34m
Both83%80%18h03m
5 preconditions are newly found for the JDK API methods that has already had JML specificationsSlide32
Types of Incorrectly-mined Preconditions
Type 1. The mined preconditions are stronger than specifiedjava.util.List.add(Object
obj): obj != null
32
DatasetTotal
StrongerSpecificAnalysis Error
SourceForge173118532
Apache187
121651
Both195
129
66
0
Type 2. The mined preconditions are project-specific, but common
java.lang.Math.min
(double a, double b):
a > 0, b > 0
Type 3. The mined preconditions are incorrect due to error in analysis
java.lang.StringBuffer.ensureCapacity
(
int
capacity):
capacity <= 0
Developers sometimes check stronger preconditions than specifiedSlide33
Types of Missing Preconditions
Private
No
callNo occurLow confidence
SourceForge4%4%
9%3%Apache
5%5%12%3%Both
5%2%
10%4%
Preconditions involve private element(s) of classes
Type 1. Private
APIs are never called
Type 2. No call
Preconditions are never checked
Type 3. No occur
Preconditions are checked with low confidence
Type 4. Low frequency
Some preconditions are never checked due to the semantics of the client codeSlide34
Accuracy by size
34
SourceForge
ApacheSlide35
35
Usefulness Evaluation
Can we help create new specifications?
ClassMethod
SuggestAcceptStringBuffer
delete(int,int)3
Yreplace(int,int,String)2Y*
setLength(int)
1Y
subSequence(int,int)
3
Y
substring(
int,int
)
3
Y
LinkedList
add(
int,Object
)
2
Y
addAll(int,Collection)3Y
get(
int
)
2
YlistIterator(int)2
Y
remove(
int
)
2
Y
set(
int,Object
)
2
Y
2 classes
11 methods
25Slide36
36
Usefulness Evaluation
Web-based Survey
http://
boa.cs.iastate.edu
/jmlSlide37
37
Lack of API specifications, a critical hurdle for high assurance SE, can potentially be overcome by leveraging big code mining. We show feasibility for preconditions.
boa.cs.iastate.eduSlide38
38Slide39
while
(
ch.equals(" ") ||
ch.equals("\t") || ch.equals
("\n") ||
ch.equals("\f") ||
ch.equals("\r")) { start++;
if (start >=
lenMacro)
break
;
ch
=
macro.substring
(start, 1);
}
A precondition-related bug in project MSS Code Factory
39Slide40
while
(
ch.equals(" ") ||
ch.equals("\t") || ch.equals
("\n") ||
ch.equals("\f") ||
ch.equals("\r")) { start++;
if (start >=
lenMacro)
break
;
ch
=
macro.substring
(start, 1)
;
}
A precondition-related bug in project MSS Code Factory
40
StringIndexOutOfBoundsException
when string macro is emptySlide41
while
(
ch.equals(" ") ||
ch.equals("\t") || ch.equals
("\n") ||
ch.equals("\f") ||
ch.equals("\r")) { start++;
if (start >=
lenMacro)
break
;
ch
=
macro.substring
(start, 1)
;
}
macro.substring
(start, start + 1)
A precondition-related bug fix in project MSS Code Factory
41
fix bugSlide42
Study on precondition-related bug fixing
Data collectionProjects: 3,413Revisions: ~2M
Fixing revisions: ~370,000MethodologyComparing code before and after changeIdentifying fixing changes that added precondition(s) for a JDK API
candidatesVerifying candidates manually42Slide43
Study on the precondition-related bug fixing
ResultCandidates:3,130 fixing revisions4,399 API call sites
Manually verify a sample of 100 call sites80 are actually related to missing preconditionsNull-pointer and Index-out-of-bounds exceptions are the most common
43Slide44
Related Precondition Mining Approaches
Dynamic approachesErnst et al. [ICSE’99] detects program invariants via running test casesWeimer et al. [TACAS’05] mine temporal specification from error handling paths
Wei et al. [ICSE’11] infer complex post-conditions from simple programmer-written ones44Slide45
Related Precondition Mining Approaches
Static approachesSeveral approaches mine the temporal specifications between method callsRamanathan et al. [PLDI’07] combine program analysis and data mining to infer preconditions
45Slide46
Accuracy with added technical components
46
SourceForge
ApacheSlide47
Conclusions
Mining API preconditions from large code corpus120 million SLOCs on SourceForge and Apache
High accuracyRecall: 75–80% and Precision: 82–84%Found 5 missing preconditionsUseful for writing specificationsAll suggestions are accepted by specification writer
81% of survey participants47Slide48
Evaluation – Accuracy
48
Data collection
SourceForgeApache
Projects3,413
146Total source files497,453132,951
Total classes600,274173,120Total methods4,735,151
1,243,911Total SLOCs
92,495,41025,117,837Total used JDK classes
806 (63%)
918 (72%)
Total used JDK methods
7,592 (63%)
6,109 (55%)
Total method calls
22,308,251
5,544,437
Total JDK method calls
5,588,487
1,271,210Slide49
Evaluation – Accuracy
49
Data collection
SourceForgeApache
Projects3,413
146Total source files497,453132,951
Total classes600,274173,120Total methods4,735,151
1,243,911Total SLOCs
92,495,41025,117,837Total used JDK classes
806 (63%)
918 (72%)
Total used JDK methods
7,592 (63%)
6,109 (55%)
Total method calls
22,308,251
5,544,437
Total JDK method calls
5,588,487
1,271,210Slide50
Building ground-truth
50
Number of methods: 797
Number of preconditions: 1155Slide51
Evaluation – Accuracy
51
Data collection
Building ground-truthExtracting preconditions from published formal specification for JDK APIs
on JML website
MetricsPrecision
RecallSlide52
Newly Found Preconditions
52
5 preconditions are newly found for the JDK API methods that has already had JML specifications
MethodPrecondition
String. getChars(int,int,char
[],int)arg3 >= 0StringBuffer.append
(char[])arg0 != nullBitSet.flip(int, int)
arg0 <= arg1BitSet.set(
int, int)arg0 <= arg1
BitSet.set(
int
,
int
,
boolean
)
arg0 <= arg1Slide53
Types of Incorrectly-mined Preconditions
Type 1. The mined preconditions are stronger than specifiedjava.util.List.add(Object
obj): obj != null
53if
(obj
!= null)
list.add(obj);Slide54
Types of Incorrectly-mined Preconditions
Type 1. The mined preconditions are stronger than specifiedjava.util.List.add(Object
obj): obj != null
54
Type 2. The mined preconditions are project-specific
java.lang.Math.min
(double a, double b): a > 0, b > 0
if
(a > 0 && b > 0)
a = Math.min(a, b);Slide55
Types of Incorrectly-mined Preconditions
Type 1. The mined preconditions are stronger than specifiedjava.util.List.add(Object
obj): obj != null
55
Type 2. The mined preconditions are project-specific
java.lang.Math.min
(double a, double b): a > 0, b > 0
Type 3. The mined preconditions are incorrect due to error in analysis
java.lang.StringBuffer.ensureCapacity
(
int
capacity):
capacity <= 0
if
(capacity <= 0) {
capacity
= -capacity
;
strBuf.ensureCapacity
(capacity);
}Slide56
Evaluation – Usefulness
Suggesting preconditions for writing formal specificationWeb-based survey
56Slide57
Suggesting Preconditions for Writing Formal Specification
Chose 2 classes in JDK that had methods without specificationsUsed mined preconditions to create preconditions for those methods in JML syntaxSent to JML team
57Slide58
Suggesting Preconditions for Writing Formal Specification
Class
MethodSuggest
AcceptStringBufferdelete(int,int)
3Y
replace(int,int,String)2Y*
setLength(int)1Y
subSequence(int,int)
3Y
substring(int,int)
3
Y
LinkedList
add(
int,Object
)
2
Y
addAll
(
int,Collection
)
3
Yget(int)2Y
listIterator
(
int
)
2Yremove(int)2Y
set(
int,Object
)
2
Y
2 classes
11 methods
25
58Slide59
Web-based Surveyhttp://boa.cs.iastate.edu/jml/
59
API methodSlide60
Web-based Surveyhttp://boa.cs.iastate.edu/jml/
60
Documentation linksSlide61
Web-based Surveyhttp://boa.cs.iastate.edu/jml/
61
Mined preconditionsSlide62
Web-based Surveyhttp://boa.cs.iastate.edu/jml/
62
Rating on correctnessSlide63
Web-based Surveyhttp://boa.cs.iastate.edu/jml/
63
Rating on correctness
Rating on usefulness