Patent Application
20090089810
This invention relates generally to the field of software verification and, more specifically, to a system and a method for generating a closed homogeneous non-distributed application from open heterogeneous distributed applications.
Formal verification techniques usually work for closed homogeneous non-distributed applications. For example, taking Java as an example language and model checking as an example verification method, Java model-checking techniques work for programs that are self-executable, written in pure Java and ready to run on a single Java Virtual Machine (JVM). However, there are many applications that are open, heterogeneous, and distributed in nature, e.g., web applications, which are: 1) driven by an end user; 2) comprised of artifacts written in many languages (e.g., Java, JavaScript, HTML, and XML); 3) deployed in a distributed environment, with client, server, and database potentially residing on different machines. To apply Java model-checking techniques, all non-Java components [including a user] need to be represented as pure Java implementations. In addition, the distributed nature of applications needs to be dealt with so that the resulting Java program is non-distributed but preserves all of the relevant behaviors of the original application. As with all such processing operations, of critical importance are issues relating to speed, accuracy, and automation.
The present invention provides a method and a system for generating a closed homogeneous non-distributed application (from open heterogeneous distributed applications) that substantially eliminates or reduces at least some of the disadvantages and problems associated with previous methods and systems.
In accordance with a particular embodiment of the present invention, a method is offered that includes executing processing on an open heterogeneous distributed application, whereby the application is partially written in Java code (although the methodology is equally applicable to other programming languages). The method further includes generating a closed homogeneous non-distributed Java application based on the open heterogeneous distributed application. In more specific embodiments, in generating the closed homogeneous non-distributed Java application, drivers and stubs are generated. Once drivers and stubs are generated, they are combined with an original application-specific code base (generally called a module under analysis) to produce the closed homogeneous non-distributed Java application. In the domain of web applications, driver generation produces a Java implementation of a user component, along with setting up an event-handling mechanism of an application, which is done at deployment, whereby the stub generation replaces various back-end components (e.g., database and J2EE components) with Java implementations that preserve important behaviors. The end result, the closed homogeneous non-distributed Java application, is purely Java.
Technical advantages of particular embodiments of the present invention include a methodology that is packaged as a stand-alone tool. The method for environment generation for open, heterogeneous, distributed applications is used as a stand-alone tool, which is capable of being used in combination with model-checking, static analysis, or testing. In addition, the tool can be configured and extended based on specific domains. Thus, such tools can be applied to a variety of applications. Also, the method produces drivers and stubs, which can be thought of as test harnesses that can be used by several technologies such as model-checking, static analysis, and testing.
Other technical advantages will be readily apparent to one skilled in the art from the following figures, descriptions, and claims. Moreover, while specific advantages have been enumerated above, various embodiments may include all, some or none of the enumerated advantages.
For a more complete understanding of particular embodiments of the invention and their advantages, reference is now made to the following descriptions, taken in conjunction with the accompanying drawings, in which:
In accordance with the teachings of example embodiments of the present invention, a system for effectively providing environment generation for web applications is offered. Such a methodology can transform open heterogeneous distributed web applications, partially written in Java, into closed homogeneous non-distributed Java programs, ready to be analyzed by formal verification techniques (e.g., such as Java model-checking).
The technique provides for the generation of drivers and stubs. Driver generation produces a Java implementation of a user component, along with setting up the event-handling mechanism of web applications, done at deployment. Stub generation can replace actual components, such as database and J2EE components, with Java implementations that preserve important behaviors, but that run in a non-distributed program. Once drivers and stubs are generated, they are combined with the original application-specific code base (excluding original libraries) to produce a closed homogeneous non-distributed Java program.
There is a multitude of advantages to using such an approach. For example, the tendered methodology can be packaged as a stand-alone tool. In addition, the tools can be configured and extended based on specific domains. Thus, the tools can be applied to a variety of applications. Also, the method produces drivers and stubs, which can be thought of as test harnesses that can be used by several technologies such as model-checking, static analysis, and testing.
Turning back now to
Note that existing model-checking techniques, which are applicable only to closed homogeneous and non-distributed systems, require additional modeling: called environment generation. The present invention relates to generating test harness/test suite/test cases for detecting defects in open heterogeneous distributed applications. This is typically the first step of any testing/verification technique. The architecture of verification tools is usually published in white papers of products from companies and, therefore, it is relatively easy to identify similarities with these items and environment generation tools proposed by the present invention.
Thus, the system offered herein provides a method to generate a closed homogeneous non-distributed Java application from open heterogeneous distributed applications, partially written in Java. The environment generation for such applications can be packaged as a stand-alone tool, which can be used in combination with model-checking, static analysis, and testing. Such environment generation for model-checking Java implementations of open heterogeneous distributed applications is not currently accounted for in existing systems.
In regards to modeling primitives, special methods that model non-determinism in the environment are provided. Existing environment generation techniques are applicable to homogeneous systems only and rely on user specifications, generic static and dynamic analyses that work for pure Java implementations only.
Thus, new techniques are needed to process heterogeneous systems. Specifically, in the domain of web applications, new techniques are needed to process deployment descriptor files, which contain information about: 1) event-handling mechanisms, including event-handling mappings; 2) containment and lookup mechanisms; 3) nature of EJBs (entity and session beans, their lifecycle); and 4) authentication mechanisms used in a specific application.
All of these complex features are generated dynamically at deployment according to descriptor files and domain semantics. The resulting deployed application runs in a distributed environment, not currently handled by model-checking engines.
Effectively, an open system is closed with some component (e.g., a human component, or a Java representation of a human component). These systems are non-distributed, where only a single machine is employed. In the final resolution, everything will be pure Java, as whatever components were non-Java would be translated.
Application code, which is code typically written by developers of web applications, can be included within the center component (module 30) of
In regards to client code, driver generation covers two aspects: user scenarios and user inputs. Scenarios (sequences of events) reuse existing techniques of generating code from automata-based descriptions. They also can use UML-based, XML-based descriptions, and/or WAVE specifications.
To generate user inputs, driver generation supports identification of constant strings (e.g., “userName”) denoting places where a user can input data, e.g., his or her user name. The set of such placeholders is finite: identification is done using static analysis. The placeholders are filled with concrete values (e.g., “J. Smith”), symbolic, or abstract values. Static analysis can be used find domain partitioning and generate all relevant concrete values.
Note that at least one point of novelty in the illustration of
Turning now to stub generation, specifically with reference to libraries, many classes are modeled as containers (e.g., using Maps to keep keys and their values) using customized static analyses and domain-specific knowledge. EJBs are modeled using their semantics and descriptor files. The database can be modeled as a container that can hold information. Many of the libraries are implemented in a similar fashion. Note that for each domain, the stubs are different, so the semantics of the domain should be examined such that the generated Java code reflects these differences. Stubs can be reused across multiple applications from the same domain.
As is illustrated in
A similar example interaction is provided by
A number of case studies have been conducted to further test some aspects of the present invention. For example, SUN's Petstore was tested using the following parameters: 1) domain: J2EE libraries, xml descriptor files; 2) original codebase (excluding libs): 13K NC LOC (Non-Commenting Lines of Code). The environment generated for the Petstore example was 6.5K NC LOC, including the stubs for the library and the driver.
A second case study was performed using a different application, where the application represents a framework for developing web applications. Once the environment is generated, model checking can then be run. The application can be described using the following parameters: 1) domain: J2EE and the framework libraries, xml descriptor files; 2) original codebase (excluding libraries): 63.5K LOC (including comments). The environment generated for this example was 3K NC LOC.
In these scenarios, the architecture provided ideal environment generation techniques for web applications. An open system that is distributed (and not necessarily written in Java, as other languages can readily be used) can transform this data such that the final resultant is a homogenous, non-distributed pure Java program that is ready to be run by existing model-checking techniques (or other techniques such as static analysis). Even without use cases, drivers can be generated to produce useful test cases.
It is critical to note that the components illustrated in
Although the present invention has been described in detail with specific components being identified, various changes and modifications may be suggested to one skilled in the art and, further, it is intended that the present invention encompass any such changes and modifications as clearly falling within the scope of the appended claims.
Note also that, with respect to specific process flows disclosed, any steps discussed within the flows may be modified, augmented, or omitted without departing from the scope of the invention. Additionally, steps may be performed in any suitable order, or concurrently, without departing from the scope of the invention.
Numerous other changes, substitutions, variations, alterations, and modifications may be ascertained to one skilled in the art and it is intended that the present invention encompass all such changes, substitutions, variations, alterations, and modifications as falling within the scope of the appended claims.
