Industry - Precise Detection of Un-Initialized Variables in Large, Real-life COBOL Programs in...
-
Upload
icsm-2011 -
Category
Technology
-
view
307 -
download
0
description
Transcript of Industry - Precise Detection of Un-Initialized Variables in Large, Real-life COBOL Programs in...
Precise Detection of Un-Initialized Variables
1
In Large, Real-life Cobol ProgramsIn Presence Of Unrealizable Paths
Adnan Contractor Ravindra NaikRahul Jiresal
Agenda
� Motivation� Un-Initialized Variables� Results� Unrealizable Paths� Solution� Heuristics
2
� Heuristics
Typical Maintenance Scenario
Conjecture
Failure
• Re-produce• Analysis
Code Changes
• Testing• Production
Change Request
• Understand• Impact
Analysis
3
Changes Delivered
Failures & Efforts
AutomatedTools
Code Change
Analysis
Conjecture
Background
• Core banking product• Stable back-office COBOL
applications• Over 1 million transactions daily
Concerns
• Repeated failure of transactions• Not so-easily-reproducible failures• Longer turn-around time
Case Study
4
Transaction for change of base
branch fails randomly
Not yet fixed
A Forex transaction failing only after 6PM
5 days1 day
Recurring Deposit account closure fails whenever
triggered at the same time at two different branches
8 months10 days
Examples…
Case Study
Request for RD acct closure
Customer Banker
Branch A
Check Balance
Notify balance to customer
5
Customer Banker
Fire Close acct command
Request for RD acct closure
Check Balance
Notify balance to customer
Fire Close acct command
Customer Banker
Branch B
Un-Initialized Variables
double calculatePoints(char cardType, double amt)
1 float rate;double points;
1
2
4
6
double points;2 if (cardType == ‘G’)3 rate = 0.005;4 elseif (cardType == ‘S’)5 rate = 0.001;6 points = amt * rate;7 return points;
3
4
5
6
7
Results
ProgramUn-Initialized
Variables Instances
AB0000 1317 6090
CR0000 1173 4313
CR0025 336 871
7
Context-insensitive Analysis Results
CR0025 336 871
CR7070 74 253
AB0024 59 120
Results
4000
5000
6000
7000
Un-Initialized Variables
8
Program
0
1000
2000
3000
4000
AB0000 CR0000 CR0025 CR7070 AB0024
Context-insensitive
Context-sensitive
Context-Insensitive Analysis
1. A.2. MOVE 0 TO VA3. PERFORM P.4. 5. B.6. MOVE 1 TO VB
Paragraph • Paragraph - A set of statements represented by a label. Can be executed as a unit.
• Perform - Using PERFORM statement
9
6. MOVE 1 TO VB7. MOVE 1 TO VA8. PERFORM P9. MOVE VB TO MV.10. 11. P.12. MOVE 5 TO VF.
Perform• Perform - Using PERFORM statement one can execute a paragraph.
Context-Insensitive Analysis
1. A.2. MOVE 0 TO VA3. PERFORM P.4. 5. B.6. MOVE 1 TO VB
2
E
6
E
12
E
10
6. MOVE 1 TO VB7. MOVE 1 TO VA8. PERFORM P9. MOVE VB TO MV.10. 11. P.12. MOVE 5 TO VF.
3
X
8
X
12
X
7
9
VA
VA,VB
Context-Insensitive Analysis
1. A.2. MOVE 0 TO VA3. PERFORM P.4. 5. B.6. MOVE 1 TO VB
2
E
6
E
12
E
VA
11
6. MOVE 1 TO VB7. MOVE 1 TO VA8. PERFORM P9. MOVE VB TO MV.10. 11. P.12. MOVE 5 TO VF.
3
X
8
X
12
X
7
9
VA
VA,VB
Context-Insensitive Analysis
1. A.2. MOVE 0 TO VA3. PERFORM P.4. 5. B.6. MOVE 1 TO VB
2
E
6
E
12
E
VA
12
6. MOVE 1 TO VB7. MOVE 1 TO VA8. PERFORM P9. MOVE VB TO MV.10. 11. P.12. MOVE 5 TO VF.
3
X
8
X
12
X
7
9
VA
VA,VB
VA,VF
Context-Insensitive Analysis
1. A.2. MOVE 0 TO VA3. PERFORM P.4. 5. B.6. MOVE 1 TO VB
2
E
6
E
12
E
VA
13
6. MOVE 1 TO VB7. MOVE 1 TO VA8. PERFORM P9. MOVE VB TO MV.10. 11. P.12. MOVE 5 TO VF.
3
X
8
X
12
X
7
9
VA
VA,VB
VA,VF
VA,VF
VA,VF
Context-Insensitive Analysis
1. A.2. MOVE 0 TO VA3. PERFORM P.4. 5. B.6. MOVE 1 TO VB
2
E
6
E
12
E
VA
14
6. MOVE 1 TO VB7. MOVE 1 TO VA8. PERFORM P
9. MOVE VB TO MV.10. 11. P.12. MOVE 5 TO VF.
3
X
8
X
12
X
7
9
VA
VA,VB
VA,VF
VA,VF
VA,VF
2
E
66
EE
E
Unrealizable Paths
15
2
3
XX
8
X
12
X
77
9
Design Challenges
� Perform Chain� Paragraph level information� Paragraph range level information� Data flow equations:
NBottom = [ Ntop – KillSump ] ∪ GenSump
16
∪
GenSump = Defined (p)KillSump = Ø
Context-Insensitive Analysis
1. A.2. MOVE 0 TO VA3. PERFORM P.4. 5. B.6. MOVE 1 TO VB
2
E
6
E
12
E
17
6. MOVE 1 TO VB7. MOVE 1 TO VA8. PERFORM P9. MOVE VB TO MV.10. 11. P.12. MOVE 5 TO VF.
3
X
8
X
12
X
7
9
VA
VA,VB
Context-Insensitive Analysis
1. A.2. MOVE 0 TO VA3. PERFORM P.4. 5. B.6. MOVE 1 TO VB
2
E
6
E
12
E
18
6. MOVE 1 TO VB7. MOVE 1 TO VA8. PERFORM P9. MOVE VB TO MV.10. 11. P.12. MOVE 5 TO VF.
3
X
8
X
12
X
7
9
VA
VA,VB
Context-Insensitive Analysis
1. A.2. MOVE 0 TO VA3. PERFORM P.4. 5. B.6. MOVE 1 TO VB
2
E
6
E
12
E
19
6. MOVE 1 TO VB7. MOVE 1 TO VA8. PERFORM P9. MOVE VB TO MV.10. 11. P.12. MOVE 5 TO VF.
3
X
8
X
12
X
7
9
VA
VA,VB
VF
Context-Insensitive Analysis
1. A.2. MOVE 0 TO VA3. PERFORM P.4. 5. B.6. MOVE 1 TO VB
2
E
6
E
12
E
20
6. MOVE 1 TO VB7. MOVE 1 TO VA8. PERFORM P9. MOVE VB TO MV.10. 11. P.12. MOVE 5 TO VF.
3
X
8
X
12
X
7
9
VA
VA,VB
VA,VF
VA,
VB,VFVF
Results
ProgramUn-Initialized
Variables Instances
AB0000 737 2945
CR0000 838 3001
CR0025 187 437
21
Context-sensitive Analysis Results
CR0025 187 437
CR7070 30 60
AB0024 48 103
Heuristics
� Bad Code Smells Removal� Utility-Parameter based Prioritization� Fan-in based Prioritization
22
Heuristics Results
2000
2500
3000
3500
Context Sensitive Analysis
23
0
500
1000
1500
2000
AB0000 CR0000 CR0025 CR7070
AnalysisCode Smell Removal
Utility Parameter removal
Future Work
� Heuristics– Error-path pruning– Output-variable based
� Dynamic Analysis� Un-Initialized path detection
24
Key Learning
� Precise detection of un-initialized variables� Heuristics� Realizable data-flow analysis across Paragraphs for COBOL� Technique can be extended to other analyses – defect
detection, program understanding, code architecture discovery
25
Thank You
26
Thank You