SlideShare a Scribd company logo

Global Mutable State Analysis in Spring MVC Applications

Download as PPTX, PDF
J
jsinglet

The document summarizes research analyzing the use of global mutable state in Spring-based web applications. It investigates how global mutable state can increase module coupling and potentially decrease reliability. The research used a static analysis tool built within the Verily framework to analyze usage patterns of global mutable state variables and classify networks into different types based on read/write patterns. Case studies on five open source projects were presented, with metrics like global mutable coupling calculated and visual network representations provided. The findings showed various usages of global mutable state to share information between tiers can be complex.

TechnologyEducation
1 of 31
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
Global Mutable State Analysis in Spring MVC Applications Formal Methods @ UCF John L. Singleton University of Central Florida
The Problem: Global Mutable State • Web applications make extensive use of a form of Global Mutable State called “session.” • The behavior of session closely resembles global variables, which are widely considered a form of code smell. • But more importantly, the use of global variables increase module coupling. Formal Methods @ UCF
Goal: Investigate Use of Global Mutable State in Spring-Based Web Applications • Test Hypothesis: “The use of global mutable state leads to tighter coupling and therefore results in lower program reliability.” • Static Analysis Question: Which program executions may be influenced by the modification of a given GMS variable. Formal Methods @ UCF
Approach: Static Analysis of SpringBased Web Applications • Since Verily already has support for static checking, the tool was built within Verily. • Verily internally leverages ANTLR to handle parsing and AST building. • Build data sets for finding problematic uses of GMS and making specific recommendations about use of GMS in web applications. Formal Methods @ UCF
Analysis Method Our tool performed 4 types of graph analysis: • • • • Module Variable Behavior (read/write >=0) Behavior (read/write > 0 – must use the value) Additionally, we generated plot data for computing metrics we define in this presentation.
Module Example • Large Squares represent modules. • “Points” represent use of a single GMS variable. • Multiple arrows leaving a point implies multiple usages within a module. • Arrows point to module in which the variable is modified Formal Methods @ UCF Shared Issues Application
Variable Example • Variable analysis gives more specific information about the use of variables. • Line number, module, etc. • Useful for interpreting the other two types of behavior analysis. • These networks are huge and hard to display in slides. ELTabique Application Formal Methods @ UCF
Behavior Example (with single writes) • Behavior analysis makes it easy to visualize application GMS behavior. • Possible to quickly classify the type of behavior being used for a specific GMS variable. • With writes shows variables that are only written to but never read. NCLodger Application Formal Methods @ UCF
Behavior Example (w/o single writes) • Same type of analysis as other type of Behavior analysis. • Excludes GMS variables that are written to but never used again. MivProject Application Formal Methods @ UCF
Results Formal Methods @ UCF
Network Classification Analysis revealed several different types of networks. • These networks appear to recur in application designs. • Each subnetwork represents the behavior over a GMS variable. Formal Methods @ UCF
Type 1: Ideal GMS Usage • The ideal usage of GMS is such that there exists exactly one universal sink in a subgraph. • Lowest amount of cross module coupling. • (Verily’s GMS recipe enforces this check) Formal Methods @ UCF
Type 2: Less Ideal GMS Usage • This type of network has multiple sinks and multiple reads within the network. • Multiple Reads, Multiple Writes Formal Methods @ UCF
Type 3: Least Ideal GMS Usage • This type of network has many different write operations compared to the number of reads. • This results in the highest form of coupling since it crosses the most number of modules. • High Writes, Low Reads Formal Methods @ UCF
Quantifying GMS Use We define two sets for analyzing these networks: Formal Methods @ UCF
Quantifying GMS Use: GMC We then calculate Global Mutable Coupling as a measure of GMS use: Formal Methods @ UCF
Quantifying GMS Use: Network Impact Formal Methods @ UCF
Example: The Ideal Case • For both networks, GMC = 1 and are therefore ideal. • Note that we don’t consider more “readers” to increase the value of GMC. Formal Methods @ UCF
Example: Less Ideal Cases • GMC = 16, which shows a high degree of coupling impact. • Modifications in 4 different program points influence the network in two difference places. Formal Methods @ UCF
Example: Less Ideal Cases • GMC = 49, which shows a very high degree of coupling impact. • This application is coupled across 7 possible modules. Formal Methods @ UCF
Case Studies Formal Methods @ UCF
Source Data To inform our analysis, we randomly pulled projects off of Github that made use of Spring MVC and Global Mutable State There are approximately 184,000 such projects available for analysis. Our analysis was based on the following projects: • • • • • MivProject TwitterApp SharedIssues NCLodger EITabique Formal Methods @ UCF
GMS Analysis: MivProject Read/Write + Network Size (GMI Value Inside Circle) 5 4.5 4 [CELLRANGE] 3.5 Reads 3 2.5 2 [CELLRANGE] [CELLRANGE] [CELLRANGE] 1 [CELLRANGE] [CELLRANGE] [CELLRANGE] [CELLRANGE] 1.5 [CELLRANGE] 0.5 0 -2 -1 0 1 2 3 4 Writes Formal Methods @ UCF 5 6 7 8 9
GMS Analysis: MivProject Formal Methods @ UCF
GMS Analysis: SOEN387 Read/Write + Network Size (GMI Value Inside Circle) 14 12 [CELLRANGE] 10 Reads 8 [CELLRANGE] [CELLRANGE] 6 [CELLRANGE] 4 2 [CELLRANGE] 0 -2 -1 0 1 2 3 4 Writes Formal Methods @ UCF 5 6 7 8 9
GMS Analysis: SOEN387 Formal Methods @ UCF
Other Findings Formal Methods @ UCF
Many Usages of GMS are to Deliver Information to Other Tiers Formal Methods @ UCF
The Use of Session in Web Applications Can Be Quite Complex Formal Methods @ UCF
And Even Beautiful… Formal Methods @ UCF
Thank You • To learn more about Verily: • http://goverily.org • More about Formal Methods @ UCF: • http://www.eecs.ucf.edu/~leavens/formal-methods-lab/ Formal Methods @ UCF

More Related Content

PPTX
Beyond Strong Consistency
jsinglet
 
ODP
Consistency in Distributed Systems
Shane Johnson
 
PDF
Consistency in Distributed Systems, Part 2
DATAVERSITY
 
PPT
CAP, PACELC, and Determinism
Daniel Abadi
 
PDF
Lightning talk: highly scalable databases and the PACELC theorem
Vishal Bardoloi
 
PPTX
Varshneya samdarshi lmu_symposium_2016
GRNsight
 
PPTX
Anguiano varshneya lmu_symposium_2015
GRNsight
 
PPTX
Southwick anguiano lmu-symposium_presentation_20140329
GRNsight
 
Beyond Strong Consistency
jsinglet
 
Consistency in Distributed Systems
Shane Johnson
 
Consistency in Distributed Systems, Part 2
DATAVERSITY
 
CAP, PACELC, and Determinism
Daniel Abadi
 
Lightning talk: highly scalable databases and the PACELC theorem
Vishal Bardoloi
 
Varshneya samdarshi lmu_symposium_2016
GRNsight
 
Anguiano varshneya lmu_symposium_2015
GRNsight
 
Southwick anguiano lmu-symposium_presentation_20140329
GRNsight
 

What's hot (10)

DOCX
Process synchronization
lodhran-hayat
 
PPTX
Reactiveness All The Way - SW Architecture 2015 Conference
Tamir Dresher
 
PPTX
Southwick britain gr_nsight_cmsi402-presentation_20140508
GRNsight
 
PPTX
Dahlquist so calsysbio_20140131
GRNsight
 
PPTX
Real time operating systems (rtos) concepts 7
Abu Bakr Ramadan
 
PDF
Email2git: Extending cregit to Link Review Emails to Commits
Isabella Ferreira
 
PDF
API Performance testing with Gatling
Tetiana Polishchuk
 
PDF
Abstract
Malek Mhedhebi
 
PDF
Beyond Fault Tolerance with Actor Programming
Fabio Tiriticco
 
PDF
Clonal Plasticity & Operator Placement
FoCAS Initiative
 
Process synchronization
lodhran-hayat
 
Reactiveness All The Way - SW Architecture 2015 Conference
Tamir Dresher
 
Southwick britain gr_nsight_cmsi402-presentation_20140508
GRNsight
 
Dahlquist so calsysbio_20140131
GRNsight
 
Real time operating systems (rtos) concepts 7
Abu Bakr Ramadan
 
Email2git: Extending cregit to Link Review Emails to Commits
Isabella Ferreira
 
API Performance testing with Gatling
Tetiana Polishchuk
 
Abstract
Malek Mhedhebi
 
Beyond Fault Tolerance with Actor Programming
Fabio Tiriticco
 
Clonal Plasticity & Operator Placement
FoCAS Initiative
 
Ad

Similar to Global Mutable State Analysis in Spring MVC Applications (14)

PDF
4 (uml basic)
Majong DevJfu
 
PDF
SP1: Exploratory Network Analysis with Gephi
John Breslin
 
PPTX
FAIR Computational Workflows
Carole Goble
 
PDF
Introduction à Scala - Michel Schinz - January 2010
JUG Lausanne
 
PDF
Gephi icwsm-tutorial
csedays
 
PDF
Study and development of methods and tools for testing, validation and verif...
Emilio Serrano
 
PDF
Quality Assurance. Quality Assurance Approach. White Box
Kimberly Jones
 
PPTX
Financial Networks IV. Analyzing and Visualizing Exposures
Kimmo Soramaki
 
PPTX
Enso presented at Microsoft Research/CSW summer 2012
Will Cook
 
PDF
Quantitative functional change impact analysis in activity diagrams a cosmi...
IWSM Mensura
 
PPTX
The Use of Static Code Analysis When Teaching or Developing Open-Source Software
Andrey Karpov
 
PDF
Funtional Reactive Programming with Examples in Scala + GWT
Vasil Remeniuk
 
PPTX
Uml
anwitat
 
PPTX
Uml
anwitat
 
4 (uml basic)
Majong DevJfu
 
SP1: Exploratory Network Analysis with Gephi
John Breslin
 
FAIR Computational Workflows
Carole Goble
 
Introduction à Scala - Michel Schinz - January 2010
JUG Lausanne
 
Gephi icwsm-tutorial
csedays
 
Study and development of methods and tools for testing, validation and verif...
Emilio Serrano
 
Quality Assurance. Quality Assurance Approach. White Box
Kimberly Jones
 
Financial Networks IV. Analyzing and Visualizing Exposures
Kimmo Soramaki
 
Enso presented at Microsoft Research/CSW summer 2012
Will Cook
 
Quantitative functional change impact analysis in activity diagrams a cosmi...
IWSM Mensura
 
The Use of Static Code Analysis When Teaching or Developing Open-Source Software
Andrey Karpov
 
Funtional Reactive Programming with Examples in Scala + GWT
Vasil Remeniuk
 
Uml
anwitat
 
Uml
anwitat
 
Ad

Recently uploaded (20)

PPTX
MYSQL Presentation for SQL database connectivity
Swati270511
 
PDF
NewMind AI Weekly Chronicles - August'25-Week II
NewMind AI
 
PDF
Encapsulation theory and applications.pdf
gurumoop
 
PDF
Profit Center Accounting in SAP S/4HANA, S4F28 Col11
Libreria ERP
 
PDF
Spectral efficient network and resource selection model in 5G networks
IAESIJAI
 
PDF
Peak of Data & AI Encore- AI for Metadata and Smarter Workflows
Safe Software
 
PDF
Approach and Philosophy of On baking technology
30anthuong17
 
PDF
7 ChatGPT Prompts to Help You Define Your Ideal Customer Profile.pdf
SOFTTECHHUB
 
PDF
Electronic commerce courselecture one. Pdf
OmerMohamed64
 
PDF
Empathic Computing: Creating Shared Understanding
Mark Billinghurst
 
PDF
A comparative analysis of optical character recognition models for extracting...
IAESIJAI
 
PDF
Network Security Unit 5.pdf for BCA BBA.
Serpent6
 
PDF
Assigned Numbers - 2025 - Bluetooth® Document
Bloombase
 
PPTX
Big Data Technologies - Introduction.pptx
kuthubussaman1
 
PPTX
Cloud computing and distributed systems.
kkkkkhan
 
DOCX
The AUB Centre for AI in Media Proposal.docx
GAONE9
 
PPTX
VMware vSphere Foundation How to Sell Presentation-Ver1.4-2-14-2024.pptx
blackmambaettijean
 
PDF
gpt5_lecture_notes_comprehensive_20250812015547.pdf
Chinchu40
 
PDF
Dropbox Q2 2025 Financial Results & Investor Presentation
Dropbox
 
PDF
Machine learning based COVID-19 study performance prediction
IAESIJAI
 
MYSQL Presentation for SQL database connectivity
Swati270511
 
NewMind AI Weekly Chronicles - August'25-Week II
NewMind AI
 
Encapsulation theory and applications.pdf
gurumoop
 
Profit Center Accounting in SAP S/4HANA, S4F28 Col11
Libreria ERP
 
Spectral efficient network and resource selection model in 5G networks
IAESIJAI
 
Peak of Data & AI Encore- AI for Metadata and Smarter Workflows
Safe Software
 
Approach and Philosophy of On baking technology
30anthuong17
 
7 ChatGPT Prompts to Help You Define Your Ideal Customer Profile.pdf
SOFTTECHHUB
 
Electronic commerce courselecture one. Pdf
OmerMohamed64
 
Empathic Computing: Creating Shared Understanding
Mark Billinghurst
 
A comparative analysis of optical character recognition models for extracting...
IAESIJAI
 
Network Security Unit 5.pdf for BCA BBA.
Serpent6
 
Assigned Numbers - 2025 - Bluetooth® Document
Bloombase
 
Big Data Technologies - Introduction.pptx
kuthubussaman1
 
Cloud computing and distributed systems.
kkkkkhan
 
The AUB Centre for AI in Media Proposal.docx
GAONE9
 
VMware vSphere Foundation How to Sell Presentation-Ver1.4-2-14-2024.pptx
blackmambaettijean
 
gpt5_lecture_notes_comprehensive_20250812015547.pdf
Chinchu40
 
Dropbox Q2 2025 Financial Results & Investor Presentation
Dropbox
 
Machine learning based COVID-19 study performance prediction
IAESIJAI
 

Global Mutable State Analysis in Spring MVC Applications

  • 1. Global Mutable State Analysis in Spring MVC Applications Formal Methods @ UCF John L. Singleton University of Central Florida
  • 2. The Problem: Global Mutable State • Web applications make extensive use of a form of Global Mutable State called “session.” • The behavior of session closely resembles global variables, which are widely considered a form of code smell. • But more importantly, the use of global variables increase module coupling. Formal Methods @ UCF
  • 3. Goal: Investigate Use of Global Mutable State in Spring-Based Web Applications • Test Hypothesis: “The use of global mutable state leads to tighter coupling and therefore results in lower program reliability.” • Static Analysis Question: Which program executions may be influenced by the modification of a given GMS variable. Formal Methods @ UCF
  • 4. Approach: Static Analysis of SpringBased Web Applications • Since Verily already has support for static checking, the tool was built within Verily. • Verily internally leverages ANTLR to handle parsing and AST building. • Build data sets for finding problematic uses of GMS and making specific recommendations about use of GMS in web applications. Formal Methods @ UCF
  • 5. Analysis Method Our tool performed 4 types of graph analysis: • • • • Module Variable Behavior (read/write >=0) Behavior (read/write > 0 – must use the value) Additionally, we generated plot data for computing metrics we define in this presentation.
  • 6. Module Example • Large Squares represent modules. • “Points” represent use of a single GMS variable. • Multiple arrows leaving a point implies multiple usages within a module. • Arrows point to module in which the variable is modified Formal Methods @ UCF Shared Issues Application
  • 7. Variable Example • Variable analysis gives more specific information about the use of variables. • Line number, module, etc. • Useful for interpreting the other two types of behavior analysis. • These networks are huge and hard to display in slides. ELTabique Application Formal Methods @ UCF
  • 8. Behavior Example (with single writes) • Behavior analysis makes it easy to visualize application GMS behavior. • Possible to quickly classify the type of behavior being used for a specific GMS variable. • With writes shows variables that are only written to but never read. NCLodger Application Formal Methods @ UCF
  • 9. Behavior Example (w/o single writes) • Same type of analysis as other type of Behavior analysis. • Excludes GMS variables that are written to but never used again. MivProject Application Formal Methods @ UCF
  • 11. Network Classification Analysis revealed several different types of networks. • These networks appear to recur in application designs. • Each subnetwork represents the behavior over a GMS variable. Formal Methods @ UCF
  • 12. Type 1: Ideal GMS Usage • The ideal usage of GMS is such that there exists exactly one universal sink in a subgraph. • Lowest amount of cross module coupling. • (Verily’s GMS recipe enforces this check) Formal Methods @ UCF
  • 13. Type 2: Less Ideal GMS Usage • This type of network has multiple sinks and multiple reads within the network. • Multiple Reads, Multiple Writes Formal Methods @ UCF
  • 14. Type 3: Least Ideal GMS Usage • This type of network has many different write operations compared to the number of reads. • This results in the highest form of coupling since it crosses the most number of modules. • High Writes, Low Reads Formal Methods @ UCF
  • 15. Quantifying GMS Use We define two sets for analyzing these networks: Formal Methods @ UCF
  • 16. Quantifying GMS Use: GMC We then calculate Global Mutable Coupling as a measure of GMS use: Formal Methods @ UCF
  • 17. Quantifying GMS Use: Network Impact Formal Methods @ UCF
  • 18. Example: The Ideal Case • For both networks, GMC = 1 and are therefore ideal. • Note that we don’t consider more “readers” to increase the value of GMC. Formal Methods @ UCF
  • 19. Example: Less Ideal Cases • GMC = 16, which shows a high degree of coupling impact. • Modifications in 4 different program points influence the network in two difference places. Formal Methods @ UCF
  • 20. Example: Less Ideal Cases • GMC = 49, which shows a very high degree of coupling impact. • This application is coupled across 7 possible modules. Formal Methods @ UCF
  • 22. Source Data To inform our analysis, we randomly pulled projects off of Github that made use of Spring MVC and Global Mutable State There are approximately 184,000 such projects available for analysis. Our analysis was based on the following projects: • • • • • MivProject TwitterApp SharedIssues NCLodger EITabique Formal Methods @ UCF
  • 23. GMS Analysis: MivProject Read/Write + Network Size (GMI Value Inside Circle) 5 4.5 4 [CELLRANGE] 3.5 Reads 3 2.5 2 [CELLRANGE] [CELLRANGE] [CELLRANGE] 1 [CELLRANGE] [CELLRANGE] [CELLRANGE] [CELLRANGE] 1.5 [CELLRANGE] 0.5 0 -2 -1 0 1 2 3 4 Writes Formal Methods @ UCF 5 6 7 8 9
  • 25. GMS Analysis: SOEN387 Read/Write + Network Size (GMI Value Inside Circle) 14 12 [CELLRANGE] 10 Reads 8 [CELLRANGE] [CELLRANGE] 6 [CELLRANGE] 4 2 [CELLRANGE] 0 -2 -1 0 1 2 3 4 Writes Formal Methods @ UCF 5 6 7 8 9
  • 28. Many Usages of GMS are to Deliver Information to Other Tiers Formal Methods @ UCF
  • 29. The Use of Session in Web Applications Can Be Quite Complex Formal Methods @ UCF
  • 31. Thank You • To learn more about Verily: • http://goverily.org • More about Formal Methods @ UCF: • http://www.eecs.ucf.edu/~leavens/formal-methods-lab/ Formal Methods @ UCF