Specification Mining And Enforcement To Combat Resource Usage Faults

Automatic garbage collection has gained considerable success in many mainstream programming languages, such as Java and C#. Garbage collector relieves programmers from manual memory management and improves productivity and program reliability. However, there are many other non-memory, finite system resources, such as file descriptors and database connections, whose management garbage collector does not help with. Resource usage faults are caused by programmers’ incorrect usage of resources. It includes two types of faults: resource safety faults caused by invocations of some methods on a closed/released resource, and resource leak faults caused by programmers’ error that they do not timely release resources that will not be used in future. Resource usage faults are very common in today’s software systems. They pose a big threat to the trustworthiness of these software systems.To decrease the harm to the trustworthiness of software systems did by resource usage faults, we try to avoid the failure of software systems caused by resource usage faults. We achieve this at two different stages of the propagation from resource usage faults to software systems’ failures:(1) we detect resource usage faults by analysis and testing techniques and then fix them before the release of the target software. We try our best to decrease the number of faults in the program. Less faults in the program means higher possibility of the program’s normal functioning and less cost of later system maintenaince. Because of the poor practicability of existing resource usage faults analysis techniques and their need of formal resource specifications as input, we propose a light-weight resource usage faults testing approach that does not need resource specifications;(2) software developers employs many techniques to remove faults and improve the quality of the target program in the software development process. Despite this, there are still many faults in the program after its release due to the various limitations of current software quality assurance techniques used to assure the quality of the target program. To avoid failures caused by these escaped faults, we propose to tolerate these faults through the automatic enforcement of resource specifications. In this paper, our research mainly focuses on the following three aspects.1. Light-weight testing of resource usage faultsWe propose a light-weight resource leak faults testing approach for Java programs. Its main idea is straightforward: if the cleanup method of a resource object is not invoked by programmers before the execution of this object’s finaliser, this resource object is leaked. We first conduct an investigation into the finaliser usage in Java API classes, and find that most system resources have finalisers. The common usage pattern of finalisers is that they are used as the last resort for the scarce resource reclamation by calling explicit cleanup methods of their resources. Our approach instruments resource classes to inspect whether the cleanup method of a resource object is called before its finaliser’s execution. The program under test is also optionally instrumented to run finalisers through Java’s explicit finaliser invocation mechanism just before the termination of its execution. For each test case, if there is a resource object whose cleanup method is not called before its finalisation, this object is leaked, that is, this test case finds a resource leak bug, and we log this leak for further inspection. If the resource release specification for some resource exists, our approach can also easily detect leaks of this resource by adding a finaliser into it.We carry out a series of experiments to evaluate the effectiveness of our approach to detect resource leaks, finding leaks for almost all of the Da Capo benchmark programs(24 out of 25 programs) with the average 2.79% performance cost and all test plugins of Eclipse. Our approach reports no false positives by its nature. Experimental results show that our approach is effective and fast for its testing purpose, and has a small false negative(a resource leak that is not detected) rate.2. Exploring available specifications of subcomponents to mine precise resource specificationsWe argue that exploring existing specifications is beneficial to mining better specifications, and propose to leverage available specifications of subcomponents to mine precise specifications of composite components by using the state-based specification mining approach. Instead of the single ≠null state of the null-abstraction, we distinguish different states of subcomponent objects encoded in their specifications and use them to construct abstract states of the composite object. When available specifications are finite-state properties, we monitor subcomponent objects against these properties, and use the states that are reached to label states of composite objects during the mining process. In this way, important states of subcomponent objects encoded within their specifications are visible to their composite object, and the number of states of mined specifications of the composite object can be effectively increased. This results in more precise mined specifications.We empirically validate our approach through comparing specifications mined with and without specifications of subcomponents. We use benchmark programs from the Da Capo benchmark suite as training programs to mine specifications of classes in 17 packages of the Java system library. The evaluation results show that our approach can significantly improve the precision of mined specifications. There are 7 out of 10 overly general FSM models that are enhanced by our approach. In average, 25.05% of the behavior of models mined without considering specifications of subcomponents is erroneous and removed from enhanced models mined by our approach. Meanwhile, no recall is lost for the case of our benchmark programs. Our miner is fast and the overhead introduced by monitoring subcomponents is limited: the time increases are around 10%.3. Tolerance of resource usage faults through automatic enforcement of resource specificationsWe note that similar to memory leaks, leaks of other resources are not necessarily a problem. A few or a small amount of leaked resources will neither affect program behavior nor performance. Only when accumulated leaks exhaust all available resources or lead to large extra computation overhead, a system failure occurs. We propose the automatic resource collection approach Resco(RESource COllection) to enforce resource limits and tolerate resource leaks. Resource collections are triggered just when there are so many leaked resources that the system is about to crash or its performance is about to degrade. When the program approaches a resource limit, the resource collection process is triggered. First, the resource collector identifies leaked resources as the unreleased and unreachable resources. For garbage collected languages, we adapt the garbage collector to retain leaked resources during garbage collections. Second, corresponding cleanup methods are invoked to safely release these leaked resources in the right order.We evaluate Resco’s performance through standard benchmarks. The experimental results show that the runtime overhead of Resco is very low, around 1% or 3%. To evaluate Resco’s ability to collect leaked resources, we conduct experiments on four leaks. Resco successfully tolerates three of these four leaks and reclaims all concerned leaked resources. Resco performs stably in the long term with variations when resource collections are triggered. Resco cannot tolerate the fourth leak because its leaked resources are still reachable.