SlideShare a Scribd company logo

Presentation

Ptidej Team
Ptidej Team

Codifying hidden dependencies in legacy J2EE applications

Software
1 of 58
Download to read offline
Codifying Hidden Dependencies in Legacy J2EE Applications Geoffrey Hecht, Hafedh Mili, Ghizlane Elboussaidi, Anis Boubaker, Manel Abdellatif, Yann-Gael Guéhéneuc, Anas Shatnawi, Jean Privat, Naouel Moha
The problem What happens when I press the Search button? Two subsidiary questions: APSEC 2018 2
The problem What happens when I press the Search button? Two subsidiary questions: • Why do I care? APSEC 2018 2
The problem What happens when I press the Search button? Two subsidiary questions: • Why do I care? • Why is that complicated? APSEC 2018 2
Why is that complicated? Modern and recent legacy applications are: APSEC 2018 3
Why is that complicated? Modern and recent legacy applications are: • Multi-tier APSEC 2018 3
Why is that complicated? Modern and recent legacy applications are: • Multi-tier • Multi-language APSEC 2018 3
Why is that complicated? Modern and recent legacy applications are: • Multi-tier • Multi-language • Complex late-bound control mechanisms APSEC 2018 3
Why is that complicated? Modern and recent legacy applications are: • Multi-tier • Multi-language • Complex late-bound control mechanisms • Configuration files APSEC 2018 3
Why is that complicated? Modern and recent legacy applications are: • Multi-tier • Multi-language • Complex late-bound control mechanisms • Configuration files • Run-time data-driven APSEC 2018 3
Why is that complicated? Modern and recent legacy applications are: • Multi-tier • Multi-language • Complex late-bound control mechanisms • Configuration files • Run-time data-driven • Reflection capabilities APSEC 2018 3
Why is that complicated? Modern and recent legacy applications are: • Multi-tier • Multi-language • Complex late-bound control mechanisms • Configuration files • Run-time data-driven • Reflection capabilities • Rely on frameworks and containers for various services APSEC 2018 3
Configuration files APSEC 2018 4
Configuration files • Assign property values APSEC 2018 4
Configuration files • Assign property values • Link intensions to extensions APSEC 2018 4
Configuration files • Assign property values • Link intensions to extensions • Link interfaces to implementations InterfaceClient code references Class A Class B Class C implements Binding specified in configuration files APSEC 2018 4
Configuration files • Assign property values • Link intensions to extensions • Link interfaces to implementations • Etc. InterfaceClient code references Class A Class B Class C implements Binding specified in configuration files APSEC 2018 4
Containers and frameworks • Relieve developers from the burden of invoking infrastructure services • Connect different pieces of user code using “hidden” mechanisms • Don’t call us, we will call you • Static code analysis won’t allow you to know when we will call you APSEC 2018 5
Why do we care? APSEC 2018 6
Why do we care? • Debugging APSEC 2018 6
Why do we care? • Debugging • Help connect client-side with server-side traces! APSEC 2018 6
Why do we care? • Debugging • Help connect client-side with server-side traces! • Change impact analysis APSEC 2018 6
Why do we care? • Debugging • Help connect client-side with server-side traces! • Change impact analysis • Help propagate or anticipate changes to different parts of the application APSEC 2018 6
Why do we care? • Debugging • Help connect client-side with server-side traces! • Change impact analysis • Help propagate or anticipate changes to different parts of the application • Maintenance APSEC 2018 6
Why do we care? • Debugging • Help connect client-side with server-side traces! • Change impact analysis • Help propagate or anticipate changes to different parts of the application • Maintenance • Understand the program to modify it APSEC 2018 6
Why do we care? • Debugging • Help connect client-side with server-side traces! • Change impact analysis • Help propagate or anticipate changes to different parts of the application • Maintenance • Understand the program to modify it • Reengineering APSEC 2018 6
Why do we care? • Debugging • Help connect client-side with server-side traces! • Change impact analysis • Help propagate or anticipate changes to different parts of the application • Maintenance • Understand the program to modify it • Reengineering • Migrating an application from a source style to a destination style • Use program “dependency structures” as inputs to identify potential components in the target architecture APSEC 2018 6
Plan • Context • A general approach to deriving program “dependency structures” for J2EE applications • Codifying container dependencies • Evaluation • Discussion APSEC 2018 7
General approach Modern and recent legacy applications are: APSEC 2018 8
General approach Modern and recent legacy applications are: •Multi-tier APSEC 2018 8
General approach Modern and recent legacy applications are: •Multi-tier • Analyze the various tiers together within the same “namespace” APSEC 2018 8
General approach Modern and recent legacy applications are: •Multi-tier •Multi-language • Analyze the various tiers together within the same “namespace” APSEC 2018 8
General approach Modern and recent legacy applications are: •Multi-tier •Multi-language • Analyze the various tiers together within the same “namespace” • Use a language independent representation of software artefacts (OMG’s KDM) • Parse the various artefacts into that representation APSEC 2018 8
General approach Modern and recent legacy applications are: •Multi-tier •Multi-language •Complex late-bound control mechanisms • Configuration files • Analyze the various tiers together within the same “namespace” • Use a language independent representation of software artefacts (OMG’s KDM) • Parse the various artefacts into that representation APSEC 2018 8
General approach Modern and recent legacy applications are: •Multi-tier •Multi-language •Complex late-bound control mechanisms • Configuration files • Analyze the various tiers together within the same “namespace” • Use a language independent representation of software artefacts (OMG’s KDM) • Parse the various artefacts into that representation • Analyze configuration files APSEC 2018 8
General approach Modern and recent legacy applications are: •Multi-tier •Multi-language •Complex late-bound control mechanisms • Configuration files • Run-time data-driven • Reflection capabilities • Analyze the various tiers together within the same “namespace” • Use a language independent representation of software artefacts (OMG’s KDM) • Parse the various artefacts into that representation • Analyze configuration files APSEC 2018 8
General approach Modern and recent legacy applications are: •Multi-tier •Multi-language •Complex late-bound control mechanisms • Configuration files • Run-time data-driven • Reflection capabilities • Analyze the various tiers together within the same “namespace” • Use a language independent representation of software artefacts (OMG’s KDM) • Parse the various artefacts into that representation • Analyze configuration files • Perform limited scope data flow analysis to circumscribe possibilities APSEC 2018 8
General approach Modern and recent legacy applications are: •Multi-tier •Multi-language •Complex late-bound control mechanisms • Configuration files • Run-time data-driven • Reflection capabilities •Rely on frameworks and containers for various services • Analyze the various tiers together within the same “namespace” • Use a language independent representation of software artefacts (OMG’s KDM) • Parse the various artefacts into that representation • Analyze configuration files • Perform limited scope data flow analysis to circumscribe possibilities APSEC 2018 8
General approach Modern and recent legacy applications are: •Multi-tier •Multi-language •Complex late-bound control mechanisms • Configuration files • Run-time data-driven • Reflection capabilities •Rely on frameworks and containers for various services • Analyze the various tiers together within the same “namespace” • Use a language independent representation of software artefacts (OMG’s KDM) • Parse the various artefacts into that representation • Analyze configuration files • Perform limited scope data flow analysis to circumscribe possibilities • Explicit codification of container services dependencies APSEC 2018 8
Completing the app. dependency graph APSEC 2018 9
Plan • Context • A general approach to deriving program “dependency structures” for J2EE applications • Codifying container dependencies • Evaluation • Discussion APSEC 2018 10
Codifying container dependencies Preparation phase: APSEC 2018 11
Codifying container dependencies Preparation phase: • Study the container / technology at hand Technology specs APSEC 2018 11
Codifying container dependencies Preparation phase: • Study the container / technology at hand • Codify its dependencies as: • if <code pattern> then <add relationship> Technology specs Dependency rules codify APSEC 2018 11
Codifying container dependencies Preparation phase: • Study the container / technology at hand • Codify its dependencies as: • if <code pattern> then <add relationship> Usage phase: Technology specs Dependency rules codify APSEC 2018 11
Codifying container dependencies Preparation phase: • Study the container / technology at hand • Codify its dependencies as: • if <code pattern> then <add relationship> Usage phase: Technology specs Dependency rules codify Hello abcdd xys call function what have youHello abcdd xys call function what have you Hello abcdd xys call function what h Application to be analyzed APSEC 2018 11
Codifying container dependencies Preparation phase: • Study the container / technology at hand • Codify its dependencies as: • if <code pattern> then <add relationship> Usage phase: •Analyze the input applications to generate KDM model Technology specs Dependency rules codify KDM model Modisco discoverers Hello abcdd xys call function what have youHello abcdd xys call function what have you Hello abcdd xys call function what h Application to be analyzed APSEC 2018 11
Codifying container dependencies Preparation phase: • Study the container / technology at hand • Codify its dependencies as: • if <code pattern> then <add relationship> Usage phase: •Analyze the input applications to generate KDM model •Execute the dependency rules on KDM model to add container call dependencies Technology specs Dependency rules codify KDM model augmented KDM model Rule engine Modisco discoverers Hello abcdd xys call function what have youHello abcdd xys call function what have you Hello abcdd xys call function what h Application to be analyzed APSEC 2018 11
Example: if call to Home.create(...) → add call to BeanClass.ejbCreate(…) APSEC 2018 12
Example: if call to Home.create(...) → add call to BeanClass.ejbCreate(…) APSEC 2018 12
Example: if call to Home.create(...) → add call to BeanClass.ejbCreate(…) APSEC 2018 12
Tooling APSEC 2018 13
Plan • Context • A general approach to deriving program “dependency structures” for J2EE applications • Codifying container dependencies • Evaluation • Discussion APSEC 2018 14
Evaluation • Ideally: • How useful are the new dependencies to the task at hand • Component identification within the context of architectural migration? • Instead • “Technical” validation: • Are the rules correct? • Prevalence of container (hidden) dependencies in call relationships in practice • Effect of added dependencies on change impact analysis tasks APSEC 2018 15
Prevalence of container dependencies APSEC 2018 16
Change impact analysis with JRipples Petstore Changeset APSEC 2018 17
Plan • Context • A general approach to deriving program “dependency structures” for J2EE applications • Codifying container dependencies • Evaluation • Discussion APSEC 2018 18
Questions? APSEC 2018 19

Recommended

Manel Abdellatif
Manel AbdellatifManel Abdellatif
Manel AbdellatifPtidej Team
 
Presentation
PresentationPresentation
PresentationPtidej Team
 
[ScaleConf 2020] How to Tame Your Microservices: Evolving Airbnb's Architecture
[ScaleConf 2020] How to Tame Your Microservices: Evolving Airbnb's Architecture[ScaleConf 2020] How to Tame Your Microservices: Evolving Airbnb's Architecture
[ScaleConf 2020] How to Tame Your Microservices: Evolving Airbnb's ArchitectureJessica Tai
 
Arkin_Presentation_V10
Arkin_Presentation_V10Arkin_Presentation_V10
Arkin_Presentation_V10Karan Mangat
 
Application migration process presentation by t2 tech group
Application migration process presentation by t2 tech groupApplication migration process presentation by t2 tech group
Application migration process presentation by t2 tech groupKevin Torf
 
Customers talk about controlling access for multiple erp systems with oracle ...
Customers talk about controlling access for multiple erp systems with oracle ...Customers talk about controlling access for multiple erp systems with oracle ...
Customers talk about controlling access for multiple erp systems with oracle ...Oracle
 
Con8154 controlling for multiple erp systems with oracle advanced controls
Con8154 controlling for multiple erp systems with oracle advanced controlsCon8154 controlling for multiple erp systems with oracle advanced controls
Con8154 controlling for multiple erp systems with oracle advanced controlsOracle
 
ABAP Test Cockpit in action with Doctor ZedGe and abap2xlsx
ABAP Test Cockpit in action with Doctor ZedGe and abap2xlsxABAP Test Cockpit in action with Doctor ZedGe and abap2xlsx
ABAP Test Cockpit in action with Doctor ZedGe and abap2xlsxAlessandro Lavazzi
 

Recommended

Manel Abdellatif
Manel AbdellatifManel Abdellatif
Manel AbdellatifPtidej Team
 
Presentation
PresentationPresentation
PresentationPtidej Team
 
[ScaleConf 2020] How to Tame Your Microservices: Evolving Airbnb's Architecture
[ScaleConf 2020] How to Tame Your Microservices: Evolving Airbnb's Architecture[ScaleConf 2020] How to Tame Your Microservices: Evolving Airbnb's Architecture
[ScaleConf 2020] How to Tame Your Microservices: Evolving Airbnb's ArchitectureJessica Tai
 
Arkin_Presentation_V10
Arkin_Presentation_V10Arkin_Presentation_V10
Arkin_Presentation_V10Karan Mangat
 
Application migration process presentation by t2 tech group
Application migration process presentation by t2 tech groupApplication migration process presentation by t2 tech group
Application migration process presentation by t2 tech groupKevin Torf
 
Customers talk about controlling access for multiple erp systems with oracle ...
Customers talk about controlling access for multiple erp systems with oracle ...Customers talk about controlling access for multiple erp systems with oracle ...
Customers talk about controlling access for multiple erp systems with oracle ...Oracle
 
Con8154 controlling for multiple erp systems with oracle advanced controls
Con8154 controlling for multiple erp systems with oracle advanced controlsCon8154 controlling for multiple erp systems with oracle advanced controls
Con8154 controlling for multiple erp systems with oracle advanced controlsOracle
 
ABAP Test Cockpit in action with Doctor ZedGe and abap2xlsx
ABAP Test Cockpit in action with Doctor ZedGe and abap2xlsxABAP Test Cockpit in action with Doctor ZedGe and abap2xlsx
ABAP Test Cockpit in action with Doctor ZedGe and abap2xlsxAlessandro Lavazzi
 
Morphis Technologies Overview
Morphis Technologies OverviewMorphis Technologies Overview
Morphis Technologies Overviewjrhartley62
 
LDRA Product Brochure v9.0
LDRA Product Brochure v9.0LDRA Product Brochure v9.0
LDRA Product Brochure v9.0Sagar Mengar - Helping companies bring emotions in product, which intersect business growth
 
LDRA Product Brochure
LDRA Product BrochureLDRA Product Brochure
LDRA Product BrochureSowmya Jayaram
 
AIRA Update
AIRA UpdateAIRA Update
AIRA UpdateBaylorWilliams2
 
AFIX IIS Inegration
AFIX IIS InegrationAFIX IIS Inegration
AFIX IIS InegrationBaylorWilliams2
 
Best Practices for Ensuring SAP ABAP Code Quality and Security
Best Practices for Ensuring SAP ABAP Code Quality and SecurityBest Practices for Ensuring SAP ABAP Code Quality and Security
Best Practices for Ensuring SAP ABAP Code Quality and SecurityVirtual Forge
 
Anitha_Resume_BigData
Anitha_Resume_BigDataAnitha_Resume_BigData
Anitha_Resume_BigDataAnitha Bade
 
Ensuring Design Quality in Mixed Signal IP
Ensuring Design Quality in Mixed Signal IPEnsuring Design Quality in Mixed Signal IP
Ensuring Design Quality in Mixed Signal IPArasan Chip Systems
 
Enterprise QA and Application Testing Services
Enterprise QA and Application Testing ServicesEnterprise QA and Application Testing Services
Enterprise QA and Application Testing ServicesHemang Rindani
 
Software Quality without Testing
Software Quality without TestingSoftware Quality without Testing
Software Quality without TestingNagarro
 
ACK Response Messages
ACK Response MessagesACK Response Messages
ACK Response MessagesBaylorWilliams2
 
QA & Testing Capabilities - Sigma Infosolutions
QA & Testing Capabilities - Sigma InfosolutionsQA & Testing Capabilities - Sigma Infosolutions
QA & Testing Capabilities - Sigma InfosolutionsSigma Infosolutions, LLC
 
Sadiq_CV_7
Sadiq_CV_7Sadiq_CV_7
Sadiq_CV_7sadiq nawaz
 
Progress - Data Replication
Progress - Data ReplicationProgress - Data Replication
Progress - Data ReplicationJK Tech
 
Richard Potts CV 2017-01-17
Richard Potts CV 2017-01-17Richard Potts CV 2017-01-17
Richard Potts CV 2017-01-17Richard Potts
 
How Pratt & Whitney Streamlined Their ABAP Security and Quality Code Review P...
How Pratt & Whitney Streamlined Their ABAP Security and Quality Code Review P...How Pratt & Whitney Streamlined Their ABAP Security and Quality Code Review P...
How Pratt & Whitney Streamlined Their ABAP Security and Quality Code Review P...Virtual Forge
 
Subhoshree resume
Subhoshree resumeSubhoshree resume
Subhoshree resumeSubhoshree Deo
 
DevOps as-a-Service (DaaS) value
DevOps as-a-Service (DaaS) valueDevOps as-a-Service (DaaS) value
DevOps as-a-Service (DaaS) valueMarc Hornbeek
 
FileServicesPitch
FileServicesPitchFileServicesPitch
FileServicesPitchSean Lawrence
 
How to Get Started with GxP Processes in Office 365 - The Discovery Phase
How to Get Started with GxP Processes in Office 365 - The Discovery PhaseHow to Get Started with GxP Processes in Office 365 - The Discovery Phase
How to Get Started with GxP Processes in Office 365 - The Discovery PhaseMontrium
 
Product Camp Silicon Valley 2018 - PM Technical Skills
Product Camp Silicon Valley 2018 - PM Technical SkillsProduct Camp Silicon Valley 2018 - PM Technical Skills
Product Camp Silicon Valley 2018 - PM Technical SkillsSandeep Adwankar
 
Designing an unobtrusive analytics framework for monitoring java applications...
Designing an unobtrusive analytics framework for monitoring java applications...Designing an unobtrusive analytics framework for monitoring java applications...
Designing an unobtrusive analytics framework for monitoring java applications...IWSM Mensura
 

More Related Content

What's hot

Morphis Technologies Overview
Morphis Technologies OverviewMorphis Technologies Overview
Morphis Technologies Overviewjrhartley62
 
Best Practices for Ensuring SAP ABAP Code Quality and Security
Best Practices for Ensuring SAP ABAP Code Quality and SecurityBest Practices for Ensuring SAP ABAP Code Quality and Security
Best Practices for Ensuring SAP ABAP Code Quality and SecurityVirtual Forge
 
Anitha_Resume_BigData
Anitha_Resume_BigDataAnitha_Resume_BigData
Anitha_Resume_BigDataAnitha Bade
 
Ensuring Design Quality in Mixed Signal IP
Ensuring Design Quality in Mixed Signal IPEnsuring Design Quality in Mixed Signal IP
Ensuring Design Quality in Mixed Signal IPArasan Chip Systems
 
Enterprise QA and Application Testing Services
Enterprise QA and Application Testing ServicesEnterprise QA and Application Testing Services
Enterprise QA and Application Testing ServicesHemang Rindani
 
Software Quality without Testing
Software Quality without TestingSoftware Quality without Testing
Software Quality without TestingNagarro
 
QA & Testing Capabilities - Sigma Infosolutions
QA & Testing Capabilities - Sigma InfosolutionsQA & Testing Capabilities - Sigma Infosolutions
QA & Testing Capabilities - Sigma InfosolutionsSigma Infosolutions, LLC
 
Progress - Data Replication
Progress - Data ReplicationProgress - Data Replication
Progress - Data ReplicationJK Tech
 
Richard Potts CV 2017-01-17
Richard Potts CV 2017-01-17Richard Potts CV 2017-01-17
Richard Potts CV 2017-01-17Richard Potts
 
How Pratt & Whitney Streamlined Their ABAP Security and Quality Code Review P...
How Pratt & Whitney Streamlined Their ABAP Security and Quality Code Review P...How Pratt & Whitney Streamlined Their ABAP Security and Quality Code Review P...
How Pratt & Whitney Streamlined Their ABAP Security and Quality Code Review P...Virtual Forge
 
DevOps as-a-Service (DaaS) value
DevOps as-a-Service (DaaS) valueDevOps as-a-Service (DaaS) value
DevOps as-a-Service (DaaS) valueMarc Hornbeek
 
How to Get Started with GxP Processes in Office 365 - The Discovery Phase
How to Get Started with GxP Processes in Office 365 - The Discovery PhaseHow to Get Started with GxP Processes in Office 365 - The Discovery Phase
How to Get Started with GxP Processes in Office 365 - The Discovery PhaseMontrium
 

What's hot (20)

Morphis Technologies Overview
Morphis Technologies OverviewMorphis Technologies Overview
Morphis Technologies Overview
 
LDRA Product Brochure v9.0
LDRA Product Brochure v9.0LDRA Product Brochure v9.0
LDRA Product Brochure v9.0
 
LDRA Product Brochure
LDRA Product BrochureLDRA Product Brochure
LDRA Product Brochure
 
AIRA Update
AIRA UpdateAIRA Update
AIRA Update
 
AFIX IIS Inegration
AFIX IIS InegrationAFIX IIS Inegration
AFIX IIS Inegration
 
Best Practices for Ensuring SAP ABAP Code Quality and Security
Best Practices for Ensuring SAP ABAP Code Quality and SecurityBest Practices for Ensuring SAP ABAP Code Quality and Security
Best Practices for Ensuring SAP ABAP Code Quality and Security
 
Anitha_Resume_BigData
Anitha_Resume_BigDataAnitha_Resume_BigData
Anitha_Resume_BigData
 
Ensuring Design Quality in Mixed Signal IP
Ensuring Design Quality in Mixed Signal IPEnsuring Design Quality in Mixed Signal IP
Ensuring Design Quality in Mixed Signal IP
 
Enterprise QA and Application Testing Services
Enterprise QA and Application Testing ServicesEnterprise QA and Application Testing Services
Enterprise QA and Application Testing Services
 
Software Quality without Testing
Software Quality without TestingSoftware Quality without Testing
Software Quality without Testing
 
ACK Response Messages
ACK Response MessagesACK Response Messages
ACK Response Messages
 
QA & Testing Capabilities - Sigma Infosolutions
QA & Testing Capabilities - Sigma InfosolutionsQA & Testing Capabilities - Sigma Infosolutions
QA & Testing Capabilities - Sigma Infosolutions
 
Sadiq_CV_7
Sadiq_CV_7Sadiq_CV_7
Sadiq_CV_7
 
Progress - Data Replication
Progress - Data ReplicationProgress - Data Replication
Progress - Data Replication
 
Richard Potts CV 2017-01-17
Richard Potts CV 2017-01-17Richard Potts CV 2017-01-17
Richard Potts CV 2017-01-17
 
How Pratt & Whitney Streamlined Their ABAP Security and Quality Code Review P...
How Pratt & Whitney Streamlined Their ABAP Security and Quality Code Review P...How Pratt & Whitney Streamlined Their ABAP Security and Quality Code Review P...
How Pratt & Whitney Streamlined Their ABAP Security and Quality Code Review P...
 
Subhoshree resume
Subhoshree resumeSubhoshree resume
Subhoshree resume
 
DevOps as-a-Service (DaaS) value
DevOps as-a-Service (DaaS) valueDevOps as-a-Service (DaaS) value
DevOps as-a-Service (DaaS) value
 
FileServicesPitch
FileServicesPitchFileServicesPitch
FileServicesPitch
 
How to Get Started with GxP Processes in Office 365 - The Discovery Phase
How to Get Started with GxP Processes in Office 365 - The Discovery PhaseHow to Get Started with GxP Processes in Office 365 - The Discovery Phase
How to Get Started with GxP Processes in Office 365 - The Discovery Phase
 

Similar to Presentation

Product Camp Silicon Valley 2018 - PM Technical Skills
Product Camp Silicon Valley 2018 - PM Technical SkillsProduct Camp Silicon Valley 2018 - PM Technical Skills
Product Camp Silicon Valley 2018 - PM Technical SkillsSandeep Adwankar
 
Designing an unobtrusive analytics framework for monitoring java applications...
Designing an unobtrusive analytics framework for monitoring java applications...Designing an unobtrusive analytics framework for monitoring java applications...
Designing an unobtrusive analytics framework for monitoring java applications...IWSM Mensura
 
Overcoming software development challenges by using an integrated software fr...
Overcoming software development challenges by using an integrated software fr...Overcoming software development challenges by using an integrated software fr...
Overcoming software development challenges by using an integrated software fr...Design World
 
20141210 - Microservice Container
20141210 - Microservice Container20141210 - Microservice Container
20141210 - Microservice ContainerJamie (Taka) Wang
 
InfluxDB 2.0 Client Libraries by Noah Crowley
InfluxDB 2.0 Client Libraries by Noah CrowleyInfluxDB 2.0 Client Libraries by Noah Crowley
InfluxDB 2.0 Client Libraries by Noah CrowleyInfluxData
 
(ATS6-DEV02) Web Application Strategies
(ATS6-DEV02) Web Application Strategies(ATS6-DEV02) Web Application Strategies
(ATS6-DEV02) Web Application StrategiesBIOVIA
 
A Tool for Optimizing Java 8 Stream Software via Automated Refactoring
A Tool for Optimizing Java 8 Stream Software via Automated RefactoringA Tool for Optimizing Java 8 Stream Software via Automated Refactoring
A Tool for Optimizing Java 8 Stream Software via Automated RefactoringRaffi Khatchadourian
 
WebLogic Event Server - Alexandre Alves, BEA
WebLogic Event Server - Alexandre Alves, BEAWebLogic Event Server - Alexandre Alves, BEA
WebLogic Event Server - Alexandre Alves, BEAmfrancis
 
New life inside monolithic application
New life inside monolithic applicationNew life inside monolithic application
New life inside monolithic applicationTaras Matyashovsky
 
Jenkins Pipeline @ Scale. Building Automation Frameworks for Systems Integration
Jenkins Pipeline @ Scale. Building Automation Frameworks for Systems IntegrationJenkins Pipeline @ Scale. Building Automation Frameworks for Systems Integration
Jenkins Pipeline @ Scale. Building Automation Frameworks for Systems IntegrationOleg Nenashev
 
Techniques for scaling application with security and visibility in cloud
Techniques for scaling application with security and visibility in cloudTechniques for scaling application with security and visibility in cloud
Techniques for scaling application with security and visibility in cloudAkshay Mathur
 
RohanJain_Resume
RohanJain_ResumeRohanJain_Resume
RohanJain_Resumerohan jain
 
RohanJain_Resume
RohanJain_ResumeRohanJain_Resume
RohanJain_Resumerohan jain
 
Agile Secure Cloud Application Development Management
Agile Secure Cloud Application Development ManagementAgile Secure Cloud Application Development Management
Agile Secure Cloud Application Development ManagementAdam Getchell
 
NUS-ISS Learning Day 2018- Designing software to make the most of cloud platf...
NUS-ISS Learning Day 2018- Designing software to make the most of cloud platf...NUS-ISS Learning Day 2018- Designing software to make the most of cloud platf...
NUS-ISS Learning Day 2018- Designing software to make the most of cloud platf...NUS-ISS
 
Building front-end apps that Scale - FOSDEM 2014
Building front-end apps that Scale - FOSDEM 2014Building front-end apps that Scale - FOSDEM 2014
Building front-end apps that Scale - FOSDEM 2014Phil Leggetter
 
CASE STUDY: UK NATIONAL HEALTH SERVICE
CASE STUDY: UK NATIONAL HEALTH SERVICECASE STUDY: UK NATIONAL HEALTH SERVICE
CASE STUDY: UK NATIONAL HEALTH SERVICEForgeRock
 
Growing an API Culture - APIdays LIVE AU 2020
Growing an API Culture - APIdays LIVE AU 2020Growing an API Culture - APIdays LIVE AU 2020
Growing an API Culture - APIdays LIVE AU 2020Saul Caganoff
 
Modern web application development with java ee 7
Modern web application development with java ee 7Modern web application development with java ee 7
Modern web application development with java ee 7Shekhar Gulati
 

Similar to Presentation (20)

Product Camp Silicon Valley 2018 - PM Technical Skills
Product Camp Silicon Valley 2018 - PM Technical SkillsProduct Camp Silicon Valley 2018 - PM Technical Skills
Product Camp Silicon Valley 2018 - PM Technical Skills
 
Designing an unobtrusive analytics framework for monitoring java applications...
Designing an unobtrusive analytics framework for monitoring java applications...Designing an unobtrusive analytics framework for monitoring java applications...
Designing an unobtrusive analytics framework for monitoring java applications...
 
Overcoming software development challenges by using an integrated software fr...
Overcoming software development challenges by using an integrated software fr...Overcoming software development challenges by using an integrated software fr...
Overcoming software development challenges by using an integrated software fr...
 
20141210 - Microservice Container
20141210 - Microservice Container20141210 - Microservice Container
20141210 - Microservice Container
 
InfluxDB 2.0 Client Libraries by Noah Crowley
InfluxDB 2.0 Client Libraries by Noah CrowleyInfluxDB 2.0 Client Libraries by Noah Crowley
InfluxDB 2.0 Client Libraries by Noah Crowley
 
(ATS6-DEV02) Web Application Strategies
(ATS6-DEV02) Web Application Strategies(ATS6-DEV02) Web Application Strategies
(ATS6-DEV02) Web Application Strategies
 
A Tool for Optimizing Java 8 Stream Software via Automated Refactoring
A Tool for Optimizing Java 8 Stream Software via Automated RefactoringA Tool for Optimizing Java 8 Stream Software via Automated Refactoring
A Tool for Optimizing Java 8 Stream Software via Automated Refactoring
 
WebLogic Event Server - Alexandre Alves, BEA
WebLogic Event Server - Alexandre Alves, BEAWebLogic Event Server - Alexandre Alves, BEA
WebLogic Event Server - Alexandre Alves, BEA
 
New life inside monolithic application
New life inside monolithic applicationNew life inside monolithic application
New life inside monolithic application
 
Jenkins Pipeline @ Scale. Building Automation Frameworks for Systems Integration
Jenkins Pipeline @ Scale. Building Automation Frameworks for Systems IntegrationJenkins Pipeline @ Scale. Building Automation Frameworks for Systems Integration
Jenkins Pipeline @ Scale. Building Automation Frameworks for Systems Integration
 
Techniques for scaling application with security and visibility in cloud
Techniques for scaling application with security and visibility in cloudTechniques for scaling application with security and visibility in cloud
Techniques for scaling application with security and visibility in cloud
 
RohanJain_Resume
RohanJain_ResumeRohanJain_Resume
RohanJain_Resume
 
RohanJain_Resume
RohanJain_ResumeRohanJain_Resume
RohanJain_Resume
 
Agile Secure Cloud Application Development Management
Agile Secure Cloud Application Development ManagementAgile Secure Cloud Application Development Management
Agile Secure Cloud Application Development Management
 
NUS-ISS Learning Day 2018- Designing software to make the most of cloud platf...
NUS-ISS Learning Day 2018- Designing software to make the most of cloud platf...NUS-ISS Learning Day 2018- Designing software to make the most of cloud platf...
NUS-ISS Learning Day 2018- Designing software to make the most of cloud platf...
 
Building front-end apps that Scale - FOSDEM 2014
Building front-end apps that Scale - FOSDEM 2014Building front-end apps that Scale - FOSDEM 2014
Building front-end apps that Scale - FOSDEM 2014
 
Arnab Chakraborty CV
Arnab Chakraborty CVArnab Chakraborty CV
Arnab Chakraborty CV
 
CASE STUDY: UK NATIONAL HEALTH SERVICE
CASE STUDY: UK NATIONAL HEALTH SERVICECASE STUDY: UK NATIONAL HEALTH SERVICE
CASE STUDY: UK NATIONAL HEALTH SERVICE
 
Growing an API Culture - APIdays LIVE AU 2020
Growing an API Culture - APIdays LIVE AU 2020Growing an API Culture - APIdays LIVE AU 2020
Growing an API Culture - APIdays LIVE AU 2020
 
Modern web application development with java ee 7
Modern web application development with java ee 7Modern web application development with java ee 7
Modern web application development with java ee 7
 

More from Ptidej Team

From IoT to Software Miniaturisation
From IoT to Software MiniaturisationFrom IoT to Software Miniaturisation
From IoT to Software MiniaturisationPtidej Team
 
Presentation by Lionel Briand
Presentation by Lionel BriandPresentation by Lionel Briand
Presentation by Lionel BriandPtidej Team
 
Azadeh Kermansaravi
Azadeh KermansaraviAzadeh Kermansaravi
Azadeh KermansaraviPtidej Team
 
CSED - Manel Grichi
CSED - Manel GrichiCSED - Manel Grichi
CSED - Manel GrichiPtidej Team
 
Cristiano Politowski
Cristiano PolitowskiCristiano Politowski
Cristiano PolitowskiPtidej Team
 
Will io t trigger the next software crisis
Will io t trigger the next software crisisWill io t trigger the next software crisis
Will io t trigger the next software crisisPtidej Team
 
Thesis+of+laleh+eshkevari.ppt
Thesis+of+laleh+eshkevari.pptThesis+of+laleh+eshkevari.ppt
Thesis+of+laleh+eshkevari.pptPtidej Team
 
Thesis+of+nesrine+abdelkafi.ppt
Thesis+of+nesrine+abdelkafi.pptThesis+of+nesrine+abdelkafi.ppt
Thesis+of+nesrine+abdelkafi.pptPtidej Team
 
Thesis+of+étienne+duclos.ppt
Thesis+of+étienne+duclos.pptThesis+of+étienne+duclos.ppt
Thesis+of+étienne+duclos.pptPtidej Team
 

More from Ptidej Team (20)

From IoT to Software Miniaturisation
From IoT to Software MiniaturisationFrom IoT to Software Miniaturisation
From IoT to Software Miniaturisation
 
Presentation
PresentationPresentation
Presentation
 
Presentation by Lionel Briand
Presentation by Lionel BriandPresentation by Lionel Briand
Presentation by Lionel Briand
 
Azadeh Kermansaravi
Azadeh KermansaraviAzadeh Kermansaravi
Azadeh Kermansaravi
 
Mouna Abidi
Mouna AbidiMouna Abidi
Mouna Abidi
 
CSED - Manel Grichi
CSED - Manel GrichiCSED - Manel Grichi
CSED - Manel Grichi
 
Cristiano Politowski
Cristiano PolitowskiCristiano Politowski
Cristiano Politowski
 
Will io t trigger the next software crisis
Will io t trigger the next software crisisWill io t trigger the next software crisis
Will io t trigger the next software crisis
 
MIPA
MIPAMIPA
MIPA
 
Thesis+of+laleh+eshkevari.ppt
Thesis+of+laleh+eshkevari.pptThesis+of+laleh+eshkevari.ppt
Thesis+of+laleh+eshkevari.ppt
 
Thesis+of+nesrine+abdelkafi.ppt
Thesis+of+nesrine+abdelkafi.pptThesis+of+nesrine+abdelkafi.ppt
Thesis+of+nesrine+abdelkafi.ppt
 
Medicine15.ppt
Medicine15.pptMedicine15.ppt
Medicine15.ppt
 
Qrs17b.ppt
Qrs17b.pptQrs17b.ppt
Qrs17b.ppt
 
Icpc11c.ppt
Icpc11c.pptIcpc11c.ppt
Icpc11c.ppt
 
Icsme16.ppt
Icsme16.pptIcsme16.ppt
Icsme16.ppt
 
Msr17a.ppt
Msr17a.pptMsr17a.ppt
Msr17a.ppt
 
Icsoc15.ppt
Icsoc15.pptIcsoc15.ppt
Icsoc15.ppt
 
Thesis+of+étienne+duclos.ppt
Thesis+of+étienne+duclos.pptThesis+of+étienne+duclos.ppt
Thesis+of+étienne+duclos.ppt
 
Icsoc16b.ppt
Icsoc16b.pptIcsoc16b.ppt
Icsoc16b.ppt
 
Msr17c.ppt
Msr17c.pptMsr17c.ppt
Msr17c.ppt
 

Recently uploaded

The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdf
The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdfThe Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdf
The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdfkalichargn70th171
 
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...soniya singh
 
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsUnveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsAlberto González Trastoy
 
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...kellynguyen01
 
HR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comHR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comFatema Valibhai
 
why an Opensea Clone Script might be your perfect match.pdf
why an Opensea Clone Script might be your perfect match.pdfwhy an Opensea Clone Script might be your perfect match.pdf
why an Opensea Clone Script might be your perfect match.pdfjoe51371421
 
DNT_Corporate presentation know about us
DNT_Corporate presentation know about usDNT_Corporate presentation know about us
DNT_Corporate presentation know about usDynamic Netsoft
 
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer DataAdobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer DataBradBedford3
 
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...stazi3110
 
EY_Graph Database Powered Sustainability
EY_Graph Database Powered SustainabilityEY_Graph Database Powered Sustainability
EY_Graph Database Powered SustainabilityNeo4j
 
Call Girls in Naraina Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Naraina Delhi 💯Call Us 🔝8264348440🔝Call Girls in Naraina Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Naraina Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
chapter--4-software-project-planning.ppt
chapter--4-software-project-planning.pptchapter--4-software-project-planning.ppt
chapter--4-software-project-planning.pptkotipi9215
 
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...MyIntelliSource, Inc.
 
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed DataAlluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed DataAlluxio, Inc.
 
Engage Usergroup 2024 - The Good The Bad_The Ugly
Engage Usergroup 2024 - The Good The Bad_The UglyEngage Usergroup 2024 - The Good The Bad_The Ugly
Engage Usergroup 2024 - The Good The Bad_The UglyFrank van der Linden
 
Asset Management Software - Infographic
Asset Management Software - InfographicAsset Management Software - Infographic
Asset Management Software - InfographicHr365.us smith
 
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfLearn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfkalichargn70th171
 
Professional Resume Template for Software Developers
Professional Resume Template for Software DevelopersProfessional Resume Template for Software Developers
Professional Resume Template for Software DevelopersVinodh Ram
 
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...ICS
 
Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)OPEN KNOWLEDGE GmbH
 

Recently uploaded (20)

The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdf
The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdfThe Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdf
The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdf
 
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
 
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsUnveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
 
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
 
HR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comHR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.com
 
why an Opensea Clone Script might be your perfect match.pdf
why an Opensea Clone Script might be your perfect match.pdfwhy an Opensea Clone Script might be your perfect match.pdf
why an Opensea Clone Script might be your perfect match.pdf
 
DNT_Corporate presentation know about us
DNT_Corporate presentation know about usDNT_Corporate presentation know about us
DNT_Corporate presentation know about us
 
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer DataAdobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
 
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
 
EY_Graph Database Powered Sustainability
EY_Graph Database Powered SustainabilityEY_Graph Database Powered Sustainability
EY_Graph Database Powered Sustainability
 
Call Girls in Naraina Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Naraina Delhi 💯Call Us 🔝8264348440🔝Call Girls in Naraina Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Naraina Delhi 💯Call Us 🔝8264348440🔝
 
chapter--4-software-project-planning.ppt
chapter--4-software-project-planning.pptchapter--4-software-project-planning.ppt
chapter--4-software-project-planning.ppt
 
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
 
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed DataAlluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
 
Engage Usergroup 2024 - The Good The Bad_The Ugly
Engage Usergroup 2024 - The Good The Bad_The UglyEngage Usergroup 2024 - The Good The Bad_The Ugly
Engage Usergroup 2024 - The Good The Bad_The Ugly
 
Asset Management Software - Infographic
Asset Management Software - InfographicAsset Management Software - Infographic
Asset Management Software - Infographic
 
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfLearn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
 
Professional Resume Template for Software Developers
Professional Resume Template for Software DevelopersProfessional Resume Template for Software Developers
Professional Resume Template for Software Developers
 
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
 
Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)
 

Presentation

  • 1. Codifying Hidden Dependencies in Legacy J2EE Applications Geoffrey Hecht, Hafedh Mili, Ghizlane Elboussaidi, Anis Boubaker, Manel Abdellatif, Yann-Gael Guéhéneuc, Anas Shatnawi, Jean Privat, Naouel Moha
  • 2. The problem What happens when I press the Search button? Two subsidiary questions: APSEC 2018 2
  • 3. The problem What happens when I press the Search button? Two subsidiary questions: • Why do I care? APSEC 2018 2
  • 4. The problem What happens when I press the Search button? Two subsidiary questions: • Why do I care? • Why is that complicated? APSEC 2018 2
  • 5. Why is that complicated? Modern and recent legacy applications are: APSEC 2018 3
  • 6. Why is that complicated? Modern and recent legacy applications are: • Multi-tier APSEC 2018 3
  • 7. Why is that complicated? Modern and recent legacy applications are: • Multi-tier • Multi-language APSEC 2018 3
  • 8. Why is that complicated? Modern and recent legacy applications are: • Multi-tier • Multi-language • Complex late-bound control mechanisms APSEC 2018 3
  • 9. Why is that complicated? Modern and recent legacy applications are: • Multi-tier • Multi-language • Complex late-bound control mechanisms • Configuration files APSEC 2018 3
  • 10. Why is that complicated? Modern and recent legacy applications are: • Multi-tier • Multi-language • Complex late-bound control mechanisms • Configuration files • Run-time data-driven APSEC 2018 3
  • 11. Why is that complicated? Modern and recent legacy applications are: • Multi-tier • Multi-language • Complex late-bound control mechanisms • Configuration files • Run-time data-driven • Reflection capabilities APSEC 2018 3
  • 12. Why is that complicated? Modern and recent legacy applications are: • Multi-tier • Multi-language • Complex late-bound control mechanisms • Configuration files • Run-time data-driven • Reflection capabilities • Rely on frameworks and containers for various services APSEC 2018 3
  • 14. Configuration files • Assign property values APSEC 2018 4
  • 15. Configuration files • Assign property values • Link intensions to extensions APSEC 2018 4
  • 16. Configuration files • Assign property values • Link intensions to extensions • Link interfaces to implementations InterfaceClient code references Class A Class B Class C implements Binding specified in configuration files APSEC 2018 4
  • 17. Configuration files • Assign property values • Link intensions to extensions • Link interfaces to implementations • Etc. InterfaceClient code references Class A Class B Class C implements Binding specified in configuration files APSEC 2018 4
  • 18. Containers and frameworks • Relieve developers from the burden of invoking infrastructure services • Connect different pieces of user code using “hidden” mechanisms • Don’t call us, we will call you • Static code analysis won’t allow you to know when we will call you APSEC 2018 5
  • 19. Why do we care? APSEC 2018 6
  • 20. Why do we care? • Debugging APSEC 2018 6
  • 21. Why do we care? • Debugging • Help connect client-side with server-side traces! APSEC 2018 6
  • 22. Why do we care? • Debugging • Help connect client-side with server-side traces! • Change impact analysis APSEC 2018 6
  • 23. Why do we care? • Debugging • Help connect client-side with server-side traces! • Change impact analysis • Help propagate or anticipate changes to different parts of the application APSEC 2018 6
  • 24. Why do we care? • Debugging • Help connect client-side with server-side traces! • Change impact analysis • Help propagate or anticipate changes to different parts of the application • Maintenance APSEC 2018 6
  • 25. Why do we care? • Debugging • Help connect client-side with server-side traces! • Change impact analysis • Help propagate or anticipate changes to different parts of the application • Maintenance • Understand the program to modify it APSEC 2018 6
  • 26. Why do we care? • Debugging • Help connect client-side with server-side traces! • Change impact analysis • Help propagate or anticipate changes to different parts of the application • Maintenance • Understand the program to modify it • Reengineering APSEC 2018 6
  • 27. Why do we care? • Debugging • Help connect client-side with server-side traces! • Change impact analysis • Help propagate or anticipate changes to different parts of the application • Maintenance • Understand the program to modify it • Reengineering • Migrating an application from a source style to a destination style • Use program “dependency structures” as inputs to identify potential components in the target architecture APSEC 2018 6
  • 28. Plan • Context • A general approach to deriving program “dependency structures” for J2EE applications • Codifying container dependencies • Evaluation • Discussion APSEC 2018 7
  • 29. General approach Modern and recent legacy applications are: APSEC 2018 8
  • 30. General approach Modern and recent legacy applications are: •Multi-tier APSEC 2018 8
  • 31. General approach Modern and recent legacy applications are: •Multi-tier • Analyze the various tiers together within the same “namespace” APSEC 2018 8
  • 32. General approach Modern and recent legacy applications are: •Multi-tier •Multi-language • Analyze the various tiers together within the same “namespace” APSEC 2018 8
  • 33. General approach Modern and recent legacy applications are: •Multi-tier •Multi-language • Analyze the various tiers together within the same “namespace” • Use a language independent representation of software artefacts (OMG’s KDM) • Parse the various artefacts into that representation APSEC 2018 8
  • 34. General approach Modern and recent legacy applications are: •Multi-tier •Multi-language •Complex late-bound control mechanisms • Configuration files • Analyze the various tiers together within the same “namespace” • Use a language independent representation of software artefacts (OMG’s KDM) • Parse the various artefacts into that representation APSEC 2018 8
  • 35. General approach Modern and recent legacy applications are: •Multi-tier •Multi-language •Complex late-bound control mechanisms • Configuration files • Analyze the various tiers together within the same “namespace” • Use a language independent representation of software artefacts (OMG’s KDM) • Parse the various artefacts into that representation • Analyze configuration files APSEC 2018 8
  • 36. General approach Modern and recent legacy applications are: •Multi-tier •Multi-language •Complex late-bound control mechanisms • Configuration files • Run-time data-driven • Reflection capabilities • Analyze the various tiers together within the same “namespace” • Use a language independent representation of software artefacts (OMG’s KDM) • Parse the various artefacts into that representation • Analyze configuration files APSEC 2018 8
  • 37. General approach Modern and recent legacy applications are: •Multi-tier •Multi-language •Complex late-bound control mechanisms • Configuration files • Run-time data-driven • Reflection capabilities • Analyze the various tiers together within the same “namespace” • Use a language independent representation of software artefacts (OMG’s KDM) • Parse the various artefacts into that representation • Analyze configuration files • Perform limited scope data flow analysis to circumscribe possibilities APSEC 2018 8
  • 38. General approach Modern and recent legacy applications are: •Multi-tier •Multi-language •Complex late-bound control mechanisms • Configuration files • Run-time data-driven • Reflection capabilities •Rely on frameworks and containers for various services • Analyze the various tiers together within the same “namespace” • Use a language independent representation of software artefacts (OMG’s KDM) • Parse the various artefacts into that representation • Analyze configuration files • Perform limited scope data flow analysis to circumscribe possibilities APSEC 2018 8
  • 39. General approach Modern and recent legacy applications are: •Multi-tier •Multi-language •Complex late-bound control mechanisms • Configuration files • Run-time data-driven • Reflection capabilities •Rely on frameworks and containers for various services • Analyze the various tiers together within the same “namespace” • Use a language independent representation of software artefacts (OMG’s KDM) • Parse the various artefacts into that representation • Analyze configuration files • Perform limited scope data flow analysis to circumscribe possibilities • Explicit codification of container services dependencies APSEC 2018 8
  • 40. Completing the app. dependency graph APSEC 2018 9
  • 41. Plan • Context • A general approach to deriving program “dependency structures” for J2EE applications • Codifying container dependencies • Evaluation • Discussion APSEC 2018 10
  • 43. Codifying container dependencies Preparation phase: • Study the container / technology at hand Technology specs APSEC 2018 11
  • 44. Codifying container dependencies Preparation phase: • Study the container / technology at hand • Codify its dependencies as: • if <code pattern> then <add relationship> Technology specs Dependency rules codify APSEC 2018 11
  • 45. Codifying container dependencies Preparation phase: • Study the container / technology at hand • Codify its dependencies as: • if <code pattern> then <add relationship> Usage phase: Technology specs Dependency rules codify APSEC 2018 11
  • 46. Codifying container dependencies Preparation phase: • Study the container / technology at hand • Codify its dependencies as: • if <code pattern> then <add relationship> Usage phase: Technology specs Dependency rules codify Hello abcdd xys call function what have youHello abcdd xys call function what have you Hello abcdd xys call function what h Application to be analyzed APSEC 2018 11
  • 47. Codifying container dependencies Preparation phase: • Study the container / technology at hand • Codify its dependencies as: • if <code pattern> then <add relationship> Usage phase: •Analyze the input applications to generate KDM model Technology specs Dependency rules codify KDM model Modisco discoverers Hello abcdd xys call function what have youHello abcdd xys call function what have you Hello abcdd xys call function what h Application to be analyzed APSEC 2018 11
  • 48. Codifying container dependencies Preparation phase: • Study the container / technology at hand • Codify its dependencies as: • if <code pattern> then <add relationship> Usage phase: •Analyze the input applications to generate KDM model •Execute the dependency rules on KDM model to add container call dependencies Technology specs Dependency rules codify KDM model augmented KDM model Rule engine Modisco discoverers Hello abcdd xys call function what have youHello abcdd xys call function what have you Hello abcdd xys call function what h Application to be analyzed APSEC 2018 11
  • 49. Example: if call to Home.create(...) → add call to BeanClass.ejbCreate(…) APSEC 2018 12
  • 50. Example: if call to Home.create(...) → add call to BeanClass.ejbCreate(…) APSEC 2018 12
  • 51. Example: if call to Home.create(...) → add call to BeanClass.ejbCreate(…) APSEC 2018 12
  • 53. Plan • Context • A general approach to deriving program “dependency structures” for J2EE applications • Codifying container dependencies • Evaluation • Discussion APSEC 2018 14
  • 54. Evaluation • Ideally: • How useful are the new dependencies to the task at hand • Component identification within the context of architectural migration? • Instead • “Technical” validation: • Are the rules correct? • Prevalence of container (hidden) dependencies in call relationships in practice • Effect of added dependencies on change impact analysis tasks APSEC 2018 15
  • 55. Prevalence of container dependencies APSEC 2018 16
  • 56. Change impact analysis with JRipples Petstore Changeset APSEC 2018 17
  • 57. Plan • Context • A general approach to deriving program “dependency structures” for J2EE applications • Codifying container dependencies • Evaluation • Discussion APSEC 2018 18