When building enterprise applications (EAs) on Java frameworks (e.g., Spring), developers often configure application components via metadata (i.e., Java annotations and XML files). It is challenging for developers to correctly use metadata, because the usage rules can be complex and existing tools provide limited assistance. When developers misuse metadata, EAs become misconfigured, which defects can trigger erroneous runtime behaviors or introduce security vulnerabilities. To help developers correctly use metadata, this paper presents (1) RSL—a domain-specific language that domain experts can adopt to prescribe metadata checking rules, and (2) MeCheck —a tool that takes in RSL rules and EAs to check for rule violations.
With RSL, domain experts (e.g., developers of a Java framework) can specify metadata checking rules by defining content consistency among XML files, annotations, and Java code. Given such RSL rules and a program to scan, MeCheck interprets rules as cross-file static analyzers, which analyzers scan Java and/or XML files to gather information and look for consistency violations. For evaluation, we studied the Spring and JUnit documentation to manually define 15 rules, and created 2 datasets with 115 open-source EAs. The first dataset includes 45 EAs, and the ground truth of 45 manually injected bugs. The second dataset includes multiple versions of 70 EAs. We observed that MeCheck identified bugs in the first dataset with 100% precision, 96% recall, and 98% F-score. It reported 156 bugs in the second dataset, 53 of which bugs were already fixed by developers. Our evaluation shows that MeCheck helps ensure the correct usage of metadata.
Mon 23 JunDisplayed time zone: Amsterdam, Berlin, Bern, Rome, Stockholm, Vienna change
10:30 - 12:20 | Bug DetectionResearch Papers / Industry Papers / Demonstrations / Journal First at Aurora B Chair(s): Lingming Zhang University of Illinois at Urbana-Champaign | ||
10:30 20mTalk | Yuga: Automatically Detecting Lifetime Annotation Bugs in the Rust Language Journal First Vikram Nitin Columbia University, Anne Mulhern Red Hat Inc, Sanjay Arora Red Hat Inc, Baishakhi Ray Columbia University | ||
10:50 10mTalk | SpecChecker-Int: An Extensible Concurrency Bugs Detection Tool for Interrupt-driven Embedded Software Demonstrations Boxiang Wang Beijing Sunwise Information Technology Ltd, Chao Li Beijing Institute of Control Engineering; Beijing Sunwise Information Technology, Rui Chen Beijing Institute of Control Engineering; Beijing Sunwise Information Technology, Sheng Wang Beijing Sunwise Information Technology Ltd, Chunpeng Jia Beijing Sunwise Information Technology Ltd, Mengfei Yang China Academy of Space Technology | ||
11:00 20mTalk | dl²: Detecting Communication Deadlocks in Deep Learning Jobs Industry Papers Yanjie Gao Microsoft Research, Jiyu Luo University of Science and Technology of China, Haoxiang Lin Microsoft Research, Hongyu Zhang Chongqing University, Ming Wu Zero Gravity Labs, Mao Yang Microsoft Research DOI Pre-print | ||
11:20 20mTalk | Detecting Metadata-Related Bugs in Enterprise Applications Research Papers Md Mahir Asef Kabir Virginia Tech, Xiaoyin Wang University of Texas at San Antonio, Na Meng Virginia Tech DOI | ||
11:40 20mTalk | ROSCallBaX: Statically Detecting Inconsistencies In Callback Function Setup of Robotic Systems Research Papers Sayali Kate Purdue University, Yifei Gao Purdue University, Shiwei Feng Purdue University, Xiangyu Zhang Purdue University DOI | ||
12:00 20mTalk | Enhancing Web Accessibility: Automated Detection of Issues with Generative AI Research Papers Ziyao He University of California, Irvine, Syed Fatiul Huq University of California, Irvine, Sam Malek University of California at Irvine DOI | ||
Aurora B is the second room in the Aurora wing.
When facing the main Cosmos Hall, access to the Aurora wing is on the right, close to the side entrance of the hotel.