ABSTRACT
Many tools for automated testing, model checking, and debugging store and restore program states multiple times. Storing/restoring a program state is commonly done with serialization/deserialization. Traditionally, the format for stored states is based on data: serialization generates the data that encodes the state, and deserialization interprets this data to restore the state. We propose a new approach, called CoDeSe, where the format for stored states is based on code: serialization generates code whose execution restores the state, and deserialization simply executes the code. We implemented CoDeSe in Java and performed a number of experiments on deserialization of states. CoDeSe provides on average more than 6X speedup over the highly optimized deserialization from the standard Java library. Our new format also allows simple parallel deserialization that can provide additional speedup on top of the sequential CoDeSe but only for larger states.
- N. Abu-Ghazaleh and M. J. Lewis. Differential deserialization for optimized SOAP performance. In SC, 2005. Google ScholarDigital Library
- N. Abu-Ghazaleh, M. J. Lewis, and M. Govindaraju. Differential serialization for optimized SOAP performance. In HPDC, 2004. Google ScholarDigital Library
- B. Aktemur, J. Jones, S. N. Kamin, and L. Clausen. Optimizing marshalling by run-time program generation. In GPCE, 2005. Google ScholarDigital Library
- S. Artzi, S. Kim, and M. D. Ernst. ReCrash: Making software failures reproducible by preserving object states. In ECOOP, 2008. Google ScholarDigital Library
- Apache Avro home page. http://avro.apache.org/.Google Scholar
- J. Barnat, L. Brim, and P. Simecek. Cluster-based I/O-efficient LTL model checking. 2009.Google Scholar
- Dojo home page. http://dojotoolkit.org/.Google Scholar
- S. G. Elbaum, H. N. Chin, M. B. Dwyer, and J. Dokulil. Carving differential unit test cases from system test cases. In FSE, 2006. Google ScholarDigital Library
- S. G. Elbaum, H. N. Chin, M. B. Dwyer, and M. Jorde. Carving and replaying differential unit test cases from system test cases. TSE, 2009. Google ScholarDigital Library
- P. Godefroid. Model checking for programming languages using VeriSoft. In POPL, 1997. Google ScholarDigital Library
- J. Gosling, B. Joy, G. Steele, and G. Bracha. The Java Language Specification. Sun Microsystems, Inc., 2005.Google Scholar
- T. Gvero, M. Gligoric, S. Lauterburg, M. d'Amorim, D. Marinov, and S. Khurshid. State extensions for Java PathFinder. In ICSE Demo, 2008. Google ScholarDigital Library
- V. Hrubá, B. Krena, and T. Vojnar. Self-healing assurance based on bounded model checking. In EUROCAST, 2009. Google ScholarDigital Library
- R. Iosif. Exploiting heap symmetries in explicit-state model checking of software. In ASE, 2001. Google ScholarDigital Library
- Java PathFinder (JPF) home page. http://babelfish.arc.nasa.gov/trac/jpf/.Google Scholar
- H. Jaygarl, S. Kim, T. Xie, and C. K. Chang. OCAT: Object capture-based automated testing. In ISSTA, 2010. Google ScholarDigital Library
- Java class file format. http://java.sun.com/docs/books/jvms/second_edition/html/ClassFile.doc.html.Google Scholar
- Java Native Interface programmer's guide and specification. http://java.sun.com/docs/books/jni/html/fldmeth.html.Google Scholar
- M. Jorde, S. G. Elbaum, and M. B. Dwyer. Increasing test granularity by aggregating unit tests. In ASE, 2008. Google ScholarDigital Library
- S. Joshi and A. Orso. SCARPE: A technique and tool for selective capture and replay of program executions. In ICSM, 2007.Google ScholarCross Ref
- Java object serialization specification. http://download.oracle.com/javase/6/docs/platform/serialization/spec/serialTOC.html.Google Scholar
- JSON home page. http://www.json.org/.Google Scholar
- JSX home page. http://jsx.org/.Google Scholar
- S. Kamin, L. Clausen, and A. Jarvis. Jumbo: Run-time code generation for Java and its applications. In CGO, 2003. Google ScholarDigital Library
- P. Kumar and T. Baar. Using AOP for discovering and defining executable test cases. In Ershov Memorial Conference, 2009.Google Scholar
- A. Leitner, I. Ciupa, M. Oriol, B. Meyer, and A. Fiva. Contract driven development = test driven development - writing test cases. In ESEC/FSE, 2007. Google ScholarDigital Library
- A. Leitner, A. Pretschner, S. Mori, B. Meyer, and M. Oriol. On the effectiveness of test extraction without overhead. In ICST, 2009. Google ScholarDigital Library
- Q. Luo, S. Zhang, J. Zhao, and M. Hu. A lightweight and portable approach to making concurrent failures reproducible. In FASE, 2010. Google ScholarDigital Library
- L. B. Mesquita. Faster Java serialization. http://jserial.sourceforge.net/index.html.Google Scholar
- M. Musuvathi, S. Qadeer, T. Ball, G. Basler, P. A. Nainar, and I. Neamtiu. Finding and reproducing Heisenbugs in concurrent programs. In OSDI, 2008. Google ScholarDigital Library
- A. Orso, S. Joshi, M. Burger, and A. Zeller. Isolating relevant component interactions with JINSI. In WODA, 2006. Google ScholarDigital Library
- C. Pacheco, S. K. Lahiri, M. D. Ernst, and T. Ball. Feedback-directed random test generation. In ICSE, 2007. Google ScholarDigital Library
- R. Pelanek. Typical structural properties of state spaces. In SPIN Workshop, 2004.Google ScholarCross Ref
- Protocol Buffers home page. http://code.google.com/apis/protocolbuffers/.Google Scholar
- G. Roşu and T. F. şerbănuţă. An overview of the K semantic framework. Journal of Logic and Algebraic Programming, 2010.Google Scholar
- V. Saraswat, B. Bloom, I. Peshansky, O. Tardieu, and D. Grove. Report on the programming language X10, 2010.Google Scholar
- B. Shah, P. R. Rao, B. Moon, and M. Rajagopalan. A data parallel algorithm for XML DOM parsing. In International XML Database Symposium, 2009. Google ScholarDigital Library
- W. Tansey and E. Tilevich. Efficient automated marshaling of C++ data structures for MPI applications. In IPDPS, 2008.Google ScholarCross Ref
- W. Visser, K. Havelund, G. Brat, and S. Park. Model checking programs. J-ASE, 2003. Google ScholarDigital Library
- XStream home page. http://xstream.codehaus.org/index.html.Google Scholar
- G. Xu, A. Rountev, Y. Tang, and F. Qin. Efficient checkpointing of Java software using context-sensitive capture and replay. In ESEC/FSE, 2007. Google ScholarDigital Library
Index Terms
- CoDeSe: fast deserialization via code generation
Recommendations
An In-depth Study of Java Deserialization Remote-Code Execution Exploits and Vulnerabilities
Nowadays, an increasing number of applications use deserialization. This technique, based on rebuilding the instance of objects from serialized byte streams, can be dangerous since it can open the application to attacks such as remote code execution (RCE) ...
An MDE Approach to Generate Schemas for Object-document Mappers
MODELSWARD 2017: Proceedings of the 5th International Conference on Model-Driven Engineering and Software DevelopmentMost NoSQL systems are schemaless. This lack of schema offers a greater flexibility than relational systems.
However, this comes at the cost of losing benefits such as the static checking that assure that stored data
conforms to the database schema. ...
Exploring the portability and extensibility of XML schema generated web applications
ACM-SE 43: Proceedings of the 43rd annual Southeast regional conference - Volume 2This project explores the portability and extensibility of XML schema generated web applications, by implementing an application that can generate web applications in different technologies combinations, using a single XML document to define data ...
Comments