Java IoT Authors: Elizabeth White, Pat Romanski, Zakia Bouachraoui, William Schmarzo, Yeshim Deniz

Related Topics: Java IoT

Java IoT: Article

Detecting J2EE Problems Before They Happen

A runtime abstract application model derived automatically from app server using stored knowledge of Java EE construction

Note: This example is not an endorsement of initiating JTA transactions in servlets. That's another doubtful practice - and one that eoSense can also detect - but it's simpler to show the example this way.

Problem Explanation
By examining the alerts, and model entities and relationships, we can identify the elements of the problem:

  • There are two transactions, not one as expected
  • One transaction was initiated by the servlet; the other by the JMS session. The second transaction is unexpected.
Now we can use the model to map the problem back down to the source level. By selecting the JMS Session, as shown in Figure 6, we can examine the point at which it was created (source creation points are available for application-level entities):

The displayed source in Figure 7 shows that it's been created with the transaction attribute set to true:

If we want both the order and invoice JMS messages to form part of the same overriding JTA transaction, the transaction attribute (the first argument) should be false. And because the JMS Session-specified transaction was unintended there's no code present in the application to commit it (as the presence of the transaction in the eoSense view after order entry processing confirms). And even if the gross error of not committing the JMS-initiated transaction hadn't happened we would still have code that incorrectly creates two transactions, with the possibility of intermittent damaging inconsistencies.

Mixed Transactions Model Alert Query
The DMA model consists of the dynamic set of abstract entities and their relationships, a small part of which we've already examined. But what model trigger fired to signal the Mixed Transactions alert? eoSense defines query triggers as plug-in script inserts to its database, but the trigger can be expressed concisely as:

when relation Transaction_InitiatedBy created and relation.to.type == JMSSession and
exists( select Transaction t1 from Transactions
where relation.from.attribute.thread == t1.attribute.thread)

Having identified the key transaction and session entities, we can then navigate to related entities to show the full set of entities and relationships in the scope of the problem and relate these back to source-level statements. In the example, these are the creators of the original transaction and the problematic session.

JDBC Connection Not Closed Alert
If we continue, Figure 8 shows the next alert that appears.

This alert indicates that a JDBC Connection has not been closed before the methods using it have returned indicating inefficient use. The problem connection is indicated, with captured stacks showing its use without closure, mapping the problem back to the source code.

The image of the Server View in Figure 9 shows the direct access from the servlet to the DataSource (itself a doubtful practice which could be checked).

Connection not Closed Model Alert Query
This alert requires a model trigger to dynamically create a second trigger that then fires to indicate the problem:

when relation DataSource_Returned_Connection created
create Trigger(return,single) t1 on findFrame(method.returns(java.sql.Connection) == false)
when t1
connection.attribute('closed') == false)

Note that this rule is aimed at detecting an unsafe pattern of use. If we just wanted to detect connection leaks we could track references but the intention in DMA checking is to highlight unsafe program construction patterns (as well as obviously faulty ones) and so achieve code that's not just less wasteful, but more maintainable.

Doesn't visualization and modeling of this kind impose far too heavy a performance penalty? Well, no. The model is derived from efficient, highly constrained monitoring in the application server, the extent of which is dynamically controlled. The frequency of client updates for visualization can be set to any desired level, and the model can be examined only in retrospect, if that is preferred.

We've seen an example of Derived Model Analysis in action, deriving an entity-relationship model dynamically from an executing Java EE application, and using this to detect and, importantly, explain clearly serious structural problems that were not exhibiting any obvious effect and would not be obvious from the source code or from tracing application components.

eoSense can use DMA to represent visually almost all Java EE services and can monitor these independently or in combination. It can automatically detect a wide range of serious construction defects, with more detectors being added as new problem patterns are defined. It's clear that, as applications become increasingly based on standardized frameworks, automatically identifying design-level models from application execution and using those models to validate the applications becomes a real and powerful possibility.

More Stories By Alan West

Alan West is CTO of eoLogic (http://www.eologic.com), responsible for all product development. He was previously a founder of Object Software Technology Ltd, and has over 20 years of experience in software tool design and architecting large software systems.

More Stories By Gordon Cruickshank

Gordon Cruickshank is co-founder of eoLogic (http://www.eologic.com), a software tools company created to develop innovative testing and debugging solutions. He was previously development manager at Wind River Systems and Objective Software Technology, building C++ debugging and object visualization tools.

Comments (1)

Share your thoughts on this story.

Add your comment
You must be signed in to add a comment. Sign-in | Register

In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.

IoT & Smart Cities Stories
Atmosera delivers modern cloud services that maximize the advantages of cloud-based infrastructures. Offering private, hybrid, and public cloud solutions, Atmosera works closely with customers to engineer, deploy, and operate cloud architectures with advanced services that deliver strategic business outcomes. Atmosera's expertise simplifies the process of cloud transformation and our 20+ years of experience managing complex IT environments provides our customers with the confidence and trust tha...
With the introduction of IoT and Smart Living in every aspect of our lives, one question has become relevant: What are the security implications? To answer this, first we have to look and explore the security models of the technologies that IoT is founded upon. In his session at @ThingsExpo, Nevi Kaja, a Research Engineer at Ford Motor Company, discussed some of the security challenges of the IoT infrastructure and related how these aspects impact Smart Living. The material was delivered interac...
Intel is an American multinational corporation and technology company headquartered in Santa Clara, California, in the Silicon Valley. It is the world's second largest and second highest valued semiconductor chip maker based on revenue after being overtaken by Samsung, and is the inventor of the x86 series of microprocessors, the processors found in most personal computers (PCs). Intel supplies processors for computer system manufacturers such as Apple, Lenovo, HP, and Dell. Intel also manufactu...
Darktrace is the world's leading AI company for cyber security. Created by mathematicians from the University of Cambridge, Darktrace's Enterprise Immune System is the first non-consumer application of machine learning to work at scale, across all network types, from physical, virtualized, and cloud, through to IoT and industrial control systems. Installed as a self-configuring cyber defense platform, Darktrace continuously learns what is ‘normal' for all devices and users, updating its understa...
At CloudEXPO Silicon Valley, June 24-26, 2019, Digital Transformation (DX) is a major focus with expanded DevOpsSUMMIT and FinTechEXPO programs within the DXWorldEXPO agenda. Successful transformation requires a laser focus on being data-driven and on using all the tools available that enable transformation if they plan to survive over the long term. A total of 88% of Fortune 500 companies from a generation ago are now out of business. Only 12% still survive. Similar percentages are found throug...
Apptio fuels digital business transformation. Technology leaders use Apptio's machine learning to analyze and plan their technology spend so they can invest in products that increase the speed of business and deliver innovation. With Apptio, they translate raw costs, utilization, and billing data into business-centric views that help their organization optimize spending, plan strategically, and drive digital strategy that funds growth of the business. Technology leaders can gather instant recomm...
OpsRamp is an enterprise IT operation platform provided by US-based OpsRamp, Inc. It provides SaaS services through support for increasingly complex cloud and hybrid computing environments from system operation to service management. The OpsRamp platform is a SaaS-based, multi-tenant solution that enables enterprise IT organizations and cloud service providers like JBS the flexibility and control they need to manage and monitor today's hybrid, multi-cloud infrastructure, applications, and wor...
The Master of Science in Artificial Intelligence (MSAI) provides a comprehensive framework of theory and practice in the emerging field of AI. The program delivers the foundational knowledge needed to explore both key contextual areas and complex technical applications of AI systems. Curriculum incorporates elements of data science, robotics, and machine learning-enabling you to pursue a holistic and interdisciplinary course of study while preparing for a position in AI research, operations, ...
Codete accelerates their clients growth through technological expertise and experience. Codite team works with organizations to meet the challenges that digitalization presents. Their clients include digital start-ups as well as established enterprises in the IT industry. To stay competitive in a highly innovative IT industry, strong R&D departments and bold spin-off initiatives is a must. Codete Data Science and Software Architects teams help corporate clients to stay up to date with the mod...
In his session at 21st Cloud Expo, Raju Shreewastava, founder of Big Data Trunk, provided a fun and simple way to introduce Machine Leaning to anyone and everyone. He solved a machine learning problem and demonstrated an easy way to be able to do machine learning without even coding. Raju Shreewastava is the founder of Big Data Trunk (www.BigDataTrunk.com), a Big Data Training and consulting firm with offices in the United States. He previously led the data warehouse/business intelligence and Bi...