Showing papers on "Static program analysis published in 1997"

A decentralized model for information flow control

Abstract: This paper presents a new model for controlling information flo w in systems with mutual distrust and decentralized authority The model allows users to share information with distrusted code (eg, downloaded applets), yet still control how that code disseminates the shared information to others The model improves on existing multilevel security models by allowing users to declassify information in a decentralized way, and by improving support for fine-graineddata sharing The paper also shows how static program analysis can be used to certify proper information flo ws in this model and to avoid most run-time information flo w checks

Evaluation experiments on the detection of programming patterns using software metrics

Abstract: Cloning of code fragments in large systems is a common practice that may result in redundant code, higher maintenance costs, and less modular systems. The paper examines and evaluates the use of five data and control flow related metrics for identifying similar code fragments. The metrics are used as signatures for a code fragment. Matching on such signatures results in fast matching that can be used to locate instances of code cloning even in the presence of modifications such as changes in variable names, and insertion of statements. The paper takes an information retrieval approach and reports on experiments conducted for retrieving code fragments in three different software systems.

Some misconceptions about lines of code

Abstract: Source lines of code (SLOC) is perhaps the oldest of software metrics, and still a benchmark for evaluating new ones. Despite the extensive experience with the SLOC metric, there are still a number of misconceptions about it. The paper addresses three of them: (1) that the format of SLOC is relevant to how to properly count it (a simple experiment shows that, in fact, it does not matter), (2) that SLOC is most useful as a predictor of software quality (in fact it is most useful as a covariate of other predictors), and (3) that there is an important inverse relationship between defect density and code size (in fact, this is an arithmetic artifact of plotting bugs-per-SLOC against SLOC).

A C++ data model supporting reachability analysis and dead code detection

Abstract: A software repository provides a central information source for understanding and reengineering code in a software project. Complex reverse engineering tools can be built by analyzing information stored in the repository without reparsing the original source code. The most critical design aspect of a repository is its data model, which directly affects how effectively the repository supports various analysis tasks. This paper focuses on the design rationales behind a data model for a C++ software repository that supports reachability analysis and dead code detection at the declaration level. These two tasks are frequently needed in large software projects to help remove excess software baggage, select regression tests, and support software reuse studies. The language complexity introduced by class inheritance, friendships, and template instantiations in C++ requires a carefully designed model to catch all necessary dependencies for correct reachability analysis. We examine the major design decisions and their consequences in our model and illustrate how future software repositories can be evaluated for completeness at a selected abstraction level. Examples are given to illustrate how our model also supports variants of reachability analysis: impact analysis, class visibility analysis, and dead code detection. Finally, we discuss the implementation and experience of our analysis tools on a C++ software project.

Software reconfiguration engine

Abstract: Single users or workgroups interact with the reconfiguration engine through the software reconfiguration workbench. The target source code is reconfigured through a collection of semi-automated and fully automated processes in a step-by-step iterative technique. The system maintains a repository of data corresponding to the software entities being reconfigured. Several modules within the reconfiguration engine access this repository allowing the modules to perform a rigorous reconfiguration through a series of iterative refinements. The target source code is analyzed based on a user-configurable lexicon of keywords and also based on attribute tables maintained in the repository. Software entities undergoing change are tagged using a tagging system that denotes the type of change operation to be performed and the degree of certainty that the tag has been properly assigned. Impact analysis across the entire software system detects entities subject to change by monitoring data flow between software systems. Impact analysis thus identifies software entities that might otherwise have been overlooked. Source code changes are applied using code master templates selected based on the tags. New programs can also be generated using code master templates selected based on the tags which can be used to convert the data files in the system to correspond to the changed application code.

System for monitoring compute system performance

Abstract: A program for monitoring computer system performance includes a collection of source code modules in the form of a high level language. Each of the source code modules is compiled into a corresponding object code module. The object code modules are assembled into machine dependent code. The machine code is translated into a program module in the form of a machine independent register translation language. The program module is partitioned into basic program components. The basic program components include procedures, basic blocks within procedures, and instructions within basic blocks. Fundamental instrumentation routines identify, locate, and modify specific program components to be monitored. The modified basic program components are converted to an instrumented machine executable code to be executed in the computer system so that performance dam can be collected while the program is executing in the computer.

Development and application of an automated source code maintainability index

Abstract: When software maintenance results in changing the source code, the change frequently occurs in an undisciplined manner that results in source code that is inherently more difficult to maintain. The long-term effect may be thought of as a downward spiral that culminates in virtually ‘unmaintainable’ code where it is more cost effective to just start again. Too often, software personnel and managers, aware that the code is becoming less maintainable, have been unable to estimate with useful accuracy the degree to which maintainability has diminished. The result is that they either continue to waste time and money maintaining code which is effectively unmaintainable, or they opt to live with what seems to be bad code, not touching it for fear of breaking it. To avoid this state of affairs, software developers need to be able to quanitify both the current level of software maintainability and the impact on it of any given change. This paper discusses the application of software metrics as a tool for quantifying code maintainability and, by extension, for making decisions. The first part of the discussion focuses on deriving a minimal set of easily calculated metrics which, when taken together, can produce a single-valued quantification (or index) of code maintainability. Case studies are then presented which serve to illustrate not only the degree to which software can degrade over time, but how this ‘maintainability index’ (MI) can be used to quantify maintainability and aid decision making. Finally, a methodology for making metric assessments readily available to software personnel is presented so that they can now easily integrate maintainability metrics into maintenance (and development) processes. As a result, the downward spiral of code degradation becomes at least recognizable, hopefully less precipitous, and perhaps avoidable entirely. © 1997 by John Wiley & Sons, Ltd.

Architecture of a Source Code Exploration Tool: A Software Engineering Case Study1

Abstract: We discuss the design of a software system that helps software engineers (SE’s) to perform the task we call just in time comprehension (JITC) of large bodies of source code. We discuss the requirements for such a system and how they were gathered by studying SE’s at work. We then analyze our requirements with respect to other tools available to SE’s for the JITC task. Next, we walk through system design and the objectoriented analysis process for our system, discussing key design issues. Some issues, such as dealing with multi-part names and conditional compilation are unexpectedly complex.

A descriptor-based approach to OO code reuse

Abstract: The COOR (Classification of Object Oriented Code for Reuse) environment exploits the advantages of OO code to promote software reuse, performing classification and analysis using a software descriptor method based on a fuzzy query language for component retrieval. Fuzzy weighting mechanisms highlight relevant features of components for reuse in specific industrial application domains.

Automated chunking to support program comprehension

Abstract: We report on a program comprehension support tool called the Chunker. It partitions code into abstractions called candidate chunks using data dependency analysis and a set of heuristics. The candidate chunks can be mapped to programming and problem domain concepts by a software engineer and are useful for building mental models during comprehension. We describe the implementation of the Chunker, performance issues, and plans for tool enhancement.

Architecture of ASIS: a tool to support code analysis of complex systems

Abstract: Currie Colket, SPAWAR, Arlington, Virginia Gary Barnes, Rational Software Corporation, Santa Clara, California Steve Blake, Thomson Software Products, San Diego, California Dan Cooper, Boeing, Seattle, Washington Jesper Jcrgensen, DDC-I, Lyngby, Denmark Clyde Roby, IDA, Alexandria, Virginia Dan Rittersdorf, Concurrent Computer Corporation, Sparta, Michigan Dr. Sergey Rybin, Moscow State University, Moscow, Russia Dr. Alfred Strohmeier, Swiss Federal Institute of Technology, Lausanne, Switzerland Bill Thomas, MITRE, McLean, Virginia

A case study of domain-based program understanding

Abstract: Program understanding relates a computer program to the goals and requirements it is designed to accomplish. Understanding techniques that rely only on source code analysis are limited in their ability to derive this relationship. Application-domain analysis is another source of information that can aid program understanding by guiding the source analysis and providing structure to its results. This paper describes the application of a domain based program understanding process, Synchronized Refinement, to the problem of reverse engineering the Mosaic World Wide Web browser software. It discusses the domain analysis undertaken, the corresponding source code analysis we plan to perform, and the strengths and limitations of available automated tools.

Abstract Interpretation Based Static Analysis Parameterized by Semantics

Abstract: We review how the dependence upon semantics has been taken into account in abstract interpretation based program analysis and next propose to design general purpose abstract interpreters taking semantics as a parameter, either that of the program to be analyzed or that of a programming language.

S-Check: a tool for tuning parallel programs

Abstract: We present a novel tool, called S-Check, for identifying performance bottlenecks in parallel and networked programs. S-Check is a highly-automated sensitivity analysis tool for programs that extends benchmarking and conventional profiling. It predicts how refinements in parts of a program are going to affect performance by making focal changes in code efficiencies and correlating these against overall program performance. This analysis is a sophisticated comparison that catches interactions arising from shared resources or communication links. S-Check's performance assessment ranks code segments "bottleneck" according to their sensitivity to the code efficiency changes. This rank-ordered list serves as a guide for tuning applications. In practice, S-Check code analysis yields faster parallel programs. A case study compares and contrasts sensitivity analyses of the same program on different architectures and offers solutions for performance improvement. An initial implementation of S-Check runs on Silicon Graphics multiprocessors and IBM SP machines. Particulars of the underlying methodology are only sketched with main emphasis given to details of the tool S-Check and its use.

Code understanding through program transformation for reusable component identification

Abstract: Code understanding is the most essential step in all post delivery software activities such as software maintenance and reuse. In the Reverse-engineering Reuse Redevelopment Assistant (R/sup 3/ A), a tool aimed at providing a comprehensive approach for all post delivery software activities, code understanding has been addressed by reverse engineering through program transformation. The paper proposes a method to deal with this problem and discusses in detail how program transformation techniques, program comprehension techniques and the role of human knowledge are integrated into R/sup 3/ A, i.e., how they are used during reverse engineering to recognise reusable components, and how they are used by semantic interface analysis to represent formally reusable components. The experiments conducted strongly suggest the proposed method is a practical approach to software reuse.

PUI: a tool to support program understanding

Abstract: Static analysis tools are useful in extracting information from programs. Maintainers are more likely to be overloaded with information extracted from these analysis tools as programs grow in size. This paper outlines some of the theories and strategies of program comprehension and describes how the various strategies can be realised by a simple browsing tool, PUI (Program Understanding Implement), which allows maintainers to understand the relationships between program elements. The tool is based on a matrix of program relations designed to reflect the multi-dimensional nature of programs. This work is centred on the C programming language.

ASIS-based code analysis automation

Abstract: The Ada Semantic Interface Specification (ASIS) is an interface between an Ada environment and any tool requiring information from it. An Ada environment comprises valuable semantic and syntactic information that can be exploited for automated code analysis. ASIS provides an open and published callable interface that gives access to this information; further, ASIS has been designed to be independent of underlying Ada environment implementations, thus supporting portability of code analysis tools while relieving tool developers from needing to understand the complexities of an Ada environment's proprietary and evolving internal representation.

A reverse engineering approach to evaluate function point rules

Abstract: Function points are generally used for measuring software functional size from a user perspective. The paper is concerned with the problem of counting function points from source code using the function point analysis proposed by the International Function Point User Group (IFPUG) 1994 standards. The paper presents the Automated FP counting scope and objective, the presentation of an existing semi-formal model and the required extensions for the definition of four IFPUG rules. Then the authors propose reverse engineering techniques to address those four rules.

Analysis of Object-Oriented Programs Using Graphs

Abstract: Complex interdependencies between different parts of a system are a major problem for the maintenance, evolution, and reorganization of large programs. In an object-oriented system, such dependencies exist due to different kinds of interrelationships between the different kinds of entities which make up the system.

The source code analysis tool construction project

Abstract: Reuse Tapestry is a project at Momnouth University which covers a wide variety of topics in the area of software reuse. Issues addressed indude documentation of reusable assets, the certification of reusable assets, the successful application of domain engineering with Domain-Specific Kits (DSKs) for the efficient development of families of applications programs (product lines), management and other non-technical issues associated with reuse, technology transfer between the government, industry, and academia, and reuse and tool construction courseware development (both conventional courseware including a software reuse lab and courseware oriented toward distance learning that is presented using closed-circuit television). The focus of this paper is one of the most recent new projects under Reuse Tapestry -the SCATC (Source Code Analysis and Tool Construction) project (SCATC is pronounced “skat”). The SCATC project involves the creation of a DSK that contains generic reusable architectures backed by a software components library which can be used to create families of tools for source code analysis of both small and large (more than 1 million lines of code) software systems written in Ada83, Ada95 C, and C++ (more languages are on the way). The SCATC DSK is written in Ada95 and its architectures and components may be compiled using the GNU NYU Ada95 Translator, GNAT 3.09. A variation of the Synthesis process for software development, which is espoused by the Software Productivity Consortium, is used in the tool development, and Pcmhsion to make digihl/l~srd copies of lill or p.ut of tiu’s work for personaf or cl3srroom use is mted witl~out fee provided that copies are 110; nude or distributed fir profit or commerci~1 advaatage, the copyright notice, the tile ofthe public;ltion and its date zrppear. and notice is given Ulirt copying is by permission of ACM, Inc. To oopy othenwise, to republish, to post on servers, or to redistribute to Iii requires prior specific pennissioa andor a fee. 01997 ACMO-89791-9815i97IOO113.50 141 the SCATC DSK is in a continuous state of growth and enhancement as a result The courseware developed under Reuse Tapestry uses the SCATC project as a live example and a lab tool. The SCATC project is the culmination of more than five years of experience in writing source code analysis tools’ in Ada. The SCATC project is based in part on ideas gleaned from a tool construction project undertaken by the author when he worked for The MlTRE Corporation, where over 30 million lines of Ada83 software have been assessed for nine Program Managers at Fort Monmouth using tools written by the author. Now, the SCATC DSK provides a fonndation for the rapid development of more source code analysis tools. For more information on the Reuse Tapestry project and the SCATC project in particular, see the article on Reuse Tapeshy in the proceedings of the 11’ Annual Ada and Software Engineering Education Team {ASEET) Symposium’. Elements of Reuse Tapesfry, including the first &eased buiId of the SCATC DSK, are available in the Public Ada Library (PAL)3 and on the 14* Edition of the Walnut Creek Ada CDROM (which is scheduled to come out in November 1997 as a special edition for the T&Ada 97 conference). ’ Grace Baratta-Perez, Richard L. Corm, Chartes A. Fjnnell, aad Thomas 3. Walsh, “Ada System Dependency Analyxer Tool,” IEEE Computer, Volume 27, Number 2, February 1994, Pp. 49-55. ’ Richard L. Corm, “The Reuse Tapestry Project,” Proceedings of the 11” Annual ASEET Symposium, .Monmouth University, June lo-13,1997. 3 See the articles by Richard Corm on the PAL and the Walnut Creek Ada CDROM on pages 15-65 of the July/August 1997 issue of Ada Letters (Volume XVII, Number 4, published by the Association for Computing Machinery). The PAL is at httpz/Avuarchive.wustl.edu/hmguages/ad~pal.html. .--.-_--‘. :;,--$ ., -.~

SOLAT-a Simple Object-Oriented Language Analyzing Tool

Abstract: Static program analysis, like data-flow analysis, is of central importance for enabling efficient implementations of object-oriented languages. The authors present a tool called SOLAT (Simple Object-Oriented Language Analyzing Tool) which can handle various program analyses in an unique framework. They describe, as an example of program analysis, a type analysis based on interprocedural data-flow analysis and show its benefits by empirical results. Furthermore, SOLAT provides a graphical interface to manage the results obtained by type analysis and can therefore be successfully used as an annotation or debugging tool during program development.

Improving software quality by static program analysis

Abstract: This paper presents the results and conclusions obtained during a process improvement project of ABB Energy Information Systems, Germany. This project was executed in the context of ABB Energy Information Systems software process improvement activities. It was launched in order to collect experience in the usage of systematic static program analysis. We first give a brief overview on software development at ABB Energy Information Systems. Then we list the objectives of the project. After having given a short overview on the technique of static program analysis, we present in the main part of the paper our experience and conclusions. We do this by formulating and discussing nine major theses. © 1997 John Wiley & Sons Ltd

Retrospective exploration of safety properties in real-time concurrent systems

Abstract: Describes using cascading of two existing tools: Hyperbook for source code analysis to facilitate software understanding, and PARAGON, for static analysis of safety-critical real-time systems. The goal is to provide an efficient and scalable toolset that minimizes human interaction during analysis. The toolset operates directly on source code without the need for the user to come up with initial or intermediate specification. Such a specification is constructed automatically during the analysis. The toolset is applicable to analysis of legacy software as well as to validation of new software. It is oriented towards exhaustive static analysis of software, without resorting to simulation. The source code together with the description of its architecture and environment are presented as input. Hyperbook produces a set of state machines that represent the static view of the code. The state machines serve as input to PARAGON. PARAGON reports interleaved events, which are used for software understanding and testing. It can detect flaws such as whether deadlocks are possible or if any catastrophic events may occur. PARAGON can produce diagnostic information that is used to identify the source of the problem. A major concern in software reengineering is the size of the source software. Hyperbook partitions the source code into software units that conform with the given architectural view. PARAGON's formal analysis is performed in a modular and hierarchical fashion.

In methods we trust

Abstract: The degree to which you trust your environment-including co-workers, software tools and systems-has a dramatic impact on the performance of your entire software development team. If you can't trust someone during a code review, what are the chances the code review will be any good? I've become increasingly aware of another aspect of trust: the trust of a method. A method is a disciplined approach to problem solving that produces one or more well-defined outcomes. There appear to be two philosophies when it comes to trust and methods. One camp soundly rejects methods as a basis for trust: the only valid approach to problem solving is to identify specific problems systematically in their environment and solve these problems, one by one. The other camp takes the opposite approach, performing every process step by preparing all of the models (and other outcomes) defined by their method. The question is not whether you build software according to a process, but whether you trust the process you use. Do you trust your development process to generate accurate schedules? Do you trust it to generate high-quality, easily maintainable source code? Do you trust that your process will generate highly usable systems?.

A system for generating reverse engineering tools

Abstract: Most current reverse engineering techniques start with an analysis of the system's source code to derive structural information, based on compiler technology. As a consequence of the maturity of the field, several formal program models exist that have allowed the automatic generation of language processing front-ends. However, the software engineer has to code the data structures that implement the program model and the algorithms that implement the desired analysis. Thus, while the domain of code analysis is well understood, economic convenience very often leads to rigid code analysers that perform a fixed set of analyses and produce standard reports that users can only customise marginally. We have implemented a system for developing code analysers that uses a unique database to store both a no-loss fine-grained intermediate representation and the analysis results. The analysers are automatically generated from a very high-level specification of the desired analyses expressed in a domain-oriented language. We use an algebraic representation, called F(p), as the user-visible intermediate representation. Analysers are specified in a logic-based language, called F(p)-l, which allows the specification of an analysis in the form of a traversal of an algebraic expression, with accesses to, and stores of, the database information that the algebraic expression indexes. A foreign-language interface allows the analysers to be embedded into C programs to facilitate interoperation with other tools.

Program analysis for software engineering: new applications, new requirements, new tools

Abstract: In order to play a bigger role in software engineering tools, static analysis techniques must take into account the specific needs of this application area, in particular in terms of interaction with the user and scalability. This new perspective requires a reexamination of the field of static program analysis both internally and in connection with related areas like theorem proving and debugging.

Model-integrated programming

Abstract: The building of complex, large-scale industrial applications necessitates the integration of models into the problem-solving process. This paper describes a model-integrated program synthesis (MIPS) environment for computer-based system applications. In MIPS, domain-specific, multiple-view models represent the software, its environment and relationships. Generic model interpreters translate the models into the input languages of static and dynamic analysis tools, and application-specific model interpreters synthesize software applications. The components of the system are built in the framework of the layered Multigraph architecture, which separates the generic and domain/application-specific components, and which defines interfaces for expandability.

CodeAdvisor: Rule-Based C++ Defect Detection Using a Static Database

Abstract: C++ is a powerful successor to the C language that has all of C’s features plus a lot more, including constructors, destructors, function overloading, references, inlines, and others. With this added power come more options to manage, more ways to do things right, and inevitably, more ways to go wrong. C++ compilers can find syntactical errors, but they do not find errors involving constructs that are legal yet unlikely to be what the programmer intended. Often, problems of this nature are left to be found during testing or by the end user. Attempts to find these defects at an earlier and less expensive stage of development sometimes take the form of code inspections or walkthroughs. While careful walkthroughs can find some of these errors, formal inspections are time-consuming and so expensive that they are usually only applied to small pieces of the code. Since C++’s introduction in the early 1980s, a large body of experience with the language has accumulated and many works have appeared that describe common pitfalls in the language and how to avoid them. 1-5 While some of these problems can be quite subtle, some of them are also straightforward enough that a program can be created to detect them automatically, 6 as long as that program can be supplied with sufficiently detailed information about the code’s structure. The SoftBench static database (see Article 3), with its semantic information, provides an opportunity to create a tool that can do just that. This article is about such a tool: C++ SoftBench CodeAdvisor. CodeAdvisor: An Automated Rule Checker CodeAdvisor distills its knowledge of what are likely to be coding errors as a set of rules that alert the user to problems such as calling virtual functions from constructors, mixing iostream routines with stdio routines, local variables hiding data members, and so on. Each rule is a set of instructions that queries the static database for the information of interest and then performs the logic to test whether that potential error condition is present. When it detects a rule violation, CodeAdvisor displays the violation’s location (file, line number) in an error browser that lets the user navigate quickly and easily to the problem site and use an editor to correct it. Online help is available to present more explanation of the violation, possible ways to correct the problem, references for further information, and when appropriate, exceptions to the rule. CodeAdvisor detects rule violations by performing static analysis of the code using the SoftBench static database. Static analysis differs from the dynamic or run-time analysis done by debuggers, branch analyzers, and some performance tools in that all of the available code is examined. Dynamic analysis examines only code that is actually executed and cannot find defects in branches that are never taken. Also, dynamic analysis requires that the code be far enough along so that it can be actually executed. Static analysis, on the other hand, can be performed as soon as the code compiles, even if the code cannot yet successfully run. Because it is automated, CodeAdvisor will tirelessly check all the rules it knows against all of the code. This is practical only for relatively small pieces of code during inspections done by hand. Unlike a human code reviewer, CodeAdvisor never gets so tired or bored that it misses a rule violation it’s been programmed to find. While CodeAdvisor cannot replace inspections completely (there will always be problems that cannot be detected automatically), it can be a good complement to traditional code inspections, freeing developers to focus on higher-level problems by weeding out the detectable problems first.

Dynamic Resolution: A Runtime Technique for the Parallelization of Modifications to Directed

Abstract: Static program analysis limits the performance improvements possible from compile-time parallelization. Dynamic parallelization shifts a portion of the analysis from compile-time to runtime, thereby enabling optimizations whose static detection is overly expensive or impossible. Dynamic resolution is a dynamic-parallelization technique for finding loop and nonloop parallelism in imperative, sequential programs that destructively manipulate dynamic directed acyclic graphs (DAGs). Dynamic resolution uses runtime reference counts on heap data, a runtime linearization of threads, and a simple static analysis to dynamically detect potential heap aliases and to correctly coordinate parallel access to shared structures. We describe dynamic resolution in the context of two imperative procedures: DAG rewrite and destructive quicksort. The description is couched in the pointer-safe language ML; with some programmer assertions and custom macros for pointer and memory manipulation, dynamic resolution is applicable to pointer-unsafe languages (C extended with threads) as well. Furthermore, with programmer identification of cyclic structure, dynamic resolution can be used to find parallelism in programs that manipulate cyclic structures. Shared-memory implementations of dynamic resolution for ML and C have attained parallel speedup for nontrivial sequential procedures such as destructive quicksort; empirical speedup results obtained on fast contemporary machines are given.