Source Code Analysis Research Articles

A probabilistic approach to some asymptotics in noiseless communication

Renewal theory is a powerful tool in the analysis of source codes. We use renewal theory to obtain some asymptotic properties of finite-state noiseless channels. We discuss the relationship between these results and earlier uses of renewal theory to analyze the Lempel-Ziv (1977, 1978) codes and the Tunstall (1967) code. As a new application of our results, we provide the asymptotic performance of two of the Perl, Garey and Even (1975) prefix condition codes.

Tools for OpenMP application development: the POST project

OpenMP was recently proposed by a group of vendors as a programming model for shared memory parallel architectures. The growing popularity of such systems, and the rapid availability of product-strength compilers for OpenMP, seem to guarantee a broad take-up of this paradigm if appropriate tools for application development can be provided. POST is an EU-funded project that is developing a product, based on FORESYS from Simulog, which aims to reduce the human effort involved in the creation of OpenMP code. Additional research within the project focuses on alternative techniques to support OpenMP application development that target a broad variety of users. Functionality ranges from fully automatic strategies for novice users, the provision of parallelization hints, and step-by-step strategies for porting code, to a range of transformations and source code analyses that may be used by experts, including the ability to create application-specific transformations. The work is accompanied by the development of OpenMP versions of several industrial applications. Copyright © 2000 John Wiley & Sons, Ltd.

Variable‐precision reaching definitions analysis

Ascertaining the reaching definitions from the source code can give views of the linkages in that source code. These views can aid source code analyses, such as impact analysis and program slicing, and can assist in the reverse engineering and re-engineering of large legacy systems. Maintainers like to do such activities interactively and value fast responses from program analysis tools. Therefore the control of the trade-off between accuracy and efficiency should be given to the maintainer. Since some real world programs, especially in languages like C, make much use of pointers, and efficient points-to analysis should be integrated within the computation of the data dependencies during the process of ascertaining the reaching definitions. This paper proposes three different approaches to the analysis of the reaching definitions based on different levels of precision, reflecting differences in their sensitivity to the calling context and the control flow. The least precise approach produces an overestimate by an average of 41% of data dependencies compared to the approach with the highest degree of precision. The result for the least precise approach is conservative because all detectable data dependencies are included, and is far faster than the more precise approaches. Runs on a test suite show an almost 2000 to 1 reduction in execution time by the least precise approach compared with the most precise approach. The intermediate approach is more than 30 times faster than the most precise approach, and much more precise than the least precise one (an average of 2% extra dependencies compared to the most precise approach). Therefore, while on medium size systems the intermediate approach could be a good compromise, on large systems the least precise approach becomes extremely valuable, being the only one feasible. Copyright © 1999 John Wiley & Sons, Ltd.

Variable-precision reaching definitions analysis

Ascertaining the reaching definitions from the source code can give views of the linkages in that source code. These views can aid source code analyses, such as impact analysis and program slicing, and can assist in the reverse engineering and re-engineering of large legacy systems. Maintainers like to do such activities interactively and value fast responses from program analysis tools. Therefore the control of the trade-off between accuracy and efficiency should be given to the maintainer. Since some real world programs, especially in languages like C, make much use of pointers, and efficient points-to analysis should be integrated within the computation of the data dependencies during the process of ascertaining the reaching definitions. This paper proposes three different approaches to the analysis of the reaching definitions based on different levels of precision, reflecting differences in their sensitivity to the calling context and the control flow. The least precise approach produces an overestimate by an average of 41% of data dependencies compared to the approach with the highest degree of precision. The result for the least precise approach is conservative because all detectable data dependencies are included, and is far faster than the more precise approaches. Runs on a test suite show an almost 2000 to 1 reduction in execution time by the least precise approach compared with the most precise approach. The intermediate approach is more than 30 times faster than the most precise approach, and much more precise than the least precise one (an average of 2% extra dependencies compared to the most precise approach). Therefore, while on medium size systems the intermediate approach could be a good compromise, on large systems the least precise approach becomes extremely valuable, being the only one feasible. Copyright © 1999 John Wiley & Sons, Ltd.

Recovering software architecture from multiple source code analyses

We describe the experiences we have had in using ManSART - a software architecture recovery tool that we developed and are employing in the analysis of large scale legacy software systems. ManSART uses a battery of standard data flow, control flow, and program slicing capabilities to automatically recover architectural features from source code. This source code analysis is enabled by representations called analysis. Analysis modules describe the interfaces of each component in a multiple component system. ManSART uses these modules to focus source code analysis and to store the results.

Addressing the shortcomings of traditional formal reasoning methods for concurrent programs: New tools and techniques for source code correctness

Using an informal but realistic model, this paper argues that human programmers reason about their source code on multiple abstraction levels. Distinguishing features of these levels are given. Traditional reasoning methods that use code annotation are analyzed and shown to be inadequate for certain such levels. A new design architecture that explicitly captures the multi-level paradigm is presented along with a prototype implementation. The prototype demonstrates support for fine-grained, highly interactive analysis of source code without requiring formal-methods expertise from the user.

An extensible system for source code analysis

Constructing code analyzers may be costly and error prone if inadequate technologies and tools are used. If they are written in a conventional programming language, for instance, several thousand lines of code may be required even for relatively simple analyses. One way of facilitating the development of code analyzers is to define a very high-level domain-oriented language and implement an application generator that creates the analyzers from the specification of the analyses they are intended to perform. This paper presents a system for developing code analyzers that uses a database to store both a no-loss fine-grained intermediate representation and the results of the analyses. The system uses an algebraic representation, called F(p), as the user-visible intermediate representation. Analyzers are specified in a declarative language, called F(p)-l, which enables an analysis to be specified in the form of a traversal of an algebraic expression, with access to, and storage of, the database information the algebraic expression indices. A foreign language interface allows the analyzers to be embedded in C programs. This is useful for implementing the user interface of an analyzer, for example, or to facilitate interoperation of the generated analyzers with pre-existing tools. The paper evaluates the strengths and limitations of the proposed system, and compares it to other related approaches.

On the use of regular expressions for searching text

The use of regular expressions for text search is widely known and well understood. It is then surprising that the standard techniques and tools prove to be of limited use for searching structured text formatted with SGML or similar markup languages. Our experience with structured text search has caused us to reexamine the current practice. The generally accepted rule of “leftmost longest match” is an unfortunate choice and is at the root of the difficulties. We instead propose a rule which is semantically cleaner. This rule is generally applicable to a variety of text search applications, including source code analysis, and has interesting properties in its own right. We have written a publicly available search tool implementing the theory in the article, which has proved valuable in a variety of circumstances.

Metrika kvaliteta softvera korišćena kod jednog telekomunikacionog terminala

This paper deals with software quality metric used during development of a new now-voice message terminal. Metrics analysis of the terminal source code was performed using MacCale's cyclomatic complexity. The cyclomatic complexity has been correlated to the number of expected errors in a software module.

A Block-Based Mode Selection Model for SIMD/SPMD Parallel Environments

One of the challenges for parallel compilers and compiler-related tools is, given a machine-independent parallel language, to generate executable code for a variety of computational models, and to identify those specific parallel modes for which a program is well-suited. One portion of this problem, developing a method for estimating the relative execution time of a data-parallel algorithm in an environment capable of the SIMD and SPMD (MIMD) modes of parallelism, is presented. Given a data-parallel program in a language whose syntax is mode-independent and empirical information about instruction execution time characteristics, the goal is to use static source-code analysis to determine an implementation that results in an optimal execution time for a mixed-mode machine capable of SIMD and SPMD parallelism. Statistical information about individual operation execution times and paths of execution through a parallel program is assumed. A secondary goal of this study is to indicate language, algorithm, and machine characteristics that must be researched to learn how to provide the information needed to obtain an optimal assignment of parallel modes to program segments.

Protection against trojan horses by source code analysis

The technology of security in computer networks has far-reaching implications. In this paper, assuming a UNIX network system, which is the most popular currently, we enumerate the threats against security and classify the problems. Among the problems so defined, we consider particularly the Trojan horse problem, which is important when a program is received from the outside; and we propose a method of protection against Trojan horses. In the proposed protection method, objects which have been modified by the source program are extracted and are compared with a previously prepared list (the condition list) of objects which should not have been modified. In this method, verification of the security of the program needs to be done only at the time of its installation, so there is no loss in efficiency of performance at run time. Also, we can prevent security violations which cannot be regulated by controlling access and flow. In the proposed method, the major problem is determining the extent to which altered objects can be detected. In this regard, we perform soine experiments on the free software X11R4 and TeX. Finally, based on the results of the experiments, we evaluate the proposed protection method on the security of programs imported from the outside.

Performance Attributes for Code and Workload Analysis On Cray X-Mp and Y-Mp Systems

A Performance Analysis Tools (PAT) report implement ing hpm and perftrace software, installed under UNICOS on CRAY X-MP and Y-MP systems, was de signed at the Ohio Supercomputer Center. The report presents a concise summary of code performance characteristics using 28 performance attributes grouped into four categories: operations and instruc tions, scalar to vector load balance, memory utilization, and input/output utilization. Demonstrated applications of this performance metric include code performance analysis in a case study, workload analysis for a 24- code sample, and performance comparison of CRAY X-MP and Y-MP processors. The analysis of the case study shows that a precise performance assessment was possible using this metric without the necessity of source code analysis. Measurements with the 24-code sample established realistic performance ranges in the metric and were also used to compare performance of CRAY X-MP and Y-MP models. Although the clock pe riod on the Y-MP was reduced by 29% relative to the X-MP, increases of 52% were observed in instruction fetch rates and vector MFLOPS, with a corresponding rise of 39% in computational intensity.

An Empirical Study of Software Metrics

Software metrics are computed for the purpose of evaluating certain characteristics of the software developed. A Fortran static source code analyzer, FORTRANAL, was developed to study 31 metrics, including a new hybrid metric introduced in this paper, and applied to a database of 255 programs, all of which were student assignments. Comparisons among these metrics are performed. Their cross-correlation confirms the internal consistency of some of these metrics which belong to the same class. To remedy the incompleteness of most of these metrics, the proposed metric incorporates context sensitivity to structural attributes extracted from a flow graph. It is also concluded that many volume metrics have similar performance while some control metrics surprisingly correlate well with typical volume metrics in the test samples used. A flexible class of hybrid metric can incorporate both volume and control attributes in assessing software complexity.

Methods for interfacing analysis software to optimization software

Three methods are presented for interfacing analysis software to optimization software to create design software. These methods are referred to as the “conventional interface”, the “pro-gramming-free interface”, and the “generalized interface”. The latter two methods introduce new ideas which are attractive from the user's standpoint. The programming-free interface simplifies the interface process by eliminating the necessity for tlie user to modify the analysis source code. The generalized interface allows one to create a general-purpose design package from a general-purpose analysis package. Support for the methods has been implemented in a software package named OPTDES.BYU. Use of the methods with this package is illustrated with a simple example.

A parallel approach to code generation for Fortran like compilers

It has been shown by Lincoln and others that vector operations can be used to perform lexical analysis of FORTRAN source code. This paper presents techniques for code generation using parallel programming methods developed on the CDC STAR-100. Methods are presented for handling arithmetic assignment statements, DO loops, IF statements, and parenthetical expressions. A CO-NO table syntactical analysis is performed using the numeric vector from lexical analysis to produce output code for arithmetic expressions. Code for DO loops and IF statements is then merged into the object code vector.