Exposure of Patterns in Parallel Memory Acces

Lundgren, Björn, Ödlund, Anders

January 2007

<p>The concept and advantages of a Parallel Memory Architecture (PMA) in computer systems have been known for long but it’s only in recent time it has become interesting to implement modular parallel memories even in handheld embedded systems. This thesis presents a method to analyse source code to expose possible parallel memory accesses. Memory access Patterns may be found, categorized and the corresponding code marked for optimization. As a result a PMA compatible with found pattern(s) and code optimization may be specified.</p>

ASIP

Parallel Memory

Memory Access Pattern

Static Code Analysis

Computer engineering

Datorteknik

Programinio kodo statinės analizės taisyklių kūrimas ir tyrimas / Design And Analysis Of Custom Static Code Analysis Rules

Gečiauskas, Ramūnas

25 August 2010

Šiame dokumente aprašytas darbas susideda iš trijų dalių. Pirmoje dalyje atlikome inžinerinę programinio kodo valdymo sistemos „SourceHQ“ analizę ir projektavimą. Palyginome rinkoje esančius analogus, jų privalumus ir trūkumus. Glaustai pateikėme architektūrą ir aprašėme pasirinktus realizavimo sprendimus. Dokumento antroje dalyje ištyrėme jau egzistuojančias statinės kodo analizė taisykles ir pasiūlėme jas išplėsti naujomis. Aprašėme analizei naudojamus įrankius, jų veikimo principus ir pateikiamus rezultatus. Paskutinėje darbo dalyje ištyrėme ir eksperimentiškai išbandėme naujai realizuotas mūsų pasiūlytas taisykles. Palyginome testų rezultatus programų veikimo našumo charakteristikos aspektais. Įrodėme mūsų programinio kodo statinės analizės taisyklės privalumus. / This final master’s thesis consists of three major parts. The first section covers engineering aspects of source code management system called “SourceHQ” that we developed, including its analysis and design details. We will provide key details and basis of chosen technologies, business analysis, and design decisions as well as discuss system functionality and its future prospects. The second part is dedicated to testing and ensuring system quality, which led us to design and develop custom static source code analysis rules. We will formulate and explain their potential use and benefits. We will describe additional tools and methods being used and provide main results of static source code analysis. In the final part of our work we go deeper into static source code analysis. We perform experiments based on our designed and developed custom rules on various .NET Framework applications and systems. We cover major performance benefits and drawbacks of every rule separately and display how this approach lets developers optimize their source code in an early development stage. We provide research data based on extensive experiments and conclude how using FxCop tool provided with our improved custom code analysis rules can automatically discover and suggest improvements in CIL code.

Informatics

FxCop

SourceHQ

.NET

Statinė kodo analizė

Taisyklių kūrimas

FxCop

SourceHQ

.NET

Static Code Analysis

Rules

Test-case-based call graph construction in dynamically typed programming languages

Pereira, Gabriel Maier Fernandes Vidueiro

January 2015

Evolução de software é uma das atividades mais desafiadoras do processo de desenvolvimento de software. Uma importante questão associada à essa atividade é a correta compreensão do código fonte e outros artefatos que necessitam ser mantidos e evoluídos. Visando auxiliar desenvolvedores na manutenção de código, Integrated Development Environments (IDE’s) proporcionam ferramentas que informam desenvolvedores sobre as dependências e as particularidades do código a ser modificado. No entanto, linguagens dinamicamente tipadas não definem tipos explicitamente no código fonte, o que dificulta a análise estática do código e consequentemente a contrução dessas ferramentas. Como exemplo, a construção de call graphs (grafos de chamadas), utilizados pelas IDE’s para criar ferramentas de navegação de código, é prejudicada pela ausência da definição de tipos. Para abordar o problema da criação de call graphs para linguagens dinamicamente tipadas, propomos uma técnica dividida em passos para a construção de um call graph baseado em informações extraídas da execução de testes. A técnica é dividida em 3 passos, o Passo #1 cria um call graph conservativo e estático que resolve chamadas de métodos baseado apenas em nomes dos métodos, ainda no primeiro passo, testes são executados e seu traço de execução é armazenado para posterior análise. O Passo #2 combina a informação armazenada da execução dos testes e o call graph construído no primeiro passo, o Passo #2 também é responsável pela criação de um conjunto de regras de associação que servirão para guiar desenvolvedores durante a criação de novas partes do código. Nossa avaliação em uma aplicação real de porte grande mostrou que a técnica melhora a precisão do call graph criado removendo arestas desnecessárias (70%), e mostrou-se apta a auxiliar desenvolvedores definindo pontos de navegação no código baseada na análise de regras de associação extraídas do test-case-based call graph. / Evolving enterprise software systems is one of the most challenging activities of the software development process. An important issue associated with this activity is to properly comprehend the source code and other software assets that must be evolved. To assist developers on these evolution tasks, Integrated Development Environments (IDEs) build tools that provides information about the source code and its dependencies. However, dynamically typed languages do not define types explicitly in the source code, which difficult source code analysis and therefore the construction of these tools. As an example, the call graph construction, used by IDE’s to build source code navigation tools, is hampered by the absence of type definition. To address the problem of constructing call graphs for dynamic languages, we propose a technique based on steps to build a call graph based on test runtime information, called test-case-based call graph. The technique is divided in three steps; Step #1 creates a conservative and static call graph that decides target nodes based on method names, and the first step also run tests profiling its execution; Step #2 combines the test runtime information and the conservative call graph built in the first step to create the test-case-based call graph, it also creates a set of association rules to guide developers in the maintenance while creating new pieces of code; Finally, Step #3 uses the test-case-based call graph and the association rules to assist developers in source code navigation tasks. Our evaluation on a large-size real-world software shows that the technique increases call graph precision removing several unnecessary conservative edges ( %70), and assist developers filtering target nodes of method calls based on association rules extracted from the call graph.

Grafos

Linguagens : Programacao

Dynamic languages

Source code analysis

Call graphs

Ruby

Test-case-based call graph construction in dynamically typed programming languages

Pereira, Gabriel Maier Fernandes Vidueiro

January 2015

Evolução de software é uma das atividades mais desafiadoras do processo de desenvolvimento de software. Uma importante questão associada à essa atividade é a correta compreensão do código fonte e outros artefatos que necessitam ser mantidos e evoluídos. Visando auxiliar desenvolvedores na manutenção de código, Integrated Development Environments (IDE’s) proporcionam ferramentas que informam desenvolvedores sobre as dependências e as particularidades do código a ser modificado. No entanto, linguagens dinamicamente tipadas não definem tipos explicitamente no código fonte, o que dificulta a análise estática do código e consequentemente a contrução dessas ferramentas. Como exemplo, a construção de call graphs (grafos de chamadas), utilizados pelas IDE’s para criar ferramentas de navegação de código, é prejudicada pela ausência da definição de tipos. Para abordar o problema da criação de call graphs para linguagens dinamicamente tipadas, propomos uma técnica dividida em passos para a construção de um call graph baseado em informações extraídas da execução de testes. A técnica é dividida em 3 passos, o Passo #1 cria um call graph conservativo e estático que resolve chamadas de métodos baseado apenas em nomes dos métodos, ainda no primeiro passo, testes são executados e seu traço de execução é armazenado para posterior análise. O Passo #2 combina a informação armazenada da execução dos testes e o call graph construído no primeiro passo, o Passo #2 também é responsável pela criação de um conjunto de regras de associação que servirão para guiar desenvolvedores durante a criação de novas partes do código. Nossa avaliação em uma aplicação real de porte grande mostrou que a técnica melhora a precisão do call graph criado removendo arestas desnecessárias (70%), e mostrou-se apta a auxiliar desenvolvedores definindo pontos de navegação no código baseada na análise de regras de associação extraídas do test-case-based call graph. / Evolving enterprise software systems is one of the most challenging activities of the software development process. An important issue associated with this activity is to properly comprehend the source code and other software assets that must be evolved. To assist developers on these evolution tasks, Integrated Development Environments (IDEs) build tools that provides information about the source code and its dependencies. However, dynamically typed languages do not define types explicitly in the source code, which difficult source code analysis and therefore the construction of these tools. As an example, the call graph construction, used by IDE’s to build source code navigation tools, is hampered by the absence of type definition. To address the problem of constructing call graphs for dynamic languages, we propose a technique based on steps to build a call graph based on test runtime information, called test-case-based call graph. The technique is divided in three steps; Step #1 creates a conservative and static call graph that decides target nodes based on method names, and the first step also run tests profiling its execution; Step #2 combines the test runtime information and the conservative call graph built in the first step to create the test-case-based call graph, it also creates a set of association rules to guide developers in the maintenance while creating new pieces of code; Finally, Step #3 uses the test-case-based call graph and the association rules to assist developers in source code navigation tasks. Our evaluation on a large-size real-world software shows that the technique increases call graph precision removing several unnecessary conservative edges ( %70), and assist developers filtering target nodes of method calls based on association rules extracted from the call graph.

Grafos

Linguagens : Programacao

Dynamic languages

Source code analysis

Call graphs

Ruby

Validation of Machine Learning and Visualization based Static Code Analysis Technique / Validering av Machine Learning and Visualization bygger statisk kod analysteknik

Mahmood, Waqas, Akhtar, Muhammad Faheem

January 2009

Software security has always been an afterthought in software development which results into insecure software. Companies rely on penetration testing for detecting security vulnerabilities in their software. However, incorporating security at early stage of development reduces cost and overhead. Static code analysis can be applied at implementation phase of software development life cycle. Applying machine learning and visualization for static code analysis is a novel idea. Technique can learn patterns by normalized compression distance NCD and classify source code into correct or faulty usage on the basis of training instances. Visualization also helps to classify code fragments according to their associated colors. A prototype was developed to implement this technique called Code Distance Visualizer CDV. In order test the efficiency of this technique empirical validation is required. In this research we conduct series of experiments to test its efficiency. We use real life open source software as our test subjects. We also collected bugs from their corresponding bug reporting repositories as well as faulty and correct version of source code. We train CDV by marking correct and faulty version of code fragments. On the basis of these trainings CDV classifies other code fragments as correct or faulty. We measured its fault detection ratio, false negative and false positive ratio. The outcome shows that this technique is efficient in defect detection and has low number of false alarms. / Software trygghet har alltid varit en i efterhand inom mjukvaruutveckling som leder till osäker mjukvara. Företagen är beroende av penetrationstester för att upptäcka säkerhetsproblem i deras programvara. Att införliva säkerheten vid tidigt utvecklingsskede minskar kostnaderna och overhead. Statisk kod analys kan tillämpas vid genomförandet av mjukvaruutveckling livscykel. Tillämpa maskininlärning och visualisering för statisk kod är en ny idé. Teknik kan lära mönster av normaliserade kompressionständning avstånd NCD och klassificera källkoden till rätta eller felaktig användning på grundval av utbildning fall. Visualisering bidrar också till att klassificera code fragment utifrån deras associerade färger. En prototyp har utvecklats för att genomföra denna teknik som kallas Code Avstånd VISUALISERARE CDV. För att testa effektiviteten hos denna teknik empirisk validering krävs. I denna forskning vi bedriver serie experiment för att testa dess effektivitet. Vi använder verkliga livet öppen källkod som vår test ämnen. Vi har också samlats in fel från deras motsvarande felrapportering förråd samt fel och rätt version av källkoden. Vi utbildar CDV genom att markera rätt och fel version av koden fragment. På grundval av dessa träningar CDV klassificerar andra nummer fragment som korrekta eller felaktiga. Vi mätt sina fel upptäckt förhållandet falska negativa och falska positiva förhållandet. Resultatet visar att den här tekniken är effektiv i fel upptäckt och har låga antalet falsklarm. / waqasmah@gmail.com +46762316108

Static code analysis

NCD classification

security vulnerabilities

early defect detection

software validation

Computer Sciences

Datavetenskap (datalogi)

DefectoFix : An interactive defect fix logging tool.

Hameed, Muhammad Muzaffar, Haq, Muhammad Zeeshan ul

January 2008

Despite the large efforts made during the development phase to produce fault free system, most of the software implementations still require the testing of entire system. The main problem in the software testing is the automation that could verify the system without manual intervention. Recent work in software testing is related to the automated fault injection by using fault models from repository. This requires a lot of efforts, which adds to the complexity of the system. To solve this issue, this thesis suggests DefectoFix framework. DefectoFix is an interactive defect fix logging tools that contains five components namely Version Control Sysem (VCS), source code files, differencing algorithm, Defect Fix Model (DFM) creation and additional information (project name, class name, file name, revision number, diff model). The proposed differencing algorithm extracts detailed information by detecting differences in source code files. This algorithm performs comparison at sub-tree levels of source code files. The extracted differences with additional information are stored as DFM in repository. DFM(s) can later be used for the automated fault injection process. The validation of DefectoFix framework is performed by a tool developed using Ruby programming language. Our case study confirms that the proposed framework generates a correct DFM and is useful in automated fault injection and software validation activities.

Software validation

static source code analysis

defect fix logging

automated fault injection

Software Engineering

Programvaruteknik

Exposure of Patterns in Parallel Memory Acces

Lundgren, Björn, Ödlund, Anders

January 2007

The concept and advantages of a Parallel Memory Architecture (PMA) in computer systems have been known for long but it’s only in recent time it has become interesting to implement modular parallel memories even in handheld embedded systems. This thesis presents a method to analyse source code to expose possible parallel memory accesses. Memory access Patterns may be found, categorized and the corresponding code marked for optimization. As a result a PMA compatible with found pattern(s) and code optimization may be specified.

ASIP

Parallel Memory

Memory Access Pattern

Static Code Analysis

Computer Engineering

Datorteknik

Intelligent Code Inspection using Static Code Features : An approach for Java

Moriggl, Irene

January 2010

Effective defect detection is still a hot issue when it comes to software quality assurance. Static source code analysis plays thereby an important role, since it offers the possibility for automated defect detection in early stages of the development. As detecting defects can be seen as a classification problem, machine learning is recently investigated to be used for this purpose. This study presents a new model for automated defect detection by means of machine learn- ers based on static Java code features. The model comprises the extraction of necessary features as well as the application of suitable classifiers to them. It is realized by a prototype for the feature extraction and a study on the prototype’s output in order to identify the most suitable classifiers. Finally, the overall approach is evaluated in a using an open source project. The suitability study and the evaluation show, that several classifiers are suitable for the model and that the Rotation Forest, Multilayer Perceptron and the JRip classifier make the approach most effective. They detect defects with an accuracy higher than 96%. Although the approach comprises only a prototype, it shows the potential to become an effective alternative to nowa- days defect detection methods.

Java

Static Source Code Analysis

Machine Learning

Automated Defect Detection

Software Engineering

Programvaruteknik

Static Code Features for a Machine Learning based Inspection : An approach for C

Tribus, Hannes

January 2010

Delivering fault free code is the clear goal of each devel- oper, however the best method to achieve this aim is still an open question. Despite that several approaches have been proposed in literature there exists no overall best way. One possible solution proposed recently is to combine static source code analysis with the discipline of machine learn- ing. An approach in this direction has been defined within this work, implemented as a prototype and validated subse- quently. It shows a possible translation of a piece of source code into a machine learning algorithm’s input and further- more its suitability for the task of fault detection. In the context of the present work two prototypes have been de- veloped to show the feasibility of the presented idea. The output they generated on open source projects has been collected and used to train and rank various machine learn- ing classifiers in terms of accuracy, false positive and false negative rates. The best among them have subsequently been validated again on an open source project. Out of the first study at least 6 classifiers including “MultiLayerPer- ceptron”, “Ibk” and “ADABoost” on a “BFTree” could convince. All except the latter, which failed completely, could be validated in the second study. Despite that the it is only a prototype, it shows the suitability of some machine learning algorithms for static source code analysis.

static source code analysis

machine learning

feature selection

fault detection

Software Engineering

Programvaruteknik

Design and Implementation of a Source Code Profiling Toolset for Embedded System Analysis

Qin, An

January 2010

The market needs for embedded or mobile devices were exploding in the last few years. Customers demand for devices that not only have high capacity of managing various complex jobs, but also can do it fast. Manufacturers therefore, are looking for a new field of processors that fits the special needs of embedded market, for example low power consumption, highly integrated with most components, but also provides the ability to handle different use cases. The traditional ASICs satisfied the market with great performance-per-watt but limited scalability. ASIP processors on the other hand, impact the new market with the ability of high-speed optimized general computing while energy efficiency is only slightly lower than ASICs. One essential problem in ASIP design is how to find the algorithms that can be accelerated. Hardware engineers used to optimize the instruction set manually. But with the toolset introduced in this thesis, design automation can be made by program profiling and the development cycle can be trimmed therefore reducing the cost. Profiling is the process of exposing critical parts of a certain program via static code analysis or dynamic performance analysis. This thesis introduced a code profiler that targeted at discovering repetition section of a program through static and dynamic analysis. The profiler also measures the payload of each loop and provides profiling report with a user friendly GUI client.

profiling

profiler

ASIP

static code analysis

probe

Java

Computer Engineering

Datorteknik