universitas scientiarum szegediensis university of szeged d epartment of software engineering source...

UNIVERSITAS SCIENTIARUM SZEGEDIENSISUNIVERSITY OF SZEGEDDepartment of Software Engineering

Source code analysis with Columbus

Quality assessment Architecture reconstruction

Árpád BeszédesDepartment of Software Engineering, University of Szeged, Hungary

2008.04.17 Scalable Program Analysis - Dagstuhl Seminar 2

UN

IVER

SIT

Y O

F SZ

EG

ED

Dep

artm

ent o

f Sof

twar

e E

ngin

eeri

ng

UN

IVE

RS

ITA

S S

CIE

NT

IAR

UM

SZ

EG

ED

IEN

SIS

Who we are

One of the leading SE research groups in Hungary■ http://www.inf.u-szeged.hu/sed/

Competences■ Software quality■ Software testing■ Embedded systems■ Networks■ Open Source■ .NET■ Java


UN

IVER

SIT

Y O

F SZ

EG

ED

Dep

artm

ent o

f Sof

twar

e E

ngin

eeri

ng

UN

IVE

RS

ITA

S S

CIE

NT

IAR

UM

SZ

EG

ED

IEN

SIS

Monitor

Source code quality

Test management

Architecture

IT operation performance

Processes(e.g. issue m)

Place of source code analysis

Software maintenance / evolution of large systems


UN

IVER

SIT

Y O

F SZ

EG

ED

Dep

artm

ent o

f Sof

twar

e E

ngin

eeri

ng

UN

IVE

RS

ITA

S S

CIE

NT

IAR

UM

SZ

EG

ED

IEN

SIS

References Telecom, financial, other Analyzed systems (1-30 MLOC)

■ Graphisoft ArchiCAD■ Nuance-Scansoft Recognita■ evoSoft■ Erste Bank■ Nokia S60 platform■ Mozilla Firefox & Thunderbird■ SUN, OpenOffice.org■ Eclipse■ NASA WorldWind■ Etc.


UN

IVER

SIT

Y O

F SZ

EG

ED

Dep

artm

ent o

f Sof

twar

e E

ngin

eeri

ng

UN

IVE

RS

ITA

S S

CIE

NT

IAR

UM

SZ

EG

ED

IEN

SIS

Source code-based QA methodology architecture

Continuous measurement and monitoring is needed!


UN

IVER

SIT

Y O

F SZ

EG

ED

Dep

artm

ent o

f Sof

twar

e E

ngin

eeri

ng

UN

IVE

RS

ITA

S S

CIE

NT

IAR

UM

SZ

EG

ED

IEN

SIS

Quality decrease of sw systems

from: Roger Pressman - Software Engineering Software Engineering: A Practitioner's Approach, McGraw-Hill


UN

IVER

SIT

Y O

F SZ

EG

ED

Dep

artm

ent o

f Sof

twar

e E

ngin

eeri

ng

UN

IVE

RS

ITA

S S

CIE

NT

IAR

UM

SZ

EG

ED

IEN

SIS

Columbus technology

Analysis of large sw systemsIn the scope of regular maintenance

■ C/C++/C#/Java/SQL■ Quality measurements, auditing■ Reverse Engineering, architecture

reconstruction■ One-shot assessment■ Continuous monitoring


UN

IVER

SIT

Y O

F SZ

EG

ED

Dep

artm

ent o

f Sof

twar

e E

ngin

eeri

ng

UN

IVE

RS

ITA

S S

CIE

NT

IAR

UM

SZ

EG

ED

IEN

SIS

Some history

1998-2001: Nokia Research CenterFrontEndART Software Ltd.Further development

■ Industrial projects■ Grants

50-100 man-years


UN

IVER

SIT

Y O

F SZ

EG

ED

Dep

artm

ent o

f Sof

twar

e E

ngin

eeri

ng

UN

IVE

RS

ITA

S S

CIE

NT

IAR

UM

SZ

EG

ED

IEN

SIS

Main components Robust source code parsers Analysis methodologies Representation metamodels designed for maintenance

tasks (language schemas) Programming interfaces (API) Extensions: CFG, call graph, DU, support for dynamic

analysis (testing), etc. Back ends

■ Code measurement■ Reverse engineering

Standalone or SDK integration, command-line, API■ SourceAudit, SourceDoc (previously Columbus/CAN)

Monitoring subsystem: SourceInventory (was Monitor)


UN

IVER

SIT

Y O

F SZ

EG

ED

Dep

artm

ent o

f Sof

twar

e E

ngin

eeri

ng

UN

IVE

RS

ITA

S S

CIE

NT

IAR

UM

SZ

EG

ED

IEN

SIS

Reverse Engineering SourceDoc tool Creation of UML logical views of the analyzed system

■ Class diagrams■ In standard XMI format

– can be loaded e.g. into Rational Rose Automatic generation of HTML documentation

■ Class-level■ Hyperlinked

Design pattern usage detection Detecting architecture-level dependencies

■ “Superlinking”■ Among physical components (e.g. exe, dll)■ E.g. function calls, includes


UN

IVER

SIT

Y O

F SZ

EG

ED

Dep

artm

ent o

f Sof

twar

e E

ngin

eeri

ng

UN

IVE

RS

ITA

S S

CIE

NT

IAR

UM

SZ

EG

ED

IEN

SIS

“Bad smell” detection

SourceAudit toolFinds code fragments that

■ might be problematic■ and error-prone,■ so it needs refactoring■ e.g.: Feature Envy: a function which does not

use its own class, but relies on others


UN

IVER

SIT

Y O

F SZ

EG

ED

Dep

artm

ent o

f Sof

twar

e E

ngin

eeri

ng

UN

IVE

RS

ITA

S S

CIE

NT

IAR

UM

SZ

EG

ED

IEN

SIS

Clone detection

Finds duplicated code fragments (copy/paste, clones)

Clones can cause many hard-to-find bugsThe detection can be scaled

■ from exact match■ to similar code fragments

Uses efficient flat-tree based recognitionLanguage independent


UN

IVER

SIT

Y O

F SZ

EG

ED

Dep

artm

ent o

f Sof

twar

e E

ngin

eeri

ng

UN

IVE

RS

ITA

S S

CIE

NT

IAR

UM

SZ

EG

ED

IEN

SIS

Code checking Checking conformance to coding rules

■ Some of them indicate bugs The rules

■ check the coding style■ extend the warning capabilities of the compiler■ check typical implementation errors■ new rules can be added easily (C++ API)

General good practice rules Company specific rules Integration of other checkers’ results Integration with MS Visual Studio and Eclipse Command-line operation


UN

IVER

SIT

Y O

F SZ

EG

ED

Dep

artm

ent o

f Sof

twar

e E

ngin

eeri

ng

UN

IVE

RS

ITA

S S

CIE

NT

IAR

UM

SZ

EG

ED

IEN

SIS

Code measurement – metrics

All popular metrics for procedural, OO, SQL languages■ CK, size, complexity, coupling, cohesion, OO-ness,

etc.

Interpretation of metrics?■ E.g. different types of cyclomatic complexity

The metrics-based fault predictor model selects C++ classes that are liable to errors1

■ successfully tested on Mozilla

[1] Gyimóthy T, Ferenc R and Siket I. Empirical Validation of Object-Oriented Metrics on Open Source Software for Fault Prediction. IEEE TSE vol.31, no.10, October 2005


UN

IVER

SIT

Y O

F SZ

EG

ED

Dep

artm

ent o

f Sof

twar

e E

ngin

eeri

ng

UN

IVE

RS

ITA

S S

CIE

NT

IAR

UM

SZ

EG

ED

IEN

SIS

Connectivity to other tools ART (RSF) {CPP|J|CS}ML (XML) FAMIX XMI GXL Maisa (Prolog) RSF UML XMI VCG Machine readable CSV Human readable txt


UN

IVER

SIT

Y O

F SZ

EG

ED

Dep

artm

ent o

f Sof

twar

e E

ngin

eeri

ng

UN

IVE

RS

ITA

S S

CIE

NT

IAR

UM

SZ

EG

ED

IEN

SIS

Technical details

Own and commercial front endsAnalysis of complex systems:

■ Compiler wrapping technology

Standard schemas■ OO-style■ C++ API

High-level language independent modelCross-module dependencies:

superlinking


UN

IVER

SIT

Y O

F SZ

EG

ED

Dep

artm

ent o

f Sof

twar

e E

ngin

eeri

ng

UN

IVE

RS

ITA

S S

CIE

NT

IAR

UM

SZ

EG

ED

IEN

SIS

Scalability?

Limited low-level analyses■ Lightweight?■ Problems of other kind

Common high-level modelRelatively easy system integration

Anything else you wanted to know?


UN

IVER

SIT

Y O

F SZ

EG

ED

Dep

artm

ent o

f Sof

twar

e E

ngin

eeri

ng

UN

IVE

RS

ITA

S S

CIE

NT

IAR

UM

SZ

EG

ED

IEN

SIS

Monitoring subsystem SourceInventory The source code of the

system is■ downloaded automatically

by the framework from a configuration management system (e.g. CVS)

■ analyzed, and the results are stored in a database

■ queries can be run and diagrams can be drawn from a web-based interface, which communicates with the database

Monitor

Source code analysisand measurement

SQL database

Source code configurationversioning repository

Web clientWeb client

...


UN

IVER

SIT

Y O

F SZ

EG

ED

Dep

artm

ent o

f Sof

twar

e E

ngin

eeri

ng

UN

IVE

RS

ITA

S S

CIE

NT

IAR

UM

SZ

EG

ED

IEN

SIS

Monitoring subsystem (cont.)

Automatic alerts can be issued when indicators overrun critical thresholds■ metric baselines

Internally: quality assessmentCustomer: continuous measurementPublic databases: Mozilla, maemo,

(OpenOffice, Eclipse)


UN

IVER

SIT

Y O

F SZ

EG

ED

Dep

artm

ent o

f Sof

twar

e E

ngin

eeri

ng

UN

IVE

RS

ITA

S S

CIE

NT

IAR

UM

SZ

EG

ED

IEN

SIS

Screenshots (1)


UN

IVER

SIT

Y O

F SZ

EG

ED

Dep

artm

ent o

f Sof

twar

e E

ngin

eeri

ng

UN

IVE

RS

ITA

S S

CIE

NT

IAR

UM

SZ

EG

ED

IEN

SIS

Screenshots (2)


UN

IVER

SIT

Y O

F SZ

EG

ED

Dep

artm

ent o

f Sof

twar

e E

ngin

eeri

ng

UN

IVE

RS

ITA

S S

CIE

NT

IAR

UM

SZ

EG

ED

IEN

SIS

Screenshots (3)


UN

IVER

SIT

Y O

F SZ

EG

ED

Dep

artm

ent o

f Sof

twar

e E

ngin

eeri

ng

UN

IVE

RS

ITA

S S

CIE

NT

IAR

UM

SZ

EG

ED

IEN

SIS

Screenshots (4)


UN

IVER

SIT

Y O

F SZ

EG

ED

Dep

artm

ent o

f Sof

twar

e E

ngin

eeri

ng

UN

IVE

RS

ITA

S S

CIE

NT

IAR

UM

SZ

EG

ED

IEN

SIS

Screenshots (5)


UN

IVER

SIT

Y O

F SZ

EG

ED

Dep

artm

ent o

f Sof

twar

e E

ngin

eeri

ng

UN

IVE

RS

ITA

S S

CIE

NT

IAR

UM

SZ

EG

ED

IEN

SIS

Screenshots (6)


UN

IVER

SIT

Y O

F SZ

EG

ED

Dep

artm

ent o

f Sof

twar

e E

ngin

eeri

ng

UN

IVE

RS

ITA

S S

CIE

NT

IAR

UM

SZ

EG

ED

IEN

SIS

Screenshots (7)


UN

IVER

SIT

Y O

F SZ

EG

ED

Dep

artm

ent o

f Sof

twar

e E

ngin

eeri

ng

UN

IVE

RS

ITA

S S

CIE

NT

IAR

UM

SZ

EG

ED

IEN

SIS

Screenshots (8)


UN

IVER

SIT

Y O

F SZ

EG

ED

Dep

artm

ent o

f Sof

twar

e E

ngin

eeri

ng

UN

IVE

RS

ITA

S S

CIE

NT

IAR

UM

SZ

EG

ED

IEN

SIS

Screenshots (9)


UN

IVER

SIT

Y O

F SZ

EG

ED

Dep

artm

ent o

f Sof

twar

e E

ngin

eeri

ng

UN

IVE

RS

ITA

S S

CIE

NT

IAR

UM

SZ

EG

ED

IEN

SIS

Nokia R&D projects

History■ 1998 – TED projects: C++ to UML■ 2005 – ART projects: Symbian platform

Architecture reconstruction of Symbian platform■ Identification of “architectural erosion”

Quality measurement of Symbian platform■ Metrics■ Official Symbian coding guidelines (SourceAudit)

Quality measurement of maemo platform


UN

IVER

SIT

Y O

F SZ

EG

ED

Dep

artm

ent o

f Sof

twar

e E

ngin

eeri

ng

UN

IVE

RS

ITA

S S

CIE

NT

IAR

UM

SZ

EG

ED

IEN

SIS

Technology extensions – 1 SourceAudit coding rules (114)

■ general 'good practice' C++ coding rules ■ Symbian OS-specific rules ■ Nokia recommended rules

viability – the code will not work reliability – the code may not work maintainability – the code may be difficult to modify readability – the code may be difficult to understand reusability – the code may be less usable in

conjunction with other code convention – the code will be unconventional


UN

IVER

SIT

Y O

F SZ

EG

ED

Dep

artm

ent o

f Sof

twar

e E

ngin

eeri

ng

UN

IVE

RS

ITA

S S

CIE

NT

IAR

UM

SZ

EG

ED

IEN

SIS

Technology extensions – 2 Architecture cross-component dependencies

■ call: inter-component function calls■ include: the same header file is included by two components ■ resource: the consumer’s serviceClass attribute equals to the

provider’s interface_uid, the consumer’s contentType attribute equals to provider's default data item, and consumer's serviceCmd attribute equals to provider's opaque_data

■ publish & subscribe: if a component sets a property (category and key), and an other subscribes for this property then there is a P&S dependency between the two components

Dependency metrics, e.g. xCallIn, xCallOut, xInclude Visualization


UN

IVER

SIT

Y O

F SZ

EG

ED

Dep

artm

ent o

f Sof

twar

e E

ngin

eeri

ng

UN

IVE

RS

ITA

S S

CIE

NT

IAR

UM

SZ

EG

ED

IEN

SIS

Technology extensions – 3

Build process (Symbian SDK) wrapping■ Hides the original compiler with wrapper programs

(e.g. gcc.exe)

After activating the SDKWrapper the project can be built as usual■ creating abld.bat by ‘bldmake bldfiles’ and■ building the project by ‘abld build …’

Build scripts provided for linking and inter-component dependency computation

Difficulties: compiling resource files, excluding test components

universitas scientiarum szegediensis university of szeged d epartment of software engineering source...

Documents

hungary slide

auditing reverse engineering

mcgrawhill slide

dynamic analysis testing

analyzed systems

javasql quality measurements

api sourceaudit

hungary http