This Article 
   
 Share 
   
 Bibliographic References 
   
 Add to: 
 
Digg
Furl
Spurl
Blink
Simpy
Google
Del.icio.us
Y!MyWeb
 
 Search 
   
Design and Implementation of a Fine-Grained Software Inspection Tool
August 2003 (vol. 29 no. 8)
pp. 721-733

Abstract—Although software inspection has led to improvements in software quality, many software systems continue to be deployed with unacceptable numbers of errors, even when software inspection is part of the development process. The difficulty of manually verifying that the software under inspection conforms to the rules is partly to blame. We describe the design and implementation of a tool designed to help alleviate this problem. The tool provides mechanisms for fine-grained inspection of software by exposing the results of sophisticated whole-program static analysis to the inspector. The tool computes many static-semantic representations of the program, including an accurate call graph and dependence graph. Whole-program pointer analysis is used to make sure that the representation is precise with respect to aliases induced by pointer usage. Views on the dependence graph and related representations are supported. Queries on the dependence graph allow an inspector to answer detailed questions about the semantics of the program. Facilities for openness and extensibility permit the tool to be integrated with many software-development processes. The main challenge of the approach is to provide facilities to navigate and manage the enormous complexity of the dependence graph.

[1] L.O. Andersen, Program Analysis and Specialization for the C Programming Language PhD thesis, DIKU, Univ. of Copenhagen, May 1994.
[2] T. Ball and S.K. Rajamani, Bebop: A Symbolic Model Checker for Boolean Programs Proc. SPIN Workshop, pp. 113-130, 2000.
[3] S. Bates and S. Horwitz, “Incremental Program Testing Using Program Dependence Graphs,” Proc. 20th ACM Symp. Principles of Programming Languages, Jan. 1993.
[4] P. Bishop, R. Bloomfield, S. Guerra, and T. Clement, Software Criticality Analysis of COTS/SOUP Proc. Safecomp 2002, Sept. 2002.
[5] M. Burke and R. Cytron, "Interprocedural Dependence Analysis and Parallelization," Proc. SIGPLAN '86 Symp. Compiler Construction, pp. 162-175,Palo Alto, Calif., June 1986.
[6] Bell Canada,www.cs.umd.edu/~fshull/pubshttp://www.iro.umontreal.ca/ labs/gelodatrix, 2001.
[7] E.M. Clarke, M. Fujita, P.S. Rajan, T. Reps, S. Shankar, and T. Teitelbaum, Program Slicing of Hardware Description Languages Proc. Conf. Correct Hardware Design and Verification Methods (CHARME '99), Sept. 1999.
[8] E.M. Clarke, O. Grumberg, and D.A. Peled, Model Checking. MIT Press, 1999.
[9] K. Cooper and K. Kennedy, "Interprocedural Side-Effect Analysis in Linear Time," Proc. SIGPLAN '88 Conf. Programming Language Design and Implementation,Atlanta, Ga., June 1988.
[10] J.R. Cordy, C.D. Halpern, and E. Promislow, TXL: A Rapid Prototyping System for Programming Language Dialects Computer Languages, vol. 16, no. 1, pp. 97-107, Jan. 1991.
[11] D.E. Denning and P.J. Denning, Certification of Programs for Secure Information Flow Comm. ACM, vol. 20, no. 7, pp. 504-513, July 1977.
[12] J. Drake, V. Mashayekhi, J. Riedl, and W. Tsai, A Distributed Collaborative Software Inspection Tool: Design, Prototype, and Early Trial Technical Report TR-91-30, Univ. of Minnesota, Aug. 1991.
[13] A. Dunsmore, Comprehension and Visualisation of Object-Oriented Code for Inspections Technical Report EFoCS-33-98, Computer Science Dept., Univ. of Strathclyde, 1998.
[14] D. Engler, B. Chelf, A. Chou, and S. Hallem, Checking System Rules Using System-Specific, Programmer-Written Compiler Extensions Proc. Fourth Symp. Operating Systems Design and Implementation, pp. 1-16, Oct. 2000.
[15] J. Esparza, D. Hansel, P. Rossmanith, and S. Schwoon, Efficient Algorithms for Model Checking Pushdown Systems Computer Aided Verification, pp. 232-247, 2000.
[16] M. Fagan, Design and Code Inspections to Reduce Errors in Program Development IBM Systems J., vol. 15, no. 3, pp. 182-211, 1976.
[17] J. Ferrante,K.J. Ottenstein,, and J.D. Warren,“The program dependence graph and its use in optimization,” ACM Trans. Programming Languages and Systems, vol. 9, no. 3, pp. 319-349, June 1987.
[18] P. Finnigan, R. Holt, I. Kalas, S. Kerr, K. Kontogiannis, H. Mueller, J. Mylopoulos, S. Perelgut, M. Stanley, and K. Wong, The Software Bookshelf IBM Systems J., vol. 36, no. 4, pp. 564-593, Nov. 1997.
[19] S. Hallem, B. Chelf, Y. Xie, and D. Engler, A System and Language for Building System-Specific, Static Analyses Proc. SIGPLAN Conf. Progamming Language Design and Implementation, pp. 69-82, 2002.
[20] S. Horwitz and T. Reps, The Use of Program Dependence Graphs in Software Engineering Proc. 14th Int'l Conf. Software Eng., pp. 392-411, May 1992.
[21] S. Horwitz, T. Reps, and D. Binkley, “Interprocedural Slicing Using Dependence Graphs,” ACM Trans. Programming Languages and Systems. vol. 12, no. 1, pp. 26-60, Jan. 1990.
[22] S. Horwitz, T. Reps, and M. Sagiv, Demand Interprocedural Dataflow Analysis Proc. Third ACM SIGSOFT Symp. the Foundations of Software Eng., pp. 104-115, Oct. 1995.
[23] S. Horwitz, T. Reps, M. Sagiv, and G. Rosay, Speeding Up Slicing Proc. Third ACM SIGSOFT Symp. the Foundations of Software Eng., pp. 11-20, Dec. 1994.
[24] D. Jackson and E.J. Rollins, A New Model of Program Dependences for Reverse Engineering SIGSOFT 94: Proc. Second ACM SIGSOFT Symp. the Foundations of Software Eng., Dec. 1994.
[25] M.H. Kang, I.S. Moskowitz, and D.C. Lee, A Network Pump technical report, Naval Research Lab., 1997, available athttp://www.itd.nrl.navy.mil/ITD/5540/publications/ CHACS/19971997kang-ACSAC97.ps .
[26] W. Landi, B. Ryder, P. Stocks, S. Zhang, and R. Altucher, A Schema for Interprocedural Modification Side-Effect Analysis with Pointer Aliasing Technical Report DCS-TR-336, Rutgers Univ., May 1998.
[27] J.R. Lyle and M. Weiser, Automatic Bug Location by Program Slicing Proc. Second Int'l Conf. Computers and Applications, pp. 877-883, June 1987.
[28] F. Macdonald, Computer-Supported Software Inspection PhD thesis, Dept. Computer Science, Univ. of Strathclyde, 1998.
[29] F. Macdonald, J. Miller, A. Brooks, M. Roper, and M. Wood, A Review of Tool Support for Software Inspection Proc. Seventh Int'l Workshop Computer-Aided Software Eng. (CASE-95), July 1995.
[30] L. Millett and T. Teitelbaum, Slicing Promela and Its Applications to Model Checking, Simulation, and Protocol Understanding Proc. SPIN Workshop, 1998.
[31] MKS, MKS Home Page,http:/www.mks.com, 2001.
[32] NASA, Software Formal Inspection Process Standard NASA-STD-2202-93, 1993.
[33] Reasoning, Inc.,http:/www.reasoning.com, 2001.
[34] Red Hat Software, The Source-Navigator IDE http://sources. redhat.comsourcenav/, 2001.
[35] T. Reps, Program Analysis Via Graph Reachability Information and Software Technology, vol. 40, nos. 11-12, pp. 701-726, Nov. 1998.
[36] T. Reps and G. Rosay, Precise Interprocedural Chopping SIGSOFT 95: Proc. Third ACM SIGSOFT Symp. the Foundations of Software Eng., Oct. 1995.
[37] Scientific Toolworks, Inc., Understand http://www.scitools. comcpp.html, 2001.
[38] Semantic Designs, Inc. The DMS Toolkit http://www. semdesigns.com/Products/DMSDMSToolkit.html , 2001.
[39] V. Sembugamoorthy and L. Brothers, ICICLE: Intelligent Code Inspection in a C Language Environment Proc. 14th Ann. Computer Software and Applications Conf., pp. 146-154, Oct. 1990.
[40] S. Sinha, M.J. Harrold, and G. Rothermel, System-Dependence-Graph-Based Slicing of Programs with Arbitrary Interprocedural Control Flow Proc. Int'l Conf. Software Eng., pp. 432-441, 1999.
[41] Upspring Software, CodeRover Browser for C/C++ http://www.upspringsoftware.com/products/ coderoverbrowser_ cpp.html, 2001.
[42] M. Weiser, Program Slicing IEEE Trans. Software Eng., vol. 10, no. 4, pp. 352-357, July 1984.
[43] N. Wilde and R. Huitt, A Reusable Toolset for Software Dependence Analysis J. Systems and Software, vol. 14, pp. 97-102, 1991.
[44] M. Yannakakis, Graph-Theoretic Methods in Database Theory Proc. Symp. Principles of Database Systems, pp. 230-242, 1990.

Index Terms:
Software inspection, dependence graphs, program understanding, slicing, chopping, software model checking.
Citation:
Paul Anderson, Thomas Reps, Tim Teitelbaum, "Design and Implementation of a Fine-Grained Software Inspection Tool," IEEE Transactions on Software Engineering, vol. 29, no. 8, pp. 721-733, Aug. 2003, doi:10.1109/TSE.2003.1223646
Usage of this product signifies your acceptance of the Terms of Use.