Method and apparatus for software simulation

US 8,494,832 B2
Filed: 06/18/2008
Issued: 07/23/2013
Est. Priority Date: 06/20/2007
Status: Expired due to Fees

First Claim

Patent Images

1. A method of software simulation of a target software without actually running or testing the target software, the method comprising the steps of:

reading a first set of configuration files that contain details of the code to be simulated, the simulation parameters, and output format;

reading a second set of configuration files that contain details of the rules to be applied to the code being simulated;

loading rules which describe the expected behavior of the software, the rules being loaded from said configuration files;

reading said target software program code;

constructing a program model, which is a memory representation of program structure of the target software;

attaching the loaded rules to specific nodes in the program model in accordance with the rules;

running a plurality of simulation algorithms on the target software program without running the target software, to check for defects and obtain metrics and other attributes of the target software code, wherein running the plurality of simulation algorithms on said target software program comprises determining context sensitivity and data structures, upon completion of operation processes values of variable from multiple caller methods, generating an output with defects and other results reported by the plurality of algorithms; and

displaying the output on an interface.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A software simulation method and program storage device for software defect detection and obtaining insight into software code is disclosed, where simulation consists of executing target software program code for multiple input values and multiple code paths at the same time, thus achieving 100% coverage over inputs and paths without actually running the target software. This allows simulation to detect many defects that are missed by traditional testing tools. The simulation method runs a plurality of algorithms where a plurality of custom defined and pre-defined rules are verified in target software to find defects and obtain properties of the software code.

30 Citations

View as Search Results

52 Claims

1. A method of software simulation of a target software without actually running or testing the target software, the method comprising the steps of:
- reading a first set of configuration files that contain details of the code to be simulated, the simulation parameters, and output format;
  
  reading a second set of configuration files that contain details of the rules to be applied to the code being simulated;
  
  loading rules which describe the expected behavior of the software, the rules being loaded from said configuration files;
  
  reading said target software program code;
  
  constructing a program model, which is a memory representation of program structure of the target software;
  
  attaching the loaded rules to specific nodes in the program model in accordance with the rules;
  
  running a plurality of simulation algorithms on the target software program without running the target software, to check for defects and obtain metrics and other attributes of the target software code, wherein running the plurality of simulation algorithms on said target software program comprises determining context sensitivity and data structures, upon completion of operation processes values of variable from multiple caller methods, generating an output with defects and other results reported by the plurality of algorithms; and
  
  displaying the output on an interface.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51)
- - 2. The method of software simulation as in claim 1, where said target software program code is target software source code.
  - 3. The method of software simulation as in claim 1, where said target software program code is target software binary code.
  - 4. The method of software simulation as in claim 1, wherein generating a defect report comprises of prioritization and path generation for each defect as follows:
    - assigning priority to a bug according to specifications of each match element, if field value matches a predefined pattern;
      
      assigning default priority, if field value does not match a predefined pattern;
      
      associating a source node with each value object;
      
      storing source node information in error records and display said source node information on an user interface; and
      
      storing Simulation Call Graph (SCG), dynamically computing path and displaying said computed path on an user interface.
  - 5. The method of software simulation as in claim 1, wherein generating a defect report comprises of matching defects with entries in an input defects file which may have been created by simulating a different version of the code, if said input defects file is provided, as follows:
    - storing in the defects file the line number of error relative to the line number of the beginning of the method code;
      
      generating unique fingerprint for node where said error happened; and
      
      storing the unique fingerprint in the defects file.
  - 6. The method of software simulation as in claim 1, wherein running plurality of algorithms on said target software program further comprises of:
    - loading program variables and objects from the program model to be used for performing arithmetic, logical and pointer operations as specified in the source code of the target software;
      
      performing the operations on input values and computing the result;
      
      storing resulting values in the program model;
      
      applying language specific rules to check for any violations;
      
      invoking rules loaded from the configuration files; and
      
      reporting defects on program structure and variable values violating the requirements of the rules.
  - 7. The method of software simulation as in claim 1, where running plurality of algorithms on said target software program comprises of performing inter-procedural simulation if operation involves a method wherein the method involves a single or a plurality of methods for entry, exit, call, or branch point or join point of code paths, wherein handling the inter-procedural simulation in presence of inheritance, cycles in the flow graph, and recursive cycles further comprises of:
    - constructing a Simulation Call Graph (SCG) containing Method Flow Graph (MFG);
      
      executing an iterative algorithm to simulate flow of data values in said SCG;
      
      performing a modified topological traversal over said SCG;
      
      executing a method body node;
      
      executing MFG for code in method body in program flow order;
      
      pushing a branch point BasicBlock on a stack of ready branches, if a node is a branch point;
      
      simulating one path from said branch, if a node is a branch point;
      
      continuing simulation with join BasicBlock Code wherein predecessors of join point Basic Block are reached if the node is a joint point;
      
      simulating ready path from ready branches stack wherein the predecessors of join point Basic Block are not reached if the node is a joint point;
      
      simulating callee method bodies, if a node is a method call;
      
      simulating the caller method body'"'"'s execution blocks if the node is a method call;
      
      adding callee method to a blocked method set, if all callers of callee method body are not reached;
      
      switching path context, if all callers of callee method body are not reached;
      
      simulating the method body, if all callers of callee method body is reached;
      
      simulating available paths if any path is found for simulation;
      
      executing a method from the Blocked methods wherein said Blocked methods are set to break a deadlock, if any path is not found for simulation;
      
      picking a first method from sorted blocked method set, if any path is not found for simulation;
      
      simulating the body of said sorted blocked method set, if any path is not found for simulation;
      
      maintaining a Simulation started status for a method;
      
      flowing data values into method from caller wherein the caller is a recursive caller if the SimulationStarted status is true;
      
      flowing data values out of method from caller wherein the caller is a recursive caller if the SimulationStarted status is true;
      
      flowing the data values into method to caller wherein the caller is a recursive caller if the SimulationStarted status is true;
      
      flowing the data values out of method to caller wherein the caller is a recursive caller if the SimulationStarted status is true;
      
      continuing simulation after flowing of said data;
      
      blocking the caller if said caller is not a recusive caller wherein the SimulationStarted status is true;
      
      flowing the data values into method from caller wherein the method has completed simulation;
      
      flowing the data values out of method from caller wherein the method has completed simulation;
      
      flowing the data values into method to caller wherein the method has completed simulation;
      
      flowing the data values out of method to caller the method has completed simulation; and
      
      executing the MFG of the method wherein all callers are reached.
  - 8. The method of software simulation as in claim 1, where running plurality of algorithms on said target software program comprises of determining inter-method flow path relationship, if the operation requires to determine inter-method flow path relationships, wherein determining inter-method flow path relationship between a first BasicBlock B1 and a second BasicBlock B1 further comprises of:
    - determining B2 as a flow-predecessor of B1 if B2Method is an ancestor of B1Method and B2 is a flow-predecessor of call site in B2Method;
      
      determining B2 as a flow-predecessor of B1 if B1Method is an ancestor of B2Method and call site in B1Method leading to B2Method is a flow-predecessor of B2;
      
      determining B2 as a flow-predecessor of B1 if B1Method and B2Method have a common ancestor method and call site leading to B2Method is a flow predecessor of call site leading to B1Method; and
      
      determining B2 as not a flow-predecessor of B1 if said B2 is not determined as a flow-predecessor.
  - 9. The method of software simulation as in claim 1, wherein determining context sensitivity and data structures further comprises of:
    - using a context graph to represent calling contexts reaching a method body in Simulation Call Graph (SCG;
      
      representing values of a variable representing a memory location by a ValueMap;
      
      associating different values by caller'"'"'s context graph in said ValueMap if the value of variables reaching from multiple callers are same;
      
      distinguishing different values by said caller'"'"'s context graph if the value of variables reaching from multiple callers are different; and
      
      using union of context graphs as the context graph for value of variable wherein the value of variable reaching from multiple callers are different.
  - 10. The method of software simulation as in claim 1, where running plurality of algorithms on said target software program comprises of determining accurate Reaching Defs and data structures, if the operation requires values of program variables and object fields, wherein determining reaching defs and data structures further comprises of:
    - creating multiple Defs using Def cloning method;
      
      creating artificial Defs at call-sites and join points;
      
      computing value at artificial Def by creating a union of values of incoming Defs;
      
      adding an unknown value to value at an artificial Def if there is no incoming Def on all incoming paths;
      
      storing computed values at artificial Defs in memory sensitive manner;
      
      getting remaining values from previous Reaching Defs if real Def does not have a value for all required calling contacts;
      
      storing reaching Defs in Basic Block in DefMap if real Def has a value for all required calling contexts;
      
      restricting upward flow of Defs in a Simulation Call Graph (SCG) from a method body to callers;
      
      restricting number of Defs flowing downwards through said SCG from a caller method to callee method bodies;
      
      storing said Defs across fixed-point iterations at call-site BasicBlocks;
      
      computing reaching values for a variable from reaching Defs if said BasicBlock contains Def;
      
      computing reaching values for a variable from reaching Defs if Def is in Start BasicBlock for the use method and if said BasicBlock does not comprise of said Def;
      
      checking call site BasicBlocks for each caller of said use method;
      
      performing an upward check for Def in said SCG; and
      
      computing reaching values for a variable from said reaching Defs.
  - 11. The method of software simulation as in claim 1, where running plurality of algorithms on said target software program comprises of restricting values of variable at conditional jump, if the operation is a conditional jump, wherein restricting values of variable at conditional jumps comprises of:
    - inserting a Special Assert Node in a Method Flow Graph (MFG) for each path from a conditional jump;
      
      obtaining input values of variables restricted by conditional expression;
      
      executing conditional expression for each input value;
      
      adding values with true conditional expression to output values;
      
      creating a Def at Special Assert Node; and
      
      providing restricted values to variable uses after said Special Assert Node.
  - 12. The method of software simulation as in claim 1, where running plurality of algorithms on said target software program comprises of determining path sensitivity, if the operation uses a variable whose values are related to other variables, wherein determining path sensitivity between two related variables, comprises of:
    - using values of a second variable mapping to feasible values of first variable;
      
      finding all real reaching Defs of second variable at use node;
      
      pruning real reaching Defs to feasible Defs; and
      
      providing pruned set of feasible Defs to reaching values algorithm.
  - 13. The method of software simulation as in claim 12, wherein the reaching values algorithm further comprises of combining values of real defs at roots of artificial Defs graph to compute reaching values of said second variable at use.
  - 14. The method of software simulation as in claim 1, where running plurality of algorithms on said target software program comprises of determining relation sensitivity, if the operation uses a variable whose values are related to other variables, wherein determining relationship sensitivity between two variables comprises of:
    - creating a Def for a first variable containing Exact Relational Value of second variable;
      
      creating a Def for a second variable containing an Exact Relational Value of first variable;
      
      removing Exact Relational Value of said second variable from Def of said first variable at Special Assert if reaching values of said second variable does not contain Exact Relational Value of said first variable; and
      
      adding Def for restricted values for said second variable if reaching values of said second variable contains Exact Relational Value of said first variable.
  - 15. The method of software simulation as in claim 1, where running plurality of algorithms on said target software program comprises of detecting deadlock, if the operation is a synchronization or lock operation, wherein detection of deadlock further comprises of:
    - creating a lock graph whose nodes are objects;
      
      creating an edge from a first node to a second node, where said first node is blocked before said second node;
      
      creating a locked object global variable to store last object locked;
      
      updating said locked object variable at entry and exit of synchronized block/method;
      
      adding edges in lock order graph from previously locked objects to objects being locked; and
      
      reporting a deadlock if there is a cycle in lock graph.
  - 16. The method of software simulation as in claim 1, where running plurality of algorithms on said target software program comprises of detecting race condition, if the operation is a global object field read, write or access to classes/methods is marked with a concurrency annotation;
    - where detection of race condition further comprises of;
      
      determining if a global variable has escaped;
      
      checking existence of adequate locks to protect said variable access;
      
      ensuring that only one thread can access said variable at a time; and
      
      reporting a race condition bug, if there are not adequate locks.
  - 17. The method of software simulation as in claim 1, wherein determining if a global variable has escaped further comprises checking if at least one of following three conditions is true:
    - if said variable is a static field;
      
      if said variable is has escaped flag set as true;
      
      if ValueMap of said variable is escaped and if containing object of said variable is escaped;
      
      if neither of the above three conditions are true then the variable has not escaped.
  - 18. The method of software simulation as in claim 1, where running plurality of algorithms on said target software program comprises of detecting redundant synchronization, if the operation is a global object field read, write or access to classes/methods is marked with a concurrency annotation, wherein detection of redundant synchronization upon detection of race condition further comprises of:
    - checking if all synchronization nodes being marked as necessary synchronizations; and
      
      reporting a redundant synchronization defect, if all synchronization nodes are not marked as necessary synchronizations.
  - 19. The method of software simulation as in claim 1, where running plurality of algorithms on said target software program comprises of enforcing ordering rule, if the operation has an attached ordering rule, wherein ordering rule algorithms further comprises of:
    - setting and getting rule states on associated objects;
      
      creating ordering rules for arbitrary state machine specifications;
      
      adding custom fields to arbitrary objects to hold rule state;
      
      constructing a custom state-machine using rule state;
      
      attaching ordering rule to all nodes in a Method Flow Graph (MFG) specified by rule event specification;
      
      tracking state of the state of rule across events in a context sensitive manner;
      
      setting state in the field of a single global object, if there is no bound variable;
      
      associating state with bound variable'"'"'s referred objects;
      
      propagating state through a Simulation Call Graph (SCG) and the MFG;
      
      tracking rule state for wrapper objects;
      
      setting rule state on the appropriate branch from conditional jump;
      
      reporting defect, if a specific value is not associated with each event; and
      
      checking state of all objects at the exit nodes of the SCG for Follow/Order rules; and
      
      reporting defect if states are correct.
  - 20. The method of software simulation as in claim 1, where running plurality of algorithms on said target software program comprises of modeling precise object types to handle multiple callee methods at virtual method calls, if the operation uses or creates objects whose precise type is unknown, wherein precise modeling of object types and handling multiple callee methods at virtual method calls further comprises of:
    - setting artificial type field for unknown object values;
      
      propagating type fields values flow- and context-sensitively across a Simulation Call Graph (SCG) and a Method Flow Graph (MFG);
      
      using type from reaching Def, if there is a reaching Def of said type field at any point;
      
      using object value'"'"'s type from allocation site;
      
      computing expression from sub-expressions contained by in said expression, if the type of said expression is unknown;
      
      restricting methods called at call sites;
      
      obtaining object values for callee objects;
      
      creating a set of callee types from types of object values;
      
      restricting callee types using compile-time type of callee method and callee expression;
      
      performing a search to find concrete method body; and
      
      calling concrete method bodies at method call site.
  - 21. The method of software simulation as in claim 1, where running plurality of algorithms on said target software program comprises of modeling precise object types to handle multiple callee methods at virtual method calls, if the operation uses or creates objects whose precise type is unknown, wherein precise modeling of object types and handling multiple callee methods at virtual method calls further comprises of:
    - setting artificial type field for unknown object values;
      
      propagating type fields values flow- and context-sensitively across SCG and MFG;
      
      using type from reaching Def, if there is a reaching Def of said type field at any point;
      
      using object value'"'"'s type from allocation site;
      
      computing expression from sub-expressions contained by in said expression, if the type of said expression is unknown;
      
      restricting methods called at call sites;
      
      obtaining object values for callee objects;
      
      creating a set of callee types from types of object values;
      
      restricting callee types using compile-time type of callee method and callee expression;
      
      performing a search to find concrete method body; and
      
      calling concrete method bodies at method call site.
  - 22. The method of software simulation as in claim 1, where running plurality of algorithms on said target software program comprises of modeling arrays as associative arrays, if the operation uses or creates arrays or array elements, wherein array modeling as associative arrays further comprises of:
    - modeling an array as an associative array;
      
      storing elements of array in fields of array object;
      
      using ALL-ELEMENTS field to store the union of values of all array elements;
      
      using default value if no accurate reaching values are available for an element;
      
      using field names for concrete integer indexes for a program with concrete literal integer indexes;
      
      obtaining accurate value of elements read or written using concrete literal integer indexes;
      
      using field names for local variables used to index said array; and
      
      obtaining accurate values of elements within a local method scope or loop scope.
  - 23. The method of software simulation as in claim 1, where running plurality of algorithms on said target software program comprises of modeling collections using generics, if the operation invokes method calls on Collection objects, wherein modeling collection using generics further comprises of:
    - modeling sets as a single memory location;
      
      modeling methods by removing parameter values from the values of generic fields, if the method is a remove method;
      
      processing every method by creating union of values of parameters with generic field;
      
      modeling methods of collection with return value of generic element type;
      
      modeling Lists as arrays;
      
      modeling maps as objects with fields;
      
      adding a field to object value of Map for each key;
      
      converting put operation on a map to write;
      
      converting get operation on a map to read;
      
      writing a default key/value field with a generic type name for said key/value; and
      
      modeling iterators.
  - 24. The method of software simulation as in claim 1, where running plurality of algorithms on said target software program comprises of performing intra-procedural exception handling, if the operation throws exceptions or executes an exception handler, catch or finally block or invoke method calls which may throw exceptions, wherein intra-procedural exception handling further comprises of:
    - obtaining type for an exception object thrown;
      
      obtaining exception handler, catch or finally block for said exception type from throw statement'"'"'s exception map;
      
      selecting exception map entry with exception handler, catch or finally block'"'"'s exception type same as or super class of throw statements exception type;
      
      reaching Defs from throw BasicBlock are flowed to an exception handler, catch or finally block, if a it is found; and
      
      merging exception object values into exception values stored in the exception handler, catch or finally block'"'"'s variable, if it is found.
  - 25. The method of software simulation as in claim 1, where running plurality of algorithms on said target software program comprises of performing inter-procedural exception handling, if the operation throws exceptions or executes a exception handler, catch or finally block or invoke method calls which may throw exceptions, wherein inter-procedural exception handling further comprises of:
    - obtaining type for an exception object thrown;
      
      obtaining exception handler, catch or finally block for said exception type from throw statement'"'"'s exception map;
      
      selecting an exception map entry with exception handler, catch or finally block'"'"'s exception type same as or super class of throw statements exception type,wherein when a exception handler, catch or finally block is found in callee method, the method further comprises of;
      
      flowing reaching Defs from throw BasicBlock back to the exception handler, catch or finally block; and
      
      merging exception object values into the exception values stored in the exception handler, catch or finally block'"'"'s variable,wherein when a exception handler, catch or finally block is not found in callee method, the method further comprises of;
      
      adding a throw statement to Uncaught Exception Map of caller'"'"'s method call expression;
      
      processing uncaught exception map for method call after call completes; and
      
      connecting exceptions thrown by callee methods to exception handler, catch or finally blocks in caller method,and wherein when a exception handler, catch or finally block is found in caller method,the method further comprises of;
      
      adding throw statements from callee methods to uncaught exceptions map of caller of the caller method; and
      
      continuing bubbling up exception throws until entry point of simulation.
  - 26. The method of software simulation as in claim 1, where running plurality of algorithms on said target software program comprises of handling method calls for inline method body, if the operation involves a method call whose callee method may be inlined, wherein method body inlining further comprises of:
    - selecting method call sites for inlining;
      
      creating a branch point and a join point at a method call site;
      
      creating a inlined start and inlined exit BasicBlock for callee methods;
      
      cloning a Method Flow Graph (MFG) for body of each callee method;
      
      attaching body between inlined start and inlined exit BasicBlocks;
      
      replacing callee method return statements with a local variable assignment;
      
      using local variable in caller method in place of return value of method call; and
      
      setting actual parameters from method call site into the local variable of inlined method body.
  - 27. The method of software simulation as in claim 1, where running plurality of algorithms on said target software program comprises of computing expressions, if the operation is an arithmetic, logical, comparison or assignment operation, wherein computing expressions further comprises of:
    - computing result value for operand values corresponding to same calling context;
      
      computing operation on values in corresponding operand value sets for same calling context, if the context graphs overlap; and
      
      storing resulting value set in associated value map with intersection context graph, if the context graphs overlap.
  - 28. The method of software simulation as in claim 27, wherein computing expressions further comprises of:
    - computing operand values using an operand stack;
      
      computing result value by applying unary, binary or ternary operator to operand value;
      
      popping operands from the stack; and
      
      pushing result onto stack.
  - 29. The method of software simulation as in claim 1, where running plurality of algorithms on said target software program comprises of performing redundant check and dead code detection, if the operation is a conditional jump, wherein redundant check and dead code detection further comprises of:
    - detecting redundant checks at special assert nodes;
      
      determining a path headed by special assert node is dead path, if output values satisfy empty condition;
      
      determining a path opposite of path headed by special assert node is dead path, if the output values are same as input values; and
      
      reporting error at redundant checks, if the output values are same as input values.
  - 30. The method of software simulation as in claim 1, where running plurality of algorithms on said target software program comprises of handling looping constructs, if the operation is a looping construct, wherein handling loops further comprises of:
    - marking loop header BasicBlocks;
      
      identifying loop exit BasicBlocks;
      
      simulating loop header;
      
      simulating loop body;
      
      simulating loop exit path;
      
      checking if right hand side (RHS) values are derived from same Def at left hand side (LHS) to identify iterator variables;
      
      comparing old and new values of Def of iterator variable;
      
      adding an unknown value to iterators Def, if the value of iterator variable increasing or decreasing across iterations;
      
      adding a range value to Def, if the value of iterator variable is not increasing or decreasing across iterations; and
      
      processing loop condition at loop body to restrict iterator to loop bound.
  - 31. The method of software simulation as in claim 1, where running plurality of algorithms on said target software program comprises of memo-izing, if the operation is the entry of a method body, wherein memo-ization further comprises of:
    - checking if a method is to be simulated, by checking at least the following conditions;
      
      change in a parameter value,change in reaching Def of any of variables,change in return value of callee, andchange in Def within any loop in said method; and
      
      using simulation results of previous iteration, if none of the said conditions is satisfied.
  - 32. The method of software simulation as in claim 1, where running plurality of algorithms on said target software program comprises of performing interning, if the operation involves creating or comparing potentially duplicate data values, wherein when context graph or value set is being set in Def'"'"'s value, interning further comprises of:
    - associating “
      
      Frozen”
      
      state with Context Graph or ValueSet;
      
      replacing instance with existing canonical instance; and
      
      releasing new instance.
  - 33. The method of software simulation as in claim 1, where running plurality of algorithms on said target software program comprises of a rules attachment framework, if the operation has attached rules, wherein rules attachment framework further comprises of:
    - constructing a program model;
      
      reading all rules from all rule packs specified in project configuration;
      
      organizing rules by node type;
      
      executing a matching procedure between rules and program model nodes;
      
      traversing program model using a visitor pattern;
      
      obtaining set of rules applicable for node type of each node;
      
      pruning said set to satisfy requirements of each rule;
      
      attaching said set of rules to said program model node; and
      
      initiating simulation.
  - 34. The method of software simulation as in claim 1, where running plurality of algorithms on said target software program comprises of designing value rules, if the operation has attached rules;
    - wherein designing value rules further comprises of;
      
      using keyword “
      
      argN”
      
      , if value of Nth argument of current expression is required;
      
      using keyword “
      
      this”
      
      , if value of the callee object at a method call site is required;
      
      using keyword “
      
      node”
      
      , if value of the current node is required;
      
      using keyword “
      
      rhs”
      
      , if right hand side (RHS) value of an Assignment is required; and
      
      invoking Application Program Interface (APIs) from rule code.
  - 35. The method of software simulation as in claim 1, where running plurality of algorithms on said target software program comprises of designing flag rule and applications, if the operation has attached rules which use flag values, wherein designing flag rule and applications further comprises of:
    - getting and setting the values of flags on value maps for variable or expression values;
      
      setting multiple kinds of flags including but not limited to security taint flags by different rules;
      
      propagating flag values from operand values to result values during operations; and
      
      accumulating or performing custom operations on flag values from the input values at union operations or at join points.
  - 36. The method of software simulation as in claim 1, where running plurality of algorithms on said target software program comprises of generating rules, if simulation configuration specifies rule generation, wherein generating rules further comprises of:
    - generating @NonNull pre-condition annotation rule, if de-referenced parameter is Not checked for null value;
      
      generating a “
      
      parameter instanceof T”
      
      Precondition rule, if parameter is cast to type T without prior check if the parameter is an instance of type T; and
      
      generating a pre-condition rule which includes all conditional checks on path to exception, if method code is generating an exception and path to exception throw contains conditional checks.
  - 37. The method of software simulation as in claim 1, where running plurality of algorithms on said target software program comprises of ordering rule generation, if simulation configuration specifies rule generation, wherein ordering rule generation between a first method and a second method further comprises of:
    - checking if said first method is an initialization method;
      
      checking if said first method is a constructor;
      
      checking if said second method reads values of an object'"'"'s private fields that are initialized in said first method without prior checks; and
      
      generating ordering rule between said first method and second method based on checked conditions.
  - 38. The method of software simulation as in claim 1, where running plurality of algorithms on said target software program comprises of flowing the data values across multiple simulations, if the simulation configuration specifies a file containing a state from previous simulations, wherein flowing data across multiple simulations further comprises of:
    - writing out values at boundaries of code being simulated;
      
      writing return values from entry point methods;
      
      writing values of fields of objects;
      
      reading values of parameters of entry point methods;
      
      reading return values of unknown callee methods at call sites; and
      
      using compact binary format for storing values and include source node for all values.
  - 39. The method of software simulation as in claim 1, where running plurality of algorithms on said target software program comprises of using method summaries, if the simulation configuration specifies chunking and method summaries, wherein using method summary further comprises of:
    - marking each parameter value with a dependency field to indicate dependency on input;
      
      adding operations with operands comprising of said dependency fields to dependency fields;
      
      retaining expressions that have operated on input parameters to create result value; and
      
      deleting other nodes from program model to produce method summary.
  - 40. The method of software simulation as in claim 1, where running plurality of algorithms on said target software program comprises of using a combination of run-time dynamic analysis, testing and simulation, if the simulation configuration specifies the usage of testing and dynamic analysis, wherein using a combination of run-time dynamic analysis, testing and simulation further comprises of:
    - executing program using concrete values and simulating program using unknown values and values set;
      
      executing methods which compute results only from input parameters, without global side effects;
      
      obtaining values of input parameters and unknown variables from run-time test executions;
      
      obtaining additional concrete values of input parameters for simulation using unit testing heuristics;
      
      obtaining additional concrete inputs values for simulation provided by user through configuration;
      
      correlating multiple inputs and results using calling contexts;
      
      applying rules separately for each input-result pair;
      
      generating new input sets of values or states by simulation, wherein said new input sets are used for white-box testing;
      
      creating a unified rule architecture for both simulation and testing;
      
      executing rule code during testing;
      
      storing and reporting results of rule execution;
      
      generating ordering rules from run-time dynamic analysis; and
      
      checking ordering rules by simulation.
  - 41. The method of software simulation as in claim 1, where running plurality of algorithms on said target software program comprises of framing rules for JSR 305 external annotations, if the operation has attached rules or if simulation configuration specifies rule generation wherein annotating Java Specific Request JSR 305 externally in Extensible Markup Language (XML) format further comprises:
    - generating plurality of annotations;
      
      writing annotations in XML format; and
      
      loading and attaching XML annotations to appropriate program constructs.
  - 42. The method of software simulation as in claim 1, running plurality of algorithms on said target software program comprises of performing incremental simulation, if the simulation configuration specifies incremental simulation, wherein incremental simulation further comprises of:
    - storing state of the simulation at end of simulation of entire program;
      
      loading saved state;
      
      restarting simulation at methods with changed codes; and
      
      completing simulation.
  - 43. The method of software simulation as in claim 1, wherein presenting simulation results further comprises of:
    - displaying simulation result values at every use of the variable in the source view window;
      
      displaying a table of local variables;
      
      highlighting variables with interesting values; and
      
      displaying values obtained through dynamic analysis.
  - 44. The method of software simulation as in claim 1, where running plurality of algorithms on said target software program comprises of fixing errors detected by simulation automatically wherein fixing errors detected by simulation automatically further comprises of:
    - providing suggestions for fixing identified errors;
      
      receiving user'"'"'s approval to execute the suggested method of error handling; and
      
      fixing error by implementing said suggestions.
  - 45. The method of software simulation as in claim 1, where running plurality of algorithms on said target software program comprises of assisting code assessment, migration and maintenance wherein assisting code assessment, migration and maintenance further comprises of:
    - performing code-level quality assessments;
      
      calculating effort required for maintenance;
      
      calculating defect density for each kind of defect;
      
      measuring and displaying relative defect density;
      
      identifying errors in changed code;
      
      running rules of original code on changed or migrated code and detect violations of rules;
      
      applying set of rules during simulation to obtain metrics and properties;
      
      evaluating cost v/s benefit of migration; and
      
      predicting potential issues during migration.
  - 46. The method of software simulation as in claim 1, where running plurality of algorithms on said target software program comprises of simulating a service that depends on other services independent of said other services to detect errors in said service wherein simulating said further comprises:
    - inferring rules of interaction of services;
      
      checking code of service being simulated for consistency with message description;
      
      checking code of service being simulated for consistency with message ordering rules in Business Process Execution Language (BPEL) specification; and
      
      simulating services together.
  - 47. The method of software simulation as in claim 1, where running plurality of algorithms on said target software program comprises of applying simulation to detect errors in Structure Query Language (SQL) queries, if the simulation configuration specifies SQL query checking, wherein detecting errors in SQL queries further comprises of:
    - deriving a list of possible Strings that can be sent as SQL strings to database;
      
      running SQL strings against a set of checks;
      
      running generated SQL strings against real databases and check the strings;
      
      obtaining results of checks for SQL correctness and performance errors; and
      
      detecting potentially problematic strings.
  - 48. The method of software simulation as in claim 1, running plurality of algorithms on said target software program written in Javascript comprises of:
    - mapping global variables in Javascript to static fields of the script class generated for the Javascript source file;
      
      representing each Javascript constructor function as a class whose constructor delegates to the method of same name in the script class;
      
      modeling Javascript prototypes using artificial fields _proto_ and prototype; and
      
      modeling Javascript function pointers accurately using function class typed variables.
  - 49. The method of software simulation as in claim 1, running plurality of algorithms on said target software program written in Javascript comprises of modeling Hyper Text Markup Language (HTML) pages, wherein modeling of a HTML page further comprises of:
    - extracting all scripts from an HTML page;
      
      constructing Document Object Model (DOM) for elements of HTML page;
      
      adding a field to the script class for each element in said page and create an object and set in field;
      
      inserting Javascript code at beginning of the script;
      
      creating Javascript arrays containing appropriate set of children;
      
      generating a function for each event handler attribute;
      
      calling all event handlers at end of script class main method;
      
      converting calls on HTML DOM interfaces to corresponding operations; and
      
      detecting errors.
  - 50. The method of software simulation as in claim 49, wherein processing a set of configuration files comprises of:
    - reading configuration for a plurality of projects;
      
      identifying if one or more master projects are specified for each of said plurality of projects; and
      
      execute algorithms for project configuration for each of projects that have one or more master projects specified, with inheritance from said one or more master projects.
  - 51. The method of software simulation as in claim 50, wherein configuring projects with inheritance from master projects further comprises of:
    - configuring a project to extend a master project in configuration; and
      
      specifying values in the project different from the corresponding master project.

52. A non-transitory program storage device readable by computer, tangibly embodying a program of instructions executable by said computer to perform a method of software simulation of a target software without actually running or testing the target software, the method comprising the steps of:
- reading a first set of configuration files that contain details of the code to be simulated, the simulation parameters, and output format;
  
  reading a second set of configuration files that contain details of the rules to be applied to the code being simulated;
  
  loading rules which describe the expected behavior of the software, the rules being loaded from said configuration files;
  
  reading said target software program code;
  
  constructing a program model, which is a memory representation of program structure of the target software;
  
  attaching the loaded rules to specific nodes in the program model in accordance with the rules;
  
  running a plurality of simulation algorithms on the target software program without running the target software, to check for defects and obtain metrics and other attributes of the target software code, wherein running the plurality of simulation algorithms on said target software program comprises determining context sensitivity and data structures, upon completion of operation processes values of variable from multiple caller methods, generating an output with defects and other results reported by the plurality of algorithms; and
  
  displaying the output on an interface.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Sanjeev Krishnan, Sudheendra Hangal
Original Assignee
Sanjeev Krishnan, Sudheendra Hangal
Inventors
Krishnan, Sanjeev, Hangal, Sudheendra
Primary Examiner(s)
Silver, David
Assistant Examiner(s)
PIERRE LOUIS, ANDRE

Application Number

US12/665,915
Publication Number

US 20100198799A1
Time in Patent Office

1,861 Days
Field of Search

703/22, 717/135, 717/144, 717/126
US Class Current

703/22
CPC Class Codes

G06F 11/3696 Methods or tools to render ...

Method and apparatus for software simulation

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

30 Citations

52 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for software simulation

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

30 Citations

52 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links