CN110580170B - Method and device for identifying software performance risk - Google Patents

Method and device for identifying software performance risk Download PDF

Info

Publication number
CN110580170B
CN110580170B CN201910863103.3A CN201910863103A CN110580170B CN 110580170 B CN110580170 B CN 110580170B CN 201910863103 A CN201910863103 A CN 201910863103A CN 110580170 B CN110580170 B CN 110580170B
Authority
CN
China
Prior art keywords
software
risk
characteristic value
execution operation
performance
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201910863103.3A
Other languages
Chinese (zh)
Other versions
CN110580170A (en
Inventor
陈肇权
黄裕建
马泽政
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Industrial and Commercial Bank of China Ltd ICBC
Original Assignee
Industrial and Commercial Bank of China Ltd ICBC
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Industrial and Commercial Bank of China Ltd ICBC filed Critical Industrial and Commercial Bank of China Ltd ICBC
Priority to CN201910863103.3A priority Critical patent/CN110580170B/en
Publication of CN110580170A publication Critical patent/CN110580170A/en
Application granted granted Critical
Publication of CN110580170B publication Critical patent/CN110580170B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F8/00Arrangements for software engineering
    • G06F8/70Software maintenance or management

Landscapes

  • Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Debugging And Monitoring (AREA)

Abstract

The invention provides a method and a device for identifying software performance risks, wherein the method for identifying the software performance risks comprises the following steps: acquiring the execution operation of the software on the data and the object; deconstructing the execution operation to generate a behavior characteristic value capable of describing the execution operation; and identifying the performance risk of the software according to the behavior characteristic value and the pre-established software risk characteristic value mapping. The method and the device for identifying the software performance risk can greatly reduce the cost investment of the software performance risk identification and improve the efficiency of identification and optimization in the process of software development and operation and maintenance.

Description

Method and device for identifying software performance risk
Technical Field
The invention relates to the technical field of software performance testing, in particular to a method and a device for identifying software performance risks.
Background
The software performance is a characteristic of the software and directly reflects the degree of compliance of the software system or components therein with requirements such as business processing response, resource consumption, and the like. Meanwhile, the software performance is also an important index in the software quality evaluation, and reflects whether the software can support the expected use requirement. Therefore, performance risk identification in the software development and operation and maintenance stages is always a very important subject, directly influencing the cost of discovery and modification of performance problems.
In the traditional software development and operation and maintenance process, the identification of performance risks is highly dependent on human experience, or the risk needs to be waited for and then the risk is raised to the third point. However, the cost of the method is high, and the difficulty of performance risk identification and optimization is higher and higher due to the increasingly complex business architecture and the introduction of various technical frameworks, and the capability requirement and the labor investment of the research and maintenance personnel are higher and higher.
Disclosure of Invention
Aiming at the problems in the prior art, the method and the device for identifying the software performance risk provided by the invention greatly reduce the cost investment of the software performance risk identification and improve the efficiency of the identification and optimization in all stages needing to identify the software performance risk, especially in the process of software development and operation and maintenance.
In order to solve the technical problems, the invention provides the following technical scheme:
in a first aspect, the present invention provides a method for identifying a risk of performance of software, including:
acquiring the execution operation of the software on the data and the object;
deconstructing the execution operation to generate a behavior characteristic value capable of describing the execution operation;
and identifying the performance risk of the software according to the behavior characteristic value and the pre-established software risk characteristic value mapping.
Preferably, the acquiring the execution operation of the software on the data and the object includes:
resolving program codes in the software to generate a first abstract syntax tree;
searching the function of the abstract syntax tree and the calling relation of the abstract syntax tree by using a path coverage algorithm and taking an entry function of the abstract syntax tree as a starting endpoint so as to generate static execution operation of the program code;
analyzing the log files according to the time sequence of the log files in the software to generate log file analysis results;
and aggregating the analysis results of the log file according to the serial number and the transaction code to generate the static execution operation of the log file.
Preferably, the acquiring the execution operation of the software on the data and the object further includes:
setting a probe in the process memory of the program code, the network communication layer and the process memory and the network communication layer in the log file respectively;
monitoring logic, network interaction request and network interaction response of the software operation in real time through a probe;
and generating the dynamic execution operation of the code program and the log file according to the logic of the software operation, the network interaction request and the network interaction response by using a bypass method.
Preferably, the deconstructing the execution operation to generate a behavior feature value that can describe the execution operation includes:
analyzing the static execution operation and the dynamic execution operation of the program code to generate a second abstract syntax tree;
traversing the second abstract syntax tree to extract a first behavior characteristic value;
analyzing the static execution operation of the log file, and extracting a second behavior characteristic value according to the keywords;
the behavioral characteristic values include the first behavioral characteristic value and the second behavioral characteristic value.
Preferably, the method for identifying the risk of the software performance further comprises: the step of pre-establishing the software risk characteristic value mapping comprises the following steps: and establishing the software risk characteristic value mapping according to the behavior characteristic value threshold range and the corresponding software risk category and level thereof.
Preferably, the establishing the software risk feature value mapping according to the preset threshold range of the behavior feature value and the corresponding software performance risk category and level thereof includes:
and establishing the software risk characteristic value mapping according to the respective preset threshold range of the returned data quantity, time consumption of operation, operation concurrency, throughput, thread pool size, connection pool size, operating system CPU memory resource consumption, statement concurrency and query results of the predicate matching index and the corresponding software performance risk category and level thereof.
Preferably, the identifying the performance risk of the software according to the behavior feature value and the pre-established software risk feature value mapping includes:
querying a performance risk identification result of the corresponding software of the behavior feature value in the software risk feature value mapping.
In a second aspect, the present invention provides an apparatus for identifying risk of performance of software, the apparatus comprising:
an execution operation obtaining unit, configured to obtain an execution operation of the software on data and an object;
the characteristic value extraction unit is used for deconstructing the execution operation and generating a behavior characteristic value capable of describing the execution operation;
and the risk identification unit is used for identifying the performance risk of the software according to the behavior characteristic value and the pre-established software risk characteristic value mapping.
Preferably, the execution operation acquisition unit includes:
the grammar tree generation module is used for analyzing the program codes in the software to generate a first abstract grammar tree;
a static generation first module, configured to use a path coverage algorithm, and use an entry function of the abstract syntax tree as a starting endpoint, to retrieve a function of the abstract syntax tree and a call relationship of the abstract syntax tree, so as to generate a static execution operation of the program code;
The analysis result generation module is used for analyzing the log files according to the time sequence of the log files in the software so as to generate log file analysis results;
and the second static generation module aggregates the analysis results of the log files according to the serial numbers and the transaction codes to generate static execution operations of the log files.
Preferably, the execution operation acquisition unit further includes:
the probe setting module is used for setting a probe in the process memory of the program code, the network communication layer and the process memory and the network communication layer in the log file respectively;
the monitoring module is used for monitoring the logic, the network interaction request and the network interaction response of the software operation in real time through the probe;
and the dynamic generation module is used for generating the dynamic execution operation of the code program and the log file according to the logic of the software operation, the network interaction request and the network interaction response by utilizing a bypass method.
Preferably, the feature value extraction unit includes:
the abstract generating module is used for analyzing the static execution operation and the dynamic execution operation of the program code to generate a second abstract syntax tree;
And the first characteristic value extraction module is used for performing traversal operation on the second abstract syntax tree to extract a first behavior characteristic value.
The second characteristic value extraction module is used for analyzing the static execution operation of the log file and extracting a second behavior characteristic value according to the keywords;
the behavioral characteristic values include the first behavioral characteristic value and the second behavioral characteristic value.
Preferably, the identification device of software performance risk further comprises: the mapping generation unit is used for pre-establishing the software risk characteristic value mapping;
the map generating unit is specifically configured to establish the software risk feature value map according to the behavior feature value threshold range and the corresponding software risk class and level thereof.
Preferably, the mapping generating unit is further specifically configured to establish the software risk feature value mapping according to a preset threshold range of each of the returned data amount, operation time consumption, operation concurrency, throughput, thread pool size, connection pool size, operating system CPU memory resource consumption, statement concurrency, and query results of the predicate matching index, and a corresponding software performance risk class and level thereof.
Preferably, the risk identification unit is specifically configured to query a performance risk identification result of software corresponding to the behavior feature value in the software risk feature value map.
In a third aspect, the present invention provides an electronic device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, the processor implementing the steps of a method for identifying software performance risk when executing the program.
In a fourth aspect, the present invention provides a computer readable storage medium having stored thereon a computer program which, when executed by a processor, implements the steps of a method of identifying a risk of performance of software.
As can be seen from the above description, the method and the device for identifying the performance risk of the software provided by the invention acquire the software behavior of the software in the process of executing the operation on the data and the object in the program code and the log file in the software, extract the characteristic value capable of describing the software behavior from the software behavior based on the software behavior, and finally identify the performance risk of the software according to the characteristic value. The identification method of the software performance risk is suitable for the software research and development and operation and maintenance process, can greatly reduce the cost investment of the performance risk identification, and improves the identification and optimization efficiency. The method overcomes the difficulty that in the prior art, in the process of software development and operation and maintenance, the identification of performance risks highly depends on human experience, or the risk is required to be waited for and then the risk is improved.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings that are required in the embodiments or the description of the prior art will be briefly described, and it is obvious that the drawings in the following description are some embodiments of the present invention, and other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
FIG. 1 is a flowchart illustrating a method for identifying risk of software performance according to an embodiment of the present invention;
FIG. 2 is a flowchart illustrating a first step 100 of a method for identifying risk of performance of software according to an embodiment of the present invention;
FIG. 3 is a second flowchart of a method step 100 for identifying risk of software performance according to an embodiment of the present invention;
FIG. 4 is a flowchart illustrating a first step 200 of a method for identifying risk of performance of software according to an embodiment of the present invention;
FIG. 5 is a second flowchart illustrating a method step 200 for identifying risk of software performance according to an embodiment of the present invention;
FIG. 6 is a second flowchart of a method for identifying risk of performance of software according to an embodiment of the present invention;
FIG. 7 is a flowchart illustrating a method step 300 for identifying risk of software performance according to an embodiment of the present invention;
FIG. 8 is a flowchart illustrating a method for identifying risk of software performance in a specific application example of the present invention;
FIG. 9 is a conceptual diagram of a method for identifying risk of performance of software in an embodiment of the invention;
FIG. 10 is a schematic diagram of a device for identifying risk of performance of software in a specific application of the present invention;
FIG. 11 is a schematic diagram of a structure of an operation obtaining unit in an embodiment of the present invention;
FIG. 12 is a schematic diagram of a second embodiment of an operation obtaining unit according to the present invention;
FIG. 13 is a schematic diagram of a feature value extraction unit according to an embodiment of the present invention;
FIG. 14 is a second schematic diagram of a feature value extraction unit according to an embodiment of the present invention;
FIG. 15 is a schematic diagram of a device for identifying risk of performance of software in a specific application of the present invention;
fig. 16 is a schematic structural diagram of an electronic device in an embodiment of the invention.
Detailed Description
For the purpose of making the objects, technical solutions and advantages of the embodiments of the present invention more apparent, the technical solutions of the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present invention, and it is apparent that the described embodiments are some embodiments of the present invention, but not all embodiments of the present invention. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
An embodiment of the present invention provides a specific implementation manner of a software performance risk identification method, referring to fig. 1, where the method specifically includes the following contents:
step 100: and acquiring the execution operation of the software on the data and the object.
It is understood that the execution of operations by software on data and objects is also referred to as software behavior, i.e., the process by which software performs operations on data and objects. When the software is written, performance risks may be introduced due to design and coding, which affect the performance of the software.
Step 200: deconstructing the execution operation to generate a behavior characteristic value capable of describing the execution operation.
Specifically, a specific parser is invoked according to the software behavior acquisition channel to deconstruct the software behavior into behavior features described in a series of feature values. It is understood that feature values may be considered descriptions of actions and properties in software behavior.
Step 300: and identifying the performance risk of the software according to the behavior characteristic value and the pre-established software risk characteristic value mapping.
Specifically, the performance risk recognition result of the software corresponding to the behavior feature value in the software risk feature value mapping is queried, so that the performance risk of the software corresponding to the specific behavior feature value is determined.
As can be seen from the above description, the method for identifying the performance risk of the software provided by the invention obtains the software behavior of the software in the process of executing the operation on the data and the object from the program code and the log file in the software, extracts the characteristic value capable of describing the software behavior based on the software behavior, and finally identifies the performance risk of the software according to the characteristic value. The identification method of the software performance risk is suitable for the software research and development and operation and maintenance process, can greatly reduce the cost investment of the performance risk identification, and improves the identification and optimization efficiency. The method overcomes the difficulty that in the prior art, in the process of software development and operation and maintenance, the identification of performance risks highly depends on human experience, or the risk is required to be waited for and then the risk is improved.
In one embodiment, referring to fig. 2, step 100 comprises:
step 101a: program code in the software is parsed to generate a first abstract syntax tree.
Step 102a: and searching the function of the abstract syntax tree and the calling relation of the abstract syntax tree by using the entry function of the abstract syntax tree as a starting endpoint by using a path coverage algorithm to generate the static execution operation of the program code.
Step 101b: and analyzing the log files according to the time sequence of the log files in the software to generate log file analysis results.
Step 102b: and aggregating the analysis results of the log file according to the serial number and the transaction code to generate the static execution operation of the log file.
It will be appreciated that steps 101a and 102a are methods for generating corresponding software behaviors for the program code, and are static scanning methods, i.e. the software behaviors are collected from the program code by means of file parsing without actually executing operations. In contrast, steps 101b and 102b are methods for generating corresponding software behaviors for the log file, and are also static scanning methods.
In one embodiment, referring to fig. 3, step 100 further comprises:
step 101c: and setting a probe in the process memory of the program code, the network communication layer and the process memory and the network communication layer in the log file respectively.
It can be understood that the probe (NET probe) in step 101c is to obtain key information required by the target from the data of the sea lake, provide information early warning indication, and flexibly generate various messages and information icons, so as to help the user to timely, comprehensively and accurately master various network movements, thereby improving own time tracking and quick response capability.
102c: and monitoring the logic, the network interaction request and the network interaction response of the software operation in real time through a probe.
103c: and generating the dynamic execution operation of the code program and the log file according to the logic of the software operation, the network interaction request and the network interaction response by using a bypass method.
With respect to steps 101 a-102 b, steps 102c and 103c are actually dynamic interception of the software behavior, i.e. adding probes in the process memory or the network communication layer, monitoring the logic of the software operation or the request and response of network interaction in real time in a bypass mode, and collecting the software behavior in a mode of copying and outputting the data packet in the bypass mode.
In one embodiment, referring to fig. 4, step 200 comprises:
step 201a: and analyzing the execution operation of the program code to generate a second abstract syntax tree.
It is understood that the execution operation in step 201a includes a static execution operation and a dynamic execution operation of the program code.
It is understood that the abstract syntax tree (Abstract Syntax Tree, AST) is an abstract representation of the source code syntax structure. It represents the syntax structure of a programming language in the form of a tree, each node on the tree representing a structure in the source code. The grammar is said to be "abstract" in that the grammar herein does not represent every detail that appears in the real grammar. For example, nested brackets are implicit in the tree structure and are not presented in the form of nodes; and conditional jump statements like if-condition-then can be represented using a node with two branches.
Step 202a: and traversing the second abstract syntax tree to extract the first behavior characteristic value.
The Traversal (translation) in step 202a refers to sequentially accessing each node in the tree (or graph) along a search route. The operations performed by the access node depend on the particular application problem, which may be checking the value of the node, updating the value of the node, etc. The order of access nodes is different in different traversal modes.
In one embodiment, referring to fig. 5, step 200 further comprises:
step 201b: and analyzing the execution operation of the log file, and extracting a second behavior characteristic value according to the keywords.
The execution operation in step 201b is specifically a static execution operation of the log file, and in step 201b and step 202b, the parser includes parsing text grammar and lexical for the software behavior collected in the log, and aggregating multiple lines of logs with the same serial number. After the analysis is completed, the characteristic value is generated through the extraction of the key words. For example: one embodiment is: one program behavior collected by static log audit is:
2017/06/26 16:27:37,005 cashcoderecv-logType=->core4ctp:Operation message=operation begin execute,free memory:|1224779368|;
2017/06/26 16:27:37,006 cashcoderecv-connect to 127.0.0.1;
2017/06/26 16:27:37,073 cashcoderecv-select mothod:parallel=10;
2017/06/26 16:27:37,074 cashcoderecv-SQL=>SELECT ID,NAME FROM USER WHERE STATUS=1;
2017/06/26 16:27:37,271 cashcoderecv-RECORDNUM=20000;
2017/06/26 16:27:37,292 cashcoderecv-logType=->core4ctp:Operation message=operation end execute.it cost|287|ms;
after grammar and lexical analysis and multi-line log aggregation, the software behavior is disassembled as follows:
1. USER table accessing 127.0.0.1 database
2. Querying a record set with a STATUS field equal to 1
3. Result return 20000 records
4. Time-consuming 5 seconds'
After keyword extraction, generating behavior characteristics described in the JSON format, wherein the behavior characteristics are as follows: { "TYPE": "QUERYDB", "ADDRESS": "127.0.1", "TABLENAME": "USER", CONDICTITONS: { "STATUS": "1" }, "RECORDNUM": "20000", "TIME": "5s", "PARALLEL": "10" }.
In addition, the behavior feature values in step 200 include a first behavior feature value in step 202a and a second behavior feature value in step 201 b.
In particular, when the target object is a database, such as ORACLE, MYSQL, DB, which is a common relational database in the industry, and SSDB, REDIS, and other data situations in a distributed cache, it is necessary to collect multidimensional data features of database data. When risk identification is performed on data access behaviors, the scale and efficiency of data access are judged by combining the characteristics of data analysis. At this time, in the implementation of step 200, the query scan is performed on the database by using the collection rule through the dynamic search statistical means. The collection rules are defined in a configurable manner, and each rule corresponds to one evaluation dimension. For example: after four acquisition dimensions of TABLENAME, ROWNUM, COLUMNS, INDEX and the like are configured in advance, the USER table is analyzed, the following characteristics are acquired, and the characteristics are stored in a JSON format: { "TABLENAME": "USER", "ROWNUM": "24718", "COLUMNs": { ID ":" NUMBER "," NAME ":" VARCHAR (10) "," BRANCHI ":" VARCHAR (20) "," STATUS ":" NUMBER "}," INDEX ": { PK_USER": "ID" }.
In one embodiment, referring to fig. 6, the method for identifying a risk of performance of software further includes:
step 400: and generating the software risk characteristic value mapping.
In the implementation of step 400, the software risk feature value map may be established according to the behavior feature value threshold range and the corresponding software risk category and level, and further, the software risk feature value map is established according to the respective preset threshold range and the corresponding software performance risk category and level of the returned data volume, the operation time consumption, the operation concurrency, the throughput, the thread pool size, the connection pool size, the operating system CPU memory resource consumption, the statement concurrency and the query result of the predicate matching index. For example: four risk features are defined in one embodiment: A. the amount of returned data is greater than 1000; B. takes more than 500 milliseconds; C. sentence concurrency exceeds 100; D. the query predicates do not match the index. For the foregoing embodiment of the behavior breaking unit 2 and the data analysis unit 3: { "TYPE": "QUERYDB", "ADDRESS": "127.0.1", "TABLENAME": "USER", CONDICTITONS: { "STATUS": "1" }, "RECORDNUM": "20000", "TIME": "5s", "PARALLEL": "10" }. This behavior hits three risk features simultaneously: the amount of returned data is greater than 1000 (record=20000), takes more than 500 milliseconds (time=5s), the query predicate does not have a matching INDEX (INDEX does not include a STATUS field), and is therefore identified as a risk behavior.
It should be noted that, the step 400 may also be implemented by other relevant parameters, and is not limited to establishing the software risk feature value map according to the preset threshold ranges of the query results of the returned data amount, the operation time consumption, the operation concurrency, the throughput, the thread pool size, the connection pool size, the operating system CPU memory resource consumption, the statement concurrency, and the predicate matching index, and the corresponding software performance risk categories and levels thereof.
In one embodiment, referring to fig. 7, step 300 comprises:
step 301: querying a performance risk identification result of the corresponding software of the behavior feature value in the software risk feature value mapping.
It can be understood that different threshold ranges of the feature value correspond to different software performance risk recognition results, and the software performance risk recognition result corresponding to the feature value can be determined by determining that the specific feature value is in the corresponding threshold range.
As can be seen from the above description, the method for identifying the performance risk of the software provided by the invention obtains the software behavior of the software in the process of executing the operation on the data and the object from the program code and the log file in the software, extracts the characteristic value capable of describing the software behavior based on the software behavior, and finally identifies the performance risk of the software according to the characteristic value. The identification method of the software performance risk is suitable for the software research and development and operation and maintenance process, can greatly reduce the cost investment of the performance risk identification, and improves the identification and optimization efficiency. The method overcomes the difficulty that in the prior art, in the process of software development and operation and maintenance, the identification of performance risks highly depends on human experience, or the risk is required to be waited for and then the risk is improved.
To further illustrate the present solution, the present invention provides a specific application example of a method for identifying a risk of performance of software, where the specific application example specifically includes the following matters, see fig. 8 and fig. 9.
S0: the software behavior is collected.
It is understood that the software behavior in step S0 refers to a process in which software performs an operation on data and an object. Specifically, software behaviors such as ' application end circulation calculation ', ' program call ', ' database table access ' and data aggregation processing ' are collected through static auditing means such as code scanning and log mining, and dynamic interception means such as communication layer packet grabbing.
S1: and carrying out structural disassembly on the collected software behaviors.
Deconstructing is formatting stored behavior feature values described in a series of feature values.
S2: and (5) data characteristic analysis.
And (3) carrying out retrieval statistics on the data of the software database, and acquiring data characteristics by using predefined rules.
S3: and identifying the software performance risk according to the deconstructed behaviors.
It can be understood that the risk feature is a class of values or a range of values of the behavior feature value, and if the value hits the range, it is defined that the behavior has a performance hidden trouble. For example: for data access behavior, when the feature value of "SQL statement execution cost" is greater than 1000, the feature value is defined as a risk feature. In addition, risk characteristics are maintained in a structured and configurable manner, so that inquiry and expansion can be facilitated.
It should be noted that, if the software behavior relates to the data access operation, the data features generated by S2 need to be queried in the identification process, so as to comprehensively evaluate the performance risk of the data access operation.
And (3) circularly comparing each characteristic value with a preset full risk characteristic. If the value of the feature value meets the definition of the risk feature value or is within the value range, the behavior feature is considered to have performance hidden trouble in the dimension of the feature value.
S4: and (5) risk prompting and automatic optimization.
And manually confirming the identified software performance risk notification program by the corresponding research and development personnel. And simultaneously, optimizing suggestions are provided for hit risk characteristics.
Specifically, the contact information of research and development operation personnel corresponding to the software risk behaviors is obtained, the responsible person for the opposite port is reminded through the modes of mail, short messages and the like, and the risk is audited and confirmed in a manual mode. Optimization suggestions are made for risky behavior. And maintaining an optimization algorithm aiming at different risk characteristics, analyzing the risk characteristics contained in the risk behaviors, and calculating and providing optimization suggestions. For example, a risk behavior of HTTP interactive requests is identified, there are two risk features, one synchronous blocking waiting to return, and the other with log registration operations at the deg level. When the risk behavior is analyzed, the prompt log level needs to be adjusted to ERROR, and then the program interaction is suggested to be modified to be asynchronously submitted and processed in the background.
As can be seen from the above description, the method for identifying the performance risk of the software provided by the invention obtains the software behavior of the software in the process of executing the operation on the data and the object from the program code and the log file in the software, extracts the characteristic value capable of describing the software behavior based on the software behavior, and finally identifies the performance risk of the software according to the characteristic value. The identification method of the software performance risk is suitable for the software research and development and operation and maintenance process, can greatly reduce the cost investment of the performance risk identification, and improves the identification and optimization efficiency. The method overcomes the difficulty that in the prior art, in the process of software development and operation and maintenance, the identification of performance risks highly depends on human experience, or the risk is required to be waited for and then the risk is improved.
Based on the same inventive concept, the embodiments of the present application also provide a device for identifying risk of software performance, which can be used to implement the method described in the above embodiments, such as the following embodiments. Because the principle of solving the problem by the software performance risk recognition device is similar to that of the software performance risk recognition method, the implementation of the software performance risk recognition device can be referred to the software performance risk recognition method implementation, and the repetition is omitted. As used below, the term "unit" or "module" may be a combination of software and/or hardware that implements the intended function. While the system described in the following embodiments is preferably implemented in software, implementation in hardware, or a combination of software and hardware, is also possible and contemplated.
An embodiment of the present invention provides a specific implementation manner of a device for identifying a software performance risk, which can implement a method for identifying a software performance risk, referring to fig. 10, where the device for identifying a software performance risk specifically includes:
an execution operation obtaining unit 10, configured to obtain an execution operation of the software on data and objects;
a feature value extraction unit 20, configured to deconstruct the execution operation, and generate a behavior feature value that may describe the execution operation;
and the risk identification unit 30 is configured to identify a performance risk of the software according to the behavior feature value and a pre-established software risk feature value mapping.
Preferably, referring to fig. 11, the execution operation acquisition unit 10 includes:
a syntax tree generating module 101a, configured to parse the program code in the software to generate a first abstract syntax tree;
a static generation first module 102a, configured to retrieve, using a path overlay algorithm, a function of the abstract syntax tree and a call relationship of the abstract syntax tree with an entry function of the abstract syntax tree as a starting endpoint, so as to generate a static execution operation of the program code;
the analysis result generation module 103a is configured to analyze the log file according to the time sequence of the log file in the software, so as to generate a log file analysis result;
And the static generation second module 104a aggregates the analysis results of the log file according to the serial number and the transaction code to generate static execution operation of the log file.
Preferably, referring to fig. 12, the execution operation acquisition unit further includes:
the probe setting module 101b is configured to set a probe in the process memory of the program code, the network communication layer, and the process memory and the network communication layer in the log file, respectively;
the monitoring module 102b is configured to monitor, in real time, the logic of the software operation, the network interaction request and the network interaction response through a probe;
the dynamic generation module 103b is configured to generate the dynamic execution operation of the code program and the log file according to the logic of the software operation, the network interaction request and the network interaction response by using a bypass method.
Preferably, referring to fig. 13, the feature value extraction unit 20 includes:
an abstract generating module 201a, configured to parse the static execution operation and the dynamic execution operation of the program code to generate a second abstract syntax tree;
the first feature value extraction module 202a is configured to perform a traversal operation on the second abstract syntax tree to extract a first behavior feature value.
Preferably, referring to fig. 14, the feature value extraction unit 20 further includes:
a second feature value extraction module 201b, configured to parse the static execution operation of the log file, and extract a second behavior feature value according to the keyword;
the behavioral characteristic values include the first behavioral characteristic value and the second behavioral characteristic value.
Preferably, referring to fig. 15, the identifying device for software performance risk further includes: the map generating unit 40 is configured to generate the software risk feature value map, and the map generating unit is specifically configured to establish the software risk feature value map according to the behavior feature value threshold range and the corresponding software risk category and level thereof.
Preferably, the mapping generating unit is further specifically configured to establish the software risk feature value mapping according to a preset threshold range of each of the returned data amount, operation time consumption, operation concurrency, throughput, thread pool size, connection pool size, operating system CPU memory resource consumption, statement concurrency, and query results of the predicate matching index, and a corresponding software performance risk class and level thereof.
Preferably, the risk identification unit is specifically configured to query a performance risk identification result of software corresponding to the behavior feature value in the software risk feature value map.
As can be seen from the above description, the recognition device for the performance risk of the software provided by the invention obtains the software behavior of the software in the process of executing the operation on the data and the object from the program code and the log file in the software, extracts the characteristic value capable of describing the software behavior based on the software behavior, and finally recognizes the performance risk of the software according to the characteristic value. The identification method of the software performance risk is suitable for the software research and development and operation and maintenance process, can greatly reduce the cost investment of the performance risk identification, and improves the identification and optimization efficiency. The method overcomes the difficulty that in the prior art, in the process of software development and operation and maintenance, the identification of performance risks highly depends on human experience, or the risk is required to be waited for and then the risk is improved.
The embodiment of the present application further provides a specific implementation manner of an electronic device capable of implementing all the steps in the method for identifying a risk of performance of software in the foregoing embodiment, and referring to fig. 16, the electronic device specifically includes the following contents:
a processor 1201, a memory 1202, a communication interface (Communications Interface) 1203, and a bus 1204;
wherein the processor 1201, the memory 1202 and the communication interface 1203 perform communication with each other through the bus 1204; the communication interface 1203 is configured to implement information transmission between related devices such as a server device, a storage device, and a user device.
The processor 1201 is configured to invoke a computer program in the memory 1202, and when the processor executes the computer program, the processor performs all the steps in the method for identifying a risk of performance of software in the above embodiment, for example, when the processor executes the computer program, the processor performs the following steps:
step 100: and acquiring the execution operation of the software on the data and the object.
Step 200: deconstructing the execution operation to generate a behavior characteristic value capable of describing the execution operation.
Step 300: and identifying the performance risk of the software according to the behavior characteristic value and the pre-established software risk characteristic value mapping.
As can be seen from the above description, in the electronic device according to the embodiments of the present application, the software behavior of the process of executing the operation on the data and the object by the software is obtained from the program code and the log file in the software, the feature value that can describe the software behavior is extracted from the software behavior based on the software behavior, and finally the performance risk of the software is identified according to the feature value. The identification method of the software performance risk is suitable for the software research and development and operation and maintenance process, can greatly reduce the cost investment of the performance risk identification, and improves the identification and optimization efficiency. The method overcomes the difficulty that in the prior art, in the process of software development and operation and maintenance, the identification of performance risks highly depends on human experience, or the risk is required to be waited for and then the risk is improved.
The embodiments of the present application also provide a computer-readable storage medium capable of implementing all the steps in the method for identifying a risk of performance of software in the above embodiments, and a computer program stored on the computer-readable storage medium, the computer program implementing all the steps in the method for identifying a risk of performance of software in the above embodiments when executed by a processor, for example, the processor implementing the following steps when executing the computer program:
step 100: and acquiring the execution operation of the software on the data and the object.
Step 200: deconstructing the execution operation to generate a behavior characteristic value capable of describing the execution operation.
Step 300: and identifying the performance risk of the software according to the behavior characteristic value and the pre-established software risk characteristic value mapping.
As can be seen from the above description, the computer-readable storage medium in the embodiments of the present application obtains the software behavior of the process of executing the operation on the data and the object by the software from the program code and the log file in the software, extracts the feature value that can describe the software behavior based on the software behavior, and finally identifies the performance risk of the software according to the feature value. The identification method of the software performance risk is suitable for the software research and development and operation and maintenance process, can greatly reduce the cost investment of the performance risk identification, and improves the identification and optimization efficiency. The method overcomes the difficulty that in the prior art, in the process of software development and operation and maintenance, the identification of performance risks highly depends on human experience, or the risk is required to be waited for and then the risk is improved.
In this specification, each embodiment is described in a progressive manner, and identical and similar parts of each embodiment are all referred to each other, and each embodiment mainly describes differences from other embodiments. In particular, for a hardware+program class embodiment, the description is relatively simple, as it is substantially similar to the method embodiment, as relevant see the partial description of the method embodiment.
The foregoing describes specific embodiments of the present disclosure. Other embodiments are within the scope of the following claims. In some cases, the actions or steps recited in the claims can be performed in a different order than in the embodiments and still achieve desirable results. In addition, the processes depicted in the accompanying figures do not necessarily require the particular order shown, or sequential order, to achieve desirable results. In some embodiments, multitasking and parallel processing are also possible or may be advantageous.
Although the present application provides method operational steps as an example or flowchart, more or fewer operational steps may be included based on conventional or non-inventive labor. The order of steps recited in the embodiments is merely one way of performing the order of steps and does not represent a unique order of execution. When implemented by an actual device or client product, the instructions may be executed sequentially or in parallel (e.g., in a parallel processor or multi-threaded processing environment) as shown in the embodiments or figures.
It will be appreciated by those skilled in the art that embodiments of the present invention may be provided as a method, system, or computer program product. Accordingly, the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present invention may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present invention is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems) and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flowchart illustrations and/or block diagrams, and combinations of flows and/or blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
The principles and embodiments of the present invention have been described in detail with reference to specific examples, which are provided to facilitate understanding of the method and core ideas of the present invention; meanwhile, as those skilled in the art will have variations in the specific embodiments and application scope in accordance with the ideas of the present invention, the present description should not be construed as limiting the present invention in view of the above.

Claims (14)

1. A method for identifying software performance risk, comprising:
acquiring the execution operation of the software on the data and the object;
deconstructing the execution operation to generate a behavior characteristic value capable of describing the execution operation;
identifying the performance risk of the software according to the behavior characteristic value and a pre-established software risk characteristic value map;
the acquiring the execution operation of the software on the data and the object comprises the following steps:
resolving program codes in the software to generate a first abstract syntax tree;
searching the function of the abstract syntax tree and the calling relation of the abstract syntax tree by using a path coverage algorithm and taking an entry function of the abstract syntax tree as a starting endpoint so as to generate static execution operation of the program code;
analyzing the log files according to the time sequence of the log files in the software to generate log file analysis results;
and aggregating the analysis results of the log file according to the serial number and the transaction code to generate the static execution operation of the log file.
2. The method of claim 1, wherein the acquiring the software performs operations on data and objects further comprises:
Setting a probe in the process memory of the program code, the network communication layer and the process memory and the network communication layer in the log file respectively;
monitoring logic, network interaction request and network interaction response of the software operation in real time through a probe;
and generating a code program and a dynamic execution operation of a log file according to the logic of the software operation, the network interaction request and the network interaction response by using a bypass method.
3. The method of claim 1, wherein deconstructing the execution operation to generate a behavior feature value describing the execution operation comprises:
parsing the execution of the program code to generate a second abstract syntax tree;
traversing the second abstract syntax tree to extract a first behavior characteristic value;
analyzing the execution operation of the log file, and extracting a second behavior characteristic value according to the keywords;
the behavioral characteristic values include the first behavioral characteristic value and the second behavioral characteristic value.
4. The identification method of claim 1, wherein the step of pre-establishing the software risk feature value map comprises: and establishing the software risk characteristic value mapping according to the behavior characteristic value threshold range and the corresponding software risk category and level thereof.
5. The method of identifying as in claim 4, wherein the establishing the software risk feature value map according to the preset threshold range of behavior feature values and the corresponding software performance risk categories and levels thereof comprises:
and establishing the software risk characteristic value mapping according to the respective preset threshold range of the returned data quantity, time consumption of operation, operation concurrency, throughput, thread pool size, connection pool size, operating system CPU memory resource consumption, statement concurrency and query results of the predicate matching index and the corresponding software performance risk category and level thereof.
6. The method of claim 4, wherein the identifying the performance risk of the software based on the behavioral characteristic values and a pre-established software risk characteristic value map comprises:
querying a performance risk identification result of the corresponding software of the behavior feature value in the software risk feature value mapping.
7. A software performance risk identification device, comprising:
an execution operation obtaining unit, configured to obtain an execution operation of the software on data and an object;
the characteristic value extraction unit is used for deconstructing the execution operation and generating a behavior characteristic value capable of describing the execution operation;
The risk identification unit is used for identifying the performance risk of the software according to the behavior characteristic value and the pre-established software risk characteristic value mapping;
the execution operation acquisition unit includes:
the grammar tree generation module is used for analyzing the program codes in the software to generate a first abstract grammar tree;
a static generation first module, configured to use a path coverage algorithm, and use an entry function of the abstract syntax tree as a starting endpoint, to retrieve a function of the abstract syntax tree and a call relationship of the abstract syntax tree, so as to generate a static execution operation of the program code;
the analysis result generation module is used for analyzing the log files according to the time sequence of the log files in the software so as to generate log file analysis results;
and the second static generation module aggregates the analysis results of the log files according to the serial numbers and the transaction codes to generate static execution operations of the log files.
8. The apparatus according to claim 7, wherein the execution operation acquisition unit further includes:
the probe setting module is used for setting a probe in the process memory of the program code, the network communication layer and the process memory and the network communication layer in the log file respectively;
The monitoring module is used for monitoring the logic, the network interaction request and the network interaction response of the software operation in real time through the probe;
and the dynamic generation module is used for generating a code program and a dynamic execution operation of the log file according to the logic of the software operation, the network interaction request and the network interaction response by utilizing a bypass method.
9. The apparatus according to claim 7, wherein the feature value extraction unit includes:
the abstract generating module is used for analyzing the execution operation of the program code to generate a second abstract syntax tree;
the first characteristic value extraction module is used for performing traversal operation on the second abstract syntax tree to extract a first behavior characteristic value;
the second characteristic value extraction module is used for analyzing the execution operation of the log file and extracting a second behavior characteristic value according to the keywords;
the behavioral characteristic values include the first behavioral characteristic value and the second behavioral characteristic value.
10. The identification device of claim 7, further comprising: the mapping generation unit is used for pre-establishing the software risk characteristic value mapping;
the map generating unit is specifically configured to establish the software risk feature value map according to the behavior feature value threshold range and the corresponding software risk class and level thereof.
11. The apparatus of claim 10, wherein the map generating unit is further specifically configured to establish the software risk feature value map according to a preset threshold range of each of the returned data amount, the operation time consumption, the operation concurrency, the throughput, the thread pool size, the connection pool size, the operating system CPU memory resource consumption, the statement concurrency, and the query result of the predicate-matching index, and a corresponding software performance risk class and level thereof.
12. The identification device according to claim 10, wherein the risk identification unit is specifically configured to query a performance risk identification result of the software corresponding to the behavior feature value in the software risk feature value map.
13. An electronic device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, characterized in that the processor implements the steps of the method for identifying a risk of performance of a software according to any of claims 1 to 6 when said program is executed by said processor.
14. A computer readable storage medium having stored thereon a computer program, characterized in that the computer program, when executed by a processor, realizes the steps of the method for identifying a risk of performance of a software according to any of claims 1 to 6.
CN201910863103.3A 2019-09-12 2019-09-12 Method and device for identifying software performance risk Active CN110580170B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910863103.3A CN110580170B (en) 2019-09-12 2019-09-12 Method and device for identifying software performance risk

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910863103.3A CN110580170B (en) 2019-09-12 2019-09-12 Method and device for identifying software performance risk

Publications (2)

Publication Number Publication Date
CN110580170A CN110580170A (en) 2019-12-17
CN110580170B true CN110580170B (en) 2023-07-21

Family

ID=68811784

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910863103.3A Active CN110580170B (en) 2019-09-12 2019-09-12 Method and device for identifying software performance risk

Country Status (1)

Country Link
CN (1) CN110580170B (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11200048B2 (en) * 2020-05-14 2021-12-14 International Business Machines Corporation Modification of codified infrastructure for orchestration in a multi-cloud environment
CN117113985A (en) * 2021-09-06 2023-11-24 好心情健康产业集团有限公司 Text clustering picture identification method, device and system

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106503562A (en) * 2015-09-06 2017-03-15 阿里巴巴集团控股有限公司 A kind of Risk Identification Method and device
CN107679404A (en) * 2017-08-31 2018-02-09 百度在线网络技术(北京)有限公司 Method and apparatus for determining software systems potential risk
CN109214171A (en) * 2018-08-29 2019-01-15 深信服科技股份有限公司 A kind of detection method of software, device, equipment and medium
CN109544166A (en) * 2018-11-05 2019-03-29 阿里巴巴集团控股有限公司 A kind of Risk Identification Method and device
CN110135693A (en) * 2019-04-12 2019-08-16 北京中科闻歌科技股份有限公司 A kind of Risk Identification Method, device, equipment and storage medium

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10637887B2 (en) * 2017-12-29 2020-04-28 Cyphort Inc. System for query injection detection using abstract syntax trees

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106503562A (en) * 2015-09-06 2017-03-15 阿里巴巴集团控股有限公司 A kind of Risk Identification Method and device
CN107679404A (en) * 2017-08-31 2018-02-09 百度在线网络技术(北京)有限公司 Method and apparatus for determining software systems potential risk
CN109214171A (en) * 2018-08-29 2019-01-15 深信服科技股份有限公司 A kind of detection method of software, device, equipment and medium
CN109544166A (en) * 2018-11-05 2019-03-29 阿里巴巴集团控股有限公司 A kind of Risk Identification Method and device
CN110135693A (en) * 2019-04-12 2019-08-16 北京中科闻歌科技股份有限公司 A kind of Risk Identification Method, device, equipment and storage medium

Also Published As

Publication number Publication date
CN110580170A (en) 2019-12-17

Similar Documents

Publication Publication Date Title
US10915535B2 (en) Optimizations for a behavior analysis engine
CN110543356A (en) abnormal task detection method, device and equipment and computer storage medium
Nagy et al. A static code smell detector for SQL queries embedded in Java code
CN112988782B (en) Hive-supported interactive query method and device and storage medium
CN108710662B (en) Language conversion method and device, storage medium, data query system and method
Nagy et al. Where was this SQL query executed? a static concept location approach
CN112579610A (en) Multi-data source structure analysis method, system, terminal device and storage medium
CN112035508A (en) SQL (structured query language) -based online metadata analysis method, system and equipment
CN110580170B (en) Method and device for identifying software performance risk
CN113238937B (en) Compiler fuzzy test method based on code compaction and false alarm filtering
CN116483850A (en) Data processing method, device, equipment and medium
CN116578585B (en) Data query method, device, electronic equipment and storage medium
Cherry et al. Static analysis of database accesses in mongodb applications
CN112925720A (en) Software SQL test method, device, storage medium and system
CN116069808A (en) Method and device for determining dependency information of database storage process and electronic equipment
CN116401145A (en) Source code static analysis processing method and device
EP3816814A1 (en) Crux detection in search definitions
CN112783758B (en) Test case library and feature library generation method, device and storage medium
CN114547083A (en) Data processing method and device and electronic equipment
US7844627B2 (en) Program analysis method and apparatus
Lindvall et al. A comparison of latency for MongoDB and PostgreSQL with a focus on analysis of source code
CN113836164A (en) Method, system, device and medium for unifying SQL
CN106484706B (en) Method and apparatus for executing procedural SQL statements for distributed systems
CN116795663B (en) Method for tracking and analyzing execution performance of trino engine
CN115563150B (en) Method, equipment and storage medium for mapping Hive SQL (structured query language) and execution engine DAG (direct current)

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant