CA2385433A1 - Real-time program audit software - Google Patents

Real-time program audit software Download PDF

Info

Publication number
CA2385433A1
CA2385433A1 CA002385433A CA2385433A CA2385433A1 CA 2385433 A1 CA2385433 A1 CA 2385433A1 CA 002385433 A CA002385433 A CA 002385433A CA 2385433 A CA2385433 A CA 2385433A CA 2385433 A1 CA2385433 A1 CA 2385433A1
Authority
CA
Canada
Prior art keywords
program
audit
source
options
execution
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Abandoned
Application number
CA002385433A
Other languages
French (fr)
Inventor
Paul H. Harkins
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Individual
Original Assignee
Individual
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from US09/611,210 external-priority patent/US6775827B1/en
Application filed by Individual filed Critical Individual
Publication of CA2385433A1 publication Critical patent/CA2385433A1/en
Abandoned legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/36Preventing errors by testing or debugging software
    • G06F11/3604Software analysis for verifying properties of programs
    • G06F11/3612Software analysis for verifying properties of programs by runtime analysis

Abstract

Real-time program audit software that is a software program, a method, and a system for generating source program audit statements which provide analyses of program statements and data as the program executes. These audits provide for real-time analysis of the execution of the program. The real-time progra m audit is applicable to virtually any programming language that uses source program statements, whether the source statements are compiled into an executable object or are interpreted during program execution. Conventional source programs are selected for auditing based on an audit profile; the aud it profile is customized for specific compile and initial execution options; th e source program is expanded with the selected audit statements; and the sourc e program is compiled with a conventional language compiler. Program execution audits are based on the initial execution audit profile, customized executio n audits, or dynamic audits specified during program execution. Program audit output is to disk, and is available for immediate online display or printing , or for expanded auditing analysis. Expanded auditing analysis provides for extensive analysis of the real-time program audit output data from all audit ed programs based on the desired analysis, which includes: program, user, date and time ranges, audit code prefix, audited file, field, label, and any execution audited data value.

Description

REAL-TIME PROGRAM AUDIT SOFTWARE
BACKGROUND OF THE INVENTION
TECHNICAL FIELD
The present invention relates generally to a method and system for auditing and analyzing the execution of computer programs in real-time, and particularly to a method and system for generating source program auditing statements for debugging an application program.
BACKGROUND ART
Typically, computer source programs are written in a source programming language by computer programmers.
Alternatively, source programs can be generated by a Fourth Generation Language (4GL) or a computer-aided software engineering (CASE) tool. Programs created using a Fourth Generation Language or a CASE tool are automatically translated into source statements of a conventional programming language as an intermediate step to compilation and execution. Conventional programming languages include Common Business-Oriented Language (COBOL), formula translation (FORTRAN), Pascal, and Report Program Generator (RPG), amongst others. These conventional programming languages are source programs that are compiled into executable modules or objects so that they may be executed.
Alternative programming languages, such as Java or Basic, allow source programs to be directly executed by an interpreter, bypassing the compilation step.
The programmer using a conventional or alternative programming language, or the application designer using a 4GL or a CASE tool, uses available programming tools such as objects, functions, diagrams, routines, and/or operation codes to translate a perceived or defined need into a programmed solution. The output program must be tested to determine if the program works as designed. The program is executed against data to verify the efficacy and accuracy of the program as executed. Herein both the programmer and the application designer are generally referred to as the programmer.
In the art of computer programming, the quickest and easiest part of programming is writing or generating the source program, while the most difficult and time-consuming part is making the program work correctly. The computer program needs to work correctly both initially and years later. Errors in programming result from a variety of sources. Sometimes the programming specifications are not complete or correct, resulting in errors and rewrites.
Also, the programmer's understanding or logic may not be correct. Frequently, the data processed by the program is not as anticipated. In addition, unanticipated error conditions increase the probability of program error or failure. Such conditions include human error resulting from operation and training inadequacies, hardware failures, and network problems resulting from the complex interaction of events at any moment of time in a company with hundreds or thousands of computer users.
When a program does not work properly or fails completely, it is essential to provide tools for quick, comprehensive analysis of the program's execution. In addition, tools that speed identification and resolution of any problems are needed. Tools that allow the source program to be quickly and easily understood and corrected are also desirable. These tools are helpful during initial testing by the programmer to increase programmer productivity, and to increase the quality and reliability of the program. These tools are crucially needed when the program fails or must be changed by a programmer who ~is totally unfamiliar with the source program while it is in production, often at a time of great stress, of economic loss to the company, and in a high-risk environment. The real-time program audit software of the present invention addresses these needs for virtually any source programming language, and is also applicable in 4GL and CASE
programming environments.
Programs purporting to audit the execution of themselves or other programs are found in the prior art.
These prior art programs lack the real-time nature of the current invention or are not as comprehensive in their auditing capabilities. The related art is represented by the following patents of interest.
U.S. Patent Number 5,559,884, issued on September 24, 1996 to Robert L. Davidson et al., discloses a method and system for generating and auditing a signature for executable modules. Davidson et al. do not suggest real-time program audit software according to the claimed invention.
U.S. Patent Number 5,574,898, issued on November 12, 1996 to David B. Leblang et al., discloses a data processing system and method which feature an object selector including an auditor for recording, as an audit record, which versions of objects are accessed by a processor during a data processing process. Each derived object is associated with an audit record. A system build process starts the auditor prior to executing commands which produce derived objects, and stops the auditor when those commands are completed. The process records any arbitrary sequence of commands. The invention of Leblang et al. is a CASE system and cannot be utilized with other programming languages or source programs, regardless of how they are generated. Also, the invention of Leblang et al.
audits which version of a file is being utilized; it is a CASE version control system. The program also generates a configuration record which provides a complete record of software builds which includes a listing of all source file versions used, versions of build tools, and all build options specified. Configuration records can then be compared by showing the differences between two builds of the same program. Other commands label the builds with version labels on object versions listed in the record.
The invention of Leblang et al. is designed to monitor the version of a software program, and the objects used within that software program, during the design of the program.
It is a tool to be used by computer programmers who are utilizing CASE tools to write a software program and, therefore, is not as useful as the present invention in that it is limited to CASE tool program design. Also, the invention of Leblang et al. is not useful for monitoring the execution of a program in a remote time after the creation of the program. The invention of Leblang et al.
is distinctly different from the present invention in that it was not designed to monitor the execution of a program utilizing any type of programming language; the current invention is designed to monitor any type of machine code as it executes. Leblang et al. do not suggest real-time program audit software according to the claimed invention.
U.S. Patent Number 5,754,763, issued on May 19, 1998 to Thomas W. Bereiter, shows a software auditing program which is designed to monitor the number of users who simultaneously invoke one or more application programs which occur in response to system management tasks. The auditing program therein counts the number of simultaneous invocations in order to determine whether an authorized number of copies of each program within the managed region has been exceeded. The protocol requires a dedicated license server. The sole purpose of the invention of Bereiter is to use a license server to identify violations of the licenses of an organization. The program therein does not audit any other activity nor does it aid in the actual execution of a program. It does not aid in the monitoring of program errors and trouble shooting during the execution of a program or system, as does the current invention. Bereiter does not suggest real-time program audit software according to the claimed invention.
U.S. Patent Number 5,794,252, issued on August 11, 1998 to Bruce W. Bailey et al., discloses a database management system which utilizes a remote duplicate database facility to monitor changes made to a database on a local system and to maintain a copy of that database on a remote system. The invention of Bailey et al. verifies data files making sure that the data or other file, relied upon by the user, is the most up-to-date file available.
The system verifies that the files are protected from 5 interruptions, errors, or failures in the computer operations. Bailey et al. protect database files and other files from being lost by creating a remote backup of those files as they are made and stored. Bailey et al. also make a record of the backups in order to verify that the most recent files are in use and are concurrent with the backup records. The invention of Bailey et al. is distinctly different from the current invention. Bailey et al.
protect or audit data files, while the current invention audits program executions. These are very distinct activities. Bailey et al. do not suggest real-time program audit software according to the claimed invention.
U.S. Patent Number 5,813,009, issued on September 22, 1998 to Judy J. Johnson et al., describes a computer based records management system which filters information to assure that record data units offered to the system for storage are complete and not redundant. These record data may originate from a variety of sources, such as electronic data, data scanned from paper, data digitally formed from audio, video, or otherwise formed as digital data information media. The goal of Johnson et al. is to provide a record keeping medium which eliminates the need for paper or microform record keeping. The system therein audits itself to assure that only the most up-to-date and accurate records are maintained. Johnson et al. provide . for record data unit tracking and audit trails in the event of any requirement for regulatory or legal compliance with discovery or other record unit requests. Johnson et al.
also permit reconstruction of the record units of an enterprise in the event of a catastrophic event. Johnson et al. audit storage files but not program execution and is, therefore, distinctly different from the present invention. Johnson et al. do not suggest real-time program audit software according to the claimed invention.
International Patent document WO 93/01550, published on January 21, 1993, discloses a method and system for recording the use of a licensed product, and for controlling its use. International '550 does not suggest real-time program audit software according to the claimed invention.
None of the above inventions and patents, taken either singularly or in combination, is seen to describe the instant invention as claimed. Thus, real-time program audit software solving the aforementioned problems is desired.
DISCLOSURE OF INVENTION
The current invention, real-time program audit software, is a software program, a method, and a system for generating source program audit statements which examine and verify program statements and data as the program executes. The audits generated by the real-time program audit provide real-time analysis of the execution of the program. The real-time program audit software may be used with any programming language that uses source program statements, whether the source statements are compiled into an executable object or are interpreted during program execution. Conventional source programs are selected for auditing based on an audit profile. The audit profile is customized for specific compile and initial execution options. The source program is expanded with the selected audit statements. The source program is compiled with a conventional language compiler. Program execution audits are based on the initial execution audit profile, customized execution audits, or dynamic audits specified during program execution. Program audit output is to a disk or print file, and is available for immediate online display or printing, or for expanded auditing analysis.
Expanded auditing analysis provides for extensive analysis of the real-time program audit output data from all audited programs based on the desired analysis, which includes program, user, date and time ranges, audit code prefixes, audited file, field, label, and any execution audited data value.
The real-time program audit software is a new approach to auditing the execution processing of programs of virtually any source programming language. The real-time program audit is basically a pre-compiler program that is specific for the type of programming language utilized. In other words, a different version of the real-time program audit software is required for each programming language compiler or interpreter utilized.
BRIEF DESCRIPTION OF THE DRAWINGS
Fig. 1A is a block diagram of the source program compile and initial execution audit functions program (Z$PGMOl).
Fig. 1B is a block diagram of the expansion of the conventional source program with audit statements program (Z$PGM02), and the conventional programming language compile of the expanded source program.
Fig. 2 is a block diagram of the program execution audit options program (Z$PGM03), including the modification of the initial execution audit options, and the conventional execution of the compiled program object with audit outputs.
Fig. 3 is a block diagram of the create or change options and run audit analysis options program (Z$PGM04), including the creation or change of audit analysis reporting options, and the processing of the audit analysis report.
Fig. 4 is a block diagram of the create or change options and run formatted audit analysis reporting options program (Z$PGM05), and the processing of the formatted audit analysis report.
Fig. 5 is a block diagram of the modify source program compile and initial execution audit options program (Z$PGM06), including the capability to undo all or selected audit source statements.

Fig. 6A is part of a flowchart of the pseudo-code for the create or change compile and initial execution audit options program (Z$PGMO1).

Fig. 6B is part of a flowchart of the pseudo-code for the create or change compile and initial execution audit options program (Z$PGMO1).

Fig. 6C is part of a flowchart of the pseudo-code for the create or change compile and initial execution audit options program (Z$PGMO1).

Fig. 6D is part of a flowchart of the pseudo-code for the create or change compile and initial execution audit options program (Z$PGMOl).

Fig. 7A is part of a flowchart of the pseudo-code for the create or change compile and initial execution audit options program (Z$PGMO1).

Fig. 7B is part of a flowchart of the pseudo-code for the create or change compile and initial execution audit options program (Z$PGMOl).

Fig. 7C is part of a flowchart of the pseudo-code for the create or change compile and initial execution audit options program (Z$PGMO1).

Fig. 8 is part of a flowchart of the pseudo-code for the create or change compile and initial execution audit options program (Z$PGM01).

Fig. 9A is part of a flowchart of the pseudo-code for the expand source program with audit sta tements program (Z$PGM02).

Fig. 9B is part of a flowchart of the pseudo-code for the expand source program with audit sta tements program (Z$PGM02) .

Fig. 9C is part of a flowchart of the pseudo-code for the expand source program with audit sta tements program (Z$PGM02).

Fig. 10A is part of a flowchart of the pseudo-code for the expand source program with audit sta tements program (Z$PGM02).
Fig. 10B is part of a flowchart of the pseudo-code for the expand source program with audit sta tements program (Z$PGM02).

Fig. 10C is part of a flowchart of the pseudo-code for the expand source program with audit sta tements program (Z$PGM02).

Fig. 11 is part of a flowchart of the pseudo-code for the expand source program with audit sta tements program (Z$PGM02).

Fig. 12A is part of a flowchart of the pseudo-code for the modify the initial execution audit options program (Z$PGM03). , Fig. 12B is part of a flowchart of the pseudo-code for the modify the initial execution audit options program (Z$PGM03).

Fig. 13A is part of a flowchart of the pseudo-code for the create or change options and run the audit analysis reporting program (Z$PGM04).

Fig. 13B is part of a flowchart of the pseudo-code for the create or change options and run the audit analysis reporting program (Z$PGM04).

Fig. 13C is part of a flowchart of the pseudo-code for the create or change options and run the audit analysis reporting program (Z$PGM04).

Fig. 14A is part of a flowchart of the pseudo-code for the create or change options and run the formatted audit analysis reporting program (Z$PGM05).

Fig. 14B is part of a flowchart of the pseudo-code for the create or change options and run the formatted audit analysis reporting program (Z$PGM05).

Fig. 14C is part of a flowchart of the pseudo-code for the create or change options and run the formatted audit analysis reporting program (Z$PGM05).

Fig. 15A is part of a flowchart of the pseudo-code for the modify source program compile'and itial execution in audit options program (Z$PGM06).

Fig. 15B is part of a flowchart of the pseudo-code for the modify source program compile and initial execution audit options program (Z$PGM06).
Fig. 15C is part of a flowchart of the pseudo-code for 5 the modify source program compile and initial execution audit options program (Z$PGM06).
Similar reference characters denote corresponding features consistently throughout the attached drawings.
BEST MODES FOR CARRYING OUT THE INVENTION
10 The present invention is real-time program audit software that is a software program, a method, and a system for generating source program audit statements which provide analyses of program statements and data as the source program executes. These audit statements provide for real-time analysis of the execution of the program.
The real-time program audit software is applicable to virtually any programming language that uses source program statements, whether the source statements are compiled into an executable object or are interpreted during program execution. Conventional source programs are selected for auditing based on an audit profile; the audit profile is customized for specific compile and initial execution options; the source program is expanded with the selected audit statements; and the source program is compiled with a conventional language compiler. Program execution audits are based on the initial execution audit profile, customized execution audits, or dynamic audits specified during program execution. Program audit output is to a disk or print file, and is available for immediate online display or printing, or for expanded auditing analysis.
Expanded auditing analysis provides for extensive analysis of the real-time program audit output data from all audited programs based on the desired analysis, which includes:
program, user, date and time ranges, audit code prefix, audited file, field, label, and any execution audited data value.
For purposes of the present application, it will be understood that the following definitions apply.
"Conventional programming language" is defined to be any artificial language that can be used to define a sequence of instructions that can ultimately be processed and executed by a computer; a translation process, from the source code expressed using the programming language to the machine code that the computer needs to work with, must be automated by means of a compiler. As used herein, the term "programming language" refers to any series of source codes regardless of whether the program statements are compiled or interpreted.
"Source code" is human-readable program statements written in a high-level or assembly language that are not directly readable by a computer.
A "source program" is the source code version of a program.
"Object code" is the code, generated by a compiler or an assembler, that was translated from the source code of a program. Object code generally refers to machine code that can be directly executed by the system's central processing unit, but it can also refer to assembly language source code or a variation of machine code.
An "interpreter" is a program that translates and then executes each statement in a program written in an interpreted language.
A "compiler" is any program that transforms one set of symbols into another by following a set of syntactic and semantic rules. Also, a compiler is a program that translates all the source code of a program written in a high-level language into object code prior to execution of the program. As used herein, "compiler" refers to both interpreter and compiler.
"Real-time" refers to a time frame wherein the computer responds to situations as they occur. The analyses which occur in the present invention occur at the rate at which the audited program is executed. Real-time operations are those in which the machine's activities match the human perception of time or those in which computer operations proceed at the same rate as a physical or external process.
"Operation code" is the portion of a machine language or assembly language instruction that specifies the type of instruction and the structure of the data on which it operates.
The term "validating" refers to accepting a pre-chosen variable or changing that variable to a preferred variable.
Variables include program language, conventional source program, and audit profile.
In a preferred embodiment, the present invention provides a method and system for generating computer source code audit statements from input source programs of virtually any commercial programming language. The generated audit source statements are inserted into a copy of the input source program (the conventional source program), become an integral part of the copied source program (the expanded source program), and are available for optional auditing at any time during program development, program testing, implementation, or in a production environment, without intervention by the programmer, or anyone else. The generated source code audit statements then may be utilized during the execution of the compiled program object, or execution of an interpreted source program, to provide a real-time audit of the detailed processing of the program against the data processed by the program. The resulting real-time audit output may be viewed online as the program execution takes place, or may be viewed later, both online or in printed audit analysis reports. Audits may be specified at up to ten levels, providing for no auditing, auditing of only key program functions, to very comprehensive auditing of virtually every executable instruction as it is executed, with all the data processed by the instruction. The level of auditing may be changed dynamically as the program is executing by using dynamic audits.
In addition, this invention provides for the insertion of source program documentation statements into the input conventional source program. ~ This provides comprehensive and useful program documentation not normally found in conventional source programs written by most commercial programmers, and not available in most commercial software products. The resulting expanded source program becomes much easier to read and comprehend, particularly for programmers unfamiliar with the program, and the resulting source program logic is much easier to understand by viewing the audit output of the actual processing being performed against the data being processed. The real-time program audit software provides a separate licensed implementation for each source programming language implementation supported. Thus, each programming language vendor compiler that supports specific language functions and operation codes could have a licensed implementation of the real-time program audit software which would support that specific language implementation. Each programming language requires a separate version of the real-time program audit software.
Fig. 1 shows a block diagram of the initial input and output files needed for the real-time program audit software. It shows the source program compile and initial execution audit functions used. The program module create or change compile and initial execution audit options program 100 handles the initial input/output files for the real-time program audit software. The create or change compile and initial execution audit options program 100 (Z$PGM01) allows the programmer to quickly and easily audit and document the conventional source program 27 or select additional audits for a previously expanded source program.
This program is a setup program for the expand input with audits program, the pre-compiler program 200 (Z$PGM02), and provides all the information and options needed to expand the source program with audit statements.
The select compile and initial execution audit options for program 100 represents the screen input. Here the programmer decides which files and additional information are to be audited by the real-time program audit software.
The operation code audit profile and master information file 21 contains an audit profile of virtually every operation code and file description format used by programmers in writing source programs in the vendor programming language implementation. The operation code audit profile and master information file 21 determines exactly how the operation code is to be audited, if selected for auditing, including all variable names and status codes used in the instruction. The profile also determines whether the audit is to be inserted before the source statement (as in branches), or after the source statement (as in file I/O). The operation code audit profile and master information file 21 contains the standard audit prefix code for the operation code, such as Z$R for READ and Z$W for WRITE.
The compile and initial execution audit profiles 23 master file contains a default compile audit profile, and a default initial execution audit profile for typical programming environments such as: initial compile, where comprehensive documentation would be appropriate; initial test, where audits of all file input and output would be appropriate; pilot implementation, where comprehensive auditing would be appropriate; and for production implementation, where selected auditing such as key event auditing may be appropriate. Production implementation auditing is critical for enhanced error correction and for auditing by internal and external auditors.
The data file names, attributes, keys, fields length, and types 25 master file contains all the necessary information about each file used in the source program to insert the audit and documentation statements into the expanded source program. This information is automatically generated by analyzing the compile listing output of the conventional input source program.
The conventional source program library 27 is the existing source program library in the programming language at the licensed customer site. Previously expanded conventional source program library files are included as a conventional source program library 27 because they are handled in the same manner as if unexpanded. Programs to 5 be expanded with audit and documentation statements should compile successfully before program expansion, including already expanded conventional programs. Conventional data files 29 are the existing data files used in the conventional source programs at the licensed customer site.
10 An appropriate audit profile is selected for the selected program name, together with an initial execution profile. The default audit profile, documentation options, and initial execution options may be utilized, or the profile options may be extensively modified for each 15 program file, operation code, field and label used in the conventional source program. In addition, the ability to bypass auditing of labeled subroutines or procedures that are specified by the programmer or for the entire installation is provided. This provides the ability to bypass the auditing for very repetitive routines such as date validation and field names defined as constants, which can greatly reduce the amount of audit output, allowing focus on key program processing routines. The selected compile audit options file 22 (Z$AUDITC), and the program file and field information file 24 (Z$AUDITM) are output, and used in the next program, the expand input with audits program, the pre-compiler program 200, to expand the source program with audit statements. The initial execution audit options file 26 (Z$AUDITO) is also output, and is used during program execution to create audit output. The selected compile audit options file 22 provides output which can also be used as shown in Fig. 2. This is denoted by the circled capital A. The initial execution audit options file 26 also provides output which can be used, as denoted by the circled capital B. Advanced and online review of output audits is also provided, by optionally displaying the source program variable names on a line above the actual audit data being executed. This optional review is available only if the expanded source program is online during review of the audit output file, which is normally the case. The ability to select and sequence virtually any file record (data) field when auditing file record processing is provided, as well as the ability to select and sequence virtually any (data) field. when auditing any label in the program. The ability to audit any changed (data) field in a specified labeled subroutine or procedure is provided, in addition to the ability to audit any specified (data) field, including auditing only when the field is changed.
The submit program to insert audit statements 28 represents screen input. Here the programmer decides whether to submit the conventional program to the expanded with audit statements by real-time program audit software.
The block diagram shown on Fig. 1A continues to Fig. 1B, as shown.
The expand input with audits program, the pre-compiler program 200 (Z$PGM02), provides a one-pass expansion of the input conventional source program 27, utilizing the selected compile audit options file 22, and program file and field information file 24 from the previous program.
This expand input with audits program 200 is the major module in this invention, and it may be considered to be a pre-compiler to the conventional programming language compiler 37. The expanded source program audit messages 31 are read into the pre-compiler program 200. Each conventional source statement read is examined for insertion of audit and/or documentation statements, using the selected options. Every data field for audited statements is audited, and a unique audit code is assigned to each audited statement, by suffixing the standard assigned audit prefix code with a sequential number starting with 001. Therefore, the first audited READ
statement would have an audit code of Z$R001. The pre-compiler program 200 is output to a separate expanded source program with selected audit statements library 33, leaving the input conventional source program unchanged.
Each of the audit statements are assigned a unique fifteen digit number to provide for a second level file of very detailed audit information for every audited source statement executed. This optional detailed auditing provides for auditing all of the one hundred RPG
indicators, and the command keys, and other key information at every audited statement executed in the expanded source program for RPG language implementations. Standard audit printer and disk file definitions are copied into the program, together with routines to initiate and change auditing during program execution. The pre-compiler program 200 also includes an express expand source option which utilizes default audit.options normally utilized by the programmer. This express expand option allows a programmer to key only the program name and then to press a command key to expand the input source program with real-time program audits. This express option is in addition to the option to fully customize the audits by file, record format, operation code, field, and program label.
The expanded source program with selected audit statements library 33 and the conventional (existing) program language compiler files 35 are read into the conventional programming language source program compiler 37. The conventional programming language source program compiler 37 compiles the expanded source program, producing an expanded executable program object with selected audits 32 having the compiled audit statements.
The conventional programming language source program compiler 37 also produces a program source compile listing with audit statements document 39. The source program compile listing may be utilized as the basis for creating real-time programming audit work files. The compile listing completely defines the program files, fields, labels, and operation codes including copybooks utilized in the source program. The expanded source program with selected audit statements library 33 and the expanded executable program object with selected audits 32 are also referred to in other block diagrams denoted by the circled capital letters. The expanded source program with selected audit statements library 33 is utilized in Fig. 5 as denoted by the circled capital C, and the expanded executable program object with selected audits 32 is utilized in Fig. 2 as denoted by the circled capital D. It is possible to include several commonly utilized levels of compilers in the same language implementation. For example, for IBM AS/400 RPG, both the RPGIII (RPG/400) and RPGIV (ILE RPG) can be provided in the same implementation.
For IBM AS/400 COBOL, both COBOL/400 and COBOL ILE can be provided in the same implementation.
Fig. 2 shows a block diagram of the program which is responsible for the execution of audit options . The modify initial execution audit options program 300 (Z~PGM03) allows the programmer to quickly and easily modify the selected initial execution options for compiled audit statements, even during program execution. The selected compile audit options file 22 is utilized by the modify initial execution audit options program 300. The modify initial execution audit options for program 41 represents screen input. Here the programmer decides whether to change the selections previously made pertaining to audit options for the program and to write these selections to the modify initial execution audit options program 300.
The modify initial execution audit options program 300 is the program that allows the dynamic modification of the auditing options and audit output as the program is in program execution, by modifying the initial execution audit options for program file 26 into the current execution audit options file 43. The initial/current execution audit options program is utilized to create the initial execution audit options for program file 26 and the current execution audit options file 43.
The current execution audit options file 43 and the 35~ expanded executable program object with selected audits file 32 are used in conventional program execution by the executable program object with selected audits 47. Data files used in the program conventional processing 45 also write to, and are written to, by the executable program object with selected audits 47. The output from the executable program object with selected audits 47 includes an audit execution analysis report 49 and an audit execution output file 42. The audit execution output file 42 is also used in Fig. 3 as denoted by the circled E.
Fig. 3 is a block diagram depicting the create or change options and run audit analysis reporting program 400, and includes the creation, change, and processing of audit analysis reporting options. The create or change options and run audit analysis reporting program 400 (Z$PGM04) allows the programmer or any authorized user to analyze the audit execution output file 42 (Z$AUDITF) information, if this file was output during program execution. The display or print execution audit analysis 51 screen display allows the user to decide which menus to choose. The requestor may select from a menu of audit analysis functions and create printed or displayed audit output or create formatted disk audit output 59 (Z$AUDITE) for further analysis. The create or change options and run audit analysis reporting program 400 (Z$PGM04) also produces an audit analysis reporting document 57 (Z$AUDITP). Alternatively, a display of audit analysis 55 may be produced. An audit analysis reporting options file 53 (Z$AUDITA) provides the ability to save and retrieve reporting options by a name assigned to the audit analysis request. Typical audit output would be for a specific job execution of the program, or by user, terminal, date, or time range. The printed and disk audit outputs may be viewed and scanned using standard system utility programs and available utility programs in real-time as the program executes, or later for error resolution or analysis.
Fig. 4 shows a block diagram of the create or change options and run formatted audit analysis reporting program 500 and the processing of the formatted audit analysis report 65. The display or print formatted audit analysis 61 screen display permits the user to select options for the create or change options and run formatted audit analysis reporting program 500 (Z$PGM05). The create or change options and run formatted audit analysis reporting program 500 (Z$PGM05) allows the programmer or 5 any authorized user to analyze the extracted audit execution file 59 (Z$AUDITE), if the extracted audit execution file 59 (Z$AUDITE) was output by the previous program. A formatted audit analysis reporting options file 63 (Z$AUDITS) provides the ability to save and 10 retrieve formatted reporting options by a name assigned to the formatted audit analysis request. The requestor may select from a menu of formatted audit analysis functions, presented by the display of formatted audit analysis 67, and create a printed audit output. The formatted audit 15 analysis reporting 65 allows the user to print audit analysis. Typical audit output would be for a specific application to selected transaction types over a range of dates and times. This focused audit output is most useful for internal and external auditors in verifying the 20 detailed computations, processing, and transactions behind more summary output. These detail transactions may be transient computations that otherwise would never have been written to disk and saved without the audits, and not available on any disk journal.
The modify compile and initial execution audit options program 600 (Z$PGM06) allows the programmer to undo or partially undo the previous expansion of source programs with audit statements, and therefore remove the expanded source program with selected audit statements file 33. The input/output to the modify compile and initial execution audit options program 600 is shown in the block diagram in Fig. 5. The expanded source program is read from the expanded source program library and contains the expanded source program with selected audit statements file 33. All audit and documentation statements are summarized and displayed to the programmer on screen by the modify compile and initial execution audit options for program 71 screen display. The programmer may then undo all or some of the auditing or documentation selections. The initial execution options for the program are similarly read, summarized, and displayed to allow the undoing of these selections. The source program may then be expanded with additional audit, documentation, and initial execution options with the expand input with audits program 200 using input/output that is very similar to that shown Fig. 1A, and the same files are frequently used, as shown by both Fig. 1A and Fig. 5. The block diagram shown in Fig. 5 flows to Fig. 1B in the exact same manner as does Fig. 1A.
The operation code audit profile and master information file 21 is utilized several times and is the same file throughout even though its position in the block diagrams are not identical. The source program may alternatively be left as a conventional program.
The pseudo-code for the create or change compile and initial execution audit options program 100 (Z$PGMO1) is shown in the flowchart depicted in Figs. 6A, 6B, 6C, 6D, 7A, 7B, 7C, and 8. The flowchart flows linearly from figure to figure as indicated. In particular, Fig. 6A
shows the initial selection on the screen display corresponding to the select compile and initial execution audit options program 20 shown in the block diagram of Fig. 1A. The initial display 101 shows the initial screen images. The initial display 101 prompts the user to enter the name of the conventional source program 27 and select the default compile audit profile from the compile and initial execution audit profiles 23 master file. The initial steps involve validating the selection of the program 102 to be audited from a display of conventional source programs 27 listed preferably in a library format, validating a selected program language 103 to determine that the program language is acceptable for auditing by the audit pre-compiler, and validating the entered audit profile 104 or allowing selection of the audit profile.
Fig. 6B includes the steps of retrieving and saving operation codes 105,106,107. Retrieving and saving the default audit profile operation codes and the default initial execution audit options 105 are executed at this time. This step 105 includes retrieving and saving the default audit profile operation codes which are to be audited and the default initial execution audit options for the selected audit profile. The next step 106 involves retrieving and matching the operation codes to be audited..
The selected program source operation code is retrieved and matched to the default audit profile operation code used.
The selected operation codes are to be audited unless deselected subsequently during execution of the real-time program audit software. Next is the step 107 of saving the programs unselected operation codes. This step 107 involves saving the program operation codes which are actually used in the program but are not selected for auditing in the default audit profile. These saved program operation codes may be selected for additional auditing later during the execution of the real-time program audit software.
As shown in Fig. 6C, the steps 108,109,110 involve the matching of program operation codes used by the conventional source program 27 but not in the default audit profile with the master list of all operation codes valid for auditing. Also saved are any program operation codes used by the program but that are not valid for auditing, for later optional display 108. Also shown is the step 109 of retrieving or creating the data file names, attributes, keys, fields, lengths, types 25 master file for each file used. The next step 110 creates a cross reference which involves creating a separate file and field label files on a disk with one keyed record per file. This step 110 creates the program file and field information file 24; it creates a keyed record per field including program defined constants and internally described file fields.
As shown in Fig. 6D, the next step 111 deletes all unreferenced fields that are not actually utilized in the conventional program from the program file and field information file 24. This step 111 deletes all unreferenced fields which are not used from the disk cross reference file. The next step 112 displays a menu of the functions specified in the selected audit profile and allows the selection of the menu items for auditing profile overrides. These menu options are grouped by files, operation codes, and fields. The next step 113 allows a command key to be pressed to accept the audit profile options as displayed. This creates the selected compile audit options file 22 and the initial execution audit options file 26. An option is provided for submitting the source program directly to the basic audit pre-compiler program for insertion of the auditing statements utilizing the submit program function.
As shown in Fig. 7A, alternatively to submitting the source program to the basic audit pre-compiler program, a step 114 is provided which enables the user to display the menu options in order to override the default audit options for the program. The menu override options include: Files, Operation codes, Fields and Labels, and initial execution options . If the override option File is chosen 115, the display will show a summary of the file and audit status utilized. Step 116 enables a user to select or deselect files for auditing, to modify auditing levels, and to permit a command key to display a second line with each operation code used by the file and its auditing status.
Fig. 7B shows selections 117,118,119 pertaining to auditing the operation codes. Step 117 enables the programmer to select (or unselect) to audit each operation code used in each file, and to determine the auditing level. It is important to emphasize that all key fields used in the audited file's operation codes will be audited automatically. The programmer may also select additional non-key fields for automatic auditing. If the programmer chooses to use operation code overrides, step 118 displays each operation code. The display will include the auditing status of the operation code and the level of auditing selected. It will show the assigned audit code prefix and apparent duplicate field names. Step 119 enables the programmer to select (or unselect) each operation code used for auditing, the auditing level, and to change previously assigned audit prefix codes. Fields used in non-file audited operation codes will be audited automatically.
Audit prefix codes will be suffixed in the pre-compiler program 200 to uniquely identify an audit point.
Fig. 7C shows additional audit options 120,121,122,123,124. When utilizing the Field or Label overrides, as shown in step 120, a display of each Field and Label used in the program is shown as a single line on a Field summary screen, and a display of the auditing status and which of the ten levels of auditing of each Field and Label used in the program is also shown.
Step 121 enables the programmer to select (or unselect) each Field or Label used for auditing, to modify the audit levels, and to allow auditing when a field is used or is modified. When the programmer chooses to select the Initial Execution overrides, step 122 displays the default initial execution profile options. The execution options may be modified and the auditing level may be changed from level 0 to level 9. Note that level 0 has no initial program execution auditing. Step 123 requires the programmer to validate all default profile and override entries. Error messages are displayed as required, wherein the programmer accepts and revalidates input until all input is correct. Step 124 provides a command key which may be utilized to exit the program and to submit the source program for expansion of the auditing statements.
Fig. 8 shows the output for the create or change compile and initial execution audit options program 100.
Upon pressing a command key to submit the source program for expansion, step 125 formats and creates the output files required for the program to be utilized in expanding the conventional source code with audit statements. As shown in step 126, the output files which are produced include selected basic audit compile options for source program expansion to the selected compile audit options file 22, program file information, key fields information and field cross reference for source program expansion to the program file and field information file 24, and basic audit initial execution options for the object (executable) program to the initial execution audit options for program file 26. Step 127 prints a summary of the audit options, 5 the program's initial execution options, informational messages, warning messages, error messages, counts of the input conventional source statements, files, fields, and labels used. Step 128 displays a message that the source program has been submitted for expansion of the auditing 10 statements. The last step 129 returns to the calling program. The steps required to create or change compile and initial execution audit options are complete. The create or change compile and initial execution audit options program 100 has been executed fully.
15 _ The flowchart for the pseudo-code for the expand input with audits program, the pre-compiler program 200 (Z$PGM02), is shown in Figs. 9A, 9B, 9C, 10A, 10B, 10C, and 11. The first four steps 201,202,203,204 in the pre-compiler program 200 are depicted in Fig. 9A. In the 20 first step 201, the pre-compiler program 200 reads and stores the selected audit compile options which were created by the create or change compile and initial execution audit options program 100. Additional information for the expansion of the conventional source 25 program is stored in the operation code audit profile and master information files 21. In the next step 202, the pre-compiler program 200 reads and stores the program file information, the key fields information, and the field cross reference information that were created by the create or change compile and initial execution audit options program 100. In step 203, the pre-compiler program 200 reads the conventional (existing) source statements for the program from the conventional source program 27 library, and in a single pass of the conventional source program statements, expands the source by inserting the basic audit source statements and expanded documentation statements.
In step 204 the pre-compiler program 200 determines if expanded documentation is selected. For each file used, comment lines are created with the full file name and a list of the file field names used in the file key.
Auditing may be limited to only expanded source program documentation.
Fig. 9B shows the auditing to disk selections 205,206 for the pre-compiler program 200. If the programmer has selected the option 205 to audit operation codes or data fields to disk, then the programmer must insert the File description source statements for the audit execution output file 42 into the source program statements. Audit execution output file 42 source statements are copied from the audit master information. Related files, records, fields, and standard processing routines for this function are also copied. All audit disk output will be written to the audit execution output file 42 disk. Alternatively, the programmer may select option 206, to effect the basic auditing of operation codes or data fields to disk.. In this case, the programmer must insert the file description source statements for the audit execution output file 42 into the source program statements. The program copies the current execution audit options file 43 source statements from the audit master information. Also, the program copies related file, record, field, and standard processing routines for this function. The current execution audit options file 43 is the audit execution options disk files which controls which of the audit options are active during program execution.
As shown in Fig. 9C, if the programmer has selected option 205 to audit operation codes or data fields to disk, and then selects option 207, the programmer inserts the file description source statements for the audit execution analysis printer file into the source program statements.
The program copies the audit execution analysis report 49 file source statements from the audit master information and copies related files, records, field information, and processing routines for this function. This print record output is formatted in a manner similar to the previous disk record output. The audit execution analysis report 49 printer file provides real-time analysis of audit output during program execution from a printer spool file. This output is for that specific program execution, for only that specific user, and for only that job. In step 208, the auditing and/or documentation options selected in the previous program, the create or change compile and initial execution audit options program 100, for each executable source statement read are determined. This determination involves consideration of the statement operation code, the statement variable names, and the conditions, such as indicators or switches. The auditing and/or documentation source statements are inserted using the audit operation code profile for the source statements being processed.
The resulting audits may be output to disk via the audit analysis reporting options 53 file and/or to a printer via the audit analysis reporting 57 program based on selections in the create or change compile and initial execution audit options program 100.
The flowchart of the pseudo-code for the expand input with audits program, the pre-compiler, is continued in Fig. 10A. As shown in step 209, a unique audit name for the audited source statement is generated for each source statement to be expanded with audit statements. In assigning a unique audit name, the assigned three character audit prefix code for the operation code from the create or change compile and initial execution audit options program 100 is utilized. The audit prefix code is suffixed with a three digit sequential number each time the operation code is used in the source program. This method results in a unique identifier for every source statement audited during the execution of the program and the audited variable names identify the data being processed. As shown in step 210, changes to the conventional (existing) source statements can occur only if a branch is made to a statement label, and auditing is selected to audit the branch to that label, which results in an audit statement that is inserted at the label statement. These changes are normally made only to the copies of the expanded source program.
The flowchart of the pseudo-code for the expanded input with audits program, the pre-compiler program 200, is continued in Fig. 10B. In step 211, the audit operation code profile for the source statement being processed inserts documentation comment statements for each source statement expanded. In step 212, the entire expanded source program results are output to an expanded source program library. A new source program is created in an expanded source program library with the same program name.
The entire input conventional source program is written to the expanded source program library including the inserted audit and documentation statements. The input conventional source library remains unchanged. In step 213, the inserted audit and documentation source statements and the input of conventional program source statements are counted by program source statements and comment statements. Also, audit and documentation expansion statement errors, if any, are counted by error types.
The flowchart of the pseudo-code for the expand input with audits program, the pre-compiler program 200, is continued in Fig. 10C. In step 214, the expanded source program audit messages 31 printer file is utilized to print an expanded source program audit messages report. Needed audit expansion or documentation messages may then be printed. The counts of input program source statements and comment statements, and the counts of the inserted audit and documentation program source and comment statements are printed at the end of the basic audit source program expansion. The elapsed time of the execution of the audit source program expansion program is also printed.
In step 215, if the expand source program with audits is successful, then the expanded source program is allowed to be submitted to the conventional programming language source program compiler 37. An executable program object with the basic audit functions in an expanded program object library is created by successful expanded source program compilation. The output conventional object library remains unchanged, which allows program execution to be performed by the object program either before or after basic audit source program expansion. Successful S completion of the expand source program with audits means that no significant errors are detected, and inserted basic audit source statements should compile successfully in the conventional language compile of the expanded source program.
The flowchart of the pseudo-code for the expand input with audits program, the pre-compiler program 200, is continued in Fig. 11. In step 216, in the event that the expanded source program with audits is unsuccessful, then an error severity code is returned. The error severity code for the job is similar to the error severity code returned by conventional language compilers. In step 217, once the pre-compiler program 200 is finished, the program is exited and returned to the calling program.
The flowchart of the pseudo-code for the modify initial execution audit options program 300 (Z$PGM03) is depicted in Figs. 12A and 12B. The modify initial execution audit options program 300 is the program that allows the dynamic modification of the auditing options.
The first step 301 is to input the name of the conventional source program 27 by entering the name when prompted by the initial display screen, the modify initial execution audit options for program 41. It is important to note that the program execution options for a program may be changed while the program object is executing when confirmed later during the execution of modify initial execution audit options program 300. Step 302 requires the programmer to validate that the modify initial execution audit options program 300 has selected the audit compile options in the selected compile audit options file 22. Only those audit options which have been used to expand the source program may be selected or modified for and during object program execution. Step 303 retrieves any initial or current initial execution options for the program from the initial execution options for program file 26 (Z$AUDITO), together with the compile audit options for the program from the selected compile audit options file 22 (Z$AUDITC).
Step 304 displays the initial or current program execution 5 audit options and all of the compile audit options are displayed. Step 305 allows all the compile options to be turned on or off as execution options, and allows for the ten auditing levels to be changed.
Step 306 causes the current execution audit options 10 for the program to be updated to the current execution audit options file 43 (Z$AUDITO). The changed execution audit options will take effect immediately if the program is being executed. Step 307 enables a command key to be used to confirm that the audit execution options are 15 complete and may be used for current auditing. It is indicated that the execution audit options have been changed for the program in the current execution audit options file 43 (Z$AUDITO), so that if the program is currently executing, and no auditing is taking place, the 20 program is to start auditing with the current execution options. In step 308, a command key is used to end the modify initial execution audit options program 300. In step 309, the calling program is returned to once the modify initial execution audit options program 300 ends.
25 Figs. 13A, 13B, and 13C are a flowchart of the pseudo-code for the create or change options and run audit analysis reporting program 400 (Z$PGM04). In step 401 the initial screen is displayed. This display or print execution audit analysis 51 screen display provides for the 30 selection of the desired audit analysis function. Audit analysis reporting is provided for using a selection capability from a menu of functions. Output provided by the selection includes printing of audit execution output file information and creation of extracted audit execution output file information for formatted reporting. The printed and disk input and output may be viewed and scanned online using standard system utility programs and available utility programs. An option 402 is provided which allows for the entry of an audit analysis report name or the selection of a name from a display of existing audit analysis report names. The audit report name provides the ability to save previously entered audit report parameters for use again in the same, or a similar, audit analysis report. In step 403, when a new audit analysis report name is entered, a menu for audit analysis reporting selection options which allows the selection of the form of output is provided. The selection of the desired audit execution output file information is also provided. Selection parameters include all keyed fields of the audit output file including Job, Program, User, Terminal, Date, and Time.
As shown in step 404, when an existing audit analysis report name is entered, the create or change options and run audit analysis reporting program 400 retrieves the existing options for the audit analysis report name from the analysis reporting options file 53. The same menu of audit analysis reporting selection options is provided and indicates which options were previously selected. The same selection options that were available when creating a new audit analysis name are allowed. Step 405 provides a command key which allows exiting the program without updates. All selections are validated and, when there are no errors, a command key to save the audit analysis selected options to the analysis reporting options file 53 is provided by the entered audit analysis report name.
Step 406 provides a command key to allow the audit analysis report to be run.
As shown in step 407, if the audit analysis report is to be run, the selected audit analysis report options are processed against the audit execution output file 42 (Z$AUDITF) to produce the desired printer file (Z$AUDITP), and/or the formatted disk file (Z$AUDITE) output. Step 408 provides a command key to end the program, and step 409 returns to the calling program.
Figs. 14A, 14B, and 14C are a flowchart of the pseudo-code for the create or change options and run formatted audit analysis reporting program 500 (Z$PGM05).
In step 501, the initial screen is displayed providing for the selection of the desired formatted audit analysis functions. The formatted audit analysis reporting using a selection capability from a menu of selection and formatting functions is provided. It is important to note that printed and disk input and output may be~ viewed and scanned online using standard system utility programs and available utility programs. In step 502, the entry of a formatted audit analysis report name or the selection of a name from a display of existing formatted audit analysis report names is allowed. The formatted audit report name provides the ability to save previously entered formatted audit report parameters for use again in the same or similar formatted audit analysis report. In step 503, if a new formatted audit analysis report name is entered, a menu of formatted audit analysis reporting selection options is provided which allows for the selection of the form of output and for the selection for the desired extracted audit execution file information. The selection parameters include all keyed fields of the extracted audit execution formatted file including Job, Program, User, Terminal, Date, Time, and other parameters selected when the file was formatted.
In step 504, if an existing formatted audit analysis report name is entered, the existing options for the formatted audit analysis report name are retrieved from the formatted audit analysis reporting options file 63. The same menu of formatted audit analysis reporting selection options are provided and the options which were previously selected are indicated. The same selection options that were available when creating a new formatted audit analysis name are allowed. In step 505 a command key is provided to allow exiting the program without updates, all selections are validated, and when there are no errors, another command key is provided to save the formatted audit analysis selected options to the formatted audit analysis reporting options file 63 (Z$AUDITS) by the entered formatted audit analysis report name. Step 506 provides a command key to allow the formatted audit analysis report to be run.
In step 507, if the formatted audit analysis report is to be run, then the selected formatted audit analysis report options are processed against the extracted audit execution formatted file (Z$AUDITE) to produce the desired display or printer file (Z$AUDITR) of the formatted audit analysis reporting 65. Step 508 provides a command key to end the program and step 509 returns to the calling program.
Figs. 15A, 15B, and 15C are a flowchart of the pseudo-code for the modify compile and initial execution audit options program 600. In step 601, the initial screen is displayed and the program allows a name to be entered.
This program is utilized to input previously expanded source programs and to allow the removal of all or selected audit source statements. This allows the complete undoing of the expanded source audit statements back to the original conventional input source program, or the partial undoing of the expanded source audit statements. The program may then be expanded with additional audit statements. In step 602, the expanded source program is retrieved from the expanded source program library into a work file, the source program is scanned for all audit statements, and the audit functions are summarized in the same display as used in the create or change compile and initial execution audit options program. In step 603, the audit functions in the expanded source program are displayed, and any or all of the audit functions are allowed to be removed from the work file of the input expanded source program.
In step 604, the initial (current) execution options are retrieved and displayed for the expanded source program from the initial execution audit options file 26 (Z$AUDITO). Any or all of the initial execution audit options are allowed to be removed (undone). Step 605 provides a command key to allow exiting the program without updates, all selections are validated, and when there are no errors, a command key is provided to save. the source program f rom the work file back into the expanded source program library. Any changes to the initial execution is updated to the initial execution audit options for program file 26. Step 606 produces a variety of printouts. A
summary of the auditing options removed and the audit options remaining in the expanded source program are printed. Informational, warning, and error messages are printed as required, including counts of the input and output source statements.
Step 607 provides a command key to call the create or change compile and initial execution audit options program to allow additional audit functions to be selected.
Step 608 provides a command key to end the program, and step 609 returns to the calling program.
The invention utilizes the expanded source program and the audit statements as the basis for analysis of the program execution audit output. The invention provides for more rapid understanding and correction of errors, problems, or programming logic than is possible with the conventional source program. The source program is expanded with standard comprehensive program documentation.
Examples of the documentation provided are file names, file keys, and call program names. This expansion results in source programs being significantly faster to write and test by the original programmer. Also, the program is much easier to read and understand by programmers unfamiliar with it, and therefore programmers can more easily modify the program.
The invention provides default audit compile profiles which provide for typical auditing environments such as first program test audits, completed program test audits, pilot production audits, and production environment audits.
The default audit profiles simplify the process of selecting auditing options to be included in the expanded source program. The invention allows a selected audit profile to be modified for the selected program and used when the conventional source program is expanded with audit statements.
The invention allows virtually any executable source program statement to be audited. The invention also allows 5 virtually any file in the source program to be audited, together with desired file operation codes, and the data for all key fields used in the audited file operations.
The invention provides ten levels of auditing which may be dynamically changed during program execution. Any 10 executable operation code may be audited together with all fields referenced in each audited statement. Also, the invention provides standard audit operation code audit prefix codes beginning with the characters Z$, and with a suffix code unique to the operation code.
15 The invention allows virtually any field or label used in the source program to be audited when either referenced or modified, together with the data value of each audited field. Also, the invention provides select and omit functions which qualify the auditing of operation codes by 20 field name(s).
The invention provides program default initial execution profiles, which are provided for typical initial execution environments, such as first program test, completed program test, pilot production, and production 25 environment. The default initial execution profiles simplify the process of auditing the execution of programs by providing frequently selected audit execution options.
The invention allows a selected execution profile to be modified for the selected program and used during the 30 execution of the program.
The invention provides for dynamic modification of program auditing during program execution by changing execution auditing options, or turning auditing on or off completely. Audits must have been previously selected for 35 potential audit and included in the expanded source program.
The invention optionally outputs audit data to a disk, and provides for the retention of the audit data for both test and production environments. The invention also provides an audit database in date and time sequences from all audited programs. This provides for analysis of audited statements across all audited programs by date and time sequence. The analysis may include program, user, date and time range, audit code prefix, file, field, label, and/or any execution audited data value. The invention provides formatted audit reporting of historical audit information for use by internal and external auditors at a level of detail and auditability not possible previously.
The invention reduces the cost of developing and maintaining source programs by significantly reducing the skills and training needed by programmers, and reduces much of the risk involved in implementing and maintaining programs. The invention also reduces the number of programmers required to develop and maintain programs.
The invention provides the real-time detailed audit information needed for advanced event detection and event action software functions. This may be advantageous in a large variety of computer operation settings and is particularly useful with multiple programmers and users that are utilizing the same programming language on the same compiler on a remote computer.
It is to be understood that the present invention is not limited to the embodiments described above, but encompasses any and all embodiments within the scope of the following claims.

Claims (12)

I claim:
1. A program storage device readable by a machine tangibly embodying a program of instruction executable by the machine to perform method steps for generating source program audit statements which provide analyses of program statements and data as a source program executes, said method steps comprising:
reading a predetermined set of audit compile options;
storing the predetermined set of audit compile options;
reading an application program's program file information, key fields information, and field cross reference information;
storing the program file information, key fields information, and field cross reference information;
reading the application program's source program statements for the program from a source program library;
creating comment lines with a full file name;
listing a plurality of file field names as used in the key fields;
inserting a plurality of file description source statements for an audit execution output file into the application program's source program statements;
inserting the file description source statements for the audit execution options file into the application program's source program statements;
inserting the file description source statements for an audit execution analysis printer file into the application program's source program statements;
determining a plurality of auditing/documentation options selected in a previous version of the application program for each source statement;
generating a unique audit name for each application program source statement;
inserting an audit statement at a statement label where a branch is made to the statement label;

inserting a plurality of documentation comment statements using an audit operation code profile for each source statement;
outputting an entire expanded source program to an expanded source program library;
counting a plurality of inserted audit and documentation source statements by application program source statements and comment statements;
printing an expanded source program audit messages report;
allowing optional submission of the expanded source program to a conventional language compiler;
returning an error severity code for a job if expanding the source program is unsuccessful;
exiting the program; and, returning to a calling program.
2. The method steps according to claim 1, further comprising the steps of:
selecting a program name and a default compile audit profile;
validating selection of a program, program language, and audit profile;
retrieving a plurality of default audit profile operation codes and a plurality of default initial execution audit options;
saving the default audit profile operation codes and the default initial execution audit options;
retrieving an application program's source operation code;
matching the program source operation code to the default audit profile operation code;
saving the program's unselected operation codes;
matching program operation codes not selected to a master list of operation codes;
saving the program operation codes not matched;

retrieving or creating a data file names, attributes, keys, and field length types master file for each file used;
creating a program file and field information file;
deleting all unreferenced fields;
displaying a menu of any functions specified. in the selected audit profile;
selecting a plurality of menu items from said menu for auditing profile overrides;
accepting the audit profile options as displayed;
submitting the source program to a basic audit pre-compiler;
selecting display of said menu items in order to override the default audit options;
overriding the default audit options utilizing a display menu item;
displaying a file summary;
selecting a plurality of files for auditing and auditing levels to be modified;
permitting a command key to display a second line with each operation code used by each file and its auditing status;
selecting to audit each operation code used in each file;
determining an auditing level;
displaying an auditing status of the operation code, the level of auditing selected and an audit code prefix and apparent duplicate field names;
selecting an audit of each operation code used and an auditing level;
changing previously assigned audit prefix codes;
suffixing audit prefix codes;
displaying of each field and label used in the program;
displaying the auditing status and level;
submitting the source program for expansion of a plurality of auditing statements;
creating a plurality of formatted output files;

printing a summary of the audit options, the program's initial execution options, and a plurality of informational, warning and error messages, counts of the input conventional source statements, files, fields, and labels as outputs;
displaying a message that the source program has been submitted; and, returning to the calling program.
3. The method steps according to claim 1, further comprising the steps of:
displaying an initial screen;
allowing an application program name to be entered;
validating that the real-time program has selected audit compile options;
retrieving execution and compile audit options for the application program;
displaying the application program execution audit and compile audit options;
allowing all compile audit options for the application program to be turned on or off as execution options and change of auditing levels;
updating the current execution audit options for the application program;
confirming that the audit execution options are complete and may be used for current auditing;
indicating that the execution audit options have been changed for the application program;
starting auditing with the current execution options;
allowing a command key to end the application program;
and, returning to the calling program.
4. The method steps according to claim 1, further comprising the steps of:
displaying an initial screen;
printing audit execution output file information;

creating extracted audit execution output file information for formatted reporting;
allowing the entry and selection of an audit analysis report name;
providing a menu of audit analysis reporting selection options;
retrieving a plurality of existing options for the audit analysis report name;
providing a command key to allow exiting the program without updates;
validating all selections;
saving the audit analysis selected options;
providing a command key to allow the audit analysis report to run;
processing the selected audit analysis report options;
providing a command key to end the program; and returning to calling program.
5. The method steps according to claim 1, further comprising the steps of:
displaying an initial screen;
allowing entry and selection of a formatted audit analysis report name;
providing a menu of formatted audit analysis reporting selection options;
retrieving a plurality of existing options for the formatted audit analysis report name;
providing a command key to allow exiting the program without updates;
validating all selections;
providing a command key to allow the formatted audit analysis report to be run;
processing the selected formatted audit analysis report options;
providing a command key to end the program; and, returning to the calling program.
6. The method steps according to claim 1, further comprising the steps of:
displaying an initial screen;
allowing a program name to be entered;
retrieving the expanded source program from the expanded source program library into a work file;
displaying the audit functions in the expanded source program;
allowing the audit functions to be removed from the work file of the input expanded source program;
retrieving the execution options for the expanded source program;
allowing execution audit options to be removed;
providing a command key to allow exiting the program without updates;
validating all selections;
providing a command key to save the source program from the work file back into the expanded source program library;
updating any changes to the initial execution;
printing a summary of the auditing options removed and the audit options remaining in the expanded source program;
printing informational, warning and error messages;
providing a command key to call the create or change compile and initial execution audit options program;
allowing additional audit functions to be selected;
providing a command key to end the program; and, returning to the calling program.
7. A computer usable medium having computer readable program code means embodied therein for generating source program audit statements which provide analyses of program statements and data as a source program executes, said program code means comprising:
computer readable program code means for auditing the execution of every program statement selected for auditing in real-time;

computer readable program code means for including all field names used in audited source statements and their data values at program execution;
computer readable program code means for including date and time in an audit;
computer readable program code means for providing real-time online review and analysis of an audit;
computer readable program code means for providing real-time printing of an audit for off-line review and analysis; and, computer readable program code means for expanding an input source program with audit statements;
wherein the computer readable program code means for expanding an input source program with audit statements includes:
computer readable program code means for reading the input source program's program statements;
computer readable program code means for inserting the audit statements into the input source program's source program statements, thereby generating an expanded source program; and computer readable program code means for outputting the expanded source program.
8. The computer usable medium according to claim 7, further comprising program code means comprising:
computer readable program code means for utilizing the expanded source program and the audit statements as the basis for analysis of a program execution audit output;
computer readable program code means for providing default audit compile profiles which provide for auditing environments, completed program test audits, pilot production audits, and production environment audits;
computer readable program code means for allowing virtually any executable source program statement to be audited;
computer readable program code means for allowing virtually any file in a source program to be audited, together with desired file operation codes, and the data for all key fields used in the audited file operations;
computer readable program code means for providing ten levels of auditing which may be dynamically changed during program execution;
computer readable program code means allowing any executable operation code to be audited together with all fields referenced in each audited statement; and, computer readable program code means providing audit operation code audit prefix codes beginning with the characters Z$, and with a suffix code unique to a particular operation code.
9. The computer usable medium according to claim 7, further comprising program code means comprising:
computer readable program code means for allowing virtually any field or label used in a source program to be audited when either referenced or modified, together with the data value of each audited field;
computer readable program code means for providing select and omit functions which qualify the auditing of operation codes by field names;
computer readable program code means for providing program default initial execution profiles; and, computer readable program code means for providing dynamic modification of program auditing during program execution by changing execution auditing options, or by turning auditing on or off completely.
10. A computer system for generating source program audit statements which provide analyses of program statements and data as a source program executes, wherein said computer system comprises:
a processor, a memory coupled to said processor;
registers coupled to said processor;

a computer readable medium coupled to said memory, said computer usable medium having computer readable program code means embodied therein for generating source program audit statements which provide analyses of program statements and data as a source program executes, said program code means comprising:
computer readable program code means for auditing the execution of every program statement selected for auditing in real-time;
computer readable program code means for including all field names used in audited source statements and their data values at program execution;
computer readable program code means for including date and time in an audit;
computer readable program code means for providing real-time online review and analysis of an audit;
computer readable program code means for providing real-time printing of an audit for off-line review and analysis; and, computer readable program code means for expanding an input source program with audit statements;
wherein the computer readable program code means for expanding an input source program with audit statements includes:
computer readable program code means for reading the input source program's program statements;
computer readable program code means for inserting the audit statements into the input source program's source program statements, thereby generating an expanded source program; and computer readable program code means for outputting the expanded source program.
11. The computer system according to claim 10, wherein said program code means further comprises:
computer readable program code means for utilizing the expanded source program and the audit statements as the basis for analysis of a program execution audit output;

computer readable program code means for providing default audit compile profiles which provide for auditing environments, completed program test audits, pilot production audits, and production environment audits;
computer readable program code means for allowing virtually any executable source program statement to be audited;
computer readable program code means for allowing virtually any file in a source program to be audited, together with desired file operation codes, and the data for all key fields used in the audited file operations;
computer readable program code means for providing ten levels of auditing which may be dynamically changed during program execution;
computer readable program code means allowing any executable operation code to be audited together with all fields referenced in each audited statement; and, computer readable program code means providing audit operation code audit prefix codes beginning with the characters Z$, and with a suffix code unique to a particular operation code.
12. The computer system according to claim 10, wherein said program code means further comprises:
computer readable program code means for allowing virtually any field or label used in a source program to be audited when either referenced or modified, together with the data value of each audited field;
computer readable program code means for providing select and omit functions which qualify the auditing of operation codes by field names;
computer readable program code means for providing program default initial execution profiles; and, computer readable program code means for providing dynamic modification of program auditing during program execution by changing execution auditing options, or by turning auditing on or off completely.
CA002385433A 1999-09-20 2000-07-11 Real-time program audit software Abandoned CA2385433A1 (en)

Applications Claiming Priority (5)

Application Number Priority Date Filing Date Title
US39831099A 1999-09-20 1999-09-20
US09/398,310 1999-09-20
US09/611,210 2000-07-06
US09/611,210 US6775827B1 (en) 1999-09-20 2000-07-06 Real-time program audit software
PCT/US2000/018816 WO2001022644A2 (en) 1999-09-20 2000-07-11 Real-time program audit software

Publications (1)

Publication Number Publication Date
CA2385433A1 true CA2385433A1 (en) 2001-03-29

Family

ID=27016203

Family Applications (1)

Application Number Title Priority Date Filing Date
CA002385433A Abandoned CA2385433A1 (en) 1999-09-20 2000-07-11 Real-time program audit software

Country Status (4)

Country Link
EP (1) EP1354270A4 (en)
AU (1) AU778165B2 (en)
CA (1) CA2385433A1 (en)
WO (1) WO2001022644A2 (en)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CA2347647A1 (en) 2001-05-15 2002-11-15 Ibm Canada Limited-Ibm Canada Limitee Storing and restoring snapshots of a computer process
US7953688B2 (en) 2007-05-08 2011-05-31 Sharon Sadeh Method and system for facilitating a compliance audit using a rule set
CN112732640B (en) * 2020-12-28 2023-07-25 杭州迪普科技股份有限公司 Method and device for detecting leakage of file descriptor

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6011920A (en) * 1995-04-05 2000-01-04 International Business Machines Corporation Method and apparatus for debugging applications on a personality neutral debugger
JP3290567B2 (en) * 1995-08-24 2002-06-10 富士通株式会社 Profile instrumentation method
US5771385A (en) * 1996-03-29 1998-06-23 Sun Microsystems, Inc. Setting and getting system debug flags by name at runtime
JPH1063550A (en) * 1996-08-23 1998-03-06 Fujitsu Ltd Executing performance analytic display method and medium stored with program executing the method
US6071316A (en) * 1997-09-29 2000-06-06 Honeywell Inc. Automated validation and verification of computer software

Also Published As

Publication number Publication date
WO2001022644A2 (en) 2001-03-29
WO2001022644A3 (en) 2003-08-28
EP1354270A2 (en) 2003-10-22
AU778165B2 (en) 2004-11-18
AU6208800A (en) 2001-04-24
EP1354270A4 (en) 2004-09-15

Similar Documents

Publication Publication Date Title
US6775827B1 (en) Real-time program audit software
AU728009B2 (en) System and method for generating year 2000 test cases
US8296734B2 (en) System and method for testing a software product
US7555749B2 (en) Software updating system and method
US7475289B2 (en) Test manager
US5446653A (en) Rule based document generation system
US5452449A (en) Interactive multi-module source code analyzer that matches and expands call and entry statement parameters
US5812436A (en) Method and apparatus for testing and analyzing the conformance of a proposed set of requirements for a proposed network management application
US6421822B1 (en) Graphical user interface for developing test cases using a test object library
US8694965B2 (en) Generating customized documentation for a software product
EP2492815A1 (en) A computer implemented system and method for indexing and optionally annotating use cases and generating test scenarios therefrom
US20020029377A1 (en) System and method for developing test cases using a test object library
US6757889B1 (en) Source program checking device and program and method for same
CN112799718A (en) Enumerated document generation method and device, electronic equipment and storage medium
US7647238B2 (en) Computer-implemented vehicle repair claims rules generator system
AU778165B2 (en) Real-time program audit software
US20080022258A1 (en) Custom database system and method of building and operating the same
US8150821B2 (en) System and method for using generic utilities to perform database utilities on mainframe operated DB2 databases
US8839097B2 (en) System and method for information encapsulation for providing multiple deliverable formats from one information source
JP4683535B2 (en) Job net management system
CN116932414B (en) Method and equipment for generating interface test case and computer readable storage medium
CN116204219A (en) Processing method for software version update, electronic equipment and storage medium
JP2005316778A (en) Plant monitoring controller
Baumgartner et al. Agile Test Automation
CN114840489A (en) Database version changing method and device, storage medium and electronic device

Legal Events

Date Code Title Description
EEER Examination request
FZDE Discontinued