GB2178877A

GB2178877A - Software build control tool

Info

Publication number: GB2178877A
Application number: GB8619204A
Authority: GB
Inventors: David Ralph Horncastle
Original assignee: British Telecommunications PLC
Current assignee: British Telecommunications PLC
Priority date: 1985-08-06
Filing date: 1986-08-06
Publication date: 1987-02-18
Also published as: GB8619204D0; GB8519747D0; GB2178877B

Abstract

A computer system 8 comprising input means 16, processing means 10, output means 18 and file storage means 20 including a plurality of files at least one of which is such that processing of that file causes a second file to be opened, is arranged so that a list of files opened is provided when the at least one file is accessed, the list including the at least one file and the second file. The second file may be opened when the first file is opened, during processing of the first file, or as a result of processing the first file. <IMAGE>

Description

SPECIFICATION Software build control tool This system relates to a computersystem having atooI which allows software build so that quality assurance standards can be met more easily, and maintenance problems can be reduced. When the software is executed system security can be checked.

In large software builds in high level language, ensuring that standards are being met during development can be a tedious process; a check as to whether only approved source code units have been used requiresa line-by-line check of the code which is clearly impractical. The problem is especially acute in the context of implementations oflanguageswhich offer very powerful features in additiontothe original language specification. An additional problem isto ensure not only that the software achieves its purpose by carrying out the required task, but that no additional, hidden tasks are performed, ie that a secure system has been created. The tool facilitates appropriate checks and allows easy indentification of a frequently occurring software failure.

According to the invention, a computer system comprises input means, processing means, file storage means comprising a plurality of files, at least one file being such that processing ofthatfile causes a second file to be opened, and output means arranged sothatwhen commands are entered via the input means such that said at least one file is processed, there is provided via the output means a listoffiles opened which includes said at leastonefile and said second file.

The second file may be opened when thefirstfile is opened, during processing of the first file, or as a result of processing the first file.

If a file is accessed by a direct command from the user it will be referred to as a "called-up file" while afile which is opened by the processing of a called-upfilewill be referred to as a "reference file". Thisterminology is usedforease of comprehension ofthe invention; anyfile in the storage means may be a called-up file ora reference file, depending on the circumstances.

The list of files opened can be considered to be a file audit list.

Three major advantages of the invention have been identified. First, the file audit list allows a relatively quick and easy checkto be made on whether only approved source code units have been used in building the software.

Secondly, use ofthe invention allows a common software failure to be traced. When there is a built-in limit in the hostcomputersystem on the number offiles which can be opened, a software build orexecution may fail because this limit has been reached although, so far as the user knows, the number of files opened is much smaller than the limit; if the tool according to the invention is used, the total number offiles opened by call-up and by reference is immediatelyavailable,and the reason forthe failure, that the limit has been exceeded, is clear.

Thirdly, the developed software can be shown to be secure by use of the invention. Anyfunctions performed underthe control of developed software in addition to its intended functions can be traced by examining the file audit list.

Further according to the invention,thecomputersystem may be arranged so thatwhen afile is opened the processing means interrupts its operation and sends information to a list storage means which compiles a list of files opened, both called up and reference files. Such an implementation may require the facility to be implemented in the operating system of the hardware.

Alternatively the computer system may comprise a monitoring system arranged to record continually or intermittently the currently opened files and to compile a list of all files opened, both called-up and reference files.

The invention will now be described by way of example only with reference to the accompanying drawing which shows one arranged by which the invention is implemented.

The invention will be described with reference to an implementation on a vagi 1/780 (Trade Mark) computer, manufactured by Digital Equipment Corporation and running VAXNMS4.

InVAX/VMS,thefollowing definitionsareused:- "Process" -the entity, consisting of both hardware and software contexts, which can be executed bythe computer. Typically, there will be many processes onthecomputerat once. The scheduler is the part ofthe operating system which will pick, from all the possible processes, the one to be executed next. In doing this, the schedulerwill use an algorithm designed to ensure equal allocation of computing resources to all processes which are of a similar priority.

"Subprocess" - a process can own a number of subprocesses which may run concurrently with each other and with the parent process. In many respects a subprocess is similarto a process sincetheyarescheduled for execution in an identical way to other processes.

"Open file quota" and "remaining open file quota" -the VMS operating system controls allocation of certain resources through the use of quotas which are granted to each process. A process cannot perform certain operations unless it has the necessary quotas. The two quotas which are of relevance to the invention are the open file quota and the remaining open file quota. The former isfixed and gives the total numberof files which a process can have open at any instant. The latter will vary during the execution of a process, and gives the remaining number offileswhich a process can open before it exceeds its open file quota.

Heferring now to the accompanying figure which shows a computer system 8 according to the invention, a processing means 10 consists of a parent processing means 12 and a subprocessing means 14. The subprocessing means 14 is connected to input means 16, to output means 18, and to file storage means 20, in the DEC VAX system. The parent processing means 12 is connected to the output means 18 and thefile storage means 20. The file storage means 20 is of such a structure that, for at least one of its files, opening ofto that file initiates the opening of at least one otherfile. In VAX/VMS this feature will appear many times in the file storage system.

The tool according to the invention provided as the patent process. When a user is operating the input means 16eitherto build software orto run softwarethetool operates to poll the remaining open file quota of the subprocess. Whenever this figure changes between successive polls, the parent process will suspend the subprocess, examine all open files in the file storage means 20 to find which file has just been opened, using the conventional VAXNMS utility $ SHOW DEVICE/FILES for each disk device on the system 20. This command examines open files on the named disk device and then resumes the subprocess. Ultimately, the output means 18 provides a list of all files opened, the file audit list.

The subprocessing means 14 also provides to the output means 18 information from which a job log summary can be provided.

Two examples of job log summaries and corresponding file audit lists will now begiven.

Example I JOB LOG SUMMARY $copy/log test1 in test1. out %COPY-S-COPIED, [ HORNCASTLE.TEST ] TEST1 .OUT;3 (1 block) FILEAUDITLIST DUAO: [ HORNCASTLE.TEST ] TEST1.OUT,3 DUAO: [ HORNCASTLE.TEST ] TEST1 .IN,1 In this very simple example only one command was executed, a simple copy from the file with name TEST1 .in located in the directory called [ HORNCASTLE,TESTj on the disk drive with name DUAO. The particular version of the file which was used was version 1.

The file auditlistshowsthefull file specificationsforthe input and output files indicating thatthesewerethe two files opened during execution of the command. This is exactly as would be expected by someone even with only minimal knowledge of the VAX/VMS operating system.

[Note: someone with detailed knowledge of VAXNM S may expect the file STS$STSTEM : COPY: EXE also to have been opened since this is the part of the operating system which performs the copy. On the system on which the tool according to the invention is running this file is an installed, opened privileged image. Amongst otherthings, this means that the file is permanently held open by the operating system so that a process wishing to access the file does not have the overhead of opening it first. Such procedure is normal for files which are used often. Thus, since the inventive tool detects file openings by the subprocess ratherthan file accesses, it will not detect the access to this file. ] Example 2 This example, which is still a simple one, illustrates the advantages of the invention.

JOB LOG SUMMARY $ @command~file.com $ set noverify FILEAUDITLIST DUAO: [HORNCASTLE.TEST]TEST2.OUT;2 DUAO: [HORNCASTLE.TEST]ANOTHER COMMAND FILE.COM;3 DUAO:[HORNCASTLE.TEST]COMMAND FILE.COM;1 Example 2 demonstrates a case where the files which were opened could not have been predicted without, potentially, a great deal of effort.

At first sight, only two commands have been executed and onefile called-up(COMMAND FILE.COM).

However, the first command, $ @command~file.com request the operating system to execute the file COMMAND~FILE.COM. As it name suggests, this file contains a series of commands; the user has no knowledge from thefirstcommand alone ofthe number of and nature of these commands.

Unfortunately, the first command in COMMAND FILE.COM was $ set noverify which suppresses the echoing of all subsequent executed commands. Therefore, from the job log summary alone, the user has no idea what actually happened.

The file audit list shows the full file specification for the file COMMAND#HLE.COM which would have been predicted by the user. However, all the other names which appear on that list are giving new information, about reference files opened. For example, another command file was opened and possibly executed and several data files were opened.

If tool according to the invention had not been available, gaining this information would have involved reading the command files line by line, which for anything other than trivially shortfileswould beatedious and error prone task.

In the implementation described above the parent process continually polls the remaining open file quota of the subprocess, there is not time delay built into the invention to setthe polling period; the time delay between polls results from the scheduling algorithm. The time quantum is a system parameter used by the schedulerand is the length of time which any one process is allowed to run. The time quantum is set bythe system manager and must be chosen to be short enough to trap all files opened but long enough to allowthe process to work in the partofthetime quantum not occupied by context switching. In the current system the time quantum can vary from 20 milliseconds upwards; forthetool according to the invention a preferred range is 50 to 80 milliseconds.

In addition to the risk offailing to record a file, the arrangement is a heavy user of CPU time since the parent process is constantly running.

In an alternative implementation of the invention which overcomes both ofthese problems, the software is written sothatthe subprocess itself will monitorwhen it opens a file. As soon as it detects that it has opened a file, it informs the parent process and then suspends itself. The parent process makes a note of the file which was opened and then resumes the subprocess. A job log summary and file audit list are provided as in thefirst implementation.

The advantages are that every file which is opened by the subprocess will be recorded, and that the amount of extra work over and above that of simply executing the user's commands is not great, the parent process will only be invoked, for example, whenever a file is opened. Howeverthis implementation requires a modification to the operating software of the the system.

Use ofthe invention allows a software build to be monitored much more easily than has previously been possible, even when using a complex system running a mix of languages and software tools. Thefull discipline required for quality assurance is maintainable without placing extra burdens on the development engineer.

Claims

1. A computer system comprising: input means processing means file storage means comprising a plurality offiles, at least one file being such that processing ofthatfile causes a second file to be opened, and output means, arranged so that when commands are entered via the input means such that said at least one file is processed, there is provided via the output means a list of files opened which includes reference to said at least one file and said second file.

2. Acomputersystem according to claim 1 arranged so that when a file is opened the processing means interrupts its operation and sends information to a list storage means which compiles a list of all files opened.

3. A computer system according to claim 2 in which the processing means comprises a parent process and at least one subprocess arranged so that when the subprocess opens a source code file it informsthe parent process and suspends operation of the process; the parent process records said source code file; and the parent process instructs the subprocess to resume operation.

4. A computer system according to claim 3 in which the parent process and at least one subprocess communicate via a modified operating system of the computer system.

5. A computer system according to claim 1 further comprising a monitoring system arranged to record intermittently the currently opened files and to compile a list of all files opened.

6. A computer system according to claim 5 in which there is further provided a remaining open file quota facility which is polled by the monitoring system.

7. A computer system according to claim 6 which operates VAX/VMS 4 and in which the polling frequency is between 50 and 80 milliseconds.

8. A method of operating a computer system, the system comprising input means, processing means, file storage means comprising a plurality of source code files, atone file being such that when itis processed it automatically initiates acces to a second file, and output means, in which a command is entered via the input means such that said at least one file is accessed, and there is provided via the output means a list offiles accessed which includes reference to said at least one file and said second file.

9. A computer system substantially as hereinbefore described with reference to the accompanying drawing.