GB2178877A - Software build control tool - Google Patents
Software build control tool Download PDFInfo
- Publication number
- GB2178877A GB2178877A GB8619204A GB8619204A GB2178877A GB 2178877 A GB2178877 A GB 2178877A GB 8619204 A GB8619204 A GB 8619204A GB 8619204 A GB8619204 A GB 8619204A GB 2178877 A GB2178877 A GB 2178877A
- Authority
- GB
- United Kingdom
- Prior art keywords
- file
- opened
- computer system
- files
- list
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/30—Monitoring
- G06F11/34—Recording or statistical evaluation of computer activity, e.g. of down time, of input/output operation ; Recording or statistical evaluation of user activity, e.g. usability assessment
- G06F11/3466—Performance evaluation by tracing or monitoring
- G06F11/3476—Data logging
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/52—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F8/00—Arrangements for software engineering
- G06F8/70—Software maintenance or management
- G06F8/71—Version control; Configuration management
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2101—Auditing as a secondary aspect
Abstract
A computer system 8 comprising input means 16, processing means 10, output means 18 and file storage means 20 including a plurality of files at least one of which is such that processing of that file causes a second file to be opened, is arranged so that a list of files opened is provided when the at least one file is accessed, the list including the at least one file and the second file. The second file may be opened when the first file is opened, during processing of the first file, or as a result of processing the first file. <IMAGE>
Description
SPECIFICATION
Software build control tool This system relates to a computersystem having atooI which allows software build so that quality assurance standards can be met more easily, and maintenance problems can be reduced. When the software is executed system security can be checked.
In large software builds in high level language, ensuring that standards are being met during development can be a tedious process; a check as to whether only approved source code units have been used requiresa line-by-line check of the code which is clearly impractical. The problem is especially acute in the context of implementations oflanguageswhich offer very powerful features in additiontothe original language specification. An additional problem isto ensure not only that the software achieves its purpose by carrying out the required task, but that no additional, hidden tasks are performed, ie that a secure system has been created. The tool facilitates appropriate checks and allows easy indentification of a frequently occurring software failure.
According to the invention, a computer system comprises
input means,
processing means,
file storage means comprising a plurality of files, at least one file being such that processing ofthatfile causes a second file to be opened,
and output means arranged sothatwhen commands are entered via the input means such that said at least one file is processed, there is provided via the output means a listoffiles opened which includes said at leastonefile and said second file.
The second file may be opened when thefirstfile is opened, during processing of the first file, or as a result of processing the first file.
If a file is accessed by a direct command from the user it will be referred to as a "called-up file" while afile which is opened by the processing of a called-upfilewill be referred to as a "reference file". Thisterminology is usedforease of comprehension ofthe invention; anyfile in the storage means may be a called-up file ora reference file, depending on the circumstances.
The list of files opened can be considered to be a file audit list.
Three major advantages of the invention have been identified. First, the file audit list allows a relatively quick and easy checkto be made on whether only approved source code units have been used in building the software.
Secondly, use ofthe invention allows a common software failure to be traced. When there is a built-in limit in the hostcomputersystem on the number offiles which can be opened, a software build orexecution may fail because this limit has been reached although, so far as the user knows, the number of files opened is much smaller than the limit; if the tool according to the invention is used, the total number offiles opened by call-up and by reference is immediatelyavailable,and the reason forthe failure, that the limit has been exceeded, is clear.
Thirdly, the developed software can be shown to be secure by use of the invention. Anyfunctions performed underthe control of developed software in addition to its intended functions can be traced by examining the file audit list.
Further according to the invention,thecomputersystem may be arranged so thatwhen afile is opened the processing means interrupts its operation and sends information to a list storage means which compiles a list of files opened, both called up and reference files. Such an implementation may require the facility to be implemented in the operating system of the hardware.
Alternatively the computer system may comprise a monitoring system arranged to record continually or intermittently the currently opened files and to compile a list of all files opened, both called-up and reference files.
The invention will now be described by way of example only with reference to the accompanying drawing which shows one arranged by which the invention is implemented.
The invention will be described with reference to an implementation on a vagi 1/780 (Trade Mark) computer, manufactured by Digital Equipment Corporation and running VAXNMS4.
InVAX/VMS,thefollowing definitionsareused:- "Process" -the entity, consisting of both hardware and software contexts, which can be executed bythe computer. Typically, there will be many processes onthecomputerat once. The scheduler is the part ofthe operating system which will pick, from all the possible processes, the one to be executed next. In doing this, the schedulerwill use an algorithm designed to ensure equal allocation of computing resources to all processes which are of a similar priority.
"Subprocess" - a process can own a number of subprocesses which may run concurrently with each other and with the parent process. In many respects a subprocess is similarto a process sincetheyarescheduled for execution in an identical way to other processes.
"Open file quota" and "remaining open file quota" -the VMS operating system controls allocation of certain resources through the use of quotas which are granted to each process. A process cannot perform certain operations unless it has the necessary quotas. The two quotas which are of relevance to the invention are the open file quota and the remaining open file quota. The former isfixed and gives the total numberof files which a process can have open at any instant. The latter will vary during the execution of a process, and gives the remaining number offileswhich a process can open before it exceeds its open file quota.
Heferring now to the accompanying figure which shows a computer system 8 according to the invention, a processing means 10 consists of a parent processing means 12 and a subprocessing means 14. The subprocessing means 14 is connected to input means 16, to output means 18, and to file storage means 20, in the DEC VAX system. The parent processing means 12 is connected to the output means 18 and thefile storage means 20. The file storage means 20 is of such a structure that, for at least one of its files, opening ofto that file initiates the opening of at least one otherfile. In VAX/VMS this feature will appear many times in the file storage system.
The tool according to the invention provided as the patent process. When a user is operating the input means 16eitherto build software orto run softwarethetool operates to poll the remaining open file quota of the subprocess. Whenever this figure changes between successive polls, the parent process will suspend the subprocess, examine all open files in the file storage means 20 to find which file has just been opened, using the conventional VAXNMS utility
$ SHOW DEVICE/FILES for each disk device on the system 20. This command examines open files on the named disk device and then
resumes the subprocess. Ultimately, the output means 18 provides a list of all files opened, the file audit list.
The subprocessing means 14 also provides to the output means 18 information from which a job log summary can be provided.
Two examples of job log summaries and corresponding file audit lists will now begiven.
Example I
JOB LOG SUMMARY
$copy/log test1 in test1. out %COPY-S-COPIED, [ HORNCASTLE.TEST ] TEST1 .OUT;3 (1 block)
FILEAUDITLIST DUAO: [ HORNCASTLE.TEST ] TEST1.OUT,3 DUAO: [ HORNCASTLE.TEST ] TEST1 .IN,1 In this very simple example only one command was executed, a simple copy from the file with name
TEST1 .in located in the directory called [ HORNCASTLE,TESTj on the disk drive with name DUAO. The
particular version of the file which was used was version 1.
The file auditlistshowsthefull file specificationsforthe input and output files indicating thatthesewerethe two files opened during execution of the command. This is exactly as would be expected by someone even
with only minimal knowledge of the VAX/VMS operating system.
[Note: someone with detailed knowledge of VAXNM S may expect the file STS$STSTEM : COPY: EXE also to have been opened since this is the part of the operating system which performs the copy. On the
system on which the tool according to the invention is running this file is an installed, opened privileged
image. Amongst otherthings, this means that the file is permanently held open by the operating system so that a process wishing to access the file does not have the overhead of opening it first. Such procedure is
normal for files which are used often. Thus, since the inventive tool detects file openings by the subprocess
ratherthan file accesses, it will not detect the access to this file. ] Example 2
This example, which is still a simple one, illustrates the advantages of the invention.
JOB LOG SUMMARY $ @command~file.com $ set noverify
FILEAUDITLIST
DUAO: [HORNCASTLE.TEST]TEST2.OUT;2
DUAO: [HORNCASTLE.TEST]ANOTHER COMMAND FILE.COM;3
DUAO:[HORNCASTLE.TEST]COMMAND FILE.COM;1
Example 2 demonstrates a case where the files which were opened could not have been predicted without,
potentially, a great deal of effort.
At first sight, only two commands have been executed and onefile called-up(COMMAND FILE.COM).
However, the first command, $ @command~file.com request the operating system to execute the file COMMAND~FILE.COM. As it name suggests, this file contains
a series of commands; the user has no knowledge from thefirstcommand alone ofthe number of and nature
of these commands.
Unfortunately, the first command in COMMAND FILE.COM was
$ set noverify which suppresses the echoing of all subsequent executed commands. Therefore, from the job log summary alone, the user has no idea what actually happened.
The file audit list shows the full file specification for the file COMMAND#HLE.COM which would have been predicted by the user. However, all the other names which appear on that list are giving new information,
about reference files opened. For example, another command file was opened and possibly executed and
several data files were opened.
If tool according to the invention had not been available, gaining this information would have involved
reading the command files line by line, which for anything other than trivially shortfileswould beatedious and error prone task.
In the implementation described above the parent process continually polls the remaining open file quota of the subprocess, there is not time delay built into the invention to setthe polling period; the time delay between polls results from the scheduling algorithm. The time quantum is a system parameter used by the
schedulerand is the length of time which any one process is allowed to run. The time quantum is set bythe
system manager and must be chosen to be short enough to trap all files opened but long enough to allowthe
process to work in the partofthetime quantum not occupied by context switching. In the current system the
time quantum can vary from 20 milliseconds upwards; forthetool according to the invention a preferred
range is 50 to 80 milliseconds.
In addition to the risk offailing to record a file, the arrangement is a heavy user of CPU time since the parent
process is constantly running.
In an alternative implementation of the invention which overcomes both ofthese problems, the software is
written sothatthe subprocess itself will monitorwhen it opens a file. As soon as it detects that it has opened a
file, it informs the parent process and then suspends itself. The parent process makes a note of the file which
was opened and then resumes the subprocess. A job log summary and file audit list are provided as in thefirst
implementation.
The advantages are that every file which is opened by the subprocess will be recorded, and that the amount of extra work over and above that of simply executing the user's commands is not great, the parent process will only be invoked, for example, whenever a file is opened. Howeverthis implementation requires a
modification to the operating software of the the system.
Use ofthe invention allows a software build to be monitored much more easily than has previously been
possible, even when using a complex system running a mix of languages and software tools. Thefull discipline required for quality assurance is maintainable without placing extra burdens on the development engineer.
Claims (9)
1. A computer system comprising:
input means
processing means
file storage means comprising a plurality offiles, at least one file being such that processing ofthatfile causes a second file to be opened,
and output means, arranged so that when commands are entered via the input means such that said at least one file is processed, there is provided via the output means a list of files opened which includes reference to said at least one file and said second file.
2. Acomputersystem according to claim 1 arranged so that when a file is opened the processing means interrupts its operation and sends information to a list storage means which compiles a list of all files opened.
3. A computer system according to claim 2 in which the processing means comprises a parent process and at least one subprocess arranged so that when the subprocess opens a source code file it informsthe parent process and suspends operation of the process; the parent process records said source code file; and the parent process instructs the subprocess to resume operation.
4. A computer system according to claim 3 in which the parent process and at least one subprocess communicate via a modified operating system of the computer system.
5. A computer system according to claim 1 further comprising a monitoring system arranged to record intermittently the currently opened files and to compile a list of all files opened.
6. A computer system according to claim 5 in which there is further provided a remaining open file quota facility which is polled by the monitoring system.
7. A computer system according to claim 6 which operates VAX/VMS 4 and in which the polling frequency is between 50 and 80 milliseconds.
8. A method of operating a computer system, the system comprising input means,
processing means,
file storage means comprising a plurality of source code files, atone file being such that when itis processed it automatically initiates acces to a second file, and
output means, in which a command is entered via the input means such that said at least one file is accessed, and there is provided via the output means a list offiles accessed which includes reference to said at least one file and said second file.
9. A computer system substantially as hereinbefore described with reference to the accompanying drawing.
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
GB8519747A GB8519747D0 (en) | 1985-08-06 | 1985-08-06 | Software build control tool |
Publications (3)
Publication Number | Publication Date |
---|---|
GB8619204D0 GB8619204D0 (en) | 1986-09-17 |
GB2178877A true GB2178877A (en) | 1987-02-18 |
GB2178877B GB2178877B (en) | 1989-08-31 |
Family
ID=10583390
Family Applications (2)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
GB8519747A Pending GB8519747D0 (en) | 1985-08-06 | 1985-08-06 | Software build control tool |
GB8619204A Expired GB2178877B (en) | 1985-08-06 | 1986-08-06 | Software build control tool |
Family Applications Before (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
GB8519747A Pending GB8519747D0 (en) | 1985-08-06 | 1985-08-06 | Software build control tool |
Country Status (1)
Country | Link |
---|---|
GB (2) | GB8519747D0 (en) |
-
1985
- 1985-08-06 GB GB8519747A patent/GB8519747D0/en active Pending
-
1986
- 1986-08-06 GB GB8619204A patent/GB2178877B/en not_active Expired
Also Published As
Publication number | Publication date |
---|---|
GB8619204D0 (en) | 1986-09-17 |
GB8519747D0 (en) | 1985-09-11 |
GB2178877B (en) | 1989-08-31 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
EP1011043B1 (en) | Method and apparatus for loading a java application program | |
US6931544B1 (en) | Method and apparatus for executing multiple JAVA(™) applications on a single JAVA(™) virtual machine | |
US5832513A (en) | Detecting significant file system alterations during execution of a storage media software utility | |
US4912628A (en) | Suspending and resuming processing of tasks running in a virtual machine data processing system | |
US6691146B1 (en) | Logical partition manager and method | |
JP3572016B2 (en) | Ways to run untrusted programs | |
US7275241B2 (en) | Dynamic instrumentation for a mixed mode virtual machine | |
Cant | Writing Windows WDM device drivers | |
US5257381A (en) | Method of intercepting a global function of a network operating system and calling a monitoring function | |
Zandy et al. | Process hijacking | |
GB2326255A (en) | Automatic object distribution enables remote running of objects using local method calls | |
JPS6336458A (en) | Management for program execution and data file sharing for network | |
JP2004199330A (en) | Information processor, tracing processing method, program and recording medium | |
GB2380022A (en) | Auditing system call events with system call wrappers | |
US5440692A (en) | Method of dynamically expanding or contracting a DB2 buffer pool | |
US6237137B1 (en) | Method and system for preventing unauthorized access to a computer program | |
US7010671B2 (en) | Computer system and method for executing interrupt instructions in two operating modes | |
Gold et al. | KVM/370 in retrospect | |
US5432933A (en) | Method of canceling a DB2 thread | |
US5463764A (en) | Method and system for system debugging through a keyboard device driver | |
US6256752B1 (en) | Method and apparatus for dynamic swappable bytecode loop in java virtual machines | |
JPH07230386A (en) | Data processor and method for calling control routine | |
CN113176926A (en) | API dynamic monitoring method and system based on virtual machine introspection technology | |
GB2393818A (en) | Error handling by controlling the activity of temporary files. | |
KR20020033859A (en) | Linux security kernel |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PCNP | Patent ceased through non-payment of renewal fee |
Effective date: 19950806 |