Static program analysis is a computer technique that involves estimating all of the possible outcomes of a software program. A typical analysis might look at all the code that can be executed, or all the ways in which a program can communicate with its users or the network. “Professional programmers use the results of static analysis to improve their software, either by making it more efficient or by fixing programming errors,” explains PARSe project coordinator Yannis Smaragdakis, professor in the department of informatics and telecommunications at the University of Athens, Greece. “For example, an analysis can tell a programmer which parts of code are certain to never be executed. This code can then be removed.”
A complex world
A key challenge is the fact that technological innovation is advancing at pace. “Computer programs today are some of the most complex things that humanity has ever created,” notes Smaragdakis. This complexity has grown exponentially in recent decades. At the same time, software has become increasingly important in our everyday life. Advanced software is everywhere, from the apps we download onto our smartphones, to statistical modelling used by internet companies to collect and interpret massive amounts of data. “There is a huge and ever-growing demand for reliable and efficient software,” he says. “This means programmers need more advanced analysis techniques that can assess even the most complex programs.” The PARSe project was launched in 2015 to meet this demand. “Our aim was to connect cutting-edge static analysis research with advanced software development applications,” explains Smaragdakis. To achieve this, the project team developed a prototype web-based user interface. This provides programmers with access to analysis, and enables them to more easily navigate through the code of a large program. Programmers can use the static analysis service to pose key comprehension questions, for example on security vulnerabilities. Questions are then answered with the aid of algorithms that were developed during the previous ERC-funded SPADE project. By integrating these algorithms into a web-based user interface, the PARSe project has taken this research one step further.
Access to advanced analysis
Smaragdakis is confident that the prototype can help professional programmers to optimise code and detect bugs in even the most complex software. “This is a major task in modern software development,” he notes. “Major corporations dedicate significant sums to programme analysis and development support. Recent acquisitions of static analysis companies have been in the region of several hundreds of millions of euro.” In this context, the eventual development and commercialisation of next-generation program analysis tools could be a significant project outcome. Steps have already been taken to prepare the technology for market. “We have developed an Android optimisation tool in order to deploy the program on phones and tablets,” adds Smaragdakis. “This will enable programmers to consult all the code that they have been developing. Current solutions on the market are highly complex and tend to be error-prone.” The prototype is currently being explored for commercialisation in cooperation with the University of Athens entrepreneurship accelerator. “I hope one day to see the PARSe prototype evolve into a tool that is widely adopted,” he says. “This is the gateway for introducing even more advanced static analysis research to mainstream software development.”
PARSe, code, programmer, software, digital, Android, network, internet