Jump to content

Semmle

From Wikipedia, the free encyclopedia

This is an old revision of this page, as edited by GreenC bot (talk | contribs) at 23:17, 9 September 2016 (WaybackMedic 2). The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.

Semmle
IndustrySoftware analytics
FoundedDecember 2006 (2006-12) in Oxford, England
FounderOege de Moor
HeadquartersBlue Boar Court, Alfred Street,
Oxford
,
England
Key people
Oege de Moor, Pavel Augustinov, Julian Tibble
ProductsCode analysis software and services
ParentMicrosoft Edit this on Wikidata
Websitesemmle.com

Semmle Limited is a software engineering analytics and code exploration provider, with offices in Oxford, New York City, and Copenhagen. Built on research in compilers and data analysis, developed by a team from the University of Oxford, its patented technology creates a knowledge base using all available data about the software development process (source code, issue tickets, development costs, team location, etc.), and allows its users to accurately and efficiently query that knowledge base. Results are presented in user interfaces designed for the different needs of developers, managers, and executives. The insights Semmle delivers help teams staff projects more intelligently, retain and develop talent better, control software costs, and deliver new functionality sooner.

The company is headquartered in Blue Boar Court, Alfred Street, central Oxford, England and customers include Citi, Credit Suisse, NASA and Dell.[1]

Background

Academic

SemmleCode builds on academic research on querying the source of software programs. The first such system was Linton's Omega system,[2] where queries were phrased in QUEL. QUEL did not allow for recursion in queries, making it difficult to inspect hierarchical program structures such as the call graph. The next significant development was therefore the use of logic programming, which does allow such recursive queries, in the XL C++ Browser.[3] The disadvantage of using a full logic programming language is however that it is very difficult to attain acceptable efficiency. The CodeQuest system,[4] developed at the University of Oxford, was the first to exploit the observation that Datalog, a very restrictive version of logic programming, is in the sweet spot between expressive power and efficiency. The QL query language is an object-oriented version of Datalog.

Industrial

The early research works on querying the source of software programs spun off a number of industrial applications. In particular it became the cornerstone of systems for application intelligence (data mining on the source of software systems) and software renovation. In 2007, Paris-based CAST[5] is one of the market leaders in that area, and other significant players include BluePhoenix in Herzliya, Israel. SemmleCode differs from these systems in its use of an object-oriented query language, which allows programmers to easily formulate new queries that are particular to their own project.

A full account of the academic and industrial developments leading up to the creation of SemmleCode can be found in a paper by Hajiyev et al.[6]

Sample query in QL

To illustrate the use of QL, consider the well-known rule in object-oriented programming that public fields should be declared final. To find violations of that rule, we should search for fields that are public but not final. In QL, that requirement is expressed as follows:

 from Field f
 where f.hasModifier("public")
       and
       not(f.hasModifier("final"))
 select f.getDeclaringType().getPackage(),
        f.getDeclaringType(),
        f

Here not only is the offending field f selected, but also the package and type in which its declaration occurs.

Integration with development environments

SemmleCode provides a user interface via the Eclipse IDE to query Java code (both source code and bytecode) as well as XML files, and to edit QL queries. This is however but one application of the technology that underlies it: QL can be used to query any other type of complex data.

References

  1. ^ "Spin-out company Semmle secures $8M from Accel Partners" (Press release). University of Oxford. September 16, 2014. Retrieved September 18, 2015.
  2. ^ "Linton's Omega system". USA: University of California, Berkeley. 1983.
  3. ^ Shahram Javey, Kin’ichi Mitsui, Hiroaki Nakamura, Tsuyoshi Ohira, Kazu Yasuda, Kazushi Kuse, Tsutomu Kamimura, and Richard Helm. Architecture of the XL C++ browser. In CASCON ’92: Proceedings of the 1992 conference of the Centre for Advanced Studies on Collaborative research, pages 369–379. IBM Press, 1992.
  4. ^ "CodeQuest system". UK: Oxford University Computing Laboratory. Archived from the original on October 9, 2006. {{cite web}}: Unknown parameter |deadurl= ignored (|url-status= suggested) (help)
  5. ^ "CAST Software".
  6. ^ Elnar Hajiyev, Mathieu Verbaere, and Oege de Moor, CodeQuest: Scalable Source Code Queries with Datalog. In ECOOP 2006: Proceedings of the 2006 European Conference on Object-Oriented Programming, pages 2–27. Springer, 2006.

Further reading

  • Mark A. Linton. Implementing relational views of programs. In Peter B. Henderson, editor, Software Development Environments (SDE), pages 132–140, 1984.