Saturday, October 30, 2010

Software Tunning vs. Verification Process

According to Wikipedia (n.d.) performance tuning is the process of “modifying a software system to make some aspect of it work more efficiently or use fewer resources”. This is distinctively different process from program verification which is described in Wikipedia (n.d.) as “the act of proving or disproving the correctness of intended algorithms underlying a system with respect to a certain formal specification or property”. The difference could be summarized as the performance versus functionality of the software. In addition, program verification process assess the assess the software under certain preconditions to verify functionality as per design requirements without changes to the source code, the tuning process modifies the program to better utilize the allocated resources (such as memory and CPU). As a result, both issues will be discussed separately.
Program verification process make sure that the software functionless as per design requirements. This could be verified by inspection of the source code, or by running a pre-defined (as per software requirements) test cases. The process is semi-automated by usage of automated testing software (for example, HP WinRunner) to run test case scenario against the assessed software, but those need to be configured/loaded by a human operator. Recently, due to the rising number of security exploit in applications, software vendors began using automated software capable assessing the application for flaws leading to security vulnerabilities such as Cross Site Scripting (XSS), Buffer Overflow, Cross Site Request Forgery (CSRF). Although the automated tools are very efficient in running the per-defined test case scenario, human interaction requires to define the test cases. Furthermore, number of functional flaws are a result of logical incorrectness and will require assessment by human capable of understanding the application as demonstrated by the following code:
  1. procedure login(user, password)
  2. (
  3. success <--- true
  4. if call authenticate(user, password) = true
  5. then (...)
  6. else (success <--- false)
  7. return success
  8. ) end procedure
the functional requirement of the procedure is to authenticate the user using the provided values. Since it is a functional requirement to handle two inputs and provide a Boolean output, it would be a fair to assume that automated tool or inexperienced assessor will not try to mutate the input to a level causing the authenticate procedure to fail on line 4 which could under certain conditions result in a successful authentication (procedure returns the value true). Verifications as such require not only human understanding of the application, but also experience therefore will remain as “work of art”.
Performance tuning, on the other hand, can achieve a fairly good results using automated tools. Of course, an experienced software architect can make a difference at the design stage by choosing efficient algorithms and implementation technologies, but reusable designed and patters can compensate for lack of experience. Additional tuning could be achieved by optimization on the source code level and using an optimizing compiler which relies on different tuning techniques such as loop optimization, common sub-expression elimination and redundant store elimination. It could be demonstrated by the following code:
  1. procedure calculate(a ,b)
  2. (
  3. c <--- 4
  4. result <--- (a+b)-(a+b)/4
  5. return result
  6. ) end procedure
Program tuning could be achieved by removing line 3 and calculating the expression a+b in line 4 only once. The result of compiler optimization could be:
  1. procedure calculate (a,b)
  2. (
  3. c <--- a + b
  4. result <--- c – c/4
  5. return result
  6. ) end procedure
Further optimization could be achieved by performing a run time optimization “exceeding the capability of static compilers by dynamically adjusting parameters according to the actual input or other factors” (Wikipedia, n.d.).

Bibliography

No comments:

Post a Comment