Many enterprises perform data-center transformations, consolidations, and migrations to reduce costs and make IT greener. These projects start with discovery of infrastructure and applications and their dependencies. Typically, this is done by network monitoring and middleware configuration analysis. However, certain dependencies may not be detected without code analysis. We designed and implemented the first code-analysis technique for discovering hard-coded dependencies, based on static string analysis. Key novel aspects include the ability to localize the code and associated files in a production enterprise environment, an analysis for identifying functions that can access external resources, and a program-environment analysis (linked to the string analysis) for inferring values originating outside of the program. The approach is sound under reasonable assumptions about the underlying components.
We analyzed 1097 Java EE applications from three enterprise environments. The vast majority had hard-coded dependencies that required our novel analysis techniques. Such applications need special treatment in transformation projects.
By: Nikolai Joukov, Vasily Tarasov, Birgit Pfitzmann, Sergej Chicherin, Marco Pistoia, Takaaki Tateishi
Published in: RC24979 in 2009
LIMITED DISTRIBUTION NOTICE:
This Research Report is available. This report has been submitted for publication outside of IBM and will probably be copyrighted if accepted for publication. It has been issued as a Research Report for early dissemination of its contents. In view of the transfer of copyright to the outside publisher, its distribution outside of IBM prior to publication should be limited to peer communications and specific requests. After outside publication, requests should be filled only by reprints or legally obtained copies of the article (e.g., payment of royalties). I have read and understand this notice and am a member of the scientific community outside or inside of IBM seeking a single copy only.
Questions about this service can be mailed to reports@us.ibm.com .