CISQ Automated Source Code Green Measure

PROBLEM STATEMENT

IT operations run on electricity.

kWh production leads to CO2 emission.

Lack of efficiency in IT operations waste energy simply because unnecessary CPU cycles are equivalent to unnecessary kWh consumption.

Efficiency in IT operations is for a large part conditioned by the way it was developed.

People have been used to ever-growing computing resources, omitting the impact on the environment through the energy consumption, resulting in software that are far from optimal.

In addition to suboptimal software development that amounts to “pipe leaks”, there are also “pipe ruptures” that can be avoided, so as to save the resources needed to recover/restart/resume the activity.

Energy can be saved now by making software more efficient.

The relative emergency in helping this initiative is the spread of software in billions of devices. Every small gain can make a difference.

 

OPPORTUNITY

To identify pieces of Software that could be optimized to require less CPU resources

  • Focus on “pipe leaks”
    • data access efficiency
    • algorithmic costs
    • resource economy
  • Focus on “pipe ruptures” – avoiding failures

Thanks to selected patterns from from:

  • Automated Source Code Performance Efficiency Measure (http://www.omg.org/spec/ASCPEM/)
  • Automated Source Code Reliability Measure (http://www.omg.org/spec/ASCRM/)
  • Automated Source Code Security Measure (http://www.omg.org/spec/ASCSM/)

OBJECTIVES

  • Perform the selection of the applicable patterns
  • Validate the coverage of salient aspects
    • Or identify the “uncovered” ones and specify applicable patterns

LIMITATIONS

  • No direct kWh measure
  • No direct CO2 equivalent

DEVELOPMENT

OMG Measure In ASCGM ?
ASCMM-MNT-1: Control Flow Transfer Control Element outside Switch Block
ASCMM-MNT-2: Class Element Excessive Inheritance of Class Elements with Concrete
Implementation
ASCMM-MNT-3: Storable and Member Data Element Initialization with Hard-Coded Literals
ASCMM-MNT-4: Callable and Method Control Element Number of Outward Calls
ASCMM-MNT-5: Loop Value Update within the Loop
ASCMM-MNT-6: Commented Code Element Excessive Volume
ASCMM-MNT-7: Inter-Module Dependency Cycles
ASCMM-MNT-8: Source Element Excessive Size
ASCMM-MNT-9: Horizontal Layer Excessive Number
ASCMM-MNT-10: Named Callable and Method Control Element Multi-Layer Span
ASCMM-MNT-11: Callable and Method Control Element Excessive Cyclomatic Complexity Value
ASCMM-MNT-12: Named Callable and Method Control Element with Layer-skipping Call
ASCMM-MNT-13: Callable and Method Control Element Excessive Number of Parameters
ASCMM-MNT-14: Callable and Method Control Element Excessive Number of Control Elements
involving Data Element from Data Manager or File Resource
ASCMM-MNT-15: Public Member Element
ASCMM-MNT-16: Method Control Element Usage of Member Element from other Class Element
ASCMM-MNT-17: Class Element Excessive Inheritance Level
ASCMM-MNT-18: Class Element Excessive Number of Children
ASCMM-MNT-19: Named Callable and Method Control Element Excessive Similarity
ASCMM-MNT-20: Unreachable Named Callable or Method Control Element
ASCPEM-PRF-1: Static Block Element containing Class Instance Creation Control Element
ASCPEM-PRF-2: Immutable Storable and Member Data Element Creation TRUE
ASCPEM-PRF-3: Static Member Data Element outside of a Singleton Class Element
ASCPEM-PRF-4: Data Resource Read and Write Access Excessive Complexity TRUE
ASCPEM-PRF-5: Data Resource Read Access Unsupported by Index Element TRUE
ASCPEM-PRF-6: Large Data Resource ColumnSet Excessive Number of Index Elements ?
ASCPEM-PRF-7: Large Data Resource ColumnSet with Index Element of Excessive Size ?
ASCPEM-PRF-8: Control Elements Requiring Significant Resource Element within Control Flow
Loop Block
TRUE
ASCPEM-PRF-9: Non-Stored SQL Callable Control Element with Excessive Number of Data Resource
Access
?
ASCPEM-PRF-10: Non-SQL Named Callable and Method Control Element with Excessive Number of
Data Resource Access
?
ASCPEM-PRF-11: Data Access Control Element from Outside Designated Data Manager
Component
TRUE
ASCPEM-PRF-12: Storable and Member Data Element Excessive Number of Aggregated Storable and
Member Data Elements
?
ASCPEM-PRF-13: Data Resource Access not using Connection Pooling capability TRUE
ASCPEM-PRF-14: Storable and Member Data Element Memory Allocation Missing De-Allocation
Control Element
?
ASCPEM-PRF-15: Storable and Member Data Element Reference Missing De-Referencing Control
Element
?
ASCRM-CWE-120: Buffer Copy without Checking Size of Input TRUE
ASCRM-CWE-252-data: Unchecked Return Parameter Value of named Callable and Method Control
Element with Read, Write, and Manage Access to Data Resource
TRUE
ASCRM-CWE-252-resource: Unchecked Return Parameter Value of named Callable and Method Control
Element with Read, Write, and Manage Access to Platform Resource
TRUE
ASCRM-CWE-396: Declaration of Catch for Generic Exception ?
ASCRM-CWE-397: Declaration of Throws for Generic Exception ?
ASCRM-CWE-456: Storable and Member Data Element Missing Initialization TRUE
ASCRM-CWE-674:Uncontrolled Recursion
ASCRM-CWE-704: Incorrect Type Conversion or Cast TRUE
ASCRM-CWE-772: Missing Release of Resource after Effective Lifetime
ASCRM-CWE-788: Memory Location Access After End of Buffer TRUE
ASCRM-RLB-1: Empty Exception Block ?
ASCRM-RLB-2: Serializable Storable Data Element without Serialization Control Element FALSE
ASCRM-RLB-3: Serializable Storable Data Element with non-Serializable Item Elements FALSE
ASCRM-RLB-4: Persistant Storable Data Element without Proper Comparison Control Element TRUE
ASCRM-RLB-5: Runtime Resource Management Control Element in a Component Built to Run on
Application Servers
ASCRM-RLB-6: Storable or Member Data Element containing Pointer Item Element without Proper
Copy Control Element
ASCRM-RLB-7: Class Instance Self Destruction Control Element
ASCRM-RLB-8: Named Callable and Method Control Elements with Variadic Parameter Element
ASCRM-RLB-9: Float Type Storable and Member Data Element Comparison with Equality
Operator
TRUE
ASCRM-RLB-10: Data Access Control Element from Outside Designated Data Manager Component
ASCRM-RLB-11: Named Callable and Method Control Element in Multi-Thread Context with
non-Final Static Storable or Member Element
ASCRM-RLB-12: Singleton Class Instance Creation without Proper Lock Element Management ?
ASCRM-RLB-13: Inter-Module Dependency Cycles
ASCRM-RLB-14: Parent Class Element with References to Child Class Element
ASCRM-RLB-15: Class Element with Virtual Method Element wihout Virtual Destructor
ASCRM-RLB-16: Parent Class Element without Virtual Destructor Method Element
ASCRM-RLB-17: Child Class Element wihout Virtual Destructor unlike its Parent Class
Element
ASCRM-RLB-18: Storable and Member Data Element Initialization with Hard-Coded Network
Resource Configuration Data
ASCRM-RLB-19: Synchronous Call Time-Out Absence
ASCSM-CWE-22: Path Traversal Improper Input Neutralization
ASCSM-CWE-78: OS Command Injection Improper Input Neutralization
ASCSM-CWE-79: Cross-site Scripting Improper Input Neutralization
ASCSM-CWE-89: SQL Injection Improper Input Neutralization
ASCSM-CWE-99: Name or Reference Resolution Improper Input Neutralization
ASCSM-CWE-120: Buffer Copy without Checking Size of Input
ASCSM-CWE-129: Array Index Improper Input Neutralization
ASCSM-CWE-134: Format String Improper Input Neutralization
ASCSM-CWE-252-resource: Unchecked Return Parameter Value of named Callable and Method Control
Element with Read, Write, and Manage Access to Platform Resource
ASCSM-CWE-327: Broken or Risky Cryptographic Algorithm Usage
ASCSM-CWE-396: Declaration of Catch for Generic Exception
ASCSM-CWE-397: Declaration of Throws for Generic Exception
ASCSM-CWE-434: File Upload Improper Input Neutralization
ASCSM-CWE-456: Storable and Member Data Element Missing Initialization
ASCSM-CWE-606: Unchecked Input for Loop Condition
ASCSM-CWE-667: Shared Resource Improper Locking
ASCSM-CWE-672: Expired or Released Resource Usage
ASCSM-CWE-681: Numeric Types Incorrect Conversion
ASCSM-CWE-772: Missing Release of Resource after Effective Lifetime
ASCSM-CWE-789: Uncontrolled Memory Allocation
ASCSM-CWE-798: Hard-Coded Credentials Usage for Remote Authentication
ASCSM-CWE-835: Loop with Unreachable Exit Condition (Infinite Loop)