Dataflow analysis provides valuable information about the behavior and characteristics of an application under test. Some dataflow analysis techniques track information flow through the application, starting with statements reading user inputs and proceeding to statements that perform security-sensitive operations. These techniques form a basis for static/dynamic security analysis. Other dataflow analysis techniques decide whether or not a given statement or code block can be moved to another location in the code. The statement or code block may be moved for purposes of optimization or refactoring. Code refactoring is the process of restructuring existing computer code, without changing the external behavior of the code. Advantages of refactoring include improved code readability and reduced complexity; these characteristics can improve source code maintainability. Yet another set of dataflow analysis techniques perform reasoning about bottlenecks, low-utility data structures, and other pathologies in the execution of the program. This reasoning approach forms the basis for advanced profiling techniques.
Instrumentation refers to a process of monitoring or measuring the performance of the application under test, for the purpose of diagnosing errors and writing trace information. Programmers implement instrumentation in the form of code instructions that monitor specific components in a system. For example, these instructions may output logging information for display on a screen. One difficulty in gathering dataflow information is that a thick layer of instrumentation is required atop the application under test, including all statements in the application along with memory manipulations. This is because data flows through any operation that manipulates memory, and therefore there is a need to track substantial amounts of information across the complete application. As this tracking requirement suggests, dataflow analysis is highly unscalable, and can be implemented feasibly only if the application under test is relatively small. Thus, there exists a need to overcome at least one of the preceding deficiencies and limitations of the related art.