Toolbox

Find Bottlenecks, Code Similarities, and More

Scott Mitchell

Contents

Find Performance and Memory Bottlenecks
Quickly Find Similar Code in Multiple Files
A Simple, Lightweight Color Picker
Learn the Essentials of Security

Find Performance and Memory Bottlenecks

This summer my wife and I are embarking on a three-week, 215-mile backpacking trip. After formulating the initial pack list, we spent several days evaluating equipment and paring down the list to reduce our pack weights. To maximize our efforts, we focused primarily on the heaviest items—the tent, sleeping bags, bear canister, and so on—and virtually ignored the lighter items. It’s a classic case of the old 80/20 rule, that 20 percent of the supplies constitute 80 percent of the overall weight.

The same tactics should be employed when optimizing an application’s performance. While there may be many thousands of lines of code in an application, chances are its performance is primarily affected by a small handful. It is important to identify where the time- and memory-based bottlenecks reside and focus your attention accordingly. Identifying these code regions is a fairly straightforward task with the help of a code profiler, which is a specialized application that monitors and records the time and/or memory resources used by another application.

ANTS Profiler Identifies Time- and Memory-Based Bottlenecks

ANTS Profiler Identifies Time- and Memory-Based Bottlenecks(Click the image for a larger view)

One such third-party code profiler is Red Gate Software’s ANTS Profiler 2.7. ANTS Profiler is a cinch to use. Upon starting, a three-step Profiler Project Wizard walks through the setup process, first asking whether you want to profile performance or memory. Profiling performance will show the number of times each line of code is executed along with how much total time was spent executing each one. It also summarizes the slowest lines of code and methods. Profiling memory works by taking periodic snapshots of the heap, objects in memory, the total memory footprint, and other memory-related metrics at various points in the program’s execution.

Next, the wizard asks if you want to profile a Microsoft® .NET Framework desktop application, an ASP.NET Web application, a .NET Windows® service, or a COM+ server application. ANTS Profiler can profile .NET Framework applications for versions 1.0, 1.1, and 2.0. Finally, the wizard asks for the location or name of the application to profile, at which point the application to profile is launched. During the program’s execution, ANTS Profiler will automatically capture either execution or memory usage information.

After closing the profiled application, the ANTS Profiler report is displayed, providing a high-level summary along with detailed metrics. When profiling performance, ANTS Profiler shows the source code with a column listing the number of times each line of code was executed and the total execution time. Lines of code that experienced an exceptionally long execution time are flagged. When profiling memory, the detailed report shows all objects in a grid that can be sorted and filtered. Selecting a particular object shows where it exists in the code tree.

When optimizing an application, it is essential to focus on the code that’s causing the greatest impact on performance. Code profilers use empirical evidence to help identify trouble spots. For an easy-to-use, feature-rich profiler, check out ANTS Profiler.

Price: $295 standard edition, $495 professional edition.

www.red-gate.com/products/ants_profiler

Quickly Find Similar Code in Multiple Files

One of the challenges inherent in any non-trivial project, especially those involving multiple developers, is code repetition. For example, Bob may need to format output, parse input, or perform a calculation the same way in multiple places in the system. Ideally, such similar code would be refactored into a method that would then be called from the multiple locations, but Bob may be in a hurry or has made a mental note to come back and fix this issue at a later date. But before Bob refactors his code, imagine what would happen if Alice was reviewing the code and found and fixed a bug. Unless Alice knows that Bob’s code has been duplicated elsewhere, chances are she won’t make the bug fix in both locations. In short, duplicate code compromises the maintainability and updateability of an application.

Fortunately, there are tools that will quickly identify code repetition. Simian 2.2 by Red Hill Consulting is a similarity analyzer that searches for duplicate syntax in multiple files. The program understands a variety of programming language syntaxes—C#, T-SQL, JavaScript, and Visual Basic®, among others—and can also find repetitions in plain-text files. There are a variety of configuration options that allow the user to fine-tune the rules that identify duplicate code. For example, the threshold setting dictates how many identical lines of code must be present to qualify as a duplicate.

Simian is a lightweight tool designed to efficiently find duplicate code. It lacks a graphical interface, but can be used through the command line or accessed programmatically. Its results are output as plain text, but can be formatted through one of the built-in format types (such as XML). While Simian’s lean interface and limited reporting features add a bit to the learning curve, they help keep the product focused and efficient.

Simian is capable of searching for duplicate code in both large and small projects. For instance, Red Hill Consulting reports that Simian compared the Java Development Kit’s 1.3 million lines of raw source code spread across 4,136 files in approximately 25 seconds. In my own tests, I found Simian to finish in well under one second when analyzing projects with around 15,000 lines of raw source code spread over 200 files or so.

Duplicate code impacts a project’s maintainability and updateability. You can use Simian to find duplicate code across multiple files quickly. Since it can be executed from the command line, Simian can be plugged into the build process to provide warnings or stop the build altogether in the face of repetitive code.

Price: $99 for a personal license; $499 for a project license.

A Simple, Lightweight Color Picker

If you have ever designed the front end of a Web site or worked on the user interface for a commercial desktop application, you have most likely needed to know the particular RGB settings of a specific onscreen color. Perhaps you need to match the form’s background color to the color of your company’s logo or want to color a Web page’s text the same color as it appears in the PDF brochure. If you do not know the exact color specifications, you can use a color picker to discover them. Color pickers report the RGB combination of a particular color, typically the color currently underneath the mouse pointer.

Standalone color picker programs are nice when you’re not already working inside a graphic editing program. It is a hassle to have to open the image or take a screenshot and paste it in the graphic editing program just to determine the specifications for a particular onscreen color.

Pixie's Simple Interface Suplies Detailed Color Info

Pixie's Simple Interface Suplies Detailed Color Info(Click the image for a larger view)

One of the best freeware color pickers I have come across is Pixie 1.0, by Nattyware. When launched, Pixie appears as a small square in the center of the desktop, showing the current color under the mouse pointer in hexadecimal, HTML, RGB, and other formats, as well as the current mouse pointer’s X and Y coordinates. In addition to its onscreen user interface, Pixie can also be minimized to the task tray.

Pixie has a handful of actions that are mapped to keyboard shortcuts. To magnify the area under the mouse, simply press Ctrl+Alt+Z. Use Ctrl+Alt+X to bring up the standard Windows color palette. Once you’ve placed your mouse’s pointer over the color of interest, hit Ctrl+Alt+C to copy the color’s information to the clipboard.

Pixie’s utility lies in its simplicity and minimalist interface. If you find yourself needing to determine the specs for an onscreen color, give Pixie a try.

Price: Free; source code, $25.

www.nattyware.com/pixie.html

Learn the Essentials of Security

Security requires planning and domain knowledge and its results are not easily measurable. Furthermore, since security spans physical, technological, and policy levels, it is easy for a developer to bury her head in the sand and assume someone else will implement or has implemented the necessary security precautions. Such attitudes, however, are an invitation to disaster. Security is an important aspect of any application and all developers should have at least a cursory understanding of key security concepts, potential attack vectors, and techniques for protecting against common threats.

Foundations of Security: What Every Programmer Needs to Know (Apress, 2007), by Neil Daswani, Christoph Kern, and Anita Kesavan, provides a solid overview of security fundamentals at a level appropriate for developers who may have little to no background in security. The book starts with three chapters on security design principles, covering concepts such as authentication, authorization, encryption, and message integrity.

The meat of the book is found in the second section, which explores secure programming techniques. Here you will find discussions on common attack vectors—buffer overflows, client-state manipulation, SQL injection attacks, techniques for securely storing passwords, cross-site scripting (XSS) attacks, and so on—along with practices for stopping these types of attacks. The code samples in this section are written in Java, but don’t let that dissuade you from reading the book as they are provided mainly as pseudocode-like reference material.

The final section explores cryptography with chapters on symmetric encryption, asymmetric encryption, key management, Message Authentication Codes (MACs), and signatures.

Security is an important part of every project that is often avoided at the expense of your users’ private data and your company’s bottom line. Foundations of Security: What Every Programmer Needs to Know is an accessible introduction to security that every developer should consider reading.

Price: $39.99.

Send your questions and comments for Scott to  toolsmm@microsoft.com.

Scott Mitchell, author of numerous books and founder of 4GuysFromRolla.com, is an MVP who has been working with Microsoft Web technologies since 1998. Scott is an independent consultant, trainer, and writer. Reach him at Mitchell@4guysfromrolla.com or via his blog at ScottOnWriting.NET.