Semmle is a software metrics company known for a product originally called SemmleCode, a static software analysis package. It can be used to find programming bug patterns, to compute software metrics, and to enforce coding conventions. All these tasks can be formulated as queries in an object-oriented query language named .QL.

Background [link]

Academic [link]

SemmleCode builds on a long tradition of academic research on querying the source of software programs. The first such system was Linton's Omega system, where queries were phrased in QUEL, a derivative of SQL. QUEL did not allow for recursion in queries, making it difficult to inspect hierarchical program structures such as the call graph. The next significant development was therefore the use of logic programming, which does allow such recursive queries, in the XL C++ Browser. The disadvantage of using a full logic programming language is however that it is very difficult to attain acceptable efficiency. The CodeQuest system, developed at the University of Oxford, was the first to exploit the observation that Datalog, a very restrictive version of logic programming, is in the sweet spot between expressive power and efficiency. The .QL query language is an object-oriented version of Datalog.

Industrial [link]

The early research works on querying the source of software programs spun off a number of industrial applications. In particular it became the cornerstone of systems for application intelligence (data mining on the source of software systems) and software renovation. In 2007, Paris-based CAST is one of the market leaders in that area, and other significant players include BluePhoenix in Herzliya, Israel. SemmleCode differs from these systems in its use of an object-oriented query language, which allows programmers to easily formulate new queries that are particular to their own project.

A full account of the academic and industrial developments leading up to the creation of SemmleCode can be found in the paper by Hajiyev cited below.

Sample query in .QL [link]

To illustrate the use of .QL, consider the well-known rule in object-oriented programming that public fields should be declared final. To find violations of that rule, we should search for fields that are public but not final. In .QL, that requirement is expressed as follows:

from Field f
where f.hasModifier("public")
      and
      not(f.hasModifier("final"))
select f.getDeclaringType().getPackage(),
       f.getDeclaringType(),
       f

Here we select not only the offending field f, but also the package and type in which its declaration occurs.

Integration with development environments [link]

SemmleCode provides a user interface via the Eclipse IDE to query Java code (both source code and bytecode) as well as XML files, and to edit .QL queries. This is however but one application of the technology that underlies it: .QL can be used to query any other type of complex data.

References [link]

This article includes a list of references, related reading or external links, but its sources remain unclear because it lacks inline citations. Please improve this article by introducing more precise citations. (September 2010)

• Mark A. Linton. Implementing relational views of programs. In Peter B. Henderson, editor, Software Development Environments (SDE), pages 132-140, 1984.
• Shahram Javey, Kin’ichi Mitsui, Hiroaki Nakamura, Tsuyoshi Ohira, Kazu Yasuda, Kazushi Kuse, Tsutomu Kamimura, and Richard Helm. Architecture of the XL C++ browser. In CASCON ’92: Proceedings of the 1992 conference of the Centre for Advanced Studies on Collaborative research, pages 369-379. IBM Press, 1992.
• Elnar Hajiyev, Mathieu Verbaere, Oege de Moor. CodeQuest: Scalable Source Code Queries with Datalog. In ECOOP 2006: Proceedings of the 2006 European Conference on Object-Oriented Programming, pages 2–27. Springer, 2006.

External links [link]

• Omega early code querying system.
• XL C++ Browser code querying system using logic programming.
• CodeQuest code querying system using Datalog.
• Semmle Limited creators of SemmleCode.
• SemmleCode: documentation.