View in PDF - Spazio IT
Download
Report
Transcript View in PDF - Spazio IT
Spazio IT – Code Quality Platforms
SPAZIO IT
Code Quality Platforms
December 2014
© 2014 Spazio IT - Soluzioni Informatiche s.a.s.
Maurizio Martignano
Spazio IT – Soluzioni Informatiche s.a.s
Via Manzoni 40
46030 San Giorgio di Mantova, Mantova
http://www.spazioit.com
1
Agenda
December 2014
© 2014 Spazio IT - Soluzioni Informatiche s.a.s.
2
Agenda
Code Inspection
SonarQube
Spazio IT Quality Platforms
Quality Platforms – Processes
Future Activities
December 2014
© 2014 Spazio IT - Soluzioni Informatiche s.a.s.
3
Code Inspection
December 2014
© 2014 Spazio IT - Soluzioni Informatiche s.a.s.
4
Software Crisis 2.0
Software Crisis (2.0) hasn’t yet disappeared and is here to
stay.
– Implemented features not meeting the
requirements/expectations
– Missed deadlines
– Costs overruns
The majority of the total cost of software projects is
associated with finding and fixing defects.
Defects finding and fixing often occur too late in the life
cycle of a project.
December 2014
© 2014 Spazio IT - Soluzioni Informatiche s.a.s.
5
No Single Remedy (but…)
No single remedy for the software crisis has been found.
(but) empirical data gathered on several software projects
have shown that
Code Inspection allows for
– defects prevention
– early defects detection and removal
December 2014
© 2014 Spazio IT - Soluzioni Informatiche s.a.s.
6
What to inspect?
Dynamic Analysis
– Coverage (has this piece of code been executed?)
– Testing (did it pass its tests)?
Static Analysis
–
–
–
–
–
–
Architecture and design
Coding Rules / Standards
Duplications
Complexity
Readability
…
December 2014
© 2014 Spazio IT - Soluzioni Informatiche s.a.s.
7
Code, Code and Code
Static and dynamic analysis are «standard» activities.
What is «new» is the emphasis on Code.
December 2014
© 2014 Spazio IT - Soluzioni Informatiche s.a.s.
8
Code Inspection
Code Inspection is a
human activity but
proper tools
– increase efficiency
– reduce risks.
December 2014
© 2014 Spazio IT - Soluzioni Informatiche s.a.s.
9
SonarQube
December 2014
© 2014 Spazio IT - Soluzioni Informatiche s.a.s.
10
SonarQube – What is it?
SonarQube is an open source Web Application
(http://www.sonarqube.org) which
– Takes in input a set of source code files and a set of
analyses results (produced by external tools).
– Stores both sources and results in a database.
– Makes available the gathered information via a
dynamic website where the results are shown in the
context of the code itself.
December 2014
© 2014 Spazio IT - Soluzioni Informatiche s.a.s.
11
SonarQube – What is it?
Source Code
Files
SonarQube
Engine
Analyses
Results
SonarQube
Database
December 2014
© 2014 Spazio IT - Soluzioni Informatiche s.a.s.
12
SonarQube – There’s more
Analyses on the same code base can be performed at
different moments in time and SonarQube keeps track of
the changes/evolution.
The problems found during analyses (a.k.a. issues) can be
managed directly from within the system itself, e.g.
– Identifying false positives
– Assigning issues to developers
– Checking their status (if they have been solved)
– …
December 2014
© 2014 Spazio IT - Soluzioni Informatiche s.a.s.
13
SonarQube / Plugins / Sensors
Plugin-1
e.g. Ada
Pre-Processing
e.g. scanning
and parsing
Sensor-1
eg. CppCheck
SonarQube
Plugin-I
Sensor-J
e.g. C/C++
e.g. PC-Lint
Sensor-M
e.g. GCOV
Plugin-M
e.g. Java
Post-Processing
e.g. CPD, Decorators
December 2014
© 2014 Spazio IT - Soluzioni Informatiche s.a.s.
14
Spazio IT – Quality Platforms
December 2014
© 2014 Spazio IT - Soluzioni Informatiche s.a.s.
15
AIRBUS Helicopters
December 2014
© 2014 Spazio IT - Soluzioni Informatiche s.a.s.
16
Spazio IT – Quality Platforms
Since mid 2012 Spazio IT has been working for AIRBUS
Helicopters and has developed an Ada Plugin supporting
both:
– Adacore GNAT (http://www.adacore.com)
– Atego APEX Ada (http://www.atego.com)
compilation tools chains
Spazio IT platform has been adopted by the group
maintaining the software of the NH90 and Tiger
helicopters.
http://www.spazioit.com/pages_en/sol_inf_en/code_qu
ality_en
December 2014
© 2014 Spazio IT - Soluzioni Informatiche s.a.s.
17
European Space Agency
December 2014
© 2014 Spazio IT - Soluzioni Informatiche s.a.s.
18
Spazio IT – Quality Platforms
Since fall 2013 Spazio IT has been working on the C/C++
community Plugin for SonarQube (modifying and
extending it) to make it suitable for Independent
Validation and Verification activities.
Spazio IT is currently using its C/C++ Plugin for the
validation of the IXV On-board Software.
http://www.spazioit.com/pages_en/sol_inf_en/code_qu
ality_en
December 2014
© 2014 Spazio IT - Soluzioni Informatiche s.a.s.
19
Processes
December 2014
© 2014 Spazio IT - Soluzioni Informatiche s.a.s.
20
Who does what?
All nowadays Integrated Development Environments
(IDEs) like GNAT GPS 2014, Visual Studio 2013, Eclipse
Luna, offer some form of Code Analysis.
December 2014
© 2014 Spazio IT - Soluzioni Informatiche s.a.s.
21
Who does what?
IDE’s analysis tools are to be used by software developers
during their everyday work.
SonarQube analyses are more for the «quality people»
and they are not supposed to be executed everyday, but
rather at specific /well defined moments in the software
development life cycle.
December 2014
© 2014 Spazio IT - Soluzioni Informatiche s.a.s.
22
When?
SonarQube analyses should be performed after any
«significant» delivery in a software development project,
e.g. using ECSS 40 terminology, at:
– CDR
– QR
– AR
In maintenance projects SonarQube analyses should be
performed after any «significant» new delivery, e.g.
supposing a versioning like:
major.minor[.build[.revision]]
After every «minor» delivery.
December 2014
© 2014 Spazio IT - Soluzioni Informatiche s.a.s.
23
Future Activities
December 2014
© 2014 Spazio IT - Soluzioni Informatiche s.a.s.
24
Future Activities
Quality Methodologies, i.e. integrating into the SonarQube:
– SQUALE – Software QUALity Enhancement
(http://www.squale.org - almost there already)
– GQM – Goal, Question, Metric
(http://en.wikipedia.org/wiki/GQM)
Analyses Tools, i.e. assessing and possibly make interoperate
with SonarQube tools like:
– MATLAB Polyspace – Abstract Interpretation
(http://www.mathworks.it/products/polyspace/)
– CBMC – Bounded Model Checking
(http://www.cprover.org/cbmc )
December 2014
© 2014 Spazio IT - Soluzioni Informatiche s.a.s.
25
Current Research
December 2014
© 2014 Spazio IT - Soluzioni Informatiche s.a.s.
26
Useful Links
http://ulir.ul.ie/bitstream/handle/10344/2575/Fitzgerald%2cBri
an.pdf
http://faculty.salisbury.edu/~xswang/Research/Papers/SERelat
ed/no-silver-bullet.pdf
http://research.ijcaonline.org/volume87/number1/pxc3893251.p
df
http://www.cs.umd.edu/~basili/publications/proceedings/P95.
pdf
http://en.wikipedia.org/wiki/GQM
http://www.squale.org
http://www.sonarqube.org
http://www.spazioit.com/pages_en/sol_inf_en/code_quality_en
December 2014
© 2014 Spazio IT - Soluzioni Informatiche s.a.s.
27
Thank you for your time!
December 2014
© 2014 Spazio IT - Soluzioni Informatiche s.a.s.
28