DOCSLIB.ORG

The EA's Guide to Reliable Infrastructure Deployments

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
The EA's Guide to Reliable Infrastructure Deployments Welcome THE EA’S GUIDE TO RELIABLE CLOUD DEPLOYMENTS When development starts moving into the cloud, it’s understandable to want to move fast and see results quickly. Enterprises are often encouraged to deliver those first few deployments at pace, sometimes without thinking about longevity. This can cause enterprises to struggle with a lack of comparability between projects. This inhibits your ability to effectively measure the success of your deployments and can cost your organisation a lot of time and resources. At Dootrix, we believe it’s essential to tackle standardisation as soon as possible. By having reliable infrastructure deployments in place, you can achieve cost savings in a number of areas. Once you’ve got deployment standards in place, new projects require less work. But by encoding security practices into your deployments, you’re reducing mistakes and the opportunity for human error as well as security risks. With standardisation, comes clearer and better accounting - understanding where your costs lie and what’s driving them becomes much easier. But how do you approach standardisation? In this eBook, we break down our strategy in easy steps that will help you create high quality, standardised, repeatable and reliable infrastructure deployments and accelerate your journey into the cloud. We hope this eBook is useful, please don’t hesitate to get in touch if you have any questions or would like to find out more! Mark Vallins, Head of DevOps PAGE 2 OF 30 CONTENTS 1 SETTING THE SCENE 2 INFRASTRUCTURE AS CODE 3 AGILE 4 VERSION CONTROL 5 CONVENTIONS 6 STANDARDS 7 TESTING 8 AUTOMATION 9 DESTRUCTIVE CHANGES 10 CONCLUSION PAGE 3 OF 30 Setting the scene WHAT DO WE WANT TO ACHIEVE? We want our cloud deployments to be: Repeatable Reliable Standardised Secure Not only do we want our code deployments to meet these requirements, we also want our infrastructure deployments to meet them. However, in reality we often find that we deviate from this vision. The stresses of deadlines and a fear of change can back us into a corner, leaving us managing deployments by hand in a piecemeal manner, we therefor lose faith in our ability to manage change effectively. We tend to have code deployments ‘wrapped-up’, we follow Agile processes and we implement continuous integration and continuous delivery using deployment tools like Azure DevOps. We should be doing the same for our infrastructure, in many cases the tools and processes that we already use can be put to use again. In short, to achieve the desired cloud deployments, we want: A process that allows us to treat infrastructure the same way as code Infrastructure definitions under version control Infrastructure definition conventions Infrastructure standards and patterns Infrastructure testing Automated PAGE 4 OF 30 Setting the scene WHAT DO WE WANT TO ACHIEVE? The processes described here are especially suited to Platform as a Service (PaaS) deployments where configuration is naturally exposed as properties on resources. Ask yourself this question: Can you confidently expect to be able to tear down your infrastructure and re-build it from scratch, automatically and without issue? For any environment, especially development environments, you really should be able to reset (delete and start-again) that environment at any point to avoid cumulative errors from experiments or other updates that cause the environment to deviate from the design. Destroy Deploy PAGE 5 OF 30 2: INFRASTRUCTURE AS CODE PAGE 6 OF 30 Infrastructure as Code WHAT DO WE WANT TO ACHIEVE? Infrastructure as code is the process of managing and provisioning computer data centers through machine-readable definition files, rather than physical hardware configuration or interactive configuration tools.1. From a PaaS perspective perhaps we should re-phrase this in Platform as code terms as: the process of managing and provisioning platform resources through machine-readable definition files rather than interactive configuration tools. A number of infrastructure as code definition formats are supported across the cloud platforms: LANGUAGE FORMAT PLATFORM CloudFormation JSON, YAML Amazon Web Services (AWS) ARM Templates JSON Microsoft Azure Terraform HCL, JSON AWS, Microsoft Azure, Google Cloud Platform Javascript, Typescript, Pulumi AWS, Microsoft Azure, Google Cloud Python 3, Go Platform 1. Wikipedia PAGE 7 OF 30 ARM Template Example Each of these formats allows you to define your infrastructure in a file or set of files that can be shared, reviewed and used as part of an automated deployment process (just like your source code). Here’s a simple example of an Azure Resource Manager Template that describes an Azure storage account. This example is self-contained and minimal, but I don’t recommend you write your templates in this way (e.g. inline values for names and SKUs) for reasons that we will discuss later). { "$schema": "https://schema.management.azure.com/schemas/ 2015-01-01/deploymentTemplate.json#", "contentVersion": "1.0.0.0", "parameters": {}, "variables": {}, "resources": [ { "type": "Microsoft.Storage/storageAccounts", "apiVersion": "2018-07-01", "name": "examplestorageaccount", "location": "[resourceGroup().location]", "tags": { "displayName": "examplestorageaccount" }, "sku": { "name": "Standard_LRS" }, "kind": "StorageV2", "properties": {} } ], "outputs": {} } PAGE 8 OF 30 3: AGILE PAGE 9 OF 30 Agile You may be working to an Agile process, but even if you aren’t you probably manage your code requirements in a tool like JIRA or Azure DevOps. You should be managing your infrastructure code in the same way. 1. Define the infrastructure requirements 2. Break down and refine those requirements 3. Assign tasks to individuals 4. Track infrastructure commits against stories/tasks 5. Review changes 6. Test changes 7. Merge 8. Deploy 9. Repeat Breaking down infrastructure into separate tasks to allow for parallel development is made easier when the infrastructure definition isn’t one monolith of code, modularising the definition is critical for collaboration and re-use, we’ll cover this soon. “YOU SHOULD BE MANAGING YOUR INFRASTRUCTURE CODE IN THE SAME WAY AS YOUR SOFTWARE CODE” PAGE 10 OF 30 4: VERSION CONTROL PAGE 11 OF 30 Version Control A number of popular version control tools and services are available for managing your definitions locally and remotely. Use the same platform that your team members use for code, choose a well-known platform if you don’t have one already. Git might have a steep learning curve but it is ubiquitous and there is plenty of documentation available. Make sure you get your infrastructure definitions under version control, the benefits are obvious: History Recovery Backup Collaboration Understanding Infrastructure definitions under version control can participate in the same processes as your code, you can organise changes in branches, peer review definitions and merge changes to development and production branches via pull requests. Your team have oversight of the infrastructure deployment Changes can be reviewed and approved PAGE 12 OF 30 HISTORY The genesis and modifications of your infrastructure definitions are tracked, history enables the related concepts of recovery and understanding. RECOVERY View and recover any version, want to know what’s changed in the last 7 days, that’s easy. Roll-back mistakes and deployments, broken something recently but not sure when, roll-back to a version that you know worked last week. BACKUP Local and remote copies of infrastructure definitions are available, whether working with a distributed version control system or a centralised one, there are always multiple copies of the infrastructure definition should you lose your local copy. COLLABORATION Changes can come from multiple sources. Changes are merged in a controlled fashion. Others can view and review. UNDERSTANDING A freedom to experiment, access to history and collaboration help understanding. The ability of others to view the current and previous states of the infrastructure definition help provide context to the decisions and intention of the current state. INFRASTRUCTURE DEFINITIONS UNDER VERSION CONTROL CAN PARTICIPATE IN THE SAME PROCESSES AS YOUR CODE. YOUR TEAM HAVE OVERSIGHT OF THE INFRASTRUCTURE DEPLOYMENT AND CHANGES CAN BE REVIEWED AND APPROVED. PAGE 13 OF 30 5: CONVENTIONS PAGE 14 OF 30 Conventions You have coding conventions, coding standards, don’t you? You should have infrastructure definition conventions too, ask yourself the following questions: File names Are file names predictable and well-defined? Can new team members navigate the architecture? File structure How are your definition files arranged? Where are support scripts to be found? Are there standard locations for modular resource definitions? Resource names Can team members recognise the type and purpose of a resource? Can team members recognise the project that a resource belongs to? Can team members recognise who owns the resource? Do resource names naturally avoid naming conflicts across projects and regions? File layout Is the file consistently laid out? Are layout conventions followed? Are constraints correctly expressed? Are inputs validated and cleaned? Extraneous conventions Specific to a particular infrastructure language, custom functions or DSLs for example. If you have answers for most of these then you probably have a standard approach to writing and storing infrastructure definitions, are those conventions published and available to all team members? Does your chosen platform allow you to enforce your conventions? If so, make use of it to ensure that all current and future deployments gain the benefit of convention. PAGE 15 OF 30 6: STANDARDS PAGE 16 OF 30 Standards Do you find that your team members are writing the same resource definitions again and again? How do you know that each instance is correct or that they all follow internal guidelines? Rather than rely on published resource guidelines think about enforcing resource definitions using a modular approach. If your infrastructure language supports multiple files per architecture (it really should) then you can begin to create a library of components adhering to your internal standards that will help the whole team move faster and with fewer mistakes.
Load more

Recommended publications
  • Java Programming Standards & Reference Guide
    Java Programming Standards & Reference Guide Version 3.2 Office of Information & Technology Department of Veterans Affairs Java Programming Standards & Reference Guide, Version 3.2 REVISION HISTORY DATE VER. DESCRIPTION AUTHOR CONTRIBUTORS 10-26-15 3.2 Added Logging Sid Everhart JSC Standards , updated Vic Pezzolla checkstyle installation instructions and package name rules. 11-14-14 3.1 Added ground rules for Vic Pezzolla JSC enforcement 9-26-14 3.0 Document is continually Raymond JSC and several being edited for Steele OI&T noteworthy technical accuracy and / PD Subject Matter compliance to JSC Experts (SMEs) standards. 12-1-09 2.0 Document Updated Michael Huneycutt Sr 4-7-05 1.2 Document Updated Sachin Mai L Vo Sharma Lyn D Teague Rajesh Somannair Katherine Stark Niharika Goyal Ron Ruzbacki 3-4-05 1.0 Document Created Sachin Sharma i Java Programming Standards & Reference Guide, Version 3.2 ABSTRACT The VA Java Development Community has been establishing standards, capturing industry best practices, and applying the insight of experienced (and seasoned) VA developers to develop this “Java Programming Standards & Reference Guide”. The Java Standards Committee (JSC) team is encouraging the use of CheckStyle (in the Eclipse IDE environment) to quickly scan Java code, to locate Java programming standard errors, find inconsistencies, and generally help build program conformance. The benefits of writing quality Java code infused with consistent coding and documentation standards is critical to the efforts of the Department of Veterans Affairs (VA). This document stands for the quality, readability, consistency and maintainability of code development and it applies to all VA Java programmers (including contractors).
    [Show full text]
  • Devsecops in Reguated Industries Capgemini Template.Indd
    DEVSECOPS IN REGULATED INDUSTRIES ACCELERATING SOFTWARE RELIABILITY & COMPLIANCE TABLE OF CONTENTS 03... Executive Summary 04... Introduction 07... Impediments to DevSecOps Adoption 10... Playbook for DevSecOps Adoption 19... Conclusion EXECUTIVE SUMMARY DevOps practices enable rapid product engineering delivery and operations, particularly by agile teams using lean practices. There is an evolution from DevOps to DevSecOps, which is at the intersection of development, operations, and security. Security cannot be added after product development is complete and security testing cannot be done as a once-per-release cycle activity. Shifting security Left implies integration of security at all stages of the Software Development Life Cycle (SDLC). Adoption of DevSecOps practices enables faster, more reliable and more secure software. While DevSecOps emerged from Internet and software companies, it can benefit other industries, including regulated and high security environments. This whitepaper covers how incorporating DevSecOps in regulated Industries can accelerate software delivery, reducing the time from code change to production deployment or release while reducing security risks. This whitepaper defines a playbook for DevSecOps goals, addresses challenges, and discusses evolving workflows in DevSecOps, including cloud, agile, application modernization and digital transformation. Bi-directional requirement traceability, document generation and security tests should be part of the CI/CD pipeline. Regulated industries can securely move away
    [Show full text]
  • Advanced Tcl E D
    PART II I I . A d v a n c Advanced Tcl e d T c l Part II describes advanced programming techniques that support sophisticated applications. The Tcl interfaces remain simple, so you can quickly construct pow- erful applications. Chapter 10 describes eval, which lets you create Tcl programs on the fly. There are tricks with using eval correctly, and a few rules of thumb to make your life easier. Chapter 11 describes regular expressions. This is the most powerful string processing facility in Tcl. This chapter includes a cookbook of useful regular expressions. Chapter 12 describes the library and package facility used to organize your code into reusable modules. Chapter 13 describes introspection and debugging. Introspection provides information about the state of the Tcl interpreter. Chapter 14 describes namespaces that partition the global scope for vari- ables and procedures. Namespaces help you structure large Tcl applications. Chapter 15 describes the features that support Internationalization, includ- ing Unicode, other character set encodings, and message catalogs. Chapter 16 describes event-driven I/O programming. This lets you run pro- cess pipelines in the background. It is also very useful with network socket pro- gramming, which is the topic of Chapter 17. Chapter 18 describes TclHttpd, a Web server built entirely in Tcl. You can build applications on top of TclHttpd, or integrate the server into existing appli- cations to give them a web interface. TclHttpd also supports regular Web sites. Chapter 19 describes Safe-Tcl and using multiple Tcl interpreters. You can create multiple Tcl interpreters for your application. If an interpreter is safe, then you can grant it restricted functionality.
    [Show full text]
  • OHD C++ Coding Standards and Guidelines
    National Weather Service/OHD Science Infusion and Software Engineering Process Group (SISEPG) – C++ Programming Standards and Guidelines NATIONAL WEATHER SERVICE OFFICE of HYDROLOGIC DEVELOPMENT Science Infusion Software Engineering Process Group (SISEPG) C++ Programming Standards and Guidelines Version 1.11 Version 1.11 11/17/2006 National Weather Service/OHD Science Infusion and Software Engineering Process Group (SISEPG) – C++ Programming Standards and Guidelines 1. Introduction..................................................................................................................1 2. Standards......................................................................................................................2 2.1 File Names .......................................................................................................2 2.2 File Organization .............................................................................................2 2.3 Include Files.....................................................................................................3 2.4 Comments ........................................................................................................3 2.5 Naming Schemes .............................................................................................4 2.6 Readability and Maintainability.......................................................................5 2.6.1 Indentation ...............................................................................................5 2.6.2 Braces.......................................................................................................5
    [Show full text]
  • Theta Engineering Firmware Coding Conventions
    Theta Engineering Firmware Coding Conventions Best Practices What constitutes “best practice” in software development is an ongoing topic of debate in industry and academia. Nevertheless, certain principles have emerged over the years as being sound and beneficial. In taking a conservative stance on this topic, we will avoid the most recent and contentious ideas and stick with the ones that have withstood the test of time. The principles we will use in the development of firmware are: o Object oriented design – Even though we are not programming in an “object oriented language” per se, the principles of object oriented design are still applicable. We will use a C module to correspond to an “object”, meaning a body of code that deals with a specific item or conceptually small zone of functionality, and encapsulates the code and data into that module. o Separation of interface and implementation – Each module will have a .c file that comprises the implementation and a .h file specifying the interface. Coding details and documentation pertaining to the implementation should be confined to the .c file, while items pertaining to the interface should be in the .h file. o Encapsulation – Each module should encapsulate all code and data pertaining to its zone of responsibility. Each module will be self contained and complete. Access to internal variables if necessary will be provided through published methods as described in the header file for the module. A module may use other appropriate modules in order to do its job, but may do so only through the published interface of those modules.
    [Show full text]
  • Tsduck Coding Guidelines
    TSDuck Coding Guidelines Version 3.2 April 2021 TSDuck coding guidelines License TSDuck is released under the terms of the license which is commonly referred to as "BSD 2-Clause License" or "Simplified BSD License" or "FreeBSD License". See http://opensource.org/licenses/BSD-2- Clause. Copyright (c) 2005-2021, Thierry Lelégard All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY
    [Show full text]
  • Towards a Structured Specification of Coding Conventions
    1 Towards a Structured Specification of Coding Conventions Elder Rodrigues Jr. and Leonardo Montecchi Instituto de Computac¸ao˜ Universidade Estadual de Campinas Campinas, SP, Brazil [email protected], [email protected] Abstract—Coding conventions are a means to improve the check similarity between rules, ii) identify conflicting rules, reliability of software systems. They can be established for iii) understand if a tool is able to check a certain rule, iv) many reasons, ranging from improving the readability of code configure a tool to check a certain rule, etc. to avoiding the introduction of security flaws. However, coding conventions often come in the form of textual documents in Following the principles behind Model-Driven Engineering natural language, which makes them hard to manage and to (MDE) [20], all the artifacts in the software development pro- enforce. Following model-driven engineering principles, in this cess, thus including coding conventions, should be represented paper we propose an approach and language for specifying as structured models, to increase the degree of automation, coding conventions using structured models. We ran a feasibility improve integration, and reduce the possibility of human study, in which we applied our language for specifying 215 coding rules from two popular rulesets. The obtained results mistakes. However, to the best of our knowledge, there is little are promising and suggest that the proposed approach is feasible. work on this topic in the literature. However, they also highlight that many challenges still need to be In this paper we investigate the possibility of specifying cod- overcome. We conclude with an overview on the ongoing work for ing conventions through structured, machine-readable, models.
    [Show full text]
  • Practical Programming in Tcl and Tk
    Practical Programming in Tcl and Tk Brent Welch DRAFT, January 13, 1995 Updated for Tcl 7.4 and Tk 4.0 THIS IS NOT THE PUBLISHED TEXT THE INDEX IS INCOMPLETE SOME SECTIONS ARE MISSING THE MANUSCIRPT HAS NOT BEEN EDITED GET THE REAL BOOK: ISBN 0-13-182007-9 An enhanced version of this text has been published by Prentice Hall: ISBN 0-13-182007-9 Send comments via email to [email protected] with the word “book” in the subject. http://www.sunlabs.com/~bwelch/book/index.html The book is under copyright. Print for personal use only. This on-line DRAFT is available curtesty the kind folks at PH. Table of Contents 1. Tcl Fundamentals ............................................. 1 Getting Started ............................................................1 Tcl Commands .............................................................2 Hello World ..................................................................3 Variables ......................................................................3 Command Substitution ................................................4 Math Expressions ........................................................4 Backslash Substitution ................................................6 Double Quotes .............................................................7 Procedures ...................................................................7 A While Loop Example ..................................................8 Grouping And Command Substitution .......................10 More About Variable Substitution ..............................11
    [Show full text]
  • Coding Conventions for C++ and Java Applications - Macadamian Technologies Inc
    Coding Conventions for C++ and Java applications - Macadamian Technologies Inc Coding Conventions for C++ and Java applications Section Contents Subscribe to our email list to be notified by email when there is a Table of Contents new Column. Archive of past columns A full list of our software Source Code Organization development articles from previous weeks ● Files and project organization Coding Conventions for C++ and ● Header Files Java Naming Conventions One of our most popular pages -- Coding conventions for C++ and ● Function Names Java, written by our Chief Architect and used by our developers. ● Class Names ● Variable Names Source Documentation ● Module Comments and Revision History ● Commenting Data Declarations ● Commenting Control Structures ● Commenting Routines Programming Conventions ● Use of Macros ● Constants and Enumerations ● Use of return, goto and throw for flow control ● Error Handling ● Style and Layout Testing/Debug Support ● Class Invariant ● Assertions and Defensive Programming ● Validation Tests ● Tracing Conclusion http://www.macadamian.com/codingconventions.htm (1 of 16) [10/1/2000 7:12:06 PM] Coding Conventions for C++ and Java applications - Macadamian Technologies Inc ● Glossary ● References ● History ● Other Coding Conventions on the Web Source Code Organization Files and project organization The name of files can be more than eight characters, with a mix of upper case and lower-case. The name of files should reflect the content of the file as clearly as possible. As a rule of thumb, files containing class definitions and implementations should contain only one class. The name of the file should be the same as the name of the class. Files can contain more than one class when inner classes or private classes are used.
    [Show full text]
  • Gamification for Enforcing Coding Conventions
    Gamification for Enforcing Coding Conventions Christian R. Prause Matthias Jarke DLR Space Administration RWTH Aachen Königswinterer Str. 522-524 Institut i5 Bonn, Germany Aachen, Germany [email protected] [email protected] ABSTRACT quality characteristic means how cost-effectively developers Software is a knowledge intensive product, which can only can continuously improve and evolve the software. evolve if there is effective and efficient information exchange Maintainability is broken down into the sub-characteristics between developers. Complying to coding conventions im- analyzability, changeability, stability, testability and main- proves information exchange by improving the readability of tainability compliance. They describe how easy places to be source code. However, without some form of enforcement, changed and causes of faults can be located, how well fu- compliance to coding conventions is limited. We look at ture changes are supported and can be realized, how much the problem of information exchange in code and propose the software avoids unexpected effects from changes, how gamification as a way to motivate developers to invest in well the software supports validation efforts, and how com- compliance. Our concept consists of a technical prototype pliant the interior of the software is to maintainability stan- and its integration into a Scrum environment. By means of dards and conventions. Maintainability is like an internal two experiments with agile software teams and subsequent version of the usability quality
    [Show full text]
  • Best Practice Programming Techniques for SAS® Users
    PharmaSUG 2016 – Paper AD11 Best Practice Programming Techniques for SAS® Users Kirk Paul Lafler, Software Intelligence Corporation, Spring Valley, California Mary Rosenbloom, Lake Forest, California Abstract It’s essential that SAS® users possess the necessary skills to implement “best practice” programming techniques when using the Base-SAS software. This presentation illustrates core concepts with examples to ensure that code is readable, clearly written, understandable, structured, portable, and maintainable. Attendees learn how to apply good programming techniques including implementing naming conventions for datasets, variables, programs and libraries; code appearance and structure using modular design, logic scenarios, controlled loops, subroutines and embedded control flow; code compatibility and portability across applications and operating platforms; developing readable code and program documentation; applying statements, options and definitions to achieve the greatest advantage in the program environment; and implementing program generality into code to enable its continued operation with little or no modifications. Introduction Code is an intellectual property and should be treated as a tangible asset by all organizations. Best practice programming techniques help to clarify the sequence of instructions in code, permit others to read code as well as understand it, assist in the maintainability of code, permit greater opportunity to reuse code, achieve measurable results, reduce costs in developing and supporting code, and assist in performance improvements (e.g., CPU, I/O, Elapsed time, DASD, Memory). Best Practice Concepts A best practice programming technique is a particular approach or method that has achieved some level of approval or acceptance by a professional association, authoritative entity, and/or by published research results. Successful best practice programming techniques translate into greater code readability, maintainability and longevity while ensuring code reusability.
    [Show full text]
  • A Language-Independent Static Checking System for Coding Conventions
    A Language-Independent Static Checking System for Coding Conventions Sarah Mount A thesis submitted in partial fulfilment of the requirements of the University of Wolverhampton for the degree of Doctor of Philosophy 2013 This work or any part thereof has not previously been presented in any form to the University or to any other body whether for the purposes of as- sessment, publication or for any other purpose (unless otherwise indicated). Save for any express acknowledgements, references and/or bibliographies cited in the work, I confirm that the intellectual content of the work is the result of my own efforts and of no other person. The right of Sarah Mount to be identified as author of this work is asserted in accordance with ss.77 and 78 of the Copyright, Designs and Patents Act 1988. At this date copyright is owned by the author. Signature: . Date: . Abstract Despite decades of research aiming to ameliorate the difficulties of creat- ing software, programming still remains an error-prone task. Much work in Computer Science deals with the problem of specification, or writing the right program, rather than the complementary problem of implementation, or writing the program right. However, many desirable software properties (such as portability) are obtained via adherence to coding standards, and there- fore fall outside the remit of formal specification and automatic verification. Moreover, code inspections and manual detection of standards violations are time consuming. To address these issues, this thesis describes Exstatic, a novel framework for the static detection of coding standards violations. Unlike many other static checkers Exstatic can be used to examine code in a variety of lan- guages, including program code, in-line documentation, markup languages and so on.
    [Show full text]