Spazio IT – Code Quality Platforms
SPAZIO IT
Maurizio Martignano Spazio IT – Soluzioni Informatiche s.a.s Code Quality Platforms Via Manzoni 40 46030 San Giorgio di Mantova, Mantova http://www.spazioit.com October 2017 1 © 2017 Spazio IT - Soluzioni Informatiche s.a.s. Agenda
October 2017 2 © 2017 Spazio IT - Soluzioni Informatiche s.a.s. Agenda
Code Inspection
SonarQube
Spazio IT Quality Platforms
Quality Platforms – Processes
Future Activities
October 2017 3 © 2017 Spazio IT - Soluzioni Informatiche s.a.s. Code Inspection
October 2017 4 © 2017 Spazio IT - Soluzioni Informatiche s.a.s. Software Crisis 2.0
Software Crisis (2.0) hasn’t yet disappeared and is here to stay. – Implemented features not meeting the requirements/expectations – Missed deadlines – Costs overruns
The majority of the total cost of software projects is associated with finding and fixing defects.
Defects finding and fixing often occur too late in the life cycle of a project.
October 2017 5 © 2017 Spazio IT - Soluzioni Informatiche s.a.s. No Single Remedy (but…)
No single remedy for the software crisis has been found.
(but) empirical data gathered on several software projects have shown that
Code Inspection allows for – defects prevention – early defects detection and removal
October 2017 6 © 2017 Spazio IT - Soluzioni Informatiche s.a.s. What to inspect?
Dynamic Analysis – Coverage (has this piece of code been executed?) – Testing (did it pass its tests)?
Static Analysis – Architecture and design – Coding Rules / Standards – Duplications – Complexity – Readability – …
October 2017 7 © 2017 Spazio IT - Soluzioni Informatiche s.a.s. Code, Code and Code
Static and dynamic analysis are «standard» activities. What is «new» is the emphasis on Code.
October 2017 8 © 2017 Spazio IT - Soluzioni Informatiche s.a.s. Code Inspection
Code Inspection is a human activity but proper tools – increase efficiency – reduce risks.
October 2017 9 © 2017 Spazio IT - Soluzioni Informatiche s.a.s. SonarQube
October 2017 10 © 2017 Spazio IT - Soluzioni Informatiche s.a.s. SonarQube – What is it?
SonarQube is an open source Web Application (http://www.sonarqube.org) which
– Takes in input a set of source code files and a set of analyses results (produced by external tools).
– Stores both sources and results in a database.
– Makes available the gathered information via a dynamic website where the results are shown in the context of the code itself.
October 2017 11 © 2017 Spazio IT - Soluzioni Informatiche s.a.s. SonarQube – What is it?
Source Code Files
SonarQube Engine
Analyses Results
SonarQube Database
October 2017 12 © 2017 Spazio IT - Soluzioni Informatiche s.a.s. SonarQube – There’s more
Analyses on the same code base can be performed at different moments in time and SonarQube keeps track of the changes/evolution.
The problems found during analyses (a.k.a. issues) can be managed directly from within the system itself, e.g. – Identifying false positives – Assigning issues to developers – Checking their status (if they have been solved) – …
October 2017 13 © 2017 Spazio IT - Soluzioni Informatiche s.a.s. SonarQube / Plugins / Sensors
Plugin-1 Pre-Processing e.g. scanning e.g. Ada and parsing
Sensor-1 eg. CppCheck
Plugin-I Sensor-J SonarQube e.g. C/C++ e.g. PC-Lint
Sensor-M e.g. GCOV Plugin-M e.g. Java Post-Processing e.g. CPD, Decorators
October 2017 14 © 2017 Spazio IT - Soluzioni Informatiche s.a.s. Spazio IT – Quality Platforms
October 2017 15 © 2017 Spazio IT - Soluzioni Informatiche s.a.s. AIRBUS Helicopters
October 2017 16 © 2017 Spazio IT - Soluzioni Informatiche s.a.s. Spazio IT – Quality Platforms
Since mid 2012 Spazio IT has been working for AIRBUS Helicopters and has developed an Ada Plugin supporting both: – Adacore GNAT (http://www.adacore.com) – Atego APEX Ada (http://www.atego.com) compilation tools chains Spazio IT platform has been adopted by the group maintaining the software of the NH90 and Tiger helicopters. http://www.spazioit.com/pages_en/sol_inf_en/code_qu ality_en
October 2017 17 © 2017 Spazio IT - Soluzioni Informatiche s.a.s. European Space Agency
October 2017 18 © 2017 Spazio IT - Soluzioni Informatiche s.a.s. Spazio IT – Quality Platforms
Since fall 2013 Spazio IT has been working on the C/C++ community Plugin for SonarQube (modifying and extending it) to make it suitable for Independent Validation and Verification activities. Spazio IT has successfully used its C/C++ Plugin for the validation of the IXV On-board Software. Spazio IT is currently using its C/C++ Plugin for the validation of the JUICE DPU Boot Software. http://www.spazioit.com/pages_en/sol_inf_en/code_qu ality_en
October 2017 19 © 2017 Spazio IT - Soluzioni Informatiche s.a.s. Processes
October 2017 20 © 2017 Spazio IT - Soluzioni Informatiche s.a.s. Who does what?
All nowadays Integrated Development Environments (IDEs) like GNAT GPS 2017, Visual Studio 2013, Eclipse Luna, offer some form of Code Analysis.
October 2017 21 © 2017 Spazio IT - Soluzioni Informatiche s.a.s. Who does what?
IDE’s analysis tools are to be used by software developers during their everyday work.
SonarQube analyses are more for the «quality people» and they are not supposed to be executed everyday, but rather at specific /well defined moments in the software development life cycle.
October 2017 22 © 2017 Spazio IT - Soluzioni Informatiche s.a.s. When?
SonarQube analyses should be performed after any «significant» delivery in a software development project, e.g. using ECSS 40 terminology, at: – CDR – QR – AR In maintenance projects SonarQube analyses should be performed after any «significant» new delivery, e.g. supposing a versioning like: major.minor[.build[.revision]] After every «minor» delivery.
October 2017 23 © 2017 Spazio IT - Soluzioni Informatiche s.a.s. Future Activities
October 2017 24 © 2017 Spazio IT - Soluzioni Informatiche s.a.s. Future Activities Activities
Quality Methodologies, i.e. integrating into the SonarQube: – SQUALE – Software QUALity Enhancement (http://www.squale.org - almost there already) – GQM – Goal, Question, Metric (http://en.wikipedia.org/wiki/GQM)
Analyses Tools, i.e. assessing and possibly make interoperate with SonarQube tools like: – MATLAB Polyspace – Abstract Interpretation (http://www.mathworks.it/products/polyspace/)
October 2017 25 © 2017 Spazio IT - Soluzioni Informatiche s.a.s. Useful Links
http://ulir.ul.ie/bitstream/handle/10344/2575/Fitzgerald%2cBri an.pdf http://faculty.salisbury.edu/~xswang/Research/Papers/SERelat ed/no-silver-bullet.pdf http://research.ijcaonline.org/volume87/number1/pxc3893251.p df http://www.cs.umd.edu/~basili/publications/proceedings/P95. pdf http://en.wikipedia.org/wiki/GQM http://www.squale.org http://www.sonarqube.org http://www.spazioit.com/pages_en/sol_inf_en/code_quality_en
October 2017 26 © 2017 Spazio IT - Soluzioni Informatiche s.a.s. Thank you for your time!
October 2017 27 © 2017 Spazio IT - Soluzioni Informatiche s.a.s.