90 likes | 200 Vues
What's the Big Deal About CQCs?. By: Rick Hess, Pat Theeke. Code Quality Characteristics (CQCs, or Checks). What does your project care about looking for? Example source: Goddard Open Learning Design (GOLD) Rules http :// standards.gsfc.nasa.gov/gsfc-std/gsfc-std-1000/gsfc-std-1000.html
E N D
What's the Big Deal About CQCs? By: Rick Hess, Pat Theeke
Code Quality Characteristics (CQCs, or Checks) • What does your project care about looking for? • Example source: Goddard Open Learning Design (GOLD) Rules http://standards.gsfc.nasa.gov/gsfc-std/gsfc-std-1000/gsfc-std-1000.html • Used as Inputs to the Static Code Analysis Method
Overview of the Method • Created to work with the Evidence-based Assurance effort. • Inputs are CQCs, and a list of the tools that are applicable (can handle the given code language(s), limitations of the tools have been considered). • Within the method, determine which tool, or combination of tools, provide the most coverage for the CQCs you care about. • Output from the method is the analysis results from the tools selected.
Determining which tools need to be used. • Determine what you want to analyze, before you run your tools • Regarding CQCs, what does the project want to look for? • Which tools can I use to provide coverage among all my CQCs?
Verify Software Code Quality using the Static Code Analysis Method – Next Steps • Add a description about a using formal Capability Matrix based upon what the tools can do/say they can do to assist in picking the specific tool. • Add on to the current method to include the following: For the CQCs that cannot be covered by Static Code Analysis, the project then needs to determine whether performing other activities will fill in the ‘gap’, and is it worth the cost? (Manual Analysis, for example)
Proposed CD Effort • Create a Capability Matrix to show which CQCs are coveredand NOT covered by specific tools. • Tools usually broadcast most of what they CAN do. You never hear about the functionality that isn’t available or was removed. • Create a set of validation programs, or scripts • assure that we understand the capabilities and limitations of our tools • Verify that new tools and new version of existing tools have not limited or removed existing capabilities • Help to identify when additional/different tools and/or Methods may be required, and when existing tools no longer meet our needs
Another possible example of CQCs: SWAT Code Defect Categories