Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

20100309 05 - Air France : des audits manuels aux audits automatisés

37 views

Published on

From manual to automatic software audit

Published in: Software
  • Be the first to comment

  • Be the first to like this

20100309 05 - Air France : des audits manuels aux audits automatisés

  1. 1. Qualimetry From Manual to Automatic Software Audit
  2. 2. 2 What We Did During Manuel Audit • In June 2002, we started to do qualimetry audit on Air France software code - Document review - Manual review of existing document (architecture, specification) - Static analyze of Software code - Need a tools to analyze code (choose and training to Mc Cabe) - Semi automatic - « Rules Checking » - Check good practices and coding standards - Semi automatic - Dynamic analyze - Coverage of test cases (using Mc Cabe dynamic) - Semi automatic
  3. 3. 3 Analyze Based Existing Models Boehm's Quality Model McCall's Quality ModelISO 9126 Quality Model
  4. 4. 4 Used Qualimetry Method • Quality grid - Based on standard model - Multi-level approach - Factor: Quality external vision - Criteria: Quality internal vision - Practice: concrete project aspect - Metrics et rules: objective measures • Notation Tools Quality Practices Criteria Factors Metrics Rules Checking code documents models architecture Note using formulas and thresholds Final notes Weighing average
  5. 5. 5 Audit Manual History Sirroco On Demand Manual Audits 2002 2003 2004 2005 Monet Manet Solfege Socle vol Monet Manet Aurore Vcargo Gipsi Prototype EO / POCs Automation  SQUALE project Crew Keops Sirroco
  6. 6. 6 Need of Strict Notation • Automatic Audit needs a strict models and Notation (no manual review and adaptation) - Each component should noted according to metric and thresholds - Average needed to note factors and criterions • We had to solve 2 problems: - The threshold effect (white or black notation) - The “weighted” average (bad practice should be highlighted)
  7. 7. 7 0 0,5 1 1,5 2 2,5 3 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 Continuous Notation Evg (Essential Cyclomatic Complexity) Spaghetticodepractice Note = 2 6-evg 3
  8. 8. 8 Practice Average Weighted function with P(x) = 3 (1 – 9–x) 0 0,5 1 1,5 2 2,5 3 0 0,5 1 1,5 2 2,5 3 Actual note WeightedNote 0,81 Final Average Average Example with 3 notes 3, 2.5 and 0
  9. 9. 9 Squale: Audit Code Extraction Developer Qualimetry Tools analysis Check-in in ClearCase Qualimetry synthesis Mark computing 0 21 3 Final report consultation Code audit at predefined frequency: • weekly • monthly • on Milestones Project team 3 axes of browsing: • Factor / criteria / practice • Top • Components drill down
  10. 10. 10 Our Java Automatic Quality Grid Architecture Evolutionarity Maintenability Reuse capacity Architecture relevance Architecture respect Modeling Comprehension Homogeneity Modularity Integration capacity Simplicity Depend on Child Stability and abstractness level Dependency cycle Layer respect Documentation Inheritance depth Anti patterns predetection Method size Number of methods Spaghetti code Blob Swiss army knife Formatting standard Programming standard Naming standard ckjm dds Documentation standard Afferent Coupling Copy Paste Efferent Coupling
  11. 11. 11 A generic model <practice name="riskanalysis"/> <practice name="spaghetticode" effort="30"> <weight>lambda x:30.**-x</weight> <simpleformula> <level>method</level> <measures> <measure>mccabe</measure> </measures> <trigger></trigger> <formula>2**((6-mccabe.evg)/3.)</formula> </simpleformula> </practice> … <factor name="maintainability"> <criterium-ref name="comprehension" weight="1" /> <criterium-ref name="homogeneity" weight="1" /> <criterium-ref name="integrationcapacity" weight="1" /> <criterium-ref name="simplicity" weight="1" /> </factor>
  12. 12. 12 Few statistics •101 applications (mainly Java / J2EE) •More than 5 400 000 codes lines under Squale control SQUALE Deploy 0 100 200 300 400 500 600 700 14/12/05 24/3/06 2/7/06 10/10/06 18/1/07 28/4/07 6/8/07 14/11/07 Auditsnumber 0 5 10 15 20 25 30 35 40 45 Applicationsnumber Audits Applications

×