CAE-SCRUB for Incorporating Static Analysis into Peer Reviews

Similar documents
Software configuration management

A Cloud-based Architecture for Processing 3D Mars Terrain

Microsoft SharePoint Server 2013 Plan, Configure & Manage

Verification Using Static Analysis

Continuous Integration / Continuous Testing

Google Cloud Platform for Systems Operations Professionals (CPO200) Course Agenda

Cisco SP Wi-Fi Solution Support, Optimize, Assurance, and Operate Services

Test Automation Strategies in Continuous Delivery. Nandan Shinde Test Automation Architect (Tech CoE) Cognizant Technology Solutions

<Project Name> Configuration Management/Data Management Plan

Part II. Integration Use Cases

Software Project Management II

Advanced Solutions of Microsoft SharePoint Server 2013

Comprehensive Test Management with Parametrization Manual and Automated Test Execution Test Case Library Management & Re-use Requirements Test

THE AUTOMATED TEST FRAMEWORK

HPE 3PAR Remote Copy Extension Software Suite Implementation Service

IAM. Shopping Cart. IAM Description PM OM CM IF. CE SC USM Common Web CMS Reporting. Review & Share. Omnichannel Frontend...

SAP Solution Manager Test Workbench

Automated Testing of Tableau Dashboards

SYDNEY FESTIVAL PRIVACY POLICY

Advanced Solutions of Microsoft SharePoint Server 2013 Course Contact Hours

HP ALM Overview. Accelerating Innovation, Industrialising Quality. Oren Ziv, Product Manager, QC/ALM

Advanced Solutions of Microsoft SharePoint 2013

Cisco Network Programmability for the Enterprise NPEN v1.0

Chapter 9 Quality and Change Management

outline Reliable State Machines MER Mission example

Los Angeles County Metropolitan Transportation Authority (Metro) Arterial Performance Measures Framework

Pearson Education 2007 Chapter 9 (RASD 3/e)

Disruption Tolerant Networking Across Mission Critical

Top Reasons To Audit An IAM Program. Bryan Cook Focal Point Data Risk

Secure Development Lifecycle

Application to Library: Re-Architecting a Large Monolithic TCL Application

COPYRIGHTED MATERIAL

Configuration Management Certification Courses

The Now Platform Reference Guide

Implementation Guide for Delivery Notification in Direct

Connection Logging. Introduction to Connection Logging

Cisco Network Assurance Engine with ServiceNow Cisco Network Assurance Engine, the industry s first SDN-ready intent assurance suite, integrates with

Requirements and Design Overview

Introduction to ALM, UFT, VuGen, and LoadRunner

The ITIL Foundation Examination

SALOME Maintenance Procedure. Frédéric Pons (Open Cascade) Roman Nikolaev (Open Cascade)

PowerShell for System Center Configuration Manager Administrators

QC MOCK TEST QC MOCK TEST

Hybrid Agent-Landscape Model Composition

Observatory Control System Test Plan Steve Wampler High-Level Software

Business Analysis for Practitioners - Requirements Elicitation and Analysis (Domain 3)

DevSuite Admin Guide. Date:

10747D: ADMINISTERING SYSTEM CENTER 2012 CONFIGURATION MANAGER

UNCLASSIFIED. FY 2016 Base FY 2016 OCO

China Unicom SDN Practice in WAN. Lv Chengjin/Ma Jichun, China Unicom

e-sens Nordic & Baltic Area Meeting Stockholm April 23rd 2013

AGL-Fuego display change flow

Quality Assurance Criteria (China)

CASA External Peer Review Program Guidelines. Table of Contents

ESET Remote Administrator 6. Version 6.0 Product Details

University of Texas Arlington Data Governance Program Charter

"Charting the Course... MOC 6294 A Planning and Managing Windows 7 Desktop Deployments and Environments Course Summary

HP Application Lifecycle Management. Upgrade Best Practices

Data Management and Sharing Plan

International Journal of Computer Science Trends and Technology (IJCS T) Volume 4 Issue 3, May - Jun 2016

CUSTOM OPTION TEMPLATE FOR MAGENTO 2

IPC Integrated Food Security Phase Classification. Lesson: IPC Quality Assurance

Introduction to Software Engineering

for TOGAF Practitioners Hands-on training to deliver an Architecture Project using the TOGAF Architecture Development Method

Jet Data Manager 2014 Product Enhancements

COURSE OUTLINE MOC : PLANNING AND ADMINISTERING SHAREPOINT 2016

Technical Publications

5.10 CUSTOMER SPECIFIC DESIGN AND ENGINEERING SERVICES (L )

IBM Exam A IBM WebSphere Process Server V7.0, Deployment Version: 6.0 [ Total Questions: 65 ]

Information Security Office. Server Vulnerability Management Standards

OTC Tools Development and Release process. Igor Stoppa & Eduard Bartosh & JF Ding V May 2013

Technical Publications

EUROPEAN ICT PROFESSIONAL ROLE PROFILES VERSION 2 CWA 16458:2018 LOGFILE

Technical Publications

ConCert FAQ s Last revised December 2017

@ECHO OFF c: cd \ msiexec /qn /i \\ \apps\SBACSecureBrowser6.3-Win.msi REBOOT=ReallySuppress exit

Administering System Center 2012 Configuration Manager

Sonatype CLM Enforcement Points - Nexus. Sonatype CLM Enforcement Points - Nexus

PowerShell for System Center Configuration Manager Administrators (55133)

Technical Publications

Software Development Methodologies

ETSI TS V ( )

Product Security Program

6294: Troubleshooting and Supporting Windows 7 in the Enterprise

FIVE BEST PRACTICES FOR ENSURING A SUCCESSFUL SQL SERVER MIGRATION

INFORMATION ASSURANCE DIRECTORATE

Enterprise Architect Training Courses

SRI VENKATESWARA COLLEGE OF ENGINERRING AND TECHNOLOGY THIRUPACHUR,THIRUVALLUR UNIT I OOAD PART A

Building a Real-time Notification System

PALANTIR CYBERMESH INTRODUCTION

After completing this course, participants will be able to:

Architectural Design. Architectural Design. Software Architecture. Architectural Models

SilverCreek The World s Best-Selling SNMP Test Suite

J2EE Application Development : Conversion and Beyond Osmond Ng

CMPIC s CM Training & Certification Courses

Course 10747D: Administering System Center 2012 Configuration Manager Exam Code:

9 Reasons To Use a Binary Repository for Front-End Development with Bower

INTERNATIONAL STANDARD

Deliver robust products at reduced cost by linking model-driven software testing to quality management.

Emergency Support Function #2 Communications Annex INTRODUCTION. Purpose. Scope. ESF Coordinator: Support Agencies: Primary Agencies:

Transcription:

CAE-SCRUB for Incorporating Static Analysis into Peer Reviews Lyle Barner Jet Propulsion Laboratory, California Institute of Technology California Institute of Technology Government sponsorship acknowledged

What is CAE-SCRUB? Computer Aided Engineering-Source Code Review User Browser Peer review tool for static code analysis Originally developed by Gerard Holzmann of JPL s Laboratory for Reliable Software Currently maintained by JPL s CAE group and Software Quality Assurance (SQA) group Used by many past and current JPL projects Baseline version available to JPL projects that can be configured to meet project needs 3/7/2018 1

The Value of CAE-SCRUB Helps organize and guide the code review process Aggregates and facilitates review of static code warnings Captures and manages review comments Allows developers and reviewers to concentrate on more contentious issues without neglecting code reviews Combines effectiveness of peer reviews and total coverage of static analysis Integrates static code analysis reviews into the software development lifecycle by treating each static analyzer as a peer in code reviews 3/7/2018 2

How it Works Use configuration information to invoke different static analyzers to examine source code Filter warnings based on the scope of the peer review Provide standardized results that can be reviewed using the GUI as part of a regular peer review Use GUI s review process to agree with, disagree with, and discuss all issues found by the analyzers and add generic peer review comments Review results trigger code changes to resolve issues 3/7/2018 3

Standardization of Warnings A common format for displaying warnings Post-processing performs mapping from static analyzer format to CAE-SCRUB format Identification Location Source ID Priority File Path Line Number Query Name Warning Description 3/7/2018 4

Evolution of CAE-SCRUB Inherited a very well establish version of SCRUB, but it was not suitable for large-scale deployment Refactored backend code Improved architecture and stability Simplified setup process via configuration file based setup Improved error handling capabilities Improved installation guide and user guide Transitioned to git for version control 3/7/2018 5

Architecture Development Machine Source Code Analyzes Static Analyzers Creates Output Files Runs Reads Reads CAE- SCRUB 3/7/2018 6

Program Flow User CAE-SCRUB Static Analyzer Initiate Run Initialize Call Analyzer Perform Build/Analysis Yes Post-process output Clean Build Create Output More analyzers? No Perform Peer Review 3/7/2018 7

Typical Usage Example 1. CAE-SCRUB is run on desired revision/branch of source code Either manually or via system automation 2. Peer reviewers are notified of new results 3. Reviewers Agree/Disagree/Discuss results asynchronously 4. Lead developer analyzes peer review results and organizes peer review if necessary Items where peer reviewers concur are not discussed Solutions are proposed where applicable False positives are noted and filtered out 5. Synchronous peer review is held to disposition remaining warnings 3/7/2018 8

GUI Overview Directory Browser Warning Context Reviewers vote and add/edit comments File List Warning Browser Reviewer can see each warning in context to help with discussion and disposition Reviewers disposition each warning 3/7/2018 9

Things CAE-SCRUB Does Well Provides a framework for static code analysis aggregation Provides a standardization of error types Streamlines the static analysis review process Implements a repeatable review process that can be integrated into development lifecycle 3/7/2018 10

Areas for Improvement Difficult to deploy Requires detailed knowledge of how to configure multiple static analyzers Currently no integration with CM tools Number of warnings can be overwhelming Quality of results is highly dependent upon configuration No severity ranking information 3/7/2018 11

The Path Forward Investigate integration with other code review tools Integration with COTS peer review tools can mitigate the need to maintain local deployments of CAE- SCRUB Create baseline set of queries to be run for each static analyzer Create ranking system for types of warnings General stability improvements for backend Customizable query lists for static analysis tools 3/7/2018 12

Summary CAE-SCRUB is a tool for integrating static analysis results into the peer review process It creates an extensible framework for connecting with static analysis tools Extensive work has been done to make largescale deployment a possibility Integration with other software engineering tools is a top priority going forward 3/7/2018 13

Current Areas of Investigation Integration with CM tools such as git Integration with continuous integration tools such as Jenkins Integration with code review tools such as Collaborator 3/7/2018

Implementation Backend realization Collection of bash scripts handle running the static analyzers Collection of Python scripts handle post-processing of data from static analyzers Frontend GUI written in Tcl/Tk Frontend handles viewing and commenting on the results from the static analyzers 3/7/2018

What is Static Analysis Identifies patterns in code that indicate refactoring opportunities to make code more maintainable Code reviews are not a feasible way to review millions of lines of code Provides automated checks against JPL coding standards and best practices Static analysis can perform verification, but not validation 3/7/2018

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback