1 / 9

What's the Big Deal About CQCs?

What's the Big Deal About CQCs?. By: Rick Hess, Pat Theeke. Code Quality Characteristics (CQCs, or Checks). What does your project care about looking for? Example source: Goddard Open Learning Design (GOLD) Rules http :// standards.gsfc.nasa.gov/gsfc-std/gsfc-std-1000/gsfc-std-1000.html

Download Presentation

What's the Big Deal About CQCs?

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. What's the Big Deal About CQCs? By: Rick Hess, Pat Theeke

  2. Code Quality Characteristics (CQCs, or Checks) • What does your project care about looking for? • Example source: Goddard Open Learning Design (GOLD) Rules http://standards.gsfc.nasa.gov/gsfc-std/gsfc-std-1000/gsfc-std-1000.html • Used as Inputs to the Static Code Analysis Method

  3. Overview of the Method • Created to work with the Evidence-based Assurance effort. • Inputs are CQCs, and a list of the tools that are applicable (can handle the given code language(s), limitations of the tools have been considered). • Within the method, determine which tool, or combination of tools, provide the most coverage for the CQCs you care about. • Output from the method is the analysis results from the tools selected.

  4. Determining which tools need to be used. • Determine what you want to analyze, before you run your tools • Regarding CQCs, what does the project want to look for? • Which tools can I use to provide coverage among all my CQCs?

  5. Verify Software Code Quality using the Static Code Analysis Method – Next Steps • Add a description about a using formal Capability Matrix based upon what the tools can do/say they can do to assist in picking the specific tool. • Add on to the current method to include the following: For the CQCs that cannot be covered by Static Code Analysis, the project then needs to determine whether performing other activities will fill in the ‘gap’, and is it worth the cost? (Manual Analysis, for example)

  6. Proposed CD Effort • Create a Capability Matrix to show which CQCs are coveredand NOT covered by specific tools. • Tools usually broadcast most of what they CAN do. You never hear about the functionality that isn’t available or was removed. • Create a set of validation programs, or scripts • assure that we understand the capabilities and limitations of our tools • Verify that new tools and new version of existing tools have not limited or removed existing capabilities • Help to identify when additional/different tools and/or Methods may be required, and when existing tools no longer meet our needs

  7. Questions?

  8. Backup Slides

  9. Another possible example of CQCs: SWAT Code Defect Categories

More Related