Code Inspection

Krishnamoorthy, Shyaamkumaar

January 2009

<p>Real time systems, used in most of the day-to-day applications, require time critical exection of tasks. Worst Case Execution Time Analysis (WCET) is performed to ensure the upper bound on the time they can take to execute. This work aims to perform a static analysis of the industry standard code segments to provide valuable information to aid in choosing the right apporach towards WCET analysis. Any code segment can be analyzed syntactically, to gain some insights to the effects that a particular coding syntax format may have. With focus on the functions and looping statements, vaulable information regarding the code segments inspected can be obtained. For this purpose, the code segments from CC systems, Vasteras , were inspected. Scope graphs generated by SWEET, the Swedish Execution Time tool were used extensively to aid this work. It was found that syntactical analysis could be performed effectively for the code segments that were analysed as a part of this task.</p>

Code Inspection

WCET

SWEET

CC systems

EURECA

Code Inspection

Krishnamoorthy, Shyaamkumaar

January 2009

Real time systems, used in most of the day-to-day applications, require time critical exection of tasks. Worst Case Execution Time Analysis (WCET) is performed to ensure the upper bound on the time they can take to execute. This work aims to perform a static analysis of the industry standard code segments to provide valuable information to aid in choosing the right apporach towards WCET analysis. Any code segment can be analyzed syntactically, to gain some insights to the effects that a particular coding syntax format may have. With focus on the functions and looping statements, vaulable information regarding the code segments inspected can be obtained. For this purpose, the code segments from CC systems, Vasteras , were inspected. Scope graphs generated by SWEET, the Swedish Execution Time tool were used extensively to aid this work. It was found that syntactical analysis could be performed effectively for the code segments that were analysed as a part of this task.

Code Inspection

WCET

SWEET

CC systems

EURECA

Formal Methods For Verification Based Software Inspection

Powell, Daniel, n/a

January 2003

Useful processes, that are independently repeatable, are utilised in all branches of science and traditional engineering disciplines but seldom in software engineering. This is particularly so with processes used for detection and correction of defects in software systems. Code inspection, as introduced by Michael Fagan at IBM in the mid 1970's is widely recognised as an effective technique for finding defects in software. Despite its reputation, code inspection, as it is currently practiced, is not a strictly repeatable process. This is due to the problems faced by inspectors when they attempt to paraphrase the complicated semantics of a unit of computer code. Verification based software inspection, as advocated by the cleanroom software engineering community, requires that arguments of correctness be formulated with the code and its specification. These arguments rely on the reader being able to extract the semantics from the code. This thesis addresses the requirement for an independently repeatable, scalable and substantially automated method for yielding semantics from computer code in a complete, unambiguous and consistent manner in order to facilitate, and make repeatable, verification based code inspection. Current literature regarding the use of code inspection for verification of software is surveyed. Empirical studies are referenced, comparing inspection to software testing and program proof. Current uses of formal methods in software engineering will be discussed, with particular reference to formal method applications in verification. Forming the basis of the presented method is a systematic, and hence repeatable, approach to the derivation of program semantics. The theories and techniques proposed for deriving semantics from program code extend current algorithmic and heuristic techniques for deriving invariants. Additionally, the techniques introduced yield weaker forms of invariant information which are also useful for verification, defect detection and correction. Methods for using these weaker invariant forms, and tools to support these methods, are introduced. Algorithmic and heuristic techniques for investigating loop progress and termination are also introduced. Some of these techniques have been automated in supporting tools, and hence, the resulting defects can be repeatably identified. Throughout this thesis a strong emphasis is placed on describing implementable algorithms to realise the derivation techniques discussed. A number of these algorithms are implemented in a tool to support the application of the verification methods presented. The techniques and tools presented in this thesis are well suited, but not limited to, supporting rigorous methods of defect detection as well as formal and semi-formal reasoning of correctness. The automation of these techniques in tools to support practical, formal code reading and correctness argument will assist in addressing the needs of trusted component technologies and the general requirement for quality in software.

software verification

verification-based software inspection

code inspection

software defects

defective software

An Evaluation Of The Reinspection Decision Policies For Software Code Inspections

Nalbant, Serkan

01 January 2005

This study evaluates a number of software reinspection decision policies for software code inspections with the aim of revealing their effects regarding cost, schedule and quality related objectives of a software project. Software inspection is an effective defect removal technique for software projects. After the initial inspection, a reinspection may be performed for decreasing the number of remaining defects further. Although, various reinspection decision methods are proposed in the literature, no study provides information on the results of employing different methods. In order to obtain insight about this unaddressed issue, this study compares the reinspection decision policies by finding out and analyzing their performance with respect to designated measures and preference profiles for cost, schedule, and quality perspectives in the context of a typical Software Capability Maturity Model Level 3 software organization. For this purpose, a Monte Carlo simulation model, which represents the process comprising initial code inspection, reinspection, testing and field use activities, is employed in the study together with the experiment designed in order to consider different circumstances under which the mentioned process operates. The study recommends concluding the reinspection decision by comparing inspection effectiveness measure for major defects with respect to a moderately high threshold value (i.e. 75%). The study also reveals that applying default decisions of &lsquo / Never Reinspect&rsquo / and &lsquo / Always Reinspect&rsquo / do not exhibit the most appropriate outcomes regarding cost, schedule, and quality. Additionally, the study presents suggestions for further improving the cost, schedule, and quality of the software based on the analysis of the experiment factors.

KIRT : uma técnica de leitura baseada em informações-chave e visualização para inspeção de código com suporte computacional

Belgamo, Anderson

10 December 2015

Submitted by Livia Mello (liviacmello@yahoo.com.br) on 2016-09-30T14:28:59Z No. of bitstreams: 1 TeseAB.pdf: 3344244 bytes, checksum: 730def413199e55b254a6488a3bb47ef (MD5) / Approved for entry into archive by Marina Freitas (marinapf@ufscar.br) on 2016-10-20T16:18:26Z (GMT) No. of bitstreams: 1 TeseAB.pdf: 3344244 bytes, checksum: 730def413199e55b254a6488a3bb47ef (MD5) / Approved for entry into archive by Marina Freitas (marinapf@ufscar.br) on 2016-10-20T16:18:36Z (GMT) No. of bitstreams: 1 TeseAB.pdf: 3344244 bytes, checksum: 730def413199e55b254a6488a3bb47ef (MD5) / Made available in DSpace on 2016-10-20T16:18:44Z (GMT). No. of bitstreams: 1 TeseAB.pdf: 3344244 bytes, checksum: 730def413199e55b254a6488a3bb47ef (MD5) Previous issue date: 2015-12-10 / Não recebi financiamento / Code inspection is an important activity to assure the software quality that, in some cases, shows a better performance than the testing activity. Its application depends on the use of reading techniques that assist the inspector both in understanding the code and in executing the inspection. Although there are some reading techniques that support code inspection, Stepwise Abstraction, for example, was set to the procedural paradigm and requires that even the simplest code be abstracted. Other techniques such as Checklist, Use Case based, etc., are prone to the inspector’s experience since they do not provide a systematic procedure and they are not supported by facilitating resources. A computer-aided code inspection providing visualization facilities for applying Stepwise Abstraction – the CRISTA tool - was developed in another work of this research group. This tool has shown to be an effective and efficient approach for code inspection. Objective: To present the reading technique KIRT (Key-Information Reading Techniques) that was defined through operational scenarios, in order to establish systematic guidelines for conducting the code inspection. KIRT was based on reading patterns obtained from the analysis of the inspectors’ behaviors, considering features of the object-oriented paradigm, and using visual metaphors that guide the inspector during the inspection. Method: Considering the intention of understanding how the code inspection is carried out in practice, the research was based evolutive cycles, performed through four cycles that were the basis for defining and evaluating KIRT. In each cycle, studies were performed to generate subsidies for supporting subsequent cycles. The KIRT technique was set with the main purpose of identifying defects and, in addition, source code improvements. Once defined, three experimental studies were conducted to: (i) evaluate the contribution of the visual metaphor implemented in CRISTA tool for defects identification; (ii) evaluate KIRT technique (using two different metrics) regarding the effectiveness and efficiency in the identification of defects and source code improvements; (iii) evaluate KIRT technique in relation to the Checklist technique. Results: The results of the experimental studies showed that (i) the visual metaphor influenced the number of source code improvements and false positives identified; (ii) KIRT technique (instantiated by two distinct metrics) was complementary; (iii) the effectiveness and efficiency of the KIRT technique were better than Checklist. Conclusion: In the experimental studies the KIRT technique showed satisfactory results regarding the effectiveness and efficiency in identifying defects, and generated few false positives. Moreover, the KIRT technique identified more source code improvements than Checklist. Based on the results we can say that KIRT technique can be used for code inspection in practice, mainly because they are supported by CRISTA, which provides procedures and visual metaphors for conducting the code inspection activity. Consequently, if they reach the objective of identifying defects, we can say that they contribute to the overall quality of the software. / A inspeção de código é uma importante atividade para garantia da qualidade de software, mostrando, às vezes, desempenho superior em relação à atividade de teste. Sua aplicação depende da utilização de técnicas de leitura que auxiliem o inspetor tanto na compreensão do código como na condução da atividade em si. Apesar de existirem algumas técnicas de leitura de código que dão suporte à inspeção, a Stepwise Abstraction, por exemplo, foi definida para o paradigma procedimental e exige que até as partes mais simples sejam abstraídas; outras técnicas como Checklist, Baseada em Casos de Usos, etc., são suscetíveis à experiência do inspetor, pois não possuem um procedimento sistemático e, além disso, não contam com recursos facilitadores para sua aplicação. Uma iniciativa de suporte computacional com o facilitador de visualização agregado à técnica Stepwise Abstraction está implementada na ferramenta CRISTA, desenvolvida em outro trabalho deste grupo de pesquisa, que mostrou ser uma abordagem efetiva e eficiente para inspeção de código. Objetivo: Apresentar a técnica de leitura KIRT (Key-Information Reading Technique) que foi definida por meio de cenários operacionais, com o propósito de estabelecer diretrizes sistemáticas para realizar inspeção de código. Ela foi baseada em padrões de leitura extraídos da análise do comportamento de inspetores, contemplando particularidades do paradigma orientado a objetos, e fazendo uso de metáforas visuais que guiam o inspetor nas tarefas a serem realizadas. Metodologia: Considerando a necessidade de compreender como a inspeção de código é realizada na prática, a pesquisa foi baseada por meio de quatro ciclos investigativos que serviram de base para a definição e para a avalição da técnica de leitura KIRT. Em cada ciclo executaram-se estudos que geraram resultados parciais que embasaram os ciclos subsequentes. A técnica KIRT foi definida com o propósito principal de identificação de defeitos e, adicionalmente, de melhorias no código-fonte. Após definida, três estudos experimentais foram realizados: (i) para avaliar a contribuição da metáfora visual implementada na CRISTA, para a identificação de defeitos; (ii) para avaliar a técnica de leitura KIRT usando duas métricas distintas em relação à efetividade e eficiência na identificação de defeitos e melhorias no código; (iii) para avaliar a técnica de leitura KIRT usando uma métrica específica em relação à técnica Checklist. Resultados: os resultados dos experimentos mostraram que (i) a metáfora visual influenciou em um maior número de melhorias de código identificadas e um menor número de falso-positivos; (ii) a técnica KIRT com as duas métricas distintas utilizadas são complementares; (iii) a efetividade e eficiência da técnica KIRT foram melhores que a técnica Checklist da literatura. Conclusão: Nos diferentes estudos em que foi avaliada, a técnica KIRT apresentou resultado satisfatório em relação à efetividade e eficiência na identificação de defeitos, gerando baixo número de falso-positivos. Além disso, ela se mostrou efetiva na identificação de melhorias no código. Com esses resultados pode-se dizer que a técnica KIRT constitui uma alternativa para a inspeção de código na prática, uma vez que contam com apoio da CRISTA, que oferece suporte para os procedimentos definidos, com o facilitador de metáforas visuais. Consequentemente, a aplicação da técnica KIRT pode promover a qualidade geral do software.

Inspeção de código

Técnicas de leitura

Visualização

Engenharia de software experimental

Code inspection

Techniques

Visualization

Experimental software enginnring

A latency comparison in a sharded database environment : A study between Vitess-MySQL and CockroachDB

Lundh, Filip, Mohlin, Mikael

January 2022

The world is becoming more and more digitized which in turn puts pressure on existing applications and systems to be able to handle large quantities of data. And  in some cases, that data also needs to be operated in secure and isolated environments. To address these needs, a new category  of databases has emerged, by the name of NewSQL. The downside of this new category is that it still remains unexplored in some areas, such as how each database under that category performs towards each other, or even towards databases belonging to other categories. One major aspect, in terms of performance is latency, since it affects the overall user-experience. In order to clear up some of the unexplored areas within NewSQL, two databases were studied in the context of their latency performance: CockroachDB and Vitess. The study was divided into two main parts. The first one, was a quantitative study, which was about gathering data on how each database performed in terms of latency when serving the create, read, update, and delete-operations. No clear differences in latency were found for the create- and read-operations. While the results for update- and delete-operations showed significant differences where Vitess had lower latency than CockroachDB.  The second part of this study was a qualitative study, dedicated to analyze and inspect each database architecture and source code. The intention was to identify potential factors that may affect latency performance. The outcome from the analysis was that three main factors could be identified. The first identified factor is that CockroachDB had a layered architecture and that it needed to translate SQL queries into a set of key-value operations. The second one is that the databases makes use of different storage engines, which in turn can have differences in performance. The third and final identified factor is that MySQL, which was integrated with Vitess, had existed for a longer period of time compared to CockroachDB. Which indicates that the database probably has been more optimized over the years.

Architecture Analysis

CockroachDB

Database Management System

Distributed SQL

Latency Comparison

MySQL

NewSQL

Sharding

Source Code Inspection

Vitess

Computer and Information Sciences

Data- och informationsvetenskap

CRISTA : um apoio computacional para atividades de inspeção e compreensão de código

Porto, Daniel de Paula

18 May 2009

Made available in DSpace on 2016-06-02T19:05:38Z (GMT). No. of bitstreams: 1 2434.pdf: 10415904 bytes, checksum: cf49390a38715c53ffe39e9881ed117c (MD5) Previous issue date: 2009-05-18 / Financiadora de Estudos e Projetos / Software inspection is a key activity of software quality assurance that can be applied in the whole development process since it is a static activity essentially based on reading. Depending on the artifact that is being inspected, we need to apply the appropriated reading technique. Stepwise Abstraction (SA) is a reading technique commonly used in code inspections. However, its application is laborious and time consuming. Aiming to help and facilitate the application of SA, this work presents CRISTA (Code Reading Implemented with Stepwise Abstraction), a tool to support SA-based inspection processes. This tool uses a visual metaphor to facilitate code navigation and has several resources to help program understanding and documentation. Due to these resources, CRISTA is also helpful for reverse engineering, re-engineering and maintenance activities. Three experimental studies were carried out to get feedback on the tool usability and usefulness for inspections and maintenance activities. The results provide insights that CRISTA is easy to use and adequately supports the inspection process as well as code reading by Stepwise Abstraction. Besides, in the context of maintenance, its resources make this activity less time-consuming. / Inspeção de software é uma atividade chave de garantia de qualidade de software que pode ser aplicada durante todo o processo de desenvolvimento uma vez que é uma atividade estática, baseada essencialmente em técnica de leitura. Dependendo do artefato inspecionado, é preciso aplicar a técnica apropriada. No caso de inspeção de código uma técnica comumente utilizada é a Stepwise Abstraction (SA). No entanto, sua aplicação é trabalhosa e consome muito tempo. Com o objetivo de auxiliar e facilitar a aplicação da SA, este trabalho apresenta a CRISTA (Code Reading Implemented with Stepwise Abstraction), uma ferramenta que apóia o processo de inspeção baseado em SA. Essa ferramenta usa uma metáfora visual para facilitar a navegação pelo código e possui vários recursos que ajudam na compreensão do código e em sua documentação. Devido a esses recursos, a CRISTA também auxilia nas atividades de engenharia reversa, re-engenharia e manutenção. Foram realizados três estudos experimentais com o objetivo de se obter uma realimentação sobre a usabilidade e a utilidade da ferramenta em atividades de inspeção e manutenção. Os resultados fornecem evidências de que a CRISTA é fácil de ser utilizada e apóia adequadamente o processo de inspeção, bem como a leitura de código utilizando a Stepwise Abstraction. Além disso, no contexto de manutenção, os recursos da ferramenta ajudam a diminuir o tempo dessa atividade.

Engenharia de software

Inspeção de software

Visualização de software

Compreensão de dados

Manutenção de programas

Engenharia reversa

Code Inspection

Stepwise abstraction

Software visualization

Code comprehension

Maintenance

Reverse Engineering

Re-engineering

Implementation and Evaluation of a Continuous Code Inspection Platform / Implementation och utvärdering av en kontinuerlig kodgranskningsplattform

Melin, Tomas

January 2016

Establishing and preserving a high level of software quality is a not a trivial task, although the benefits of succeeding with this task has been proven profitable and advantageous. An approach to mitigate the decreasing quality of a project is to track metrics and certain properties of the project, in order to view the progression of the project’s properties. This approach may be carried out by introducing continuous code inspection with the application of static code analysis. However, as the initial common opinion is that these type of tools produce a too high number of false positives, there is a need to investigate what the actual case is. This is the origin for the investigation and case study performed in this paper. The case study is performed at Ida Infront AB in Linköping, Sweden and involves interviews with developers to determine the performance of the continuous inspection platform SonarQube, in addition to examine the general opinion among developers at the company. The author executes the implementation and configuration of a continuous inspection environment to analyze a partition of the company’s product and determine what rules that are appropriate to apply in the company’s context. The results from the investigation indicate the high quality and accuracy of the tool, in addition to the advantageous functionality of continuously monitoring the code to observe trends and the progression of metrics such as cyclomatic complexity and duplicated code, with the goal of preventing the constant increase of complex and duplicated code. Combining this with features such as false positive suppression, instant analysis feedback in pull requests and the possibility to break the build given specified conditions, suggests that the implemented environment is a way to mitigate software quality difficulties. / 建立和保持高水平的软件质量可以带来经济利益等诸多好处，然而这是一项很困难的任务。其中一种防止软件项目质量下降的方法是通过跟踪项目的度量值和某些属性，来查看项目的属性的变化情况。通过引入持续的代码审查和应用静态代码分析方法可以实现这种方法。然而，在人们的印象中，这类工具往往具有较高的误检，因此需要进一步调查实际情况、研究其可行性，这是本文的初始研究目标。本文在瑞典林雪平的Ida Infront AB公司开展了案例研究，调研了该公司开发人员的意见，并通过访问开发人员，确定持续的代码审查平台SonarQube的性能。作者对持续的代码审查环境进行了配置，分析了公司的部分产品，进而确定哪些规则适用于该公司。调查结果表明该工具是高质量并且准确的，还提供了持续监测代码来观察度量值的趋势和进展等先进功能，例如通过监测环路复杂度和重复代码等度量值，来防止复杂度和重复代码的增加。通过组合误检压缩、对pull requests的瞬间分析反馈、以及分解和建立给定的条件等特征，使得所实现的环境成为一种可以降低软件质量保障难度的方式。

Static Code Analysis

Continuous Code Inspection

SonarQube

Software Quality

Statisk kodanalys

kontinuerlig kodgranskning

SonarQube

mjukvarukvalitet

Computer and Information Sciences

Data- och informationsvetenskap