Code decay



In several software projects, large code bases are developed and then maintained over a long operational lifetime. During this period, because of the maintenance activities, the internal structure of the code base changes, usually degrading (like the rocks in the picture). This is due to many reasons, for instance code is modified without paying proper attention to refactoring (and therefore generating duplicated fragments of code) or without the necessary consistency checks with the related documentation at requirements and design level; as another example, some particular code portions may with time become too complex to be easily understood and managed; and so on…

Static Analysis

Static analysis and in particular some metrics like the cyclomatic complexity, the number of lines of code per compilation unit or per subprogram as well as the capability of finding duplicated code fragments can help in identifying “hot-spots”, i.e. portions of code requiring special attention. A proper tracking of the evolution over time of those “hot-spots” is the key to keep the code base under control.

Dynamic Analysis

Dynamic Analysis consists of two different and complementary activities:

testing – unit testing, integration testing and acceptance testing – that is verifying that the software system behaves as expected

coverage analysis – that is verifying that during the testing all code statements/branches have been executed

SonarQube is an open source platform to manage code quality. SonarQube is a web application exposing reports on duplicated code, coding standards, unit tests, code coverage, complex code, potential bugs, comments and design and architecture.

SonarQubeâ€™s primary supported language is Java.

Activities on Ada

Spazio IT and Inopus have developed for AIRBUS Helicopters a SonarQube Ada Plugin , i.e. a bridgeâ€? that allows SonarQube to handle code bases written in Ada. The plugin relies on either AdaCore GNAT Metric or SCITOOLS Understand to gather Ada metrics for the Static Analysis and relies on either AdaCore GNATtest (Aunit) or Atego Apex Testmate for the Dynamic Analysis. The following images show GNAT, Understand and Apex Testmate integration with SonarQube. This industrial presentation was given by Spazio IT at the Ada-Europe 2015 conference.

GNAT, Understand, Apex Testmate, SonarQube Integration Details

Note: the last supported version of Spazio IT Ada Plugin is 2.4.3 and it runs on SonarQube 7.1.

Activities on C/C++

In addition to the Ada Plugin, Spazio IT has also tailored the Sonar C/C++ Plugin (community version) to make SonarQube a suitable platform for the execution of “Independent Verification and Validation” (IVV) activities on C/C++ space software. This work has been performed under a programme of, and funded by the European Space Agency. This paper, by NASA JPL, describes some static analyses aiming at locating violations to the MISRA guidelines and similar to the ones currently performed by Spazio IT. This presentation describes Spazio IT Code Quality Platforms in the overall context of Code Inspection. This web page shows the importance of having a tool able to enforce Coding Standards and Guidelines. This presentation was given by Spazio IT at the TEC-ED & TEC-SW Final Presentation Days 2014 December.

This presentation on Bounded Model Checking and Abstract Interpretation was given by Spazio IT at the 4th IEEE International Workshop on Metrology for Aerospace 2017.

This industrial presentation on MISRA and CERT Guidelines was given by Spazio IT at the Ada-Europe 2018 conference.

This industrial presentation on Clang and its Static Analyzers was given by Spazio IT at the Ada-Europe 2019 Conference.

Activities on Java

Spazio IT is actively promoting the use of SonarQube also in the Java Ecosystem. This presentation explains why.

Feel free to contact Spazio IT to get your customized Code Quality Control Platform based on SonarQube. (Supported Languages: Java, C, C++, C#, Ada)



Quality coding, like quality music, requires dedication, discipline, method and passion.