“If you do up-front inspections and if you use static analysis before testing begins, your schedule will be shrunk by at least 50% and your software quality will be above 95%,”- CarperJones,leading specialist in software engineering methodologies Jones believes that static code analysis and inspections of individual lines of code should be done before the testing phase in order to allow testing to catch the remaining bugs and provide a secure, stable product for customers. The business impact of software defects has never been greater, from time to market delays to customer satisfaction issues. The era of GPF and front end errors are addressed by usage of well-designed Platform Architecture such as Ramco Virtualworks. However, the business logic is embedded extensively into the SQL and the resource skill plays critical role in implementing the business logic. Implementation challenges Challenge # 1: Static code analysis as a standalone process is highly difficult to implement and validate the use of it. Solution: a) The Static Code analysis process has been integrated with Configuration Management Process. b) Enabled developers to sanitize the code before ready for check-in to the Controlled Source Safe. Challenge # 2:Latent Exceptions – In a situation where the teams are in support or smaller enhancement mode, the changes are done incrementally on existing artefacts, resolving the latent exceptions considered as obstacles in meeting the immediate expectations. Not introduced by me syndrome. Solution:Provided options to:
- to review the exceptions
- clear or defer with reason for deferral for follow-up action
- submit the code for review.
Challenge # 3:Source Control & Exception tracking – There is no clarity on whether the codes being checked-in have been subjected to static code analysis and whether necessary steps have been taken to resolve or defer the exceptions. Solution: a) Reviewer has the ability to view the exceptions and either accept or revert to developer for necessary corrections. b) Check-in process validates that the source code version getting checked into the Controlled Source Safe, is sanitized by the static code analyzer and allows only code which is reviewed. Benefits:
- Enables reviewers to focus on logical errors.
- Central Repository of Sanitized code base details.
- All known or un-cleared exceptions, technical debt, are available for ready reference.
Use of static code analysis tools unearths the syntactical errors much early in the life cycle of the development by developers themselves. This enables the code reviewers to focus on the most important business logic part, thus improving the overall internal quality. References http://www.sdtimes.com/link/35922