User Tools

Site Tools


a_development_chain_to_build_reliable_software

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
a_development_chain_to_build_reliable_software [2015/12/16 18:42]
sgripon [Continuous Integration with Jenkins]
a_development_chain_to_build_reliable_software [2016/04/16 11:20] (current)
sgripon
Line 1: Line 1:
 ====== A development chain to build reliable software ====== ====== A development chain to build reliable software ======
 +~~socialite~~
  
 Automation is a really important point to build reliable software. There are many tools available to do the job, and most of them are open-source. Automation is a really important point to build reliable software. There are many tools available to do the job, and most of them are open-source.
Line 31: Line 32:
  
 While peer code review is necessary for software changes, doing part of the job with a tool help saving time and increase quality. There are several tools on the market for static source code analysis and they incredibly find many defects developers have left, sometimes because they were junior developers, sometimes because the algorithm is complex and the defect was not obvious. While peer code review is necessary for software changes, doing part of the job with a tool help saving time and increase quality. There are several tools on the market for static source code analysis and they incredibly find many defects developers have left, sometimes because they were junior developers, sometimes because the algorithm is complex and the defect was not obvious.
 +
 +{{ ::​coverity.jpg?​400|}}
  
 One of the most important point to check when evaluating this kind of tool is the rate of false-positive. If the rate is too high, your developers will spend precious time to analyze defects that are not real problems. However, a 0 false-positive rate is probably not possible. It the tool produces 0 false-positive,​ I can guess that it also finds very few number of defects. Moreover, it is important to analyze false-positives;​ often they are linked to complex source code that even a human will have trouble to analyze. That is why some will advice to also fix all false-positive defects: it simplifies the source code and help developers to fully understand what the program does. One of the most important point to check when evaluating this kind of tool is the rate of false-positive. If the rate is too high, your developers will spend precious time to analyze defects that are not real problems. However, a 0 false-positive rate is probably not possible. It the tool produces 0 false-positive,​ I can guess that it also finds very few number of defects. Moreover, it is important to analyze false-positives;​ often they are linked to complex source code that even a human will have trouble to analyze. That is why some will advice to also fix all false-positive defects: it simplifies the source code and help developers to fully understand what the program does.
Line 66: Line 69:
  
 In terms of ergonomics, the tool is again well done: the ReviewBoard code viewer supports syntax coloring and reading the code and modifications is nice: we can really concentrate on the review without having to worry about the tool. In terms of ergonomics, the tool is again well done: the ReviewBoard code viewer supports syntax coloring and reading the code and modifications is nice: we can really concentrate on the review without having to worry about the tool.
 +===== Coding Standard Checking =====
 +
 +It is important to define a coding standard for developing your software. And it is also really important to check the coding standard is applied.
 +
 +To avoid doing too much checking by peer reviews, which is time consuming, it is easy to integrate home made scripts in the continuous integration system. Most of the time, using simple regular expressions in the source code can help to find errors.
 +
 +I also experienced successfully this kind of script to verify that the software architecture is not broken. For example, if yout software is organized as a Model-View-Controller pattern (MVC) and models, views and controllers are in different folders, it is easy to check that there is no view file included in a model file.
 +
 ===== Improving the Quality of legacy source code ===== ===== Improving the Quality of legacy source code =====
  
Line 76: Line 87:
   - When there are no remaining warnings, modify your compilation flags to consider warnings as errors   - When there are no remaining warnings, modify your compilation flags to consider warnings as errors
  
-Communicate this rule to your developers, and you will see the number of warnings decrease until reaching ​O. It can take several weeks or several month, depending of your software.+Communicate this rule to your developers, and you will see the number of warnings decrease until reaching ​0. It can take several weeks or several month, depending of your software. 
 + 
 +**Share this page:** 
 + 
 +~~socialite~~
  
 ====== Resources ====== ====== Resources ======
  
-  * [[https://​www.usenix.org/​conference/​hotdep12/​workshop-program/​presentation/​holzmann|Mars Code]]: a very good conference by Gerard Holzmann from JPL at NASA. It deals with the software used to send Opportunity ​to Mars.+  * [[https://​www.usenix.org/​conference/​hotdep12/​workshop-program/​presentation/​holzmann|Mars Code]]: a very good conference by Gerard Holzmann from JPL at NASA. It deals with the software used to send the Curiosity rover to Mars.
   * [[http://​www.gamasutra.com/​view/​news/​128836/​InDepth_Static_Code_Analysis.php|In-Depth:​ Static Code Analysis]] by John Carmack.   * [[http://​www.gamasutra.com/​view/​news/​128836/​InDepth_Static_Code_Analysis.php|In-Depth:​ Static Code Analysis]] by John Carmack.
a_development_chain_to_build_reliable_software.1450287776.txt.gz · Last modified: 2015/12/16 18:42 by sgripon