The Klocwork Static Analysis Tool Integrated with a Formal Code Review Process, CMMI level 3
Abstract
This paper describes how the Klocwork tool for static analysis was integrated in the code review process adopted by a CMMI level 3 software development organization. Benefits and quality improvements are presented, such as: (1) improved quality of code reviews, as evidenced by the discovery of a greater number of software defects; (2) reduction of the amount of time required for code inspections. Time savings can either lead to a decrease in overall software development costs, or it can be redirected to other stages or processes within the software engineering cycle, for instance in the development of new functionalities that represent a competitive differential for the resulting software product.
Keywords:
Static Analysis, Klocwork, Code Review
References
Barreto, A. O. S.; Rocha, A. R. C. (2003) “Apoio ao Processo de Verificação em Ambientes de Desenvolvimento de Software Orientados a Organização”, Rio de Janeiro – Brasil: COPPE/Universidade Federal do Rio de Janeiro.
Bhati, S.N., Kepler, J. (2005) “Why Quality? ISO 9126 Software Quality Metrics (Functionality) Support by UML”, ACM Software Engineering Notes, v. 30, n. 2.
Binstock, A. (2006) “Coverity and Klocwork code analyzers drill deeper”, http://www.infoworld.com/article/06/01/26/73919_05FEcode_3.html, Janeiro.
Chess, B.; West, J. (2007) “Secure Programming with Static Analysis.” Boston: Addison-Wesley.
Chrissis, M. B.; Konrad, M.; Shrum, S. (2007) “CMMI: Guidelines for Process Integration and Product Improvement – Second Edition”, N.York: Addison–Wesley.
Coverity, Inc. (2000) http://www.coverity.com/Emanuelsson, P.; Nilsson, U. (2008) “A Comparative Study of Industrial Static Analysis Tools (Extended Version)”; Technical reports in Computer and Information Science, LinkÄoping Electronic Press: http://www.ep.liu.se/ea/trcis/. Institute of Technology – Linköping University, Linköping, Sweden.
IPE, Instituto de Pesquisas Eldorado (1999) http://www.eldorado.org.br
Gordon, I. (2006), “Automated Source Code Analysis: Reduce Customer and QA Defects to Save Time and Money!”, http://www.nohau.se/images/pdf/Test-roadshow-nohau-klocwork.pdf, Setembro.
Klocwork, Inc. (1996) http://www.klocwork.com.
McCabe, T. J. and Watson, A. H. (1994) “Software Complexity.” Crosstalk, Journal of Defense Software Engineering. n. 7, p. 5-9.
Murphy, T. E. (2008) “Key Issues for Software Quality and Testing, 2008”, http://www.gartner.com, Agosto.
NIST, National Institute of Standards and Technology (2009) “Source Code Security Analyzers”, https://samate.nist.gov/index.php/Source_Code_Analyzers, Janeiro.
Reis C.; Prado, D.; Fernandes, M.G. (2008), “Uso da ferramenta de Análise Estática Klocwork na Motorola”, http://www.incremental.com.br/sbqs2008/?show=Index&itemmenu=11
Teixeira, E.; Antunes, J.; Neves, N. (2007) “Avaliação de Ferramentas de Análise Estática de Código para Detecção de Vulnerabilidades”, disponível em: http://www.navigators.di.fc.ul.pt/archive/papers/teixeira07.pdf.
SEI, Software Engineering Institute (2009) “CMMI for Development, Version 1.2”, http://www.sei.cmu.edu/cmmi/models/, Janeiro.
Bhati, S.N., Kepler, J. (2005) “Why Quality? ISO 9126 Software Quality Metrics (Functionality) Support by UML”, ACM Software Engineering Notes, v. 30, n. 2.
Binstock, A. (2006) “Coverity and Klocwork code analyzers drill deeper”, http://www.infoworld.com/article/06/01/26/73919_05FEcode_3.html, Janeiro.
Chess, B.; West, J. (2007) “Secure Programming with Static Analysis.” Boston: Addison-Wesley.
Chrissis, M. B.; Konrad, M.; Shrum, S. (2007) “CMMI: Guidelines for Process Integration and Product Improvement – Second Edition”, N.York: Addison–Wesley.
Coverity, Inc. (2000) http://www.coverity.com/Emanuelsson, P.; Nilsson, U. (2008) “A Comparative Study of Industrial Static Analysis Tools (Extended Version)”; Technical reports in Computer and Information Science, LinkÄoping Electronic Press: http://www.ep.liu.se/ea/trcis/. Institute of Technology – Linköping University, Linköping, Sweden.
IPE, Instituto de Pesquisas Eldorado (1999) http://www.eldorado.org.br
Gordon, I. (2006), “Automated Source Code Analysis: Reduce Customer and QA Defects to Save Time and Money!”, http://www.nohau.se/images/pdf/Test-roadshow-nohau-klocwork.pdf, Setembro.
Klocwork, Inc. (1996) http://www.klocwork.com.
McCabe, T. J. and Watson, A. H. (1994) “Software Complexity.” Crosstalk, Journal of Defense Software Engineering. n. 7, p. 5-9.
Murphy, T. E. (2008) “Key Issues for Software Quality and Testing, 2008”, http://www.gartner.com, Agosto.
NIST, National Institute of Standards and Technology (2009) “Source Code Security Analyzers”, https://samate.nist.gov/index.php/Source_Code_Analyzers, Janeiro.
Reis C.; Prado, D.; Fernandes, M.G. (2008), “Uso da ferramenta de Análise Estática Klocwork na Motorola”, http://www.incremental.com.br/sbqs2008/?show=Index&itemmenu=11
Teixeira, E.; Antunes, J.; Neves, N. (2007) “Avaliação de Ferramentas de Análise Estática de Código para Detecção de Vulnerabilidades”, disponível em: http://www.navigators.di.fc.ul.pt/archive/papers/teixeira07.pdf.
SEI, Software Engineering Institute (2009) “CMMI for Development, Version 1.2”, http://www.sei.cmu.edu/cmmi/models/, Janeiro.
Published
2009-06-01
How to Cite
PRADO, Denise Piubeli; BETTIN, Aletéia Xavier; TOBAR, Carlos Miguel; PAGANO, Vinicius Asta.
The Klocwork Static Analysis Tool Integrated with a Formal Code Review Process, CMMI level 3. In: BRAZILIAN SOFTWARE QUALITY SYMPOSIUM (SBQS), 8. , 2009, Ouro Preto.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2009
.
p. 341-348.
DOI: https://doi.org/10.5753/sbqs.2009.15525.
