Presentation is loading. Please wait.

Presentation is loading. Please wait.

CAE-SCRUB for Incorporating Static Analysis into Peer Reviews

Published byJanice Tate Modified over 6 years ago

Similar presentations

Presentation on theme: "CAE-SCRUB for Incorporating Static Analysis into Peer Reviews"— Presentation transcript:

1 CAE-SCRUB for Incorporating Static Analysis into Peer Reviews
Lyle Barner Jet Propulsion Laboratory, California Institute of Technology © 2017 California Institute of Technology. Government sponsorship acknowledged.

2 What is CAE-SCRUB? Computer Aided Engineering-Source Code Review User Browser Peer review tool for static code analysis Originally developed by Gerard Holzmann of JPL’s Laboratory for Reliable Software Currently maintained by JPL’s CAE group and Software Quality Assurance (SQA) group Used by many past and current JPL projects Baseline version available to JPL projects that can be configured to meet project needs

3 The Value of CAE-SCRUB Helps organize and guide the code review process Aggregates and facilitates review of static code warnings Captures and manages review comments Allows developers and reviewers to concentrate on more contentious issues without neglecting code reviews Combines effectiveness of peer reviews and total coverage of static analysis Integrates static code analysis reviews into the software development lifecycle by treating each static analyzer as a “peer” in code reviews

4 How it Works Use configuration information to invoke different static analyzers to examine source code Filter warnings based on the scope of the peer review Provide standardized results that can be reviewed using the GUI as part of a regular peer review Use GUI’s review process to agree with, disagree with, and discuss all issues found by the analyzers and add generic peer review comments Review results trigger code changes to resolve issues

5 Standardization of Warnings
A common format for displaying warnings Post-processing performs mapping from static analyzer format to CAE-SCRUB format Identification Location Source ID Priority File Path Line Number Query Name Warning Description

6 Evolution of CAE-SCRUB
Inherited a very well establish version of SCRUB, but it was not suitable for large-scale deployment Refactored backend code Improved architecture and stability Simplified setup process via configuration file based setup Improved error handling capabilities Improved installation guide and user guide Transitioned to git for version control

7 Architecture Development Machine Source Code Output Files Analyzes
Creates Static Analyzers Runs Reads Reads CAE-SCRUB

8 Perform Build/Analysis
Program Flow User CAE-SCRUB Static Analyzer Initiate Run Initialize Call Analyzer Perform Build/Analysis Post-process output Create Output Yes Clean Build More analyzers? No Perform Peer Review

9 Typical Usage Example CAE-SCRUB is run on desired revision/branch of source code Either manually or via system automation Peer reviewers are notified of new results Reviewers Agree/Disagree/Discuss results asynchronously Lead developer analyzes peer review results and organizes peer review if necessary Items where peer reviewers concur are not discussed Solutions are proposed where applicable False positives are noted and filtered out Synchronous peer review is held to disposition remaining warnings

10 GUI Overview Directory Browser Warning Context
Reviewers “vote” and add/edit comments File List Warning Browser Reviewer can see each warning in context to help with discussion and disposition Reviewers disposition each warning

11 Things CAE-SCRUB Does Well
Provides a framework for static code analysis aggregation Provides a standardization of error types Streamlines the static analysis review process Implements a repeatable review process that can be integrated into development lifecycle

12 Areas for Improvement Difficult to deploy
Requires detailed knowledge of how to configure multiple static analyzers Currently no integration with CM tools Number of warnings can be overwhelming Quality of results is highly dependent upon configuration No severity ranking information

13 The Path Forward Investigate integration with other code review tools
Integration with COTS peer review tools can mitigate the need to maintain local deployments of CAE-SCRUB Create baseline set of queries to be run for each static analyzer Create ranking system for types of warnings General stability improvements for backend Customizable query lists for static analysis tools

14 Summary CAE-SCRUB is a tool for integrating static analysis results into the peer review process It creates an extensible framework for connecting with static analysis tools Extensive work has been done to make large-scale deployment a possibility Integration with other software engineering tools is a top priority going forward

15 Backup Slides

16 Current Areas of Investigation
Integration with CM tools such as git Integration with continuous integration tools such as Jenkins Integration with code review tools such as Collaborator

17 Implementation Backend realization Frontend GUI written in Tcl/Tk
Collection of bash scripts handle running the static analyzers Collection of Python scripts handle post-processing of data from static analyzers Frontend GUI written in Tcl/Tk Frontend handles viewing and commenting on the results from the static analyzers

18 What is Static Analysis?
Identifies patterns in code that indicate refactoring opportunities to make code more maintainable Code reviews are not a feasible way to review millions of lines of code Provides automated checks against JPL coding standards and best practices Static analysis can perform verification, but not validation

Download ppt "CAE-SCRUB for Incorporating Static Analysis into Peer Reviews"

Similar presentations

HL7 V2 Implementation Guide Authoring Tool Proposal

HL7 V2 Implementation Guide Authoring Tool Proposal
System Development Life Cycle (SDLC)

System Development Life Cycle (SDLC)
Building Enterprise Applications Using Visual Studio ®.NET Enterprise Architect.

Building Enterprise Applications Using Visual Studio ®.NET Enterprise Architect.
Copyright © 2006 Software Quality Research Laboratory DANSE Software Quality Assurance Tom Swain Software Quality Research Laboratory University of Tennessee.

Copyright © 2006 Software Quality Research Laboratory DANSE Software Quality Assurance Tom Swain Software Quality Research Laboratory University of Tennessee.
Tools and Services for the Long Term Preservation and Access of Digital Archives Joseph JaJa, Mike Smorul, and Sangchul Song Institute for Advanced Computer.

Tools and Services for the Long Term Preservation and Access of Digital Archives Joseph JaJa, Mike Smorul, and Sangchul Song Institute for Advanced Computer.
Software Configuration Management (SCM)

Software Configuration Management (SCM)
Software Configuration Management

Software Configuration Management
CSSE 375 Software Construction and Evolution: Configuration Management

CSSE 375 Software Construction and Evolution: Configuration Management
Configuration Management Avoiding Costly Confusion mostly stolen from Chapter 27 of Pressman.

Configuration Management Avoiding Costly Confusion mostly stolen from Chapter 27 of Pressman.
© 2006, Cognizant Technology Solutions. All Rights Reserved. The information contained herein is subject to change without notice. Automation – How to.

© 2006, Cognizant Technology Solutions. All Rights Reserved. The information contained herein is subject to change without notice. Automation – How to.
Chapter 6– Artifacts of the process

Chapter 6– Artifacts of the process
Configuration Management Process and Environment MACS Review 1 February 5th, 2010 Roland Moser PR-100205-a-RMO, February 5 th, 2010 R. Moser 1 R. Gutleber.

Configuration Management Process and Environment MACS Review 1 February 5th, 2010 Roland Moser PR a-RMO, February 5 th, 2010 R. Moser 1 R. Gutleber.
Framework for Automated Builds Natalia Ratnikova CHEP’03.

Framework for Automated Builds Natalia Ratnikova CHEP’03.
Configuration Management and Server Administration Mohan Bang Endeca Server.

Configuration Management and Server Administration Mohan Bang Endeca Server.
Business Unit or Product Name © 2007 IBM Corporation Introduction of Autotest Qing Lin.

Business Unit or Product Name © 2007 IBM Corporation Introduction of Autotest Qing Lin.
BLU-ICE and the Distributed Control System Constraints for Software Development Strategies Timothy M. McPhillips Stanford Synchrotron Radiation Laboratory.

BLU-ICE and the Distributed Control System Constraints for Software Development Strategies Timothy M. McPhillips Stanford Synchrotron Radiation Laboratory.
Markland J. Benson, Computer Systems Manager, White Sands Complex, (575) 527-7034, Technology Infusion of CodeSonar into the Space.

Markland J. Benson, Computer Systems Manager, White Sands Complex, (575) , Technology Infusion of CodeSonar into the Space.
Software Engineering Prof. Ing. Ivo Vondrak, CSc. Dept. of Computer Science Technical University of Ostrava

Software Engineering Prof. Ing. Ivo Vondrak, CSc. Dept. of Computer Science Technical University of Ostrava
SONIC-3: Creating Large Scale Installations & Deployments Andrew S. Neumann Principal Engineer, Progress Sonic.

SONIC-3: Creating Large Scale Installations & Deployments Andrew S. Neumann Principal Engineer, Progress Sonic.
Experiment Management System CSE 423 Aaron Kloc Jordan Harstad Robert Sorensen Robert Trevino Nicolas Tjioe Status Report Presentation Industry Mentor:

Experiment Management System CSE 423 Aaron Kloc Jordan Harstad Robert Sorensen Robert Trevino Nicolas Tjioe Status Report Presentation Industry Mentor:

Similar presentations

Ads by Google