Optimize Your Software Processes with CodePro AnalytiX™ · PDF fileinternals of a process step. To do this, we'll use Tom Gilb's ETVX (Entry/Task/Validation/ Exit) model,4 which

Optimize Your Software Processes with CodePro AnalytiX™

by Jim Christensen, Senior Consulting Engineer, Instantiations

Optimizing Processes with CodePro AnalytiX © 2009 Instantiations, Inc.

– 2 –

Executive SummaryIn order to streamline and optimize your software process with the Eclipse-based CodePro AnalytiX quality, security and productivity tools, you must first have a basic understanding of the process itself. Whether your process is traditional, agile or hybrid, CodePro AnalytiX provides you with the tools you need to integrate continuous, automated validation into your software process, ensuring that your software products meet your organization’s standards for coding and testing before software modules are released to the build process, rather than waiting for tedious manual post-build testing.Once your software process is under control, CodePro AnalytiX provides you with the metrics you need to incorporate self-improvement and optimization into the process. Thus, CodePro AnalytiX is a full set of tools to support your organization in its quest for sustainable high levels of software quality, security and productivity.

ContentsExecutive Summary ..................................................................................................................2Introduction ..............................................................................................................................3About CodePro AnalytiX.........................................................................................................3CodePro AnalytiX in the Software Process ...........................................................................4Optimizing a Personal Software Process ................................................................................7Optimizing A Traditional Software Process: The V-Model .................................................9Optimizing Agile Software Processes .....................................................................................11Infrastructure ............................................................................................................................12Introducing CodePro AnalytiX Into Your Organization .....................................................13Conclusions ...............................................................................................................................14About the Author ......................................................................................................................14About Instantiations .................................................................................................................14

CPA_WP_090423


– 3 –

IntroductionCodePro AnalytiX™ from Instantiations is an integrated software toolkit for the improvement of software quality, security and productivity. This paper will show you ways to use CodePro AnalytiX to streamline and optimize your software process. To do so you will need to understand:

■ The basic features of CodePro AnalytiX ■ Your own software process ■ How to apply CodePro AnalytiX to improve your software process

About CodePro AnalytiXCodePro AnalytiX is a comprehensive set of software productivity, measurement, validation and verification tools that fits seamlessly into the Eclipse-based Integrated Development Environment (IDE) for Java. CodePro AnalytiX is also available in a server-based version that can be used, for instance, in conjunction with nightly builds to provide daily metrics over an entire software project.CodePro AnalytiX makes the following extensive tool facilities available to the Java developer in the Eclipse IDE:

■ Audit: Detects, reports and repairs deviations or non-compliance with coding standards, popular frameworks, security and style conventions. Contains more than 1200 software quality audit rules, including:• Over 30 audit categories such as Coding Style, Comments, Exceptions, Formatting,

Inheritance, Internationalization, Javadoc Conventions, Modifier Usage, Naming Conventions, Performance, Portability, Program Complexity, Semantic Errors, Threading, etc.

• Hundreds of OWASP1-based security audit rules providing coverage for the following important technology categories: API Usage, Authentication, Configuration Files (Ant, Ivy, Maven & WebSphere), EJB, File Usage, Language Semantics, Serialization Security, Servlet Security, Struts, Tainted User Input, and Threads & Synchronization.

• Dynamic, extensible tools that let you select which rules to apply, customize standard audit rules and/or create your own.

■ Duplicate Code Analysis: Efficiently examines Java code for duplicate or similar segments of code that may contain copy/paste bugs, or that can be refactored to improve application design and maintainability.

1. http://www.owasp.org/

http://www.owasp.org/


– 4 –

■ Javadoc Repair: Supplies missing Javadoc elements in a comparison editor to make complete documentation quick and easy.

■ Metrics: Automated tools measure and report on key quality indicators in a body of Java source code.

■ JUnit test generation and editing: Uses sophisticated flow path analysis techniques to automate the creation of comprehensive JUnit regression tests. A rich JUnit test editing environment enables rapid creation, organization, modification and execution of unit tests.

■ Code Coverage Analysis: Measures what percentage of code is being executed, right down to the byte code level, using generated test cases or manual test scripts. Displays coverage results right in the Java source code so that missing test coverage can be found and repaired easily.

■ Dependency Analysis: Automated tools analyze and visually depict the dependencies between projects, packages, and types

CodePro AnalytiX in the Software ProcessIn order to apply the CodePro AnalytiX tools to streamline and optimize your software process, you must first have a basic understanding of the process itself. To achieve the necessary level of understanding, a process model is indispensable. It doesn't have to be “twenty seven eight-by-ten color glossy photographs with circles and arrows and a paragraph on the back of each one explaining what each one was.”2 As we'll see later, for the portions of your process where CodePro AnalytiX applies, a single page should do, showing the major process steps, the relationships among them, and the control mechanisms and resources available for performing each step. In this paper, we'll use the IDEF03 cell model, modified as shown below for software process modeling.

• Standards, Policies, ProceduresControls

Inputs

Process Step

Tools

Outputs• Specifications• Code Base• Documentation• Tests

• Code Base• Documentation• Tests/Coverage• Audit Reports• Dependency Analysis• Metrics• Change Requests

Now we can already begin to see where CodePro AnalytiX fits in the process: ■ The CodePro AnalytiX tools complement the other tools available in the Eclipse IDE. ■ Controls on the process step include your organization's standards, policies and

2. Arlo Guthrie, “Alice’s Restaurant,” 19663. http://www.idef.com/idef0.html

http://www.idef.com/idef0.html


– 5 –

procedures. CodePro AnalytiX helps you apply these controls by selecting and customizing audit rule sets, metrics sets and reports, Javadoc formats, etc.

■ Inputs to the step may include things like existing code and documentation; specifications for functions to be modified, added or deleted; test procedures to be performed, etc.

■ Outputs from the step will include the modified code base and documentation; test results and new test procedures; code and process metrics; etc. Change Request outputs are for changes in specifications or in control policies, procedures or standards, based on experience obtained in the process step; this will be important later on when implementing self-improving processes.

To understand how CodePro AnalytiX tools can help you to improve the efficiency of process tasks and the quality of their outputs, we need to dive more deeply into the internals of a process step. To do this, we'll use Tom Gilb's ETVX (Entry/Task/Validation/Exit) model,4 which is an extension of Watts Humphrey's earlier ETX model.5

Even a quick look at this model and a cursory knowledge of the CodePro AnalytiX tools brings us to a rather startling conclusion:

By providing easy-to-use validation tools on the desktop, tightly integrated with the Eclipse IDE,

CodePro AnalytiX enables continuous validationas an integral part of every process step.

Specifically: ■ Code Audit and Quick Fix make it easy for designers and programmers to adhere to

your organization's policies and standards for code quality. ■ Javadoc Audit and Repair make it easy to adhere to your organization's policies and

standards for documentation quality. ■ Duplicate Code Analysis makes it easier to find and remedy cut-and-paste errors

(your organization may have policies against this style of programming). ■ JUnit Test Generation, Editing and Coverage Analysis make it easy to ensure that

developed code meets the requirements given as task inputs, as well as to ensure that requirements are complete and consistent.

■ Dependency Analysis makes it easy to find circular dependencies that may cause unexpected runtime behaviors and difficulties in maintenance (your organization

4. Tom Gilb & Dorothy Graham, Software Inspection, pp. 116–117. New York: Addison-Wesley, 1993.5. Watts S. Humphrey, Managing the Software Process, pp. 256–258. New York: Addison-Wesley, 1989.


– 6 –

may have standards and procedures on how to deal with these). It also supports the development of test strategies in which those classes on which other classes depend are tested first.

CodePro AnalytiX also supports activities at the Entry gate of a process step, such as ensuring that the provided code base and documentation meet audit and test requirements.Finally, CodePro AnalytiX supports activities at the Exit gate of a process step, such as producing metrics for the step, detecting audit rules that have been disabled by the developer (this may trigger a process review resulting in a Change Request), etc. Some of these activities may be automated, using the Server version of CodePro AnalytiX in conjunction with nightly builds; however, a couple of points should be kept in mind:

■ Periodic, server-based automated validation is a good check on whether developers are making conscientious use of validation tools; however, in terms of developer productivity and code quality, it is not an adequate substitute for desktop-based validation at each developer's workstation. “Validation deferred is validation denied.”

■ Some Exit gate functions still have to be performed as manual Team activities, such as checking that JUnit tests are consistent with the input specifications to the process step; ensuring that Javadoc documentation accurately describes the classes, fields and methods; etc. These activities should be defined by the organization's policies, procedures and standards.

Now that we have a basic idea of how the CodePro AnalytiX tools fit into the software process, let's have a look at how we can use these tools to streamline software processes, both traditional and agile, and how we can use them to support self-optimizing processes.


– 7 –

Optimizing a Personal Software ProcessThe Personal Software process (PSP)6 provides us with a good starting point for understanding the contribution that CodePro AnalytiX can make to improving software processes in general. As shown in the figure below,7 this is represented by a sequence of process steps (a sort of personal waterfall model). Each process step is guided by one or more “Scripts,” corresponding to “Controls” in the modified IDEF0 model we discussed above.

As a first step in process improvement, the CodePro AnalytiX tools enable us to: ■ Automate some of the activities called for in the Scripts, such as validation, generation

of documentation, and gathering of software metrics and defect counts. ■ Rationalize and simplify the process by gathering the Code/Compile/Test

activities into a single step containing continuous validation, measurement and documentation.

The resulting simplified and efficient process is shown in the following figure.

6. Watts S. Humphrey, PSP: A Self-Improvement Process for Software Engineers, Addison-Wesley, 2005.7. ibid., p.14.


– 8 –

As a further step in improving a software process, standards can be established to assist in managing the process. A standard is defined as “A rule or basis for comparison that is used to assess size, content, or value, typically established by common practice or by a designated standards body.”8 In the case of the PSP, “common practice” can be established by consulting industry norms or the experience of the individual or organization, as reflected in the process data obtained from both successful and unsuccessful projects. These standards can then be used to guide the development of scripts and checklists, and the selection and customization of the rulesets of CodePro AnalytiX tools as shown below.

Finally, data obtained from the CodePro AnalytiX tools can form an invaluable part of closing the loop to obtain a self-optimizing process as shown below.

8. Watts S. Humphrey, Managing the Software Process, p. 158. New York: Addison-Wesley, 1989.


– 9 –

Optimizing A Traditional Software Process: The V-ModelThe V-model9 is an attempt to overcome the deficiencies of the traditional waterfall model by incorporating testing and integration steps into the process. However, it still has some major problems:

■ Coding is deferred until detailed design is complete; it is very difficult to revisit the design steps to incorporate any lessons learned from attempts to code the system “as designed.”

■ It doesn't deal well with the fact that a substantial amount of coding goes on during unit and system integration.

■ It mainly addresses the situation of creating a new system, i.e., “something from nothing,” rather than the much more common situation of system modifications and upgrades, i.e., “something from something else.”

RequirementsAnalysis

SystemDesign

ModuleDesign

ArchitectureDesign

AcceptanceTest Design

SystemTest Design

IntegrationTest Design

UnitTest Design

AcceptanceTesting

SystemTesting

IntegrationTesting

UnitTesting

Coding

9. http://en.wikipedia.org/wiki/V-Model_(software_development)

http://en.wikipedia.org/wiki/V-Model_(software_development)


– 10 –

Just as with the PSP, we can streamline the V-process and overcome many of its deficiencies by using the continuous validation, measurement and documentation made possible by CodePro AnalytiX, as shown in the figure below.

Finally, we can make the process self-improving and self-optimizing by utilizing the data provided by the CodePro AnalytiX tools in addition to other process data to close the loop, just as in the PSP. Of course, organizational policies and procedures will have to be put in place to control the self-optimizing process itself. These should be kept short and simple, and themselves modified and improved based on experience with the process.


– 11 –

Optimizing Agile Software ProcessesAgile software processes are all essentially variations on the spiral model10 first described by Barry Boehm in 1988.11 This model focuses on the incremental release of increasingly refined prototypes, and is itself essentially an iterative application of the V-model. Agile processes take advantage of the fact that automated tools make it practical to make each increment small and fast, thus allowing for “mid-course corrections” on a weekly or even daily basis.

There is no reason that the steps in an agile process cannot be optimized and controlled using the same mechanisms that work for the PSP and the V-model; that is, standards, scripts, guidelines and tools. Hence, CodePro AnalytiX can be used to incorporate integrated validation, measurement and documentation into agile processes in just the same way as for other processes, especially in the control and execution of the Implement, Test and Evaluate steps. Ultimately, CodePro AnalytiX can also serve as an indispensable tool in making agile processes self-improving, just as for traditional processes.

10. http://en.wikipedia.org/wiki/Spiral_model11. Barry Boehm, “A Spiral Model of Software Development and Enhancement,” IEEE Computer, 21(5):

61–72, May 1988.

http://en.wikipedia.org/wiki/Spiral_model


– 12 –

InfrastructureThe figure below shows how CodePro AnalytiX workstation and server editions can be combined to support the information infrastructure of larger Team processes12 that go beyond the individual's Personal Software Process (PSP):

■ CodePro AnalytiX at the workstations of individual developers provides the tools they need to provide high quality code, documentation and JUnit tests, along with analytical data that can be used in the control and optimization of the software process itself, all of which can be effectively managed through the project's code management system.

■ CodePro AnalytiX Server Edition supports server-based validation of the entire code base for a product during the build process, generating information for a process data base that can be used for ongoing process improvement and optimization. As described earlier, this data can also be used in support of team-based activities such as code reviews, inspections, and incremental project planning.

12. Watts S. Humphrey, TSP: Leading a Development Team, Addison-Wesley, 2006.


– 13 –

Introducing CodePro AnalytiX Into Your OrganizationIt is obvious from the preceding section that CodePro AnalytiX can be used in support of mature, self-optimizing processes as well as simple, individual Personal Software Processes (PSPs). All this can seem a bit overwhelming at first glance; to make it manageable, two principles should be applied:

The Tools for Fools Principle: “Automated tools should be used to find problems, but

not if you must delay detection until the fixing costs outweigh the advantages of automation.”13

To which we may add:

The Controllability Principle: You can't optimize a process that you can't control.

Since the simplest locus of control is the individual developer, and since senior developers are the most likely to have their PSPs under a reasonable level of control, these principles suggest that a viral adoption strategy is more likely to lead to an early harvest of the benefits of CodePro AnalytiX than a “big bang” changeover:1. Identify influential early adopters (evangelists) in the developer community.

Make sure you have a team (approximately 6 people) capable of reaching critical mass.2. Train them in the use of CodePro AnalytiX in their personal software processes.

Instantiations Educational Services can provide training both for this initial group and larger groups as required.

3. Enable them to enlist and support new adopters (disciples). Make sure you have enough seat licenses so each early adopter can add at least two disciples.

4. Encourage them to document and share best practices that they may discover in applying the tools.

5. Capture their best practices in evolving, short policies and procedure documents, or adapt existing policies and procedures to the new best practices.

6. While adoption is proceeding in the developer community, build the infrastructure to support the control and optimization of the larger team process.• Instantiations Professional Services can help you incorporate CodePro AnalytiX

tools into your build and release process.• Early implementation of this facility will enable you to collect initial baseline data

and document progress on both a project and organization basis.7. Bring the developer community on board through gradual integration into the

infrastructure, again documenting best practices as new or revised policies and procedures.

13. Gilb & Graham, op. cit., p.13.


– 14 –

ConclusionsThis paper has given you a brief outline of how you can use the CodePro AnalytiX tools from Instantiations to streamline, measure and improve your software process through automated and integrated validation, measurement and documentation at key process steps. CodePro AnalytiX technology can be applied to a wide range of process models, all the way from the individual developer's Personal Software Process, up through both traditional and agile team processes. An incremental adoption strategy can be applied; however, to accomplish process improvement at minimum overall cost and time, the adoption process should be fully facilitated and supported from Day One.Instantiations stands ready to help you with both training and professional services to make the most effective use of CodePro AnalytiX in your software process.

About the AuthorDr. Jim Christensen has over a decade of experience in Java – and, more recently, Eclipse-based technologies. He has worked as a university lecturer, researcher, industry project leader, and a guiding force on several software and industry standards.

Jim is well versed in software engineering principles ranging from current Agile development processes to long-held tenets of the Software Engineering Institute. He has extensive experience explaining complex technology in simple terms, its ramifications and its proper adoption to upper management of Fortune 100 corporations as well as to new technical practitioners.

About InstantiationsInstantiations is a leading commercial software development tool innovator that fully leverages the Eclipse open-source movement. The company focuses its products and services on improving quality, security, productivity and time-to-market for global software development organizations.

For information about additional products and services,

visit the Instantiations corporate web site

CodePro AnalytiX is a trademark of Instantiations, Inc. All other trademarks are property of their respective owners

http://www.instantiations.com

Documents

Optimize Your Software Processes with CodePro AnalytiX™ · PDF fileinternals of a process step. To do this, we'll use Tom Gilb's ETVX (Entry/Task/Validation/ Exit) model,4 which