A Standard for Static Code Analysis of Critical Systems

Abstract

The worth and precision of a software system is determined by the quality of source code and the degree to which the source code under consideration, satisfies the software quality parameters. As a matter of fact, until recent years, this aspect of software quality was not given due significance and the core focus of the underlying software system was on the feature implementation and the extent to which the system fulfills the functionality for which it was developed. It is worth-noting that as a consequence of the legacy approach, the IT industry and the giants of this industry faced significant losses only because the software system was not tested fairly to figure out potential and hidden defect in the source code, which ultimately led the system towards complete failure. We have a number of instances where the companies faced unbearable losses due to the hidden flaws in the source code. If these hidden defects would have been pointed out during system testing phase, those systems wouldn’t have collapsed during production phase. The approach we are suggesting here is Static Code Analysis. This approach aims to test the source code against a set of guidelines based upon software quality indicators, are pre-defined and developed. Analysis of source code is conducted against these rules. Now, it is worth noting that we have multiple static code analysis tools available in the market, our primary concern here is that none of the tools available provides a go-to solution. Our aim is the research and development of such a static code analysis tool which checks the source code against critical rules pertaining to code quality. We will accumulate all rules for some specified quality parameters related to software quality from multiple coding standards and widely used tools and devise a comprehensive ruleset which would be an all-in-one solution for the system testers who want to test the software system for critical violations. Our aim behind this research and specifically targeting critical systems is that these type of signals are developed with high development costs and efforts and can risk human lives, or cause heavy financial damages if led towards failure. Therefore we aim to devise a comprehensive rule-set based upon a few quality parameters to make sure that it provides a go-to solution for the underlying software quality aspects and critical systems can be tested for those quality parameters making sure that no aspect is missed out and the violations detected by the tools developed based upon the underlying standard are capable enough of pointing out all potential issues and shortcomings in the source code.