CN111651344A - Software defect detection rule grading and combination strategy method for large-scale complex information system - Google Patents
Software defect detection rule grading and combination strategy method for large-scale complex information system Download PDFInfo
- Publication number
- CN111651344A CN111651344A CN201911271947.5A CN201911271947A CN111651344A CN 111651344 A CN111651344 A CN 111651344A CN 201911271947 A CN201911271947 A CN 201911271947A CN 111651344 A CN111651344 A CN 111651344A
- Authority
- CN
- China
- Prior art keywords
- rule
- rules
- level
- software
- code
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/36—Preventing errors by testing or debugging software
- G06F11/3668—Software testing
- G06F11/3672—Test management
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Quality & Reliability (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Stored Programmes (AREA)
Abstract
The invention discloses a classification and combination strategy method for software defect detection rules of a large-scale complex information system, which comprises the following steps: (1) the method comprises the steps of detecting rule mapping, screening and customizing, promoting software code compliance, screening a code defect detection Klocword tool built-in rule, and forming a mapping corresponding relation between a programming specification and the Klocword tool built-in rule; (2) the detection rules are classified in a grading mode to achieve flexible management, a special code defect detection rule set for large-scale complex information system software is divided into a security hole and a programming style, on the basis, a rule grading and rule combination strategy is determined by combining the development characteristics of an executed project, and the management of the detection rules in the research and development process of the large-scale complex information system is standardized according to the rule selection requirement in the life cycle of the project. (1) The code quality management level is improved, and the code defect density in the enterprise research and development process is effectively controlled. Taking a certain project as an example, the code defect density is rapidly reduced to 1.5 from 7 in each thousand lines at the early stage and is reduced to 1.0 at the later stage, so that the code quality is obviously improved.
Description
Technical Field
The invention belongs to the field of software code quality assurance of a complex information system, and mainly relates to a classification and combination strategy of software code defect detection rules.
Background
With the transformation of a complex information system to a systematized and complex huge system, the software code quality management mainly has three problems: firstly, along with the rapid development of enterprises, research and development tasks grow rapidly, new staff on research and development posts increase rapidly, the system scale is enlarged, the delivery cycle is shorter and shorter, and great challenges are brought to military software research and development quality management and control. Secondly, the detection capability and the detection efficiency can not meet the requirement of high-quality and quick delivery of projects under the condition that the personnel size is not broken through by the traditional manual code defect detection or single-machine tool detection mode; thirdly, the judgment criteria selected and followed by various military troops in the system development process are different, misjudgment and missed judgment are easily caused by inconsistent understanding and cognition of detection personnel on the judgment criteria, and the specificity of code defect detection judgment is not strong. Therefore, code defect detection needs to be changed from manual detection to automatic detection, and needs to establish a uniform judgment criterion, construct a special code defect detection rule set for large-scale complex information system software from detection rule classification and combination strategies, and form the automatic detection capability of the code defect of the large-scale complex information system software.
The method for carrying out rule classification and rule combination strategy aiming at the defect detection of the software codes of the large-scale complex information system is not found yet by looking up related data at home and abroad.
Disclosure of Invention
The purpose of the invention is as follows: the invention provides a method for comprehensively considering the code quality requirements of different development stages aiming at the defects of different development stages and different quality requirements of a large-scale complex information system, adopts a detection rule grading and rule combination strategy construction thought, provides a rule combination strategy method under different stages and management requirements, forms a special detection rule set of a large-scale information system software code, maximally meets the requirements of different research and development progresses and quality of the large-scale complex information system software, and realizes the flexible management of the software code quality.
The technical scheme is as follows: the classification and combination strategy method for the software defect detection rule of the large-scale complex information system is characterized by comprising the following steps: the method comprises the following steps:
(1) detection rule mapping, screening and customization
Screening a code defect detection Klocword tool built-in rule to form a mapping corresponding relation between a programming specification and the Klocword tool built-in rule;
(2) hierarchical classification of detection rules
The method comprises the steps of dividing a special code defect detection rule set of large-scale complex information system software into security holes and programming styles, determining rule classification and rule combination strategies according to the development characteristics of executed projects, and standardizing the management of detection rules in the research and development process of the large-scale complex information system according to the rule selection requirements in the life cycle of the projects.
In the step 1, writing a test code, implanting a specific code defect and performing a false alarm and false alarm test on the unknown detection range of the Klocword tool built-in rule, and screening out the Klocword tool built-in rule.
If the tool detects the terms and the Klocwork tool does not have a built-in rule corresponding to the terms, a rule customizing step is carried out, and a large number of false alarm and false alarm tests and continuous improvement are carried out on the customizing rule; ultimately determining the required customized rules.
Dividing the rules into 1 level, 2 level, 3 level and 4 level according to the influence caused by the detected code defects and the probability of causing software errors; wherein, the level 1 is that once the rule is violated, software errors are inevitably caused; level 2 is a rule that, if violated, could lead to a software error under certain circumstances; if the 3-level rule is violated, software errors are easily caused, but the software errors cannot be caused under the condition that the program is written correctly; level 4 is a rule violation that does not result in a software error, but does affect program readability.
Aiming at the defects detected by the rules of different grades, and after the defects are repaired, the code compliance quality which can be achieved by software is divided into three types of qualified rules, good rules and excellent rules;
the qualified rules include all level 1 rules, the good rules include all level 1-level 2 rules, and the excellent rules include all level 1-level 4 rules.
Has the advantages that: compared with the prior art, the classification and combination strategy method for the software defect detection rule of the large-scale complex information system has the following beneficial effects:
(1) the code quality management level is improved, the mapping corresponding relation between the programming specification and the Klocword tool built-in rule is formed by screening the code defect detection Klocword tool built-in rule, and the code defect density in the enterprise research and development process is effectively controlled.
(2) According to the invention, the rule hierarchical combination strategy is customized to the Klocwork tool, so that the code is detected at the early stage of the project, the defects are exposed as soon as possible, the repair difficulty is reduced, and the defect repair cost is saved for enterprises.
Drawings
FIG. 1 is a flow chart of a software defect detection rule classification and combination strategy method for a large complex information system;
FIG. 2 is a diagram illustrating the coverage effect of the test platform on the programming specification of the large-scale complex information system software.
Detailed Description
The present invention is further illustrated by the following figures and specific examples, which are to be understood as illustrative only and not as limiting the scope of the invention, which is to be given the full breadth of the appended claims and any and all equivalent modifications thereof which may occur to those skilled in the art upon reading the present specification.
As shown in fig. 1, the flowchart of the classification and combination strategy method for the software defect detection rule of the large-scale complex information system specifically includes the following steps:
(1) detecting rule mapping, screening and customization, facilitating software code compliance
And screening the built-in rules of the Klocwork tool according to the large-scale complex information system software programming specification to form a mapping corresponding relation between the programming specification and the built-in rules of the Klocwork tool. For the rules with an indefinite detection range, test codes are written, specific code defects are implanted to carry out false alarm and false alarm tests, and 155 rules are finally screened out from the Klocwork tool, wherein 132 rules are C/C + + rules, 23 rules are Java rules, and 652 test code segments are written.
The large complex information system software programming specification still has the clauses that some can be detected by the tool, and Klocwork tool does not have built-in rule to correspond to it, for this reason, has carried out the rule customization work, and has organized and carried out a large amount of false reports, missing report experiments and lasting improvement to customizing the rule, write 352 test code fragments altogether. After the test is passed, the test is tried in an actual project, and the false alarm rate, the missing report rate and the detection speed of the customized rule are optimized. Through multiple rounds of analysis, repair and improvement, 48 customization rules are finally calculated, wherein 33 customization rules are C/C + + and 15 customization rules are Java.
Through rule screening and customization, the coverage rate of the detection platform on the large-scale complex information system software programming specification is improved from 63.2% to 86.3%, and the rest specification clauses do not support customization, which is detailed in figure 2.
(2) Detection rule classification and flexible management
The method is characterized in that a special code defect detection rule set for large-scale complex information system software is divided into two types of security holes and programming styles, on the basis, various characteristics of project development, such as short-period delivery, prototype development, open source code use, inheritance code use and the like, are combined, rule classification and rule combination strategies are determined according to different requirements of progress and quality in the research and development process, a special detection rule set is formed, the requirement of rule selection in the life cycle of a project is given, the management of detection rules in the research and development process of a large-scale complex information system is further standardized, and the elasticity of the special detection rule set is enhanced.
The rules are classified into levels 1, 2, 3, and 4 according to the influence that the detected code defects may cause and the probability of causing a software error, as shown in table 1.
TABLE 1 code Defect detection rule grading
The code compliance quality is classified into "qualified", good "and" excellent ", wherein the" qualified "code does not have any known defects that inevitably cause software errors, the" good "code eliminates all known code defects that may in some cases cause software errors on the basis of the" qualified "code, and the" excellent "code further enhances robustness and readability on the basis of the" good "code.
After the defects detected according to the rules of different grades are repaired, the code compliance quality which can be achieved by software divides the rules into a qualified rule, a good rule and an excellent rule. The qualified rules include all level 1 rules, the good rules include all level 1-level 2 rules, and the excellent rules include all level 1-level 4 rules. In the early stage of the project, the technical state of the software is not stable, the requirement is changed frequently, attention is paid to finding program security vulnerabilities at the moment, and qualified rules can be selected for detection; in the middle and later periods of the project, the software state is basically stable, the security holes are greatly reduced, the programming style is concerned at the moment, and good rules or excellent rules can be used for detection, so that the flexible management of the quality of the project codes is realized.
Claims (5)
1. The classification and combination strategy method for the software defect detection rule of the large-scale complex information system is characterized by comprising the following steps: the method comprises the following steps:
(1) detection rule mapping, screening and customization
Screening a code defect detection Klocword tool built-in rule to form a mapping corresponding relation between a programming specification and the Klocword tool built-in rule;
(2) hierarchical classification of detection rules
The method comprises the steps of dividing a special code defect detection rule set of large-scale complex information system software into security holes and programming styles, determining rule classification and rule combination strategies according to the development characteristics of executed projects, and standardizing the management of detection rules in the research and development process of the large-scale complex information system according to the rule selection requirements in the life cycle of the projects.
2. The large complex information system software defect detection rule classification and combination strategy method according to claim 1, characterized in that: in the step 1, writing a test code, implanting a specific code defect and performing a false alarm and false alarm test on the unknown detection range of the Klocword tool built-in rule, and screening out the Klocword tool built-in rule.
3. The method of claim 1, wherein the method comprises the following steps: if the tool detects the terms and the Klocwork tool does not have a built-in rule corresponding to the terms, a rule customizing step is carried out, and a large number of false alarm and false alarm tests and continuous improvement are carried out on the customizing rule; ultimately determining the required customized rules.
4. The large complex information system software defect detection rule classification and combination strategy method according to any one of claims 1 to 3, characterized by: dividing the rules into 1 level, 2 level, 3 level and 4 level according to the influence caused by the detected code defects and the probability of causing software errors; wherein, the level 1 is that once the rule is violated, software errors are inevitably caused; level 2 is a rule that, if violated, could lead to a software error under certain circumstances; if the 3-level rule is violated, software errors are easily caused, but the software errors cannot be caused under the condition that the program is written correctly; level 4 is a rule violation that does not result in a software error, but does affect program readability.
5. The large complex information system software defect detection rule classification and combination strategy method according to claim 4, characterized in that: aiming at the defects detected by the rules of different grades, and after the defects are repaired, the code compliance quality which can be achieved by software is divided into three types of qualified rules, good rules and excellent rules;
the qualified rules include all level 1 rules, the good rules include all level 1-level 2 rules, and the excellent rules include all level 1-level 4 rules.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201911271947.5A CN111651344A (en) | 2019-12-12 | 2019-12-12 | Software defect detection rule grading and combination strategy method for large-scale complex information system |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201911271947.5A CN111651344A (en) | 2019-12-12 | 2019-12-12 | Software defect detection rule grading and combination strategy method for large-scale complex information system |
Publications (1)
Publication Number | Publication Date |
---|---|
CN111651344A true CN111651344A (en) | 2020-09-11 |
Family
ID=72352331
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201911271947.5A Pending CN111651344A (en) | 2019-12-12 | 2019-12-12 | Software defect detection rule grading and combination strategy method for large-scale complex information system |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN111651344A (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN114020634A (en) * | 2021-11-11 | 2022-02-08 | 中国电子科技集团公司第十五研究所 | Software product autonomous controllability evaluation method and system |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
DE102006046203A1 (en) * | 2006-09-29 | 2007-08-30 | Siemens Ag | Software source code evaluating method, involves classifying detected errors, assigning errors to error class from set of error classes, and assigning specification, which specifies errors of respective error classes to each error class |
CN103309804A (en) * | 2013-04-08 | 2013-09-18 | 中国电子科技集团公司第十研究所 | Automatic code rule checking platform |
-
2019
- 2019-12-12 CN CN201911271947.5A patent/CN111651344A/en active Pending
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
DE102006046203A1 (en) * | 2006-09-29 | 2007-08-30 | Siemens Ag | Software source code evaluating method, involves classifying detected errors, assigning errors to error class from set of error classes, and assigning specification, which specifies errors of respective error classes to each error class |
CN103309804A (en) * | 2013-04-08 | 2013-09-18 | 中国电子科技集团公司第十研究所 | Automatic code rule checking platform |
Non-Patent Citations (1)
Title |
---|
朱志东等: "基于Jenkins的软件缺陷持续测试平台设计与实现", 《信息化研究》 * |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN114020634A (en) * | 2021-11-11 | 2022-02-08 | 中国电子科技集团公司第十五研究所 | Software product autonomous controllability evaluation method and system |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN108648779B (en) | Flash memory particle screening and grading method | |
CN103136471B (en) | A kind of malice Android application program detection method and system | |
CN102662833B (en) | Method for managing test cases | |
CN110263934B (en) | Artificial intelligence data labeling method and device | |
CN105068936B (en) | Method and device for testing stability of software | |
CN108205493A (en) | A kind of code detection method, terminal, server and system | |
CN108241574A (en) | A kind of method and system analyzed based on test and management tool QC software test defect | |
CN103257918A (en) | Project test procedure management method based on software testing and evaluation platform | |
CN111651344A (en) | Software defect detection rule grading and combination strategy method for large-scale complex information system | |
CN108021788A (en) | The method and apparatus of deep sequencing data extraction biomarker based on cell free DNA | |
CN107870827A (en) | Data quality control method and device based on verification | |
CN108985707B (en) | Method for rapidly judging authenticity of resume content | |
CN106201857B (en) | The choosing method and device of test case | |
CN112085595A (en) | Credit scoring model monitoring method and device | |
CN110310702A (en) | A kind of method, apparatus and storage medium of gene order-checking assembling result reparation | |
CN107783890A (en) | Software defect data processing method and device | |
CN101673233A (en) | Scheduling method of test items and scheduling system thereof | |
CN111142889B (en) | eMMC automatic volume production method, device, storage medium and electronic equipment | |
CN110427316B (en) | Embedded software defect repairing method based on access behavior perception | |
Pan et al. | GUI-guided repair of mobile test scripts | |
CN111967575A (en) | Semi-automatic model updating system and model updating method | |
CN110222981B (en) | Reservoir classification evaluation method based on parameter secondary selection | |
CN110764960A (en) | Solid state disk firmware testing method | |
CN105469141A (en) | Neural-network-based prediction method and system | |
CN111144429A (en) | Object classification method and system, computer system and computer readable medium |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20200911 |
|
RJ01 | Rejection of invention patent application after publication |