SQUALE -- Software QUALity Enhancement

PresentationInternational audienceThe Squale project was born from industrial effort to control software quality. Its goals are to refine and enhance Qualixo Model, a software-metric based quality model already used by large companies in France (Air France-KLM, PSA Peugeot-Citroën) and to support the estimation of return on investment produced by software quality. Qualixo Model is a software quality model based on the aggregation of software metrics into higher level indicators called practices, criterias and factors. The coordination of Squale is carried out by Qualixo

Open source tools for measuring the Internal Quality of Java software products. A survey

Collecting metrics and indicators to assess objectively the different products resulting during the lifecycle of a software project is a research area that encompasses many different aspects, apart from being highly demanded by companies and software development teams. Focusing on software products, one of the most used methods by development teams for measuring Internal Quality is the static analysis of the source code. This paper works in this line and presents a study of the stateof- the-art open source software tools that automate the collection of these metrics, particularly for developments in Java. These tools have been compared according to certain criteria defined in this study.Ministerio de Ciencia e Innovación TIN2010-20057-C03-02Junta de Andalucía TIC-578

The Squale Model - A Practice-based Industrial Quality Model

International audienceISO 9126 promotes a three-level model of quality (fac- tors, criteria, and metrics) which allows one to assess qual- ity at the top level of factors and criteria. However, it is dif- ficult to use this model as a tool to increase software quality. In the Squale model, we add practices as an intermediate level between metrics and criteria. Practices abstract away from raw information (metrics, tool reports, audits) and provide technical guidelines to respect. Moreover, practice marks are adjusted using formulae to suit company development habits or exigences: for example bad marks are stressed to point to places which need more attention. The Squale model has been developed and validated over the last couple of years in an industrial setting with Air France-KLM and PSA Peugeot-Citroën

A Quality Model for Actionable Analytics in Rapid Software Development

Background: Accessing relevant data on the product, process, and usage perspectives of software as well as integrating and analyzing such data is crucial for getting reliable and timely actionable insights aimed at continuously managing software quality in Rapid Software Development (RSD). In this context, several software analytics tools have been developed in recent years. However, there is a lack of explainable software analytics that software practitioners trust. Aims: We aimed at creating a quality model (called Q-Rapids quality model) for actionable analytics in RSD, implementing it, and evaluating its understandability and relevance. Method: We performed workshops at four companies in order to determine relevant metrics as well as product and process factors. We also elicited how these metrics and factors are used and interpreted by practitioners when making decisions in RSD. We specified the Q-Rapids quality model by comparing and integrating the results of the four workshops. Then we implemented the Q-Rapids tool to support the usage of the Q-Rapids quality model as well as the gathering, integration, and analysis of the required data. Afterwards we installed the Q-Rapids tool in the four companies and performed semi-structured interviews with eight product owners to evaluate the understandability and relevance of the Q-Rapids quality model. Results: The participants of the evaluation perceived the metrics as well as the product and process factors of the Q-Rapids quality model as understandable. Also, they considered the Q-Rapids quality model relevant for identifying product and process deficiencies (e.g., blocking code situations). Conclusions: By means of heterogeneous data sources, the Q-Rapids quality model enables detecting problems that take more time to find manually and adds transparency among the perspectives of system, process, and usage.Comment: This is an Author's Accepted Manuscript of a paper to be published by IEEE in the 44th Euromicro Conference on Software Engineering and Advanced Applications (SEAA) 2018. The final authenticated version will be available onlin

A Source-Code Maintainability Evaluation Model for Software Products

The maintainability index (MI) has been proposed to calculate a single number which expresses the maintainability of a system. This article presents a model for evaluating the maintainability of software products. The model improves the shortcomings observed in the maintainability assessment approaches in the quality assessment models SQuaRE (ISO25000), ISO 9126, Squale and the FCM standard. Its main innovation is to take into account the importance of entities in the system when calculating the maintainability score. This implies that the same type of defect will have a different score depending on the entity presenting it. Seven experts with several years of experience evaluated the model. They confirmed the effectiveness and usability of the model. Then, we compared our model with the Squale maintainability index and the classical maintainability index. The results show no correlation between these models. The implications are that each method gives a slightly different view of maintainability

The Squale Model - A Practice-based Industrial Quality Model

ISO 9126 promotes a three-level model of quality (fac- tors, criteria, and metrics) which allows one to assess qual- ity at the top level of factors and criteria. However, it is dif- ficult to use this model as a tool to increase software quality. In the Squale model, we propose the adjunction of prac- tices as an intermediate level between metrics and crite- ria. Practices abstract from raw information at the source (metrics, tool reports, audits) to provide the developer with technical guidelines to respect. Moreover, practice marks can be adjusted using formulae to suit company develop- ment habits or exigences: for example bad marks can be stressed to point to places which need the most attention. Dashboards allow one to spot faulty practices and find the source elements responsible for the bad marks. The Squale model has been developed and validated over the last cou- ple of years in an industrial setting with Air France-KML and PSA Peugeot-Citroën. Over 100 projects with a total of more than seven millions lines of code have been assessed and steered using Squale

The Squale Model - A Practice-based Industrial Quality Model

International audienceISO 9126 promotes a three-level model of quality (fac- tors, criteria, and metrics) which allows one to assess qual- ity at the top level of factors and criteria. However, it is dif- ficult to use this model as a tool to increase software quality. In the Squale model, we add practices as an intermediate level between metrics and criteria. Practices abstract away from raw information (metrics, tool reports, audits) and provide technical guidelines to respect. Moreover, practice marks are adjusted using formulae to suit company development habits or exigences: for example bad marks are stressed to point to places which need more attention. The Squale model has been developed and validated over the last couple of years in an industrial setting with Air France-KLM and PSA Peugeot-Citroën

A quality model for actionable analytics in rapid software development

Accessing relevant data on the product, process, and usage perspectives of software as well as integrating and analyzing such data is crucial for getting reliable and timely actionable insights aimed at continuously managing software quality in Rapid Software Development (RSD). In this context, several software analytics tools have been developed in recent years. However, there is a lack of explainable software analytics that software practitioners trust. Aims: We aimed at creating a quality model (called Q-Rapids quality model) for actionable analytics in RSD, implementing it, and evaluating its understandability and relevance. Method: We performed workshops at four companies in order to determine relevant metrics as well as product and process factors. We also elicited how these metrics and factors are used and interpreted by practitioners when making decisions in RSD. We specified the Q-Rapids quality model by comparing and integrating the results of the four workshops. Then we implemented the Q-Rapids tool to support the usage of the Q-Rapids quality model as well as the gathering, integration, and analysis of the required data. Afterwards we installed the Q-Rapids tool in the four companies and performed semi-structured interviews with eight product owners to evaluate the understandability and relevance of the Q-Rapids quality model. Results: The participants of the evaluation perceived the metrics as well as the product and process factors of the Q-Rapids quality model as understandable. Also, they considered the Q-Rapids quality model relevant for identifying product and process deficiencies (e.g., blocking code situations). Conclusions: By means of heterogeneous data sources, the Q-Rapids quality model enables detecting problems that take more time to find manually and adds transparency among the perspectives of system, process, and usage.Peer ReviewedPostprint (author's final draft

Project-Team RMoD (Analyses and Language Constructs for Object-Oriented Application Evolution) 2009 Activity Report

This is the yearly report of the RMOD team. A good way to understand what we are doing

Dependency Management 2.0 – A Semantic Web Enabled Approach

Software development and evolution are highly distributed processes that involve a multitude of supporting tools and resources. Application programming interfaces are commonly used by software developers to reduce development cost and complexity by reusing code developed by third-parties or published by the open source community. However, these application programming interfaces have also introduced new challenges to the Software Engineering community (e.g., software vulnerabilities, API incompatibilities, and software license violations) that not only extend beyond the traditional boundaries of individual projects but also involve different software artifacts. As a result, there is the need for a technology-independent representation of software dependency semantics and the ability to seamlessly integrate this representation with knowledge from other software artifacts. The Semantic Web and its supporting technology stack have been widely promoted to model, integrate, and support interoperability among heterogeneous data sources. This dissertation takes advantage of the Semantic Web and its enabling technology stack for knowledge modeling and integration. The thesis introduces five major contributions: (1) We present a formal Software Build System Ontology – SBSON, which captures concepts and properties for software build and dependency management systems. This formal knowledge representation allows us to take advantage of Semantic Web inference services forming the basis for a more flexibility API dependency analysis compared to traditional proprietary analysis approaches. (2) We conducted a user survey which involved 53 open source developers to allow us to gain insights on how actual developers manage API breaking changes. (3) We introduced a novel approach which integrates our SBSON model with knowledge about source code usage and changes within the Maven ecosystem to support API consumers and producers in managing (assessing and minimizing) the impacts of breaking changes. (4) A Security Vulnerability Analysis Framework (SV-AF) is introduced, which integrates builds system, source code, versioning system, and vulnerability ontologies to trace and assess the impact of security vulnerabilities across project boundaries. (5) Finally, we introduce an Ontological Trustworthiness Assessment Model (OntTAM). OntTAM is an integration of our build, source code, vulnerability and license ontologies which supports a holistic analysis and assessment of quality attributes related to the trustworthiness of libraries and APIs in open source systems. Several case studies are presented to illustrate the applicability and flexibility of our modelling approach, demonstrating that our knowledge modeling approach can seamlessly integrate and reuse knowledge extracted from existing build and dependency management systems with other existing heterogeneous data sources found in the software engineering domain. As part of our case studies, we also demonstrate how this unified knowledge model can enable new types of project dependency analysis