Have you noticed that implementing even simple features becomes increasingly time-consuming over time? Is your current codebase still adhering to the High/Low Level Designs laid down by your Software Architect? Are you aware of the duplicate code and dependency cycles lurking in your code? Is Safety-Certified software your priority?
If any of these questions sparked your curiosity, then keep reading to discover how we can effectively tackle these issues.
Introduction
Axivion has been an integral part of the Qt Group for more than a year, enhancing its Quality Assurance offerings.
For those who aren't familiar with Axivion, Axivion is the technology leader for next generation static code analysis of C, C++ and C# code. In addition to classic analyses such as MISRA or metrics, Axivion exclusively allows you to check the compliance of your software architecture. With the capability to detect clones, cycles, and unreachable code, you will always be able to prevent software erosion in your development projects.
Please check out our customer references to see how Axivion Suite helps our customers achieve their goals day in and day out.
In this article, we take a quick walk through the process of getting started with Axivion, showcasing its tools and the value it brings. To demonstrate the analysis in action, we chose the Industrial Automation Demo project currently being developed in-house, aimed at the upcoming Trade Shows.
Setup
If you are new to Axivion, the obvious choice is to use the Axivion Configuration Wizard, which is a step-by-step guide to configuring your project for analysis. Here, you will be guided through configuration options like Project location, Version Control System, Compiler Toolchain, Build System, etc.
At the end of this process, a standard User Interface appears where you can start fine-tuning the project. For example, you could enable Misra C++ 2023 analysis, disable Cycle Detection, set limits for McCabe complexity checks, or even add custom rules based on your company ruleset.
Architecture Analysis Setup
In theory, software architecture can be ensured by periodic reviews of the code. Unfortunately, in practice, the manual architecture review is both time consuming and error-prone. More often than not, architecture review is ignored during Pull/Merge requests. By the time we start seeing the real issues, we would have spent considerable effort and money patching up the symptoms.
What if we tell you that Axivion will precisely verify architecture compliance for every change made in the source code?
To demonstrate this, we created a high-level design for the demo project using the Gravis tool, which is a simple-to-learn, lightweight, architecture modeling tool.
With Gravis,
- we draw architectural entities (e.g., components, files, classes, functions, variables, etc.)
- define relationships between them (e.g., inheritance, association, function call, friend function, etc.)
- map the architecture entities with corresponding code artifacts.
Note: Using Gravis is not mandatory, as designs can also be imported from Enterprise Architect, IBM Rhapsody, PlantUML or any tool that uses the XMI format for software architecture representation.
Static Code Analysis Setup
Apart from the widely popular options like Style Checks and Metrics, you could also analyze Duplicate Code, Dependency Cycles, and Dead Code in your code base with Axivion. Though it may seem trivial, you would already be noticing its symptoms, like repetitive bugs with the same fix, increased compilation times, unprecedented crashes, and unmaintainable code.
If you prioritize safety certifications such as ISO 26262, IEC 61508, IEC 62304, or EN 50128/50657, then look no further because Axivion is certified by SGS-TÜV Saar GmbH for use in the development of safety-certified systems. This, coupled with coding guidelines aimed at Safety (Misra) and Security (CWE, CERT, and C Secure Coding) would ensure safety certified code along the supply chain.
For the demo project, apart from choosing Misra-C++ 2023 guidelines, we also enabled Clone Detection, Cycle Detection, and Dead Code Detection for the analysis.
Execution
Analysis can be triggered easily by executing the helper script (sh/bat) generated during setup. This approach also makes CI-CD integration effortless.
Results
The analysis results can be conveniently viewed on Axivion Suite's Dashboard, an intuitive web application accessible through your browser. This dashboard provides insights into the erosion and quality attributes of your software projects, making it easy to monitor and improve their overall health.
Note: Analysis Results are also available in SARIF, JSON, CSV, JUnit XML, and Text Formats.
Architecture Analysis Results
The analysis shows us the convergence, divergence, or absence of relationships between the defined architectural entities when compared against reality (codebase). This serves as a valuable signal for us to address any code issues proactively, preventing further complexity. It may also ignite conversations about the underlying reasons for the discrepancies, prompting a reassessment of the architectural design.
Static Code Analysis Results
Axivion left no stone unturned in uncovering the clones and dead code within our repository. This analysis proved invaluable in eliminating duplicate code and identifying unused functions that had slipped under the radar.
The analysis of Misra C++ 2023 shed light on the rigorous demands of a Safety-Critical Project, guiding us towards compliance. The intuitive dashboard provides a timeline of issue introductions and resolutions, offering valuable insights for continuous improvement.
With the option to customize/finetune Axivion to suit your needs, you can avoid false positives, which can reduce the usefulness of SCA, and waste entire days for QA Engineers.
For example, we stumbled upon a false positive where the std::unique_lock variable is flagged as unused, while in reality, the declaration itself would serve the purpose of locking the mutex within the scope. This can be configured as an expected behavior by setting the option treat_side_effect_constructors_as_use to true.
Conclusion
Measurement is key to control and improvement. If you can't measure it accurately, you can't understand, control, or improve it.
With Axivion as your ally, you can effectively measure and address software erosion factors, manage complexity, and ensure the overall health of your development process. Axivion empowers you to stay ahead of the curve by providing valuable insights into your codebase, enabling you to make informed decisions and implement targeted improvements.
What's next?
What fun would it be to taste our own medicine? Currently, the Qt Framework and Axivion Suite itself are under surveillance from Axivion Suite. Please keep tuned for the Architecture/Static Code Analysis of Qt Safe Renderer, – a Safety-Certified offering from Qt.
If you would like to learn more about Axivion, please contact us.
