admtf-14-12-25

7/26/2019 admtf-14-12-25

1/51

Date: December 1707, 2014

Automated Source Code CISQ Top 15Performance Efficiency Measure

Request For Comments

__________________________________________________

OMG Document Number: admtf /2014-12-25204

Standard document URL: http: //www.omg.org/spec/ASCPEM/20141211/Automated Source Code CISQ Top 15 PerformanceEfficiency Measure RFC with change bars

Associated files: Normative:

http://www.omg.org/spec/ASCCPEM/20141110/AutomatedSourceCodeCISQTop15Performance

EfficiencyMeasureSPMS.xmi

http://www.omg.org/spec/ASCCPEM/20141110/AutomatedSourceCodeCISQTop15PerformanceEfficiencyMeasureSMM.smm

____________________________________________________

Submitted by:

CAST Software, Inc.

Mitre Corporation

Field Code Changed

7/26/2019 admtf-14-12-25

2/51

1

7/26/2019 admtf-14-12-25

3/51

2

USE OF SPECIFICATION - TERMS, CONDITIONS & NOTICES

The material in this document details an Object Management Group (OMG) specification in accordance with the terms,

conditions and notices set forth below. This document does not represent a commitment to implement any portion of this

specification in any company's products. The information contained in this document is subject to change without notice.

LICENSES

The companies listed above have granted to the Consortium for IT Software Quality and it parent, Object Management Group,

Inc. (OMG), a nonexclusive, royalty-free, paid up, worldwide license to copy and distribute this document and to modify this

document and distribute copies of the modified version. Each of the copyright holders listed above has agreed that no person

shall be deemed to have infringed the copyright in the included material of any such copyright holder by reason of having used

the specification set forth herein or having conformed any computer software to the specification.

Subject to all of the terms and conditions below, the owners of the copyright in this specification hereby grant you a fully-paidup, non-exclusive, nontransferable, perpetual, worldwide license (without the right to sublicense), to use this specification to

create and distribute software and special purpose specifications that are based upon this specification, and to use, copy, and

distribute this specification as provided under the Copyright Act; provided that: (1) both the copyright notice identified above

and this permission notice appear on any copies of this specification; (2) the use of the specifications is for informational

purposes and will not be copied or posted on any network computer or broadcast in any media and will not be otherwise resold

or transferred for commercial purposes; and (3) no modifications are made to this specification. This limited permission

automatically terminates without notice if you breach any of these terms or conditions. Upon termination, you will destroy

immediately any copies of the specifications in your possession or control.

PATENTS

The attention of adopters is directed to the possibility that compliance with or adoption of OMG specifications may require use

of an invention covered by patent rights. OMG shall not be responsible for identifying patents for which a license may be

required by any OMG specification, or for conducting legal inquiries into the legal validity or scope of those patents that are

brought to its attention. OMG specifications are prospective and advisory only. Prospective users are responsible for protectingthemselves against liability for infringement of patents.

GENERAL USE RESTRICTIONS

Any unauthorized use of this specification may violate copyright laws, trademark laws, and communications regulations and

statutes. This document contains information which is protected by copyright. All Rights Reserved. No part of this work covered

by copyright herein may be reproduced or used in any form or by any means--graphic, electronic, or mechanical, including

photocopying, recording, taping, or information storage and retrieval systems--without permission of the copyright owner.

DISCLAIMER OF WARRANTY

WHILE THIS PUBLICATION IS BELIEVED TO BE ACCURATE, IT IS PROVIDED "AS IS" AND MAY CONTAIN ERRORS

OR MISPRINTS. CISQ AND THE COMPANIES LISTED ABOVE MAKE NO WARRANTY OF ANY KIND, EXPRESS OR

IMPLIED, WITH REGARD TO THIS PUBLICATION, INCLUDING BUT NOT LIMITED TO ANY WARRANTY OF TITLE OR

OWNERSHIP, IMPLIED WARRANTY OF MERCHANTABILITY OR WARRANTY OF FITNESS FOR A PARTICULAR

PURPOSE OR USE. IN NO EVENT SHALL CISDQ, THE OBJECT MANAGEMENT GROUP OR ANY OF THE COMPANIES

LISTED ABOVE BE LIABLE FOR ERRORS CONTAINED HEREIN OR FOR DIRECT, INDIRECT, INCIDENTAL, SPECIAL,

CONSEQUENTIAL, RELIANCE OR COVER DAMAGES, INCLUDING LOSS OF PROFITS, REVENUE, DATA OR USE,

7/26/2019 admtf-14-12-25

4/51

3

INCURRED BY ANY USER OR ANY THIRD PARTY IN CONNECTION WITH THE FURNISHING, PERFORMANCE, OR

USE OF THIS MATERIAL, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

The entire risk as to the quality and performance of software developed using this specification is borne by you. This disclaimer

of warranty constitutes an essential part of the license granted to you to use this specification.

RESTRICTED RIGHTS LEGEND

Use, duplication or disclosure by the U.S. Government is subject to the restrictions set forth in subparagraph (c) (1) (ii) of The

Rights in Technical Data and Computer Software Clause at DFARS 252.287-7013 or in subparagraph (c)(1) and (2) of the

Commercial Computer Software - Restricted Rights clauses at 48 C.F.R. 52.287-19 or as specified in 48 C.F.R. 287-7202-2

of the DoD F.A.R. Supplement and its successors, or as specified in 48 C.F.R. 12.212 of the Federal Acquisition Regulations

and its successors, as applicable. The specification copyright owners are as indicated above and may be contacted through

the Object Management Group, 250 First Avenue, Needham, MA 02494, U.S.A.

TRADEMARKS

IMM, MDA, Model Driven Architecture, UML, UML Cube logo, OMG Logo, CORBA and XMI are registered

trademarks of the Object Management Group, Inc., and Object Management Group, OMG , Unified Modeling Language,

Model Driven Architecture Logo, Model Driven Architecture Diagram, CORBA logos, XMI Logo, CWM, CWM

Logo, IIOP , MOF , OMG Interface Definition Language (IDL) , and OMG SysML are trademarks of the Object

Management Group. All other products or company names mentioned are used for identification purposes only, and may be

trademarks of their respective owners.

COMPLIANCE

The copyright holders listed above acknowledge that the Object Management Group (acting itself or through its designees) is

and shall at all times be the sole entity that may authorize developers, suppliers and sellers of computer software to use

certification marks, trademarks or other special designations to indicate compliance with these materials.

Software developed under the terms of this license may claim compliance or conformance with this specification if and only if

the software compliance is of a nature fully matching the applicable compliance points as stated in the specification. Software

developed only partially matching the applicable compliance points may claim only that the software was based on this

specification, but may not claim compliance or conformance with this specification. In the event that testing suites are

implemented or approved by Object Management Group, Inc., software developed using this specification may claim

compliance or conformance with the specification only if the software satisfactorily completes the testing suites.

7/26/2019 admtf-14-12-25

5/51

4

OMGs Issue Reporting Procedure

All OMG specifications are subject to continuous review and improvement. As part of thisprocess we encourage readers to report any ambiguities, inconsistencies, or inaccuracies theymay find by completing the Issue Reporting Form listed on the main web page http://www.omg.org, under Documents, Report a Bug/Issue (http://www.omg.org/report_issue.htm).

7/26/2019 admtf-14-12-25

6/51

5

TableofContents

TableofContents.....................................................................................................................................54

0.SubmissionSpecificMaterial............................................................................................................1211

0.1SubmissionPreface....................................................................................................................1211

0.2CopyrightWaiver........................................................................................................................1211

0.3SubmitterRepresentative...........................................................................................................1211

0.4AuthorTeam.............................................................................................................................. 1211

0.5ProofofConcept........................................................................................................................1211

1. Scope................................................................................................................................................13

1.1 Purpose....................................................................................................................................13

1.2

CISQBackground

......................................................................................................................

13

1.2 OverviewofSoftwareQualityCharacteristicMeasurement.....................................................13

1.3 DevelopmentoftheAutomatedSourceCodeCISQTop15PerformanceEfficiencyMeasure..14

1.4 StructureoftheAutomatedSourceCodeCISQTop15PerformanceEfficiencyMeasure........15

1.5 UsingandImprovingThisMeasure...........................................................................................16

2. Conformance....................................................................................................................................18

3. NormativeReferences......................................................................................................................18

3.1 Normative.................................................................................................................................18

4. TermsandDefinitions......................................................................................................................18

5. Symbols(andAbbreviatedTerms)....................................................................................................20

6. AdditionalInformation(Informative)...............................................................................................21

6.1 SoftwareProductInputs...........................................................................................................21

6.2 AutomatedSourceCodeCISQTop15PerformanceEfficiencyMeasureElements...............2221

7. SPMSRepresentationofthePerformanceEfficiencyQualityMeasurePatterns(Normative)..........26

7.0.1 Introduction......................................................................................................................26

7.0.2 SPMS.................................................................................................................................26

7.0.3 KDM..................................................................................................................................27

7.0.4 Readingguide...................................................................................................................28

7.1. CategorydefinitionofCISQPerformanceEfficiency...........................................................29

7.2. PatterndefinitionofASCCPEMPRF1:StaticBlockElementcontainingClassInstance

CreationControlElement....................................................................................................................29

PatternCategory...............................................................................................................................29

PatternSections................................................................................................................................29

Objective........................................................................................................................................29

Consequence..................................................................................................................................29

MeasureElement..........................................................................................................................29

Description....................................................................................................................................29

Descriptor......................................................................................................................................30

Variableinput...............................................................................................................................30

Comment........................................................................................................................................30

ListofRoles.......................................................................................................................................30

7/26/2019 admtf-14-12-25

7/51

6

7.3. PatterndefinitionofASCCPEMPRF2:ImmutableStorableandMemberDataElement

Creation..................................................................................................................................................30



Objective........................................................................................................................................30

Consequence..................................................................................................................................30

MeasureElement..........................................................................................................................30

Description....................................................................................................................................30

Descriptor......................................................................................................................................31

Variableinput...............................................................................................................................31

Comment........................................................................................................................................31

ListofRoles.......................................................................................................................................31

7.4. Pattern definition of ASCCPEMPRF3: Static Member Data Element outside of a

SingletonClassElement......................................................................................................................31

Pattern

Category...............................................................................................................................

31


Objective........................................................................................................................................31

Consequence..................................................................................................................................31

MeasureElement..........................................................................................................................31

Description....................................................................................................................................31

Descriptor......................................................................................................................................32

Variableinput...............................................................................................................................32

Comment........................................................................................................................................32

ListofRoles.......................................................................................................................................32

7.5. PatterndefinitionofASCCPEMPRF4:DataResourceReadandWriteAccessExcessive

Complexity.............................................................................................................................................32



Objective........................................................................................................................................32

Consequence..................................................................................................................................32

MeasureElement..........................................................................................................................32

Description....................................................................................................................................32

Descriptor......................................................................................................................................33

Variableinput...............................................................................................................................33

Comment........................................................................................................................................33

ListofRoles.......................................................................................................................................33

7.6. Pattern definition ofASCCPEMPRF5:Data Resource ReadAccess Unsupported by

IndexElement.......................................................................................................................................33



Objective........................................................................................................................................33

Consequence..................................................................................................................................34

MeasureElement..........................................................................................................................34

Description....................................................................................................................................34

Descriptor......................................................................................................................................34

Variableinput...............................................................................................................................34

7/26/2019 admtf-14-12-25

8/51

7

Comment........................................................................................................................................34

ListofRoles.......................................................................................................................................34

7.7. Pattern definition of ASCCPEMPRF6: Large Data Resource ColumnSet Excessive

NumberofIndexElements.................................................................................................................34



Objective........................................................................................................................................34

Consequence..................................................................................................................................34

MeasureElement..........................................................................................................................35

Description....................................................................................................................................35

Descriptor......................................................................................................................................35

Variableinput...............................................................................................................................35

Comment........................................................................................................................................35

ListofRoles.......................................................................................................................................35

7.8.

Pattern

definition

of

ASCCPEM

PRF

7:

Large

Data

Resource

ColumnSet

with

Index

Elementof ExcessiveSize...................................................................................................................35



Objective........................................................................................................................................36

Consequence..................................................................................................................................36

MeasureElement..........................................................................................................................36

Description....................................................................................................................................36

Descriptor......................................................................................................................................36

Variableinput...............................................................................................................................36

Comment........................................................................................................................................36

ListofRoles.......................................................................................................................................36

7.9. PatterndefinitionofASCCPEMPRF8:ControlElementsRequiringSignificantResource

ElementwithinControlFlowLoopBlock.........................................................................................37



Objective........................................................................................................................................37

Consequence..................................................................................................................................37

MeasureElement..........................................................................................................................37

Description....................................................................................................................................37

Descriptor......................................................................................................................................37

Variableinput...............................................................................................................................37

Comment........................................................................................................................................37

ListofRoles.......................................................................................................................................38

7.10. PatterndefinitionofASCCPEMPRF9:NonStoredSQLCallableControlElementwith

ExcessiveNumberofDataResourceAccess.....................................................................................38



Objective........................................................................................................................................38

Consequence..................................................................................................................................38

MeasureElement..........................................................................................................................38

Description....................................................................................................................................38

7/26/2019 admtf-14-12-25

9/51

8

Descriptor......................................................................................................................................38

Variableinput...............................................................................................................................38

Comment........................................................................................................................................39

ListofRoles.......................................................................................................................................39

7.11. PatterndefinitionofASCCPEMPRF10:NonSQLNamedCallableandMethodControl

ElementwithExcessiveNumberofDataResourceAccess............................................................39



Objective........................................................................................................................................39

Consequence..................................................................................................................................39

MeasureElement..........................................................................................................................39

Description....................................................................................................................................39

Descriptor......................................................................................................................................39

Variableinput...............................................................................................................................40

Comment........................................................................................................................................

40

ListofRoles.......................................................................................................................................40

7.12. PatterndefinitionofASCCPEMPRF11:DataAccessControlElement fromOutside

DesignatedDataManagerComponent..............................................................................................40



Objective........................................................................................................................................40

Consequence..................................................................................................................................40

MeasureElement..........................................................................................................................40

Description....................................................................................................................................40

Descriptor......................................................................................................................................41

Variableinput...............................................................................................................................41

Comment........................................................................................................................................41

ListofRoles.......................................................................................................................................41

7.13. PatterndefinitionofASCCPEMPRF12:StorableandMemberDataElementExcessive

NumberofAggregatedStorableandMemberDataElements.......................................................41



Objective........................................................................................................................................41

Consequence..................................................................................................................................41

MeasureElement..........................................................................................................................41

Description....................................................................................................................................42

Descriptor......................................................................................................................................42

Variableinput...............................................................................................................................42

Comment........................................................................................................................................42

ListofRoles.......................................................................................................................................42

7.14. PatterndefinitionofASCCPEMPRF13:DataResourceAccessnotusingConnection

Poolingcapability.................................................................................................................................42



Objective........................................................................................................................................42

Consequence..................................................................................................................................42

7/26/2019 admtf-14-12-25

10/51

9

MeasureElement..........................................................................................................................43

Description....................................................................................................................................43

Descriptor......................................................................................................................................43

Variableinput...............................................................................................................................43

Comment........................................................................................................................................43

ListofRoles.......................................................................................................................................43

7.15. PatterndefinitionofASCCPEMPRF14:StorableandMemberDataElementMemory

AllocationMissingDeAllocationControlElement.........................................................................43



Objective........................................................................................................................................44

Consequence..................................................................................................................................44

MeasureElement..........................................................................................................................44

Description....................................................................................................................................44

Descriptor......................................................................................................................................

44

Variableinput...............................................................................................................................44

Comment........................................................................................................................................44

ListofRoles.......................................................................................................................................44

7.16. Pattern definition of ASCCPEMPRF15: Storable and Member Data Element

ReferenceMissingDeReferencingControlElement...................................................................... 45



Objective........................................................................................................................................45

Consequence..................................................................................................................................45

MeasureElement..........................................................................................................................45

Description....................................................................................................................................45

Descriptor......................................................................................................................................45

Variableinput...............................................................................................................................45

Comment........................................................................................................................................45

ListofRoles.......................................................................................................................................45

8. Calculation of the CISQ Automated Source Code Top 15 Performance Efficiency Measure and

FunctionalDensity(Normative)................................................................................................................46

8.1 CalculationoftheBaseMeasure..............................................................................................46

8.2 FunctionalDensityofCISQTop15PerformanceEfficiencyViolations...................................... 46

9. AlternativeWeightedMeasuresandUses(Informative)..................................................................48

9.1 AdditionalDerivedMeasures...................................................................................................48

10. References(Informative)..............................................................................................................49

AppendixA:CISQ.....................................................................................................................................50

7/26/2019 admtf-14-12-25

11/51

10

Preface

AbouttheObjectManagementGroup

OMG

Founded in 1989, the Object Management Group, Inc. (OMG) is an open membership, not-for-profit computer industry standards consortium that produces and maintains computer industryspecifications for interoperable, portable and reusable enterprise applications in distributed,

heterogeneous environments. Membership includes Information Technology vendors, end users,government agencies and academia.

OMG member companies write, adopt, and maintain its specifications following a mature, openprocess. OMG's specifications implement the Model Driven Architecture (MDA),

maximizing ROI through a full-lifecycle approach to enterprise integration that covers multipleoperating systems, programming languages, middleware and networking infrastructures, andsoftware development environments. OMGs specifications include: UML (Unified ModelingLanguage); CORBA (Common Object Request Broker Architecture); CWM (Common

Warehouse Meta-model); and industry-specific standards for dozens of vertical markets.

More information on the OMG is available at http://www.omg.org/.

OMGSpecificationsAs noted, OMG specifications address middleware, modeling and vertical domain frameworks.All OMG Formal Specifications are available from this URL: http://www.omg.org/specSpecifications are organized by the following categories:

BusinessModelingSpecificationsMiddlewareSpecifications

CORBA/IIOP

DataDistributionServices

SpecializedCORBA

IDL/LanguageMappingSpecifications

ModelingandMetadataSpecifications

UML,MOF,CWM,XMI

UMLProfile

ModernizationSpecifications

PlatformIndependentModel(PIM),PlatformSpecificModel(PSM),InterfaceSpecifications

CORBAServices

CORBAFacilities

7/26/2019 admtf-14-12-25

12/51

11

CORBAEmbeddedIntelligenceSpecifications

CORBASecuritySpecifications

OMGDomainSpecifications

SignalandImageProcessingSpecifications

AllofOMGsformalspecificationsmaybedownloadedwithoutchargefromourwebsite.

(ProductsimplementingOMGspecificationsareavailablefromindividualsuppliers.)Copiesof

specifications,availableinPostScriptandPDFformat,maybeobtainedfromtheSpecifications

CatalogcitedaboveorbycontactingtheObjectManagementGroup,Inc.at:

OMGHeadquarters

109HighlandAvenue

Suite300

Needham,MA02494

USA

Tel:+17814440404

Fax:+17814440320

Email:[email protected]

Certain OMG specifications are also available as ISO/IEC standards. Please consult

http://www.iso.org

Issues

Thereader isencouraged toreportandtechnicalorediting issues/problemswiththisspecificationto

http://www.omg.org

7/26/2019 admtf-14-12-25

13/51

12

0.SubmissionSpecificMaterial

0.1SubmissionPrefaceThissubmissionisofameasurerepresentedincompliancewithOMGsStructuredMetricsMetaModel

(SMM),KnowledgeDiscoveryMetamodel(KDM),andStructuredPatternsMetamodelStandard(SPMS).

Thisspecification integrates thesemetamodels to represent theviolationsofgoodarchitecturaland

coding practice incorporated into ameasure of Performance Efficiency for software systems. The

measure described in this specification is an important component for achieving themission of the

ArchitectureDrivenModernization Task Force and contributes toecosystemof standardsneeded to

supportothersoftwarerelatedOMGinitiatives.ThisRFCisoneoffivemeasuresofsoftwareattributes

beingsubmittedbytheConsortiumforITSoftwareQuality(CISQ),aspecialinterestgroupmanagedby

OMG.

0.2

Copyright

Waiver

CASTSoftware, Inc.andMitreCorporation: (i)grant to theObjectManagementGroup, Inc. (OMG)a

nonexclusive,royaltyfree,paidup,worldwidelicensetocopyanddistributethisdocumentandtomodify

thisdocumentanddistributecopiesofthemodifiedversion,and(ii)granttoeachmemberoftheOMGa

nonexclusive,royaltyfree,paidup,worldwidelicensetomakeuptofifty(50)copiesofthisdocumentfor

internalreviewpurposesonlyandnotfordistribution,and(iii)hasagreedthatnopersonshallbedeemed

tohaveinfringedthecopyrightintheincludedmaterialofanysuchcopyrightholderbyreasonofhaving

usedanyOMGspecificationthatmaybebasedhereonorhavingconformedanycomputersoftwareto

suchspecification.

IPRMode:Non-Assertion Covenant

0.3SubmitterRepresentativeBillCurtis

CASTSoftware,Inc.

[email protected]

0.4AuthorTeamPhilippeEmmanuelDouziech BillCurtis

CASTSoftware,Inc. CASTSoftware,Inc.

[email protected] [email protected]

RobertA.Martin

MitreCorporation

[email protected]

0.5ProofofConceptAutomatedqualitycharacteristicanalysisandmeasurementsoftwarebasedon theanalysisofsource

codeareofferedcommerciallybynumerousvendorssuchasCoverity,HPFortify,CASTSoftware,IBM,

andothers.

Their

technologies

are

capable

of

detecting

most

of

the

CISQ

Performance

Efficiency

weaknesses,andtheirtechnologiesarecapableofbeingmodifiedtodetectthecompleteset.

7/26/2019 admtf-14-12-25

14/51

13

1. Scope

1.1 Purpose

ThepurposeofthisspecificationistoestablishastandardmeasureofPerformanceEfficiencybasedon

detectingviolationsofgoodarchitecturalandcodingpracticesthatcouldresultin inefficientoperation

suchasperformancedegradationorexcessiveuseofprocessorresources. Establishingastandardforthis

measure is importantbecausesuchmeasuresarebeingused inoutsourcingandsystemdevelopment

contractswithouthavinganapprovedinternationalstandardtoreference. Theyarealsocriticaltoother

softwareintensiveOMGinitiativessuchasTheInternetofThings. TheConsortiumforITSoftwareQuality

(CISQ)wasformedasaspecial interestgroupofOMGtocreatespecificationsforautomatingstandard

measuresofsoftwarequalityattributesandsubmitthemtoOMGforapproval.

1.2 CISQBackground

This specificationdefinesamethod forautomating themeasurementofPerformanceEfficiency from

violations of architectural and codingpractice that affect an applicationsperformance and resource

usage. TheviolationsincludedintheCISQmeasurewereselectedfromalargesetofcandidateviolations

relatedtoPerformanceEfficiencyissues. Thefinalsetofviolationswerechosenthroughavotingprocess

amongCISQmemberorganizationsthatresultedinalimitedsetofviolationsthatmemberorganizations

believedweresufficientlyseverethattheyhadtoberemediated. Thisprocesswillbedescribedmore

fullyinasubsequentsection.

Figure1. SoftwareQualityCharacteristicsfromISO/IEC25010withCISQfocalareashighlighted.

1.2 OverviewofSoftwareQualityCharacteristicMeasurement

Measurementof the internalor structuralquality aspectsof softwarehas a longhistory in software

engineering(Curtis,

1980).

Software

quality

characteristics

are

increasingly

being

incorporated

into

7/26/2019 admtf-14-12-25

15/51

14

developmentandoutsourcingcontractsastheequivalentofservice levelagreements. That is,target

thresholdsbasedonqualitycharacteristicmeasuresarebeingset incontracts fordeliveredsoftware.

Currentlytherearenostandardsformostofthesoftwarequalitycharacteristicmeasuresbeingusedin

contracts. ISO/IEC25023purportstoaddressthesemeasures,butonlyprovidesmeasuresofexternal

behavioranddoesnotdefinemeasuresthatcanbedevelopedfromsourcecodeduringdevelopment.

Consequently, providers are subject to different interpretations and calculations of common quality

characteristicsineachcontract. Thisspecificationaddressesoneaspectofthisproblembyprovidinga

specificationformeasuringonequalitycharacteristic,PerformanceEfficiency,fromthesourcecode.This

specification isoneoffourspecifyingsourcecode levelmeasuresofqualitycharacteristics. Theother

threespecifyqualitycharacteristicmeasuresforReliability,Security,andMaintainability.

Violations of GoodArchitectural and Coding PracticeThemost recent advance inmeasuring the

structuralqualityofsoftwareisbasedontheanalysisandmeasurementofviolationsofgoodarchitectural

andcodingpracticethatcanbedetectedbystaticallyanalyzingthesourcecode. TheCWE/SANS25and

OWASPTop

Ten

lists

of

security

weaknesses

are

examples

of

this

approach.

These

lists

are

drawn

from

theCommonWeaknessEnumeration(CWE)repositorymaintainedbyMITRECorporation. CWEcontains

descriptionsofover800weaknessesthatrepresentviolationsofgoodarchitecturalandcodingpractice

insoftware thatcanbeexploited togainunauthorizedentry intoasystem. TheSoftwareAssurance

community has been a leader in this area ofmeasurement by championing the detection of code

weaknessesasawayofimprovingoneaspectofsoftwarequalitysoftwaresecurity.

UnfortunatelytherearenoequivalentrepositoriesofweaknessesforReliability,PerformanceEfficiency,

orMaintainability. Knowledgeof theseweaknesses isspreadacrosssoftwareengineering textbooks,

expertblogs,andinformationsharingsitessuchasgithub. TheCISQmeasureforPerformanceEfficiency

can fillthevoid foraconsensusbodyofknowledgeaboutthemostegregiousPerformanceEfficiency

problemsthatshouldbedetectedandremediatedinsourcecode. Currently,nostandardsorguidelines

havebeendeveloped forcalculatingcomponentorapplicationlevelPerformanceEfficiencymeasures

that aggregateweaknesses detected through static code analysis into applicationlevel Performance

Efficiency measures. CISQ will be providing recommendations for these aggregation and scaling

techniques. However, these techniques are not part of this standard since differentmeasurement

objectivesarebestservedbydifferentscoringtechniques.

Usingviolationsofgoodarchitecturalandcodingpracticesinsoftwarequalitymetricspresentsseveral

challengesforestablishingbaselines. Growthinthenumberofuniqueviolationstobedetectedcould

continuallyraisethebarformeasuringquality,reducingthevalidityofbaselinecomparisons. Further,

differentvendorswilldetectdifferentsetsofviolations,makingcomparisonsdifficultacrosscommercial

softwarequalitymeasurementofferings.Onesolutiontothisproblemistocreateastablelistofviolations

thatareusedforcomputingabaselineforeachqualitycharacteristic. TheAutomatedSourceCodeCISQ

Top15PerformanceEfficiencyMeasurewasdevelopedbyateamofindustryexpertstoformthebasis

forastablebaselinemeasure.

1.3 Development of the Automated Source Code CISQ Top 15 Performance

EfficiencyMeasure

7/26/2019 admtf-14-12-25

16/51

15

Theoriginal24CISQmembercompaniesprovidedexpertstoworkinggroupswhosecharterwastodefine

CISQmeasures. Violationsofgoodarchitecturalandcodingpracticethatahighprobabilityofcausing

PerformanceEfficiencyproblemswereselectedbyaninternationalteamofexpertsdrawnfromthe24

organizations thatjoinedCISQ in2010. Theseorganizations included ITdepartments inFortune200

companies, system integrators/outsourcers, and vendors that provide qualityrelated products and

servicestotheITmarket. TheexpertsmetseveraltimesperyearfortwoyearsintheUS,France,and

IndiatodevelopabroadlistofcandidatePerformanceEfficiencyweaknessesandthenpareitdowntoa

settheyfelthadtoberemediatedtoavoidseriousoperationalproblems.

TheworkgroupbeganbydefiningPerformanceEfficiencyissues,qualityrulesforavoidingtheseissues,

andmeasuresbasedoncountingviolationsoftheserules. Theydevelopedlistsofissuesandqualityrules

bydrawinginformationfromcompanydefectlogs,theircareerexperienceindifferentenvironments,and

industrysourcessuchasbooksandblogs. Inordertoreducetheworkgroupsinitiallisttoacriticalset

ofPerformanceEfficiencyviolations,workgroupmembers individuallyevaluated theseverityofeach

violation.High

severity

violations

were

judged

to

be

those

that

must

be

fixed

in

afuture

release

because

oftheiroperationalriskorcostimpact. Theworkgroupwentthroughseveralroundsofeliminatinglower

severityviolationsandreratingtheseverityofremainingviolationsuntilafinallistwasestablishedasthe

qualitymeasureelementstobeincorporatedintothisspecification.

1.4 StructureoftheAutomatedSourceCodeCISQTop15PerformanceEfficiency

Measure

ISO/IEC25010definesaqualitycharacteristicasbeingcomposedfromseveralqualitysubcharacteristics.

ISO/IEC25023establishesaframeworkofsoftwarequalitycharacteristicmeasureswhereineachquality

subcharacteristicconsistsofacollectionofqualityattributesthatcanbequantifiedasqualitymeasure

elements. Aqualitymeasureelementquantifiesaunitarymeasurableattributeofsoftware,suchasthe

violationofaquality rule. Figure2presentsanexampleof the ISO/IEC25023qualitymeasurement

frameworkusing apartialdecomposition for theAutomated SourceCode CISQ Top15Performance

EfficiencyMeasure.

7/26/2019 admtf-14-12-25

17/51

16

Figure2. ISO/IEC25010FrameworkforSoftwareQualityCharacteristicsMeasurement

Thenonnormativeportionofthisspecificationbeginsby listingthePerformanceEfficiency issuesthat

canplaguesoftwaredevelopedwithpoorarchitecturalandcodingpractices. Qualityruleswrittenas

architecturalorcodingpracticesareconventionsthatavoidedtheproblemdescribedinthePerformance

Efficiencyissue. Thesequalityruleswerethentransformedintosoftwarequalitymeasureelementsby

countingviolationsofthesearchitecturalandcodingpracticesandconventions.

Thenormativeportionofthisspecificationrepresentseachqualitymeasureelementdevelopedfroma

PerformanceEfficiencyruleusingtheStructuredPatternsMetamodelStandard(SPMS). Thecodebased

elementsin

these

patterns

are

represented

in

the

Knowledge

Discovery

Meta

model

(KDM).

The

calculationoftheAutomatedSourceCodeCISQTop15PerformanceEfficiencyMeasurefromitsquality

measureelementsisthenrepresentedusingtheStructuredMetricsMetamodel(SMM). Thiscalculation

is presented as the simple sum of qualitymeasure elementswithout being adjusted by aweighting

scheme.

Thereareseveralweightingschemesthatcanbeappliedinaggregatingviolationcountsintostructural

qualitymeasures. Themosteffectiveweightingoftendependsonthemeasuresusesuchasassessing

operational risk or estimating maintenance costs. The quality measure elements included in this

specificationwereconsideredtobesevereviolationsofsecurearchitecturalandcodingpracticesthat

would need to be remediated. Therefore, weightings based on severity would add little useful

information to themeasure since the variance amongweightswouldbe small. Inorder to support

benchmarkingamongapplications, thisspecification includesameasureof theviolationdensity. This

measureiscreatedbydividingthetotalnumberofviolationsdetectedbyacountofAutomatedFunction

Points(ObjectManagementGroup,2014).

1.5

Using

and

Improving

This

Measure

7/26/2019 admtf-14-12-25

18/51

17

TheAutomatedSourceCodeCISQTop15PerformanceEfficiencyMeasureisacorrelatedmeasurerather

thananabsolutemeasure. Thatis,sinceitdoesnotmeasureallpossiblePerformanceEfficiencyrelated

weaknesses it does not provide an absolutemeasure of Performance Efficiency. However, since it

includescountsofwhatindustryexpertsconsideredhighseverityPerformanceEfficiencyweaknesses,it

providesastrong indicatorofPerformanceEfficiency thatwillbehighlycorrelatedwith theabsolute

PerformanceEfficiencyofasoftwaresystemandwiththeprobabilitythatitcanexperienceoutages,data

corruption,andrelatedproblems.

Since the impact and frequency of specific violations in the Automated Source Code CISQ Top 15

PerformanceEfficiencyMeasurecouldchangeovertime,thisapproachallowsspecificviolationstobe

included, excluded, amplified, or diminished over time in order to support the most effective

benchmarking,diagnostic,andpredictiveuse. ThisspecificationwillbeadjustedthroughcontrolledOMG

specificationrevisionprocessestoreflectchangesinPerformanceEfficiencyengineeringwhileretaining

theability

to

compare

baselines.

Vendors

of

static

analysis

and

measurement

technology

can

compute

thisstandardbaselinemeasure,aswellastheirownextendedmeasuresthatincludeotherPerformance

Efficiencyweaknessesnotincludedasmeasureelementsinthisspecification.

7/26/2019 admtf-14-12-25

19/51

18

2. Conformance

Implementationsofthisspecificationshouldbeabletodemonstratethefollowingattributesinorderto

claimcoformanceautomated,objective, transparent,andverifiable.

AutomatedTheanalysisofthesourcecodeandtheactualcountingmustbefullyautomated.

Theinitialinputsrequiredtopreparethesourcecodeforanalysisincludethesourcecodeofthe

application,theartifactsandinformationneededtoconfiguretheapplicationforoperation,and

anyavailabledescriptionofthearchitecturallayersintheapplication.

ObjectiveAfterthesourcecodehasbeenpreparedforanalysisusingtheinformationprovided

asinputs,theanalysis,calculation,andpresentationofresultsmustnotrequirefurtherhuman

intervention. Theanalysisandcalculationmustbeabletorepeatedlyproducethesameresults

andoutputsonthesamebodyofsoftware.

TransparentImplementationsthatconformtothisspecificationmustclearlylistallsourcecode

(includingversions),nonsourcecodeartifacts,andotherinformationusedtopreparethesource

codeforsubmissiontotheanalysis. VerifiableCompliance with this specification requires that an implementation state the

assumptions/heuristicsituseswithsufficientdetailsothatthecalculationsmaybeindependently

verifiedby thirdparties. Inaddition, all inputsusedare required tobe clearlydescribedand

itemizedsothattheycanbeauditedbyathirdparty.

3. NormativeReferences

3.1 NormativeThefollowingnormativedocumentscontainprovisions,which,throughreferenceinthistext,constitute

provisionsofthisspecification.Fordatedreferences,subsequentamendmentsto,orrevisionsofanyof

thesepublicationsdonotapply.

StructuredPatternsMetamodelStandard,admtf/140201

KnowledgeDiscoveryMetamodel,version1.3(KDM),formal/20110804

StructuredMetricsMetamodel,version1.0(SMM),formal/20120105

MOF/XMIMapping,version2.4.1(XMI),formal/20110809

AutomatedFunctionPoints(AFP),formal/20140103

ISO/IEC25010Systems and software engineering System and software product Quality

Requirements and Evaluation (SQuaRE) System and software quality models

4. TermsandDefinitions

AutomatedFunctionPointsaspecificationforautomatingthecountingofFunctionPointsthatmirrors

ascloselyaspossiblethecountingguidelinesoftheInternationalFunctionPointUserGroup. (OMG,

formal20140103)

CommonWeaknessEnumerationarepositorymaintainedbyMITRECorporationofknownweaknesses

insoftwarethatcanbeexploitedtogainunauthorizedentryintoasoftwaresystem.(cwe.mitre.org)

7/26/2019 admtf-14-12-25

20/51

19

CyclomaticComplexityAmeasureofcontrolflowcomplexitydevelopedbyThomasMcCabebasedon

agraphtheoreticanalysisthatreducesthecontrolflowofacomputerprogramtoasetofedges,

vertices,andtheirattributesthatcanbequantified. (McCabe,1976)

InternalSoftwareQualitythedegreetowhichasetofstaticattributesofasoftwareproductsatisfy

statedandimpliedneedsforthesoftwareproducttobeusedunderspecifiedconditions. Thiswillbe

referredtoassoftwarestructuralquality,orsimplystructuralquality inthisspecification. (ISO/IEC

25010)

Performance Efficiencyperformance relative to the amount of resources or time used under

stated conditions.(ISO/IEC25010)

Quality Measure Elementa measure defined in terms of a software quality attribute and the

measurementmethodforquantifyingit,includingoptionallythetransformationbyamathematical

function.(ISO/IEC

25010)

SoftwareProductasetofcomputerprograms,procedures,andpossiblyassociateddocumentationand

data. (ISO/IEC25010)

Software Product Quality Modela model that categorizes product quality properties into eight

characteristics (functional suitability, reliability, Performance Efficiency, usability, security,

compatibility,maintainabilityandportability).Eachcharacteristiciscomposedofasetofrelatedsub

characteristics. (ISO/IEC25010)

SoftwareQualitydegreetowhichasoftwareproductsatisfiesstatedand impliedneedswhenused

underspecifiedconditions. (ISO/IEC25010)

SoftwareQualityAttributeaninherentpropertyorcharacteristicofsoftwarethatcanbedistinguished

quantitativelyor

qualitatively

by

human

or

automated

means.

(derived

from

ISO/IEC

25010)

SoftwareQualityCharacteristicacategoryofsoftwarequalityattributesthatbearsonsoftwarequality.

(ISO/IEC25010)

Software Quality Characteristic Measurea software qualitymeasure derived frommeasuring the

attributesrelatedtoaspecificsoftwarequalitycharacteristic.

SoftwareQualityIssuearchitecturalorcodingpracticesthatareknowntocauseproblemsinsoftware

development,maintenance,oroperationsandforwhichsoftwarequalityrulescanbedefinedthat

helpavoidproblemscreatedbytheissue.

SoftwareQualityMeasureameasurethatisdefinedasameasurementfunctionoftwoormorevalues

ofsoftwarequalitymeasureelements.(ISO/IEC25010)

7/26/2019 admtf-14-12-25

21/51

20

SoftwareQualityMeasurement(verb)asetofoperationshavingtheobjectofdeterminingavalueofa

softwarequalitymeasure.(ISO/IEC25010)

SoftwareQualityModeladefinedsetofsoftwarecharacteristics,andofrelationshipsbetweenthem,

whichprovidesaframeworkforspecifyingsoftwarequalityrequirementsandevaluatingthequality

ofasoftwareproduct. (derivedfromISO/IEC25010)

SoftwareQualityPropertymeasureablecomponentofsoftwarequality.(derivedfromISO/IEC25010)

SoftwareQualityRuleanarchitecturalorcodingpracticeorconventionthatrepresentsgoodsoftware

engineeringpractice and avoidsproblems in softwaredevelopment,maintenance,oroperations.

Violationsofthesequalityrulesproducessoftwareantipatterns.

Software Quality Subcharacteristica subcategory of a software quality characteristic to which

softwarequality

attributes

and

their

software

quality

measure

elements

are

conceptually

related.

(derivedfromISO/IEC25010)

SoftwarePerformanceEfficiencythedegreetowhichtheperformanceofapieceofsoftware

minimizesitsuseofresourcesortimeinaccomplishingitsspecifiedfunctionsunderstated

conditions. (adaptedfromISO/IEC25010)

SoftwarePerformanceEfficiencyMeasureElementameasuredefinedintermsofaqualityattribute

ofsoftwarethataffectsitsPerformanceEfficiencyandthemeasurementmethodforquantifyingit,

includingoptionallythetransformationbyamathematicalfunction. (adaptedfromISO/IEC25023)

StructuralQualitythedegreetowhichasetofstaticattributesofasoftwareproductsatisfystatedand

implied needs for the software product to be usedunder specified conditionsa component of

softwarequality. ThisconceptisreferredtoasinternalsoftwarequalityinISO/IEC25010.

Violation

apattern

or

structure

in

the

code

that

isinconsistent

with

good

architectural

and

coding

practicesandcanleadtoproblemsinoperationormaintenance.

5. Symbols(andAbbreviatedTerms)

CISQConsortiumforITSoftwareQuality

KDMKnowledgeDiscoveryMetamodel

SPMSStructuredPatternsMetamodelStandard

SMMStructuredMetricsMetamodel

7/26/2019 admtf-14-12-25

22/51

21

6. AdditionalInformation(Informative)

6.1 SoftwareProductInputs

Thefollowinginputsareneededbystaticcodeanalyzersinordertointerpretviolationsofthesoftware

qualityrulesthatwouldbeincludedinindividualsoftwarequalitymeasureelements.

Theentiresourcecodefortheapplicationbeinganalyzed

Allmaterialsandinformationrequiredtopreparetheapplicationforproduction

Adescriptionofthearchitectureandlayerboundariesoftheapplication,includingan

assignmentofmodulestolayersiftheyexist

Staticcodeanalyzerswillalsoneeda listoftheviolationsthatconstituteeachqualityelement inthe

AutomatedSourceCodeCISQTop15PerformanceEfficiencyMeasure.

6.2 InputValuesforThresholdsinMeasureElementsSeveral of theweaknesses in the Automated Source Code CISQ Top 15 Performance Efficiency 20

Maintainabilitymeasuredetectviolationsofgoodarchitecturalorcodingpracticebasedon threshold

valuesforaconstructbeingexceeded. Table1 liststhedefaultthresholdvalueused inspecifyingthis

measure. Inusingthismeasure,thresholdvaluescanbeadjustedtodifferentlevels.However,whenthe

threshold values are adjusted the results cannot be compared or benchmarked to data from other

analysesthatusedthedefaultvalues. Insuchcasesitmaybegoodtocomputevaluesforboththedefault

andadjustedvalues.

Table1. InputValuesforThresholdsinMeasureElements

listofcomponents

designatedtomanagedataaccesses

minimum

value

The default value for

is1000000. maximum

value

maximumvalue


is5.


is3.

maximumvalue The default value for

is10.

maximumvalue


is3.

maximalvalue


is 2

clientside,and5serverside.

maximumvalue


is5.

Formatted:Normal

Formatted Table

Formatted:Normal

7/26/2019 admtf-14-12-25

23/51

22

6.32Automated Source Code CISQ Top 15 Performance Efficiency Measure

ElementsTheviolationsofgoodarchitecturalandcodingpracticeincorporatedintotheAutomatedSourceCode

CISQTop15PerformanceEfficiencyMeasurearelistedanddescribeinthefollowingTable21. Someof

theCWEsfromtheCommonWeaknessEnumerationrepositorythatare included intheCISQSecurity

measurearealsodefectsthatcancausePerformanceEfficiencyproblems. Inordertoretainconsistency

acrossmeasurementspecifications,theoriginalCWEnumbersandtitleshavebeenretained forthese

PerformanceEfficiencymeasureelements.

Table21. PerformanceEfficiencyPatternsandTheirConsequences,Objectives,andMeasure

Elements

Performance

EfficiencyPattern Consequence Objective MeasureElement

ASCCPEMPRF

1:

StaticBlockElement

containingClass

InstanceCreation

ControlElement

Softwarethatis

codedsoasto

executeexpensive

computations

repeatedly(suchas

inloops)requires

excessive

computational

resourceswhenthe

usageanddata

volumegrow

Avoidupfront

initializationof

softwaredata

elements

Numberofinstanceswherea

storabledataelementor

memberdataelementis

initializedwithavalueinthe

Writeactionandislocatedina

blockofcodewhichisdeclared

asstatic

ASCCPEMPRF2:

ImmutableStorable

andMemberData

ElementCreation

Softwarefeaturing

knownunder

efficientcoding

practicesrequires

excessivecomputational

resources

Avoidunnecessary

usageofadditional

immutabledata

elements


namedcallablecontrolelement

ormethodcontrolelement

createsimmutabletextdata

elementsviathestringconcatenationstatement(which

couldbeavoidedbyusingtext

bufferdataelements)

ASCCPEMPRF3:

StaticMemberData

Elementoutsideof

aSingletonClass

Element

Softwarefeaturing

knownunder

efficientcoding

practicesrequires

excessive

computational

resources

Avoidunnecessary

upfrontallocation

ofmemoryforall

dataelements


staticmemberelementis

declaredasstaticbutitsparent

classelementisnotasingleton

class(thatis,aclasselement

thatcanbeusedonlyoncein

the'to'associationofaCreate

action);itdoesnottakeinto

accountfinalstaticfields

ASCCPEMPRF4:

DataResourceRead

andWriteAccess

Softwarefeaturing

knownunder

efficientSQLQuery

Avoidoverly

complexdata

queries

Numberofinstanceswherethe

numberofrowsinadatatable

exceedsathresholdvalue,and

7/26/2019 admtf-14-12-25

24/51

23

Excessive

Complexity

andDataAccess

constructsrequires

excessive

computational

resources

whereitisaccessedbyadata

actionwhosenumberofjoins

betweentablesexceedsa

thresholdvalue,anditsnumber

ofsubqueriesexceedsa

thresholdvalue. Thedefault

valueforthenumberofrowsis

1000000,thedefaultvaluefor

thenumberofjoinsis5,andthe

defaultvalueforthenumberof

subqueriesis3

ASCCPEMPRF5:

DataResourceRead

AccessUnsupported

byIndex

Element

Softwarefeaturing

knownunder

efficientSQLQuery

andData

Access

constructsrequires

excessive

computational

resources

Avoidunnecessary

fullscansofdata

tables


syntaxoftheReadsColumnSet

actionandtheindex

configurationof

an

SQL

table

or

SQLviewcausestheDBMSto

runsequentialsearches

ASCCPEMPRF6:

LargeData

Resource

ColumnSet

ExcessiveNumber

ofIndexElements

Softwarefeaturing

knownunder

efficientSQLQuery

andDataAccess

constructsrequires

excessive

computational

resources

Avoidtoomany

indicesonverylarge

datatables



exceedsathresholdvalue,and

itsnumberofindicesexceedsa


valuefornumberofrowsis

1000000,andthedefaultvalue

fornumberoftableindicesis3

ASCCPEMPRF7:

LargeData

Resource

ColumnSetwith

IndexElementof

ExcessiveSize

Softwarefeaturing

knownunder

efficientSQL

Query

andDataAccess

constructsrequires

excessive

computational

resources

Avoidoverlylarge

indicesonverylarge

datatables



exceedsathreshold

value,

and

wheretherangevalueofits

indexexceedsathresholdvalue.

Thedefaultvaluefornumberof

rowsis1000000,andthe

defaultvaluefortheindex

rangeis10

ASCCPEMPRF8:

ControlElements

Requiring

SignificantResource

Elementwithin

ControlFlowLoop

Block

Softwarethatis

codedsoasto

executeexpensive

computations

repeatedly(suchas

inloops)requires

excessive

computational

resourceswhenthe

Avoidresource

consuming

operationsfound

directlyorindirectly

withinloops


controlelementthatcauses

platformresourceconsumption

isdirectlyorindirectlycalledvia

anexecutionpathstartingfrom

withinaloopbodyblockor

withinaloopcondition

7/26/2019 admtf-14-12-25

25/51

24

usageanddata

volumegrow

ASCCPEMPRF9:

NonStoredSQL

CallableControl

Elementwith

ExcessiveNumber

ofDataResource

Access

Softwarethatdoes

notleverage

database

capabilitiesto

efficientlyrundata

processing(suchas

storedprocedures

andfunctions)

requiresexcessive

computational

resources

Usededicated

storedprocedures

whenmultipledata

accessesareneeded

Numberofinstanceswhere

serversidenonstoredcallable

controlelementsinadata

managerresourceembeda

numberofdataresource

accessesthatexceeda


valueforthenumberofdata

queriesis5

ASCCPEMPRF10:

NonSQL

Named

Callableand

MethodControl

Elementwith

ExcessiveNumber

ofDataResource

Access

Softwarethatdoes

notleverage

database

capabilitiesto

efficientlyrundata

processing(suchas

storedprocedures

andfunctions)

requiresexcessive

computational

resources

Avoidsoftware

elementsrequiring

toomanydata

accessesoutsideof

thedatamanager


clientside

control

element

namedcallableormethod

controlelementarenotinany

datamanagerresourceandthey

embedanumberofdata

resourceaccessactionsthat

exceedathresholdvalue. The

defaultthresholdforthe

numberofdataqueriesis2.

ASCCPEMPRF11:

DataAccessControl

Elementfrom

OutsideDesignated

DataManager

Component

Softwaredeployed

indistributed

environmentthat

doesnotmaintain

redundancyofdata

(suchas

cache)

and

codeincreasesthe

timewithwhich

theyareaccessed

Usededicatedand

specializeddata

manager

component(s).




executesadataactionthatis

notexecutedthrougha

dedicatedcentral

data

manager

componentidentifiedinthe

dataaccesscomponentlist(the

unlisteddataaccesscomponent

canbeeitherclientsideor

serverside,whichmeansthat

notallserversidecomponents

areallowedtohandledata

accessesandthatdataaccess

componentscanbedeveloped

usingnonSQLlanguages;in

essence,thedataaccessdoes

notfollowtheintendeddesign)

ASCCPEMPRF12:

Storableand

MemberData

ElementExcessive

Softwarefeaturing

knownunder

efficientcoding

practicesrequires

Avoidthecreation

ofexcessivelylarge

dataelements


datatypeofthestorabledata

elementaggregatesanumber

ofstorabledataelementswith

7/26/2019 admtf-14-12-25

26/51

25

Numberof

AggregatedStorable

andMemberData

Elements

excessive

computational

resources

nonprimitivedatatypesthat

exceedsathresholdvalue. The

defaultvalueforthenumberof

aggregatedobjectsis5

ASCCPEMPRF13:

DataResource

Accessnotusing

ConnectionPooling

capability

Softwarefeaturing

knownunder

efficientcoding

practicesrequires

excessive

computational

resources

Sharedatabase

connectionsviaa

connectionpool




executesadataresource

managementactionwithout

usingaconnectionpooling

capability(theusageof

connectionpoolingcapabilityis

technologydependent; for

example,connectionpoolingis

disabledwith

the

addition

of

'Pooling=false'tothe

connectionstringwithADO.NET

orthevalueof

'com.sun.jndi.ldap.connect.pool'

environmentparameterinJava)

ASCCPEMPRF14:

Storableand

MemberData

ElementMemory

AllocationMissing

DeAllocation

ControlElement

Softwarefeaturing

knownunder

efficientcoding

practicesrequires

excessive

computational

resources

Avoidfailureto

releaseused

memory


memoryresourceisexplicitly

allocatedviathe

ManagesResourceactiontoa

storableormemberdata

elementwhichisused

throughouttheapplication,and

forwhichthetransformation

sequenceiscomposedofaction

elementswithdatarelations

someofwhicharepartof

namedcallableandmethod

controlelements,butnoneof

whichisamemoryrelease

statement

ASCCPEMPRF15:

Storableand

MemberData

ElementReference

MissingDe

ReferencingControl

Element

Softwarefeaturing

knownunder

efficientcoding

practicesrequires

excessive

computational

resources

Avoidfailureto

releaseuseddata

elements


methodcontrolelement

referencesviatheaccessaction

astorableormemberdata

elementwithoutinvokingits

finalizemethod

7/26/2019 admtf-14-12-25

27/51

26

7. SPMSRepresentationofthePerformanceEfficiencyQuality

MeasurePatterns(Normative)

7.0.1 Introduction

ThischapterdisplaysinahumanreadableformatthecontentofthemachinereadableXMIformatfile

accompanyingthisspecification. ThecontentofthemachinereadableXMIformatfileisthe

representationsoftheCISQPerformanceEfficiencyMeasureElements:

usingtheframeworkoftheStructuredPatternsMetamodelStandard(SPMS)

describingthesourcecodeentitieswithinameasureelementasentitiescontainedinthe

KnowledgeDiscoveryMetamodel(KDM)andembeddingthemwithintheSPMSpatterns,so

thattherepresentationisbothdescriptiveandformal.

7.0.2 SPMSMorespecifically,themachinereadableXMIformatfileaccompanyingthisspecificationusestheSPMS

DefinitionsClasses:

PatternDefinition(SPMS:PatternDefinition):thepatternspecification.Inthecontextofthis

document,eachCISQQualityMeasureElementisbasicallythecountofoccurrencesofthe

describedpatterns.

Role(SPMS:Role):Apatternisinformallydefinedasasetofrelationshipsbetweenasetof

entities.Rolesdescribethesetofentitieswithinapattern,betweenwhichthoserelationships

willbedescribed.AssuchtheRoleisarequiredassociationinaPatternDefinition.[].

Semantically,aRoleisa'slot'thatisrequiredtobefulfilledforaninstanceofitsparent

PatternDefinitiontoexist.

PatternSection(SPMS:PatternSection):APatternSectionisafreeformprosetextual

descriptionofaportionofaPatternDefinition.Inthecontextofthisdocument,thereare6

differentPatternSections

in

use:

o Descriptortoprovidepatternsignature,avisibleinterfaceofthepattern,

o MeasureElementtoprovideahumanreadableexplanationofthemeasure,

o Descriptiontoprovideahumanreadableexplanationofthepatternthatissought

after,identifyingRolesandKDMmodelinginformation,

o Objectivetoprovideahumanreadableexplanationoftheintenttogetridofthe

occurrencesofthepatternthatissoughtafter,

o Consequencetoprovideahumanreadableexplanationoftheissuethedetectionof

thepatternisdesignedtosolve,

o Inputtoprovideahumanreadableoftheparametersthatareneededtofinetune

thebehaviorofthepatterndetection(e.g.:thetargetapplicationarchitecturalblueprint

tocomplywith)

o Commenttoprovidesomeadditionalinformation(untilnow,usedtoinformabout

situationswherethesamemeasureelementisusefulforanotheroneofthecategories)

7/26/2019 admtf-14-12-25

28/51

27

AswellassomeoftheSPMSRelationshipsClasses:

MemberOf(SPMS:MemberOf):AnInterpatternRelationshipspecializedtoindicateinclusionin

aCategory

Category(SPMS:Category):ACategoryisasimplegroupingelementforgatheringrelated

PatternDefinitionsintoclusters.Inthecontextofthisdocument,theSPMSCategoriesareused

torepresenttheQualityCharacteristicofPerformanceEfficiency.

7.0.3

KDM

Morespecifically,themachinereadableXMIformatfileaccompanyingthisspecificationusesKDM

entitiesintheDescriptionsectionofthepatterndefinitions. Descriptionstrytoremainasgenericyet

asaccurateaspossiblesothatthepatterncanbeapplicableandappliedtoasmanysituationsas

possible,suchasdifferenttechnologiesanddifferentprogramminglanguages. Thismeans:

1.

thedescriptionsincludeinformationsuchas(code:MethodUnit),(action:Reads),

(platform:ManagesResource)etc.

to

identify

the

KDM

entities

in

the

pattern

definition

2.

thedescriptionsonlyelaboratethesalientaspectsofthepatternasthespecificscanbe

technology orlanguagedependent

Table2presentsatranslationofKDMtermsusedinthecurrentspecificationintothewordingoftheir

ordinaryusage.

Table2. KDMElementsIncorporatedintoSPMSPatterns

Ordinary

term(s)

KDM

description(s)

function,method,procedure,

stored

procedure,

subroutine,

etc.

namedcallablecontrolelement(code:CallableUnitwith

code:CallableKind'regular','external'or'stored')ormethodcontrol

element(code:MethodUnit)

variable,

field,

member,

etc.

storabledataelement(code:StorableUnit)ormemberdataelement

(code:MemberUnit)

class

classelement(code:StorableUnitwithcode:DataType

code:ClassUnit)

interface

interfaceelement(code:StorableUnitofcode:DataType

code:InterfaceUnit)

method methodelement(code:MethodUnit)

field,member

memberelement(code:MemberUnit)

SQLstoredprocedures

storedcallablecontrolelements(code:CallableUnitwith

code:CallableKind'storec')inadatamanagerresource

(platform:DataManager)

returncodevalue

value(code:Value)ofthereturnparameter(code:ParameterUnitof

code:ParameterKind'return')

7/26/2019 admtf-14-12-25

29/51

28

exception exceptionparameter(code:ParameterUnitwithcode:ParameterKind'exception')

userinputdataflow anexternalvalueisentered isenteredintotheapplicationthroughthe 'ReadsUI'userinterfaceReadsUIaction(ui:ReadsUI),

transformedthroughouttheapplicationalongthe

'TransformationSequence'sequence(action:BlockUnit)composedof

ActionElementswithDataRelationsrelations(action:Reads,

action:Writes,action:Addresses),someofwhichbeingpartof

namedcallableandmethodcontrolelements(code:MethodUnitor

code:CallableUnitwithcode:CallableKind'regular','external'or

'stored'),andultimatelyusedasexecutionpath executionpath(action:BlockUnitcomposedof

action:ActionElementswithaction:CallableRelationsto

code:ControlElements)Libraries,etc. deployedcomponent(platform:DeployedComponent)RDBMS datamanagerresource(platform:DataManager)loopbody loopbodyblock(action:BlockUnitstartingastheaction:TrueFlowof

theloopaction:GuardedFlowandendingwithanaction:Flowbackto

theloopaction:GuardedFlow)

loopcondition loopcondition(action:BlockUnitusedintheaction:GuardedFlow)singleton classelement(code:StorableUnitwithcode:DataType

code:ClassUnit)thatcanbeusedonlyonceinthe'to'associationofa

Createaction(action:Creates)

checked usedbyacheckcontrolelement(code:ControlElementcontaining

action:ActionElementwithakindfrommicroKDMlistofcomparison

actions)

7.0.4 Readingguide

Section7.2representstheSPMSCategoryforthesoftwarequalitycharacteristiccoveredinthis

specification. Startingwithsection7.3,eachsectionnumbered7.x representsanewSPMS

PatternDefinitionmemberofthisSPMSCategory. SPMSPatternDefinitionsubsectionsare:

Patterncategory:theSPMS:Categorycategorythatthepatternisrelatedtothrougha

SPMS:MemberOfrelationship.

Patternsections:thelistof"SPMS:PatternSection"sectionsfromthepattern:

o Descriptor,

o Description,

o Objective,

o Consequence,

o and,whenapplicable,

Input,

7/26/2019 admtf-14-12-25

30/51

29

Comment.

Patternroles:thelistofSPMS:RolerolesusedintheDescriptorandDescriptionsections

above.

Inthefollowingsections:

Databetweensquarebrackets(e.g.:[keyCISQ_Reliabity])identifiesxmi:idthatareuniqueand

usedtoreferenceentities.Theyaremachinegeneratedtoensureunicity.

Databetweenparanthesis(e.g.:(code:MethodUnit))identifiesKDMmodelinginformation.

Databetweenanglebrackets(e.g.:)identifiesSPMSRolesinDescriptionand

Inputsections.

7.1. CategorydefinitionofCISQPerformanceEfficiency

[keyASCCPEM_Performance_Efficiency]CISQPerformanceEfficiency

7.2. PatterndefinitionofASCCPEMPRF1:StaticBlockElement

containingClassInstanceCreationControlElement

PatternCategory

[keyASCCPEMPRF1relatedPattsPerformanceEfficiency]ASCCPEM_Performance_Efficiency

PatternSections

Objective

[keyASCCPEMPRF1objective]

Avoidupfrontinitializationofsoftwaredataelements

Consequence

[keyASCCPEMPRF1consequence]

Softwarethatiscodedsoastoexecuteexpensivecomputationsrepeatedly(suchasinloops)requires

excessivecomputationalresourceswhentheusageanddatavolumegrow

MeasureElement

[keyASCCPEMPRF1measureelement]

Numberofinstanceswhereastorabledataelementormemberdataelementisinitializedwithavalue

intheWriteactionandislocatedinablockofcodewhichisdeclaredasstatic

Description

[keyASCCPEMPRF1description]

Thispatternidentifiessituationswhereastorabledataelement(code:StorableUnit)ormemberdata

element(code:MemberUnit)isinitializedwithavalueintheWriteaction

(action:Write)locatedintotheblockofcode(action:BlockUnit)whichisdeclaredasstatic

7/26/2019 admtf-14-12-25

31/51

30

Descriptor

[keyASCCPEMPRF1descriptor]

ASCCPEMPRF1(StaticBlock:staticBlock,InitialisationStatement:initialisationStatement)

Variableinput

(noneapplicable)

Comment

(noneapplicable)

ListofRoles

[keyASCCPEMPRF1rolesstaticBlock]StaticBlock

[keyASCCPEMPRF1rolesinitialisationStatement]InitialisationStatement

7.3. Patterndefinition

of

ASCCPEM

PRF

2:

Immutable

Storable

and

MemberDataElementCreation

PatternCategory


PatternSections

Objective


Avoidunnecessaryusageofadditionalimmutabledataelements

Consequence


Softwarefeaturing

known

under

efficient

coding

practices

requires

excessive

computational

resources

MeasureElement


Numberofinstanceswhereanamedcallablecontrolelementormethodcontrolelementcreates

immutabletextdataelementsviathestringconcatenationstatement(whichcouldbeavoidedbyusing

textbufferdataelements)

Description


Thispatternidentifiessituationswherethenamedcallablecontrolelement

(code:CallableUnitwithcode:CallableKind'regular','external'or'stored')ormethodcontrolelement

(code:MethodUnit)createsimmutabletextdataelements(code:DataElementwithcode:DataType

code:StringType)viathestringconcatenationstatement

(code:ControlElementusing2action:Reads and1action:Writesoncode:DataElementwith

code:DataTypecode:StringType),whichcouldbeavoidedbyusingtextbufferdataelements.

7/26/2019 admtf-14-12-25

32/51

31

Descriptor

[keyASCCPEMPRF2descriptor]

ASCCPEMPRF2(ControlElement:controlElement,StringConcatenationStatement:

stringConcatenationStatement)

Variableinput

(noneapplicable)

Comment

(noneapplicable)

ListofRoles

[keyASCCPEMPRF2rolescontrolElement]ControlElement

[keyASCCPEMPRF2rolesstringConcatenationStatement]StringConcatenationStatement

7.4. Patterndefinition

of

ASCCPEM

PRF

3:

Static

Member

Data

Element

outsideofaSingletonClassElement

PatternCategory


PatternSections

Objective


Avoidunnecessaryupfrontallocationofmemoryforalldataelements

Consequence


Softwarefeaturing

known

under

efficient

coding

practices

requires

excessive

computational

resources

MeasureElement


Numberofinstanceswhereastaticmemberelementisdeclaredasstaticbutitsparentclasselementis

notasingletonclass(thatis,aclasselementthatcanbeusedonlyonceinthe'to'associationofa

Createaction);itdoesnottakeintoaccountfinalstaticfields

Description


Thispatternidentifiessituationswherethestaticmemberelement(code:MemberUnit)is

declaredasstatic(code:StorableKind'static')butitsparentclasselement

(code:StorableUnitwithcode:DataTypecode:ClassUnit)isnotasingletonclass,thatis,aclasselement

thatcanbeusedonlyonceinthe'to'assoctionofaCreateaction(action:Creates);itdoesnottakeinto

accountfinalstaticfields(code:MemberUnitwithcode:StorableKind'static'andcode:ExportKind'final').

7/26/2019 admtf-14-12-25

33/51

32