admtf-14-12-25
TRANSCRIPT
-
7/26/2019 admtf-14-12-25
1/51
Date: December 1707, 2014
Automated Source Code CISQ Top 15Performance Efficiency Measure
Request For Comments
__________________________________________________
OMG Document Number: admtf /2014-12-25204
Standard document URL: http: //www.omg.org/spec/ASCPEM/20141211/Automated Source Code CISQ Top 15 PerformanceEfficiency Measure RFC with change bars
Associated files: Normative:
http://www.omg.org/spec/ASCCPEM/20141110/AutomatedSourceCodeCISQTop15Performance
EfficiencyMeasureSPMS.xmi
http://www.omg.org/spec/ASCCPEM/20141110/AutomatedSourceCodeCISQTop15PerformanceEfficiencyMeasureSMM.smm
____________________________________________________
Submitted by:
CAST Software, Inc.
Mitre Corporation
Field Code Changed
-
7/26/2019 admtf-14-12-25
2/51
1
-
7/26/2019 admtf-14-12-25
3/51
2
USE OF SPECIFICATION - TERMS, CONDITIONS & NOTICES
The material in this document details an Object Management Group (OMG) specification in accordance with the terms,
conditions and notices set forth below. This document does not represent a commitment to implement any portion of this
specification in any company's products. The information contained in this document is subject to change without notice.
LICENSES
The companies listed above have granted to the Consortium for IT Software Quality and it parent, Object Management Group,
Inc. (OMG), a nonexclusive, royalty-free, paid up, worldwide license to copy and distribute this document and to modify this
document and distribute copies of the modified version. Each of the copyright holders listed above has agreed that no person
shall be deemed to have infringed the copyright in the included material of any such copyright holder by reason of having used
the specification set forth herein or having conformed any computer software to the specification.
Subject to all of the terms and conditions below, the owners of the copyright in this specification hereby grant you a fully-paidup, non-exclusive, nontransferable, perpetual, worldwide license (without the right to sublicense), to use this specification to
create and distribute software and special purpose specifications that are based upon this specification, and to use, copy, and
distribute this specification as provided under the Copyright Act; provided that: (1) both the copyright notice identified above
and this permission notice appear on any copies of this specification; (2) the use of the specifications is for informational
purposes and will not be copied or posted on any network computer or broadcast in any media and will not be otherwise resold
or transferred for commercial purposes; and (3) no modifications are made to this specification. This limited permission
automatically terminates without notice if you breach any of these terms or conditions. Upon termination, you will destroy
immediately any copies of the specifications in your possession or control.
PATENTS
The attention of adopters is directed to the possibility that compliance with or adoption of OMG specifications may require use
of an invention covered by patent rights. OMG shall not be responsible for identifying patents for which a license may be
required by any OMG specification, or for conducting legal inquiries into the legal validity or scope of those patents that are
brought to its attention. OMG specifications are prospective and advisory only. Prospective users are responsible for protectingthemselves against liability for infringement of patents.
GENERAL USE RESTRICTIONS
Any unauthorized use of this specification may violate copyright laws, trademark laws, and communications regulations and
statutes. This document contains information which is protected by copyright. All Rights Reserved. No part of this work covered
by copyright herein may be reproduced or used in any form or by any means--graphic, electronic, or mechanical, including
photocopying, recording, taping, or information storage and retrieval systems--without permission of the copyright owner.
DISCLAIMER OF WARRANTY
WHILE THIS PUBLICATION IS BELIEVED TO BE ACCURATE, IT IS PROVIDED "AS IS" AND MAY CONTAIN ERRORS
OR MISPRINTS. CISQ AND THE COMPANIES LISTED ABOVE MAKE NO WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, WITH REGARD TO THIS PUBLICATION, INCLUDING BUT NOT LIMITED TO ANY WARRANTY OF TITLE OR
OWNERSHIP, IMPLIED WARRANTY OF MERCHANTABILITY OR WARRANTY OF FITNESS FOR A PARTICULAR
PURPOSE OR USE. IN NO EVENT SHALL CISDQ, THE OBJECT MANAGEMENT GROUP OR ANY OF THE COMPANIES
LISTED ABOVE BE LIABLE FOR ERRORS CONTAINED HEREIN OR FOR DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
CONSEQUENTIAL, RELIANCE OR COVER DAMAGES, INCLUDING LOSS OF PROFITS, REVENUE, DATA OR USE,
-
7/26/2019 admtf-14-12-25
4/51
3
INCURRED BY ANY USER OR ANY THIRD PARTY IN CONNECTION WITH THE FURNISHING, PERFORMANCE, OR
USE OF THIS MATERIAL, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
The entire risk as to the quality and performance of software developed using this specification is borne by you. This disclaimer
of warranty constitutes an essential part of the license granted to you to use this specification.
RESTRICTED RIGHTS LEGEND
Use, duplication or disclosure by the U.S. Government is subject to the restrictions set forth in subparagraph (c) (1) (ii) of The
Rights in Technical Data and Computer Software Clause at DFARS 252.287-7013 or in subparagraph (c)(1) and (2) of the
Commercial Computer Software - Restricted Rights clauses at 48 C.F.R. 52.287-19 or as specified in 48 C.F.R. 287-7202-2
of the DoD F.A.R. Supplement and its successors, or as specified in 48 C.F.R. 12.212 of the Federal Acquisition Regulations
and its successors, as applicable. The specification copyright owners are as indicated above and may be contacted through
the Object Management Group, 250 First Avenue, Needham, MA 02494, U.S.A.
TRADEMARKS
IMM, MDA, Model Driven Architecture, UML, UML Cube logo, OMG Logo, CORBA and XMI are registered
trademarks of the Object Management Group, Inc., and Object Management Group, OMG , Unified Modeling Language,
Model Driven Architecture Logo, Model Driven Architecture Diagram, CORBA logos, XMI Logo, CWM, CWM
Logo, IIOP , MOF , OMG Interface Definition Language (IDL) , and OMG SysML are trademarks of the Object
Management Group. All other products or company names mentioned are used for identification purposes only, and may be
trademarks of their respective owners.
COMPLIANCE
The copyright holders listed above acknowledge that the Object Management Group (acting itself or through its designees) is
and shall at all times be the sole entity that may authorize developers, suppliers and sellers of computer software to use
certification marks, trademarks or other special designations to indicate compliance with these materials.
Software developed under the terms of this license may claim compliance or conformance with this specification if and only if
the software compliance is of a nature fully matching the applicable compliance points as stated in the specification. Software
developed only partially matching the applicable compliance points may claim only that the software was based on this
specification, but may not claim compliance or conformance with this specification. In the event that testing suites are
implemented or approved by Object Management Group, Inc., software developed using this specification may claim
compliance or conformance with the specification only if the software satisfactorily completes the testing suites.
-
7/26/2019 admtf-14-12-25
5/51
4
OMGs Issue Reporting Procedure
All OMG specifications are subject to continuous review and improvement. As part of thisprocess we encourage readers to report any ambiguities, inconsistencies, or inaccuracies theymay find by completing the Issue Reporting Form listed on the main web page http://www.omg.org, under Documents, Report a Bug/Issue (http://www.omg.org/report_issue.htm).
-
7/26/2019 admtf-14-12-25
6/51
5
TableofContents
TableofContents.....................................................................................................................................54
0.SubmissionSpecificMaterial............................................................................................................1211
0.1SubmissionPreface....................................................................................................................1211
0.2CopyrightWaiver........................................................................................................................1211
0.3SubmitterRepresentative...........................................................................................................1211
0.4AuthorTeam.............................................................................................................................. 1211
0.5ProofofConcept........................................................................................................................1211
1. Scope................................................................................................................................................13
1.1 Purpose....................................................................................................................................13
1.2
CISQBackground
......................................................................................................................
13
1.2 OverviewofSoftwareQualityCharacteristicMeasurement.....................................................13
1.3 DevelopmentoftheAutomatedSourceCodeCISQTop15PerformanceEfficiencyMeasure..14
1.4 StructureoftheAutomatedSourceCodeCISQTop15PerformanceEfficiencyMeasure........15
1.5 UsingandImprovingThisMeasure...........................................................................................16
2. Conformance....................................................................................................................................18
3. NormativeReferences......................................................................................................................18
3.1 Normative.................................................................................................................................18
4. TermsandDefinitions......................................................................................................................18
5. Symbols(andAbbreviatedTerms)....................................................................................................20
6. AdditionalInformation(Informative)...............................................................................................21
6.1 SoftwareProductInputs...........................................................................................................21
6.2 AutomatedSourceCodeCISQTop15PerformanceEfficiencyMeasureElements...............2221
7. SPMSRepresentationofthePerformanceEfficiencyQualityMeasurePatterns(Normative)..........26
7.0.1 Introduction......................................................................................................................26
7.0.2 SPMS.................................................................................................................................26
7.0.3 KDM..................................................................................................................................27
7.0.4 Readingguide...................................................................................................................28
7.1. CategorydefinitionofCISQPerformanceEfficiency...........................................................29
7.2. PatterndefinitionofASCCPEMPRF1:StaticBlockElementcontainingClassInstance
CreationControlElement....................................................................................................................29
PatternCategory...............................................................................................................................29
PatternSections................................................................................................................................29
Objective........................................................................................................................................29
Consequence..................................................................................................................................29
MeasureElement..........................................................................................................................29
Description....................................................................................................................................29
Descriptor......................................................................................................................................30
Variableinput...............................................................................................................................30
Comment........................................................................................................................................30
ListofRoles.......................................................................................................................................30
-
7/26/2019 admtf-14-12-25
7/51
6
7.3. PatterndefinitionofASCCPEMPRF2:ImmutableStorableandMemberDataElement
Creation..................................................................................................................................................30
PatternCategory...............................................................................................................................30
PatternSections................................................................................................................................30
Objective........................................................................................................................................30
Consequence..................................................................................................................................30
MeasureElement..........................................................................................................................30
Description....................................................................................................................................30
Descriptor......................................................................................................................................31
Variableinput...............................................................................................................................31
Comment........................................................................................................................................31
ListofRoles.......................................................................................................................................31
7.4. Pattern definition of ASCCPEMPRF3: Static Member Data Element outside of a
SingletonClassElement......................................................................................................................31
Pattern
Category...............................................................................................................................
31
PatternSections................................................................................................................................31
Objective........................................................................................................................................31
Consequence..................................................................................................................................31
MeasureElement..........................................................................................................................31
Description....................................................................................................................................31
Descriptor......................................................................................................................................32
Variableinput...............................................................................................................................32
Comment........................................................................................................................................32
ListofRoles.......................................................................................................................................32
7.5. PatterndefinitionofASCCPEMPRF4:DataResourceReadandWriteAccessExcessive
Complexity.............................................................................................................................................32
PatternCategory...............................................................................................................................32
PatternSections................................................................................................................................32
Objective........................................................................................................................................32
Consequence..................................................................................................................................32
MeasureElement..........................................................................................................................32
Description....................................................................................................................................32
Descriptor......................................................................................................................................33
Variableinput...............................................................................................................................33
Comment........................................................................................................................................33
ListofRoles.......................................................................................................................................33
7.6. Pattern definition ofASCCPEMPRF5:Data Resource ReadAccess Unsupported by
IndexElement.......................................................................................................................................33
PatternCategory...............................................................................................................................33
PatternSections................................................................................................................................33
Objective........................................................................................................................................33
Consequence..................................................................................................................................34
MeasureElement..........................................................................................................................34
Description....................................................................................................................................34
Descriptor......................................................................................................................................34
Variableinput...............................................................................................................................34
-
7/26/2019 admtf-14-12-25
8/51
7
Comment........................................................................................................................................34
ListofRoles.......................................................................................................................................34
7.7. Pattern definition of ASCCPEMPRF6: Large Data Resource ColumnSet Excessive
NumberofIndexElements.................................................................................................................34
PatternCategory...............................................................................................................................34
PatternSections................................................................................................................................34
Objective........................................................................................................................................34
Consequence..................................................................................................................................34
MeasureElement..........................................................................................................................35
Description....................................................................................................................................35
Descriptor......................................................................................................................................35
Variableinput...............................................................................................................................35
Comment........................................................................................................................................35
ListofRoles.......................................................................................................................................35
7.8.
Pattern
definition
of
ASCCPEM
PRF
7:
Large
Data
Resource
ColumnSet
with
Index
Elementof ExcessiveSize...................................................................................................................35
PatternCategory...............................................................................................................................35
PatternSections................................................................................................................................36
Objective........................................................................................................................................36
Consequence..................................................................................................................................36
MeasureElement..........................................................................................................................36
Description....................................................................................................................................36
Descriptor......................................................................................................................................36
Variableinput...............................................................................................................................36
Comment........................................................................................................................................36
ListofRoles.......................................................................................................................................36
7.9. PatterndefinitionofASCCPEMPRF8:ControlElementsRequiringSignificantResource
ElementwithinControlFlowLoopBlock.........................................................................................37
PatternCategory...............................................................................................................................37
PatternSections................................................................................................................................37
Objective........................................................................................................................................37
Consequence..................................................................................................................................37
MeasureElement..........................................................................................................................37
Description....................................................................................................................................37
Descriptor......................................................................................................................................37
Variableinput...............................................................................................................................37
Comment........................................................................................................................................37
ListofRoles.......................................................................................................................................38
7.10. PatterndefinitionofASCCPEMPRF9:NonStoredSQLCallableControlElementwith
ExcessiveNumberofDataResourceAccess.....................................................................................38
PatternCategory...............................................................................................................................38
PatternSections................................................................................................................................38
Objective........................................................................................................................................38
Consequence..................................................................................................................................38
MeasureElement..........................................................................................................................38
Description....................................................................................................................................38
-
7/26/2019 admtf-14-12-25
9/51
8
Descriptor......................................................................................................................................38
Variableinput...............................................................................................................................38
Comment........................................................................................................................................39
ListofRoles.......................................................................................................................................39
7.11. PatterndefinitionofASCCPEMPRF10:NonSQLNamedCallableandMethodControl
ElementwithExcessiveNumberofDataResourceAccess............................................................39
PatternCategory...............................................................................................................................39
PatternSections................................................................................................................................39
Objective........................................................................................................................................39
Consequence..................................................................................................................................39
MeasureElement..........................................................................................................................39
Description....................................................................................................................................39
Descriptor......................................................................................................................................39
Variableinput...............................................................................................................................40
Comment........................................................................................................................................
40
ListofRoles.......................................................................................................................................40
7.12. PatterndefinitionofASCCPEMPRF11:DataAccessControlElement fromOutside
DesignatedDataManagerComponent..............................................................................................40
PatternCategory...............................................................................................................................40
PatternSections................................................................................................................................40
Objective........................................................................................................................................40
Consequence..................................................................................................................................40
MeasureElement..........................................................................................................................40
Description....................................................................................................................................40
Descriptor......................................................................................................................................41
Variableinput...............................................................................................................................41
Comment........................................................................................................................................41
ListofRoles.......................................................................................................................................41
7.13. PatterndefinitionofASCCPEMPRF12:StorableandMemberDataElementExcessive
NumberofAggregatedStorableandMemberDataElements.......................................................41
PatternCategory...............................................................................................................................41
PatternSections................................................................................................................................41
Objective........................................................................................................................................41
Consequence..................................................................................................................................41
MeasureElement..........................................................................................................................41
Description....................................................................................................................................42
Descriptor......................................................................................................................................42
Variableinput...............................................................................................................................42
Comment........................................................................................................................................42
ListofRoles.......................................................................................................................................42
7.14. PatterndefinitionofASCCPEMPRF13:DataResourceAccessnotusingConnection
Poolingcapability.................................................................................................................................42
PatternCategory...............................................................................................................................42
PatternSections................................................................................................................................42
Objective........................................................................................................................................42
Consequence..................................................................................................................................42
-
7/26/2019 admtf-14-12-25
10/51
9
MeasureElement..........................................................................................................................43
Description....................................................................................................................................43
Descriptor......................................................................................................................................43
Variableinput...............................................................................................................................43
Comment........................................................................................................................................43
ListofRoles.......................................................................................................................................43
7.15. PatterndefinitionofASCCPEMPRF14:StorableandMemberDataElementMemory
AllocationMissingDeAllocationControlElement.........................................................................43
PatternCategory...............................................................................................................................43
PatternSections................................................................................................................................44
Objective........................................................................................................................................44
Consequence..................................................................................................................................44
MeasureElement..........................................................................................................................44
Description....................................................................................................................................44
Descriptor......................................................................................................................................
44
Variableinput...............................................................................................................................44
Comment........................................................................................................................................44
ListofRoles.......................................................................................................................................44
7.16. Pattern definition of ASCCPEMPRF15: Storable and Member Data Element
ReferenceMissingDeReferencingControlElement...................................................................... 45
PatternCategory...............................................................................................................................45
PatternSections................................................................................................................................45
Objective........................................................................................................................................45
Consequence..................................................................................................................................45
MeasureElement..........................................................................................................................45
Description....................................................................................................................................45
Descriptor......................................................................................................................................45
Variableinput...............................................................................................................................45
Comment........................................................................................................................................45
ListofRoles.......................................................................................................................................45
8. Calculation of the CISQ Automated Source Code Top 15 Performance Efficiency Measure and
FunctionalDensity(Normative)................................................................................................................46
8.1 CalculationoftheBaseMeasure..............................................................................................46
8.2 FunctionalDensityofCISQTop15PerformanceEfficiencyViolations...................................... 46
9. AlternativeWeightedMeasuresandUses(Informative)..................................................................48
9.1 AdditionalDerivedMeasures...................................................................................................48
10. References(Informative)..............................................................................................................49
AppendixA:CISQ.....................................................................................................................................50
-
7/26/2019 admtf-14-12-25
11/51
10
Preface
AbouttheObjectManagementGroup
OMG
Founded in 1989, the Object Management Group, Inc. (OMG) is an open membership, not-for-profit computer industry standards consortium that produces and maintains computer industryspecifications for interoperable, portable and reusable enterprise applications in distributed,
heterogeneous environments. Membership includes Information Technology vendors, end users,government agencies and academia.
OMG member companies write, adopt, and maintain its specifications following a mature, openprocess. OMG's specifications implement the Model Driven Architecture (MDA),
maximizing ROI through a full-lifecycle approach to enterprise integration that covers multipleoperating systems, programming languages, middleware and networking infrastructures, andsoftware development environments. OMGs specifications include: UML (Unified ModelingLanguage); CORBA (Common Object Request Broker Architecture); CWM (Common
Warehouse Meta-model); and industry-specific standards for dozens of vertical markets.
More information on the OMG is available at http://www.omg.org/.
OMGSpecificationsAs noted, OMG specifications address middleware, modeling and vertical domain frameworks.All OMG Formal Specifications are available from this URL: http://www.omg.org/specSpecifications are organized by the following categories:
BusinessModelingSpecificationsMiddlewareSpecifications
CORBA/IIOP
DataDistributionServices
SpecializedCORBA
IDL/LanguageMappingSpecifications
ModelingandMetadataSpecifications
UML,MOF,CWM,XMI
UMLProfile
ModernizationSpecifications
PlatformIndependentModel(PIM),PlatformSpecificModel(PSM),InterfaceSpecifications
CORBAServices
CORBAFacilities
-
7/26/2019 admtf-14-12-25
12/51
11
CORBAEmbeddedIntelligenceSpecifications
CORBASecuritySpecifications
OMGDomainSpecifications
SignalandImageProcessingSpecifications
AllofOMGsformalspecificationsmaybedownloadedwithoutchargefromourwebsite.
(ProductsimplementingOMGspecificationsareavailablefromindividualsuppliers.)Copiesof
specifications,availableinPostScriptandPDFformat,maybeobtainedfromtheSpecifications
CatalogcitedaboveorbycontactingtheObjectManagementGroup,Inc.at:
OMGHeadquarters
109HighlandAvenue
Suite300
Needham,MA02494
USA
Tel:+17814440404
Fax:+17814440320
Email:[email protected]
Certain OMG specifications are also available as ISO/IEC standards. Please consult
http://www.iso.org
Issues
Thereader isencouraged toreportandtechnicalorediting issues/problemswiththisspecificationto
http://www.omg.org
-
7/26/2019 admtf-14-12-25
13/51
12
0.SubmissionSpecificMaterial
0.1SubmissionPrefaceThissubmissionisofameasurerepresentedincompliancewithOMGsStructuredMetricsMetaModel
(SMM),KnowledgeDiscoveryMetamodel(KDM),andStructuredPatternsMetamodelStandard(SPMS).
Thisspecification integrates thesemetamodels to represent theviolationsofgoodarchitecturaland
coding practice incorporated into ameasure of Performance Efficiency for software systems. The
measure described in this specification is an important component for achieving themission of the
ArchitectureDrivenModernization Task Force and contributes toecosystemof standardsneeded to
supportothersoftwarerelatedOMGinitiatives.ThisRFCisoneoffivemeasuresofsoftwareattributes
beingsubmittedbytheConsortiumforITSoftwareQuality(CISQ),aspecialinterestgroupmanagedby
OMG.
0.2
Copyright
Waiver
CASTSoftware, Inc.andMitreCorporation: (i)grant to theObjectManagementGroup, Inc. (OMG)a
nonexclusive,royaltyfree,paidup,worldwidelicensetocopyanddistributethisdocumentandtomodify
thisdocumentanddistributecopiesofthemodifiedversion,and(ii)granttoeachmemberoftheOMGa
nonexclusive,royaltyfree,paidup,worldwidelicensetomakeuptofifty(50)copiesofthisdocumentfor
internalreviewpurposesonlyandnotfordistribution,and(iii)hasagreedthatnopersonshallbedeemed
tohaveinfringedthecopyrightintheincludedmaterialofanysuchcopyrightholderbyreasonofhaving
usedanyOMGspecificationthatmaybebasedhereonorhavingconformedanycomputersoftwareto
suchspecification.
IPRMode:Non-Assertion Covenant
0.3SubmitterRepresentativeBillCurtis
CASTSoftware,Inc.
0.4AuthorTeamPhilippeEmmanuelDouziech BillCurtis
CASTSoftware,Inc. CASTSoftware,Inc.
[email protected] [email protected]
RobertA.Martin
MitreCorporation
0.5ProofofConceptAutomatedqualitycharacteristicanalysisandmeasurementsoftwarebasedon theanalysisofsource
codeareofferedcommerciallybynumerousvendorssuchasCoverity,HPFortify,CASTSoftware,IBM,
andothers.
Their
technologies
are
capable
of
detecting
most
of
the
CISQ
Performance
Efficiency
weaknesses,andtheirtechnologiesarecapableofbeingmodifiedtodetectthecompleteset.
-
7/26/2019 admtf-14-12-25
14/51
13
1. Scope
1.1 Purpose
ThepurposeofthisspecificationistoestablishastandardmeasureofPerformanceEfficiencybasedon
detectingviolationsofgoodarchitecturalandcodingpracticesthatcouldresultin inefficientoperation
suchasperformancedegradationorexcessiveuseofprocessorresources. Establishingastandardforthis
measure is importantbecausesuchmeasuresarebeingused inoutsourcingandsystemdevelopment
contractswithouthavinganapprovedinternationalstandardtoreference. Theyarealsocriticaltoother
softwareintensiveOMGinitiativessuchasTheInternetofThings. TheConsortiumforITSoftwareQuality
(CISQ)wasformedasaspecial interestgroupofOMGtocreatespecificationsforautomatingstandard
measuresofsoftwarequalityattributesandsubmitthemtoOMGforapproval.
1.2 CISQBackground
This specificationdefinesamethod forautomating themeasurementofPerformanceEfficiency from
violations of architectural and codingpractice that affect an applicationsperformance and resource
usage. TheviolationsincludedintheCISQmeasurewereselectedfromalargesetofcandidateviolations
relatedtoPerformanceEfficiencyissues. Thefinalsetofviolationswerechosenthroughavotingprocess
amongCISQmemberorganizationsthatresultedinalimitedsetofviolationsthatmemberorganizations
believedweresufficientlyseverethattheyhadtoberemediated. Thisprocesswillbedescribedmore
fullyinasubsequentsection.
Figure1. SoftwareQualityCharacteristicsfromISO/IEC25010withCISQfocalareashighlighted.
1.2 OverviewofSoftwareQualityCharacteristicMeasurement
Measurementof the internalor structuralquality aspectsof softwarehas a longhistory in software
engineering(Curtis,
1980).
Software
quality
characteristics
are
increasingly
being
incorporated
into
-
7/26/2019 admtf-14-12-25
15/51
14
developmentandoutsourcingcontractsastheequivalentofservice levelagreements. That is,target
thresholdsbasedonqualitycharacteristicmeasuresarebeingset incontracts fordeliveredsoftware.
Currentlytherearenostandardsformostofthesoftwarequalitycharacteristicmeasuresbeingusedin
contracts. ISO/IEC25023purportstoaddressthesemeasures,butonlyprovidesmeasuresofexternal
behavioranddoesnotdefinemeasuresthatcanbedevelopedfromsourcecodeduringdevelopment.
Consequently, providers are subject to different interpretations and calculations of common quality
characteristicsineachcontract. Thisspecificationaddressesoneaspectofthisproblembyprovidinga
specificationformeasuringonequalitycharacteristic,PerformanceEfficiency,fromthesourcecode.This
specification isoneoffourspecifyingsourcecode levelmeasuresofqualitycharacteristics. Theother
threespecifyqualitycharacteristicmeasuresforReliability,Security,andMaintainability.
Violations of GoodArchitectural and Coding PracticeThemost recent advance inmeasuring the
structuralqualityofsoftwareisbasedontheanalysisandmeasurementofviolationsofgoodarchitectural
andcodingpracticethatcanbedetectedbystaticallyanalyzingthesourcecode. TheCWE/SANS25and
OWASPTop
Ten
lists
of
security
weaknesses
are
examples
of
this
approach.
These
lists
are
drawn
from
theCommonWeaknessEnumeration(CWE)repositorymaintainedbyMITRECorporation. CWEcontains
descriptionsofover800weaknessesthatrepresentviolationsofgoodarchitecturalandcodingpractice
insoftware thatcanbeexploited togainunauthorizedentry intoasystem. TheSoftwareAssurance
community has been a leader in this area ofmeasurement by championing the detection of code
weaknessesasawayofimprovingoneaspectofsoftwarequalitysoftwaresecurity.
UnfortunatelytherearenoequivalentrepositoriesofweaknessesforReliability,PerformanceEfficiency,
orMaintainability. Knowledgeof theseweaknesses isspreadacrosssoftwareengineering textbooks,
expertblogs,andinformationsharingsitessuchasgithub. TheCISQmeasureforPerformanceEfficiency
can fillthevoid foraconsensusbodyofknowledgeaboutthemostegregiousPerformanceEfficiency
problemsthatshouldbedetectedandremediatedinsourcecode. Currently,nostandardsorguidelines
havebeendeveloped forcalculatingcomponentorapplicationlevelPerformanceEfficiencymeasures
that aggregateweaknesses detected through static code analysis into applicationlevel Performance
Efficiency measures. CISQ will be providing recommendations for these aggregation and scaling
techniques. However, these techniques are not part of this standard since differentmeasurement
objectivesarebestservedbydifferentscoringtechniques.
Usingviolationsofgoodarchitecturalandcodingpracticesinsoftwarequalitymetricspresentsseveral
challengesforestablishingbaselines. Growthinthenumberofuniqueviolationstobedetectedcould
continuallyraisethebarformeasuringquality,reducingthevalidityofbaselinecomparisons. Further,
differentvendorswilldetectdifferentsetsofviolations,makingcomparisonsdifficultacrosscommercial
softwarequalitymeasurementofferings.Onesolutiontothisproblemistocreateastablelistofviolations
thatareusedforcomputingabaselineforeachqualitycharacteristic. TheAutomatedSourceCodeCISQ
Top15PerformanceEfficiencyMeasurewasdevelopedbyateamofindustryexpertstoformthebasis
forastablebaselinemeasure.
1.3 Development of the Automated Source Code CISQ Top 15 Performance
EfficiencyMeasure
-
7/26/2019 admtf-14-12-25
16/51
15
Theoriginal24CISQmembercompaniesprovidedexpertstoworkinggroupswhosecharterwastodefine
CISQmeasures. Violationsofgoodarchitecturalandcodingpracticethatahighprobabilityofcausing
PerformanceEfficiencyproblemswereselectedbyaninternationalteamofexpertsdrawnfromthe24
organizations thatjoinedCISQ in2010. Theseorganizations included ITdepartments inFortune200
companies, system integrators/outsourcers, and vendors that provide qualityrelated products and
servicestotheITmarket. TheexpertsmetseveraltimesperyearfortwoyearsintheUS,France,and
IndiatodevelopabroadlistofcandidatePerformanceEfficiencyweaknessesandthenpareitdowntoa
settheyfelthadtoberemediatedtoavoidseriousoperationalproblems.
TheworkgroupbeganbydefiningPerformanceEfficiencyissues,qualityrulesforavoidingtheseissues,
andmeasuresbasedoncountingviolationsoftheserules. Theydevelopedlistsofissuesandqualityrules
bydrawinginformationfromcompanydefectlogs,theircareerexperienceindifferentenvironments,and
industrysourcessuchasbooksandblogs. Inordertoreducetheworkgroupsinitiallisttoacriticalset
ofPerformanceEfficiencyviolations,workgroupmembers individuallyevaluated theseverityofeach
violation.High
severity
violations
were
judged
to
be
those
that
must
be
fixed
in
afuture
release
because
oftheiroperationalriskorcostimpact. Theworkgroupwentthroughseveralroundsofeliminatinglower
severityviolationsandreratingtheseverityofremainingviolationsuntilafinallistwasestablishedasthe
qualitymeasureelementstobeincorporatedintothisspecification.
1.4 StructureoftheAutomatedSourceCodeCISQTop15PerformanceEfficiency
Measure
ISO/IEC25010definesaqualitycharacteristicasbeingcomposedfromseveralqualitysubcharacteristics.
ISO/IEC25023establishesaframeworkofsoftwarequalitycharacteristicmeasureswhereineachquality
subcharacteristicconsistsofacollectionofqualityattributesthatcanbequantifiedasqualitymeasure
elements. Aqualitymeasureelementquantifiesaunitarymeasurableattributeofsoftware,suchasthe
violationofaquality rule. Figure2presentsanexampleof the ISO/IEC25023qualitymeasurement
frameworkusing apartialdecomposition for theAutomated SourceCode CISQ Top15Performance
EfficiencyMeasure.
-
7/26/2019 admtf-14-12-25
17/51
16
Figure2. ISO/IEC25010FrameworkforSoftwareQualityCharacteristicsMeasurement
Thenonnormativeportionofthisspecificationbeginsby listingthePerformanceEfficiency issuesthat
canplaguesoftwaredevelopedwithpoorarchitecturalandcodingpractices. Qualityruleswrittenas
architecturalorcodingpracticesareconventionsthatavoidedtheproblemdescribedinthePerformance
Efficiencyissue. Thesequalityruleswerethentransformedintosoftwarequalitymeasureelementsby
countingviolationsofthesearchitecturalandcodingpracticesandconventions.
Thenormativeportionofthisspecificationrepresentseachqualitymeasureelementdevelopedfroma
PerformanceEfficiencyruleusingtheStructuredPatternsMetamodelStandard(SPMS). Thecodebased
elementsin
these
patterns
are
represented
in
the
Knowledge
Discovery
Meta
model
(KDM).
The
calculationoftheAutomatedSourceCodeCISQTop15PerformanceEfficiencyMeasurefromitsquality
measureelementsisthenrepresentedusingtheStructuredMetricsMetamodel(SMM). Thiscalculation
is presented as the simple sum of qualitymeasure elementswithout being adjusted by aweighting
scheme.
Thereareseveralweightingschemesthatcanbeappliedinaggregatingviolationcountsintostructural
qualitymeasures. Themosteffectiveweightingoftendependsonthemeasuresusesuchasassessing
operational risk or estimating maintenance costs. The quality measure elements included in this
specificationwereconsideredtobesevereviolationsofsecurearchitecturalandcodingpracticesthat
would need to be remediated. Therefore, weightings based on severity would add little useful
information to themeasure since the variance amongweightswouldbe small. Inorder to support
benchmarkingamongapplications, thisspecification includesameasureof theviolationdensity. This
measureiscreatedbydividingthetotalnumberofviolationsdetectedbyacountofAutomatedFunction
Points(ObjectManagementGroup,2014).
1.5
Using
and
Improving
This
Measure
-
7/26/2019 admtf-14-12-25
18/51
17
TheAutomatedSourceCodeCISQTop15PerformanceEfficiencyMeasureisacorrelatedmeasurerather
thananabsolutemeasure. Thatis,sinceitdoesnotmeasureallpossiblePerformanceEfficiencyrelated
weaknesses it does not provide an absolutemeasure of Performance Efficiency. However, since it
includescountsofwhatindustryexpertsconsideredhighseverityPerformanceEfficiencyweaknesses,it
providesastrong indicatorofPerformanceEfficiency thatwillbehighlycorrelatedwith theabsolute
PerformanceEfficiencyofasoftwaresystemandwiththeprobabilitythatitcanexperienceoutages,data
corruption,andrelatedproblems.
Since the impact and frequency of specific violations in the Automated Source Code CISQ Top 15
PerformanceEfficiencyMeasurecouldchangeovertime,thisapproachallowsspecificviolationstobe
included, excluded, amplified, or diminished over time in order to support the most effective
benchmarking,diagnostic,andpredictiveuse. ThisspecificationwillbeadjustedthroughcontrolledOMG
specificationrevisionprocessestoreflectchangesinPerformanceEfficiencyengineeringwhileretaining
theability
to
compare
baselines.
Vendors
of
static
analysis
and
measurement
technology
can
compute
thisstandardbaselinemeasure,aswellastheirownextendedmeasuresthatincludeotherPerformance
Efficiencyweaknessesnotincludedasmeasureelementsinthisspecification.
-
7/26/2019 admtf-14-12-25
19/51
18
2. Conformance
Implementationsofthisspecificationshouldbeabletodemonstratethefollowingattributesinorderto
claimcoformanceautomated,objective, transparent,andverifiable.
AutomatedTheanalysisofthesourcecodeandtheactualcountingmustbefullyautomated.
Theinitialinputsrequiredtopreparethesourcecodeforanalysisincludethesourcecodeofthe
application,theartifactsandinformationneededtoconfiguretheapplicationforoperation,and
anyavailabledescriptionofthearchitecturallayersintheapplication.
ObjectiveAfterthesourcecodehasbeenpreparedforanalysisusingtheinformationprovided
asinputs,theanalysis,calculation,andpresentationofresultsmustnotrequirefurtherhuman
intervention. Theanalysisandcalculationmustbeabletorepeatedlyproducethesameresults
andoutputsonthesamebodyofsoftware.
TransparentImplementationsthatconformtothisspecificationmustclearlylistallsourcecode
(includingversions),nonsourcecodeartifacts,andotherinformationusedtopreparethesource
codeforsubmissiontotheanalysis. VerifiableCompliance with this specification requires that an implementation state the
assumptions/heuristicsituseswithsufficientdetailsothatthecalculationsmaybeindependently
verifiedby thirdparties. Inaddition, all inputsusedare required tobe clearlydescribedand
itemizedsothattheycanbeauditedbyathirdparty.
3. NormativeReferences
3.1 NormativeThefollowingnormativedocumentscontainprovisions,which,throughreferenceinthistext,constitute
provisionsofthisspecification.Fordatedreferences,subsequentamendmentsto,orrevisionsofanyof
thesepublicationsdonotapply.
StructuredPatternsMetamodelStandard,admtf/140201
KnowledgeDiscoveryMetamodel,version1.3(KDM),formal/20110804
StructuredMetricsMetamodel,version1.0(SMM),formal/20120105
MOF/XMIMapping,version2.4.1(XMI),formal/20110809
AutomatedFunctionPoints(AFP),formal/20140103
ISO/IEC25010Systems and software engineering System and software product Quality
Requirements and Evaluation (SQuaRE) System and software quality models
4. TermsandDefinitions
AutomatedFunctionPointsaspecificationforautomatingthecountingofFunctionPointsthatmirrors
ascloselyaspossiblethecountingguidelinesoftheInternationalFunctionPointUserGroup. (OMG,
formal20140103)
CommonWeaknessEnumerationarepositorymaintainedbyMITRECorporationofknownweaknesses
insoftwarethatcanbeexploitedtogainunauthorizedentryintoasoftwaresystem.(cwe.mitre.org)
-
7/26/2019 admtf-14-12-25
20/51
19
CyclomaticComplexityAmeasureofcontrolflowcomplexitydevelopedbyThomasMcCabebasedon
agraphtheoreticanalysisthatreducesthecontrolflowofacomputerprogramtoasetofedges,
vertices,andtheirattributesthatcanbequantified. (McCabe,1976)
InternalSoftwareQualitythedegreetowhichasetofstaticattributesofasoftwareproductsatisfy
statedandimpliedneedsforthesoftwareproducttobeusedunderspecifiedconditions. Thiswillbe
referredtoassoftwarestructuralquality,orsimplystructuralquality inthisspecification. (ISO/IEC
25010)
Performance Efficiencyperformance relative to the amount of resources or time used under
stated conditions.(ISO/IEC25010)
Quality Measure Elementa measure defined in terms of a software quality attribute and the
measurementmethodforquantifyingit,includingoptionallythetransformationbyamathematical
function.(ISO/IEC
25010)
SoftwareProductasetofcomputerprograms,procedures,andpossiblyassociateddocumentationand
data. (ISO/IEC25010)
Software Product Quality Modela model that categorizes product quality properties into eight
characteristics (functional suitability, reliability, Performance Efficiency, usability, security,
compatibility,maintainabilityandportability).Eachcharacteristiciscomposedofasetofrelatedsub
characteristics. (ISO/IEC25010)
SoftwareQualitydegreetowhichasoftwareproductsatisfiesstatedand impliedneedswhenused
underspecifiedconditions. (ISO/IEC25010)
SoftwareQualityAttributeaninherentpropertyorcharacteristicofsoftwarethatcanbedistinguished
quantitativelyor
qualitatively
by
human
or
automated
means.
(derived
from
ISO/IEC
25010)
SoftwareQualityCharacteristicacategoryofsoftwarequalityattributesthatbearsonsoftwarequality.
(ISO/IEC25010)
Software Quality Characteristic Measurea software qualitymeasure derived frommeasuring the
attributesrelatedtoaspecificsoftwarequalitycharacteristic.
SoftwareQualityIssuearchitecturalorcodingpracticesthatareknowntocauseproblemsinsoftware
development,maintenance,oroperationsandforwhichsoftwarequalityrulescanbedefinedthat
helpavoidproblemscreatedbytheissue.
SoftwareQualityMeasureameasurethatisdefinedasameasurementfunctionoftwoormorevalues
ofsoftwarequalitymeasureelements.(ISO/IEC25010)
-
7/26/2019 admtf-14-12-25
21/51
20
SoftwareQualityMeasurement(verb)asetofoperationshavingtheobjectofdeterminingavalueofa
softwarequalitymeasure.(ISO/IEC25010)
SoftwareQualityModeladefinedsetofsoftwarecharacteristics,andofrelationshipsbetweenthem,
whichprovidesaframeworkforspecifyingsoftwarequalityrequirementsandevaluatingthequality
ofasoftwareproduct. (derivedfromISO/IEC25010)
SoftwareQualityPropertymeasureablecomponentofsoftwarequality.(derivedfromISO/IEC25010)
SoftwareQualityRuleanarchitecturalorcodingpracticeorconventionthatrepresentsgoodsoftware
engineeringpractice and avoidsproblems in softwaredevelopment,maintenance,oroperations.
Violationsofthesequalityrulesproducessoftwareantipatterns.
Software Quality Subcharacteristica subcategory of a software quality characteristic to which
softwarequality
attributes
and
their
software
quality
measure
elements
are
conceptually
related.
(derivedfromISO/IEC25010)
SoftwarePerformanceEfficiencythedegreetowhichtheperformanceofapieceofsoftware
minimizesitsuseofresourcesortimeinaccomplishingitsspecifiedfunctionsunderstated
conditions. (adaptedfromISO/IEC25010)
SoftwarePerformanceEfficiencyMeasureElementameasuredefinedintermsofaqualityattribute
ofsoftwarethataffectsitsPerformanceEfficiencyandthemeasurementmethodforquantifyingit,
includingoptionallythetransformationbyamathematicalfunction. (adaptedfromISO/IEC25023)
StructuralQualitythedegreetowhichasetofstaticattributesofasoftwareproductsatisfystatedand
implied needs for the software product to be usedunder specified conditionsa component of
softwarequality. ThisconceptisreferredtoasinternalsoftwarequalityinISO/IEC25010.
Violation
apattern
or
structure
in
the
code
that
isinconsistent
with
good
architectural
and
coding
practicesandcanleadtoproblemsinoperationormaintenance.
5. Symbols(andAbbreviatedTerms)
CISQConsortiumforITSoftwareQuality
KDMKnowledgeDiscoveryMetamodel
SPMSStructuredPatternsMetamodelStandard
SMMStructuredMetricsMetamodel
-
7/26/2019 admtf-14-12-25
22/51
21
6. AdditionalInformation(Informative)
6.1 SoftwareProductInputs
Thefollowinginputsareneededbystaticcodeanalyzersinordertointerpretviolationsofthesoftware
qualityrulesthatwouldbeincludedinindividualsoftwarequalitymeasureelements.
Theentiresourcecodefortheapplicationbeinganalyzed
Allmaterialsandinformationrequiredtopreparetheapplicationforproduction
Adescriptionofthearchitectureandlayerboundariesoftheapplication,includingan
assignmentofmodulestolayersiftheyexist
Staticcodeanalyzerswillalsoneeda listoftheviolationsthatconstituteeachqualityelement inthe
AutomatedSourceCodeCISQTop15PerformanceEfficiencyMeasure.
6.2 InputValuesforThresholdsinMeasureElementsSeveral of theweaknesses in the Automated Source Code CISQ Top 15 Performance Efficiency 20
Maintainabilitymeasuredetectviolationsofgoodarchitecturalorcodingpracticebasedon threshold
valuesforaconstructbeingexceeded. Table1 liststhedefaultthresholdvalueused inspecifyingthis
measure. Inusingthismeasure,thresholdvaluescanbeadjustedtodifferentlevels.However,whenthe
threshold values are adjusted the results cannot be compared or benchmarked to data from other
analysesthatusedthedefaultvalues. Insuchcasesitmaybegoodtocomputevaluesforboththedefault
andadjustedvalues.
Table1. InputValuesforThresholdsinMeasureElements
listofcomponents
designatedtomanagedataaccesses
minimum
value
The default value for
is1000000. maximum
value
maximumvalue
The default value for
is5.
The default value for
is3.
maximumvalue The default value for
is10.
maximumvalue
The default value for
is3.
maximalvalue
The default value for
is 2
clientside,and5serverside.
maximumvalue
The default value for
is5.
Formatted:Normal
Formatted Table
Formatted:Normal
-
7/26/2019 admtf-14-12-25
23/51
22
6.32Automated Source Code CISQ Top 15 Performance Efficiency Measure
ElementsTheviolationsofgoodarchitecturalandcodingpracticeincorporatedintotheAutomatedSourceCode
CISQTop15PerformanceEfficiencyMeasurearelistedanddescribeinthefollowingTable21. Someof
theCWEsfromtheCommonWeaknessEnumerationrepositorythatare included intheCISQSecurity
measurearealsodefectsthatcancausePerformanceEfficiencyproblems. Inordertoretainconsistency
acrossmeasurementspecifications,theoriginalCWEnumbersandtitleshavebeenretained forthese
PerformanceEfficiencymeasureelements.
Table21. PerformanceEfficiencyPatternsandTheirConsequences,Objectives,andMeasure
Elements
Performance
EfficiencyPattern Consequence Objective MeasureElement
ASCCPEMPRF
1:
StaticBlockElement
containingClass
InstanceCreation
ControlElement
Softwarethatis
codedsoasto
executeexpensive
computations
repeatedly(suchas
inloops)requires
excessive
computational
resourceswhenthe
usageanddata
volumegrow
Avoidupfront
initializationof
softwaredata
elements
Numberofinstanceswherea
storabledataelementor
memberdataelementis
initializedwithavalueinthe
Writeactionandislocatedina
blockofcodewhichisdeclared
asstatic
ASCCPEMPRF2:
ImmutableStorable
andMemberData
ElementCreation
Softwarefeaturing
knownunder
efficientcoding
practicesrequires
excessivecomputational
resources
Avoidunnecessary
usageofadditional
immutabledata
elements
Numberofinstanceswherea
namedcallablecontrolelement
ormethodcontrolelement
createsimmutabletextdata
elementsviathestringconcatenationstatement(which
couldbeavoidedbyusingtext
bufferdataelements)
ASCCPEMPRF3:
StaticMemberData
Elementoutsideof
aSingletonClass
Element
Softwarefeaturing
knownunder
efficientcoding
practicesrequires
excessive
computational
resources
Avoidunnecessary
upfrontallocation
ofmemoryforall
dataelements
Numberofinstanceswherea
staticmemberelementis
declaredasstaticbutitsparent
classelementisnotasingleton
class(thatis,aclasselement
thatcanbeusedonlyoncein
the'to'associationofaCreate
action);itdoesnottakeinto
accountfinalstaticfields
ASCCPEMPRF4:
DataResourceRead
andWriteAccess
Softwarefeaturing
knownunder
efficientSQLQuery
Avoidoverly
complexdata
queries
Numberofinstanceswherethe
numberofrowsinadatatable
exceedsathresholdvalue,and
-
7/26/2019 admtf-14-12-25
24/51
23
Excessive
Complexity
andDataAccess
constructsrequires
excessive
computational
resources
whereitisaccessedbyadata
actionwhosenumberofjoins
betweentablesexceedsa
thresholdvalue,anditsnumber
ofsubqueriesexceedsa
thresholdvalue. Thedefault
valueforthenumberofrowsis
1000000,thedefaultvaluefor
thenumberofjoinsis5,andthe
defaultvalueforthenumberof
subqueriesis3
ASCCPEMPRF5:
DataResourceRead
AccessUnsupported
byIndex
Element
Softwarefeaturing
knownunder
efficientSQLQuery
andData
Access
constructsrequires
excessive
computational
resources
Avoidunnecessary
fullscansofdata
tables
Numberofinstanceswherethe
syntaxoftheReadsColumnSet
actionandtheindex
configurationof
an
SQL
table
or
SQLviewcausestheDBMSto
runsequentialsearches
ASCCPEMPRF6:
LargeData
Resource
ColumnSet
ExcessiveNumber
ofIndexElements
Softwarefeaturing
knownunder
efficientSQLQuery
andDataAccess
constructsrequires
excessive
computational
resources
Avoidtoomany
indicesonverylarge
datatables
Numberofinstanceswherethe
numberofrowsinadatatable
exceedsathresholdvalue,and
itsnumberofindicesexceedsa
thresholdvalue. Thedefault
valuefornumberofrowsis
1000000,andthedefaultvalue
fornumberoftableindicesis3
ASCCPEMPRF7:
LargeData
Resource
ColumnSetwith
IndexElementof
ExcessiveSize
Softwarefeaturing
knownunder
efficientSQL
Query
andDataAccess
constructsrequires
excessive
computational
resources
Avoidoverlylarge
indicesonverylarge
datatables
Numberofinstanceswherethe
numberofrowsinadatatable
exceedsathreshold
value,
and
wheretherangevalueofits
indexexceedsathresholdvalue.
Thedefaultvaluefornumberof
rowsis1000000,andthe
defaultvaluefortheindex
rangeis10
ASCCPEMPRF8:
ControlElements
Requiring
SignificantResource
Elementwithin
ControlFlowLoop
Block
Softwarethatis
codedsoasto
executeexpensive
computations
repeatedly(suchas
inloops)requires
excessive
computational
resourceswhenthe
Avoidresource
consuming
operationsfound
directlyorindirectly
withinloops
Numberofinstanceswherea
controlelementthatcauses
platformresourceconsumption
isdirectlyorindirectlycalledvia
anexecutionpathstartingfrom
withinaloopbodyblockor
withinaloopcondition
-
7/26/2019 admtf-14-12-25
25/51
24
usageanddata
volumegrow
ASCCPEMPRF9:
NonStoredSQL
CallableControl
Elementwith
ExcessiveNumber
ofDataResource
Access
Softwarethatdoes
notleverage
database
capabilitiesto
efficientlyrundata
processing(suchas
storedprocedures
andfunctions)
requiresexcessive
computational
resources
Usededicated
storedprocedures
whenmultipledata
accessesareneeded
Numberofinstanceswhere
serversidenonstoredcallable
controlelementsinadata
managerresourceembeda
numberofdataresource
accessesthatexceeda
thresholdvalue. Thedefault
valueforthenumberofdata
queriesis5
ASCCPEMPRF10:
NonSQL
Named
Callableand
MethodControl
Elementwith
ExcessiveNumber
ofDataResource
Access
Softwarethatdoes
notleverage
database
capabilitiesto
efficientlyrundata
processing(suchas
storedprocedures
andfunctions)
requiresexcessive
computational
resources
Avoidsoftware
elementsrequiring
toomanydata
accessesoutsideof
thedatamanager
Numberofinstanceswherea
clientside
control
element
namedcallableormethod
controlelementarenotinany
datamanagerresourceandthey
embedanumberofdata
resourceaccessactionsthat
exceedathresholdvalue. The
defaultthresholdforthe
numberofdataqueriesis2.
ASCCPEMPRF11:
DataAccessControl
Elementfrom
OutsideDesignated
DataManager
Component
Softwaredeployed
indistributed
environmentthat
doesnotmaintain
redundancyofdata
(suchas
cache)
and
codeincreasesthe
timewithwhich
theyareaccessed
Usededicatedand
specializeddata
manager
component(s).
Numberofinstanceswherea
namedcallablecontrolelement
ormethodcontrolelement
executesadataactionthatis
notexecutedthrougha
dedicatedcentral
data
manager
componentidentifiedinthe
dataaccesscomponentlist(the
unlisteddataaccesscomponent
canbeeitherclientsideor
serverside,whichmeansthat
notallserversidecomponents
areallowedtohandledata
accessesandthatdataaccess
componentscanbedeveloped
usingnonSQLlanguages;in
essence,thedataaccessdoes
notfollowtheintendeddesign)
ASCCPEMPRF12:
Storableand
MemberData
ElementExcessive
Softwarefeaturing
knownunder
efficientcoding
practicesrequires
Avoidthecreation
ofexcessivelylarge
dataelements
Numberofinstanceswherea
datatypeofthestorabledata
elementaggregatesanumber
ofstorabledataelementswith
-
7/26/2019 admtf-14-12-25
26/51
25
Numberof
AggregatedStorable
andMemberData
Elements
excessive
computational
resources
nonprimitivedatatypesthat
exceedsathresholdvalue. The
defaultvalueforthenumberof
aggregatedobjectsis5
ASCCPEMPRF13:
DataResource
Accessnotusing
ConnectionPooling
capability
Softwarefeaturing
knownunder
efficientcoding
practicesrequires
excessive
computational
resources
Sharedatabase
connectionsviaa
connectionpool
Numberofinstanceswherea
namedcallablecontrolelement
ormethodcontrolelement
executesadataresource
managementactionwithout
usingaconnectionpooling
capability(theusageof
connectionpoolingcapabilityis
technologydependent; for
example,connectionpoolingis
disabledwith
the
addition
of
'Pooling=false'tothe
connectionstringwithADO.NET
orthevalueof
'com.sun.jndi.ldap.connect.pool'
environmentparameterinJava)
ASCCPEMPRF14:
Storableand
MemberData
ElementMemory
AllocationMissing
DeAllocation
ControlElement
Softwarefeaturing
knownunder
efficientcoding
practicesrequires
excessive
computational
resources
Avoidfailureto
releaseused
memory
Numberofinstanceswherea
memoryresourceisexplicitly
allocatedviathe
ManagesResourceactiontoa
storableormemberdata
elementwhichisused
throughouttheapplication,and
forwhichthetransformation
sequenceiscomposedofaction
elementswithdatarelations
someofwhicharepartof
namedcallableandmethod
controlelements,butnoneof
whichisamemoryrelease
statement
ASCCPEMPRF15:
Storableand
MemberData
ElementReference
MissingDe
ReferencingControl
Element
Softwarefeaturing
knownunder
efficientcoding
practicesrequires
excessive
computational
resources
Avoidfailureto
releaseuseddata
elements
Numberofinstanceswherea
methodcontrolelement
referencesviatheaccessaction
astorableormemberdata
elementwithoutinvokingits
finalizemethod
-
7/26/2019 admtf-14-12-25
27/51
26
7. SPMSRepresentationofthePerformanceEfficiencyQuality
MeasurePatterns(Normative)
7.0.1 Introduction
ThischapterdisplaysinahumanreadableformatthecontentofthemachinereadableXMIformatfile
accompanyingthisspecification. ThecontentofthemachinereadableXMIformatfileisthe
representationsoftheCISQPerformanceEfficiencyMeasureElements:
usingtheframeworkoftheStructuredPatternsMetamodelStandard(SPMS)
describingthesourcecodeentitieswithinameasureelementasentitiescontainedinthe
KnowledgeDiscoveryMetamodel(KDM)andembeddingthemwithintheSPMSpatterns,so
thattherepresentationisbothdescriptiveandformal.
7.0.2 SPMSMorespecifically,themachinereadableXMIformatfileaccompanyingthisspecificationusestheSPMS
DefinitionsClasses:
PatternDefinition(SPMS:PatternDefinition):thepatternspecification.Inthecontextofthis
document,eachCISQQualityMeasureElementisbasicallythecountofoccurrencesofthe
describedpatterns.
Role(SPMS:Role):Apatternisinformallydefinedasasetofrelationshipsbetweenasetof
entities.Rolesdescribethesetofentitieswithinapattern,betweenwhichthoserelationships
willbedescribed.AssuchtheRoleisarequiredassociationinaPatternDefinition.[].
Semantically,aRoleisa'slot'thatisrequiredtobefulfilledforaninstanceofitsparent
PatternDefinitiontoexist.
PatternSection(SPMS:PatternSection):APatternSectionisafreeformprosetextual
descriptionofaportionofaPatternDefinition.Inthecontextofthisdocument,thereare6
differentPatternSections
in
use:
o Descriptortoprovidepatternsignature,avisibleinterfaceofthepattern,
o MeasureElementtoprovideahumanreadableexplanationofthemeasure,
o Descriptiontoprovideahumanreadableexplanationofthepatternthatissought
after,identifyingRolesandKDMmodelinginformation,
o Objectivetoprovideahumanreadableexplanationoftheintenttogetridofthe
occurrencesofthepatternthatissoughtafter,
o Consequencetoprovideahumanreadableexplanationoftheissuethedetectionof
thepatternisdesignedtosolve,
o Inputtoprovideahumanreadableoftheparametersthatareneededtofinetune
thebehaviorofthepatterndetection(e.g.:thetargetapplicationarchitecturalblueprint
tocomplywith)
o Commenttoprovidesomeadditionalinformation(untilnow,usedtoinformabout
situationswherethesamemeasureelementisusefulforanotheroneofthecategories)
-
7/26/2019 admtf-14-12-25
28/51
27
AswellassomeoftheSPMSRelationshipsClasses:
MemberOf(SPMS:MemberOf):AnInterpatternRelationshipspecializedtoindicateinclusionin
aCategory
Category(SPMS:Category):ACategoryisasimplegroupingelementforgatheringrelated
PatternDefinitionsintoclusters.Inthecontextofthisdocument,theSPMSCategoriesareused
torepresenttheQualityCharacteristicofPerformanceEfficiency.
7.0.3
KDM
Morespecifically,themachinereadableXMIformatfileaccompanyingthisspecificationusesKDM
entitiesintheDescriptionsectionofthepatterndefinitions. Descriptionstrytoremainasgenericyet
asaccurateaspossiblesothatthepatterncanbeapplicableandappliedtoasmanysituationsas
possible,suchasdifferenttechnologiesanddifferentprogramminglanguages. Thismeans:
1.
thedescriptionsincludeinformationsuchas(code:MethodUnit),(action:Reads),
(platform:ManagesResource)etc.
to
identify
the
KDM
entities
in
the
pattern
definition
2.
thedescriptionsonlyelaboratethesalientaspectsofthepatternasthespecificscanbe
technology orlanguagedependent
Table2presentsatranslationofKDMtermsusedinthecurrentspecificationintothewordingoftheir
ordinaryusage.
Table2. KDMElementsIncorporatedintoSPMSPatterns
Ordinary
term(s)
KDM
description(s)
function,method,procedure,
stored
procedure,
subroutine,
etc.
namedcallablecontrolelement(code:CallableUnitwith
code:CallableKind'regular','external'or'stored')ormethodcontrol
element(code:MethodUnit)
variable,
field,
member,
etc.
storabledataelement(code:StorableUnit)ormemberdataelement
(code:MemberUnit)
class
classelement(code:StorableUnitwithcode:DataType
code:ClassUnit)
interface
interfaceelement(code:StorableUnitofcode:DataType
code:InterfaceUnit)
method methodelement(code:MethodUnit)
field,member
memberelement(code:MemberUnit)
SQLstoredprocedures
storedcallablecontrolelements(code:CallableUnitwith
code:CallableKind'storec')inadatamanagerresource
(platform:DataManager)
returncodevalue
value(code:Value)ofthereturnparameter(code:ParameterUnitof
code:ParameterKind'return')
-
7/26/2019 admtf-14-12-25
29/51
28
exception exceptionparameter(code:ParameterUnitwithcode:ParameterKind'exception')
userinputdataflow anexternalvalueisentered isenteredintotheapplicationthroughthe 'ReadsUI'userinterfaceReadsUIaction(ui:ReadsUI),
transformedthroughouttheapplicationalongthe
'TransformationSequence'sequence(action:BlockUnit)composedof
ActionElementswithDataRelationsrelations(action:Reads,
action:Writes,action:Addresses),someofwhichbeingpartof
namedcallableandmethodcontrolelements(code:MethodUnitor
code:CallableUnitwithcode:CallableKind'regular','external'or
'stored'),andultimatelyusedasexecutionpath executionpath(action:BlockUnitcomposedof
action:ActionElementswithaction:CallableRelationsto
code:ControlElements)Libraries,etc. deployedcomponent(platform:DeployedComponent)RDBMS datamanagerresource(platform:DataManager)loopbody loopbodyblock(action:BlockUnitstartingastheaction:TrueFlowof
theloopaction:GuardedFlowandendingwithanaction:Flowbackto
theloopaction:GuardedFlow)
loopcondition loopcondition(action:BlockUnitusedintheaction:GuardedFlow)singleton classelement(code:StorableUnitwithcode:DataType
code:ClassUnit)thatcanbeusedonlyonceinthe'to'associationofa
Createaction(action:Creates)
checked usedbyacheckcontrolelement(code:ControlElementcontaining
action:ActionElementwithakindfrommicroKDMlistofcomparison
actions)
7.0.4 Readingguide
Section7.2representstheSPMSCategoryforthesoftwarequalitycharacteristiccoveredinthis
specification. Startingwithsection7.3,eachsectionnumbered7.x representsanewSPMS
PatternDefinitionmemberofthisSPMSCategory. SPMSPatternDefinitionsubsectionsare:
Patterncategory:theSPMS:Categorycategorythatthepatternisrelatedtothrougha
SPMS:MemberOfrelationship.
Patternsections:thelistof"SPMS:PatternSection"sectionsfromthepattern:
o Descriptor,
o Description,
o Objective,
o Consequence,
o and,whenapplicable,
Input,
-
7/26/2019 admtf-14-12-25
30/51
29
Comment.
Patternroles:thelistofSPMS:RolerolesusedintheDescriptorandDescriptionsections
above.
Inthefollowingsections:
Databetweensquarebrackets(e.g.:[keyCISQ_Reliabity])identifiesxmi:idthatareuniqueand
usedtoreferenceentities.Theyaremachinegeneratedtoensureunicity.
Databetweenparanthesis(e.g.:(code:MethodUnit))identifiesKDMmodelinginformation.
Databetweenanglebrackets(e.g.:)identifiesSPMSRolesinDescriptionand
Inputsections.
7.1. CategorydefinitionofCISQPerformanceEfficiency
[keyASCCPEM_Performance_Efficiency]CISQPerformanceEfficiency
7.2. PatterndefinitionofASCCPEMPRF1:StaticBlockElement
containingClassInstanceCreationControlElement
PatternCategory
[keyASCCPEMPRF1relatedPattsPerformanceEfficiency]ASCCPEM_Performance_Efficiency
PatternSections
Objective
[keyASCCPEMPRF1objective]
Avoidupfrontinitializationofsoftwaredataelements
Consequence
[keyASCCPEMPRF1consequence]
Softwarethatiscodedsoastoexecuteexpensivecomputationsrepeatedly(suchasinloops)requires
excessivecomputationalresourceswhentheusageanddatavolumegrow
MeasureElement
[keyASCCPEMPRF1measureelement]
Numberofinstanceswhereastorabledataelementormemberdataelementisinitializedwithavalue
intheWriteactionandislocatedinablockofcodewhichisdeclaredasstatic
Description
[keyASCCPEMPRF1description]
Thispatternidentifiessituationswhereastorabledataelement(code:StorableUnit)ormemberdata
element(code:MemberUnit)isinitializedwithavalueintheWriteaction
(action:Write)locatedintotheblockofcode(action:BlockUnit)whichisdeclaredasstatic
-
7/26/2019 admtf-14-12-25
31/51
30
Descriptor
[keyASCCPEMPRF1descriptor]
ASCCPEMPRF1(StaticBlock:staticBlock,InitialisationStatement:initialisationStatement)
Variableinput
(noneapplicable)
Comment
(noneapplicable)
ListofRoles
[keyASCCPEMPRF1rolesstaticBlock]StaticBlock
[keyASCCPEMPRF1rolesinitialisationStatement]InitialisationStatement
7.3. Patterndefinition
of
ASCCPEM
PRF
2:
Immutable
Storable
and
MemberDataElementCreation
PatternCategory
[keyASCCPEMPRF2relatedPattsPerformanceEfficiency]ASCCPEM_Performance_Efficiency
PatternSections
Objective
[keyASCCPEMPRF2objective]
Avoidunnecessaryusageofadditionalimmutabledataelements
Consequence
[keyASCCPEMPRF2consequence]
Softwarefeaturing
known
under
efficient
coding
practices
requires
excessive
computational
resources
MeasureElement
[keyASCCPEMPRF2measureelement]
Numberofinstanceswhereanamedcallablecontrolelementormethodcontrolelementcreates
immutabletextdataelementsviathestringconcatenationstatement(whichcouldbeavoidedbyusing
textbufferdataelements)
Description
[keyASCCPEMPRF2description]
Thispatternidentifiessituationswherethenamedcallablecontrolelement
(code:CallableUnitwithcode:CallableKind'regular','external'or'stored')ormethodcontrolelement
(code:MethodUnit)createsimmutabletextdataelements(code:DataElementwithcode:DataType
code:StringType)viathestringconcatenationstatement
(code:ControlElementusing2action:Reads and1action:Writesoncode:DataElementwith
code:DataTypecode:StringType),whichcouldbeavoidedbyusingtextbufferdataelements.
-
7/26/2019 admtf-14-12-25
32/51
31
Descriptor
[keyASCCPEMPRF2descriptor]
ASCCPEMPRF2(ControlElement:controlElement,StringConcatenationStatement:
stringConcatenationStatement)
Variableinput
(noneapplicable)
Comment
(noneapplicable)
ListofRoles
[keyASCCPEMPRF2rolescontrolElement]ControlElement
[keyASCCPEMPRF2rolesstringConcatenationStatement]StringConcatenationStatement
7.4. Patterndefinition
of
ASCCPEM
PRF
3:
Static
Member
Data
Element
outsideofaSingletonClassElement
PatternCategory
[keyASCCPEMPRF3relatedPattsPerformanceEfficiency]ASCCPEM_Performance_Efficiency
PatternSections
Objective
[keyASCCPEMPRF3objective]
Avoidunnecessaryupfrontallocationofmemoryforalldataelements
Consequence
[keyASCCPEMPRF3consequence]
Softwarefeaturing
known
under
efficient
coding
practices
requires
excessive
computational
resources
MeasureElement
[keyASCCPEMPRF3measureelement]
Numberofinstanceswhereastaticmemberelementisdeclaredasstaticbutitsparentclasselementis
notasingletonclass(thatis,aclasselementthatcanbeusedonlyonceinthe'to'associationofa
Createaction);itdoesnottakeintoaccountfinalstaticfields
Description
[keyASCCPEMPRF3description]
Thispatternidentifiessituationswherethestaticmemberelement(code:MemberUnit)is
declaredasstatic(code:StorableKind'static')butitsparentclasselement
(code:StorableUnitwithcode:DataTypecode:ClassUnit)isnotasingletonclass,thatis,aclasselement
thatcanbeusedonlyonceinthe'to'assoctionofaCreateaction(action:Creates);itdoesnottakeinto
accountfinalstaticfields(code:MemberUnitwithcode:StorableKind'static'andcode:ExportKind'final').
-
7/26/2019 admtf-14-12-25
33/51
32