Legacy intelligence automation, from code to application to help improve software quality. Asetechs Softwares for legacy applications quality assessment and renovation


Your Account | Your Cart | Register

  • KRIS on Windows/Linux FOR BUSINESSES KRIS CR on Mainframes
    (back to initial page)
KRIS for MVS
  • Products on MVS, overview
  • Support and services
KRIS Features
  • KRIS Code Reviewer (CR)
  • KRIS Code Normalizer (CN)
  • KRIS Dead Code Cleaner
  • KRIS Extractor xmi/cwm/kdm
  • KRIS CR measures collected
Learn More
  • KRIS video tour
  • Metrics revisited (discussions)
Contact us
  • Further information
  • Asetechs Home |
  • Selected articles

KRIS on MVS for System, Applications and Code inspection is available in Q1 2011 for: COBOL, C, CICS, IMS-DC, IM S-DB, JCL (IBM), SQL (DB2, ORACLE), VSAM. Other languages available only on demand ( PL/1 with preprocessing, Natural, Adabas, Rexx, Clist).

ERROR! You do not have the required version of Flash Player.

Get Adobe Flash player
Next article
Beginning of article

The value of better code quality

To manage the risk of poor quality it is necessary to have a thorough and up-to-date understanding of the Technical Quality of critical applications.

To keep this understanding up-to-date KRIS CR is automating rule checking, code measurement and inspection, and delivering practical and useful reports (example: a normalized image of the source code is generated --according to customer's programming rules-- to give hints of what could be done to enhance the code).

Time, business and cost pressures have all pushed developers to make sub-optimal choices that impact the quality and future performance of critical applications. The risk is great – over time poor code quality results in applications that are:

  1. Poor and/or erratic in performance
  2. Incredibly difficult to change
  3. Very costly to maintain
  4. Impossible to move from one team to another
  5. A regulatory compliance liability
  6. A potential security risk

KRIS Code Reviewer on MVS is enabling Code Inspection, (and/or code normalization with KRIS Code Normalizer), at the heart of the code writing activity. KRIS on MVS is a robust and fast executable, designed to be embedded within the compiling/link-edit job of the software developpers working on a Mainframe. KRIS main goals are the following:

  1. automatically parsing, prioritizing and mapping defects to understand the impact on shared code bases, teams, projects and applications,
  2. arming developers with the information and context they need to make better defect triage decisions,
  3. enhancing developer productivity by making it easy to find the defects that matter to them,
  4. helping programmers to understand what mean the programming standards and norms of their Company at the code level when they need it, during code writing and testing.

KRIS Code Reviewer (KRIS CR) on MVS generates reports that helps programmers understand what mean the programming standards and norms of their Company at the code level and how they should implement them (Inspection at the source). Based on these reports some customers have been to forbid compilation when their programming standards were not satisfied. Yet each forbidden compilation is to be accompanied with a clear, precise and acceptable explanation of the rationale for this decision to become educative and not merely arbitrary.

Previous article
Beginning of article

How KRIS will contribute to your software industrialization.

Static code analysis

KRIS automatizes defects and vulnerabilities detection within critical applications by decomposing (grammatical analysis or parsing of code) and by auditing (semantic interpretation) the source code as if during a pre-compilation process. This technique enables fast audits on large volume of source code that reveal errors which are typically beyond the scrutiny of unit tests, code reviews and inspections, or code quality control done manually. The extensive audit of all control flows existing between procedures of a program, done by KRIS, divulges hidden defects (such as Cobol Mines or Dead Code) that can have unpredictable impacts on performances, abnormal termination of processes, incorrect behaviours, security flaws or simply readability and understanding.

Operation

KRIS automatically expands source code with their referenced declarative files, creates a complete semantic image of the code, executes a thorough analysis of this image, computes many measurements and identifies grammatical defects. This way, KRIS contributes to the acceleration and enhancement of the software qualification process and helps delivering more stable, more secure and better softwares.

The audit is automatically performed in 4 steps:

Source code Expansion and creation of a semantic image

The audit begins with the reconstruction of the complete and accurate image of the source code. All the declarative files referenced by a program are searched and their content is automatically inserted in place of the calling clause (example of such a clause: “COPY copybook-name.”). If KRIS cannot find these resources, the audit is not interrupted but warnings will be written in its log. Thenceforth, the resulting image will be ‘semantically assigned’ according to the customer’s or standards programming rules to be checked, and secondly, typical standard measurements of the language under review will be computed. This process requires no change of the source code. It is incremental and extremely fast, and generates almost no impact on the existing compilation/link-edit activity, thence it can be easily integrated to this latter to assist the developers to become more accurately aware of the corporate standards to comply with.

Deep analysis and resulting functionalities

A powerful inference device (semantic tree pattern matching within AST) of KRIS performs inter-procedures analysis and identifies anomalies, such enabling the thorough understanding of the interactions and propagations between the various parts of a program or set of programs.

The main functionalities of KRIS are the following:

  1. Analysis of anomalies based on the programming language's grammar.
  2. Analysis of compliance to programming standards and norms (rule checking) based on a set of inspection rules that can be evolved to satisfy the customer’s objectives.
  3. Audit of inter-procedures invocations and of their impact on operations.
  4. Dead code identification (‘unreachable statements’ and ‘useless data elements’) and pruning when desired.
  5. Inspection compliance measurements (conformity to programming standards).
  6. Quality measurements (volume, grammatical and complexity measures).

Defects quantification and centralization of collected data

The set of informations collected during analysis by KRIS is gathered into a Defects and Measurements data base (as a default functionality under Linux and Windows, as an optional one on MVS). The data captured during each campaign of audit are historicized, making time analysis possible. A series of pre-defined queries (similar to sql scripts) against the anomalies and defects of the data bases facilitate the isolation of programs and data involved in certain problems or type of failures. Defects are classified in 4 inspection categories and 4 quality categories. Each defect is moreover qualified with a Severity Level which can be configured by the customer. Thanks to these categories and severities level, all the audited components (programs or applications) can be classified and organized into useful hierarchies or priorities. This set of qualified results helps defining a ‘Quality/Standards’ positioning (along with the notions of thresholds, alerts, limits etc.) for each component of the customer’s application portfolio and is consolidated at the application, at the department or enterprise level.

Publication of Results

All results (collected, computed, etc.) can be stored in a Quality data base. They can take various format: listing (commented source code), reports (as tables), graphs and/or charts:

  1. Details within the ‘expanded source code’ image (listing): the inspection messages are written as comments in the audited source code. Each statement in anomaly according to the rule checking is highlighted.
  2. Messages per category of inspection:
    • Category ‘Exploitation Costs Impacts’
    • Category ‘Maintainability’
    • Category ‘Reliability’
    • Category ‘Exploitability’
  3. Messages per severity of inspection: 4 severity level are made available . Each rule or norm can be assigned with a type of severity according to the customer’s specification.
  4. Messages for Quality per type of measurements:
    • Measures about ‘Portability’,
    • Measures about ‘Maintainability / Usability’,
    • Measures about ‘Reliability’,
    • Measure about ‘Complexity’: cyclomatic complexity of each Cobol procedures.
  5. Cobol Mines.
  6. Measurements: Quality Metrics, Halstead (Effort, Volume, Difficulty, Complexity), MacCabe (Cyclomatic Complexity for each procedure and average for each program), around 47 measures are collected for Cobol.
  7. Time Analysis: evolution of successive measurements campaigns.
  8. Aggregation of measurements: from program to applications.

Options for setting up KRIS

Two types of usage are possible: 'on flight' mode or batch mode (for deferred auditing).

Interactive mode (or "on the flight" mode).

This mode aims to integrate the inspection and audit process at the developer's compilation/ link-edit task. The results of the audit are immediately published towards the developer to help him correcting the defect(s) at the source and delivering customers rules compliant source code.

Batch mode.

This mode aims at collecting the results of the inspection in a data base, in order to explore or share them later (It requires the integration with a Data Base on MVS, which is standard with the Windows/Linux solution). In this mode, the users can take advantage of a Java Applet (KRIS Client) to access to the Inspection Quality Data Base and use a set of predefined queries to review the data collected and produce various reports.

 
  • © Copyright 2001-2012 Asetechs
  • Privacy Policy - Contact us

Valid XHTML 1.0 Strict