Office of Safety and Mission Assurance Software Assurance

Office of Safety and Mission Assurance Software Assurance Symposium 2002 Berkeley Springs, WV MSFC Avionics Department Flight Software Group CMM Level 2 Certified Automated Software Coding Standards System Development Team Assessment Team Luis Trevino Michael Rahmatipour Luis Lopez, CTO, Flow. Lynx Inc. Marlyn Terek Emma Eduok (Summer Intern) September 04 -06, 2002

MSFC Avionics Department, Flight Software Group Automated Software Coding Standards System Best Practices, Past Successful Projects, Other References 3. Flow. Code Agents 2. Flow. Code System 1. Source Code: C Files 4. Peer Review Artifacts • Collaborative Website System • Metrics/Standards Reports • Flowchart Visualization of 2 Inspected Code

MSFC Avionics Department, Flight Software Group Automated Software Coding Standards System Coding Standards and Rules Standard Rules 1. Filenames 1 2. Include Files (layout) 4 3. Function Layout 6 4. Indentation 8 5. Brace Placement 6 6. White Space Usage 15 7. Naming Convention 64 8. Scope 5 9. Macros 6 10. Globals 2 11. Function Layout 5 12. Include Files (. h) 4 13. Pointers 5 14. Control Flow 19 Total 3 150

MSFC Avionics Department, Flight Software Group Automated Software Coding Standards System Coding Standards Reporting 4

MSFC Avionics Department, Flight Software Group Automated Software Coding Standards System Metrics Reporting 5

MSFC Avionics Department, Flight Software Group Automated Software Coding Standards System Development & Validation Process Development of ED 14 Coding Standards Document Spring 2000 15 K Effort With Flowlynx Inc. To Develop Prototype With Seven Rules Fall 2000 Implementable Coding Standards Identified And Effort Continued With Quarterly Status to IV&V Center Fall 2001 / Winter 2002 Seven Rules Validated Against Real Flight Software and Coding Standards Document. Effort Featured In April 2001 Issue of Military & Aerospace Electronics Magazine Proposal to Code Q OSMA And Awarded 71 K To Continue Development of Coding Standards Tool Summer / Fall 2001 80% of The Rules Implemented And 70% Validated By Assessment Team Using Coding Standards Document and Flight Software. Verified No False “Passed” Rules And All “Failed” Rules Were Legitimate Summer/Sept. 2002 85% of The Rules Implemented And Validated End of Sept. 2002 • Analyze Remaining Rules For Implementation • Tool Enhancement: Rule Modification, Metrics, Reporting, Languages • Training 6 Fall 02 – Winter 03

MSFC Avionics Department, Flight Software Group Automated Software Coding Standards System Status Task Description March 1 Coding Standard Rules Identified & Associated System Requirements (%) 2 Notes April July Sept >50 60 70 85 Some of the rules are subjective and difficult to implement. Capability of System to Implement Identified Rules (%) 60 70 80 100 3 Implementation of Identified Rules (%) 17 (6/35) 30 50 100 4 Validation of Implemented Rules (%) 16 33 46 100 (1/6) 7

MSFC Avionics Department, Flight Software Group Automated Software Coding Standards System Conclusions Tool Benefits • Enforce Repeatability In Software Development Processes • Accelerate Learning Curve for New Programmers • Minimize Software Errors From Becoming Potentially Larger Costly Errors • Source Code Maintainability and Code Reuse • Increased Technical Insight on Contractor Developed Source Code • Tool for all Levels of Software Personnel to Support Development, Analysis, and Maintenance of Code • Software Code Peer Reviews and Code Walkthroughs • Visual Code (Flowcharts) Easier To Review & Inspect Over Text Other Benefits Being Implemented • Applicable To All Computer Language Domains • Will Support End User Specifications For Implementing and Maintaining Standards and Metrics 8 • Will Support Inclusion of LINT, GLINT, SPLINT, and RATS

MSFC Avionics Department, Flight Software Group Automated Software Coding Standards System Conclusions Comparison To Other Tools • This system compares to other tools. Major features that differ: • Static Analyzer • Not Compiler Dependent • Web Based • Multiple User Capability • Ability To View & Edit Source Code • Flowchart of the Code • Reports are Stored & Accessible On-Line • Server Side Computation of Metrics & Standards 9