Source code-based software risk assessing

The more complex a software system is, the more likely it is that programmers will make mistakes that introduce faults which can lead to execution failures. A risk in a software system can be viewed as a potential problem, and a problem is a risk that has manifested. In order to reduce the risk of software operations, code which has the potential to cause problems has to be identified so that necessary actions (e.g., performing a more thorough testing on such code) can be taken to prevent any such problems from occurring. Consequently, this can help programmers detect faults in the software before it is deployed and reduce the overall maintenance code. In this paper, we propose a static and a dynamic risk model using metrics collected based on the source code; more specifically, metrics which are either related to the static structure of the source code or the dynamic test coverage of the code. The computation of the risk of code is automated at different granularity levels ranging from basic blocks to functions. An experiment to demonstrate the feasibility of using our method is reported. High risk code, so identified by our method, can be integrated with information collected from other software quality assurance practices to further ensure the safe operation of software applications.

[1]  Joseph Robert Horgan,et al.  Applying design metrics to predict fault-proneness: a case study on a large-scale software system , 2000, Softw. Pract. Exp..

[2]  Taghi M. Khoshgoftaar,et al.  Early Quality Prediction: A Case Study in Telecommunications , 1996, IEEE Softw..

[3]  Sallie M. Henry,et al.  Predicting source-code complexity at the design stage , 1990, IEEE Software.

[4]  Lori A. Clarke,et al.  A Formal Evaluation of Data Flow Path Selection Criteria , 1989, IEEE Trans. Software Eng..

[5]  Phyllis G. Frankl,et al.  An Experimental Comparison of the Effectiveness of Branch Testing and Data Flow Testing , 1993, IEEE Trans. Software Eng..

[6]  Yu Qi,et al.  An execution slice and inter-block data dependency-based approach for fault localization , 2004, 11th Asia-Pacific Software Engineering Conference.

[7]  W. Eric Wong,et al.  Applying design metrics to predict fault‐proneness: a case study on a large‐scale software system , 2000 .

[8]  Michel Dagenais,et al.  Extending software quality assessment techniques to Java systems , 1999, Proceedings Seventh International Workshop on Program Comprehension.

[9]  Elaine J. Weyuker,et al.  A Formal Analysis of the Fault-Detecting Ability of Testing Methods , 1993, IEEE Trans. Software Eng..

[10]  John D. Musa,et al.  Operational profiles in software-reliability engineering , 1993, IEEE Software.

[11]  Arie van Deursen,et al.  Source-based software risk assessment , 2003, International Conference on Software Maintenance, 2003. ICSM 2003. Proceedings..

[12]  Taghi M. Khoshgoftaar,et al.  Emerald: Software Metrics and Models on the Desktop , 1996, IEEE Softw..

[13]  Michael R. Lyu,et al.  ARMOR: analyzer for reducing module operational risk , 1995, Twenty-Fifth International Symposium on Fault-Tolerant Computing. Digest of Papers.