Skip to main content

Pursuit of Quality with Axivion

Have you noticed that implementing even simple features becomes increasingly time-consuming over time? Is your current codebase still adhering to the High/Low Level Designs laid down by your Software Architect? Are you aware of the duplicate code and dependency cycles lurking in your code? Is Safety-Certified software your priority? 

If any of these questions sparked your curiosity, then keep reading to discover how we can effectively tackle these issues.

Introduction

Axivion has been an integral part of the Qt Group for more than a year, enhancing its Quality Assurance offerings.

For those who aren't familiar with Axivion, Axivion is the technology leader for next generation static code analysis of C, C++ and C# code. In addition to classic analyses such as MISRA or metrics, Axivion exclusively allows you to check the compliance of your software architecture. With the capability to detect clonescycles, and unreachable code, you will always be able to prevent software erosion in your development projects.

Please check out our customer references to see how  Axivion Suite helps our customers achieve their goals day in and day out.

In this article, we take a quick walk through the process of getting started with Axivion, showcasing its tools and the value it brings. To demonstrate the analysis in action, we chose the Industrial Automation Demo project currently being developed in-house, aimed at the upcoming Trade Shows.

Setup

If you are new to Axivion, the obvious choice is to use the Axivion Configuration Wizard, which is a step-by-step guide to configuring your project for analysis. Here, you will be guided through configuration options like Project location, Version Control System, Compiler Toolchain, Build System, etc.

At the end of this process, a standard User Interface appears where you can start fine-tuning the project. For example, you could enable Misra C++ 2023 analysis, disable Cycle Detection, set limits for McCabe complexity checks, or even add custom rules based on your company ruleset.

ax1
ax4
ax5
bk1
Save analysis results
ax11_1
ax12-1
Helper script to start analysis
bk2
Enabling Misra C++ 2023 and disabling Cycle Detection
bk3
Setting max threshold value for McCabe Cyclomatic Complexity
Architecture Analysis Setup

In theory, software architecture can be ensured by periodic reviews of the code. Unfortunately, in practice, the manual architecture review is both time consuming and error-prone. More often than not, architecture review is ignored during Pull/Merge requests. By the time we start seeing the real issues, we would have spent considerable effort and money patching up the symptoms.

What if we tell you that Axivion will precisely verify architecture compliance for every change made in the source code? 

To demonstrate thiswe created a high-level design for the demo project using the Gravis tool, which is a simple-to-learn, lightweight, architecture modeling tool.

With Gravis,

  • we draw architectural entities (e.g., components, files, classes, functions, variables, etc.)
  • define relationships between them (e.g., inheritance, association, function call, friend function, etc.)
  • map the architecture entities with corresponding code artifacts.
The level of granularity/precision in defining the relationships is just phenomenal. Finally, we configure Axivion to use the newly created architecture/mapping data (.gxl file) as the reference to perform architecture analysis.
 
Note: Using Gravis is not mandatory, as designs can also be imported from Enterprise Architect, IBM Rhapsody, PlantUML or any tool that uses the XMI format for software architecture representation.

ax17
First, we model the architecture entities which represents components, files, classes, functions, variables, etc. Then, we define relationships/edges between these entities (available edge types shown on the bottom right)
ax18-1

Create mapping between the Source Code Artifacts and the Architectural Entities defined in the previous step.

arch1
Export new architecture as a gxl file
arch2
Use the generated gxl file as reference architecture.
Static Code Analysis Setup

Apart from the widely popular options like Style Checks and Metrics, you could also analyze Duplicate Code, Dependency Cycles, and Dead Code in your code base with Axivion. Though it may seem trivial, you would already be noticing its symptoms, like repetitive bugs with the same fix, increased compilation times, unprecedented crashes, and unmaintainable code. 

If you prioritize safety certifications such as ISO 26262, IEC 61508, IEC 62304, or EN 50128/50657, then look no further because Axivion is certified by SGS-TÜV Saar GmbH for use in the development of safety-certified systems. This, coupled with coding guidelines aimed at Safety (Misra) and Security (CWE, CERTand C Secure Coding) would ensure safety certified code along the supply chain.

For the demo project, apart from choosing Misra-C++ 2023 guidelines, we also enabled Clone Detection, Cycle Detection, and Dead Code Detection for the analysis.

ax15
Enabling Clone, Dead Code detection and Metrics
ax16
Enabling Misra C++ 2023 ruleset

Execution

Analysis can be triggered easily by executing the helper script (sh/bat) generated during setup. This approach also makes CI-CD integration effortless.

Results

The analysis results can be conveniently viewed on Axivion Suite's Dashboard, an intuitive web application accessible through your browser. This dashboard provides insights into the erosion and quality attributes of your software projects, making it easy to monitor and improve their overall health.

Note: Analysis Results are also available in SARIF, JSON, CSV, JUnit XML, and Text Formats.

Architecture Analysis Results

The analysis shows us the convergence, divergence, or absence of relationships between the defined architectural entities when compared against reality (codebase). This serves as a valuable signal for us to address any code issues proactively, preventing further complexity. It may also ignite conversations about the underlying reasons for the discrepancies, prompting a reassessment of the architectural design.

arch3

Reporting Absence, Convergence and Divergence of codebase compared to reference architecture

ax27-1
Exploring an individual architectural issue.
ax19-1
Visualizing the analysis in Gravis
ax20
Convergences listed in gravis while clicking on an edge
ax21
Divergences listed in gravis while clicking on an edge
 
 

 

 

ax22
Static Code Analysis Results

Axivion left no stone unturned in uncovering the clones and dead code within our repository. This analysis proved invaluable in eliminating duplicate code and identifying unused functions that had slipped under the radar.
 
The analysis of Misra C++ 2023 shed light on the rigorous demands of a Safety-Critical Project, guiding us towards compliance. The intuitive dashboard provides a timeline of issue introductions and resolutions, offering valuable insights for continuous improvement.

ax23
Visualizing Misra C++ 2023 violations
ax24
Visualizing the root cause of Misra C++ 2023 violation.
ax25

Visualizing dead code

ax26
Visualizing Clones. It is a type 3 clone where there the codes look similar but with minor additions and deletions.

With the option to customize/finetune Axivion to suit your needs, you can avoid false positives, which can reduce the usefulness of SCA, and waste entire days for QA Engineers
 
For example, we stumbled upon a false positive where the std::unique_lock variable is flagged as unused, while in reality, the declaration itself would serve the purpose of locking the mutex within the scope. This can be configured as an expected behavior by setting the option treat_side_effect_constructors_as_use to true. 

Conclusion

Measurement is key to control and improvement. If you can't measure it accurately, you can't understand, control, or improve it.

With Axivion as your ally, you can effectively measure and address software erosion factors, manage complexity, and ensure the overall health of your development process. Axivion empowers you to stay ahead of the curve by providing valuable insights into your codebase, enabling you to make informed decisions and implement targeted improvements.

What's next?

What fun would it be to taste our own medicine? Currently, the Qt Framework and Axivion Suite itself are under surveillance from Axivion Suite. Please keep tuned for the Architecture/Static Code Analysis of Qt Safe Renderer, – a Safety-Certified offering  from Qt.

If you would like to learn more about Axivion, please contact us.

Comments