Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > Java > Code Quality Assurance and Classification

Reply
Thread Tools

Code Quality Assurance and Classification

 
 
Stefan Ram
Guest
Posts: n/a
 
      01-31-2006
I will describe a problem and my solution. I wonder how others
are doing this.

Problem:

One wants to publish source code, but does not know whether
the source code might contain confidential parts.

Solution:

One does a code review, and if the code is not found to
contain confidential parts, it gets a "clearance stamp":

@de.dclj.ram.meta.description.Cleared()
public interface ComparableLocatableTuple { ... }

Problem:

After the clearance was granted, the code might be edited and
the edit session might introduce confidential notes into the
code, again. The clearance stamp then will be misleading.

Solution:

The clearance stamp gets a date and time:

@de.dclj.ram.meta.description.Cleared("slr@2006-01-31T19:14:50+01:00")
public interface ComparableLocatableTuple { ... }

Now the publishing process will compare the time of the last
modification of the file with the clearance stamp. If the
last modification occured later than the clearance (plus
a tolerance of some seconds), the clearance will be considered
invalid. Files with invalid clearances will need a new
review to be possibly re-granted clearance.

Extended Solution:

The review might annotate the type by code qualities such as
documentation:

@de.dclj.ram.meta.description.Cleared("slr@2006-01-31T19:14:50+01:00")
@de.dclj.ram.meta.quality.Documented()
public interface ComparableLocatableTuple { ... }

This means that the type declaration was sufficiently
documented at the time of the review.

Using this annotation, code which is not sufficiently
documented can be found more easily in the source tree as a
candidate for documentation sessions.

If the file is modifid (code is added or modified) not only
will the clearance become invalid but also the "Documented"
stamp. (When one is in a hurry to extend features or remove a
bug, one does not always take time and care to update the
documentation immediatly.) So, the next code review also would
have to decide whether the type declaration still is
considered sufficiently documented.

If not, the "Documented" stamp will be removed and the
declaration then again is a candidate for a documentation
session.

In a similar manner other code qualities might be handled,
such as "Tested".

This whole effort will allow to:

- make sure that only code is published that has
a certain number of qualities (such as non-
confidential or documented)

- easily find those type declarations that lack certain
qualities as candidates for edit sessions to
improve them.

 
Reply With Quote
 
 
 
 
Joe Attardi
Guest
Posts: n/a
 
      01-31-2006
Stefan Ram wrote:
> One does a code review, and if the code is not found to
> contain confidential parts, it gets a "clearance stamp":
>
> @de.dclj.ram.meta.description.Cleared()
> public interface ComparableLocatableTuple { ... }

....
>
> @de.dclj.ram.meta.description.Cleared("slr@2006-01-31T19:14:50+01:00")
> public interface ComparableLocatableTuple { ... }


My initial impression is, "wow that's overly complicated!" But it
sounds like this was a real problem at your organization.

So after giving it another thought, I must say, that's pretty cool. The
only downside I see is that source files will get littered with these
@Cleared annotations.

Still, a clever use of annotations!

 
Reply With Quote
 
 
 
 
Thomas Weidenfeller
Guest
Posts: n/a
 
      02-01-2006
Stefan Ram wrote:
> After the clearance was granted, the code might be edited and
> the edit session might introduce confidential notes into the
> code, again. The clearance stamp then will be misleading.
>
> Solution:
>
> The clearance stamp gets a date and time:
>
> @de.dclj.ram.meta.description.Cleared("slr@2006-01-31T19:14:50+01:00")
> public interface ComparableLocatableTuple { ... }


How secure needs the solution to be? A time stamp is easy to update by
the programmer, when the code is updated, too.

If you want to have it more tamper-proof consider a digitally signed
checksum, where the reviewers sign with their private keys.

> This whole effort will allow to:
>
> - make sure that only code is published that has
> a certain number of qualities (such as non-
> confidential or documented)
>
> - easily find those type declarations that lack certain
> qualities as candidates for edit sessions to
> improve them.


And don't forget, it will drive programmers mad. Some managers might
consider this an advantage.

/Thomas
--
The comp.lang.java.gui FAQ:
ftp://ftp.cs.uu.nl/pub/NEWS.ANSWERS/...g/java/gui/faq
http://www.uni-giessen.de/faq/archiv....java.gui.faq/
 
Reply With Quote
 
Chris Uppal
Guest
Posts: n/a
 
      02-01-2006
Stefan Ram wrote:

> One does a code review, and if the code is not found to
> contain confidential parts, it gets a "clearance stamp":
>
> @de.dclj.ram.meta.description.Cleared()
> public interface ComparableLocatableTuple { ... }

[... etc ...]

One problem I have with this approach is that you are changing the file /after/
it has been signed-off, so what was approved or certified is not identical to
what is /claimed/ to be approved or certified. That might not matter for some
applications, but for the general case I think I'd prefer to use an approach
(perhaps based on something like digital signatures) where the certificate is
stored separately from the file to which it applies.

BTW, there might also be a need for similar kinds of certifications for .class
or .jar files too.

-- chris



 
Reply With Quote
 
Chris Uppal
Guest
Posts: n/a
 
      02-01-2006
Thomas Weidenfeller wrote:

> > This whole effort will allow to:
> >
> > - make sure that only code is published that has
> > a certain number of qualities (such as non-
> > confidential or documented)
> >
> > - easily find those type declarations that lack certain
> > qualities as candidates for edit sessions to
> > improve them.

>
> And don't forget, it will drive programmers mad.


A major irritation would be remembering to remove the certification annotations
when copy/pasting code. <wink/>

-- chris



 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Job- YYC/AB/Canada -Software Quality Assurance Lead, Software Industry, Multi-Tiered J2EE Environment, Calgary, AB cgyjobpro@gmail.com Java 0 02-05-2007 10:23 AM
Software Testing & Quality Assurance FAQ paklookup@gmail.com C Programming 5 08-16-2006 04:35 PM
JOB: Python Technical Lead & Head of Data Quality Assurance, NYC Kandidates Python 0 08-12-2003 08:40 PM
Does anyone ever heard about quality assurance in helpdesks? Frédéric Computer Support 0 07-13-2003 05:26 PM
ISO resources/references on quality assurance/testing wrt Java lvirden@yahoo.com Java 0 06-30-2003 05:26 PM



Advertisments