軟件質量指標自動度量方法

{"type":"doc","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"通過設定衡量代碼質量的八個度量項來對軟件的質量進行量化打分，其設定度量項的標準參考了定義軟件質量的ISO25010標準。這篇文章結合","attrs":{}},{"type":"link","attrs":{"href":"http://www.redrocket.cn","title":"","type":null},"content":[{"type":"text","text":"鴻漸科技","attrs":{}}]},{"type":"text","text":"團隊多年的實踐，將給大家介紹一下如何通過ISO25010標準來制定以下的質量指標。","attrs":{}}]},{"type":"image","attrs":{"src":"https://static001.geekbang.org/infoq/92/92328bdfaa5f3c0d533ce843830a7376.png","alt":null,"title":null,"style":[{"key":"width","value":"75%"},{"key":"bordertype","value":"none"}],"href":null,"fromPaste":true,"pastePass":true}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"30年多年前，軟件工程師Barry Boehm已經發現，如果在軟件發佈後發現缺陷，修復缺陷的成本會成倍增加。因此，如果能夠在軟件發佈前有一種方法來衡量軟件的代碼質量，它將潛在地節約大量的成本。一個定義軟件代碼質量的ISO25010應運而生，這個標準定義了八個主要質量指標和許多子指標。八個主要質量指標爲：","attrs":{}}]},{"type":"bulletedlist","content":[{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"功能適用性 （Functional suitability）：軟件所實現的功能達到其設計規範和滿足用戶需求的程度，強調正確性、完備性、適合性等。","attrs":{}}]}]},{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"可靠性 (Reliability)：在規定的時間和條件下，軟件所能維持其正常的功能操作、性能水平的程度／概率，如成熟性越高，可靠性就越高；用MTTF (mean time to failure，平均失效前時間) 或MTBF（mean time Between failures，平均故障間隔時間）來衡量可靠性。","attrs":{}}]}]},{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"效率 (Performance efficiency)：在指定條件下，軟件對操作所表現出的時間特性（如響應速度）以及實現某種功能有效利用計算機資源（包括內存大小、CPU佔用時間等）的程度，局部資源佔用高通常是性能瓶頸存在；系統可承受的併發用戶數、連接數量等，需要考慮系統的可伸縮性。","attrs":{}}]}]},{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"可操作性 (Operability)：對於一個軟件，用戶學習、操作、準備輸入和理解輸出所作努力的程度，如安裝簡單方便、容易使用、界面友好，並能適用於不同特點的用戶，包括對殘疾人、有缺陷的人能提供產品使用的有效途徑或手段（即可達性）。","attrs":{}}]}]},{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"安全性 (Security)：要求其數據傳輸和存儲等方面能確保其安全，包括對用戶身份的認證、對數據進行加密和完整性校驗，所有關鍵性的操作都有記錄（log），能夠審查不同用戶角色所做的操作。它涉及保密性、完整性、抗抵賴性、可覈查性、真實性。","attrs":{}}]}]},{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"兼容性 (Compatibility)：涉及共存和互操作性，共存要求軟件能給與系統平臺、子系統、第三方軟件等兼容，同時針對國際化和本地化進行了合適的處理。","attrs":{}}]}]},{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"可維護性 (Maintainability)：當一個軟件投入運行應用後，需求發生變化、環境改變或軟件發生錯誤時，進行相應修改所做努力的程度。它涉及模塊化、複用性、易分析性、易修改性、易測試性等。","attrs":{}}]}]},{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"可移植性 (Transferability)：軟件從一個計算機系統或環境移植到另一個系統或環境的容易程度，或者是一個系統和外部條件共同工作的容易程度。它涉及適應性、易安裝性、易替換性。","attrs":{}}]}]}],"attrs":{}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" ","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"ISO25010標準有助於在軟件初期階段評估質量。然而，它有兩個主要缺點：","attrs":{}}]},{"type":"numberedlist","attrs":{"start":1,"normalizeStart":1},"content":[{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":1,"align":null,"origin":null},"content":[{"type":"text","text":"標準沒有規定如何測量質量屬性。一些質量屬性甚至似乎不適合客觀測量。以“可操作性”爲例， 其子屬性如“界面友好”和“易用性”。如何測量這個，測量單位是什麼？","attrs":{}}]}]},{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":2,"align":null,"origin":null},"content":[{"type":"text","text":"大多數定義的質量屬性在不同的環境中具有不同的含義。因此，即使可以測量質量屬性，也很難找到判斷是好或壞的明確客觀標準。“效率”就是這種情況的一個很好的例子。一些軟件系統在1秒內做出響應就足夠了，而另一些軟件系統則要求在1毫秒內做出響應。","attrs":{}}]}]}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"爲了對軟件質量進行系統的評估，經過多年的行業經驗積累，制定出可以進行量化處理的八個度量項，它們分別是：","attrs":{}}]},{"type":"bulletedlist","content":[{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"代碼覆蓋率","attrs":{}}]}]},{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"抽象解釋 ","attrs":{}}]}]},{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"圈複雜度","attrs":{}}]}]},{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"編譯器警告","attrs":{}}]}]},{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"編碼標準 ","attrs":{}}]}]},{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"重複代碼","attrs":{}}]}]},{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"扇出 ","attrs":{}}]}]},{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"安全","attrs":{}}]}]}],"attrs":{}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" ","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"這八個度量項基於ISO25010制定，其量化數值和軟件質量屬性有一定的映射關係，具體如下。","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" ","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"size","attrs":{"size":14}},{"type":"strong","attrs":{}}],"text":"1. 代碼覆蓋率","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"在軟件工程師將他們的代碼移交到軟件開發週期的下一個階段之前，他們通常做一些單元測試。這些是小規模的自動化測試，可以檢查程序的特定部分，例如單個函數，然後將這些自動化測試的實際結果與預期結果進行比較。單元測試是用來檢查程序能否實現設計想達到的目的最低標準的一種有效的測試方法。代碼覆蓋率表示在單元測試運行期間，代碼中有多少行代碼或可執行分支被測試。覆蓋率越低，所執行的單元測試的質量就越低。代碼覆蓋率是“功能適用性”和“可靠性”的一個度量指標。","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" ","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"下面的C#代碼展示了用代碼覆蓋率檢測工具輸出的一個簡單示例。每一行顏色爲“綠色”的代碼都經過至少一次測試，而“紅色”行的代碼沒用經過任何測試。","attrs":{}}]},{"type":"image","attrs":{"src":"https://static001.geekbang.org/infoq/4a/4a81f8a9e0231d0caca3c331e791dc30.png","alt":null,"title":null,"style":[{"key":"width","value":"75%"},{"key":"bordertype","value":"none"}],"href":null,"fromPaste":true,"pastePass":true}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"代碼覆蓋率測試工具的輸出顯示，除第37行外，此代碼示例中的所有行都由（單元）測試覆蓋。","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" ","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"size","attrs":{"size":14}},{"type":"strong","attrs":{}}],"text":"2. 抽象解釋","attrs":{}},{"type":"text","text":" ","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"現在有一種通過運行抽象解釋工具（也稱爲深流分析工具）來檢測軟件程序中可能存在的“可靠性”問題的新技術。這些工具能夠自動檢測與程序控制流程相關的各種編程錯誤。例如空指針解引用、除零和未關閉的數據庫連接。這些工具的優點是它們在不實際運行程序的情況下就能產生結果，這是通過以計算程序所有可能的路徑來完成的。抽象解釋發現的錯誤是嚴重的編程錯誤，可能導致崩潰。這個度量項和程序“可靠性”屬性息息相關。關於抽象解釋問題的一個簡單示例展示在下面的Java代碼中。","attrs":{}}]},{"type":"image","attrs":{"src":"https://static001.geekbang.org/infoq/69/690d1e2f0f04634f01b49feb6cbae3e4.png","alt":null,"title":null,"style":[{"key":"width","value":"75%"},{"key":"bordertype","value":"none"}],"href":null,"fromPaste":true,"pastePass":true}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"抽象解釋工具將在第228行標記一個可能出現的空指針解引用缺陷，因爲函數“get Order”會在訂單沒有有效日期的情況下返回NULL。如果發生這種情況，將拋出異常，可能導致程序崩潰。","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" ","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"size","attrs":{"size":14}},{"type":"strong","attrs":{}}],"text":"3. 圈複雜度","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" 圈複雜度是最經典的軟件度量項之一。圈複雜度在數量上表現爲獨立現行路徑條數。例如，每個“if”語句就會添加了一條額外的代碼路徑。圈複雜度越高，程序代碼的判斷邏輯就越複雜。此外，路徑越多，就需要編寫更多的測試用例來實現更高的代碼覆蓋率。每個函數的平均圈複雜度是一個指標，可以比較程序之間的複雜性。圈複雜度在一定程度上展示了程序代碼的“可維護性”。下面以一段C#代碼爲例展示如何計算圈複雜度。","attrs":{}}]},{"type":"image","attrs":{"src":"https://static001.geekbang.org/infoq/10/105309115ed92e9c4c6d1934014cbf4a.png","alt":null,"title":null,"style":[{"key":"width","value":"75%"},{"key":"bordertype","value":"none"}],"href":null,"fromPaste":true,"pastePass":true}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"函數“get Value”在第123行的圈複雜度爲2（因爲包含一條“then”路徑和一條“else”路徑”）。","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" ","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"size","attrs":{"size":14}},{"type":"strong","attrs":{}}],"text":"4. 編譯器警告","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"爲了在計算機上執行軟件程序，首先需要經過編譯或解釋。編譯器或解釋器會生成錯誤和警告而且錯誤必須修復，否則程序無法運行。警告雖然不一定需要解決，但是一些編譯器警告表明程序存在嚴重缺陷。留下這些未解決的問題可能會影響代碼的“可靠性”。除此之外，大多數編譯器警告還體現了“可移植性”問題。因此，這個度量項和軟件程序的“可移植性”也有很強的關聯。下面是關於編譯器警告在C語言代碼片段的一個簡單示例。","attrs":{}}]},{"type":"image","attrs":{"src":"https://static001.geekbang.org/infoq/31/31e7b96bc5d554ee4012ca016e028fe0.png","alt":null,"title":null,"style":[{"key":"width","value":"75%"},{"key":"bordertype","value":"none"}],"href":null,"fromPaste":true,"pastePass":true}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"大多數編譯器會在第32行的if條件下發出警告（可能是爲了進行比較的原因）。","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" ","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"size","attrs":{"size":14}},{"type":"strong","attrs":{}}],"text":"5. 編碼標準","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" 軟件維護是軟件工程師最耗時的任務之一。其原因之一是經過多次更新後，軟件工程師很難理解程序代碼編寫原本的意圖。降低軟件維護成本的一種方法是引入編碼標準。編碼標準是代碼工程師應該遵循的規則。這些編碼規則涉及已知的語言缺陷、要避免的代碼構造，還涉及命名約定和程序佈局。由於編碼標準通常包含許多不同的規則，所以它們可以反應大多數代碼質量屬性問題。大多數規則涉及“可維護性”和“可靠性”，但也有可用於“可移植性”和“效率”的規則。下面是一個違反編碼標準的示例。","attrs":{}}]},{"type":"image","attrs":{"src":"https://static001.geekbang.org/infoq/96/96e8b1f26b02a9eaf0e6d7afe0bb7eac.png","alt":null,"title":null,"style":[{"key":"width","value":"75%"},{"key":"bordertype","value":"none"}],"href":null,"fromPaste":true,"pastePass":true}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"任何C編碼標準都不推薦第36行使用的goto語句。","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" ","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"size","attrs":{"size":14}},{"type":"strong","attrs":{}}],"text":"6. 重複代碼","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" 有些時候軟件工程師會複製大量現成代碼並對其進行一些小的修改而不是重新編寫。大量重複代碼的缺點是，如果出於某些原因（修復bug或添加丟失的功能）必須更改代碼的一部分，那麼其他重複的代碼也很可能需要更改。一旦有所疏忽，重複的大量代碼將產生巨大的工作量。這非常影響程序的“可維護性”。","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" ","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"size","attrs":{"size":14}},{"type":"strong","attrs":{}}],"text":"7.  扇出","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" ","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"軟件程序通常是由模塊或組件構造的。這些模塊和組件存在層次調用的情況。扇出表示某個模塊使用的下級模塊的個數。如果模塊需要許多其他模塊才能正確運行（高扇出），那麼模塊之間就有很高的相互依賴性，這使得代碼更難修改。因此，扇出在一定程度上反映了軟件程序的“可維護性”。下面的Java代碼顯示了一個高扇出的示例。","attrs":{}}]},{"type":"image","attrs":{"src":"https://static001.geekbang.org/infoq/ad/adce1f7f0e7b9aed02d77f9b54f00f61.png","alt":null,"title":null,"style":[{"key":"width","value":"75%"},{"key":"bordertype","value":"none"}],"href":null,"fromPaste":true,"pastePass":true}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"在這段代碼中，我們採用了扇出的簡單定義來度量import語句。因此，上面Java文件的扇出數量是16。","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" ","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"size","attrs":{"size":14}},{"type":"strong","attrs":{}}],"text":"8.  安全","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"軟件的安全性反應了在未獲得授權的數據訪問時軟件程序有多容易被攻擊，以及利用安全漏洞對軟件進行更改的難易程度。這種安全漏洞的例子有緩衝區溢出（讓程序崩潰)和敏感數據的暴露(從而給用戶提供信息以獲得未經授權的訪問）。下面的C代碼給出了一個安全泄漏的示例。","attrs":{}}]},{"type":"image","attrs":{"src":"https://static001.geekbang.org/infoq/7e/7ee774402005d8724d751728b2045881.png","alt":null,"title":null,"style":[{"key":"width","value":"75%"},{"key":"bordertype","value":"none"}],"href":null,"fromPaste":true,"pastePass":true}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"在第319行，一個非常長的字符串被寫入一個名爲“buf”的數組，該數組只能容納8個字符。不適合“buf”的字符被保存在其他地方，可能會覆蓋應該執行程序的代碼。通過利用這個漏洞，攻擊者可以運行另一個程序，而不是運行的本來的程序。修正後的例子是下圖。","attrs":{}}]},{"type":"image","attrs":{"src":"https://static001.geekbang.org/infoq/ed/ed789262b925c600ef4bed9806a98e51.png","alt":null,"title":null,"style":[{"key":"width","value":"75%"},{"key":"bordertype","value":"none"}],"href":null,"fromPaste":true,"pastePass":true}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"通過使用“snprintf”而不是“sprintf”，寫入緩衝區的字符數受到第二個參數的限制。","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" ","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" 以上就是給出的八個度量項，從上文可以發現一些度量項可以很容易地映射某些質量屬性。例如，如果一個文件的代碼重複率爲0%，那麼這被認爲是質量較高的一段代碼，而如果重複率是50%，那會被認爲是糟糕的編程。然而，對於八個度量項中的四個，“抽象解釋”、“編譯器警告”、“編碼標準”和“安全”並沒有和質量屬性間存在非常明確的對應關係。例如，如果代碼中有3000個編碼標準問題，那麼這段編碼的質量高低還取決於以下3個附加因素：","attrs":{}}]},{"type":"numberedlist","attrs":{"start":1,"normalizeStart":1},"content":[{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":1,"align":null,"origin":null},"content":[{"type":"text","text":"測量了多少編碼規則？如果一個編碼標準比另一個編碼標準有更多的規則，那麼違規的可能性就會更高。但這並不意味着該代碼的代碼質量較低。","attrs":{}}]}]},{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":2,"align":null,"origin":null},"content":[{"type":"text","text":"違反的規則的嚴重程度是多少？如果只違反了不重要的規則，那麼代碼質量就會比同樣違規數量的其他代碼更好。","attrs":{}}]}]},{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":3,"align":null,"origin":null},"content":[{"type":"text","text":"代碼的數量級是多少？如果在一個由1000萬行代碼組成的系統中有3000起違反代碼規則事件，那麼與一個只有1000行代碼的系統相比，情況就顯得不那麼嚴重了。","attrs":{}}]}]}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" ","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"爲了解決這一問題，引入了“加權因子” (compliance factor) 的概念。加權因子表示軟件代碼在多大程度上符合某一組規則。例如，這可能是一組編譯器警告或一組安全規則。","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" ","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"具體的計算公式如下：","attrs":{}}]},{"type":"image","attrs":{"src":"https://static001.geekbang.org/infoq/76/76a843d174191dba7753297ae0e4cd91.png","alt":null,"title":null,"style":[{"key":"width","value":"75%"},{"key":"bordertype","value":"none"}],"href":null,"fromPaste":true,"pastePass":true}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"對此公式的詳細解釋大家可以參看文末相關文獻鏈接。許多項目中使用這一定義已有20多年，在實踐中效果顯著。通過行業經驗確定了度量項在軟件質量屬性中所佔權重大小，然後分別計算每個度量項分數後進行加權彙總，得到反應軟件質量等級和評分的一個檢測報告。","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" ","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"質量指標是一種非常實用的方法，可以在軟件程序發佈前甚至在系統測試之前對軟件代碼的質量進行量化概述。該指標結合了最著名的代碼質量度量項，通過公司現有的代碼檢測工具定義了它們是如何測量的，以及如何判斷質量的高低。按照得到的分數，將軟件系統依次標記爲A（優秀質量）到F（質量差)多個不同的質量等級。","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" ","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"link","attrs":{"href":"http://www.redrocket.cn","title":"","type":null},"content":[{"type":"text","text":"鴻漸科技","attrs":{}}]},{"type":"text","text":"的現有的“源代碼檢測系統”可以對代碼的圈複雜度，扇入扇出和重複代碼比例做量化分析，同時，參考衆多國內外頂會文章的相關指標量化的設計也在積極努力的開發中，造燭求明,學他求理，","attrs":{}},{"type":"link","attrs":{"href":"http://www.redrocket.cn","title":"","type":null},"content":[{"type":"text","text":"鴻漸科技","attrs":{}}]},{"type":"text","text":"必將在代碼質量量化道路上繼續披荊斬棘，奮勇向前。","attrs":{}}]},{"type":"heading","attrs":{"align":null,"level":1},"content":[{"type":"text","text":"參考","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"[1] Boehm, Barry W.; Philip N. Papaccio, “","attrs":{}},{"type":"text","marks":[{"type":"italic","attrs":{}}],"text":"Understanding and Controlling Software Costs”, ","attrs":{}},{"type":"text","text":"IEEE Transactions ","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"on Software Engineering, v. 14, no. 10, October 1988, pp. 1462-1477. ","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"[2] ISO, “","attrs":{}},{"type":"text","marks":[{"type":"italic","attrs":{}}],"text":"Systems and software engineering – Systems and software Quality Requirements and Evaluation ","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"italic","attrs":{}}],"text":"(SquaRE) – System and software quality models","attrs":{}},{"type":"text","text":"”, ISO/IEC 25010:2011, 2011, obtainable from ","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"http://www.iso.org/iso/iso_catalogue/catalogue_tc/catalogue_detail.htm?csnumber=35733. ","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"[3] Wikipedia, “","attrs":{}},{"type":"text","marks":[{"type":"italic","attrs":{}}],"text":"Cyclomatic Complexity","attrs":{}},{"type":"text","text":"”, extracted July 2012, obtainable from ","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"http://en.wikipedia.org/wiki/Cyclomatic_complexity. ","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"[4] Wikipedia, “","attrs":{}},{"type":"text","marks":[{"type":"italic","attrs":{}}],"text":"Duplicated Code","attrs":{}},{"type":"text","text":"”, extracted July 2012, obtainable from ","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"http://en.wikipedia.org/wiki/Duplicate_code. ","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"[5] Wikipedia, “","attrs":{}},{"type":"text","marks":[{"type":"italic","attrs":{}}],"text":"Code Coverage","attrs":{}},{"type":"text","text":"”, extracted July 2012, obtainable from ","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"http://en.wikipedia.org/wiki/Code_coverage. ","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"[6] Wikipedia, “","attrs":{}},{"type":"text","marks":[{"type":"italic","attrs":{}}],"text":"Abstract Interpretation","attrs":{}},{"type":"text","text":"”, extracted July 2012, obtainable from ","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"http://en.wikipedia.org/wiki/Abstract_interpretation. ","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"[7] Wikipedia, “","attrs":{}},{"type":"text","marks":[{"type":"italic","attrs":{}}],"text":"Coding Conventions","attrs":{}},{"type":"text","text":"”, extracted July 2012, obtainable from ","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"http://en.wikipedia.org/wiki/Coding_standard. ","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"[8] Henry, S.; Kafura, D., “","attrs":{}},{"type":"text","marks":[{"type":"italic","attrs":{}}],"text":"Software Structure Metrics Based on Information Flow","attrs":{}},{"type":"text","text":"”, IEEE Transactions on ","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"Software Engineering Volume SE-7, Issue 5, September 1981, pp. 510–518. ","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"[9] OWASP, “OWASP top 10 - 2013, The ten most critical web application security risks”, extracted ","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"December 2016, obtainable from https://www.owasp.org/index.php/Top_10_2013. ","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"[10] CERT, “CERT Secure Coding”, extracted December 2016, obtainable from https://www.cert.org/secure","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"coding/. ","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"[11] Jansen, Paul; Krikhaar, Rene; Dijkstra, Fons, “Towards a Single Software Quality Metric – The Static ","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"Confidence Factor”, 2006, obtainable from ","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"http://www.tiobe.com/content/paperinfo/DefinitionOfConfidenceFactor.html. ","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"[12] Wikipedia, “","attrs":{}},{"type":"text","marks":[{"type":"italic","attrs":{}}],"text":"European Union energy label","attrs":{}},{"type":"text","text":"”, extracted July 2012, obtainable from ","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"http://en.wikipedia.org/wiki/European_Union_energy_labe","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong","attrs":{}}],"text":" ","attrs":{}}]}]}