Developers

Welcome to the Developers page. Here you may get familiar with each one of the platform's toolboxes, through detailed demo videos and descriptions. Moreover, in case you are interested in first results of applying the SDK4ED framework in the applications provided by the project consortium, a dedicated section has been tailored just for this reason.

Last but not least, for a hands-on experience with SDK4ED, as well as consulting the project wiki for extensive training material, you are encouraged to visit the below links.

Toolboxes

The Dependability Toolbox enables the users to monitor and optimize the dependability level of their source code. The toolbox statically analyses the source code and provides a high-level security score, i.e., the Security Index, which reflects the internal security level of the analysed software. The hierarchical structure of the produced results enables root-cause analysis, allowing the developers to spot the exact security issues that reside in the source code and need resolution. The toolbox also enables the identification of vulnerability hotspots, that is, individual source code files that are likely to contain important vulnerabilities. This information can be leveraged by developers and project managers for prioritizing their testing and fortification actions, by allocating limited resources to high-risk (i.e., potentially vulnerable) code locations. In the below demo, the full functionality of the toolbox is displayed.
The Technical Debt Toolbox enables the user to monitor and prevent technical debt during software evolution. Through software refactoring recommendations, it provides solutions to issues accumulating technical debt. TD Toolbox provides a variety of maintainability metrics that measure code smells and bad design quality techniques at project, file and package level, giving the user the option to prioritize artefacts to be fixed. Through the TD Analysis, the user can have a better view of TD principal and TD interest evolution. New Code TD can be seen as a quality gate preventing the user from adding more code smells on the existing code. The toolbox statically analyses the source code and provides maintainability metrics for object-oriented and non-object-oriented languages. Developers can leverage the information derived from the toolbox to support code refactoring and optimisations. Project managers also benefit, since the information provided on the software’s technical debt can support decision making on the software future, e.g., whether to spend effort to refactor the code, for how long the software should be maintained or the need to declare bankruptcy of the software.

Refactorings are part of the Technical Debt Toolbox and are divided in three categories, code
refactorings, design refactorings and architecture refactorings. Refactorings provide solutions to
issues accumulating technical debt. The code refactorings provide a collection of Technical Debt
Issues that contains the rank, based on smell interest probability. Furthermore, for each TD Issue it
contains a collection of the file paths, the line and the estimated effort to fix that Technical Debt
Issue. The Design Refactoring provide suggestions of refactorings and the impact of them on the
design of the software. Two types of refactorings are included, the first one is the extract method
refactoring and the second one suggests move class refactorings that improve coupling and
cohesion of the whole project

The Energy Toolbox enables the user to deeply inspect her source code’s energy-related qualities. Analyzing the whole repository at once, the toolbox cares to locate hotspots of high resource usage that indicate equally high power levels. Analysis of the hotspots is performed on both the loop and the function level. Insights from said analysis are used to suggest possible code refactorings for mitigating the spotted consumption. Analysis results and corresponding suggestions are saved and accessible, in order to minimize future response latency.

In the below demo, the full functionality of the toolbox is displayed.

The purpose of the Forecasting Toolbox is to provide predictive forecasts regarding the evolution of the three core quality attributes targeted by the SDK4ED platform, namely Technical Debt, Energy and Dependability. Towards building a solid basis for the Forecasting Toolbox realization, various dedicated time series and ML models were investigated and introduced as part of the business logic of the toolbox. Hence, this toolbox offers three main features implemented in the form of individual web services: i) TD Forecaster, which is responsible for predicting the evolution of the total remediation effort (measured in minutes) to fix all code issues of a software application, ii) Energy Forecaster, which is responsible for predicting the evolution of the total energy consumption (measured in Joules) of a software application, and iii) Dependability Forecaster, which is responsible for predicting the evolution of the Security Index of a software application.

The TradeOff Manager of the Decision Support tool aims to provide the user with comparable insights with respect to the suggestions given by each of the 3 analysis toolboxes of the platform (Energy, Technical Debt, Dependability). Since each toolbox focuses on different code qualities, an overall view of the interdependencies between individual suggestions is essential for optimal decision making. In the below demonstration, a total of 2 refactorings are retrieved from the toolboxes for a specific project, and the respective impacts to all code qualities are displayed both in tabular and graphical form.

Refactorings as Financial Investment panel hosts a decision-support tool (namely ADMIT—
Architectural Decision-making as a Financial Investment) for software optimization. Therefore, the
tool aims at supporting stakeholders to decide if the application of a quality optimization is
beneficial or not. The developed approach relies upon the cost-benefit modelling and the
prevention-appraisal-failure cost models.

First Results on Pilot Use Cases

Dependability & Neurasmus

The SDK4ED Dependability Toolbox helped the developers of the NEURASMUS Use Case identify and fix an existing Buffer Overflow vulnerability that resided in a software application for Implantable Medical Devices (IMD) that they are currently developing. It also helped them detect a set of potential security issues in a third-party component used by their software application for data encryption.

Technical Debt & Holisun

The study “Technical Debt Quantification through Metrics: An Industrial Validation” that has been conducted on Holisun Pilot Use Case gave positive insights on the efficiency of the technical debt metrics provided by SDK4ED Technical Debt Toolbox. The results suggest that the SDK4ED platform is able to accurately quantify the basic concepts of the TD metaphor, namely principal, interest, and interest probability. Among those concepts, the correlation between the experts’ opinion and the platform assessment is stronger for principal, followed by interest probability. Additionally, it was observed that some concepts, as perceived by practitioners, are related; e.g., the ranking of packages in terms of interest and interest probability are strongly correlated at a statistically significant level. Given the above, industrial stakeholders are encouraged to exploit the SDK4ED TD dashboard as part of their quality assurance processes, since it seems to be accurately reflecting their own perspective. This would be useful especially for novice practitioners who do not have the experience to quickly and accurately judge the aspects of TD.

Technical Debt & Neurasmus

In a second study, conducted on Neurasmus Pilot Use Case, the SDK4ED Technical Debt Toolbox has been used to analyse an embedded system software. The findings show that security-driven software costs are relatively higher than medical costs due to the complexity of a more secure software. The TD Toolbox also seems to help the developers discover which of the hardware changes were far more costly due to their very-high certification overheads. Finally, it provided insights into TD principal and TD interest evolution through new software versions and source code changes (for example more security code, more complex code thus more debt).