Sonar and ABAP

My blog Qualilogy is almost one year old (at the end of the month), and I found that almost all the posts that I have written are about quality of code and applications and are intended primarily for two types of audiences:

  • People familiar with the concepts of Quality, and the use of metrics, often beyond the field of code quality. They are often consultants or Quality managers, usually with the experience of various technologies and languages, able to interpret a dashboard and make audits. However, they are not all experienced in the use of code analysis tools, and sometimes feel that the J2EE world and Open Source tools are too technical for them.

I tried to show that it is actually very simple, even without technical knowledge, through several articles describing the installation and the use of tools as Sonar and Jenkins, and the benefits of many plugins created and maintained by the Sonar community.

  • People who are users or even experts of these tools as they use them on their projects every day or on the J2EE applications of their company but do not have the experience of other technologies. When in fact, you just some basic knowledge in order to analyze the other code than J2EE.

For example, the series we did about Cobol analysis, starting with this post Cobol code analysis – What you need to know.

As I had plans to make a series of the same type for the SAP technology, I asked his participation to someone who is not only a friend but also an expert in the field of quality and SAP world, and the use of analysis tools code.

With 20 years of experience in software quality, Walter Strobl is Director of Quality in the multinational group Vision IT, represented in Spain by Drago Solutions.

His expertise covers several methods, techniques and tools applied to the quality management for multiple technologies and sectors: nuclear, aerospace, defense, industry, finance, etc..

Today, the team led by Walter conducts projects and code analysis at international level.

We will therefore benefit from the experience of Walter in the analysis of ABAP code for our next series.

Walter, can you tell us briefly how you have lived the evolution of software quality?

First, thank you for your time and this space on your blog.

I started working in the field of software quality in 1983, examining the methods and techniques of quality for hardware in order to transfer them to software. For example, the software is built once and can then be copied easily, but if the original code contains an error, it will be duplicated. While a machine may experience a hardware problem and the next in the chain will not.

But a cycle of continuous improvement of the quality, as PDCA (Plan-Do-Check-Act) may apply in both fields. Hardware and software need testing. Hardware manufacturing is highly industrialized, while software development is still handmade, which inevitably requires to implement best practices for architecture, design and programming tailored to different technologies (ABAP, Java, .Net etc.). The implementation of CASE tools (Computer Aided Software Engineering) in the mid-80s popularized the use of data dictionaries and techniques of structured analysis and design.

When there were no tool, you did work manually?

Of course. I remember an anecdote: a manual review of a document of exploitation for a spanish nuclear power plant showed some absences in this documentation, that had to be corrected before the customer accepted the delivery of the system.

Quality is an activity of low cost and high efficiency. During the design and construction of the high-speed train Madrid-Seville (AVE), we performed code review manually by text searches on programs developed in C.

What activities of software quality have been automated first?

The first tools in the field of quality were introduced in configuration and change management, and then requirements management and testing tools. Recent years have seen the increasing emergence of code analysis tools.

What are the advantages of the different activities of Quality and the level of effort required to get it?

Activities of software quality assurance respectively provide the following benefits:
– With reviews of documents, particularly of requirements, the effort is low enough for the level of benefit obtained.
– Development process audits help ensure compliance with procedures and standards and identify areas for improvement in these procedures. Again, the effort is relatively low for a long-term benefit.
– Code analysis allow to verify the compliance with the best practices of architecture, design and programming with a very low effort, and immediate benefits through the rapid identification of problems of performance, security, reliability and maintainability, the reduction of the testing effort and the elimination of potential bugs in production.
– Quality tests that everyone recognize is important, but for which we usually spend less than it should, and thare not always sufficiently formalized. This is the most expensive activity, but it ensures compliance with functional requirements, and sometimes with security, capacity, etc.

What are the sectors and technologies that can take advantage of code analysis?

Clearly critical systems (aerospace, medical systems, operating systems, …). Because in case of failures, human lives are at stake. Then systems where software defects will result in economic losses. We analyzed the code, among other things, of train control systems, banking, telecommunications, etc. And the conclusion is unanimous: code auditing is the only way to properly implement best practices and avoid errors in production.

For software development environments such as SAP, code analysis produces remarkable improvements. But with a good choice of tools and a little experience, you can audit the code of almost any technology (Java,. Net, PL / SQL, C, C + +, VB, etc.).

It is not the technical dimension that prevails, but to know how to define a model of quality indicators and the use cases, particularly in the implementation of Continuous Integration processes, integrated in the development cycle, or audits. And all this can be done remotely. A final recommendation is that the number of rules considered “mandatory” should remains not too high, because imposing too many good practices at first time brings discouragement and failure in the long term.

Walter, thank you for taking the time to answer my questions.

In the next post, we’ll see what you need to know about ABAP code and then, in a later article, we’ll list the questions to ask to a SAP project team in order to analyze their code. Your experience will certainly be very useful.


Leave a Reply

Your email address will not be published. Required fields are marked *