Learn Computing from the Experts | The Rheinwerk Computing Blog

Modeling and Static Code Analysis Tools for Software Architecture Design

Written by Rheinwerk Computing | Aug 21, 2024 1:00:00 PM

In this blog post, we’ll look at modeling and static code analysis tools for software architecture design.

 

Modeling Tools

Modeling tools can depict functional and/or technical models of software and requirements,

and problem domains.

 

They assist in creating and maintaining (mainly) graphical abstractions of reality.

 

Such tools can, for example, provide support starting with (abstract) business processes via stepwise refinement of more and more detailed representations of the respective circumstances.

Requirements and Decision Criteria

Modeling tools are subject to the following requirements, which also serve as decision criteria:

  • Support for standardized modeling methods—for example, UML, Systems Modeling Language (SysML), ER models, BPMN, state charts, Petri Nets, and others
  • Support for informal models
  • Support for different views/model types (diagram types)
  • Support for static and dynamic modeling
  • Model checking (validation, plausibility checking)
  • Separation of diagrams and the objects contained in them, particularly with a view to reusing objects in other diagrams
  • Linking or concatenation of models and diagrams, and automatic forwarding to the relevant (refining) model elements or diagrams when selected (i.e., clicked)
  • Support for explicit meta-models
  • Capabilities for manual or program-controlled modification of the meta-models
  • Ability to define your own modeling languages (DSLs, including graphical languages)
  • Integration with version management systems (e.g., Subversion, Git, Mercurial)
  • Multiuser capability and rights concept
  • Document generation (in various formats) from models with configurable and/or programmable document layout and structure
  • Reverse engineering of source code 

Challenges Faced by Modeling Tools

Modeling tools also bring their own challenges:

  • Many current graphical representation tools (e.g., UML models, mind maps, or free-form diagrams) can’t be edited simultaneously by multiple users. This makes merging of diagrams extremely time-consuming and prone to error.
  • Notations often are unsuitable for nontechnical stakeholders.
  • Often poor or nonexistent integration into software development environments results in a lack of acceptance by the developers. 

Examples

Examples of modeling tools are listed here:

  • ArgoUML (open source)
  • ARIS (IDS Scheer)
  • Enterprise Architect (SparxSystems)
  • Innovator (MID GmbH)
  • PowerDesigner (SAP)
  • Rational Software Architect (IBM)
  • StarUML (open source)
  • Visual Paradigm (Visual Paradigm International) 

Static Code Analysis Tools

When analyzed statically, the source text is subjected to a range of formal checks that scan the application for irregularities and errors. This can take place manually or with tool support.

 

Tools can help with the evaluation of various quality characteristics (e.g., complexity) in existing software systems. By identifying dependencies, static code analysis tools can also be used to optimize runtime efficiency. They can also determine whether the implementation complies with the requirements of the architecture and, for example, where permissible dependency rules have been adhered to.

Requirements and Decision Criteria

Static code analysis tools are subject to the following requirements, which also serve as decision criteria:

  • Automatable, capable of being integrated into the build process
  • Reporting, with processing of results in multiple formats (HTML, RSS, etc.), including visualization
  • Flexible analysis criteria and metrics
  • Support for multiple programming languages
  • Definition of inclusion and exclusion criteria (i.e., which sections of the source code should be analyzed and how)

Challenges Faced by Static Code Analysis Tools

Static code analysis tools face these challenges:

  • Support for multiple programming languages
  • Dependencies and coupling arise in the source code as a result of either direct dependencies (calls, includes) or indirect dependencies (dependency injection, dependencies via data structures or via the runtime environment). Indirect dependencies are considerably more difficult to analyze.

Examples

Examples of static code analysis tools are listed here:

  • CAST Application Intelligence Platform (CAST Software, Inc.)
  • Coverity (Synopsys)
  • FindBugs (open source)
  • Fortify Static Code Analyzer (Micro Focus)
  • JDepend (open source)
  • SonarQube (open source)
  • Sonargraph (hello2morrow)
  • Sotograph (hello2morrow)
  • structure101 (Headway Software)

Editor’s note: This post has been adapted from a section of the book Software Architecture Fundamentals: iSAQB-Compliant Study Guide for the Certified Professional for Software Architecture—Foundation Level Exam by Mahbouba Gharbi, Arne Koschel, Andreas Rausch, and Holger Tiemeyer.