CISQ Automated Source Code Green Measure
PROBLEM STATEMENT
IT operations run on electricity.
kWh production leads to CO2 emission.
Lack of efficiency in IT operations waste energy simply because unnecessary CPU cycles are equivalent to unnecessary kWh consumption.
Efficiency in IT operations is for a large part conditioned by the way it was developed.
People have been used to ever-growing computing resources, omitting the impact on the environment through the energy consumption, resulting in software that are far from optimal.
In addition to suboptimal software development that amounts to “pipe leaks”, there are also “pipe ruptures” that can be avoided, so as to save the resources needed to recover/restart/resume the activity.
Energy can be saved now by making software more efficient.
The relative emergency in helping this initiative is the spread of software in billions of devices. Every small gain can make a difference.
OPPORTUNITY
To identify pieces of Software that could be optimized to require less CPU resources
- Focus on “pipe leaks”
- data access efficiency
- algorithmic costs
- resource economy
- Focus on “pipe ruptures” – avoiding failures
Thanks to selected patterns from from:
- Automated Source Code Performance Efficiency Measure (http://www.omg.org/spec/ASCPEM/)
- Automated Source Code Reliability Measure (http://www.omg.org/spec/ASCRM/)
- Automated Source Code Security Measure (http://www.omg.org/spec/ASCSM/)
OBJECTIVES
- Perform the selection of the applicable patterns
- Validate the coverage of salient aspects
- Or identify the “uncovered” ones and specify applicable patterns
LIMITATIONS
- No direct kWh measure
- No direct CO2 equivalent
DEVELOPMENT
| OMG Measure | In ASCGM ? |
|---|---|
| ASCMM-MNT-1: Control Flow Transfer Control Element outside Switch Block | |
| ASCMM-MNT-2: Class Element Excessive Inheritance of Class Elements with Concrete Implementation |
|
| ASCMM-MNT-3: Storable and Member Data Element Initialization with Hard-Coded Literals | |
| ASCMM-MNT-4: Callable and Method Control Element Number of Outward Calls | |
| ASCMM-MNT-5: Loop Value Update within the Loop | |
| ASCMM-MNT-6: Commented Code Element Excessive Volume | |
| ASCMM-MNT-7: Inter-Module Dependency Cycles | |
| ASCMM-MNT-8: Source Element Excessive Size | |
| ASCMM-MNT-9: Horizontal Layer Excessive Number | |
| ASCMM-MNT-10: Named Callable and Method Control Element Multi-Layer Span | |
| ASCMM-MNT-11: Callable and Method Control Element Excessive Cyclomatic Complexity Value | |
| ASCMM-MNT-12: Named Callable and Method Control Element with Layer-skipping Call | |
| ASCMM-MNT-13: Callable and Method Control Element Excessive Number of Parameters | |
| ASCMM-MNT-14: Callable and Method Control Element Excessive Number of Control Elements involving Data Element from Data Manager or File Resource |
|
| ASCMM-MNT-15: Public Member Element | |
| ASCMM-MNT-16: Method Control Element Usage of Member Element from other Class Element | |
| ASCMM-MNT-17: Class Element Excessive Inheritance Level | |
| ASCMM-MNT-18: Class Element Excessive Number of Children | |
| ASCMM-MNT-19: Named Callable and Method Control Element Excessive Similarity | |
| ASCMM-MNT-20: Unreachable Named Callable or Method Control Element | |
| ASCPEM-PRF-1: Static Block Element containing Class Instance Creation Control Element | |
| ASCPEM-PRF-2: Immutable Storable and Member Data Element Creation | TRUE |
| ASCPEM-PRF-3: Static Member Data Element outside of a Singleton Class Element | |
| ASCPEM-PRF-4: Data Resource Read and Write Access Excessive Complexity | TRUE |
| ASCPEM-PRF-5: Data Resource Read Access Unsupported by Index Element | TRUE |
| ASCPEM-PRF-6: Large Data Resource ColumnSet Excessive Number of Index Elements | ? |
| ASCPEM-PRF-7: Large Data Resource ColumnSet with Index Element of Excessive Size | ? |
| ASCPEM-PRF-8: Control Elements Requiring Significant Resource Element within Control Flow Loop Block |
TRUE |
| ASCPEM-PRF-9: Non-Stored SQL Callable Control Element with Excessive Number of Data Resource Access |
? |
| ASCPEM-PRF-10: Non-SQL Named Callable and Method Control Element with Excessive Number of Data Resource Access |
? |
| ASCPEM-PRF-11: Data Access Control Element from Outside Designated Data Manager Component |
TRUE |
| ASCPEM-PRF-12: Storable and Member Data Element Excessive Number of Aggregated Storable and Member Data Elements |
? |
| ASCPEM-PRF-13: Data Resource Access not using Connection Pooling capability | TRUE |
| ASCPEM-PRF-14: Storable and Member Data Element Memory Allocation Missing De-Allocation Control Element |
? |
| ASCPEM-PRF-15: Storable and Member Data Element Reference Missing De-Referencing Control Element |
? |
| ASCRM-CWE-120: Buffer Copy without Checking Size of Input | TRUE |
| ASCRM-CWE-252-data: Unchecked Return Parameter Value of named Callable and Method Control Element with Read, Write, and Manage Access to Data Resource |
TRUE |
| ASCRM-CWE-252-resource: Unchecked Return Parameter Value of named Callable and Method Control Element with Read, Write, and Manage Access to Platform Resource |
TRUE |
| ASCRM-CWE-396: Declaration of Catch for Generic Exception | ? |
| ASCRM-CWE-397: Declaration of Throws for Generic Exception | ? |
| ASCRM-CWE-456: Storable and Member Data Element Missing Initialization | TRUE |
| ASCRM-CWE-674:Uncontrolled Recursion | |
| ASCRM-CWE-704: Incorrect Type Conversion or Cast | TRUE |
| ASCRM-CWE-772: Missing Release of Resource after Effective Lifetime | |
| ASCRM-CWE-788: Memory Location Access After End of Buffer | TRUE |
| ASCRM-RLB-1: Empty Exception Block | ? |
| ASCRM-RLB-2: Serializable Storable Data Element without Serialization Control Element | FALSE |
| ASCRM-RLB-3: Serializable Storable Data Element with non-Serializable Item Elements | FALSE |
| ASCRM-RLB-4: Persistant Storable Data Element without Proper Comparison Control Element | TRUE |
| ASCRM-RLB-5: Runtime Resource Management Control Element in a Component Built to Run on Application Servers |
|
| ASCRM-RLB-6: Storable or Member Data Element containing Pointer Item Element without Proper Copy Control Element |
|
| ASCRM-RLB-7: Class Instance Self Destruction Control Element | |
| ASCRM-RLB-8: Named Callable and Method Control Elements with Variadic Parameter Element | |
| ASCRM-RLB-9: Float Type Storable and Member Data Element Comparison with Equality Operator |
TRUE |
| ASCRM-RLB-10: Data Access Control Element from Outside Designated Data Manager Component | |
| ASCRM-RLB-11: Named Callable and Method Control Element in Multi-Thread Context with non-Final Static Storable or Member Element |
|
| ASCRM-RLB-12: Singleton Class Instance Creation without Proper Lock Element Management | ? |
| ASCRM-RLB-13: Inter-Module Dependency Cycles | |
| ASCRM-RLB-14: Parent Class Element with References to Child Class Element | |
| ASCRM-RLB-15: Class Element with Virtual Method Element wihout Virtual Destructor | |
| ASCRM-RLB-16: Parent Class Element without Virtual Destructor Method Element | |
| ASCRM-RLB-17: Child Class Element wihout Virtual Destructor unlike its Parent Class Element |
|
| ASCRM-RLB-18: Storable and Member Data Element Initialization with Hard-Coded Network Resource Configuration Data |
|
| ASCRM-RLB-19: Synchronous Call Time-Out Absence | |
| ASCSM-CWE-22: Path Traversal Improper Input Neutralization | |
| ASCSM-CWE-78: OS Command Injection Improper Input Neutralization | |
| ASCSM-CWE-79: Cross-site Scripting Improper Input Neutralization | |
| ASCSM-CWE-89: SQL Injection Improper Input Neutralization | |
| ASCSM-CWE-99: Name or Reference Resolution Improper Input Neutralization | |
| ASCSM-CWE-120: Buffer Copy without Checking Size of Input | |
| ASCSM-CWE-129: Array Index Improper Input Neutralization | |
| ASCSM-CWE-134: Format String Improper Input Neutralization | |
| ASCSM-CWE-252-resource: Unchecked Return Parameter Value of named Callable and Method Control Element with Read, Write, and Manage Access to Platform Resource |
|
| ASCSM-CWE-327: Broken or Risky Cryptographic Algorithm Usage | |
| ASCSM-CWE-396: Declaration of Catch for Generic Exception | |
| ASCSM-CWE-397: Declaration of Throws for Generic Exception | |
| ASCSM-CWE-434: File Upload Improper Input Neutralization | |
| ASCSM-CWE-456: Storable and Member Data Element Missing Initialization | |
| ASCSM-CWE-606: Unchecked Input for Loop Condition | |
| ASCSM-CWE-667: Shared Resource Improper Locking | |
| ASCSM-CWE-672: Expired or Released Resource Usage | |
| ASCSM-CWE-681: Numeric Types Incorrect Conversion | |
| ASCSM-CWE-772: Missing Release of Resource after Effective Lifetime | |
| ASCSM-CWE-789: Uncontrolled Memory Allocation | |
| ASCSM-CWE-798: Hard-Coded Credentials Usage for Remote Authentication | |
| ASCSM-CWE-835: Loop with Unreachable Exit Condition (Infinite Loop) |