Path:
Home >
GB/T >
Page216 > GB/T 45717-2025
| Std ID | Version | USD | Buy | Deliver [PDF] in | Title (Description) |
| GB/T 45717-2025 | English | RFQ |
ASK
|
3 days [Need to translate]
|
Information technology - Software measurement - Software quality measurement - Automated source code quality measures
|
Click to Preview a similar PDF
Basic data
| Standard ID | GB/T 45717-2025 (GB/T45717-2025) |
| Description (Translated English) | Information technology - Software measurement - Software quality measurement - Automated source code quality measures |
| Sector / Industry | National Standard (Recommended) |
| Classification of Chinese Standard | L77 |
| Classification of International Standard | 35.080 |
| Word Count Estimation | 230,234 |
| Date of Issue | 2025-05-30 |
| Date of Implementation | 2025-12-01 |
| Issuing agency(ies) | State Administration for Market Regulation, China National Standardization Administration |
GB/T 45717-2025: Information technology - Software measurement - Software quality measurement - Automated source code quality measures
---This is a DRAFT version for illustration, not a final translation. Full copy of true-PDF in English version (including equations, symbols, images, flow-chart, tables, and figures etc.) will be manually/carefully translated upon your order.
ICS 35.080
CCSL77
National Standard of the People's Republic of China
Information technology Software measurement Software quality measurement
Automated source code quality measurement
(ISO /IEC 5055.2021,MOD)
Released on 2025-05-30
2025-12-01 Implementation
State Administration for Market Regulation
The National Standardization Administration issued
Table of contents
Preface III
Introduction V
1 Scope 1
2 Normative references 1
3 Terms and Definitions 1
4 Abbreviations 3
5 Defects involved in quality measurement and corresponding metamodel 3
6 Automated Source Code Quality Measurement Defect Description 19
7 Calculation of quality measures 31
Appendix A (Informative) Comparison table of structure number changes 32
Appendix B (Informative) List of Technical Differences and Their Causes 34
Appendix C (informative) Relationship with GB/T 25000 (all parts) 36
Appendix D (Informative) Defect Density Measurement 38
Appendix E (Informative) List of defects, detection modes and corresponding programming languages 39
Appendix F (Informative) Software Elements and KDM Conversion 54
Appendix G (Informative) Defect Mode Elements 57
Appendix H (Informative) Test Model Elements 74
Appendix I (Informative) Automated Source Code Quality Measurement Case 213
References 220
Foreword
This document is in accordance with the provisions of GB/T 1.1-2020 "Guidelines for standardization work Part 1.Structure and drafting rules for standardization documents"
Drafting.
This document is modified to adopt ISO /IEC 5055.2021 "Information technology software measurement - automated source code quality management of software quality"
Measurement.
Compared with ISO /IEC 5055.2021, this document has many structural adjustments.
See Appendix A for a list.
This document has many technical differences compared to "ISO /IEC 5055.2021".
A single vertical line (|) indicates these differences. A list of these technical differences and their reasons is given in Appendix B.
The following editorial changes were made to this document.
--- As 6.1 of ISO /IEC 5055.2021 provides an overview of Chapter 6, the title of this document is changed from "Purpose" to "Overview";
--- This document changes the incorrectly cited chapter number in 6.1 of ISO /IEC 5055.2021 when summarizing the contents of other chapters. 6.2,
6.3 and 6.6 were revised to 6.3, 6.4 and 6.7 respectively;
--- ISO /IEC 5055.2021, 6.2."These violations constitute each quality metric in the automated source code information security measurement
Elements" is only for information security, this document is changed to "These violations constitute each quality measure in the automated source code quality measurement
"Degree elements", covering all quality characteristics;
---ISO /IEC 5055.2021 has clarified that SPMS is the structured pattern metamodel standard. This document changes the title of 5.10 from
"Software Pattern Metamodel Standard (SPMS)" was changed to "Structural Pattern Metamodel Standard";
---6.10 of ISO /IEC 5055.2021 incorrectly counts 6 mode sections as 7.This document deletes the "reference link" mode
Section, so this document retains 5 mode sections;
---Since there are multiple numbers for the same test mode in ISO /IEC 5055.2021, this document is changed to
The formula corresponds to only one number.
Please note that some of the contents of this document may involve patents. The issuing organization of this document does not assume the responsibility for identifying patents.
This document was proposed and coordinated by the National Information Technology Standardization Technical Committee (SAC/TC28).
This document was drafted by. Zhuhai South Software Network Evaluation Center, China Electronics Technology Standardization Institute, National Application Software Product Quality Management System,
Quality Inspection and Testing Center, Guangdong Science and Technology Basic Conditions Platform Center, China Electronics Technology Group Corporation No. 15 Research Institute (Information Industry Information
Safety Evaluation Center), Fudan University, Dopu Information Technology Co., Ltd., Zhuhai Youte Electric Power Technology Co., Ltd., Eastcompeace Technology Co., Ltd.
Co., Ltd., Yuanguang Software Co., Ltd., Shanghai Computer Software Technology Development Center, Beijing University of Technology, Guangzhou Panyu Vocational and Technical
College, Harbin Institute of Technology, Beijing Guqi Data Technology Co., Ltd., Guangdong Yian Civil Defense Engineering Technology Co., Ltd., Nanjing University, Beijing
University of Aeronautics and Astronautics, Guangxi Dayi Technology Co., Ltd., University of Science and Technology Beijing, Shandong Shanke Digital Economy Research Institute Co., Ltd., Huace Testing and Certification
Securities Group Co., Ltd., Chongqing Software Testing Center Co., Ltd., Beijing Xuanyu Information Technology Co., Ltd., Jiangsu CESI Technology Development
Co., Ltd., Beijing Beida Software Engineering Co., Ltd., Beijing Yunqi Wuyin Technology Co., Ltd., Inspur Software Group Co., Ltd., Shenzhen
Open Source Internet Security Technology Co., Ltd., Shanghai Chuangjing Information Technology Co., Ltd., Inspur General Software Co., Ltd., Jiangsu Tanggu Intelligent Technology
Technology Co., Ltd., Jiangsu Southern Information Technology Co., Ltd., Shanghai Software Evaluation Center Co., Ltd., Southwest Computer Co., Ltd., China
China Academy of Space Systems Science and Engineering, Beijing High-Quality Systems Technology Co., Ltd., Chinese Academy of Sciences Microsatellite Innovation Institute (Shanghai Microsatellite
Small Satellite Engineering Center), Shanghai Pudong Software Platform Co., Ltd., Shanghai Anban Information Technology Co., Ltd., Suzhou Insight Cloud Information Technology Co., Ltd.
Company, Guangdong Tuosi Software Science Park Co., Ltd., Hunan Jiace Evaluation Information Technology Service Co., Ltd., Beijing Zhongke Zhuoxin Software Evaluation
Technology Center, the 304th Institute of the Third Academy of China Aerospace Science and Industry Corporation, Beijing Software and Information Service Exchange Co., Ltd., Hunan
Yunchang Network Technology Co., Ltd., Guangyu Mingdao Digital Technology Co., Ltd., Shandong Inspur Science Research Institute Co., Ltd., Hefei Tianwei Information Security
Quan Technology Co., Ltd., Zhejiang Dexun Network Security Technology Co., Ltd., Guangzhou Ganyuan Intelligent Technology Co., Ltd., Shenzhen Xinzhongda Automation
Technology Co., Ltd., Quantong Jinxin Holdings (Guangdong) Co., Ltd., and Zhongzhi Software Co., Ltd.
The main drafters of this document are. Hou Jianhua, Zhang Yangyang, Feng Kuan, Wang Wei, Li Jun, Liu Jian, Wu Yijian, Han Mingjun, Li Weijie, Huang Xiaopeng,
Xiang Wanhong, Li Wenpeng, Yang Shangyuan, Wang Zaijong, Li Xing, Zhang Hanwen, Guo Jianhong, Zhou Lingyun, Wang Yu, Yuan Wenqiang, Li Shaowei, Tang Zhongze, Bi Wei,
Hu Yun, Liu Xiaojian, Zhang Xingxing, Qiu Xudong, Yang Peng, Ma Ying, Shi Long, Wang Gongtao, Ai Jun, Xu Huashou, Huang Jiayi, Zhou Mingle, Chen Zhenyu, Wang Yatao,
Zheng Xufei, Gao Dongdong, Gao Qing, Chen Anying, Meng Jian, Wang Jie, Ling Jilai, Zhu Jinbo, Liu Dan, Cao Jun, Li Liping, Dong Guantao, Fudepeng, Yan Liang,
Shi Minhua, Hou Mi, Qiang Kaimin, Yan Hanqi, Zhang Yuanyuan, Wang Ping, Yan Longrong, Cheng Chao, Wu Junshuang, Yu Tieqiang, Hu Yanping, Li Rui, Wu Jianshuang,
Ye Dewang, Jiang Ganyuan, Hu Dazhi, Hu Bingliang, Wu Dilong, Yin Yue, Wang Hongxiu, Wei Zizhong, Ding Wei.
Introduction
With the widespread application of computers in various fields, the quality of software products has received more and more attention.
It is directly related to the accuracy of the business and may also have a direct impact on personal safety. Therefore, it is important to select and develop trustworthy and reliable software.
In order to quantitatively evaluate the quality of software products, it is necessary to clearly define the quality measurement of software products.
Therefore, standardizing the quality measurement of software products is extremely important for software quality assessment.
In recent years, the domestic software development life cycle has gradually been standardized, and users have gradually extended their attention from software products to the quality of source code.
Although GB/T 25000.23-2019 defines software measures for quality characteristics in GB/T 25000.10-2016, these
The metrics are mainly focused on the software behavior level, only a small number of metrics are provided at the source code level, and the metrics used during development are not fully defined.
Therefore, suppliers in different contracts may have different interpretations and calculations of common source code quality measures.
This document supplements GB/T 25000.23-2019 by defining software quality measures at the source code defect level and adds
The source code level measurement is strengthened to support the GB/T 25000 software product quality standard. The relationship between this document and the GB/T 25000 standard is shown in
Appendix C.
This document aims to quantitatively evaluate the structural quality characteristics of software source code. These quality characteristics include maintainability, performance efficiency,
To this end, this document defines four automated source code quality measures (ASCQMs), namely, automated source code quality,
Automated Source Code Maintainability Measure (ASCMM), Automated Source Code Performance Efficiency Measure (ASCPEM), Automated Source Code Reliability Measure
(ASCRM) and Automated Source Code Security Measurement (ASCSM). These automated source code quality measurements are defined in accordance with
Definition of quality characteristics that need to be quantified in GB/T 25000.10-2016.Each measurement is based on the source code that affects the measured quality characteristics.
The number of defects is calculated based on the number of defects, that is, the number of defects in the source code that violate good architecture and coding practices and may cause unacceptable operational risks or be too high.
The cost behavior is detected and counted.
The automated source code quality measures in this document do not detect all possible defects in the above four quality characteristics, but focus on
Detection and statistics of serious defects. This document lists 194 serious defects in detail, including 29 maintenance defects, 18 performance and efficiency defects,
However, since some defects belong to multiple quality characteristics at the same time, the actual
This document contains only 137 separate defects.
Although the research and development of automatic tools for static quality analysis of source code in China has achieved certain results, compared with foreign countries, the domestic source code is still
There are still some problems in the areas of false positives and false negatives in automated code static quality analysis tools, which need to be further improved.
The analysis of structural quality defects has identified a series of common code structure patterns, which are mainly based on whether the code meets the requirements of
Each defect can be found by one or more detection modes.
The inspection mode may also be applicable to the inspection of multiple defects. This document contains 135 inspection modes, which can be used for domestic
Provide guidance for the development of automated tools for source code static quality analysis.
The main body of this document uses the Structured Pattern Metamodel Standard (SPMS) to represent each defect and detection pattern, and uses knowledge generation
The KDM represents the code elements for these detection patterns.
This document provides two formulas for calculating the defect and quality characteristic scores for each quality measure.
When comparing the automated source code quality measurement results of different software, due to the software scale and the different focus of users on defects, the same quality measurement
Different evaluation results may be produced.
With the development of software engineering technology, traditional functions traditionally implemented in IT applications are now being transferred to embedded software/systems
In this paper, the measurement of source code quality is becoming more and more popular and important for embedded systems, the Internet of Things, etc.
The defects contained in this document apply to all forms of software, so this document does not describe defects in embedded software alone.
This document may be updated due to the addition of new serious defects or the continuous development of computer technology.
As the technology improves, the data on defects and detection patterns will increase accordingly. Therefore, this document will be a standard that adapts to changes in computing technology.
Information technology Software measurement Software quality measurement
Automated source code quality measurement
1 Scope
This document specifies the quantification of structural quality characteristics (maintainability, performance efficiency, reliability and information security) of software source code.
Automated source code quality metrics for evaluation.
This document applies to source code quality measurement performed by software purchasers, suppliers, and third-party organizations using automated tools.
2 Normative references
This document has no normative references.
3 Terms and definitions
The following terms and definitions apply to this document.
3.1
Sub-defect contributing weakness
A defect that is a derivative instance of another defect in the software.
3.2
Cyclomatic complexity
Analyze the logical routes within the software unit and calculate the number of independent paths.
Note. The cyclomatic complexity value reflects the logical complexity of the software unit.
[Source. QB/T 5275-2018, 3.8, modified]
3.3
Detection pattern detectionpattern
An abstract representation of a set of parsed program elements and their relationships.
Note. The detection pattern is described in a formal representation language and is used to detect specific defects in software source code.
3.4
Maintainability
The degree to which a product or system can be modified effectively and efficiently by the intended maintenance personnel.
[Source. GB/T 25000.10-2016, 4.3.2.7]
3.5
Parent weakness
There are multiple derivative instances of the flaw in the software.
3.6
Performance is related to the amount of resources used under specified conditions.
NOTE Resources may include other software products, system software and hardware configuration, and raw materials (such as printing paper and storage media).
[Source. GB/T 25000.10-2016, 4.3.2.2]
...
