ASPICE compliance in the processes SWE.4 and SWE.5 through static analyses

SWE.4 – Software Unit Verification

The SWE.4 Software Unit Verification process is intended to ensure that the software unit follows the design and that non-functional software requirements are met. It is about setting up a verification strategy and implementing it. Are the interfaces complied with, does the software meet the specified requirements for internal quality? Depending on the specification, the verification of compliance can be done with tests regarding MISRA, AUTOSAR C++14 or various metrics. Analysis of the data and control flow is also often required. All the analysis options of the Axivion Suite can be used here to prove compliance with the process requirements.

It is also important how the results of the verification are summarised and communicated. Axivion Suite offers the option of a single-file analysis especially for the unit test. This means that initial tests can be run at module level and already at the developer’s workstation before the developed modules are checked into version control and analysed in Continuous Integration (CI) by Axivion Suite and the analysis results are logged. This achieves short turnaround times with full control and repeatability of the results.

The test strategy can be institutionalised in the CI. The analysis results obtained with Axivion Suite are output directly into the environment (IDE or browser) of the developers or quality managers or made available as a report for the process documentation in various formats.

SWE.5 – Software Integration and Integration Test

In the SWE.5 Software Integration and Integration Test process, the software units are combined into larger units up to the complete integration of the entire software.

From the point of view of Axivion Suite, the focus here is on analytical proof of compliance with the software architecture (Architecture Compliance Check). In this phase, the complete (and thus linked) software is analysed and compliance with a specified architecture is monitored. If this architecture is available as a development artefact, compliance with the architecture by the implementation can be easily checked by using the architecture verification of Axivion Suite.

But projects without an existing architecture definition also benefit from the capabilities of architecture verification. In this case, instead of an existing architecture model, the process starts with an architecture hypothesis. Through iterations, the hypothesis is refined further and further and compared with the reality in the source code. Deviations in the source code that clearly come to light in this process can then be corrected in the code in the further course of development. This architecture recovery process creates an architecture model that can be used as a validated architecture specification that must be fulfilled.

As described above, the results can be output both at the developer’s or software architect’s workplace and in reports. The Architecture Check is therefore ideally suited for integration into a CI workflow.

With its analysis capabilities, i.e. the unit check for MISRA and AUTOSAR C++14 compliance and the test for architecture compliance as part of the integration test, Axivion Suite contributes to achieving ASPICE compliance when integrated into your processes.