FORM 2
THE PATENTS ACT, 1970
(39 of 1970)
&
THE PATENT RULES, 2003
COMPLETE SPECIFICATION
(See Section 10 and Rule 13)
Title of invention:
SYSTEM AND METHOD TO PROVIDE COMPLIANCE SCRUTINY AND IN-DEPTH ANALYSIS OF A SOFTWARE APPLICATION
Applicant
TATA Consultancy Services Limited A Company Incorporated in India under The Companies Act. 1956
Having address:
Nirmal Building, 9th Floor,
Nariman Point, Mumbai 400021,
Maharashtra, India
The following specification particularly describes the invention and the manner in which it is to be performed.

FIELD OF THE INVENTION
The present invention in general relates to a system and method for providing compliance scrutiny and analysis of a software application. More particularly, the system and method facilitates a detailed multi-layer visualization of the results of said analysis.
BACKGROUND OF THE INVENTION
In today's world every enterprise or industry implements software applications or tools for automation of manufacturing, production or any other business process. To ensure that the principles involved in quality assurance of the software application or tool like, 'Fit for Purpose' and 'First time Right' are complied or not, a software quality audit is a necessity.
In order to compute the quality level of software application, various standards have been defined such as ISO standards of different criticality levels. Software standard specifications define various rules to be complied with by a software application. There are various systems available in the markets which are configured to monitor the compliance of a software application and calculate their compliance level.
Various compliance monitoring and analysis tools exist in the market which compare the compliance standard specifications to calculate the overall compliance level of the software application under test. The software standard specifications are complex in nature and thus understanding them is a difficult task for a software developer. Also, manually mapping these specifications with various features of a software tool is a tedious and time-consuming task. The existing compliance monitoring tools fail to provide for a solution for the stated problem. The existing compliance monitoring tools do not provide for an objective based software certification or pre-defined mapping in which the developer or the user has an option to select the optional rules for execution / analysis.

Further, the existing tools do not ensure consistency in the calculation of compliance level by considering the same compliance standard specifications. In order to calculate the overall compliance level of a software application each developer using the tool should follow the same standard specifications. Thus, the mapping of the features should be uniform throughout the software tool in order to ensure consistency across a team.
The existing software compliance monitoring and analysis tools only calculate and visually represent the compliance level at the tool level. The existing tools fail to provide for a detailed representation of the analysis of compliance verification from the rules to the non-violation in the code which may help developer to improve his software product.
Therefore, there is a need for an integrated system and method for providing compliance scrutiny and analysis. More particularly, there is a need for a system and method for detailed reporting in order to provide in-depth traceability from rules to code.
SUMMARY OF THE INVENTION
The present invention provides an integrated system providing compliance scrutiny and analysis of a software application, result of said analysis visually represented to demonstrate in- depth traceability. The system comprises of a selection module configured to allow a user to select one or more compliance standards pertinent to one or more industry with respect to a particular safety level. The system further comprises of an execution module configured to initiate a process of compliance verification of said software application with respect to one or more normative parameters associated with said safety level. The execution module further comprises of a mapping module configured to provide for pre-defined mapping of selected compliance standards with corresponding features of one or more analysis tools in order to perform compliance verification and an analytics engine configured to

analyze only the pre-mapped features of the tool to calculate a compliance level for said software application. Further, the system comprises of an output generation module configured to visually represent results of the analytics engine to showcase the compliance of the software application in a multi-stage manner, said multi-stage determined through a result mining approach to provide one or more suggestive measures in order to meet a desired compliance level.
The present invention also provides a method providing compliance scrutiny and analysis of a software application, result of said analysis visually represented to demonstrate in-depth traceability. The method comprises steps of allowing a user to select one or more compliance standards pertinent to one or more industry with respect to a particular safety level. The method further comprises steps of executing a process of compliance verification of said software application with respect to one or more normative parameters associated with said safety level. The execution further comprises steps of performing compliance verification by executing a pre-defined mapping of selected compliance standards with corresponding features of one or more analysis tool and analyzing only the pre-mapped features of the analysis tool to calculate a compliance level for said software application. Further the method comprises step of visually representing results obtained after analysis to showcase the compliance level of the software application in a multi-stage manner, said multi-stage determined through a result mining approach to provide one or more suggestive measures in order to meet a desired compliance level.
The present invention also provides a computer program product, with embedded set of instructions, for determining a compliance level with respect to a software quality certification. The computer program product comprises of a user interface coupled to a processor, configured to receive one or more compliance standards selected by a user for the quality certification of a software application, pertinent to one or more industry with respect to a particular safety level and a compliance level determination module communicatively coupled to said user interface configured to execute a pre-

defined mapping of user selected compliance standards with corresponding features of one or more analysis tool in order to provide the user, a compliance level for said software application. The computer program product further comprises of a display module configured to visually represent the compliance level of said software application in a multi-layer manner, such that each layer corresponds to a said predefined mapping, the display module further configured to display suggestive measures to the user for each rule violation in order to meet a desired compliance level.
OBJECTS OF THE INVENTION
It is the primary object of the invention to provide a system and method for providing compliance scrutiny and analysis of a software application.
It is the other object of the invention to provide a system and method for visually representing the results of analysis to demonstrate in-depth traceability.
It is the other object of the invention to perform compliance verification by executing a pre-defined mapping of selected compliance standards with one or more corresponding features of one or more analysis tools.
It is yet another object of the invention to analyze only the pre-mapped features of the analysis tools to calculate a compliance level for said software application.
It is yet another object of the invention to visually represent results obtained after analysis to showcase the compliance level of the software application in a multi-stage manner.
BRIEF DESCRIPTION OF DRAWINGS
Figure 1 illustrates the architecture of an integrated system providing compliance scrutiny and analysis of a software application in accordance with an embodiment of the invention.

Figure 2 illustrates the architecture of the output generation module providing detailed visual representation of compliance verification in accordance with an embodiment of the invention.
Figure 3 illustrates the detailed visualization of the compliance level in a multi-stage manner in accordance with an exemplary embodiment of the invention.
DETAILED DESCRIPTION OF THE INVENTION
Some embodiments of this invention, illustrating its features, will now be discussed:
The words "comprising", "having", "containing", and "including", and other forms thereof, are intended to be equivalent in meaning and be open ended in that an item or items following any one of these words is not meant to be an exhaustive listing of such item or items, or meant to be limited to only the listed item or items.
It must also be noted that as used herein and in the appended claims, the singular forms "a", "an", and "the" include plural references unless the context clearly dictates otherwise. Although any systems, methods, apparatuses, and devices similar or equivalent to those described herein can be used in the practice or testing of embodiments of the present invention, the preferred, systems and parts are now described. In the following description for the purpose of explanation and understanding reference has been made to numerous embodiments for which the intent is not to limit the scope of the invention.
One or more components of the invention are described as module for the understanding of the specification. For example, a module may include self-contained component in a hardware circuit comprising of logical gate, semiconductor device, integrated circuits or any other discrete component. The module may also be a part of any software program executed by any hardware entity for example processor. The implementation of module as a software program may include a set of logical instructions to be executed by the processor or any other hardware entity. Further a

module may be incorporated with the set of instructions or a program by means of an interface.
The disclosed embodiments are merely exemplary of the invention, which may be embodied in various forms.
The present invention relates to an integrated system and method for compliance scrutiny and analysis of a software application. The results associated with compliance verification are visually represented in order to demonstrate in-depth traceability of compliance level achieved by a particular software application. The system performs compliance verification of the application through features of the one or more analysis tools on selection of the compliance standard by the user. By way of a specific example, the analysis tool may include but is not limited to static analysis tools, static verification tool, test data generation, coverage analysis tool, coding standards compliance checker tool or a combination thereof. The features of the analysis tool are pre-mapped to the standard specifications and only these pre-mapped features are further analyzed. The results of said analysis are visually represented to showcase the compliance level in a multi-stage manner.
In accordance with an embodiment referring to figure I, the system (100) comprises of a selection module (102) which is configured to allow a user to select one or more compliance standards pertinent to one or more industry. The system (100) further comprises of an execution module (104) which is configured to initiate a process of compliance verification of said software application under test based on pre-defined mapping. The execution module (104) further comprises of a mapping module (106) and an analytics engine (108). The system (100) further comprises of an output generation module (110) to visually represent the results of the analytics engine to showcase the compliance of the software application in a multi-stage manner.
In accordance with an embodiment, still referring to figure 1, the selection module (102) is configured to allow a user to select one or more compliance standards

pertinent to one or more industry with respect to a particular safety level. The compliance standards applicable to any industry or an application are different and therefore it is necessary to select the appropriate compliance standards in order to perform an objective based compliance verification of the software application. The objective based compliance verification thus takes into consideration the choice of the user in the compliance level which he desires to achieve. The compliance standards available to check software quality compliance may include but is not limited to IS026262. The selected compliance standards may have a safety criticality level, for e.g. ASiL (A/B/C/D) for 1S026262. Thus the user is given an option of choosing from the existing ASIL safety criticality levels to perform the compliance verification.
The selected safety criticality level is further grouped according to different standard specification (herein after referred to as 'rule group') which is to be complied with by the software application. By way of a specific example, IS026262-ASIL Level D consists of rule groups such as Enforce Low Complexity, Semantic Code Analysis, Use Language Subsets, Enforce Strong Typing, No Implicit Type Conversions, Single Entry and Exit Point, Use Design Principles, Variables Initialisation, No Multiple Variable Names, Use Defensive Implementation, No Recursions, MC/DC, Analysis of Boundary Values, Static Code Analysis. The rule group level specification further comprises of various rules. In accordance with the safety criticality level selected by the user the rules to be complied with can be categorized as mandatory rules, optional rules and suggested rules. The mandatory rules are assigned the highest weight of 3, optional rules carry a weight of 2 and suggested rules are assigned a weight of I.
Still referring to figure 1, the execution module (104) is configured to initiate a process of compliance verification of said software application with respect to one or more normative parameters associated with said safety level. The normative parameters are the standard specifications and the rules to comply with by the

software application. The execution module (104) further comprises of a mapping module (106) which is configured to provide for pre-defined mapping of selected compliance standards with corresponding features of one or more analysis tool in order to perform compliance verification of the software application. These features are then executed to analyze the software application under testing for calculating compliance standards. The mapping module (106) executes the pre-defined mapping in a manner such that mandatory rules are pre-selected and are non-configurable. The mapping module (106) is further configured to provide the selection of optional or suggested rules by the user for further mapping. The mapping module (106) further comprises of a storage medium configured to save the pre-defined mapping for consistency across all the users of the tool. This selected configuration which can be saved using the mapping module (106) ensures uniformity in compliance check across all the users. The pre-defined mapping avoids the effort and confusion of mapping. The pre-defined mapping also absorbs the inherent complexity in the standard specifications and thus helps the users in understanding them. Also, as the time invested in understanding the complex standard specifications is saved, the efficiency of the system increases resulting in faster execution. The mapping is domain specific and thus the user gets custom fit framework wherein the automotive users can perform only auto-compliance checks.
The execution module (106) further comprises of an analytics engine (108) which is configured to analyze only the pre-mapped features of the analysis tool(s) to calculate a compliance level for said software application. Internally, the selected rules are mapped to the features of various analysis tools and only those features are executed from one or more tools. The analytics engine (108) further identifies a number of rules violated with respect to total number of rules to calculate the compliance level for said software application.
By way of a specific example, let us understand the calculation of compliance level:

Generally Quality Standards Provide the various compliance suggestions e.g. from IS026262
"++" The method is highly recommended for this ASIL. {Mandatory)
"+" The method is recommended for this ASIL. {Recommended)
"o" The method has no recommendation for or against its usage for this ASIL {Optional).
So there are three levels, and the highest recommendation will carry weight 3 and optional will carry weight of 1.
■ Mt - Total no. of Mandatory
■ Mv = No. of Mandatory Rules violated
■ Rt = Total no. of Recommended Rules
■ Rv = No. of Recommended Rules violated
■ Ot = Selected total no. of Optional Rules
■ Ov = No. of selected Optional Rules violated
■ Mw = 3 (Weight for Mandatory Rules)
■ Rw = 2 (Weight for Recommended Rules)
■ Ow = 1 (Weight for Optional Rules)


Compliance levels are calculated at module as well as at complete level.
Still referring to figure 1, the system (100) further comprises of an output generation module (110) which is configured to visually represent results of the analytics engine to showcase the compliance of the software application in a multi-stage manner. The mining approach maps the compliance specifications / rules to the non-compliance / violation in the source code in staged manner. This helps to look at the noncompliance from various perspectives such as Rule / specification group level, rule / specification level, recommendation level and file level. The multi-stage manner is determined through a result mining approach to provide one or more suggestive measures in order to meet a desired compliance level. The multi-stage manner provides in-depth traceability which includes but is not limited to visualization from the compliance grouping to the individual rule violations, from the individual rule violations to the detailed listing and from the detailed listing to a source code.
Referring to figure 2, the output generation module further comprises of a reporting module (202) configured to generate reports in one or more groups according to standard compliance grouping. The output generation module further includes a display module (204) configured to visually represent the results by means of a compliance indication bar. The compliance indicator bar color helps in identifying the percent compliance at each group level. When any mandatory requirement is not met, the compliance indicator bar is red in color though the compliance percent may be high. When all the mandatory requirements are met then the compliance indicator bar shows in green color.
The present invention also relates to a computer program product, with embedded set of instructions, for determining a compliance level with respect to a software application quality certification. The computer program product comprises of a user interface which is coupled to a processor. The user interface is configured to receive one or more compliance standards selected by a user for the quality certification of

said software application, pertinent to one or more industry with respect to a particular safety level.
The computer program product further comprises of a compliance level determination module which is communicatively coupled to said user interface. The compliance level determination module is configured to execute a pre-defined mapping of user selected compliance standards with corresponding features of one or more analysis tools in order to provide the user, a compliance level for said software application.
In addition, the computer program product comprises of a display module which is configured to visually represent the compliance level of said software application in a multi-layer manner, such that each layer corresponds to a said pre-defined mapping. The display module is further configured to display suggestive measures to the user for each rule violation in order to meet a desired compliance level. The display module is further configured to generate reports in one or more groups according to standard compliance grouping and visually represent the results by means of a compliance indication bar.
BEST MODE/EXAMPLE FOR WORKING OF THE INVENTION
The system and method illustrated to provide compliance scrutiny and analysis of a software application may be illustrated by working example stated in the following paragraph; the process is not restricted to the said example only.
Referring to figure 3 in particular and other figures showing system architecture, let us consider a software application / project for which the software compliance verification has to be conducted for IS026262. The safety criticality level to be selected is ASIL-Level D. The user selects IS026262-ASIL Level D through the selection module (102). On the selection of the standard specification, the mapping module (104) internally maps the features of the project with the individual rules (as shown in block 302) of rule group of ASIL level D. IS026262-ASIL Level D

consists of rule groups such as Enforce Low Complexity. Semantic Code Analysis. Use Language Subsets, Enforce Strong Typing, No Implicit Type Conversions. Single Entry and Exit Point, Use Design Principles, Variables Initialisation, No Multiple Variable Names, Use Defensive Implementation, No Recursions, MC/DC, Analysis of Boundary Values, Static Code Analysis.
When the rule group, Enforce Low Complexity is selected, the rules in said group are already mapped. As the ISO recommendation for ASIL-level D is high all the rules mapped are mandatory which carry the highest weight. These mandatory rules are pre-selected and cannot be configured by the user. The mapping module (104) allows the user to save this selected mapping in order to ensure consistency across all the users working on the selected project.
In the next step, the user clicks on the Analyze button to start the execution process (as shown in block 304). Only the mapped features and the rules are executed and after the successful execution the output generation module (110) generates reports in order to showcase the compliance in a multi-stage manner (as shown in block 306). All the reports are grouped as per the standard compliance grouping for better understanding of the user. The compliance indicator bar showcases the percent compliance at each level. From the representation at the logical group level, the user can drill down to the individual rule violations which depicts how many times that particular rule has been violated. Further, the user can drill down to the detailed listing which gives a report of the defects summary. In the last step, the noncompliance at the level of the source code is depicted, wherein the line of the source code in which defect is present is highlighted. The detailed visualization provides the user with traceability from the non-compliance in rule group to the non-compliance in the code.

WE CLAIM:
1. An integrated system providing compliance scrutiny and analysis of a
software application, result of said analysis visually represented to
demonstrate in- depth traceability, the system comprising:
a selection module configured to allow a user to select one or more compliance standards pertinent to one or more industry with respect to a particular safety level;
an execution module configured to initiate a process of compliance verification of said software application with respect to one or more normative parameters associated with said safety level, the execution module comprising:
a mapping module configured to provide for pre-defined mapping of selected compliance standards with corresponding features of one or more analysis tool in order to perform a compliance verification of said software application; an analytics engine configured to analyze only the pre-mapped features of the tool to calculate a compliance level for said software application; and an output generation module configured to visually represent results of the analytics engine to showcase the compliance of the software application in a multi-stage manner, said multi-stage determined through a result mining approach to provide one or more suggestive measures in order to meet a desired compliance level.
2. The system as claimed in claim 1, wherein the mapping module executes the
pre-defined mapping in a manner such that mandatory rules are pre-selected
and are non-configurable.

3. The system as claimed in claim 1, wherein the mapping module is further configured to provide the selection of optional or suggested rules by the user for further mapping.
4. The system as claimed in claim 1, wherein the mapping module further comprises of a storage medium configured to save the pre-defined mapping for consistency across all the users of the tool.
5. The system as claimed in claim 1, wherein the analytics engine further identifies a number of rules violated with respect to total number of rules to calculate the compliance level for said software application.
6. The system as claimed in claim 1. wherein the output generation module further comprises of a reporting module configured to generate reports in one or more groups according to standard compliance grouping.
7. The system as claimed in claim 1, wherein said multi-stage manner provides in-depth traceability which includes but is not limited to visualization from the compliance grouping to the individual rule violations, from the individual rule violations to the detailed listing and from the detailed listing to a source code.
8. The system as claimed in claim 1, wherein the output generation module further includes a display module configured to visually represent the results by means of a compliance indication bar.

9. A method providing compliance scrutiny and analysis of a software
application, result of said analysis visually represented to demonstrate in-
depth traceability, the method comprising steps of:
allowing a user to select one or more compliance standards pertinent to one or more industry with respect to a particular safety level; executing a process of compliance verification of said software application with respect to one or more normative parameters associated with said safety level, the execution further comprising:
performing a compliance verification by executing a pre-defined mapping of selected compliance standards with corresponding features of one or more analysis tools;
analyzing only the pre-mapped features of the analysis tools to calculate a compliance level for said software tool; and visually representing results obtained after analysis to showcase the compliance level of the software application in a multi-stage manner, said multi-stage determined through a result mining approach to provide one or more suggestive measures in order to meet a desired compliance level.
10. The method as claimed in claim 9. wherein the pre-defined mapping is executed in a manner such that mandatory rules are pre-selected and are non-configurable.
11. The method as claimed in claim 9, wherein the pre-defined mapping further provides the selection of optional or suggested rules by the user for further mapping.
12. The method as claimed in claim 9, wherein the method further comprises of saving the pre-defined mapping for consistency across all the users of the tool.

13. The method as claimed in claim 9. wherein the analysis further comprises of identifying a number of rules violated with respect to total number of rules to calculate the compliance level for said software application.
14. The method as claimed in claim 9, wherein the reports are generated in one or more groups according to standard compliance grouping.
15. The method as claimed in claim 9, wherein said multi-stage manner provides in-depth traceability which includes but is not limited to visualization from the compliance grouping to the individual rule violations, from the individual rule violations to the detailed listing and from the detailed listing to a source code.
16. The method as claimed in claim 9, wherein the results are visually represented by means of a compliance indication bar.
17. A computer program product, with embedded set of instructions, for determining a compliance level with respect to a software quality certification, the computer program product comprising:
a user interface coupled to a processor, configured to receive one or more compliance standards selected by a user for the quality certification of a software application, pertinent to one or more industry with respect to a particular safety level;
a compliance level determination module communicatively coupled to said user interface configured to execute a pre-defined mapping of user selected compliance standards with corresponding features of one or more analysis tool in order to provide the user, a compliance level for said software application;

a display module configured to visually represent the compliance level of said software application in a multi-layer manner, such that each layer corresponds to a said pre-defined mapping, the display module further configured to display suggestive measures to the user for each rule violation in order to meet a desired compliance level.
18. The computer program product as claimed in claim 17, wherein the display module is further configured to generate reports in one or more groups according to standard compliance grouping.
19. The computer program product as claimed in claim 17, wherein the display module is further configured to visually represent the results by means of a compliance indication bar.