**Purpose**

This page explain the algorithm behind the calculation of the Risk Propagation Factor (RPF) of an object for Robustness, Performance, or Security Violation.

**Applicable in CAST Version**

Release | Yes/No |
---|---|

8.3.x | |

8.2.x | |

8.1.x | |

8.0.x | |

7.3.x |

**Applicable RDBMS**

RDBMS | Yes/No |
---|---|

Oracle Server | |

Microsoft SQL Server | |

CSS2 |

**Details**

Risk Propagation Factor of an object for a Robustness, Performance, or Security Violation is the size of its call path.To calculate the RPF of an object, we need to know how many call paths are coming towards this object.

Along with the call paths, we also need to know what is the RPF of the objects which are calling this object.

As an initial condition, objects located on the root of a call graph have the value 1.

The algorithm that calculate the RPF of an object named **O** is as follows:

Begin If object "O" is the root of a call graph then: RPF(O) = 1 else RPF(O) = 0 for p = 1 to p = card(set of parent of O) RPF(O) = RPF(O) + RPF (p) end for End if End Begin

Lets take the following example:

Assuming that we have 3 objects located on the root of call graphs: B, D and E.

RPF of C is 2, because D and E have RPF of 1. Thus, RPF of D + RPF of E = 2.

So RPF of C will be 2. Now for RPF of A, calculation would be RPF of B + RPF of C = 3.

RPF is the weighted average of call paths and also taking into consideration the RPF's of the objects which are calling the other object.

**Notes/comments**

Ticket # 6242

**Related Pages**