java code quality tools
TRANSCRIPT
Sergiy Gomenyuk
• Defects
• Program analysis
• Java Code Quality Tools
•Anomalies in code
•Can be found by reading the pattern of code – Bug Patterns!
•Can be automatically found!
•By tools for capturing Java tech defects
Static program analysis is the analysis of computer software that
is performed without actually executing programs (analysis
performed on executing programs is known as dynamic analysis). In
most cases the analysis is performed on some version of the source
code and in the other cases some form of the object code. The
term is usually applied to the analysis performed by an automated
tool, with human analysis being called program understanding,
program comprehension or code review.
Dynamic program analysis is the analysis of computer software that is performed by
executing programs on a real or virtual processor. For dynamic program analysis to be
effective, the target program must be executed with sufficient test inputs to produce
interesting behavior. Use of software testing techniques such as code coverage helps
ensure that an adequate slice of the program's set of possible behaviors has been
observed. Also, care must be taken to minimize the effect that instrumentation has on the
execution (including temporal properties) of the target program
The OMG (Object Management Group) published a study regarding the types
of software analysis required for software quality measurement and
assessment. This document on "How to Deliver Resilient, Secure, Efficient, and
Easily Changed IT Systems in Line with CISQ Recommendations" describes four
levels of software analysis.
Unit Level - Analysis that takes place within a specific program or subroutine,
without connecting to the context of that program.
Technology Level - Analysis that takes into account interactions between unit
programs to get a more holistic and semantic view of the overall program in
order to find issues and avoid obvious false positives.
System Level - Analysis that takes into account the interactions between unit
programs, but without being limited to one specific technology or
programming language.
Mission/Business Level - Analysis that takes into account the business/mission
layer terms, rules and processes that are implemented within the software
system for its operation as part of enterprise or program/mission layer
activities.
• Code Analysis
• Metrics
• JUnit Test Generation
• JUnit Test Editor
• Code Coverage
• Dependency Analysis
• Similar Code Analysis
• Possible bugs - empty try/catch/finally/switch
statements
• Dead code - unused local variables,
parameters and private methods
• Suboptimal code - wasteful String/StringBuffer usage
• Overcomplicated expressions - unnecessary if statements,
for loops that could be while loops
• Duplicate code - copied/pasted code means copied/pasted
bugs
• Correctness bug - Probable bug - an apparent
coding mistake resulting in code that was
probably not what the developer intended.
• Bad Practice - Violations of recommended and essential
coding practice. Examples include hash code and equals
problems, cloneable idiom, dropped exceptions, serializable
problems, and misuse of finalize.
• Dodgy - Code that is confusing, anomalous, or written in a
way that leads itself to errors. Examples include dead local
stores, switch fall through, unconfirmed casts, and
redundant null check of value known to be null.
• Cobertura
– eCobertura – Eclipse Plugin
• EMMA
– EclEmma and JaCoCo – Eclipse Plugins
• Checkstyle is a development tool to help
programmers write Java code that adheres to a
coding standard. It automates the process of
checking Java code to spare humans of this boring
(but important) task. This makes it ideal for projects that
want to enforce a coding standard.
• What main defects in software application
• How we can analysis programs and find them
• What tools we can use for Java application