code analysis tools and tips
play

Code Analysis Tools and Tips (How to make your code ROCK!) This - PowerPoint PPT Presentation

May 10, 2023 •418 likes •913 views

Darryl Parks Code Analysis Tools and Tips (How to make your code ROCK!) This Presentation is About About Code Analysis, not Run-Time monitoring This Presentation is NOT about Performance Analysis T ools Profiling Jconsole or other

  1. Darryl Parks Code Analysis Tools and Tips (How to make your code ROCK!)

  2. This Presentation is About About Code Analysis, not Run-Time monitoring This Presentation is NOT about Performance Analysis T ools Profiling Jconsole or other Dynamic Memory Monitoring Debugging T ools

  3. Main Source of Information for Studies First edition honored by Software Development Magazine’s Jolt Award for product excellence. Praised by Martin Fowler, Grady Booch, Alan Cooper and many others.

  4. Comparison of Defect- Detection Approaches

  5. Cost of Finding Defects Most studies have found that inspections are cheaper than testing. A study at the Soft­ware Engineering Laboratory found that code reading detected about 80 percent more faults per hour than testing (Basili and Selby 1987). Another organization found that it cost six times as much to detect design defects by using testing as by using inspections (Ackerman, Buchwald, and Lewski 1989). A later study at IBM found that only 3.5 staff hours were needed to find each error when using code inspections, whereas 15-25 hours

  6. What Results Can You Expect from Inspections? The combination of design and code inspections usually removes 70-85 percent or more of the defects in a product (Jones 1996). Designers and coders learn to improve their work through participating in inspections, and inspections increase productivity by about 20 percent (Fagan 1976, Humphrey 1989, Gilb and Graham 1993, Wiegers 2002). On a project that uses inspections for design and code, the inspections will take up about 10-15 percent of project budget and will typically reduce overall project cost.

  7. Best Results – Combine Approaches The typical organization uses a test- heavy defect-removal approach and achieves only about 85 percent defect­ removal efficiency. Leading organizations use a wider variety of techniques and achieve defect-removal efficiencies of 95 percent or higher (Gones 2000).

  8. Saving $150k: A real- world case study Click to edit Master text styles Second level ● Third level ● Fourth level ● Fifth level

  9. Saving $150k: A real- world case study Click to edit Master text styles Second level ● Third level ● Fourth level ● Fifth level

  10. Purpose: Is code up to quality standards? A forum to discuss and learn from everyone. http://www.objectmentor.com/r esources/publishedArticles.htm l

  11. Code Review Tools Advantages of Code Review T ools Track suggestions Allow follow up on tasks Aid in comparing before and after changes Source Code repository integration List of available tools: Crucible CodeCollaborator (smartbear.com)

  12. Code Review Issues Time Consuming Belittling Boring Embarrassing Maybe “Rubber Stamping”

  13. Code Analysis (Automated Code Reviews) FindBugs PMD CheckStyle Jdepend Ckjm Cpd Javancss Cobertura Jxr - JXR is a source cross reference

  14. FindBugs Based on the concept of bug patterns . A bug pattern is a code idiom that is often an error. Difficult language features Misunderstood API methods Misunderstood invariants when code is modified during maintenance Garden variety mistakes: typos, use of the wrong boolean operator FindBugs uses static analysis to

  15. FindBugs Categories Bad practice Correctness Dodgy Experimental Internationalization Malicious code vulnerability Multithreaded correctness Performance

  16. FindBugs Report

  17. FindBugs Detail Click to edit Master text styles Second level ● Third level ● Fourth level ● Fifth level

  18. PMD PMD scans Java source code and looks for potential problems like: Possible bugs - empty try/catch/finally/switch statements Dead code - unused local variables, parameters and private methods Suboptimal code - wasteful String/StringBuffer usage Overcomplicated expressions -

  19. PMD RuleSets Android Rules: These rules deal with the Android SDK. Basic JSF rules: Rules concerning basic JSF guidelines. Basic JSP rules: Rules concerning basic JSP guidelines. Basic Rules: The Basic Ruleset contains a collection of good practices which everyone should follow. Braces Rules: The Braces Ruleset contains a collection of braces rules. Clone Implementation Rules: The Clone Implementation ruleset contains a collection of rules that find questionable usages of the clone() method. Code Size Rules: The Code Size Ruleset contains a collection of rules that find code size related problems. Controversial Rules: The Controversial Ruleset contains rules that, for whatever reason, are considered controversial. Coupling Rules: These are rules which find instances of high or inappropriate coupling between objects and packages. Design Rules: The Design Ruleset contains a collection of rules that find questionable designs. Import Statement Rules: These rules deal with different problems that can occur with a class' import statements. J2EE Rules: These are rules for J2EE JavaBean Rules: The JavaBeans Ruleset catches instances of bean rules not being followed. JUnit Rules: These rules deal with different problems that can occur with JUnit tests. Jakarta Commons Logging Rules: Logging ruleset contains a collection of rules that find questionable usages. Java Logging Rules: The Java Logging ruleset contains a collection of rules that find questionable usages of the logger. Migration Rules: Contains rules about migrating from one JDK version to another. Migration15: Contains rules for migrating to JDK 1.5 Naming Rules: The Naming Ruleset contains a collection of rules about names - too long, too short, and so forth. Optimization Rules: These rules deal with different optimizations that generally apply to performance best practices. Strict Exception Rules: These rules provide some strict guidelines about throwing and catching exceptions. String and StringBuffer Rules: Problems that can occur with manipulation of the class String or StringBuffer. Security Code Guidelines: These rules check the security guidelines from Sun. T ype Resolution Rules: These are rules which resolve java Class files for comparisson, as opposed to a String Unused Code Rules: The Unused Code Ruleset contains a collection of rules that find unused code.

  20. PMD Rule Example PMD Basic Rules EmptyCatchBlock: Empty Catch Block finds instances where an exception is caught, but nothing is done. In most circumstances, this swallows an exception which should either be acted on or reported. EmptyIfStmt: Empty If Statement finds instances where a condition is checked but nothing is done about it. EmptyWhileStmt: Empty While Statement finds all instances where a while statement

  21. Maven PMD Configuration <project> ... <reporting> <plugins> <plugin> <groupId>org.apache.maven.plugins< /groupId> <artifactId>maven-pmd- plugin</artifactId>

  22. PMD Configuration <reporting> <plugins> <plugin> <groupId>org.apache.maven.plugins</groupI d> <artifactId>maven-pmd-plugin</artifactId> <configuration> <rulesets> <ruleset>/rulesets/braces.xml</ruleset>

  23. PMD Example Report Click to edit Master text styles Second level ● Third level ● Fourth level ● Fifth level

  24. CheckStyle Development tool to help programmers write Java code that adheres to a coding standard. It automates the process of checking Java code to spare humans of this boring (but important) task. Highly configurable and can be made to support almost any coding standard. An example configuration file is supplied supporting the Sun Code Conventions. Other sample

  25. CheckStyle Example Click to edit Master text styles Second level ● Third level ● Fourth level ● Fifth level

  26. Dead Code Detector Click to edit Master text styles Second level ● Third level ● Fourth level ● Fifth level

  27. Miscellaneous Tools CKJM - Chidamber and Kemerer Java Metrics Cobertura & EMMA – T est Code Coverage JavaNCSS - A Source Measurement Suite JDepend – Package Dependencies; Efferent Couplings (Ce) (number of other packages that the classes in the package depend upon) PMD-CPD - Copy/Paste Detector (CPD)

  28. Structure Tools Struture101 -- For understanding, analyzing, measuring and controlling the quality of your Software Architecture as it evolves over time. Sotoarc/Sotograph — Architecture and quality in-depth analysis and monitoring for Java, http://en.wikipedia.org/wiki/List_of_tools_for

  29. XRadar XRadar is an open extensible code report tool currently supporting all Java based systems. The batch-processing framework produces HTML/SVG reports of the systems current state and the development over time - all presented in sexy tables and graphs. It gets results from several brilliant open source projects and a couple of in house grown projects and presents the

  30. Xradar – MVN Site <reporting> <plugins> <plugin> <groupId>net.sf.xradar</groupId> <artifactId>maven-xradar- plugin</artifactId> <version>1.2.2</version> </plugin> </plugins>

  31. Xradar DEMO

  32. Sonar Dashboard to summarize Static and Dynamic analysis T ools. Conventions (Checkstyle) Bad Practices (PMD) Potential Bugs (FindBugs)

  33. Sonar Example – Front Dashboard

  34. Sonar Setting Alerts

  35. Reading Sonar Tendencies

  36. Sonar Application Dashboard Click to edit Master text styles Second level ● Third level ● Fourth level ● Fifth level

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Facilitation Tips and Tools April 2016 Beth Marsh Business Analysis Community of Practice

Facilitation Tips and Tools April 2016 Beth Marsh Business Analysis Community of Practice

Facilitation Tips and Tools April 2016 Beth Marsh Business Analysis Community of Practice SharePoint - https://sp.countryfinancial.com/teams/COPAnalysis/MemberSite/_layouts/15/start.aspx#/ Objectives 1. Facilitation Uses 2. Tips &amp; Tricks

522 views • 18 slides
Tools Advanced Parallel Programming WHATS THE PROBLEM? Why do we need tools? Reminder

Tools Advanced Parallel Programming WHATS THE PROBLEM? Why do we need tools? Reminder

Profiling and Analysis Tools Advanced Parallel Programming WHATS THE PROBLEM? Why do we need tools? Reminder Techniques for finding performance problems in a large code: Manual investigation, looking at the code and machine

612 views • 21 slides
Performance analysis Agenda Code Profiling Linux tools GNU Profiler (Gprof)

Performance analysis Agenda Code Profiling Linux tools GNU Profiler (Gprof)

Blue Gene/Q User Workshop Performance analysis Agenda Code Profiling Linux tools GNU Profiler (Gprof) bfdprof Hardware Performance counter Monitors IBM Blue Gene/Q performances tools Internal mpitrace Library

1.03k views • 38 slides
Context Generation from Formal Specifications for C Analysis Tools Michele Alberti 1 Julien

Context Generation from Formal Specifications for C Analysis Tools Michele Alberti 1 Julien

Context Generation from Formal Specifications for C Analysis Tools Michele Alberti 1 Julien Signoles 2 1 TrustInSoft 2 CEA LIST, Software Reliability and Security Laboratory LOPSTR 2017, Namur, Belgium 1 Code Analysis Tools Effective enough

575 views • 35 slides
Distance Learning: Tools &amp; Tips Community Presentation General Study &amp; Organization Tips

Distance Learning: Tools &amp; Tips Community Presentation General Study &amp; Organization Tips

Distance Learning: Tools &amp; Tips Community Presentation General Study &amp; Organization Tips These are the topics we will be covering: Organization Time Management Action Planning Monitoring &amp; Evaluating Progress

582 views • 20 slides
CloPlag A Study of Effects of Code Obfuscation to Code Similarity Detection Tools Chaiyong

CloPlag A Study of Effects of Code Obfuscation to Code Similarity Detection Tools Chaiyong

CloPlag A Study of Effects of Code Obfuscation to Code Similarity Detection Tools Chaiyong Ragkhitwetsagul, Jens Krinke, Albert Cabr Juan Cloned Code vs Plagiarised Code A result from source code Created in a similar way as code

479 views • 31 slides
CCTBX tools: I. Parallelizing Python code II. Analysis of unmerged intensities Nathaniel Echols

CCTBX tools: I. Parallelizing Python code II. Analysis of unmerged intensities Nathaniel Echols

CCTBX tools: I. Parallelizing Python code II. Analysis of unmerged intensities Nathaniel Echols DIALS workshop 3, February 2013 http://cci.lbl.gov/~nat/slides/dials_feb_2013.pdf Parallelization methods in CCTBX Multiprocessing : our tool

307 views • 19 slides
Tools for large-scale collection &amp; analysis of source code repositories OPEN SOURCE GIT

Tools for large-scale collection &amp; analysis of source code repositories OPEN SOURCE GIT

Tools for large-scale collection &amp; analysis of source code repositories OPEN SOURCE GIT REPOSITORY COLLECTION PIPELINE Intro Alexander Bezzubov source{d} committer &amp; PMC @ apache zeppelin startup in Madrid engineer

436 views • 25 slides
S9751: ACCELERATE YOUR CUDA DEVELOPMENT WITH LATEST DEBUGGING AND CODE ANALYSIS DEVELOPER TOOLS

S9751: ACCELERATE YOUR CUDA DEVELOPMENT WITH LATEST DEBUGGING AND CODE ANALYSIS DEVELOPER TOOLS

S9751: ACCELERATE YOUR CUDA DEVELOPMENT WITH LATEST DEBUGGING AND CODE ANALYSIS DEVELOPER TOOLS Aurelien Chartier &amp; Steve Ulrich, March 19 th , 2019 Debugging Tools Nsight Eclipse Edition CUDA GDB Nsight Visual Studio Steve Ulrich CUDA

890 views • 36 slides
Hands-On Training: Hands-On Training: Tips and Tools Tips and Tools Presentation Notes

Hands-On Training: Hands-On Training: Tips and Tools Tips and Tools Presentation Notes

Hands-On Training: Hands-On Training: Tips and Tools Tips and Tools Presentation Notes Presentation Notes Sample Instructor Guides Sample Instructor Guides Hands-On Training: Tips and Tools Page 1 May 2015 This brief presentation provides

700 views • 22 slides
Tools integrate Tools work together Tools work together Models Specs Code Traces Profiles

Tools integrate Tools work together Tools work together Models Specs Code Traces Profiles

Programming Environments The Future of Programming Environments Past of Andreas Zeller programming environments Saarland University A Tool Set Tools evolve Tools integrate Tools work together Tools work together Models Specs Code

517 views • 19 slides
Lab 7: Code checking tools Background on memory allocation Types of problem Uninitialized

Lab 7: Code checking tools Background on memory allocation Types of problem Uninitialized

Code checking tools Lab 7: Code checking tools Background on memory allocation Types of problem Uninitialized Comp Sci 1585 values Invalid read / write Data Structures Lab: Mis-used delete Tools for Computer Scientists Memory leaks

447 views • 17 slides
Tools for reading code Calvin Loncaric Code is read much more often than it is written . Code is

Tools for reading code Calvin Loncaric Code is read much more often than it is written . Code is

Tools for reading code Calvin Loncaric Code is read much more often than it is written . Code is read much more often than it is written . Reading code can be hard and boring! Quick, what does this function do?? @Override public void

243 views • 12 slides
various analysis, and all necessary analysis tools

various analysis, and all necessary analysis tools

Analysis page includes topics for analysis, descriptions of various analysis, and all necessary analysis tools

512 views • 9 slides
WORK-LIFE HARMONY TIPS AND TOOLS ASAP Wellness Workshop December 4, 2019 Kristen Strong, Ph.D.

WORK-LIFE HARMONY TIPS AND TOOLS ASAP Wellness Workshop December 4, 2019 Kristen Strong, Ph.D.

12/4/19 WORK-LIFE HARMONY TIPS AND TOOLS ASAP Wellness Workshop December 4, 2019 Kristen Strong, Ph.D. Acacia Counseling and Wellness Outline for Today Introduction Why talk about Work-Life Harmony? Tips and Tools: 1. Prioritize

533 views • 12 slides
Statically-informed Dynamic Analysis Tools to Detect Algorithmic Complexity Vulnerabilities 16th

Statically-informed Dynamic Analysis Tools to Detect Algorithmic Complexity Vulnerabilities 16th

learn invent impact Statically-informed Dynamic Analysis Tools to Detect Algorithmic Complexity Vulnerabilities 16th IEEE Interna,onal Working Conference on Source Code Analysis and Manipula,on (SCAM 2016) October 2, 2016 Benjamin Holland,

327 views • 32 slides
Improving Adolescent Literacy: Five Principles Michael L. Kamil Michael L. Kamil Stanford

Improving Adolescent Literacy: Five Principles Michael L. Kamil Michael L. Kamil Stanford

Improving Adolescent Literacy: Five Principles Michael L. Kamil Michael L. Kamil Stanford University Stanford University ACT, The Forgotten Middle , 2008 Chance of Later Success Science Mathematics Unprepared In 1% 15% Reading

1.05k views • 58 slides
ADJUSTING YOUR ARCHITECTURE Rachel Laycock @rachellaycock continuous delivery Our highest

ADJUSTING YOUR ARCHITECTURE Rachel Laycock @rachellaycock continuous delivery Our highest

I m p l e m e n t i n g C o n t i n o u s D e l i v e r y ADJUSTING YOUR ARCHITECTURE Rachel Laycock @rachellaycock continuous delivery Our highest priority is to satisfy the customer through early and continuous delivery of valuable

936 views • 91 slides
Raising Healthy Children Well Child Symposium Palmerston North 5 th June 2019 Why invest in early

Raising Healthy Children Well Child Symposium Palmerston North 5 th June 2019 Why invest in early

Raising Healthy Children Well Child Symposium Palmerston North 5 th June 2019 Why invest in early childhood? There are moral, political and economic arguments for investing in children. Currently children in New Zealand face significant

565 views • 13 slides
U.S. NRC Staff Perspective on Use of Models/Codes for Risk-Informed Decision-Making in License

U.S. NRC Staff Perspective on Use of Models/Codes for Risk-Informed Decision-Making in License

U.S. NRC Staff Perspective on Use of Models/Codes for Risk-Informed Decision-Making in License Termination Rateb (Boby) Abu Eid, Ph. D. George Alexander, Ph.D. Division of Decommissioning, Uranium Recovery Waste Management Programs (DUWP) Office

396 views • 37 slides
RUSSIAN INTERNATIONAL FINANCE By: Andriy Lahush 250459077 For Dr. J.D. Han, Economics 3370a

RUSSIAN INTERNATIONAL FINANCE By: Andriy Lahush 250459077 For Dr. J.D. Han, Economics 3370a

::gold::oil::gas::diamonds::minerals:: ::gold::oil::gas::diamonds::minerals:: RUSSIAN INTERNATIONAL FINANCE By: Andriy Lahush 250459077 For Dr. J.D. Han, Economics 3370a King s University College 2011 s University College 2011 For

317 views • 17 slides
Esquimalt Graving Dock (EGD) Waterlot Remediation Project Implementing a Sediment Remediation

Esquimalt Graving Dock (EGD) Waterlot Remediation Project Implementing a Sediment Remediation

Esquimalt Graving Dock (EGD) Waterlot Remediation Project Implementing a Sediment Remediation Mega-Project at the Largest Deep-Sea Shipbuilding and Repair Facility on Canada's Pacific Coast Challenges of Operational Coordination Presented by

666 views • 32 slides
Esquimalt Graving Dock Waterlot Remediation Mega-Site (Phase 1B): Design, Contracting, and

Esquimalt Graving Dock Waterlot Remediation Mega-Site (Phase 1B): Design, Contracting, and

Esquimalt Graving Dock Waterlot Remediation Mega-Site (Phase 1B): Design, Contracting, and Construction Challenges Presented by Dan Berlin and Tom Wang, Anchor QEA, LLC Andrew Mylly and Rae-Ann Sharp, PWGSC April 16, 2014 Presentation

773 views • 40 slides
Multi-year I ncentive Rate Regulation for Natural Gas Utilities Stakeholder Meetings October 4 ,

Multi-year I ncentive Rate Regulation for Natural Gas Utilities Stakeholder Meetings October 4 ,

Multi-year I ncentive Rate Regulation for Natural Gas Utilities Stakeholder Meetings October 4 , 6 and 1 3 , 2 0 0 6 Revised October 2 0 , 2 0 0 6 Outline of Presentation Stakeholder Meetings Overview of Process and Timelines

700 views • 37 slides

More recommend