Code Quality Control · 2013. 7. 12. · 2 1. Code Quality Control Introduction 2. Code Analysis &...
Transcript of Code Quality Control · 2013. 7. 12. · 2 1. Code Quality Control Introduction 2. Code Analysis &...
![Page 2: Code Quality Control · 2013. 7. 12. · 2 1. Code Quality Control Introduction 2. Code Analysis & Code Metrics 3. New Tools for Code Analysis – Gendarme & Sonar 4. Code Review](https://reader035.fdocuments.us/reader035/viewer/2022071023/5fd7964e16c2bd79220f5eb6/html5/thumbnails/2.jpg)
2
1. Code Quality Control Introduction
2. Code Analysis & Code Metrics
3. New Tools for Code Analysis – Gendarme & Sonar
4. Code Review Process
5. Q & A
![Page 3: Code Quality Control · 2013. 7. 12. · 2 1. Code Quality Control Introduction 2. Code Analysis & Code Metrics 3. New Tools for Code Analysis – Gendarme & Sonar 4. Code Review](https://reader035.fdocuments.us/reader035/viewer/2022071023/5fd7964e16c2bd79220f5eb6/html5/thumbnails/3.jpg)
•Functionality • Satisfy stated or implied needs
•Efficiency • Relationship between performance and resource used
•Maintainability • Can bear specified modifications
•Portability • Transfer from one environment to another
•Reliability • Run under stated conditions for a stated period of time
•Usability • Use by a stated or implied set of users easily
3
![Page 4: Code Quality Control · 2013. 7. 12. · 2 1. Code Quality Control Introduction 2. Code Analysis & Code Metrics 3. New Tools for Code Analysis – Gendarme & Sonar 4. Code Review](https://reader035.fdocuments.us/reader035/viewer/2022071023/5fd7964e16c2bd79220f5eb6/html5/thumbnails/4.jpg)
•Architecture & Design • Maintainability, Performance,
Internationalization
•Comments • Percentage, Docu & Undocu.API,
Commented LOCs
•Coding rules • Compliance (&), Naming, Correctness,
•Potential Bugs • Correctness, Security, Multithreaded
•Complexity • Methods, Classes, Dependencies
•Unit tests • Success (%), Coverage
•Duplications • Duplicated blocks, lines
4
![Page 5: Code Quality Control · 2013. 7. 12. · 2 1. Code Quality Control Introduction 2. Code Analysis & Code Metrics 3. New Tools for Code Analysis – Gendarme & Sonar 4. Code Review](https://reader035.fdocuments.us/reader035/viewer/2022071023/5fd7964e16c2bd79220f5eb6/html5/thumbnails/5.jpg)
•Convention covers naming, comments and format
conventions
• Is there javadoc on public methods
• Is the project following MSDN naming conventions
• Is the code written with a consistent format
•Bad practices consists of well known behaviors that
almost systematically lead to difficulties over time
• Catching an exception without doing anything
• Having dead code
• Too many complex methods
•Potential bugs helps you detect what is not clearly
visible in the code and understand why sequences of code could lead to potential bugs
• Synchronization on Boolean could lead to deadlock
• Multithreaded call to static attributes
• Array is stored directly
“Checkstyle is a stupid tool consuming time to search for tab characters when PMD is a smart one that can do the job alone as a good soldier, Findbugs is very good for resource consumption and Macker is… uh, what is Macker?“
5
![Page 6: Code Quality Control · 2013. 7. 12. · 2 1. Code Quality Control Introduction 2. Code Analysis & Code Metrics 3. New Tools for Code Analysis – Gendarme & Sonar 4. Code Review](https://reader035.fdocuments.us/reader035/viewer/2022071023/5fd7964e16c2bd79220f5eb6/html5/thumbnails/6.jpg)
•Number of Classes • Total number of classes in the selected scope
•Number of Children • Total number of direct subclasses of a class. A interface implementing counts as a direct child of that
interface
•Number of Interfaces • Total number of interfaces in the selected scope
•Depth of Inheritance Tree (DIT) • Distance from class Object in the inheritance hierarchy
•Number of Overridden Methods (NORM) • Total number of methods in the selected scope that are overridden from an ancestor class
•Number of Fields • Total number of fields defined in the selected scope
•Lines of Code • Total number of code (Physical or logical) in the selected scope
6
![Page 7: Code Quality Control · 2013. 7. 12. · 2 1. Code Quality Control Introduction 2. Code Analysis & Code Metrics 3. New Tools for Code Analysis – Gendarme & Sonar 4. Code Review](https://reader035.fdocuments.us/reader035/viewer/2022071023/5fd7964e16c2bd79220f5eb6/html5/thumbnails/7.jpg)
•Specialization Index • A class level metric (defined as NORM * DIT / NOM)
•McCabe Cyclomatic Complexity • Counts the number of flows through a piece of code. Each time a branch occurs (if, for, while, do, case,
catch and the ?: ternary operator, as well as the && and || conditional logic operators in expressions) this metric is incremented by one. Calculated for methods only
•Weighted Methods per Class (WMC) • Sum of the McCabe Cyclomatic Complexity for all methods in a class
•Lack of Cohesion of Methods (LCOM*) • Calculated with the Henderson-Sellers method (If (m(A) is the number of methods accessing an attribute
A, calculate the average of m(A) for all attributes, subtract the number of methods m and divide the result by (1-m))
•Afferent/Efferent Coupling (Ca/Ce) • The number of classes outside/inside a package that depend on classes inside/outside the package
•Instability (I) • Ce / (Ca + Ce)
•Abstractness (A) • The number of abstract classes (and interfaces) divided by the total number of types in a package
7
![Page 8: Code Quality Control · 2013. 7. 12. · 2 1. Code Quality Control Introduction 2. Code Analysis & Code Metrics 3. New Tools for Code Analysis – Gendarme & Sonar 4. Code Review](https://reader035.fdocuments.us/reader035/viewer/2022071023/5fd7964e16c2bd79220f5eb6/html5/thumbnails/8.jpg)
•Convention covers naming, comments and format conventions
• Is there javadoc on public methods
• Is the project following MSDN naming conventions
• Is the code written with a consistent format
•Bad practices consists of well known behaviors that almost systematically lead to difficulties over time
• Catching an exception without doing anything
• Having dead code
• Too many complex methods
•Potential bugs helps you detect what is not clearly visible in the code and understand why sequences of code could lead to potential bugs
• Synchronization on Boolean could lead to deadlock
• Multithreaded call to static attributes
• Array is stored directly
•Number of Classes
•Number of Children
•Number of Interfaces
•Depth of Inheritance Tree (DIT)
•Number of Overridden Methods (NORM)
•Number of Fields
•Lines of Code
•Specialization Index
•McCabe Cyclomatic Complexity
•Lack of Cohesion of Methods (LCOM*)
•Afferent/Efferent Coupling (Ca/Ce)
•Instability (I)
•Abstractness (A)
8
![Page 9: Code Quality Control · 2013. 7. 12. · 2 1. Code Quality Control Introduction 2. Code Analysis & Code Metrics 3. New Tools for Code Analysis – Gendarme & Sonar 4. Code Review](https://reader035.fdocuments.us/reader035/viewer/2022071023/5fd7964e16c2bd79220f5eb6/html5/thumbnails/9.jpg)
“Code Analysis is a kind of multifarious and boring thing, is there any tools can help automated this?”
9
![Page 10: Code Quality Control · 2013. 7. 12. · 2 1. Code Quality Control Introduction 2. Code Analysis & Code Metrics 3. New Tools for Code Analysis – Gendarme & Sonar 4. Code Review](https://reader035.fdocuments.us/reader035/viewer/2022071023/5fd7964e16c2bd79220f5eb6/html5/thumbnails/10.jpg)
•Ncover • Get your application test status (%) (CIL)
•StyleCop • Get your code convention Compliance status (source code level)
10
It is far from enough to help us pursuit of highest quality code!
![Page 11: Code Quality Control · 2013. 7. 12. · 2 1. Code Quality Control Introduction 2. Code Analysis & Code Metrics 3. New Tools for Code Analysis – Gendarme & Sonar 4. Code Review](https://reader035.fdocuments.us/reader035/viewer/2022071023/5fd7964e16c2bd79220f5eb6/html5/thumbnails/11.jpg)
•Gendarme • A extensible rule-based tool to find
problems in .NET applications and libraries
• Inspects programs and libraries that contain code in ECMA CIL format (Mono and .NET)
• Looks for common problems with the code, problems that compiler do not typically check or have not historically checked
• Easy to use, report friendly
• http://www.mono-project.com/Gendarme
11
![Page 12: Code Quality Control · 2013. 7. 12. · 2 1. Code Quality Control Introduction 2. Code Analysis & Code Metrics 3. New Tools for Code Analysis – Gendarme & Sonar 4. Code Review](https://reader035.fdocuments.us/reader035/viewer/2022071023/5fd7964e16c2bd79220f5eb6/html5/thumbnails/12.jpg)
12
Gendarme - Assembly
Bad Practice
Design
![Page 13: Code Quality Control · 2013. 7. 12. · 2 1. Code Quality Control Introduction 2. Code Analysis & Code Metrics 3. New Tools for Code Analysis – Gendarme & Sonar 4. Code Review](https://reader035.fdocuments.us/reader035/viewer/2022071023/5fd7964e16c2bd79220f5eb6/html5/thumbnails/13.jpg)
Gendarme - Type
13
![Page 14: Code Quality Control · 2013. 7. 12. · 2 1. Code Quality Control Introduction 2. Code Analysis & Code Metrics 3. New Tools for Code Analysis – Gendarme & Sonar 4. Code Review](https://reader035.fdocuments.us/reader035/viewer/2022071023/5fd7964e16c2bd79220f5eb6/html5/thumbnails/14.jpg)
Gendarme - Method
14
![Page 15: Code Quality Control · 2013. 7. 12. · 2 1. Code Quality Control Introduction 2. Code Analysis & Code Metrics 3. New Tools for Code Analysis – Gendarme & Sonar 4. Code Review](https://reader035.fdocuments.us/reader035/viewer/2022071023/5fd7964e16c2bd79220f5eb6/html5/thumbnails/15.jpg)
Gendarme - Task
15
Load task - NauckIT.NAnt.dll
Nant target – Full example
![Page 16: Code Quality Control · 2013. 7. 12. · 2 1. Code Quality Control Introduction 2. Code Analysis & Code Metrics 3. New Tools for Code Analysis – Gendarme & Sonar 4. Code Review](https://reader035.fdocuments.us/reader035/viewer/2022071023/5fd7964e16c2bd79220f5eb6/html5/thumbnails/16.jpg)
Gendarme - Report
16
![Page 17: Code Quality Control · 2013. 7. 12. · 2 1. Code Quality Control Introduction 2. Code Analysis & Code Metrics 3. New Tools for Code Analysis – Gendarme & Sonar 4. Code Review](https://reader035.fdocuments.us/reader035/viewer/2022071023/5fd7964e16c2bd79220f5eb6/html5/thumbnails/17.jpg)
•Sonar • All in one (Architecture & design,
comment, coding rules, potential bugs…)
• A continuous quality control tool for Java applications. Join the existing continuous integration tools to place all development projects under quality control
• A web-based application. Rules, alerts, thresholds, exclusions, settings
• Findbugs, CheckStyle, PMD, extend with plugins
• Based on Maven
• http://sonar.codehaus.org/
17
![Page 18: Code Quality Control · 2013. 7. 12. · 2 1. Code Quality Control Introduction 2. Code Analysis & Code Metrics 3. New Tools for Code Analysis – Gendarme & Sonar 4. Code Review](https://reader035.fdocuments.us/reader035/viewer/2022071023/5fd7964e16c2bd79220f5eb6/html5/thumbnails/18.jpg)
• A static analysis tool that examines your class or JAR files by matching the bytecodes against a list of bug patterns (similar with Gendarme)
• Examples of problems found • Db connection, null pointer dereference
• Integrate FindBugs into build process
• Development phase, build phase, Code Review phase, Maintained phase
• Generate meaningful results • SCM, HTML report
• Determine what you will do the results of FindBugs
• http://findbugs.sourceforge.net/api/edu/umd/cs/findbugs/Detector.html
18
Sonar- FindBugs
![Page 19: Code Quality Control · 2013. 7. 12. · 2 1. Code Quality Control Introduction 2. Code Analysis & Code Metrics 3. New Tools for Code Analysis – Gendarme & Sonar 4. Code Review](https://reader035.fdocuments.us/reader035/viewer/2022071023/5fd7964e16c2bd79220f5eb6/html5/thumbnails/19.jpg)
• Scan Java source code and looks for potential problems
•Empty try/catch/finally/switch statements, duplicate code, dead code
• Write Java code adheres to a coding standard (code convention)
• Integrate into build process • Development phase, build phase, Code Review phase
• Similar with StyleCop
• http://pmd.sourceforge.net/
• http://checkstyle.sourceforge.net/
19
Sonar- PMD & CheckStyle
![Page 20: Code Quality Control · 2013. 7. 12. · 2 1. Code Quality Control Introduction 2. Code Analysis & Code Metrics 3. New Tools for Code Analysis – Gendarme & Sonar 4. Code Review](https://reader035.fdocuments.us/reader035/viewer/2022071023/5fd7964e16c2bd79220f5eb6/html5/thumbnails/20.jpg)
• Install & Configure Maven
• Run bin\windows-x86-32\StartSonar.bat
• Run mvn clean install sonar:sonar
• Browse to http://localhost:9000
20
Sonar- Run
![Page 21: Code Quality Control · 2013. 7. 12. · 2 1. Code Quality Control Introduction 2. Code Analysis & Code Metrics 3. New Tools for Code Analysis – Gendarme & Sonar 4. Code Review](https://reader035.fdocuments.us/reader035/viewer/2022071023/5fd7964e16c2bd79220f5eb6/html5/thumbnails/21.jpg)
Sonar- Report (Bird’s eye view)
![Page 22: Code Quality Control · 2013. 7. 12. · 2 1. Code Quality Control Introduction 2. Code Analysis & Code Metrics 3. New Tools for Code Analysis – Gendarme & Sonar 4. Code Review](https://reader035.fdocuments.us/reader035/viewer/2022071023/5fd7964e16c2bd79220f5eb6/html5/thumbnails/22.jpg)
•Start early
•Don’t Compromise
•Schedule time to lower your technical debt
•Make it work; make it right (right away)
•Requires monitoring and changing behavior
•Be willing to help and be helped
•Devise lightweight non-bureaucratic measures
22
Ways to Improve Quality
![Page 23: Code Quality Control · 2013. 7. 12. · 2 1. Code Quality Control Introduction 2. Code Analysis & Code Metrics 3. New Tools for Code Analysis – Gendarme & Sonar 4. Code Review](https://reader035.fdocuments.us/reader035/viewer/2022071023/5fd7964e16c2bd79220f5eb6/html5/thumbnails/23.jpg)
Activity Summary with Input and Output
Input Step Output
•Requirements •Code (including list of changes since last review) •Constraints
•Step 1. Identify code review objectives
•Code review objectives
•Code •Code review objectives
•Step 2. Perform automated review •Suspicious list
•Code •Code review objectives •Suspicious list
•Step 3. review manual review •To be improved list
•Code •Code review objectives
•Step 4. perform automated review
•Final report
Note: code can be merged into main line in Perforce only after code review
23
![Page 24: Code Quality Control · 2013. 7. 12. · 2 1. Code Quality Control Introduction 2. Code Analysis & Code Metrics 3. New Tools for Code Analysis – Gendarme & Sonar 4. Code Review](https://reader035.fdocuments.us/reader035/viewer/2022071023/5fd7964e16c2bd79220f5eb6/html5/thumbnails/24.jpg)
24
![Page 25: Code Quality Control · 2013. 7. 12. · 2 1. Code Quality Control Introduction 2. Code Analysis & Code Metrics 3. New Tools for Code Analysis – Gendarme & Sonar 4. Code Review](https://reader035.fdocuments.us/reader035/viewer/2022071023/5fd7964e16c2bd79220f5eb6/html5/thumbnails/25.jpg)
What I like most about programming is that everything comes with a reason
25