Code review automation

Checkstyle

Checkstyle is fairly similar to PMD although it is more tuned to finding organizational bugs.

Like PMD it uses a compiler front end to generate its bug reports.

PMD provides many more checks over a wider range of areas. However, Checkstyle is more configurable.

And while some of the checks overlap, many of Checkstyle's checks are not in PMD and vice versa.

For most people it will not be enough to pick one or the other

2

Checkstyle: What it can do?

Missing Package Documentation - Just a basic reminder to document one's code. Nothing fancy - it's a good practice to be kind to other developers!

Method Parameter should be final - A good practice to ensure your contract / interface is explicit about what's an "in" parameter versus "in-out"

Spotting Magic Numbers - Such things should be either named constants or defined in some config / database somewhere. So easy to forget such "hard coding" beasts!

Use of tabs where spaces are preferred (or visa versa) Variables, methods, or classes not adhering to a naming standard Overly complex assignments or return statements Code formatting issues

3

CheckStyle: report

4

PMD

PMD uses source code analysis and works similarly to a compiler.

PMD is one of the most customizable tools mainly because of a cool feature that allows you to access the source code parser's output using an XPath engine.

The parser generates a tree in which the nodes are the parts of your program.

So a class node will contain child nodes for each variable and method.

The method nodes will then contain child nodes for the statements within that method.

PMD allows you to access this tree as if it were an XML document using XPath

5

PMD: What it can find?

Excessive class length - classes that are too long are probably guilty of trying to do too much and should be refactored to smaller classes that "do one thing and do it well"

Missing break in switch - one of those nasty ones where you can stare at the code for hours until it hits you that one of the lines doesn't have a break!

Empty Catch block - Avoid catching Throwable - again, why do you want to catch Errors (e.g. out of memory

problems) in addition to Exceptions? Non-Thread-Safe Singleton If all methods are static, consider using Singleton or a private constructor - Unused Imports - Avoid Protected Field in a final class - the class is either extensible or not! Insufficient StringBuffer Declaration -small performance booster Excessive parameter counts for methods Unused fields, methods, and variables Broken double-checked Excessive method length - method is probably trying to do too much and should be refactored

for maintainability Switch Statements should have default - Return from a finally block –

6

PMD: report

7

CPD (Copy/Paste Detector) Part of PMD

Is a related utility that detects copy and paste code within a project.

Large amounts of duplicated code can indicate that instead of using inheritance or creating libraries a developer has found similar code and copied everything, bugs and all

8

FindBugs

FindBugs focuses on current and latent bugs. It looks for common issues and bits of code that often indicate something is wrong.

FindBugs uses byte-code analysis to generate its fault reports.

You can extend it via a plug-in mechanism to include customized checks.

9

FindBugs: What it can find?

Equals method assumes argument is correct type - the signature of equals is boolean Equals(Object o) so if you override it, it's always a good idea to check the instanceof right after checking for null

Inconsistent Synchronization on methods Get and set methods where the get is unsynchronized while the set is synchronized

Unconditional wait() - so your code doesn't mind waiting forever? I bet your users do!

Beware Tests for Floating Point Equality - you might want to consider Double or BigDecimal to avoid rounding errors

Switch Statement found where one case falls through to next - are you sure you mean that?

NullPointerException Places where a NullPointerException might occur and places where redundant comparisons of reference values against null are made

Methods that return mutable static data Problems in how Iterator classes are defined Control flow statements that have no effect

10

FindBugs: report

11

QALab

You to get a sense of the trend for your your project. QALab collects and consolidates data from several QA

tools and keeps track of them overtime. This allows developers, architects and project

managers alike to be presented with a trend of the QA statistics of their project

12

QALab: What it can do?

Collect Data from QA Tools into a generic qalab.xml format. – Checkstyle, PMD, PMD CPD (Copy Paste Detector), FindBugs, Cobertura

This is a necessary step to consolidate data. Generate Charts from qalab.xml for each file; these will show the trends over time for each file and the overall

project. Generate a summary xml and site with html pages with the files

that have seen a change in their QA statistics over the last n days. This is particularly useful for developers who can see the impact

of the latest code checked in.

13

QALab: reports

14

QALab: reports

15

QALab: reports

16

Date Checkstyle PMD FindBugs Simian Cobertura

Files Errors Files Errors Files Errors Files Errors Line Branch

2006-11-13 32 11 0 0 1 1 0 0 66 % 79 %

2006-11-12 32 12 0 0 1 1 0 0 66 % 79 %

2006-11-09 32 20 1 1 1 1 0 0 66 % 79 %

2006-11-07 32 1 0 0 1 1 0 0 65 % 78 %

2006-11-06 0 0 0 0 1 1 0 0 65 % 78 %

2006-11-05 0 0 0 0 1 1 0 0 65 % 78 %

2006-11-04 0 0 0 0 1 1 0 0 65 % 78 %

2006-11-03 0 0 0 0 1 1 0 0 65 % 77 %

2006-11-01 32 1 0 0 1 1 0 0 68 % 79 %

2006-10-13 32 1 1 3 1 1 0 0 67 % 81 %

2006-10-11 0 0 0 0 1 1 0 0 65 % 78 %

2006-07-16 0 0 0 0 1 1 2 32 66 % 75 %

2006-07-05 0 0 0 0 1 1 2 32 69 % 79 %

Deployment

17

Eclipse IDE PMD FindBugs CheckStyle Jalopy

Eclipse IDE PMD FindBugs CheckStyle Jalopy

Code reviews

Perforce

Code reviews Failed

Lead Approved

Build Box PMD FindBugs CheckStyle Cobertura, Emma QaLab Maven Site

Build Box PMD FindBugs CheckStyle Cobertura, Emma QaLab Maven Site

Publish reports

Track