Tools Coverage for the Java EE Platform @ Silicon Valley Code Camp 2010
Java Code Quality Tools
Transcript of Java Code Quality Tools
![Page 1: Java Code Quality Tools](https://reader035.fdocuments.in/reader035/viewer/2022062823/5875bc4e1a28ab33128b491d/html5/thumbnails/1.jpg)
Code Quality ToolsPowered by
Infaum Educational TechnologyAnju ML
![Page 2: Java Code Quality Tools](https://reader035.fdocuments.in/reader035/viewer/2022062823/5875bc4e1a28ab33128b491d/html5/thumbnails/2.jpg)
Code Quality Tools
Here we are discussing about two important code quality tools. SonarQube FindBugs
![Page 3: Java Code Quality Tools](https://reader035.fdocuments.in/reader035/viewer/2022062823/5875bc4e1a28ab33128b491d/html5/thumbnails/3.jpg)
SonarQube
NOTE: Sonar Logo is taken from its official site
![Page 4: Java Code Quality Tools](https://reader035.fdocuments.in/reader035/viewer/2022062823/5875bc4e1a28ab33128b491d/html5/thumbnails/4.jpg)
SonarQube• Sonar is an open source platform for continuous
inspection of code quality. • Static code Analysis- Java.• It is developed with a main objective in mind: make
code quality management accessible to everyone with minimal effort.
• Sonar provides code analyzers, reporting tools, defects hunting modules and TimeMachine as core functionality.
![Page 5: Java Code Quality Tools](https://reader035.fdocuments.in/reader035/viewer/2022062823/5875bc4e1a28ab33128b491d/html5/thumbnails/5.jpg)
Sonar- All in one….
NOTE: DRY—Don't Repeat YourselfDon't Repeat Yourself is a programming principle aimed at reducing repetition of code.
NOTE: Above image is taken from its official site
![Page 6: Java Code Quality Tools](https://reader035.fdocuments.in/reader035/viewer/2022062823/5875bc4e1a28ab33128b491d/html5/thumbnails/6.jpg)
Design and architecture—minimize dependencies
Duplications—isolates and refines duplications, Don't Repeat Yourself
Unit tests—writes unit tests, especially for complex parts of the software
Complexity—equalizes disproportionate distributed complexity among components; eliminates complexity if possible
Potential bugs—eliminate code violations to prevent vulnerabilities
Coding standards—respect coding standards and follow best practices
Documentation and comments—provide documentation especially for the Public API, the source code
![Page 7: Java Code Quality Tools](https://reader035.fdocuments.in/reader035/viewer/2022062823/5875bc4e1a28ab33128b491d/html5/thumbnails/7.jpg)
How does Sonar work?
Sonar is made of simple and flexible architecture that consists of three components:
A set of source code analyzers analyzers that are grouped in a maven plugin and are triggered on demand. The analyzers use configuration which is stored in the database.
A database to not only store the results of analysis, projects and global configuration but also to keep historical analysis for Time Machine
A web reporting tool is used to display code quality dashboards on projects, hunt for defects, and check TimeMachine and to configure analysis.
![Page 8: Java Code Quality Tools](https://reader035.fdocuments.in/reader035/viewer/2022062823/5875bc4e1a28ab33128b491d/html5/thumbnails/8.jpg)
What Sonar provides?• Quality profiles• Dashboards
o A consolidated view that shows all projectso Project dashboard is also available at modules and
packages level• Hunting Tools• TimeMachine
o TimeMachine is used to watch the evolution, replay the past, especially as it records versions of the project.
![Page 9: Java Code Quality Tools](https://reader035.fdocuments.in/reader035/viewer/2022062823/5875bc4e1a28ab33128b491d/html5/thumbnails/9.jpg)
FindBugs
NOTE: FindBugs Logo is taken from its official site
![Page 10: Java Code Quality Tools](https://reader035.fdocuments.in/reader035/viewer/2022062823/5875bc4e1a28ab33128b491d/html5/thumbnails/10.jpg)
FindBugs
• FindBugs is a program to find bugs in Java programs.• FindBugs is platform independent, and is known to run
on GNU/Linux, Windows, and MacOS X platforms.• It uses static analysis on java code.– Static analysis is a way to inspect code without executing the
program.• Works on byte code rather than source code.
![Page 11: Java Code Quality Tools](https://reader035.fdocuments.in/reader035/viewer/2022062823/5875bc4e1a28ab33128b491d/html5/thumbnails/11.jpg)
• This tool inspects Java byte code which is saved in the form of complied class files, to detect occurrences of bug patterns.
Bug patterns• Bug patterns are checklist items for possible
problems in the Java source.
![Page 12: Java Code Quality Tools](https://reader035.fdocuments.in/reader035/viewer/2022062823/5875bc4e1a28ab33128b491d/html5/thumbnails/12.jpg)
• Malicious code vulnerability – code that can be maliciously altered by other code.
• Dodgy – code that can lead to errors.• Bad practice – code that violates the recommended
coding practices.• Correctness – code that might give different results
than the developer intended.• Internationalization – code that can inhibit the use of
international characters.
The patterns are categorized by the list below:
![Page 13: Java Code Quality Tools](https://reader035.fdocuments.in/reader035/viewer/2022062823/5875bc4e1a28ab33128b491d/html5/thumbnails/13.jpg)
• Performance – code that could be written differently to improve performance.
• Security – code that can cause possible security problems.
• Multithreaded correctness – code that could cause problems in multi-threaded environment.
• Experimental – code that could miss clean up of steams, database objects, or other objects that require cleanup operation.
![Page 14: Java Code Quality Tools](https://reader035.fdocuments.in/reader035/viewer/2022062823/5875bc4e1a28ab33128b491d/html5/thumbnails/14.jpg)
FindBugs Results
Warning reported by FindBugs are categorized into:
• Relevant positive – a bug that the developers must fix or should fix.
• Irrelevant positive –a bug but it is irrelevant to the program and does not need to be fixed.
• False positive – Not a bug.
![Page 15: Java Code Quality Tools](https://reader035.fdocuments.in/reader035/viewer/2022062823/5875bc4e1a28ab33128b491d/html5/thumbnails/15.jpg)
![Page 16: Java Code Quality Tools](https://reader035.fdocuments.in/reader035/viewer/2022062823/5875bc4e1a28ab33128b491d/html5/thumbnails/16.jpg)
• My conclusion from this is that using FindBugs is definitely worthwhile. I plan to roll it out to all my Java projects and integrate it into the automated builds so that the FindBugs results are also available from the continuous integration server.
![Page 17: Java Code Quality Tools](https://reader035.fdocuments.in/reader035/viewer/2022062823/5875bc4e1a28ab33128b491d/html5/thumbnails/17.jpg)