Uwe Lappöhn | CTS EVENTIM

STATIC CODE ANALYSIS @ EVENTIM

PBUGG 2019 | Frankfurt, May 20th & 21st

2

PURPOSE OF STATIC CODE ANALYSIS

COMPANY PROFILE

TOOL 1: SONARQUBE

AGENDA

OUR MOTIVATION

TOOL 2: SOTOARC

3

3

• Market Leader in Ticketing & Live Entertainment in Europe

• Proprietary Development

• Operating in 20+ Countries

• Growth from von € 15 Million (1999) to € 1.2 Billion (2018)

• Specialized Systems for Specialized Segments

COMPANY PROFILE

4

EVENTIM.INHOUSE

5

EVENTIM.INHOUSE

6

EVENTIM.INHOUSE

7

EVENTIM.INHOUSE

8

EVENTIM.INHOUSE: TEAMS

Scrum

Master

Product

Manager

Product

Manager

DEV & QA

Architect

FOCUS-TEAMS

ONLINE

LOGIC

NUMBERS Architect

9

PURPOSE OF STATIC CODE ANALYSIS

COMPANY PROFILE

TOOL 1: SONARQUBE

AGENDA

OUR MOTIVATION

TOOL 2: SOTOARC

10

WHAT‘S THAT?

… static because the program analyzed does not need to be executed

… white-box approach

… works tool-based

… can be integrated into a build pipeline

STATIC CODE ANALYSIS: DEFINITION

11

AND WHAT‘S THAT FOR?

… helps to understand the code structure

… checks coding standards

… finds code smells

STATIC CODE ANALYSIS: PURPOSE

12

PURPOSE OF STATIC CODE ANALYSIS

COMPANY PROFILE

TOOL 1: SONARQUBE

AGENDA

OUR MOTIVATION

TOOL 2: SOTOARC

13

STATIC CODE ANALYSIS: OUR MOTIVATION

14

STATIC CODE ANALYSIS: OUR MOTIVATION

15

STATIC CODE ANALYSIS: OUR MOTIVATION

16

WE NEED IT BECAUSE

… we constantly want to improve the quality of our code.

… our team grew (from 6 to >20) and grows

… we want to avoid code smells

… we started a project to renew our software architecture

N-tier

C#

Domain Driven Design

STATIC CODE ANALYSIS: SUMMARY

17

PURPOSE OF STATIC CODE ANALYSIS

COMPANY PROFILE

TOOL 1: SONARQUBE

AGENDA

OUR MOTIVATION

TOOL 2: SOTOARC

18

SONARQUBE AND POWERBUILDER?

19

https://www.sonarqube.org/

20

WHAT WE DID TO MAKE IT WORK

… created a plugin that uses PowerScript as grammar

… implemented rules using the new grammar

… integrated the plugin into Sonarqube

SONARQUBE

21

https://github.com/qualitesys/Qcr4Pbl

EXAMPLE

22

https://github.com/qualitesys/Qcr4Pbl

EXAMPLE

23

https://github.com/qualitesys/Qcr4Pbl

EXAMPLE

24

https://github.com/qualitesys/Qcr4Pbl

EXAMPLE

25

https://github.com/qualitesys/Qcr4Pbl

EXAMPLE

26

PURPOSE OF STATIC CODE ANALYSIS

COMPANY PROFILE

TOOL 1: SONARQUBE

AGENDA

OUR MOTIVATION

TOOL 2: SOTOARC

27

WHAT IS THAT THING?

Visualizes the static structure of a system

Helps to understand the structure

Helps to model a target architecture

Performs a conformity check

Checks and detects where the code is not compliant

Simulates potential restructurings and their effects

SOTOARC

28

SOTOARC AND POWERBUILDER?

SOTOARC

29

https://www.hello2morrow.com/products/sotograph

SOTOARC

30

WHAT WE DID

… we took a stable and relatively invariable package →

ACCESS CONTROL

Performs the interaction between INHOUSE and ACCESS CONTROL

SOTOARC

31

EXAMPLE

32

EXAMPLE

33

WHAT WE DID TO MAKE IT WORK

… ZKS-Service is coded in Powerbuilder

… C# will be generated with PB.Net from Powerscript

… C# is deployd on IIS

… generated C# code is base for SOTOARC

SOTOARC

34

Start SOTOARC with original code structure

SOTOARC

35

EXAMPLE

36

EXAMPLE

37

EXAMPLE

38

EXAMPLE

39

EXAMPLE

40

EXAMPLE

41

After the restructuring with SOTOARC

SOTOARC

42

EXAMPLE

43

EXAMPLE

44

EXAMPLE

45

EXAMPLE

→ uwe.lappoehn@eventim.de