Static Analysis
Upcoming SlideShare
Loading in...5
×
 

Static Analysis

on

  • 901 views

static analysis

static analysis

Statistics

Views

Total Views
901
Views on SlideShare
901
Embed Views
0

Actions

Likes
1
Downloads
18
Comments
0

0 Embeds 0

No embeds

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    Static Analysis Static Analysis Presentation Transcript

    • Improve SAKS.com Software Quality through Static Analysis Even before Testing
    • Comparison of costs to fix defects at different stages
    • Code Analysis Strategy Code Static Analysis tool review source code Static Analysis and Data Flow Analysis Tool review byte code Automate build and code review process Continuous Integration
    • Static Analysis tool Commercial product : Parasoft Jtest Open source tool: For Java CheckStyle PMD FindBugs For JavaScript JavaScript Lint
    • What is FindBugs FindBugs uses the Apache BCEL library to analyze the classes in your application and detect potential bugs. FindBugs rules (or "detectors") use a variety of inspection techniques, from examining the structure of the class right through to studying the detailed dataflow through the class. In addition to the detectors provided by FindBugs, with a bit of work, you can write your own custom-built detectors. http:// findbugs.sourceforge.net /
    • FindBugs in Action FindBugs is an open source static analysis tool, developed at the University of Maryland Looks for bug patterns, inspired by real problems in real code Held FindBugs fixit at Google May 13-14th , 2009 • 300 engineers provided 8,000 reviews of 4,000 issues • 75+% were marked should fix or must fix more than 1,500 of the issues have already been removed
    • Static Analysis really useful? Static analysis typically finds mistakes but some mistakes don ’t matter The bug that matter depend on context Static analysis, at best , might catch 5-10% of your software quality problems Used effectively, static analysis is cheaper than other techniques for catching the same bugs
    • What is the difference FindBugs with Checkstyle and PMD Checkstyle has traditionally focused on coding standards such as naming conventions and spacing, and the presence of Javadocs. PMD is more focused on best practices, sub-optimal code, and potential errors. FindBugs' tendency to focus on potential bugs. in practice, a high proportion of the issues raised by FindBugs turn out to be real bugs.
    • Bug Categories
    • Bug Categories
    • How to use FindBugs
    • Bugs Detection Process
    • FindBugs Analysis Report
    • JavaScript Lint Based on the JavaScript engine for the Firefox Browser check JavaScript source code for common mistakes without actually running the script or opening the web page.
    • High Light Issues—checkout.js
    • High Light Issues—dom-creation.js C:aliceworkspacesaks.jarmediajsdom-creation.js(3042): lint warning: comparisons against null, 0, true, false, or an empty string allowing implicit type conversion (use === or !==) if ((optArr[i].selected == true && selected == null) || (optArr[i].value == selected)) ................................................................^ C:aliceworkspacesaks.jarmediajsdom-creation.js(3042): lint warning: comparisons against null, 0, true, false, or an empty string allowing implicit type conversion (use === or !==) if ((optArr[i].selected == true && selected == null) || (optArr[i].value == selected)) ...................................................................................^ C:aliceworkspacesaks.jarmediajsdom-creation.js(3060): lint warning: comparisons against null, 0, true, false, or an empty string allowing implicit type conversion (use === or !==) if (ddObj.data == null) { ..............................................^ C:aliceworkspacesaks.jarmediajsdom-creation.js(3061): SyntaxError: missing name after . operator $j.(ddObj.path, null, ...................................^
    • Continue Integration Plan Based on existed Cruise Control Server, continue to use it as continue integration Server. The current Cruise Control implements automatically build Projects.
    • Continue Integration Plan Add FindBugs in CruisControl build process Generate code metrics Generate code analysis report