0
Static Analysis Exposed
Practices in existence
Static Analysis
 Old style
 Static Analysis 2.0
Old style is simple and a plain integration into ...
Old style continued.
• #include <iostream>
• using namespace std;
• class person
• {
• public:
•
• string name;
• int numb...
Sonar Integration to Eclipse
Use the integrated plugin
Configure from Eclipse locally
Static analysis 2.0
• Solutions that need consideration:
– Sonar
– PMD
– CPP Check
– Checker 2.3
All open-source implement...
Analysis of each tool
• Sonar
– Can be run as a Daemon (Service)
– Can be entirely automated by performing one
local insta...
Sonar quick facts
• Sonar as a Service: Run by firing a shell script
• Start server once and it does everything
• Has inte...
Sonar
SonarQube Runner
Need to configure with:
• Web container (WL, Tomcat)
• DB (PSQL, mySQL)
• Interface (SonarQube)
Tad cumbe...
Support it provides
Display by custom properties
Pros & Cons
Pros:
Support for Integration
Multiple approaches possible
Clean GUI
Single install and one-time configuration
• Cons:
No support from UI (Only CLI)
Hard to comprehend and perceive
Needs a debugging stand point
PMD
• Highly dynamic frame work CLI tool that
supports 20+ languages
• Support for custom rule-sets
• Need some developmen...
Pros & Cons
• Yay:
Integration to CI, Build tools
Best support for custom rule-sets and filters
Basic filters provided by ...
CPP Check
• One of the few good tools for SA
• CLI support only
• Tad slower than than existing SA tools
• Support for cus...
Suggestions
• Understand Klocwork’s rulesets and define
custom properties
• SonarQube server is the best choice
• Rank # 2...
Thank You
Tools Overview
Tools Overview
Upcoming SlideShare
Loading in...5
×

Tools Overview

59

Published on

SA demo

Published in: Engineering
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
59
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
3
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Transcript of "Tools Overview"

  1. 1. Static Analysis Exposed
  2. 2. Practices in existence Static Analysis  Old style  Static Analysis 2.0 Old style is simple and a plain integration into IDE’s in use Ex: FindBugs, Cobertura etc., Compile time overhead and plain analysis
  3. 3. Old style continued. • #include <iostream> • using namespace std; • class person • { • public: • • string name; • int number; • }; • int main() • { • person obj; • • cout<<"Enter the Name :"; • cin>>obj.name; • • cout<<"Enter the Number :"; • cin>>obj.number; • • cout << obj.name << ": " << obj.number << endl; • • return 0; • }
  4. 4. Sonar Integration to Eclipse
  5. 5. Use the integrated plugin
  6. 6. Configure from Eclipse locally
  7. 7. Static analysis 2.0 • Solutions that need consideration: – Sonar – PMD – CPP Check – Checker 2.3 All open-source implementations
  8. 8. Analysis of each tool • Sonar – Can be run as a Daemon (Service) – Can be entirely automated by performing one local install SonarQube SonarQube Runner
  9. 9. Sonar quick facts • Sonar as a Service: Run by firing a shell script • Start server once and it does everything • Has integrated Web GUI • Can work on: • CI Server • Maven tool • Gradle tool • Server Implementation (SonarQube Runner)
  10. 10. Sonar
  11. 11. SonarQube Runner Need to configure with: • Web container (WL, Tomcat) • DB (PSQL, mySQL) • Interface (SonarQube) Tad cumbersome but one time process
  12. 12. Support it provides
  13. 13. Display by custom properties
  14. 14. Pros & Cons Pros: Support for Integration Multiple approaches possible Clean GUI Single install and one-time configuration
  15. 15. • Cons: No support from UI (Only CLI) Hard to comprehend and perceive Needs a debugging stand point
  16. 16. PMD • Highly dynamic frame work CLI tool that supports 20+ languages • Support for custom rule-sets • Need some development and customization • Output in three formats: CSV, HTML, XML Basic Syntax: ./script –d <Directory> -f<Filter> -o <Ouput-format>
  17. 17. Pros & Cons • Yay: Integration to CI, Build tools Best support for custom rule-sets and filters Basic filters provided by default • Boo: No UI support Time-consuming (> compile time)
  18. 18. CPP Check • One of the few good tools for SA • CLI support only • Tad slower than than existing SA tools • Support for custom Unit and Integration tests provided • HTML and XML output
  19. 19. Suggestions • Understand Klocwork’s rulesets and define custom properties • SonarQube server is the best choice • Rank # 2 PMD • CPP check and Checker tools can be analyzed further if necessary
  20. 20. Thank You
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×