Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
Static Code Analysis
@brwngrldev
+AnnyceDavis
“I’ll be learning
something new
on my deathbed.”
Checking your program for errors
without executing it
What is it?
@brwngrldev
Testing
What it’s not
@brwngrldev
1 / 7 - 10
@brwngrldev
1 / 10
@brwngrldev
1000
The tools…
Checkstyle
1
FindBugs
2
PMD
3
Lint
4
@brwngrldev
@brwngrldev
Lint
Checkstyle
FindBugs
PMD
Checkstyle
“… a development tool to help
programmers write Java code that
adheres to a coding standard.”
Source
Files
config.xml
Checkstyle Tool
Modules
Design
Formatting
Code Complexity
apply plugin: ‘checkstyle’
task checkstyle(type: Checkstyle) {

description 'Checks if the code passes quality standards'
...
<module name=“MethodLength">
<property name="max" value=“60"/>
</module>


<module name=“LineLength">
<property name="max"...


<module name=“CyclomaticComplexity">
<property name="max" value=“8"/>
</module>
Example
public void overlyComplexMethod(Video video) {
if (video != null && video.getStreamUrl() != null) {
switch (video.getCateg...
… warning: Cyclomatic Complexity is 9
public void overlyComplexMethod(Video video) {
if (video != null && video.getStreamUrl() != null) {
updateVideoBasedOnCate...
switch (video.getCategory()) {
case "CAT1" :
playVideo(video);
updateMetaDataAndUrl(video, "http://www.largeImage.png");
b...
Review…
• Formatting
• Code Complexity
• Refactor Gradually
@brwngrldev
Checkstyle
1
FindBugs
But this…
“…inspect Java bytecode
for occurrences of bug
patterns”
apply plugin: ‘findbugs’
task findbugs(type: FindBugs) {
description 'Run findbugs'
group 'verification'
effort 'max'
excludeFi...
<FindBugsFilter>

<Match>

<Class name="~.*R$.*"/>

</Match>
<Match>

<Bug pattern="HE_EQUALS_NO_HASHCODE"/>

</Match>
…

...
Example
gradle findbugs
Review…
• Bug Patterns
• Not Always Right
• Use the Filters
FindBugs
2
@brwngrldev
PMD
“…finds common programming flaws like
unused variables, empty catch blocks…”
apply plugin: ‘pmd’
task pmd(type: Pmd) {
description 'Run pmd'
group 'verification'
ruleSetFiles = files("./qa-checks/pmd-r...
<ruleset>

<rule ref="rulesets/java/braces.xml" />

<rule ref="rulesets/java/strings.xml" />

<rule ref="rulesets/java/bas...
Braces Ruleset
Example
gradle pmd
Find out why
Fix it…
Review…
• Possible Bugs
• Wasteful Usage
• Duplicate Code
@brwngrldev
PMD
3
Ewww!!!
“…checks for structural code problems that
could affect the quality and performance of
your application.”
Lint
Lintian
JSLintAndroid Lint Splint
PC-Lint
PyLint
cpplint
Example
Android Lint
<lint>

<issue id="IconColors" severity="ignore" />


<issue id="IconMissingDensityFolder" severity="ignore" ...
Continous Integration
Review
• Structural Issues
• Exclude Checks
• Continuous Integration
Lint
4
@brwngrldev
Summary
PMD
Checkstyle
FindBugs
Lint
@brwngrldev
Resources
• Clean Code - http://amzn.to/1DJybxH
• Effective Java - http://amzn.to/1Ku8Xel
• Google Code Style - http://goo....
Photo Credits
• Slide 7 - https://www.flickr.com/photos/orinrobertjohn/13068719
• Slide 20 - https://www.flickr.com/photos/o...
Thanks!
@brwngrldev
+AnnyceDavis
www.adavis.info
Static Code Analysis
Static Code Analysis
Static Code Analysis
Static Code Analysis
Static Code Analysis
Static Code Analysis
Static Code Analysis
Upcoming SlideShare
Loading in …5
×

Static Code Analysis

1,770 views

Published on

Studies show that for every 7 to 10 lines of code we write, we introduce one defect. Now often times we can spot these errors before they ever see the light of day, however that is not true in all cases. So what can we use to assist us in leveling the playing field? Well, we can take advantage of Static Code Analysis tools! In this talk, learn how you can incorporate the following tools into your development process: Checkstyle, PMD, FindBugs, and Lint.

Published in: Software

Static Code Analysis

  1. 1. Static Code Analysis
  2. 2. @brwngrldev +AnnyceDavis “I’ll be learning something new on my deathbed.”
  3. 3. Checking your program for errors without executing it What is it? @brwngrldev
  4. 4. Testing What it’s not @brwngrldev
  5. 5. 1 / 7 - 10 @brwngrldev
  6. 6. 1 / 10 @brwngrldev 1000
  7. 7. The tools… Checkstyle 1 FindBugs 2 PMD 3 Lint 4 @brwngrldev
  8. 8. @brwngrldev Lint Checkstyle FindBugs PMD
  9. 9. Checkstyle “… a development tool to help programmers write Java code that adheres to a coding standard.”
  10. 10. Source Files config.xml Checkstyle Tool Modules Design Formatting Code Complexity
  11. 11. apply plugin: ‘checkstyle’ task checkstyle(type: Checkstyle) {
 description 'Checks if the code passes quality standards'
 group 'verification'
 
 configFile file(‘checkstyle.xml') …
 }
  12. 12. <module name=“MethodLength"> <property name="max" value=“60"/> </module> 
 <module name=“LineLength"> <property name="max" value=“120"/> </module>
 
 <module name=“CyclomaticComplexity"> <property name="max" value=“8"/> </module> … playerControlConfig.setShowClosedCaptionsButton(a.getBo
  13. 13. 
 <module name=“CyclomaticComplexity"> <property name="max" value=“8"/> </module>
  14. 14. Example
  15. 15. public void overlyComplexMethod(Video video) { if (video != null && video.getStreamUrl() != null) { switch (video.getCategory()) { case "CAT1" : playVideo(video); if (video.getLargeImageUrl() == null) { video.setLargeImageUrl("http://www.largeImage.png"); } updateMetadata(video); break; case "CAT2" : if (video.getLargeImageUrl() == null) { video.setLargeImageUrl("http://www.smallImage.png");
  16. 16. … warning: Cyclomatic Complexity is 9
  17. 17. public void overlyComplexMethod(Video video) { if (video != null && video.getStreamUrl() != null) { updateVideoBasedOnCategory(video); } } private void updateVideoBasedOnCategory(Video video) { switch (video.getCategory()) { case "CAT1" : playVideo(video); if (video.getLargeImageUrl() == null) { video.setLargeImageUrl("http://www.largeImage.png"); } updateMetadata(video); break; 7
  18. 18. switch (video.getCategory()) { case "CAT1" : playVideo(video); updateMetaDataAndUrl(video, "http://www.largeImage.png"); break; … 4 @brwngrldev
  19. 19. Review… • Formatting • Code Complexity • Refactor Gradually @brwngrldev Checkstyle 1
  20. 20. FindBugs
  21. 21. But this… “…inspect Java bytecode for occurrences of bug patterns”
  22. 22. apply plugin: ‘findbugs’ task findbugs(type: FindBugs) { description 'Run findbugs' group 'verification' effort 'max' excludeFilter file('findbugs-exclude.xml') …
 }
  23. 23. <FindBugsFilter>
 <Match>
 <Class name="~.*R$.*"/>
 </Match> <Match>
 <Bug pattern="HE_EQUALS_NO_HASHCODE"/>
 </Match> …
 </FindBugsFilter>
  24. 24. Example
  25. 25. gradle findbugs
  26. 26. Review… • Bug Patterns • Not Always Right • Use the Filters FindBugs 2 @brwngrldev
  27. 27. PMD “…finds common programming flaws like unused variables, empty catch blocks…”
  28. 28. apply plugin: ‘pmd’ task pmd(type: Pmd) { description 'Run pmd' group 'verification' ruleSetFiles = files("./qa-checks/pmd-ruleset.xml") …
 }
  29. 29. <ruleset>
 <rule ref="rulesets/java/braces.xml" />
 <rule ref="rulesets/java/strings.xml" />
 <rule ref="rulesets/java/basic.xml" /> …
 </ruleset>
  30. 30. Braces Ruleset
  31. 31. Example
  32. 32. gradle pmd
  33. 33. Find out why
  34. 34. Fix it…
  35. 35. Review… • Possible Bugs • Wasteful Usage • Duplicate Code @brwngrldev PMD 3
  36. 36. Ewww!!!
  37. 37. “…checks for structural code problems that could affect the quality and performance of your application.” Lint
  38. 38. Lintian JSLintAndroid Lint Splint PC-Lint PyLint cpplint
  39. 39. Example
  40. 40. Android Lint <lint>
 <issue id="IconColors" severity="ignore" /> 
 <issue id="IconMissingDensityFolder" severity="ignore" /> 
 <issue id="UnusedResources">
 <ignore path="**/config.xml" />
 </issue> …
 </lint>
  41. 41. Continous Integration
  42. 42. Review • Structural Issues • Exclude Checks • Continuous Integration Lint 4 @brwngrldev
  43. 43. Summary PMD Checkstyle FindBugs Lint @brwngrldev
  44. 44. Resources • Clean Code - http://amzn.to/1DJybxH • Effective Java - http://amzn.to/1Ku8Xel • Google Code Style - http://goo.gl/8Pf6J3 • QA Checks - http://git.io/vCMwc • Conquering Cyclomatic Complexity - http://goo.gl/lRoPXN • Using Android Lint - http://goo.gl/Zl2BPx • Static Code Analysis Tools - https://goo.gl/0Hczxn @brwngrldev
  45. 45. Photo Credits • Slide 7 - https://www.flickr.com/photos/orinrobertjohn/13068719 • Slide 20 - https://www.flickr.com/photos/oakleyoriginals/2750185692 • Slide 41 - https://commons.wikimedia.org/wiki/File:Navel_lint_ball.jpg • Slide 50 - https://pixabay.com/en/thumb-success-successful-fan- faust-328420/ @brwngrldev
  46. 46. Thanks! @brwngrldev +AnnyceDavis www.adavis.info

×