Continuous code quality_in_java

Continuous code quality
in java projects

Igor Suhorukov
Continuous code quality in java projects
Information from this report is my subjective
opinion based on my experience, knowledge,
mistakes... ;-)
Subjective opinion
6/27/19
2010 DB Blue template
2

Igor Suhorukov
Subjective opinion
6/27/19 2010 DB Blue template
3
https://youtu.be/mGiDkLgy7IM?t=279

Igor Suhorukov
Why Java?
4
https://madnight.github.io/githut/#/pull_requests/2019/1

Igor Suhorukov
Software functional quality reflects how well it complies with or conforms
to a given design, based on functional requirements or specifications.
Quality is subjective from end user point of view and is not constant in
software development life cycle.
ISO/IEC 9126, ISO/IEC 25000:2014, Сonsortium for IT Software
Quality(CISQ), Software Quality Assessment based on Lifecycle
Expectations(SQALE)
Software quality
5

Igor Suhorukov
Software development process
6

Igor Suhorukov
Software development process constraints
7
Quality
Cost Schedule
Scope

Igor Suhorukov
Metrics measure the quantitative assessment of some
property of software or its specification.
Metrics usage and holy wars:
● How to choose the right metrics?
● Are metrics set blessed?
● What I need to do with metrics results?
Metrics
8

Igor Suhorukov
● Reliability
● Security
● Maintainability
● Duplications
● Complexity
● Issues/Code smell
https://docs.sonarqube.org/latest/user-guide/metric-definitions/
Complexity metrics for software development
9

Igor Suhorukov
Technical debt / big ball of mud
10

Igor Suhorukov
Fragile code and unpredictable application failure after
small changes
Delayed improvements and miss deadlines
Tight coupling code
Technical debt
11

Igor Suhorukov
Technical debt is related to new code or bug fixes.
Examples: increased code complexity, absence of tests for
new code, subsystem or code decomposition issues and
spaghetti code .
Tech debt as violation of SOLID principles (single
responsibility, open-closed, Liskov substitution, interface
segregation and dependency inversion).
Root cause: dev experience, limited time, team player
discipline.
Technical debt
12

Igor Suhorukov
Test-driven development (TDD)
Behavior driven development (BDD)
Performance Test Driven Development
Continuous Code Quality Inspection
Is it mandatory or recommended only?
Depends on – team size, project complexity, outsourcing/in house project, schedule,
management culture, team qualification/experience/velocity.
Software quality should be part of SDLC
13

Igor Suhorukov
Agile Manifesto
Individuals and interactions over processes and tools.
Working software over comprehensive documentation.
Customer collaboration over contract negotiation.
Responding to change over following a plan.
Individuals and interactions
Software quality should be part of SDLC
14

Igor Suhorukov
Based on functional and non functional requirements:
Black/White-box testing
Manual/Unit/Integration testing/System testing
Mutation testing/Fuzzing
Load testing/Stress Testing/Performance testing
Usability testing
Software quality validation approach
15

Igor Suhorukov
● Static code analysis just one tool in the box to reach
good quality. Helps team to focus on some issues in
large codebase.
● Formal verification of software programs. Too difficult
to explain specification and limited usage.
● Running dynamic program analysis of software on
emulator or real hardware. Time consuming method.
Software quality. White box testing
16

Igor Suhorukov
● Search by template in abstract syntax tree(AST).
● Rice's theorem.
Theorem states that all non-trivial, semantic properties of programs are
undecidable.
● False positive alerts.
● Nested method invocation.
Static analysis constraints
17

Igor Suhorukov
● IntelliJ Idea Community Edition - code inspections
● PVS-Studio Java free for several projects on github.
Too many usage constraints. License key may be
revoked in any time.
● SonarJava static analyzer for SonarLint & SonarQube
Java code static analyzers
18

Igor Suhorukov
IntelliJ Idea code inspections
19

Igor Suhorukov
IntelliJ Idea code inspections
20

Igor Suhorukov
PSV Studio
21

Igor Suhorukov
SonarLint
22

Igor Suhorukov
https://www.sonarqube.org Community Edition/Developer
Edition/Enterprise Edition/Data Center Edition
https://sonarcloud.io
SonarQube. Сontinuous code quality server
23

Igor Suhorukov
From first day
SonarQube. New project
24

Igor Suhorukov
SonarQube. Code smells
25

Igor Suhorukov
SonarQube. Strategy how to use it in legacy project
26
● Ignore existing issues, don’t pass new issue in code. QualityGate by default.
● Fix all issue
● Don’t use Sonar
● ?

Igor Suhorukov
git clone https://github.com/apache/ignite.git
mvn sonar:sonar
SonarQube. Project dashboard
27

Igor Suhorukov
SonarQube. Duplicate code
28

Igor Suhorukov
SonarQube. Maintainability
29

Igor Suhorukov
git clone https://github.com/apache/ignite.git
mvn sonar:sonar
SonarQube. Issues
30

Igor Suhorukov
SonarQube. New language feature inspection
31

Igor Suhorukov
SonarQube. Code complexity example
32

Igor Suhorukov
SonarQube. Issue description
33

Igor Suhorukov
SonarQube. Rules
34
https://rules.sonarsource.com/java/

Igor Suhorukov
● https://docs.sonarqube.org/display/SCAN/Analyzing+with+Son
arQube+Scanner+for+Jenkins
● https://docs.sonarqube.org/latest/analysis/pull-request/
● https://sonarcloud.io/documentation/analysis/pull-request/
CI/CD integration
35

Igor Suhorukov
● Black Duck Software
● Sonatype Nexus
● Artifactory
● Looks good to me LGTM
Alternatives
● https://www.codacy.com
● https://github.com/marketplace/category/code-quality
License compatibility/ known library issues
36

Igor Suhorukov
● https://github.com/checkstyle/checkstyle
https://github.com/spring-io/spring-javaformat/blob/master/src/checkstyle/checkstyle.xml
Code style
37

Igor Suhorukov
https://github.com/TNG/ArchUnit-Examples/blob/master/example-
junit5/src/test/java/com/tngtech/archunit/exampletest/junit5/DaoRulesTest.java
Code structure tests
38

Igor Suhorukov
● javadoc
● Use case(BDD) report - net.masterthought::maven-cucumber-reporting
● SchemaSpy (javadoc for RDBMS)
● PlantUML
Is project documentation actual?
39

Igor Suhorukov
BDD scenarios reports
40

Igor Suhorukov
SchemaSpy
41

Igor Suhorukov
PlantUml
42

Igor Suhorukov
● Measured technical debt is good argument to ask
management for more resources or change project
scope.
● Quick project state assessment.
● Focus team attention on most important issues.
● Helps to find untested code.
Continuous Code Quality and enterprise project
43

Igor Suhorukov
● Large open source project can use continuous code
quality approach on regular basis or occasionally
● Some projects just looks like community friendly but is not
in real interactions – too many bureaucracy.
● ML libraries code from scientists developers are very
specific and not so frequently follow common code style.
● I’ve cleaned code and fixed some issues in Spring
framework, Spring Boot, Elasticsearch, H2Database
Continuous Code Quality and open source
44

Igor Suhorukov
Conclusion
45

Igor Suhorukov
46

Thanks!
igor.suhorukov@gmail.com
github.com/igor-suhorukov

Continuous code quality_in_java

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Similar to Continuous code quality_in_java

Similar to Continuous code quality_in_java (20)

Recently uploaded

Recently uploaded (20)

Continuous code quality_in_java