Improve  SAKS.com  Software   Quality through Static Analysis Even before Testing
Comparison of costs to fix defects at different stages
Code Analysis  Strategy Code Static Analysis tool review source code Static Analysis and Data Flow Analysis Tool review by...
Static Analysis tool Commercial product : Parasoft Jtest Open source tool: For Java CheckStyle PMD FindBugs For JavaScript...
What is FindBugs FindBugs uses the Apache BCEL library to analyze the classes in your application and detect potential bug...
FindBugs in Action FindBugs is an open source static analysis tool, developed at the University of Maryland  Looks for bug...
Static Analysis really useful? Static analysis typically finds mistakes  but some mistakes don ’t matter  The bug that  mat...
What is the difference FindBugs with Checkstyle and PMD  Checkstyle has traditionally focused on coding standards such as ...
Bug Categories
Bug Categories
How to use FindBugs
Bugs Detection Process
FindBugs Analysis Report
JavaScript Lint Based on the JavaScript engine for the Firefox Browser check JavaScript source code for common mistakes wi...
High Light Issues—checkout.js
High Light Issues—dom-creation.js C:aliceworkspacesaks.jarmediajsdom-creation.js(3042): lint warning: comparisons against ...
Continue Integration Plan Based on existed Cruise Control Server, continue to use  it as  continue integration Server. The...
Continue Integration Plan Add FindBugs in CruisControl build process Generate code metrics Generate code analysis report
Upcoming SlideShare
Loading in …5
×

Static Analysis

888 views

Published on

static analysis

0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
888
On SlideShare
0
From Embeds
0
Number of Embeds
3
Actions
Shares
0
Downloads
20
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

Static Analysis

  1. 1. Improve SAKS.com Software Quality through Static Analysis Even before Testing
  2. 2. Comparison of costs to fix defects at different stages
  3. 3. Code Analysis Strategy Code Static Analysis tool review source code Static Analysis and Data Flow Analysis Tool review byte code Automate build and code review process Continuous Integration
  4. 4. Static Analysis tool Commercial product : Parasoft Jtest Open source tool: For Java CheckStyle PMD FindBugs For JavaScript JavaScript Lint
  5. 5. What is FindBugs FindBugs uses the Apache BCEL library to analyze the classes in your application and detect potential bugs. FindBugs rules (or "detectors") use a variety of inspection techniques, from examining the structure of the class right through to studying the detailed dataflow through the class. In addition to the detectors provided by FindBugs, with a bit of work, you can write your own custom-built detectors. http:// findbugs.sourceforge.net /
  6. 6. FindBugs in Action FindBugs is an open source static analysis tool, developed at the University of Maryland Looks for bug patterns, inspired by real problems in real code Held FindBugs fixit at Google May 13-14th , 2009 • 300 engineers provided 8,000 reviews of 4,000 issues • 75+% were marked should fix or must fix more than 1,500 of the issues have already been removed
  7. 7. Static Analysis really useful? Static analysis typically finds mistakes but some mistakes don ’t matter The bug that matter depend on context Static analysis, at best , might catch 5-10% of your software quality problems Used effectively, static analysis is cheaper than other techniques for catching the same bugs
  8. 8. What is the difference FindBugs with Checkstyle and PMD Checkstyle has traditionally focused on coding standards such as naming conventions and spacing, and the presence of Javadocs. PMD is more focused on best practices, sub-optimal code, and potential errors. FindBugs' tendency to focus on potential bugs. in practice, a high proportion of the issues raised by FindBugs turn out to be real bugs.
  9. 9. Bug Categories
  10. 10. Bug Categories
  11. 11. How to use FindBugs
  12. 12. Bugs Detection Process
  13. 13. FindBugs Analysis Report
  14. 14. JavaScript Lint Based on the JavaScript engine for the Firefox Browser check JavaScript source code for common mistakes without actually running the script or opening the web page.
  15. 15. High Light Issues—checkout.js
  16. 16. High Light Issues—dom-creation.js C:aliceworkspacesaks.jarmediajsdom-creation.js(3042): lint warning: comparisons against null, 0, true, false, or an empty string allowing implicit type conversion (use === or !==) if ((optArr[i].selected == true && selected == null) || (optArr[i].value == selected)) ................................................................^ C:aliceworkspacesaks.jarmediajsdom-creation.js(3042): lint warning: comparisons against null, 0, true, false, or an empty string allowing implicit type conversion (use === or !==) if ((optArr[i].selected == true && selected == null) || (optArr[i].value == selected)) ...................................................................................^ C:aliceworkspacesaks.jarmediajsdom-creation.js(3060): lint warning: comparisons against null, 0, true, false, or an empty string allowing implicit type conversion (use === or !==) if (ddObj.data == null) { ..............................................^ C:aliceworkspacesaks.jarmediajsdom-creation.js(3061): SyntaxError: missing name after . operator $j.(ddObj.path, null, ...................................^
  17. 17. Continue Integration Plan Based on existed Cruise Control Server, continue to use it as continue integration Server. The current Cruise Control implements automatically build Projects.
  18. 18. Continue Integration Plan Add FindBugs in CruisControl build process Generate code metrics Generate code analysis report

×