Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
Upcoming SlideShare
Attackers Vs Programmers
Attackers Vs Programmers
Loading in …3
×
1 of 23

Blackboard DevCon 2012 - Ensuring Code Quality

2

Share

Related Books

Free with a 30 day trial from Scribd

See all

Related Audiobooks

Free with a 30 day trial from Scribd

See all

Blackboard DevCon 2012 - Ensuring Code Quality

  1. 1. Ensuring Code Quality Noriaki Tatsumi, Mgr, Performance Engineering Scott Hurrey, Developer Relations Engineer Blackboard, Inc.
  2. 2. How’s your application’s code quality? 2
  3. 3. Why Code Quality Matters • Your code is your asset • Increase robustness, maintainability, security, performance, scal ability, extensibility, etc. • Keeps your cost down as you grow Prevention is the best medicine! 3
  4. 4. Challenges with Code Quality • Often talked about in theory but not actually practiced • Hard to measure or prove • Difficult to plan and prioritize 4
  5. 5. Blackboard Learn Code Quality Initiatives • Coding guidelines • Design reviews • API standards • Peer code review for every check-in • Automated testing (unit, functional, perf, security) • Static analysis • Anti-patterns repository 5
  6. 6. Sonar – All Java Projects Aggregated Metric 6
  7. 7. Sonar – Quality Management Platform http://www.sonarsource.org/ • Open source and extensible • Manages code quality with • Views of all projects at a glace, drill down to source code, differential, hotspots • Coding Rules • Unit Tests • Standard Metrics • Time Machine • Integration with tools such as PMD, Findbugs, Checkstyle, JSLint, Clover, Cobetura, Huds on (many plugins available) 7
  8. 8. Sonar – Timeline You can’t improve if you don’t measure! 8
  9. 9. Sonar – Code Duplication Metric You don’t have to have technical knowledge to understand! 9
  10. 10. Sonar – Duplicated Code Drilldown 10
  11. 11. Sonar – Rule Compliance Metric You don’t have to have technical knowledge to understand! 11
  12. 12. Sonar – Rule Violation Drilldown 12
  13. 13. Sonar – Static analysis rule 13
  14. 14. Static Code Analysis (SCA) • Applies rules to find potential bugs, anti-patterns, and code style violations • Catches problems as early as possible in the development process • A well-established industry practice for validating the quality of source code • Can be automated and tracked by tools like Sonar 14
  15. 15. SCA – Blackboard Learn Objectives • No Blocker/Critical violations (Go/No-Go criteria for releases starting SP10) • Trend Major/Minor/Informational violations downwards 15
  16. 16. SCA – Blackboard Learn Supporting Process Developer check-in 1. Run Blackboard’s custom pre-commit Sonar analysis tool against files in changelists 2. Review results • Fix blocker/critical violations • Use granular suppression and document detailed reason for no-fix 3. Repeat until at a minimum all Blocker/Critical violations are addressed 16
  17. 17. SCA – Blackboard Learn Supporting Process Nightly automation process 1. Execute Sonar analysis 2. Send violation email to the responsible engineers 3. Report all violations to engineering managers 4. Open JIRA tickets as necessary 17
  18. 18. SCA – Blackboard Learn Rule Sets • 394 JAVA rules (20 custom rules) • 10 JSP rules • 14 JavaScript rules • 5 CSS rules (Home grown plugin) 18
  19. 19. SCA – Go check it out! • Sonar http://www.sonarsource.org/ • Blackboard LearnTM custom PMD rules and Sonar Java profile http://tinyurl.com/bbquality 19
  20. 20. Code Quality for the Community • A resource to assist Building BlockTM developers in avoiding common performance, security and other pitfalls. • Product Development and Business Development working together • Will be built as a new section on edugarage. • Self-service • Tool recommendations 20
  21. 21. Code Quality Community Resources • Custom Rule Sets • Wiki • Sample Code • Recommended Tools • Coming Soon: • Plan to add an Anti-Pattern Repository • Some method of allowing Community members to submit anti-patterns back to Blackboard. 21
  22. 22. Code Quality Tool Types • Static Code Analysis • Sonar • Forensic Analysis • VisualVM • Peer Code Review • Crucible • Automated Testing • Junit • Selenium 22
  23. 23. How Can I Help? • Add your anti-patterns • Add your lessons learned • Add your system tuning tweaks • Add your optimized sample code • Join TechBUG and present your Code Quality modifications and gotchas to your peers. • Let us know what other areas you see that improvement needs to be made 23

×