YES WE SCAN! SOFTWARE ANALYSIS USING JQASSISTANT AND NEO4J
Show me your code and I'll tell you whether it's good or not - static code analysis nowadays is an essential part of quality-oriented software development: packages, classes, methods or even fields are deeply inspected before putting them into production.
But what about the frameworks and libraries we use - do they fit our expectations? Do they throw exceptions which are not documented? Does a minor upgrade break an existing API? Are there grave structural weaknesses which might cause unexpected changes of their behavior in the future?
jQAssistant is an Open Source tool which allows scanning of arbitrary software structures - OSGi bundles, EAR files, database schemas or even whole Maven repositories - into a Neo4j graph database. The gathered data may be used for interactive explorations using easy-to-learn queries based on Cypher. The presentation demonstrates examples for such kind of analysis on the structures of popular frameworks and provides interesting insights about their hidden secrets.
2. 2
Black Boxes Called Artifacts
jQAssistant
Software As A Graph
Let’s Explore Libraries!
3. Yes We Scan – Software Analysis Using jQAssistant
3
4. 4
Artifact
Result of a build/integration processes
Black Box – What does it hide?
Let‘s open it!
Person.java
@Entity
public class Person {
private String name;
}
pom.xml
<dependency>
<groupId>org.eclipse.persistence</groupId>
<artifactId>persistence-api</artifactId>
<version>2.1.0</version>
</dependency>
person.sql
create table PERSON (id number, name varchar(255)
model.jar
/com/acme/model/Person.class
/META-INF/persistence.xml
acme.war
/index.xhtml
/WEB-INF/lib/model.jar
5. 5
The Idea
Scan software structures
Store them into a database
Execute queries
Why?
Holistic view on the „real world“
Exploration
effective searches beyond IDE capabilities
Individual metrics and visualization
Complexity, Dependencies
Validation
Coding rules, design & architecture constraints
Reporting
And finally… it‘s fun!
Database
Find
all…
13. 13
All we need is…
Nodes
Labels
Properties
Relationships
Modeling is just…
Taking a pen
Drawing the structures on a whiteboard (i.e. the database)
We don‘t need…
Foreign keys
Tables and schemas
Knowledge in graph theory
Type
EXTENDS
fqn:com.acme.model.Person
15. 15
TypeType
Class
EXTENDS
Explore an application using queries
Which class extends from another class?
Let‘s convert this to ASCII art…
() as nodes
-[]-> as directed relationships
16. 16
TypeType
Class
EXTENDS
Explore an application using queries
Which class extends from another class?
Let‘s convert this to ASCII art…
() as nodes
-[]-> as directed relationships
()-[]->()
17. 17
C2
Type
C1
Type
Class
EXTENDS
Explore an application using queries
Which class extends from another class?
Let‘s convert this to ASCII art…
() as nodes
-[]-> as directed relationships
(c1)-[]->(c2)
18. 18
C2
Type
C1
Type
Class
EXTENDS
Explore an application using queries
Which class extends from another class?
Let‘s convert this to ASCII art…
() as nodes
-[]-> as directed relationships
(c1)-[:EXTENDS]->(c2)
19. 19
Explore an application using queries
Which class extends from another class?
Let‘s convert this to ASCII art…
() as nodes
-[]-> as directed relationships
(c1:Class)-[:EXTENDS]->(c2:Type)
C2
Type
C1
Type
Class
EXTENDS
20. 20
Explore an application using queries
Which class extends from another class?
Pattern matching is the core principle of Cypher
MATCH
(c1:Class)-[:EXTENDS]->(c2:Type)
RETURN
c1.fqn, c2.fqn
C2
Type
C1
Type
Class
EXTENDS
22. 22
Examples
Artifacts and Maven descriptors
API changes between releases
Declared deprecations
Thrown exceptions
Structural problems (metrics)
Declared members
Depth of inheritance hierarchies
Cyclomatic complexity
Fan In/Fan Out of classes and packages
Package Cycles
23. Yes We Scan
Software Analysis Using jQAssistant
23
https://jqassistant.org/yes-we-scan-exploring-libraries/
24. 24
What makes the difference?
Flexible data model
Get information about different aspects of the same software in just
one place
Extend it using plugins
Including custom implementations
Expressive queries
Enrich and query using your own concepts/abstractions
Create specific metrics and reports