1. Ensuring high code quality in Java development : tools and procedures Presented by Mikhail Vladimirov (Leximera, Inc. http://www.leximera.com) June, 2010
2. The overall goal of IT governance is to avoid project failures, minimize the number of situations requiring “remediation” initiatives and maximize ROI in IT. With the existing trend to outsource (inshore and outshore) the IT development function, corporations are adopting more strict IT governance and compliance policies. Promotion of efficient and effective IT controls in design and development help achieve some of the IT governance goals. The need for strict IT governance
3. Enforcing SDLC standard’s provisions IT governance is ensured, among other things, by enforcing the Corporate Software Development Life Cycle (SDLC) standard. The Build phase of the SDLC standard includes such activities as code reviews and unit testing.
4.
5.
6.
7. Unit testing is an integral part of SDLC Unit tests are written contracts that individual units of new or modified/re-factored code must satisfy (work as per software design specification). Creating unit tests in parallel with code (or even ahead of it) leads to the creation of more maintainable and functional code. It also helps reduce uncertainty of the code correctness early in the Build phase of the SDLC. Unit tests document the behaviour of the system by showing the inputs/outputs and the API in action.
8. Unit testing: extending scope JUnit is the standard automated testing framework used in Java development. This system is normally supplemented by such testing toolkits as JMockit and EasyMock which can be used to augment simple unit tests and build a solid platform for Test-Driven Development.
9. Multithreaded unit tests One of the areas JUnit doesn't cover is that of multithreaded unit tests, which are absolutely needed, for instance, to verify thread-safety of the new piece of code or a 3 rd party module / library.
12. Code coverage activity Code coverage tools report the percentage of code accessed during testing and provide code metrics at the class , method , line or basic block level that can help identify un-used/unreachable code. Un-used (e.g. legacy) code (normally shown in red in reports) can be potentially safely removed (if the complete test suites were run against it) or additional tests be created. The “greener” are the code coverage reports, the better code coverage is provided by the existing tests.
14. Code Coverage Activity (cont’d) Eclipsed-based EMMA generated report (can also be exported into the HTML format)
15.
16.
17.
18.
19.
20. Code management in modern IDEs Modern Integrated Development Environments (IDE), e.g. Eclipse, IntelliJ, NetBeans used for development on Java™ platform offer a powerful code management toolset that can do real-time syntax checking, on-demand re-factoring, formatting and more. For example, IDEs will generate visual clues to help developer see some code defects right away as they are typing. Eclipse, for instance, will underline the code that declares a variables but never uses it: Or even identify a possible null pointer situation that may happen at run-time:
21. Enforcing coding standard and guidelines: Code Formatting Template The compliance with coding standards is, in part, ensured by using a uniform code formatting template (which meets formatting guidelines, e.g. line length, size/type of the indent, comments, java statements layout, etc.) by all developers on the project. First, the template file meeting the standard’s criteria is created end exported (a one-time exercise), then the template file is cascaded to project developers who import and use it in their IDEs.
22. Automated code inspection and analysis This exercise is mostly done via static code analysis tools that inspect program’s source code or generated byte-code and compare extracted elements against the repository of known defective code patterns. Static analysis solutions not only detect but in many cases offer corrective actions to fix coding problems. A good analyzer should have a good ratio of real issues count to the number of (usually harmless) warnings. Many tools provide means to create user-specific rule sets. The grouping by defect categories, ranking and setting priorities help with defect systematization.
28. Stacking up FindBugs to IBM Software Analyzer In comparison with IBM Software Analyzer, FindBugs, out of the box, definitely lacks such features as Visual Summary and PDF reports as well as some additional features. Some developers would argue that FindBugs offers plenty of information in a way that lends itself to report generation in any imaginable format. RSA offers an array of features that have their own specific audiences, e.g. the Java Architectural Discovery feature helps identify design patterns used in the project (e.g. Singleton or Factory method).
29. Stacking up FindBugs to IBM Software Analyzer (cont’d) Extensive Java metrics section of RSA offers a wide range of various heuristic-based ratios (e.g. lack of cohesion) the usefulness of some of which remains to be seen:
30. Stacking up FindBugs to IBM Software Analyzer (cont’d) When it comes to the hard-core functionality, FindBugs provides better diagnostics and easier result extraction (e.g. copying the results in the flat text format in the clipboard). For example, the following sub-optimal creation of an instance of a Long number: Long longWeekEndDays = new Long (3); was identified by both products. IBM’s RSA gives the following recommendation: Avoid instantiating a Number using new FindBugs goes farther by advising on action required: inefficient new Long(long) constructor; use Long.valueOf(long) instead