static code analysis

Static Code Analysis

@brwngrldev +AnnyceDavis

“I’ll be learning something new on my deathbed.”

Checking your program for errors without executing it

What is it?

@brwngrldev

Testing

What it’s not

@brwngrldev

1 / 7 - 10@brwngrldev

1 / 10@brwngrldev

1000

The tools…

Checkstyle

1

FindBugs

2

PMD

3

Lint

4

@brwngrldev

@brwngrldev

Lint

Checkstyle

FindBugs

PMD

Checkstyle

“… a development tool to help programmers write Java code that

adheres to a coding standard.”

Source

Files

config.xml

Checkstyle Tool

Modules

Design

Formatting

Code Complexity

apply plugin: ‘checkstyle’

task checkstyle(type: Checkstyle) { description 'Checks if the code passes quality standards' group 'verification' configFile file(‘checkstyle.xml') …}

<module name=“MethodLength"> <property name="max" value=“60"/> </module> <module name=“LineLength"> <property name="max" value=“120"/> </module><module name=“CyclomaticComplexity"> <property name="max" value=“8"/> </module> …

playerControlConfig.setShowClosedCaptionsButton(a.getBoolean(R.styleable.WapoVideoView_showClosedCaptionsButton, false)); playerControlConfig.setShowClosedCaptionsButton(a.getBoolean(R.styleable.WapoVideoView_showClosedCaptionsButton, false));

<module name=“CyclomaticComplexity"> <property name="max" value=“8"/> </module>

Example

public void overlyComplexMethod(Video video) { if (video != null && video.getStreamUrl() != null) { switch (video.getCategory()) { case "CAT1" : playVideo(video); if (video.getLargeImageUrl() == null) { video.setLargeImageUrl("http://www.largeImage.png"); } updateMetadata(video); break; case "CAT2" : if (video.getLargeImageUrl() == null) { video.setLargeImageUrl("http://www.smallImage.png"); }

… warning: Cyclomatic Complexity is 9

public void overlyComplexMethod(Video video) { if (video != null && video.getStreamUrl() != null) { updateVideoBasedOnCategory(video); } }

private void updateVideoBasedOnCategory(Video video) { switch (video.getCategory()) { case "CAT1" : playVideo(video); if (video.getLargeImageUrl() == null) { video.setLargeImageUrl("http://www.largeImage.png"); } updateMetadata(video); break;

7

switch (video.getCategory()) { case "CAT1" : playVideo(video); updateMetaDataAndUrl(video, "http://www.largeImage.png"); break; …

4

@brwngrldev

Review…

• Formatting

• Code Complexity

• Refactor Gradually

@brwngrldev

Checkstyle

1

FindBugs

But this…

“…inspect Java bytecode for occurrences of bug

patterns”

apply plugin: ‘findbugs’

task findbugs(type: FindBugs) { description 'Run findbugs' group 'verification'

effort 'max' excludeFilter file('findbugs-exclude.xml') …}

<FindBugsFilter> <Match> <Class name="~.*R\$.*"/> </Match> <Match> <Bug pattern="HE_EQUALS_NO_HASHCODE"/> </Match>

…</FindBugsFilter>

Example

gradle findbugs

Review…

• Bug Patterns

• Not Always Right

• Use the Filters

FindBugs

2

@brwngrldev

PMD

“…finds common programming flaws like unused variables, empty catch blocks…”

apply plugin: ‘pmd’

task pmd(type: Pmd) { description 'Run pmd' group 'verification'

ruleSetFiles = files("./qa-checks/pmd-ruleset.xml") …}

<ruleset> <rule ref="rulesets/java/braces.xml" />

<rule ref="rulesets/java/strings.xml" />

<rule ref="rulesets/java/basic.xml" /> …</ruleset>

Braces Ruleset

Example

gradle pmd

Find out why

Fix it…

Review…

• Possible Bugs

• Wasteful Usage

• Duplicate Code

@brwngrldev

PMD

3

Ewww!!!

“…checks for structural code problems that could affect the quality and performance of

your application.”

Lint

Lintian

JSLintAndroid Lint SplintPC-Lint

PyLint

cpplint

Example

Android Lint<lint> <issue id="IconColors" severity="ignore" /> <issue id="IconMissingDensityFolder" severity="ignore" /> <issue id="UnusedResources"> <ignore path="**/config.xml" /> </issue> …</lint>

Continous Integration

Review

• Structural Issues

• Exclude Checks

• Continuous Integration

Lint

4

@brwngrldev

Summary

PMD

Checkstyle

FindBugs

Lint

@brwngrldev

Resources

• Clean Code - http://amzn.to/1DJybxH

• Effective Java - http://amzn.to/1Ku8Xel

• Google Code Style - http://goo.gl/8Pf6J3

• QA Checks - http://git.io/vCMwc

• Conquering Cyclomatic Complexity - http://goo.gl/lRoPXN

• Using Android Lint - http://goo.gl/Zl2BPx

• Static Code Analysis Tools - https://goo.gl/0Hczxn

@brwngrldev

Photo Credits• Slide 7 - https://www.flickr.com/photos/orinrobertjohn/13068719

• Slide 20 - https://www.flickr.com/photos/oakleyoriginals/2750185692

• Slide 41 - https://commons.wikimedia.org/wiki/File:Navel_lint_ball.jpg

• Slide 50 - https://pixabay.com/en/thumb-success-successful-fan-faust-328420/

@brwngrldev

Thanks!

@brwngrldev +AnnyceDavis www.adavis.info