Continuous Integration Tools (PDF, 469 KB)

4 downloads 96 Views 469KB Size Report
Checkstyle. “Checkstyle is a development tool to help programmers write Java .... PMD scans Java source code and looks for potential problems like: Possible ...
Software Testing CI Tools for Software Quality Measurement

Beat Fluri

software evolution & architecture lab

Quality Control Tools Coding conventions for readability Checkstyle

Coverage of test code Cobertura

Searching for potential bugs Findbugs PMD

Software measurement (well-known software metrics) Sonar (not only for software metrics)

Dr. Beat Fluri © 2011

2

Checkstyle “Checkstyle is a development tool to help programmers write Java code that adheres to a coding standard. It automates the process of checking Java code to spare humans of this boring (but important) task. This makes it ideal for projects that want to enforce a coding standard.” http://checkstyle.sourceforge.net/ Maven plugin http://maven.apache.org/plugins/maven-checkstyle-plugin/

Configure via XML or wizard in Eclipse http://eclipse-cs.sourceforge.net/

Dr. Beat Fluri © 2011

3

Checkstyle Coding conventions are defined in XML Each type must have a Javadoc down to visibility protected

Code structure

Dr. Beat Fluri © 2011

4

Checkstyle Naming conventions

Dr. Beat Fluri © 2011

5

Including Checkstyle in Build Process Maven build org.apache.maven.plugins maven-checkstyle-plugin verify checkstyle

Dr. Beat Fluri © 2011

6

Including Checkstyle in Build Process Maven reporting org.apache.maven.plugins maven-checkstyle-plugin false false checks/checkstyle.xml

Dr. Beat Fluri © 2011

7

Including Checkstyle in Build Process Ant task

Dr. Beat Fluri © 2011

8

Checkstyle and Hudson Checkstyle plugin for Hudson

Dr. Beat Fluri © 2011

9

Checkstyle and uDoo

Dr. Beat Fluri © 2011

10

FindBugs “[FindBugs] a program which uses static analysis to look for bugs in Java code.” http://findbugs.sourceforge.net/ Over 350 bug patterns http://findbugs.sourceforge.net/bugDescriptions.html

Maven plugin http://mojo.codehaus.org/findbugs-maven-plugin/2.3/

Dr. Beat Fluri © 2011

11

FindBugs Possible bugs are described as code patterns Pattern are categorized: Bad practice Correctness Malicious code vulnerability Performance Security Dodgy and some more

Dr. Beat Fluri © 2011

12

FindBugs Bad practice Method with Boolean return type returns explicit null Comparison of String objects using == or !=

Correctness Method does not check for null argument Method ignores return value

String dateString = getHeaderField(name); dateString.trim();

Malicious code vulnerability Field is a mutable array

Dr. Beat Fluri © 2011

public static final String[] = {};

13

FindBugs Performance Method concatenates strings using + in a loop (use StringBuilder instead) Method allocates a boxed primitive just to call toString new Integer(1).toString(); Integer.toString(1);

Security Empty database password

Dodgy integral division result cast to double or float int x = 2; int y = 5; double value1 = double value2 = Dr. Beat Fluri © 2011

x / y; x / (double) y; 14

Including FindBugs in Build Process Maven build org.codehaus.mojo findbugs-maven-plugin verify findbugs

Dr. Beat Fluri © 2011

15

Including FindBugs in Build Process Maven reporting org.codehaus.mojo findbugs-maven-plugin true true true

Dr. Beat Fluri © 2011

16

Including FindBugs in Build Process Ant task

Dr. Beat Fluri © 2011

17

FindBugs and Hudson FindBugs plugin for Hudson

Dr. Beat Fluri © 2011

18

FindBugs and uDoo

Dr. Beat Fluri © 2011

19

PMD PMD scans Java source code and looks for potential problems like: Possible bugs - empty try/catch/finally/switch statements Dead code - unused local variables, parameters and private methods Suboptimal code - wasteful String/StringBuffer usage Overcomplicated expressions - unnecessary if statements, for loops that could be while loops Duplicate code - copied/pasted code means copied/pasted bugs

http://pmd.sourceforge.net/ Over 280 rules http://pmd.sourceforge.net/rules/index.html

Maven plugin http://maven.apache.org/plugins/maven-pmd-plugin/ Dr. Beat Fluri © 2011

20

PMD PMD defines 29 rulesets Android Rules; Basic JSF, JSP, Java Rules; Braces Rules; Design Rules; Java Migration Rules; JUnit Rules, String and StringBuffer Rules, etc.

Basic rules Empty catch block (and other empty statements) Return from finally block (discarding exceptions)

Design rules Use singleton (only static methods) Immutable field

Strict exception rules Exception as flow control Dr. Beat Fluri © 2011

21

Including PMD in Build Process Maven build org.apache.maven.plugins maven-pmd-plugin verify pmd

Dr. Beat Fluri © 2011

22

Including PMD in Build Process Maven reporting org.apache.maven.plugins maven-pmd-plugin pmd false UTF-8 1.6 Dr. Beat Fluri © 2011

23

Including PMD in Build Process Ant task

Dr. Beat Fluri © 2011

24

PMD and Hudson PMD plugin for Hudson

Dr. Beat Fluri © 2011

25

PMD and uDoo

Dr. Beat Fluri © 2011

26

Sonar “Sonar is an open platform to manage code quality.” http://www.sonarsource.org/ 7 axes of code quality Architecture and design, Unit Tests Duplications, Complexity, Potential bugs Coding rules, Comments

Uses Checkstyle, FindBugs, PMD Maven plugin http://mojo.codehaus.org/sonar-maven-plugin/

Dr. Beat Fluri © 2011

27

Installing and Using Sonar Blog of John F. Smart: http://weblogs.java.net/blog/johnsmart/archive/2009/06/installing_sona.html

Sonar web site with screencasts http://www.sonarsource.org/screencasts/

Demo of Sonar http://nemo.sonarsource.org/

Dr. Beat Fluri © 2011

28