Software Testing CI Tools for Software Quality Measurement

Beat Fluri

software evolution & architecture lab Quality Control Tools

Coding conventions for readability Checkstyle

Coverage of test code Cobertura

Searching for potential bugs Findbugs PMD

Software measurement (well-known software metrics) Sonar (not only for software metrics)

“Checkstyle is a development tool to help programmers write Java code that adheres to a coding standard. It automates the process of checking Java code to spare humans of this boring (but important) task. This makes it ideal for projects that want to enforce a coding standard.”

http://checkstyle.sourceforge.net/

Maven plugin http://maven.apache.org/plugins/maven-checkstyle-plugin/

Conﬁgure via XML or wizard in Eclipse http://eclipse-cs.sourceforge.net/

Coding conventions are deﬁned in XML

Each type must have a Javadoc down to visibility protected

Code structure

Naming conventions

Maven build

org.apache.maven.plugins maven-checkstyle-plugin verify checkstyle

Maven reporting

org.apache.maven.plugins maven-checkstyle-plugin false false checks/checkstyle.xml

Ant task

Checkstyle plugin for Hudson

“[FindBugs] a program which uses static analysis to look for bugs in Java code.”

http://ﬁndbugs.sourceforge.net/

Over 350 bug patterns http://ﬁndbugs.sourceforge.net/bugDescriptions.html

Maven plugin http://mojo.codehaus.org/ﬁndbugs-maven-plugin/2.3/

Possible bugs are described as code patterns

Pattern are categorized: Bad practice Correctness Malicious code vulnerability Performance Security Dodgy and some more

Bad practice Method with Boolean return type returns explicit null

Comparison of String objects using == or !=

Correctness Method does not check for null argument String dateString = getHeaderField(name); Method ignores return value dateString.trim();

Malicious code vulnerability Field is a mutable array public static final String[] = {};

Performance Method concatenates strings using + in a loop (use StringBuilder instead) Method allocates a boxed primitive just to call toString

new Integer(1).toString(); Integer.toString(1);

Security Empty database password

Dodgy integral division result cast to double or ﬂoat

int x = 2; int y = 5; double value1 = x / y; double value2 = x / (double) y;

Maven build

org.codehaus.mojo findbugs-maven-plugin verify findbugs

Maven reporting

org.codehaus.mojo findbugs-maven-plugin true true true

Ant task

FindBugs plugin for Hudson

PMD scans Java source code and looks for potential problems like: Possible bugs - empty try/catch/ﬁnally/switch statements Dead code - unused local variables, parameters and private methods Suboptimal code - wasteful String/StringBuffer usage Overcomplicated expressions - unnecessary if statements, for loops that could be while loops Duplicate code - copied/pasted code means copied/pasted bugs

http://pmd.sourceforge.net/

Over 280 rules http://pmd.sourceforge.net/rules/index.html

Maven plugin http://maven.apache.org/plugins/maven-pmd-plugin/

PMD deﬁnes 29 rulesets Android Rules; Basic JSF, JSP, Java Rules; Braces Rules; Design Rules; Java Migration Rules; JUnit Rules, String and StringBuffer Rules, etc.

Basic rules Empty catch block (and other empty statements) Return from ﬁnally block (discarding exceptions)

Design rules Use singleton (only static methods) Immutable ﬁeld

Strict exception rules Exception as ﬂow control

Maven build

org.apache.maven.plugins maven-pmd-plugin verify pmd

Maven reporting

org.apache.maven.plugins maven-pmd-plugin pmd false UTF-8 1.6

Ant task

PMD plugin for Hudson

“Sonar is an open platform to manage code quality.”

http://www.sonarsource.org/

7 axes of code quality Architecture and design, Unit Tests Duplications, Complexity, Potential bugs Coding rules, Comments

Uses Checkstyle, FindBugs, PMD

Maven plugin http://mojo.codehaus.org/sonar-maven-plugin/

Blog of John F. Smart: http://weblogs.java.net/blog/johnsmart/archive/2009/06/installing_sona.html

Sonar web site with screencasts http://www.sonarsource.org/screencasts/

Demo of Sonar http://nemo.sonarsource.org/