Software Testing CI Tools for Software Quality Measurement Beat Fluri software evolution & architecture lab Quality Control Tools Coding conventions for readability Checkstyle Coverage of test code Cobertura Searching for potential bugs Findbugs PMD Software measurement (well-known software metrics) Sonar (not only for software metrics) Dr. Beat Fluri © 2011 2 Checkstyle “Checkstyle is a development tool to help programmers write Java code that adheres to a coding standard. It automates the process of checking Java code to spare humans of this boring (but important) task. This makes it ideal for projects that want to enforce a coding standard.” http://checkstyle.sourceforge.net/ Maven plugin http://maven.apache.org/plugins/maven-checkstyle-plugin/ Configure via XML or wizard in Eclipse http://eclipse-cs.sourceforge.net/ Dr. Beat Fluri © 2011 3 Checkstyle Coding conventions are defined in XML Each type must have a Javadoc down to visibility protected <module name="JavadocType"> <property name="severity" value="error"/> <property name="scope" value="protected"/> </module> Code structure <module name="NeedBraces"> <property name="severity" value="error"/> </module> Dr. Beat Fluri © 2011 4 Checkstyle Naming conventions <module name="MemberName"> <property name="format" value="^f[A-Z][a-zA-Z]*$"/> </module> <module name="MethodName"> <property name="severity" value="error"/> <property name="format" value="^[a-z][a-zA-Z]*$"/> </module> <module name="StaticVariableName"> <property name="format" value="^s[A-Z][a-zA-Z]*$"/> </module> <module name="TypeName"> <property name="severity" value="error"/> <property name="format" value="^[A-Z][a-zA-Z]*$"/> </module> Dr. Beat Fluri © 2011 5 Including Checkstyle in Build Process Maven build <build> <plugins> <plugin> <groupId>org.apache.maven.plugins</groupId> <artifactId>maven-checkstyle-plugin</artifactId> <executions> <execution> <phase>verify</phase> <goals> <goal>checkstyle</goal> </goals> </execution> </executions> </plugin> </plugins> </build> Dr. Beat Fluri © 2011 6 Including Checkstyle in Build Process Maven reporting <reporting> <plugins> <plugin> <groupId>org.apache.maven.plugins</groupId> <artifactId>maven-checkstyle-plugin</artifactId> <configuration> <linkXRef>false</linkXRef> <consoleOutput>false</consoleOutput> <configLocation>checks/checkstyle.xml</configLocation> </configuration> </plugin> </plugins> </reporting> Dr. Beat Fluri © 2011 7 Including Checkstyle in Build Process Ant task <target name="checkstyle"> <taskdef resource="checkstyletask.properties" classpath="${checkstyle.lib}" /> <checkstyle config="checks/checkstyle.xml" failureProperty="checkstyle.failure" failOnViolation="false"> <formatter type="xml" tofile="${checkstyle.report.file}" /> <fileset dir="${src.dir}" includes="**/*.java" /> </checkstyle> </target> Dr. Beat Fluri © 2011 8 Checkstyle and Hudson Checkstyle plugin for Hudson Dr. Beat Fluri © 2011 9 Checkstyle and uDoo Dr. Beat Fluri © 2011 10 FindBugs “[FindBugs] a program which uses static analysis to look for bugs in Java code.” http://findbugs.sourceforge.net/ Over 350 bug patterns http://findbugs.sourceforge.net/bugDescriptions.html Maven plugin http://mojo.codehaus.org/findbugs-maven-plugin/2.3/ Dr. Beat Fluri © 2011 11 FindBugs Possible bugs are described as code patterns Pattern are categorized: Bad practice Correctness Malicious code vulnerability Performance Security Dodgy and some more Dr. Beat Fluri © 2011 12 FindBugs Bad practice Method with Boolean return type returns explicit null Comparison of String objects using == or != Correctness Method does not check for null argument String dateString = getHeaderField(name); Method ignores return value dateString.trim(); Malicious code vulnerability Field is a mutable array public static final String[] = {}; Dr. Beat Fluri © 2011 13 FindBugs Performance Method concatenates strings using + in a loop (use StringBuilder instead) Method allocates a boxed primitive just to call toString new Integer(1).toString(); Integer.toString(1); Security Empty database password Dodgy integral division result cast to double or float int x = 2; int y = 5; double value1 = x / y; double value2 = x / (double) y; Dr. Beat Fluri © 2011 14 Including FindBugs in Build Process Maven build <build> <plugins> <plugin> <groupId>org.codehaus.mojo</groupId> <artifactId>findbugs-maven-plugin</artifactId> <executions> <execution> <phase>verify</phase> <goals> <goal>findbugs</goal> </goals> </execution> </executions> </plugin> </plugins> </build> Dr. Beat Fluri © 2011 15 Including FindBugs in Build Process Maven reporting <reporting> <plugins> <plugin> <groupId>org.codehaus.mojo</groupId> <artifactId>findbugs-maven-plugin</artifactId> <configuration> <findbugsXmlOutput>true</findbugsXmlOutput> <findbugsXmlWithMessages>true</findbugsXmlWithMessages> <xmlOutput>true</xmlOutput> </configuration> </plugin> </plugins> </reporting> Dr. Beat Fluri © 2011 16 Including FindBugs in Build Process Ant task <target name="findbugs"> <taskdef name="findbugs" classpath="${findbugs.lib}" classname="edu.umd.cs.findbugs.anttask.FindBugsTask" /> <findbugs home="${findbugs.home}" output="xml:withMessages" outputFile="${findbugs.report.file}"> <auxClasspath> <path refid="build.classpath" /> </auxClasspath> <sourcePath path="${src.dir}" /> <class location="${bin}" /> </findbugs> </target> Dr. Beat Fluri © 2011 17 FindBugs and Hudson FindBugs plugin for Hudson Dr. Beat Fluri © 2011 18 FindBugs and uDoo Dr. Beat Fluri © 2011 19 PMD PMD scans Java source code and looks for potential problems like: Possible bugs - empty try/catch/finally/switch statements Dead code - unused local variables, parameters and private methods Suboptimal code - wasteful String/StringBuffer usage Overcomplicated expressions - unnecessary if statements, for loops that could be while loops Duplicate code - copied/pasted code means copied/pasted bugs http://pmd.sourceforge.net/ Over 280 rules http://pmd.sourceforge.net/rules/index.html Maven plugin http://maven.apache.org/plugins/maven-pmd-plugin/ Dr. Beat Fluri © 2011 20 PMD PMD defines 29 rulesets Android Rules; Basic JSF, JSP, Java Rules; Braces Rules; Design Rules; Java Migration Rules; JUnit Rules, String and StringBuffer Rules, etc. Basic rules Empty catch block (and other empty statements) Return from finally block (discarding exceptions) Design rules Use singleton (only static methods) Immutable field Strict exception rules Exception as flow control Dr. Beat Fluri © 2011 21 Including PMD in Build Process Maven build <build> <plugins> <plugin> <groupId>org.apache.maven.plugins</groupId> <artifactId>maven-pmd-plugin</artifactId> <executions> <execution> <phase>verify</phase> <goals> <goal>pmd</goal> </goals> </execution> </executions> </plugin> </plugins> </build> Dr. Beat Fluri © 2011 22 Including PMD in Build Process Maven reporting <reporting> <plugins> <plugin> <groupId>org.apache.maven.plugins</groupId> <artifactId>maven-pmd-plugin</artifactId> <reportSets> <reportSet><reports> <report>pmd</report> </reports></reportSet> </reportSets> <configuration> <linkXRef>false</linkXRef> <sourceEncoding>UTF-8</sourceEncoding> <targetJdk>1.6</targetJdk> </configuration> </plugin> </plugins> </reporting> Dr. Beat Fluri © 2011 23 Including PMD in Build Process Ant task <target name="pmd"> <taskdef name="pmd" classname="net.sourceforge.pmd.ant.PMDTask" classpath="${pmd.lib}" /> <pmd rulesetfiles="basic"> <formatter type="xml" toFile="${pmd.report.file}" /> <fileset dir="${src.dir}" includes="**/*.java" /> </pmd> </target> Dr. Beat Fluri © 2011 24 PMD and Hudson PMD plugin for Hudson Dr. Beat Fluri © 2011 25 PMD and uDoo Dr. Beat Fluri © 2011 26 Sonar “Sonar is an open platform to manage code quality.” http://www.sonarsource.org/ 7 axes of code quality Architecture and design, Unit Tests Duplications, Complexity, Potential bugs Coding rules, Comments Uses Checkstyle, FindBugs, PMD Maven plugin http://mojo.codehaus.org/sonar-maven-plugin/ Dr. Beat Fluri © 2011 27 Installing and Using Sonar Blog of John F. Smart: http://weblogs.java.net/blog/johnsmart/archive/2009/06/installing_sona.html Sonar web site with screencasts http://www.sonarsource.org/screencasts/ Demo of Sonar http://nemo.sonarsource.org/ Dr. Beat Fluri © 2011 28.