Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Java Code Quality Tools


Published on

There are several tools to measure the code quality. Here we learn about two important code quality tools for Java applications.

Published in: Software
  • Be the first to comment

  • Be the first to like this

Java Code Quality Tools

  1. 1. Code Quality Tools Powered by Infaum Educational Technology Anju ML
  2. 2. Code Quality Tools Here we are discussing about two important code quality tools.  SonarQube  FindBugs
  3. 3. SonarQube NOTE: Sonar Logo is taken from its official site
  4. 4. SonarQube • Sonar is an open source platform for continuous inspection of code quality. • Static code Analysis- Java. • It is developed with a main objective in mind: make code quality management accessible to everyone with minimal effort. • Sonar provides code analyzers, reporting tools, defects hunting modules and TimeMachine as core functionality.
  5. 5. Sonar- All in one…. NOTE: DRY—Don't Repeat Yourself Don't Repeat Yourself is a programming principle aimed at reducing repetition of code. NOTE: Above image is taken from its official site
  6. 6. Design and architecture—minimize dependencies Duplications—isolates and refines duplications, Don't Repeat Yourself Unit tests—writes unit tests, especially for complex parts of the software Complexity—equalizes disproportionate distributed complexity among components; eliminates complexity if possible Potential bugs—eliminate code violations to prevent vulnerabilities Coding standards—respect coding standards and follow best practices Documentation and comments—provide documentation especially for the Public API, the source code
  7. 7. How does Sonar work? Sonar is made of simple and flexible architecture that consists of three components:  A set of source code analyzers analyzers that are grouped in a maven plugin and are triggered on demand. The analyzers use configuration which is stored in the database.  A database to not only store the results of analysis, projects and global configuration but also to keep historical analysis for Time Machine  A web reporting tool is used to display code quality dashboards on projects, hunt for defects, and check TimeMachine and to configure analysis.
  8. 8. What Sonar provides? • Quality profiles • Dashboards o A consolidated view that shows all projects o Project dashboard is also available at modules and packages level • Hunting Tools • TimeMachine o TimeMachine is used to watch the evolution, replay the past, especially as it records versions of the project.
  9. 9. FindBugs NOTE: FindBugs Logo is taken from its official site
  10. 10. FindBugs • FindBugs is a program to find bugs in Java programs. • FindBugs is platform independent, and is known to run on GNU/Linux, Windows, and MacOS X platforms. • It uses static analysis on java code. – Static analysis is a way to inspect code without executing the program. • Works on byte code rather than source code.
  11. 11. • This tool inspects Java byte code which is saved in the form of complied class files, to detect occurrences of bug patterns. Bug patterns • Bug patterns are checklist items for possible problems in the Java source.
  12. 12. • Malicious code vulnerability – code that can be maliciously altered by other code. • Dodgy – code that can lead to errors. • Bad practice – code that violates the recommended coding practices. • Correctness – code that might give different results than the developer intended. • Internationalization – code that can inhibit the use of international characters. The patterns are categorized by the list below:
  13. 13. • Performance – code that could be written differently to improve performance. • Security – code that can cause possible security problems. • Multithreaded correctness – code that could cause problems in multi-threaded environment. • Experimental – code that could miss clean up of steams, database objects, or other objects that require cleanup operation.
  14. 14. FindBugs Results Warning reported by FindBugs are categorized into: • Relevant positive – a bug that the developers must fix or should fix. • Irrelevant positive –a bug but it is irrelevant to the program and does not need to be fixed. • False positive – Not a bug.
  15. 15. • My conclusion from this is that using FindBugs is definitely worthwhile. I plan to roll it out to all my Java projects and integrate it into the automated builds so that the FindBugs results are also available from the continuous integration server.