Top Banner
Lena Petsenchuk 19.08.2011 Tools for code quality control in Flex “Any fool can write code that a computer can understand. Good programmers write code that humans can understand.” ~Martin Fowler
29

Code quality tools

Sep 12, 2014

Download

Technology

This presentation provides participants with an overview of
the most popular tools for code quality control in Flex. Among them: Sonar with Flex plugin, FlexPMD & FlexPMD Eclipse plugin, SWFScan from HP and FlexFormatting Eclipse plugin.
In this presentation will be presented the basic information about each of the mentioned tools, information how to configure some of these tools, how to use them and How to interpret results of their work.

Agenda:
Sonar with Flex plugin
FlexPMD
-What is FlexPMD
-How does it work
FlexPMD plugin
-Configuration
-Supported workflows
-FlexCPD integration
-FlexPMD Ruleset Creator
SwfScan from HP
FlexCover
ItDepends
FlexFormatting
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Page 1: Code quality tools

Lena Petsenchuk19.08.2011

Tools for code quality control in Flex“Any fool can write code that a computer can understand.

Good programmers write code that humans can understand.”

~Martin Fowler

Page 2: Code quality tools

Agenda Sonar with Flex plugin FlexPMD

– What is FlexPMD– How does it work

FlexPMD plugin– Configuration– Supported workflows– FlexCPD integration– FlexPMD Ruleset Creator SwfScan from HP FlexCover ItDepends FlexFormatting

Page 3: Code quality tools

Sonar with Flex Plugin Sonar is a tool for code quality

analysis. It helps improving software quality

using static analysis tools. It targets Java code, but there are

plugins for Flex, C, PHP, .Net and other languages.

The Flex plug-in specifically uses FlexPMD, FlexMetrics, FlexCPD and FlexMojos.

Page 4: Code quality tools

Sonar's Results

Dashboard

Violationsdrilldown

Page 5: Code quality tools

Sonar’s ResultsHotspots

Radiator

Timemachine

Page 6: Code quality tools

Sonar’s Results

Motion Chart

Page 7: Code quality tools

What is FlexPMDFlexPMD is a tool that helps to improve code quality by auditing any AS3/Flex source directory and detecting common bad practices.http://opensource.adobe.com/wiki/display/flexpmd/FlexPMD

FlexPMD can detect:

– Coding standards violations– Code duplication– Unused code (functions, variables, constants, etc.)– Over-complex code (nested loops, too many conditionals, etc.)– Over-long code (classes, methods, etc.)– Unhandled exceptions– Incorrect use of the Flex component lifecycle (commitProperties,

etc.)

Page 8: Code quality tools

How to invokeFlexPMD can currently be

invoked from:

The command line Maven Ant Automator on Mac OS X Eclipse FlexBuilder TextMate on Mac OS X FlashDevelop

Page 9: Code quality tools

How does it work FlexPMD is delivered with a

set of standard rules for Flex/AS development. Each source file that is processed is checked against every rule.

Currently, FlexPMD produces a XML report

by default, plus an HTML report when invoked by the Maven site plugin.

Page 10: Code quality tools

FlexPMD Plugin The FlexPMD Plugin is a plugin to

streamline the development process in regards to FlexPMD violationsUpdate sitehttp://opensource.adobe.com/svn/opensource/flexpmd/plugin/trunk/flex-pmd-eclipse-plugin-site

It analyses the code and marks the violations inline in the code so that developers can see them as they develop

It allows easy navigation between the list of violations and the associated code

Page 11: Code quality tools

Configure FlexPMD plugin Download FlexPMD command line tools

(http://opensource.adobe.com/wiki/display/flexpmd/Downloads )

FlexPMD command line. This is a mandatory field. You have to select the flex-pmd-command-line.jar from your hard drive.

FlexPMD custom ruleset. You can leave this field empty, if so a default ruleset will be used.

FlexCPD command line. You have to select the flex-pmd-cpd-command-line.jar you wish from your hard drive.

Page 12: Code quality tools

Supported workflows – Code review workflow

Code review workflow: As a code reviewer I want to be able to audit and review the quality of an entire project or any given functional area in terms of PMD violations.

Ideal for Projects that didn’t use FlexPMD from the very

beginning Projects where not all developers use FlexPMD Audit specific functional areas

Benefits FlexPMD recommendations are displayed in a

specific panel and can be sorted attending its relevance or violation type

Page 13: Code quality tools

Code Review workflow Select any

source folder in a project

Right click on it Select FlexPMD

> Run FlexPMD

Page 14: Code quality tools

Supported workflows – Development workflow

Development workflow: As a developer I want to see PMD violations in the files I'm working in. If a file changes the violations should be updated immediately.

Ideal for Projects that start using FlexPMD from the

very beginning Teams that proactively want to promote

collective code and team best practices

Benefits FlexPMD execute automatically on every

compilation

Page 15: Code quality tools

Development workflow Right click in a project Select FlexPMD > Add FlexPMD Nature

Note: If at any point you want to remove the nature you can select FlexPMD > Remove FlexPMD Nature

Page 16: Code quality tools

FlexPMD Outline In the FlexPMD Outline View you'll see the violations in the currently

opened editor.

If the arrows button is toggled, whenever the file is saved FlexPMD will be re-executed on it and the Outline will be updated providing always up-to-date information to the developer with very little delay and without having to compile the entire project.

Page 17: Code quality tools

FlexCPD integration FlexCPD can detect suspect copy/paste sections of code

in your project. Executes on demand

You can execute FlexCPD by right-click in a source folder and select FlexPMD > Find suspect cut & paste.

Creates a list of snippets of duplicated code You can navigate to the source code file by double

clicking on the item

Page 18: Code quality tools

FlexPMD Ruleset Creator http://opensource.adobe.com/svn/opensource/flexpmd/bin/

flex-pmd-ruleset-creator.html

Page 19: Code quality tools

SwfScan from HP HP SWFScan, a free tool developed by HP Web

Security Research Group, will automatically find security vulnerabilities in applications built on the Flash platform.

How SWFScan works and what vulnerabilities it finds:

Decompiles applications built on the Adobe Flash platform to extract the ActionScript code and statically analyzes it to identify security issues such as information disclosure. (The tool couldn’t decompile flash files protected with SWFEncrypt.)

Page 20: Code quality tools

SwfScan from HP – Settings It looks for about 75

known security vulnerabilities that are targeted by malicious hackers.

This includes unprotected confidential data, cross-site scripting, cross-domain privilege escalation, and user input that does not get validated.

Page 21: Code quality tools

SwfScan from HP – Results

Page 22: Code quality tools

FlexCover Flexcover - a tool that measures how much of

your Flex, AIR or AS3 application code actually runs when tested.

http://code.google.com/p/flexcover/

Install FlexCover Create a copy of the Flex SDK that you will customize for Flexcover Modify this custom SDK to use the Flexcover compilers and

libraries. Modify your own build tools to use the custom Flexcover SDK Install the CoverageViewer AIR Application

Page 23: Code quality tools

FlexCover Run Tests

The .cvm file will be generated

Page 24: Code quality tools

FlexCover Launch the Coverage Viewer, then click the Load File... button;

in the resulting dialog, locate the xxx.cvm file and click Open.

Page 25: Code quality tools

ItDepends ItDepends is a tool for visually exploring the dependencies

between classes and packages in an Adobe Flex application, with the aim of making it easy for developers to understand how their application can be made smaller and/or broken up into dynamically loadable moduleshttp://code.google.com/p/it-depends/wiki/UsingItDepends

ItDepends works with an XML link report file generated by the MXMLC compiler's -link-report option. This file describes all the classes in the application and their dependencies and code sizes.

Page 26: Code quality tools

ItDepends

Page 27: Code quality tools

FlexFormatting Eclipse plugin that provides mxml/actionscript source

code formattingUpdate site -

http://flexformatter.googlecode.com/svn/trunk/FlexFormatter/FlexPrettyPrintCommandUpdateSite/

Settings

Page 28: Code quality tools

FlexFormatting Example – Before & After

Page 29: Code quality tools

Questions