Java Code Quality Tools

Sergiy Gomenyuk

• Defects

• Program analysis

• Java Code Quality Tools

•Anomalies in code

•Can be found by reading the pattern of code – Bug Patterns!

•Can be automatically found!

•By tools for capturing Java tech defects

Static program analysis is the analysis of computer software that

is performed without actually executing programs (analysis

performed on executing programs is known as dynamic analysis). In

most cases the analysis is performed on some version of the source

code and in the other cases some form of the object code. The

term is usually applied to the analysis performed by an automated

tool, with human analysis being called program understanding,

program comprehension or code review.

Dynamic program analysis is the analysis of computer software that is performed by

executing programs on a real or virtual processor. For dynamic program analysis to be

effective, the target program must be executed with sufficient test inputs to produce

interesting behavior. Use of software testing techniques such as code coverage helps

ensure that an adequate slice of the program's set of possible behaviors has been

observed. Also, care must be taken to minimize the effect that instrumentation has on the

execution (including temporal properties) of the target program

The OMG (Object Management Group) published a study regarding the types

of software analysis required for software quality measurement and

assessment. This document on "How to Deliver Resilient, Secure, Efficient, and

Easily Changed IT Systems in Line with CISQ Recommendations" describes four

levels of software analysis.

Unit Level - Analysis that takes place within a specific program or subroutine,

without connecting to the context of that program.

Technology Level - Analysis that takes into account interactions between unit

programs to get a more holistic and semantic view of the overall program in

order to find issues and avoid obvious false positives.

System Level - Analysis that takes into account the interactions between unit

programs, but without being limited to one specific technology or

programming language.

Mission/Business Level - Analysis that takes into account the business/mission

layer terms, rules and processes that are implemented within the software

system for its operation as part of enterprise or program/mission layer

activities.

• Code Analysis

• Metrics

• JUnit Test Generation

• JUnit Test Editor

• Code Coverage

• Dependency Analysis

• Similar Code Analysis

• Possible bugs - empty try/catch/finally/switch

statements

• Dead code - unused local variables,

parameters and private methods

• Suboptimal code - wasteful String/StringBuffer usage

• Overcomplicated expressions - unnecessary if statements,

for loops that could be while loops

• Duplicate code - copied/pasted code means copied/pasted

bugs

• Correctness bug - Probable bug - an apparent

coding mistake resulting in code that was

probably not what the developer intended.

• Bad Practice - Violations of recommended and essential

coding practice. Examples include hash code and equals

problems, cloneable idiom, dropped exceptions, serializable

problems, and misuse of finalize.

• Dodgy - Code that is confusing, anomalous, or written in a

way that leads itself to errors. Examples include dead local

stores, switch fall through, unconfirmed casts, and

redundant null check of value known to be null.

• Cobertura

– eCobertura – Eclipse Plugin

• EMMA

– EclEmma and JaCoCo – Eclipse Plugins

• Checkstyle is a development tool to help

programmers write Java code that adheres to a

coding standard. It automates the process of

checking Java code to spare humans of this boring

(but important) task. This makes it ideal for projects that

want to enforce a coding standard.

• What main defects in software application

• How we can analysis programs and find them

• What tools we can use for Java application