Static Code Analysis

From Gcube Wiki
Jump to: navigation, search

Static Code Analysis is a testing methodology that tests software's source code, without actually running the program. Aspects checked by static analysis are: syntax correctness of source code, compliance with formatting guidelines, correctness of algorithms, probable bugs, presence of a proper code documentation.


gCube System exploits the ETICS building tool to carry out static analysis of code. Indeed, ETICS System offers to its users the capability of running a large set of static code analysis tools during ETICS builds. This is made possible by the ETICS plugin mechanism: users choose the set of plugins to run during builds of their project and ETICS will run those plugins at every build; reports of plugins executions will be made available along with other build reports. In particular, gCube project in ETICS is configured to run two famous static code analysis tools for java software:


Checkstyle

Checkstyle tool is automatically run by ETICS at the end of each gCube integration build (see Continuous Integration procedure and reports are published in BTRT along with other reports.

The default checkstyle configuration used is on the subversion repository at:

http://svn.research-infrastructures.eu/public/d4science/gcube/trunk/Common/javadoc-checks/javadoc_checks.xml

It checks gCube components against official Javadoc Conventions [1], the presence of methods and class javadoc documentation, some programming best practice.

Use Checkstyle in the development environment

In order to have a very quick feedback on code quality, developers are encouraged to use Checkstyle also in their development environment. A Checkstyle Eclipse plug-in is available for this purpuose. The plugin is used within an Eclipse workbench notifies the developer for problems via the task window and source code markers in the same way like compiler errors or warnings. More information regarding the Checkstyle Eclipse plug-in are available here http://eclipse-cs.sourceforge.net/#!/. You can easy install the Checkstyle Eclipse plug-in using the Eclipse Marketplace integrated in the Eclipse.

Help -> Eclipse Marketplace ... -> Search Checkstyle -> Click on Install button in Checkstyle Plugin-in (actually 6.9.0) by Lars Ködderitzsch.

Once installed select Window (from main menu) -> Preferences -> Checkstyle -> Click on New... button -> select External Configuration File in Type list box and import javadoc_checks.xml (containing the content shown above).


It is possible to customize the behaviour of checkstyle for each gCube component. If the javadoc_checks.xml is found in the component's home, then that file will be used as Checkstyle configuration file instead of the default one.

Findbugs

Findbugs is run by ETICS for each gCube component built during integration builds. The default configuration is used unless a findbugs.xml file is found in the component's home with a custom configuration. Further fine-grain configuration can be done by defining following properties in the component's configuration (source[2]):


  • findbugs.lib.location: Directory containing the external libraries (JAR files) to execute the analized code. Default is ${src.location}/lib then ${src.location}/endorsed and then ${stageDir}/share/java
  • findbugs.jar.location: Directory containing the JAR files to be analyzed. Default is ${src.location}/jars or if not existing ${src.location}/build/jars
  • findbugs.bug.codes: Comma separated list of bug codes to be used in the analysis


HTML reports generated by Findbugs are automatically published in BTRT

There is a Findbugs Eclipse plugin. You cna find the procedure to install it at http://findbugs.cs.umd.edu/eclipse/