Author: Joe Walker Koo translation Source: CCID Technology Network issued a document time: 2004.01.06
Summary A few years ago, everyone was bothered by the Quality software. Quality in Quality is to emphasize the importance of words. Introduced to consume a few hours of procedures and inspection processes, as well as a large number of instruments, is to try to reduce the failure rate of software. Not long ago, this trend has evolved into a more lightweight process, which uses lightweight software and extreme programming. This is still a positive transformation because it is still important to ensure that software quality is still important. Some analysts estimate that 60% of software failures can be automatically detected. So what we can do is built a bridge between the Quality Plant Dinosaur and Today's confusion so that the problem solves and low cost? Author Joe Walker tested different types of faults and seven tools to help you reveal their true face. There are many free tools that can be easily reported to have any troubleshooting your code, and then help you improve the quality of your code. And because of the failure is often subjective, most of the tools can be configured to suit your local code type. But when you start, you have the obligation to reduce the fault. This sounds seems to be a simple question - affirm that the software quality must be placed first for everyone. However, spending minimum time to modify the code often look more reasonable. Any software that is short-lived should be as small as possible, and there is no meaningful one-way document that is written without people. How many documents do I want to write and check how much time is more than someone else? Therefore, our purpose is to distinguish between work and waste of resources worthy of we can improve their work. How far do you want to increase your code quality? There are several types of faults. I have differentiated tools in the type of troubles they attack. I have identified four different faults based on their severity, and organized faults from the ordinary failure of the user to prevent code reuse: · CURRENT BUGS: Current fault prevention software is properly run. They have plagued users and (or should) display it through your software test. Current faults are very different from potential failures. · Latent BUGS: These faults do not currently produce problems. But they lurked and appeared in the future. The failure of the Ali An No. 5 is due to a floating point to integer conversion errors. When the front rocket rate is slower; but the speed of Ali An 5 triggered this issue. The millennium virus is also an example of latent faults, which only surfaces when the environment changes. Testing the traditional test method to test the latent virus is difficult, and find them need to have a vision of people to ask: "What changes will let the failure come out from the dark? · Accident-waiting-to-happen Bugs: Code can be simple Safe, or he can also be a mess, waiting to stumble with poor programmers who think about their editorial results. In general, the total code is, the more likely, there is a significant rusty knife; Certain industrial evidence also shows that the code that has not been reconstructed for a long time will no longer need to be re-written later. · Poorly Organized Bugs: The incomplete code is not easy to reuse and often contain too much dependence on the code. In fact, some are unnecessary. Therefore, it is more likely to be affected by the fault in other code bits. The coding standard is committed to solving this type of problem, but the coding standard cannot completely solve the problem. They can't stop the problem such as loop dependency It allows you to maintain reused code without chance. These questions are relatively rough according to their severity organization. The current fault is generally more difficult to solve more than the latent failure, and the latent fault is compared to the fault or organizational failure of waiting for occurrence. More worrying. The following code contains the above four fault cases. Awards you after reward yourself:
1: Public static void main (string [] args)
2: {
3: System.out.println (TouPpercase);
4:}
5:
6: Private static char Touppercase (char main) 7: {
8: Return (MAIN - 31);
9: }
Here is a current fault because the line 8 should read:
This simple problem is not resolved, and the program will not work. Instead of calculating Q's uppercase letters as Q, it is better to try to persuade we believe that the answer is R. Here is a lurking fault because there will be a larger copy version of the ß or a number of uppercase, not any wise things. A small wait for an accident is caused by some stupid variable names in line 6. Main does not really describe what is going on, and it also uses the method name to confuse us. Better code is as follows:
If the code describes why she wants to subtract 32 from a lower-write alphabet, it will be safe. Finally, if you turn the ToupPercase () method to make it possible to make it a way to use it to actually category - or you can use the following standard Sun microsystems, then the code is better. :
Where do you want to stop?
When did you stop adjusting and improving your code? This question doesn't have a real answer; it depends on you and your project. Commercial projects often focus on ROI (return), so it mainly solves the current fault and is easy to solve this problem by implementing coding criteria. We often see that commercial projects have inadvertently take some steps to prevent resolution of latent faults, which achieves a strict change control program that links code modifications to the faults to help test. It is really difficult to develop a team to be loyal to the software quality, so that it is too difficult to care about someone's software and do not set obstacles. In a more enlightened development environment, everyone acknowledges that reconstruction is a critical part of creating high quality software. Reconstruction is the process of gradually stabilizing your code to avoid waiting for an accident. But even the most concerned developers have their restrictions. Do you really care about the punctuation symbol in your comment? Or do you really care if the method is declared in the most reasonable order? Reasoning Inc. has recently studied the quality of different business and open source projects, and publishes the big-character title. The company analyzes the source code of Linux TCP / IP stack for different business selection, Apache web server, and Tomcat. Interestingly, REASONIN has also run the free tool version described below, then manually analyzes the results to delete errors. His results have some abnormalities, but it shows that open source pays attention to the resulting return than the return on the quality software itself is much larger. I identified seven tools help show faults, they are similar to the Reasoning's approach, and in some cases, they can also help solve these faults. I also use these tools for one of my nearest projects: doctree. DOCTREE produces a dynamic load webPage that contains a depth link of 10,000 Java documents, which come from many important Java software projects. Doctree is not a big project, but it is enough to be useful test cases of these seven tools. This resource can be downloaded from Java.net (see Resources), so you can use Ant to see how these tools run on the same basis. There are several tools with drawing user interface (Guis). However, it is more meaningful to run them as part of your constructor (eg, from an Ant constructor). The less time to run these tools, the more possible ways to continue to improve your software. Using tools such as CruiseControl, Anthill is quite easy, or even send a simple CRON to send you as a result of email as a result of email, is also quite easy. After establishing such a program, it is easy to use than the GUI. Let's take a look at these seven tools: · Findbugs · PMD / CPD · Checkstyle · Jalopy / JaCobe · JDepend · Junit · EclipseFindBugsFindbugs mainly solves current and latent failures. It looks for ordinary problems and often displays the gestin code that is wrong. Some fault cases displayed by FindBugs include: • Returns the method of instably static data • Get methods disabled, the GET method is displayed; SET method Synchronize Display SET Method · Iterator class definition process, the problem · meaningless control flow Statements • There is a place for NullPointerException; reference value to NULL's excess comparison place Findbugs is in very active development, and you can extend it, including custom checks through the insert mechanism. Findbugs found a fairly serious latent failure in Doctree: A class defines equals (), but did not define HashCode (). This will not cause any problems in the current configuration. However, if in the DOCTREE iteration, the class in the HashTable or HashMap will appear.
Findbugs also found some subliopharms such as abnormal information flows until closed until the debris finishing and other secondary problems. With the growth of the problem, the number of faults on your software will decrease. Findbugs uses by -1 code analysis to generate his fault report. Here is the DOCTREE item segment of the Ant target that creates a Findbugs report: PMD / CPD
PMD is very customizable and can find out these four faults. However, he is best at finding a fault of organizational failures and accidents waiting. Unlike Findbugs, PMD uses source code analysis, similar to compiler, except that it generates fault reports rather than bytecode. PMD is one of the most customizable tools I have tested for this article, mainly because she has a cool feature: allow you to use the XPath engine to access the source code parser. This parser produces a tree, and the nodes in the tree are part of your program. So a class node will contain bytes for each variable and method. The method node also contains the byte point of the statement used in this method. If he is an XML document using XPath, PMD allows you to access this tree. So once you understand how XPATH and how the parser generates some basic concepts from your source code, you can easily add new rules. For example: The following expressions from the PMD document demonstrate how to check if the statement uses wave parentheses:
It will look for a statement that does not contain Block (parser terms for certain waveform braces) anywhere in the tree (//). PMD detection issues have: · Empty blocks • Excessive parameters calculated by methods. · Excessive class or too long input list · The domain, method and variables that cannot be used, and the double check lock is subjective in these inspections. Personally, the best packaged component is its too long class. So, thank you for configuring PMD to check what you think is important. When you first use PMD to check for larger items, jump check is particularly important. If you have an inspection you run, PMD will generate seven years of resolution, so it is good to start from a more important check. The CPD (Copy / Paste Detector) is a related device that detects replication and paste code within the project. A large number of replication code shows: Developers can find similar code and copy anything, failure, etc. of the developer to find similar code and copy. The PMD Ant target from the DOCTREE project looks as follows:
Checkstyle
CheckStyle is quite similar to PMD, although it is more excellent in finding organizational failures. Like PMD, it uses the front end of the compiler to generate his fault report. PMD provides more checks in a broader range. However, CheckStyle is more configurable. Although some checks will overlap, there are many inspections in Checkstyle not in the PMD, and vice versa. For most, it is sufficient to have one of them. Checkstyle is looking for: • Can't use or excessive input · Spaces, better place, and vice versa · If you don't follow the naming standard variables, methods or class · excess complex allocation or return statements from Doctree Checkstyle The ANT goal is as follows:
Jalopy / Jacobe
Jalopy and Jacobe are a code format program that helps solve an accident waiting to have failed and organizational failure. Jalopy is open source, but he did not appear in active development. Jacobe can be used free of charge, but not open source. Remember to use any code format program to destroy your use of the source code control system to reveal the functionality of some code. The change in the analysis of the source code control system when introducing the fault is quite ordinary. However, the universal use of the source code format does not have to make any actual changes to change the importance rate of the source code line in your project. If you need to reformat your project's source code, you should do as early as possible, although you accept it you can't track the modifications before reformatting, or when the code needs to edit because some other reasons need to be edited, gradually format. JDependjdepend has generated countless metrics around your source code, including the coupling and distribution of incoming and outgoing from the main sequence. Unfortunately, according to my experience, these measures are often meaningless unless you have understood the code you are testing; and if you understand, he only tells you something you already know, but Jdepend Identifying cycle dependence is particularly useful. Cycle dependence is an organizational failure that can cause maintenance issues and codes that cannot be reused. For example, if you have three packages A, B and C, and a depends on B, B depends on C, and C is dependent on A, then if you don't get you can't reuse them. If you use the GUI code in these packages, then you don't pay attention to the GUI code to your business javabeans (ejb) or servlet, even if you are interested in the code is not a GUI code, then you will want to why Your server code is going to die. JDepend Ant target from Doctree looks like this: JUnit
Junit is a well-known tool that helps you write an automatic unit test for your software; I don't want to discuss it in detail why it is so famous. For more information, please see Resources. I would like to say that in all the tools mentioned in this article, JUnit is most likely to help you find the fault in your code, although the price is required. JUnit requires a lot of time to write test cases for your code, but it is very likely that this time is very worth speaking. Eclipseides is always an exciting topic. When you consider the free tool, Eclipse has several detection tools that can be integrated into the compiler such as Findbugs, and the 3rd versions of the developments contain more this test. Eclipse sea distributes a code format program, although he is not as high as Jalopy or Jacobe, but more feasible because it can be installed in the editor. Advanced tests performed in the current and upcoming version include: • Unexpected Boolean assignment (EG, IF (a = b)) · Unachable capture block · Hidden segment or variable local variable declaration, not available Variables, input, fields, and given declaration items integrate your project with JAR and configuration files without making your project too big or confused JAR files, this is a challenge. If your code warehouse contains many projects, you just want to use these tools on these projects, then you will face the danger of severe expansion of certain warehouses. I suggest you build a standalone project that contains the tool you want to use, then reference them from your Ant constructor. This does not appear in the issue of assigning tools in team members who want to use tools. They are optional for those who do not need to use tools, and they will not occupy too much space in the warehouse. Fault solving automatic quality detection can reduce the number of faults in your software, enhance its quality and sustainability. After you have installed the tool, you can use very small costs - time and money - to maintain quality control. Before achieving any of the strategies listed herein, it is important to define how much value for different levels of quality and eliminating some faults. This analysis will produce different results for different projects. Good news is that the debug tool will be rescued from heavy base work and allow you to independently arrange their use and your management software quality.
OutputFile = "$ {target.temp} /jdepend/jdepend-report.xml"> SourceSpath> claspath> jdepend>