際際滷

際際滷Share a Scribd company logo

Java Code Quality Tools

Download as PPTX, PDF
弌亠亞亠亶 仂仄亠仆ミ
弌亠亞亠亶 仂仄亠仆ミ

Static and dynamic program analysis are techniques to analyze software without or with execution. Static analysis examines source code while dynamic analyzes programs running. Tools can automatically find defects by capturing patterns and anomalies. Defects include bugs, dead code, inefficient code, duplicate code. Analysis occurs at the unit, technology, system, and business levels. Java quality tools help with metrics, testing, coverage, and detecting issues like empty structures and wasteful practices. This aids writing standards-compliant code.

1 of 16
Downloaded 13 times
Sergiy Gomenyuk
Defects Program analysis Java Code Quality Tools
Java Code Quality Tools
Java Code Quality Tools
Anomalies in code Can be found by reading the pattern of code Bug Patterns! Can be automatically found! By tools for capturing Java tech defects
Static program analysis is the analysis of computer software that is performed without actually executing programs (analysis performed on executing programs is known as dynamic analysis). In most cases the analysis is performed on some version of the source code and in the other cases some form of the object code. The term is usually applied to the analysis performed by an automated tool, with human analysis being called program understanding, program comprehension or code review. Dynamic program analysis is the analysis of computer software that is performed by executing programs on a real or virtual processor. For dynamic program analysis to be effective, the target program must be executed with sufficient test inputs to produce interesting behavior. Use of software testing techniques such as code coverage helps ensure that an adequate slice of the program's set of possible behaviors has been observed. Also, care must be taken to minimize the effect that instrumentation has on the execution (including temporal properties) of the target program
The OMG (Object Management Group) published a study regarding the types of software analysis required for software quality measurement and assessment. This document on "How to Deliver Resilient, Secure, Efficient, and Easily Changed IT Systems in Line with CISQ Recommendations" describes four levels of software analysis. Unit Level - Analysis that takes place within a specific program or subroutine, without connecting to the context of that program. Technology Level - Analysis that takes into account interactions between unit programs to get a more holistic and semantic view of the overall program in order to find issues and avoid obvious false positives. System Level - Analysis that takes into account the interactions between unit programs, but without being limited to one specific technology or programming language. Mission/Business Level - Analysis that takes into account the business/mission layer terms, rules and processes that are implemented within the software system for its operation as part of enterprise or program/mission layer activities.
Java Code Quality Tools
Code Analysis Metrics JUnit Test Generation JUnit Test Editor Code Coverage Dependency Analysis Similar Code Analysis
Possible bugs - empty try/catch/finally/switch statements Dead code - unused local variables, parameters and private methods Suboptimal code - wasteful String/StringBuffer usage Overcomplicated expressions - unnecessary if statements, for loops that could be while loops Duplicate code - copied/pasted code means copied/pasted bugs
Correctness bug - Probable bug - an apparent coding mistake resulting in code that was probably not what the developer intended. Bad Practice - Violations of recommended and essential coding practice. Examples include hash code and equals problems, cloneable idiom, dropped exceptions, serializable problems, and misuse of finalize. Dodgy - Code that is confusing, anomalous, or written in a way that leads itself to errors. Examples include dead local stores, switch fall through, unconfirmed casts, and redundant null check of value known to be null.
Cobertura eCobertura Eclipse Plugin EMMA EclEmma and JaCoCo Eclipse Plugins
Checkstyle is a development tool to help programmers write Java code that adheres to a coding standard. It automates the process of checking Java code to spare humans of this boring (but important) task. This makes it ideal for projects that want to enforce a coding standard.
What main defects in software application How we can analysis programs and find them What tools we can use for Java application
Java Code Quality Tools
Java Code Quality Tools

Recommended

Java Code Quality Tools
Java Code Quality ToolsJava Code Quality Tools
Java Code Quality Tools
Orest Ivasiv
Static Code Analysis
Static Code AnalysisStatic Code Analysis
Static Code Analysis
Geneva, Switzerland
Sonar Tool - JAVA code analysis
Sonar Tool - JAVA code analysisSonar Tool - JAVA code analysis
Sonar Tool - JAVA code analysis
Prashant Gupta
Java Code Review Checklist
Java Code Review ChecklistJava Code Review Checklist
Java Code Review Checklist
Mahesh Chopker
Java Code Quality Tools
Java Code Quality ToolsJava Code Quality Tools
Java Code Quality Tools
Anju ML
Code Review tool for personal effectiveness and waste analysis
Code Review tool for personal effectiveness and waste analysisCode Review tool for personal effectiveness and waste analysis
Code Review tool for personal effectiveness and waste analysis
Mikalai Alimenkou
Achieving quality with tools case study
Achieving quality with tools case studyAchieving quality with tools case study
Achieving quality with tools case study
EosSoftware
Robot framework - SAST V辰st Q3
Robot framework - SAST V辰st Q3Robot framework - SAST V辰st Q3
Robot framework - SAST V辰st Q3
Anders Arnholm
Static Analysis with Sonarlint
Static Analysis with SonarlintStatic Analysis with Sonarlint
Static Analysis with Sonarlint
UT, San Antonio
Code Review Best Practices
Code Review Best PracticesCode Review Best Practices
Code Review Best Practices
Trisha Gee
Acceptance Test Driven Development and Robot Framework
Acceptance Test Driven Development and Robot FrameworkAcceptance Test Driven Development and Robot Framework
Acceptance Test Driven Development and Robot Framework
Steve Zhang
Code Review
Code ReviewCode Review
Code Review
Divante
Static code analysis
Static code analysisStatic code analysis
Static code analysis
Prancer Io
ETX
ETXETX
ETX
Patricia Deshane
Code Review
Code ReviewCode Review
Code Review
Lukas Rypl
Code review
Code reviewCode review
Code review
dqpi
Proactive Empirical Assessment of New Language Feature Adoption via Automated...
Proactive Empirical Assessment of New Language Feature Adoption via Automated...Proactive Empirical Assessment of New Language Feature Adoption via Automated...
Proactive Empirical Assessment of New Language Feature Adoption via Automated...
Raffi Khatchadourian
The Psychology of C# Analysis
The Psychology of C# AnalysisThe Psychology of C# Analysis
The Psychology of C# Analysis
Coverity
A year of SonarQube and TFS/VSTS
A year of SonarQube and TFS/VSTSA year of SonarQube and TFS/VSTS
A year of SonarQube and TFS/VSTS
Matteo Emili
The modern view on implementation of classic design patterns in Java
The modern view on implementation of classic design patterns in JavaThe modern view on implementation of classic design patterns in Java
The modern view on implementation of classic design patterns in Java
Mikalai Alimenkou
Let's Explore C# 6
Let's Explore C# 6Let's Explore C# 6
Let's Explore C# 6
Jaliya Udagedara
Finding Defects in C#: Coverity vs. FxCop
Finding Defects in C#: Coverity vs. FxCopFinding Defects in C#: Coverity vs. FxCop
Finding Defects in C#: Coverity vs. FxCop
Coverity
Java Defects
Java DefectsJava Defects
Java Defects
Erika Barron
MSL2009. Valgrind
MSL2009. ValgrindMSL2009. Valgrind
MSL2009. Valgrind
Juan A. Su叩rez Romero
Integrating on premise Line Of Business applications with CRM Online
Integrating on premise Line Of Business applications with CRM OnlineIntegrating on premise Line Of Business applications with CRM Online
Integrating on premise Line Of Business applications with CRM Online
Microsoft Developer Network (MSDN) - Belgium and Luxembourg
Continuous Inspection of Code Quality: SonarQube
Continuous Inspection of Code Quality: SonarQubeContinuous Inspection of Code Quality: SonarQube
Continuous Inspection of Code Quality: SonarQube
Emre D端ndar
Do Bugs Reside in Complex Code?
Do Bugs Reside in Complex Code?Do Bugs Reside in Complex Code?
Do Bugs Reside in Complex Code?
CISPA Helmholtz Center for Information Security
PVS-Studio and static code analysis technique
PVS-Studio and static code analysis techniquePVS-Studio and static code analysis technique
PVS-Studio and static code analysis technique
Andrey Karpov
CV_Kachmar_Yurii
CV_Kachmar_YuriiCV_Kachmar_Yurii
CV_Kachmar_Yurii
Yurii Kachmar
TestNGvsJUnit
TestNGvsJUnitTestNGvsJUnit
TestNGvsJUnit
弌亠亞亠亶 仂仄亠仆ミ

More Related Content

What's hot (20)

Static Analysis with Sonarlint
Static Analysis with SonarlintStatic Analysis with Sonarlint
Static Analysis with Sonarlint
UT, San Antonio
Code Review Best Practices
Code Review Best PracticesCode Review Best Practices
Code Review Best Practices
Trisha Gee
Acceptance Test Driven Development and Robot Framework
Acceptance Test Driven Development and Robot FrameworkAcceptance Test Driven Development and Robot Framework
Acceptance Test Driven Development and Robot Framework
Steve Zhang
Code Review
Code ReviewCode Review
Code Review
Divante
Static code analysis
Static code analysisStatic code analysis
Static code analysis
Prancer Io
ETX
ETXETX
ETX
Patricia Deshane
Code Review
Code ReviewCode Review
Code Review
Lukas Rypl
Code review
Code reviewCode review
Code review
dqpi
Proactive Empirical Assessment of New Language Feature Adoption via Automated...
Proactive Empirical Assessment of New Language Feature Adoption via Automated...Proactive Empirical Assessment of New Language Feature Adoption via Automated...
Proactive Empirical Assessment of New Language Feature Adoption via Automated...
Raffi Khatchadourian
The Psychology of C# Analysis
The Psychology of C# AnalysisThe Psychology of C# Analysis
The Psychology of C# Analysis
Coverity
A year of SonarQube and TFS/VSTS
A year of SonarQube and TFS/VSTSA year of SonarQube and TFS/VSTS
A year of SonarQube and TFS/VSTS
Matteo Emili
The modern view on implementation of classic design patterns in Java
The modern view on implementation of classic design patterns in JavaThe modern view on implementation of classic design patterns in Java
The modern view on implementation of classic design patterns in Java
Mikalai Alimenkou
Let's Explore C# 6
Let's Explore C# 6Let's Explore C# 6
Let's Explore C# 6
Jaliya Udagedara
Finding Defects in C#: Coverity vs. FxCop
Finding Defects in C#: Coverity vs. FxCopFinding Defects in C#: Coverity vs. FxCop
Finding Defects in C#: Coverity vs. FxCop
Coverity
Java Defects
Java DefectsJava Defects
Java Defects
Erika Barron
MSL2009. Valgrind
MSL2009. ValgrindMSL2009. Valgrind
MSL2009. Valgrind
Juan A. Su叩rez Romero
Integrating on premise Line Of Business applications with CRM Online
Integrating on premise Line Of Business applications with CRM OnlineIntegrating on premise Line Of Business applications with CRM Online
Integrating on premise Line Of Business applications with CRM Online
Microsoft Developer Network (MSDN) - Belgium and Luxembourg
Continuous Inspection of Code Quality: SonarQube
Continuous Inspection of Code Quality: SonarQubeContinuous Inspection of Code Quality: SonarQube
Continuous Inspection of Code Quality: SonarQube
Emre D端ndar
Do Bugs Reside in Complex Code?
Do Bugs Reside in Complex Code?Do Bugs Reside in Complex Code?
Do Bugs Reside in Complex Code?
CISPA Helmholtz Center for Information Security
PVS-Studio and static code analysis technique
PVS-Studio and static code analysis techniquePVS-Studio and static code analysis technique
PVS-Studio and static code analysis technique
Andrey Karpov
Static Analysis with Sonarlint
Static Analysis with SonarlintStatic Analysis with Sonarlint
Static Analysis with Sonarlint
UT, San Antonio
Code Review Best Practices
Code Review Best PracticesCode Review Best Practices
Code Review Best Practices
Trisha Gee
Acceptance Test Driven Development and Robot Framework
Acceptance Test Driven Development and Robot FrameworkAcceptance Test Driven Development and Robot Framework
Acceptance Test Driven Development and Robot Framework
Steve Zhang
Code Review
Code ReviewCode Review
Code Review
Divante
Static code analysis
Static code analysisStatic code analysis
Static code analysis
Prancer Io
ETX
ETXETX
ETX
Patricia Deshane
Code Review
Code ReviewCode Review
Code Review
Lukas Rypl
Code review
Code reviewCode review
Code review
dqpi
Proactive Empirical Assessment of New Language Feature Adoption via Automated...
Proactive Empirical Assessment of New Language Feature Adoption via Automated...Proactive Empirical Assessment of New Language Feature Adoption via Automated...
Proactive Empirical Assessment of New Language Feature Adoption via Automated...
Raffi Khatchadourian
The Psychology of C# Analysis
The Psychology of C# AnalysisThe Psychology of C# Analysis
The Psychology of C# Analysis
Coverity
A year of SonarQube and TFS/VSTS
A year of SonarQube and TFS/VSTSA year of SonarQube and TFS/VSTS
A year of SonarQube and TFS/VSTS
Matteo Emili
The modern view on implementation of classic design patterns in Java
The modern view on implementation of classic design patterns in JavaThe modern view on implementation of classic design patterns in Java
The modern view on implementation of classic design patterns in Java
Mikalai Alimenkou
Let's Explore C# 6
Let's Explore C# 6Let's Explore C# 6
Let's Explore C# 6
Jaliya Udagedara
Finding Defects in C#: Coverity vs. FxCop
Finding Defects in C#: Coverity vs. FxCopFinding Defects in C#: Coverity vs. FxCop
Finding Defects in C#: Coverity vs. FxCop
Coverity
Java Defects
Java DefectsJava Defects
Java Defects
Erika Barron
MSL2009. Valgrind
MSL2009. ValgrindMSL2009. Valgrind
MSL2009. Valgrind
Juan A. Su叩rez Romero
Integrating on premise Line Of Business applications with CRM Online
Integrating on premise Line Of Business applications with CRM OnlineIntegrating on premise Line Of Business applications with CRM Online
Integrating on premise Line Of Business applications with CRM Online
Microsoft Developer Network (MSDN) - Belgium and Luxembourg
Continuous Inspection of Code Quality: SonarQube
Continuous Inspection of Code Quality: SonarQubeContinuous Inspection of Code Quality: SonarQube
Continuous Inspection of Code Quality: SonarQube
Emre D端ndar
Do Bugs Reside in Complex Code?
Do Bugs Reside in Complex Code?Do Bugs Reside in Complex Code?
Do Bugs Reside in Complex Code?
CISPA Helmholtz Center for Information Security
PVS-Studio and static code analysis technique
PVS-Studio and static code analysis techniquePVS-Studio and static code analysis technique
PVS-Studio and static code analysis technique
Andrey Karpov

Viewers also liked (7)

CV_Kachmar_Yurii
CV_Kachmar_YuriiCV_Kachmar_Yurii
CV_Kachmar_Yurii
Yurii Kachmar
TestNGvsJUnit
TestNGvsJUnitTestNGvsJUnit
TestNGvsJUnit
弌亠亞亠亶 仂仄亠仆ミ
DevOps
DevOpsDevOps
DevOps
弌亠亞亠亶 仂仄亠仆ミ
Andrii Slobodian CV 2016
Andrii Slobodian CV 2016Andrii Slobodian CV 2016
Andrii Slobodian CV 2016
Andriy Slobodyan
Serhiy Kharytonov Resume 01 01 2016
Serhiy Kharytonov Resume 01 01 2016Serhiy Kharytonov Resume 01 01 2016
Serhiy Kharytonov Resume 01 01 2016
skhar
Apache ant
Apache antApache ant
Apache ant
Yuriy Galavay
Spring MVC Basics
Spring MVC BasicsSpring MVC Basics
Spring MVC Basics
Bozhidar Bozhanov
CV_Kachmar_Yurii
CV_Kachmar_YuriiCV_Kachmar_Yurii
CV_Kachmar_Yurii
Yurii Kachmar
TestNGvsJUnit
TestNGvsJUnitTestNGvsJUnit
TestNGvsJUnit
弌亠亞亠亶 仂仄亠仆ミ
DevOps
DevOpsDevOps
DevOps
弌亠亞亠亶 仂仄亠仆ミ
Andrii Slobodian CV 2016
Andrii Slobodian CV 2016Andrii Slobodian CV 2016
Andrii Slobodian CV 2016
Andriy Slobodyan
Serhiy Kharytonov Resume 01 01 2016
Serhiy Kharytonov Resume 01 01 2016Serhiy Kharytonov Resume 01 01 2016
Serhiy Kharytonov Resume 01 01 2016
skhar
Apache ant
Apache antApache ant
Apache ant
Yuriy Galavay
Spring MVC Basics
Spring MVC BasicsSpring MVC Basics
Spring MVC Basics
Bozhidar Bozhanov

Similar to Java Code Quality Tools (20)

Coding, Testing, Black-box and White-box Testing.pptx
Coding, Testing, Black-box and White-box Testing.pptxCoding, Testing, Black-box and White-box Testing.pptx
Coding, Testing, Black-box and White-box Testing.pptx
amierlesigues1
Coding - SDLC Model
Coding - SDLC ModelCoding - SDLC Model
Coding - SDLC Model
Amity University | FMS - DU | IMT | Stratford University | KKMI International Institute | AIMA | DTU
Software_Testing_Techniques_undergraduate.pptx
Software_Testing_Techniques_undergraduate.pptxSoftware_Testing_Techniques_undergraduate.pptx
Software_Testing_Techniques_undergraduate.pptx
MrittikaMahbub1
Capability Building for Cyber Defense: Software Walk through and Screening
Capability Building for Cyber Defense: Software Walk through and Screening Capability Building for Cyber Defense: Software Walk through and Screening
Capability Building for Cyber Defense: Software Walk through and Screening
Maven Logix
Quality metrics and angular js applications
Quality metrics and angular js applicationsQuality metrics and angular js applications
Quality metrics and angular js applications
nadeembtech
SOFTWARE TESTING.pptx
SOFTWARE TESTING.pptxSOFTWARE TESTING.pptx
SOFTWARE TESTING.pptx
ssrpr
Coding and testing in Software Engineering
Coding and testing in Software EngineeringCoding and testing in Software Engineering
Coding and testing in Software Engineering
Abhay Vijay
Unit iv
Unit ivUnit iv
Unit iv
Sangeetha Rangarajan
Topic production code
Topic production codeTopic production code
Topic production code
Kavi Kumar
Expert Code Review best practices
Expert Code Review best practicesExpert Code Review best practices
Expert Code Review best practices
jeetendra mandal
9. Software Implementation
9. Software Implementation9. Software Implementation
9. Software Implementation
ghayour abbas
SWE-401 - 9. Software Implementation
SWE-401 - 9. Software ImplementationSWE-401 - 9. Software Implementation
SWE-401 - 9. Software Implementation
ghayour abbas
Unit_5 and Unit 6.pptx
Unit_5 and Unit 6.pptxUnit_5 and Unit 6.pptx
Unit_5 and Unit 6.pptx
taxegap762
Automation Tool Overview
Automation Tool OverviewAutomation Tool Overview
Automation Tool Overview
ANKUR-BA
Automation Tools Overview
Automation Tools OverviewAutomation Tools Overview
Automation Tools Overview
Sachin-QA
Software_Testing_Overview.pptx
Software_Testing_Overview.pptxSoftware_Testing_Overview.pptx
Software_Testing_Overview.pptx
JayPrakash255
How to become a Software Tester Carrier Path for Software Quality Tester
How to become a Software Tester Carrier Path for Software Quality TesterHow to become a Software Tester Carrier Path for Software Quality Tester
How to become a Software Tester Carrier Path for Software Quality Tester
jeetendra mandal
Software testing ppt
Software testing pptSoftware testing ppt
Software testing ppt
Poonkodi Jayakumar
Ensuring code quality
Ensuring code qualityEnsuring code quality
Ensuring code quality
MikhailVladimirov
Lesson 1 - System Development LifeCycles_48b8340c0dd570b721da1199655b765e.pptx
Lesson 1 - System Development LifeCycles_48b8340c0dd570b721da1199655b765e.pptxLesson 1 - System Development LifeCycles_48b8340c0dd570b721da1199655b765e.pptx
Lesson 1 - System Development LifeCycles_48b8340c0dd570b721da1199655b765e.pptx
sethkamissah006
Coding, Testing, Black-box and White-box Testing.pptx
Coding, Testing, Black-box and White-box Testing.pptxCoding, Testing, Black-box and White-box Testing.pptx
Coding, Testing, Black-box and White-box Testing.pptx
amierlesigues1
Coding - SDLC Model
Coding - SDLC ModelCoding - SDLC Model
Coding - SDLC Model
Amity University | FMS - DU | IMT | Stratford University | KKMI International Institute | AIMA | DTU
Software_Testing_Techniques_undergraduate.pptx
Software_Testing_Techniques_undergraduate.pptxSoftware_Testing_Techniques_undergraduate.pptx
Software_Testing_Techniques_undergraduate.pptx
MrittikaMahbub1
Capability Building for Cyber Defense: Software Walk through and Screening
Capability Building for Cyber Defense: Software Walk through and Screening Capability Building for Cyber Defense: Software Walk through and Screening
Capability Building for Cyber Defense: Software Walk through and Screening
Maven Logix
Quality metrics and angular js applications
Quality metrics and angular js applicationsQuality metrics and angular js applications
Quality metrics and angular js applications
nadeembtech
SOFTWARE TESTING.pptx
SOFTWARE TESTING.pptxSOFTWARE TESTING.pptx
SOFTWARE TESTING.pptx
ssrpr
Coding and testing in Software Engineering
Coding and testing in Software EngineeringCoding and testing in Software Engineering
Coding and testing in Software Engineering
Abhay Vijay
Unit iv
Unit ivUnit iv
Unit iv
Sangeetha Rangarajan
Topic production code
Topic production codeTopic production code
Topic production code
Kavi Kumar
Expert Code Review best practices
Expert Code Review best practicesExpert Code Review best practices
Expert Code Review best practices
jeetendra mandal
9. Software Implementation
9. Software Implementation9. Software Implementation
9. Software Implementation
ghayour abbas
SWE-401 - 9. Software Implementation
SWE-401 - 9. Software ImplementationSWE-401 - 9. Software Implementation
SWE-401 - 9. Software Implementation
ghayour abbas
Unit_5 and Unit 6.pptx
Unit_5 and Unit 6.pptxUnit_5 and Unit 6.pptx
Unit_5 and Unit 6.pptx
taxegap762
Automation Tool Overview
Automation Tool OverviewAutomation Tool Overview
Automation Tool Overview
ANKUR-BA
Automation Tools Overview
Automation Tools OverviewAutomation Tools Overview
Automation Tools Overview
Sachin-QA
Software_Testing_Overview.pptx
Software_Testing_Overview.pptxSoftware_Testing_Overview.pptx
Software_Testing_Overview.pptx
JayPrakash255
How to become a Software Tester Carrier Path for Software Quality Tester
How to become a Software Tester Carrier Path for Software Quality TesterHow to become a Software Tester Carrier Path for Software Quality Tester
How to become a Software Tester Carrier Path for Software Quality Tester
jeetendra mandal
Software testing ppt
Software testing pptSoftware testing ppt
Software testing ppt
Poonkodi Jayakumar
Ensuring code quality
Ensuring code qualityEnsuring code quality
Ensuring code quality
MikhailVladimirov
Lesson 1 - System Development LifeCycles_48b8340c0dd570b721da1199655b765e.pptx
Lesson 1 - System Development LifeCycles_48b8340c0dd570b721da1199655b765e.pptxLesson 1 - System Development LifeCycles_48b8340c0dd570b721da1199655b765e.pptx
Lesson 1 - System Development LifeCycles_48b8340c0dd570b721da1199655b765e.pptx
sethkamissah006

Java Code Quality Tools

  • 2. Defects Program analysis Java Code Quality Tools
  • 5. Anomalies in code Can be found by reading the pattern of code Bug Patterns! Can be automatically found! By tools for capturing Java tech defects
  • 6. Static program analysis is the analysis of computer software that is performed without actually executing programs (analysis performed on executing programs is known as dynamic analysis). In most cases the analysis is performed on some version of the source code and in the other cases some form of the object code. The term is usually applied to the analysis performed by an automated tool, with human analysis being called program understanding, program comprehension or code review. Dynamic program analysis is the analysis of computer software that is performed by executing programs on a real or virtual processor. For dynamic program analysis to be effective, the target program must be executed with sufficient test inputs to produce interesting behavior. Use of software testing techniques such as code coverage helps ensure that an adequate slice of the program's set of possible behaviors has been observed. Also, care must be taken to minimize the effect that instrumentation has on the execution (including temporal properties) of the target program
  • 7. The OMG (Object Management Group) published a study regarding the types of software analysis required for software quality measurement and assessment. This document on "How to Deliver Resilient, Secure, Efficient, and Easily Changed IT Systems in Line with CISQ Recommendations" describes four levels of software analysis. Unit Level - Analysis that takes place within a specific program or subroutine, without connecting to the context of that program. Technology Level - Analysis that takes into account interactions between unit programs to get a more holistic and semantic view of the overall program in order to find issues and avoid obvious false positives. System Level - Analysis that takes into account the interactions between unit programs, but without being limited to one specific technology or programming language. Mission/Business Level - Analysis that takes into account the business/mission layer terms, rules and processes that are implemented within the software system for its operation as part of enterprise or program/mission layer activities.
  • 9. Code Analysis Metrics JUnit Test Generation JUnit Test Editor Code Coverage Dependency Analysis Similar Code Analysis
  • 10. Possible bugs - empty try/catch/finally/switch statements Dead code - unused local variables, parameters and private methods Suboptimal code - wasteful String/StringBuffer usage Overcomplicated expressions - unnecessary if statements, for loops that could be while loops Duplicate code - copied/pasted code means copied/pasted bugs
  • 11. Correctness bug - Probable bug - an apparent coding mistake resulting in code that was probably not what the developer intended. Bad Practice - Violations of recommended and essential coding practice. Examples include hash code and equals problems, cloneable idiom, dropped exceptions, serializable problems, and misuse of finalize. Dodgy - Code that is confusing, anomalous, or written in a way that leads itself to errors. Examples include dead local stores, switch fall through, unconfirmed casts, and redundant null check of value known to be null.
  • 12. Cobertura eCobertura Eclipse Plugin EMMA EclEmma and JaCoCo Eclipse Plugins
  • 13. Checkstyle is a development tool to help programmers write Java code that adheres to a coding standard. It automates the process of checking Java code to spare humans of this boring (but important) task. This makes it ideal for projects that want to enforce a coding standard.
  • 14. What main defects in software application How we can analysis programs and find them What tools we can use for Java application
AboutCopyright
息 2025 際際滷