Session dédiée à l'analyse de la qualité du code Java - Cyril Picat - February 2011

Copyright © 2011 – Licence CC – Creative Commons 2.0 France – Paternité – Pas d'Utilisation Commerciale – Partage des Conditions Initiales à l'Identique

Thursday February 10th, 2011


The Good Old Way...

2

Copyright © 2011 – Licence CC – Creative Commons 2.0 France – Paternité – Pas d'Utilisation Commerciale – Partage des Conditions Initiales à l'Identique 3

The JUGL Way

  A head-to-head live comparison   But don’t expect any winner...

  A quick overview of the market   The leading products (*)   Showcased by experts

  An introduction to software assessment and software quality management

  A first contact with vendors   If you would like to start tomorrow...

(*) CAST, a clear leader, is missing. They unfortunately declined our invitation.


Tonight « Wrestlers »

4

Alan Perkins Sales Engineering Manager EMEA

Chris Chedgey CEO

Bogdan Czwartkowski Professional Services Manager

Freddy Mallet Co-director & co-founder

Henri Tremblay Senior Architect


Their Mission

  No fluff just stuff   A maximum of time dedicated to demos, 2-3 slides max.

  Have each vendor assess the same application   An open-source application

  Select an application close to (y)our daily work   A web application, not a framework

  All issues are interesting   At all levels: code correctness, logic, architecture, performance...   In all codes: Java code, DB code and schema, HTML/CSS...   Detected in any ways, static or dynamic

5


The Target

6

“ IceScrum is an J2EE application for using Scrum while keeping the spirit of a collaborative workspace ”

IceScrum: www.icescrum.org Scrum Alliance: www.scrumalliance.org


Some Background and Architecture

7

IceScrum 1: Desktop application in Java / Swing

IceScrum 2: Web application in Java / JSF

IceScrum 3: Web application in Grails

2005

2008

2010

Toni

ght

Link to SVN repository on SourceForge

JSF / IceFaces

Spring

Hibernate M

aven


Agenda

  Introduction: 5 minutes

  20 minutes by vendor to assess IceScrum2, in this order:   Sonar   Parasoft   XDepend   Headway   Coverity

  Discussion panel: 20 minutes

  Conclusion: 5 minutes

  Aperitif

8

You are here






  Aperitif

Agenda

9

You are here


SONAR - Dashboard

10


SONAR - SQALE Quality Model

11






  Aperitif

Agenda

12

You are here


Parasoft JTest - Metrics

13


Parasoft JTest – Static Analysis

14


Parasoft JTest – Duplications

15


Parasoft JTest – Flow Analysis

16


Parasoft JTest – Runtime Error Detection

17






  Aperitif

Agenda

18

You are here

Copyright © 2011– OCTO Technology – Licence CC – Creative Commons 2.0 France – Paternité – Pas d'Utilisation Commerciale – Partage des Conditions Initiales à l'Identique

XDepend - Fonctionnalités

19

Fonctionnalités Support Règles de nommage ✓ Règles d'architecture ✓ Structure du code ✓ Erreur de logique ✗ Analyse dynamique ✗ Intégration des tests ✓ Intégration continue ✓

Fonctionnalités Support Intégration IDE ✗ Historique ✓ Langage de requêtage ✓ Implémentation de nouvelles règles

✓

Règles de sécurité ✗ Dashboard pour le manager

✗

Richesse de l‘éco-système

✗

Prix: 299 € dégressif en fonction du nombre de licences


XDepend - Vue principale

20


XDepend - Métriques

21






  Aperitif

Agenda

22

You are here






  Aperitif

Agenda

27

You are here

This session has not been recorded according to Coverity’s will !

Coverity Integrity Center

Precision Software Analysis Across Lifecycle

• Increase customer satisfaction by eliminating product delays and recalls caused by software problems

• Speed time to market by making software changes faster and with less risk

• Innovate rapidly by reducing time developers spend fixing software design, code, and delivery problems

Steps To Mitigate Risk

2

3

4

Code base

Project 1

Project 3

Project 2

Browse code

Integrity Analysis Engine

Scan your software

Find priority defects List of Defects

_  10001 critical _  10002 major _  10003 major _  10004 critical _  10005 major

Impact Rankings

Map defect impact

Fix priority defects

Report defect remediation

PRODUCTS

1

5

Emacs

Mainline/Trunk/Head/Development

2.4 release

2.4.1 release

2.6 release

2.6.2 release

2.6.2.1 release

Merge fix

Defect in the original development branch and never fixed affects all products

Defect introduced in a release branch before a merge

Defect introduced in a release branch after a merge

Shared Code Branching & Defect Impact


2.4 release

2.4.1 release

2.6 release

2.6.2 release

2.6.2.1 release

Branch of a codebase: Project 2.4 2 streams

Analyze 2.6, 2.6.2 and 2.6.2.1 releases


2.4 release

2.4.1 release

2.6 release

2.6.2 release

2.6.2.1 release

Branch of a codebase: Project 2.4 2 streams

Common Defects are merged by CIM

Stream 1

Stream 2 Project 2.6

Stream 3


Agenda





  Aperitif

33

You are here


Agenda





  Aperitif

34

You are here


What the IceScrum Team Says

  Pain points – Interview with Vincent Barrier   Much pain with JSF

  SW architecture leading to difficult and costly evolutions

  Strong performance issues

  Tooling issues (m2 plugin)

  Difficulty to take new developers on board

  Heterogeneous code and quality issues

35


Share It!

  Find these + the vendors’ slides on the JUGL web site   http://jugl.ch

  Live it on Parleys   http://parleys.com/#id=102931&st=4

  React and follow further discussions on Twitter   #jugl or @cyrilpicat

  Read Kalistick report and SQuORING report on IceScrum2

36

http://bit.ly/eB7oRM

http://bit.ly/gDtmnj


Agenda





  Aperitif

37

You are here