Date post: | 19-Feb-2017 |
Category: |
Education |
Upload: | rushana-bandara |
View: | 221 times |
Download: | 0 times |
05/01/2023 1
STATIC CODE ANALYSIS
05/01/2023 2
What Is Static Code Analysis? Why Static Code Analysis Is Useful? Seven axes of code quality Effects of Fixing Code Quality Static coda analysis tools
◦ Sonarqube◦ Coverity
Content:
05/01/2023 3
Static code analysis is a method of computer program debugging that is done by examine in the code without executing the program.
What Is Static Code Analysis??
05/01/2023 4
From W. S. Humphrey, "Using a Defined and Measured Personal Software Process," IEEE Software, May, 1996 “Even experienced programmers typically
make a mistake for every seven to ten lines of code they develop.”
Why Static Code Analysis Is Useful???
05/01/2023 5
Seven axes of code quality
05/01/2023 6
monitoring and fixing code quality issues is something that is proven to raise the quality of your application AND your ability to deliver that application to stakeholders on time.
05/01/2023 7
05/01/2023 8
SONARQUBE
05/01/2023 9
What is SonarQubeCode qualityFeatures BenefitsStrength of the platform
05/01/2023 10
Platform to manage code quality.
Open source, possible to pay for support and some plug-ins.
Active community support, plug-ins,books
SonarQube
05/01/2023 11
05/01/2023 12
Do You Fix Code Quality Problems?
05/01/2023 13
What is good code?
05/01/2023 14
Platform Independent Runs on Windows, Mac OSX, Linux, Solaris.
Server is fairly light weight. Plug-in architecture
Vibrant community extending sonar functionalities Plug-ins for nearly every language you can expect. Plug-ins providing additional metrics, including total quality, technical debt and more.
Features
05/01/2023 15
Total cost of ownership Functional coverage Continuous inspection Actionable reporting Interaction Strong community Languages coverage Extensibility
Strength of the platform
05/01/2023 16
Java C
Java Script C++
PHP C#
VB.Net COBOL
20+ Programming Languages
05/01/2023 17
05/01/2023 18
SonarQube architecture
05/01/2023 19
User runs client to analyze source Analyzer sends data on source files to
database Web server provides presentation for
violation data, administration for users and analyses, configuration of plug-ins, features and functionalities.
Sonarqube Architecture
05/01/2023 20
COVERITY
05/01/2023 21
Coverity Static Analysis (CSA) helps developers find hard-to-spot, yet potentially crash-causing defects early in the software development life-cycle, reducing the cost, time, and risk of software errors
What Is Coverity???
05/01/2023 22
Concurency Defects Performance degradation Crash causing errors Incorrect program behavior Security Vulnarabilities
What Are The Errors???
05/01/2023 23
How Coverity Static Analysis Works???
05/01/2023 24
Defects Found by Coverity
05/01/2023 25
API usage errors Code maintainability issues Concurrent data access violations Control flow issues Error handling issues Incorrect expression Integer handling issues Memory - corruptions Memory - illegal accesses Null pointer dereferences Program hangs Resource leaks Security best practices violations Uninitialized variables
Defect Categories
05/01/2023 26
05/01/2023 27
Best of Bread Analysis Integration With The Developer Workflow Defect Management and Impact
Management Performance and Scale Extensible Platform
Key Features
05/01/2023 28
Supported Platforms
Supported Compilers
Supported IDEs
Minimum System Requiremets
• AIX• FreeBSD• HP-UX• Linux• Mac OS X• NetBSD• Solaris• Windowss
• ARM• Cosmic C Cross Compilers• Freescale Code Warrior• GNU GCC, G++• Intel C++• Keil• QNX• Renesas• Sun (Oracle)CC and cc• Texas Instruments• Visual Studio• WindRiver• Xcode GCC and G++
• Eclipse v3.5, v3.6, v3.7• WindRiver Workbench v3.2, v3.3• Visual Studio versions 2005,2008, and 2010
• 1 GHz CPU• 1 GB of RAM minimum,2 GB recommended• 1 GB of free hard disk space
Supported Environments
05/01/2023 29
Creating An Enforceable Process
05/01/2023 30
Proven significant operational cost reduction.
Metric visibility of code estate onshore and offshore.
Proven history of finding crash causing or unexpected behavior causing defects.
Process improvement of the Application Lifecycle Management.
Coverity Summary
05/01/2023 31
THANKYOU!!
05/01/2023 32
http://zeroturnaround.com/rebellabs
http://docs.codehaus.org/display/SONAR/Configuring+SonarQube+in+Eclipse
Reference