310 likes | 507 Views
Automated Quality Assurance. Philip Johnson Collaborative Software Development Laboratory Information and Computer Sciences University of Hawaii Honolulu HI 96822. Objectives.
E N D
Automated Quality Assurance Philip Johnson Collaborative Software Development Laboratory Information and Computer Sciences University of Hawaii Honolulu HI 96822
Objectives • Understand motivation for automated quality assurance through static analysis, and how it differs from “manual” quality assurance. • Learn about various automated quality assurance tools. • Understand the strengths and weaknesses of the Java-based static analysis tools used in this class (Checkstyle, PMD, FindBugs).
Quality Assurance • High level: • Does the system satisfy the three prime directives? • Low level: • Does the system have “good” tests? • Does the system conform to coding standards? • Does the system contain code known to be defect-prone? • Does the system satisfy its requirements? • We use a combination of “manual” and “automated” techniques to assess QA at the “high” and “low” levels.
Manual QA • Examples of manual QA techniques: • Writing unit tests with JUnit • Conducting code reviews. • Strengths of manual QA: • Find defects involving requirements. • Low false positive rate. • Weaknesses of manual QA: • Difficult/expensive approach to low-level implementation defects. • Must be redone for all projects.
Automated QA • Examples of automated QA: • Lint, Checkstyle, PMD, FindBugs, DependencyFinder, Coverity, FxCop • Strengths of automated QA: • Can find classes of implementation defects that developers may not be skilled enough in the language/environment to detect via testing or inspection! • Can be reused on any project. • Weaknesses: • Potential high false positive rate. • Does not find requirements-level defects.
Checkstyle • Checkstyle performs source code analysis. • Originally for "coding standard" (formatting) • Now includes design-level best practice compliances. • Classes of checks: • JavaDoc, Naming Conventions, Headers, Size Violations, Imports, WhiteSpace, Modifers, Block Checks, Coding, Class Design, Duplicate Code, Metrics, J2EE. • Can be extended with new checks. • Use a configuration file to customize what checks your system should comply with.
PMD • PMD also performs source code analysis. • More 'design' oriented than Checkstyle. • Lots of overlap. • PMD rulesets: • Basic, Braces, Code Size, Clone, Controversial, Coupling, Design, Finalizers, Import, J2EE, JavaBeans, JUnit, Logging, Migrating, Naming, Optimizations, Exceptions, Strings, Security, Unused Code, JSP, JSF. • Eventually, can choose one of PMD/Checkstyle.
FindBugs • FindBugs analyzes byte codes, not source codes. • Example problem: ignored return value: • String b = "bob"; b.replace('b', 'p'); if(b.equals("pop")){...} • FindBugs defect detectors are quite different in nature from source code analyzers because the system can perform forward and backward data flow.
QA in this class • One goal of this course is to provide you with a set of techniques to build • high quality systems • as fast as possible • To accomplish this, you must learn how to apply the correct mix of automated and manual QA techniques. • Don’t write tests (or do reviews) to catch defects that an automated QA tool can find. • Don’t believe that automated QS tools can find all of your errors.