Upload
jug-lausanne
View
310
Download
2
Embed Size (px)
DESCRIPTION
Session dédiée à l'analyse de la qualité du code Java - Cyril Picat - February 2011 Alan Perkins (Coverity), Chris Chedgey (Headway Software), Bogdan Czwartkowski (Parasoft), Freddy Mallet (Sonar), Henri Tremblay (XDepend)
Citation preview
Copyright © 2011 – Licence CC – Creative Commons 2.0 France – Paternité – Pas d'Utilisation Commerciale – Partage des Conditions Initiales à l'Identique
Thursday February 10th, 2011
Copyright © 2011 – Licence CC – Creative Commons 2.0 France – Paternité – Pas d'Utilisation Commerciale – Partage des Conditions Initiales à l'Identique
The Good Old Way...
2
Copyright © 2011 – Licence CC – Creative Commons 2.0 France – Paternité – Pas d'Utilisation Commerciale – Partage des Conditions Initiales à l'Identique 3
The JUGL Way
A head-to-head live comparison But don’t expect any winner...
A quick overview of the market The leading products (*) Showcased by experts
An introduction to software assessment and software quality management
A first contact with vendors If you would like to start tomorrow...
(*) CAST, a clear leader, is missing. They unfortunately declined our invitation.
Copyright © 2011 – Licence CC – Creative Commons 2.0 France – Paternité – Pas d'Utilisation Commerciale – Partage des Conditions Initiales à l'Identique
Tonight « Wrestlers »
4
Alan Perkins Sales Engineering Manager EMEA
Chris Chedgey CEO
Bogdan Czwartkowski Professional Services Manager
Freddy Mallet Co-director & co-founder
Henri Tremblay Senior Architect
Copyright © 2011 – Licence CC – Creative Commons 2.0 France – Paternité – Pas d'Utilisation Commerciale – Partage des Conditions Initiales à l'Identique
Their Mission
No fluff just stuff A maximum of time dedicated to demos, 2-3 slides max.
Have each vendor assess the same application An open-source application
Select an application close to (y)our daily work A web application, not a framework
All issues are interesting At all levels: code correctness, logic, architecture, performance... In all codes: Java code, DB code and schema, HTML/CSS... Detected in any ways, static or dynamic
5
Copyright © 2011 – Licence CC – Creative Commons 2.0 France – Paternité – Pas d'Utilisation Commerciale – Partage des Conditions Initiales à l'Identique
The Target
6
“ IceScrum is an J2EE application for using Scrum while keeping the spirit of a collaborative workspace ”
IceScrum: www.icescrum.org Scrum Alliance: www.scrumalliance.org
Copyright © 2011 – Licence CC – Creative Commons 2.0 France – Paternité – Pas d'Utilisation Commerciale – Partage des Conditions Initiales à l'Identique
Some Background and Architecture
7
IceScrum 1: Desktop application in Java / Swing
IceScrum 2: Web application in Java / JSF
IceScrum 3: Web application in Grails
2005
2008
2010
Toni
ght
Link to SVN repository on SourceForge
JSF / IceFaces
Spring
Hibernate M
aven
Copyright © 2011 – Licence CC – Creative Commons 2.0 France – Paternité – Pas d'Utilisation Commerciale – Partage des Conditions Initiales à l'Identique
Agenda
Introduction: 5 minutes
20 minutes by vendor to assess IceScrum2, in this order: Sonar Parasoft XDepend Headway Coverity
Discussion panel: 20 minutes
Conclusion: 5 minutes
Aperitif
8
You are here
Copyright © 2011 – Licence CC – Creative Commons 2.0 France – Paternité – Pas d'Utilisation Commerciale – Partage des Conditions Initiales à l'Identique
Introduction: 5 minutes
20 minutes by vendor to assess IceScrum2, in this order: Sonar Parasoft XDepend Headway Coverity
Discussion panel: 20 minutes
Conclusion: 5 minutes
Aperitif
Agenda
9
You are here
Copyright © 2011 – Licence CC – Creative Commons 2.0 France – Paternité – Pas d'Utilisation Commerciale – Partage des Conditions Initiales à l'Identique
SONAR - Dashboard
10
Copyright © 2011 – Licence CC – Creative Commons 2.0 France – Paternité – Pas d'Utilisation Commerciale – Partage des Conditions Initiales à l'Identique
SONAR - SQALE Quality Model
11
Copyright © 2011 – Licence CC – Creative Commons 2.0 France – Paternité – Pas d'Utilisation Commerciale – Partage des Conditions Initiales à l'Identique
Introduction: 5 minutes
20 minutes by vendor to assess IceScrum2, in this order: Sonar Parasoft XDepend Headway Coverity
Discussion panel: 20 minutes
Conclusion: 5 minutes
Aperitif
Agenda
12
You are here
Copyright © 2011 – Licence CC – Creative Commons 2.0 France – Paternité – Pas d'Utilisation Commerciale – Partage des Conditions Initiales à l'Identique
Parasoft JTest - Metrics
13
Copyright © 2011 – Licence CC – Creative Commons 2.0 France – Paternité – Pas d'Utilisation Commerciale – Partage des Conditions Initiales à l'Identique
Parasoft JTest – Static Analysis
14
Copyright © 2011 – Licence CC – Creative Commons 2.0 France – Paternité – Pas d'Utilisation Commerciale – Partage des Conditions Initiales à l'Identique
Parasoft JTest – Duplications
15
Copyright © 2011 – Licence CC – Creative Commons 2.0 France – Paternité – Pas d'Utilisation Commerciale – Partage des Conditions Initiales à l'Identique
Parasoft JTest – Flow Analysis
16
Copyright © 2011 – Licence CC – Creative Commons 2.0 France – Paternité – Pas d'Utilisation Commerciale – Partage des Conditions Initiales à l'Identique
Parasoft JTest – Runtime Error Detection
17
Copyright © 2011 – Licence CC – Creative Commons 2.0 France – Paternité – Pas d'Utilisation Commerciale – Partage des Conditions Initiales à l'Identique
Introduction: 5 minutes
20 minutes by vendor to assess IceScrum2, in this order: Sonar Parasoft XDepend Headway Coverity
Discussion panel: 20 minutes
Conclusion: 5 minutes
Aperitif
Agenda
18
You are here
Copyright © 2011– OCTO Technology – Licence CC – Creative Commons 2.0 France – Paternité – Pas d'Utilisation Commerciale – Partage des Conditions Initiales à l'Identique
XDepend - Fonctionnalités
19
Fonctionnalités Support Règles de nommage ✓ Règles d'architecture ✓ Structure du code ✓ Erreur de logique ✗ Analyse dynamique ✗ Intégration des tests ✓ Intégration continue ✓
Fonctionnalités Support Intégration IDE ✗ Historique ✓ Langage de requêtage ✓ Implémentation de nouvelles règles
✓
Règles de sécurité ✗ Dashboard pour le manager
✗
Richesse de l‘éco-système
✗
Prix: 299 € dégressif en fonction du nombre de licences
Copyright © 2011– OCTO Technology – Licence CC – Creative Commons 2.0 France – Paternité – Pas d'Utilisation Commerciale – Partage des Conditions Initiales à l'Identique
XDepend - Vue principale
20
Copyright © 2011– OCTO Technology – Licence CC – Creative Commons 2.0 France – Paternité – Pas d'Utilisation Commerciale – Partage des Conditions Initiales à l'Identique
XDepend - Métriques
21
Copyright © 2011 – Licence CC – Creative Commons 2.0 France – Paternité – Pas d'Utilisation Commerciale – Partage des Conditions Initiales à l'Identique
Introduction: 5 minutes
20 minutes by vendor to assess IceScrum2, in this order: Sonar Parasoft XDepend Headway Coverity
Discussion panel: 20 minutes
Conclusion: 5 minutes
Aperitif
Agenda
22
You are here
Copyright © 2011 – Licence CC – Creative Commons 2.0 France – Paternité – Pas d'Utilisation Commerciale – Partage des Conditions Initiales à l'Identique
Introduction: 5 minutes
20 minutes by vendor to assess IceScrum2, in this order: Sonar Parasoft XDepend Headway Coverity
Discussion panel: 20 minutes
Conclusion: 5 minutes
Aperitif
Agenda
27
You are here
This session has not been recorded according to Coverity’s will !
Coverity Integrity Center
Precision Software Analysis Across Lifecycle
• Increase customer satisfaction by eliminating product delays and recalls caused by software problems
• Speed time to market by making software changes faster and with less risk
• Innovate rapidly by reducing time developers spend fixing software design, code, and delivery problems
Steps To Mitigate Risk
2
3
4
Code base
Project 1
Project 3
Project 2
Browse code
Integrity Analysis Engine
Scan your software
Find priority defects List of Defects
_ 10001 critical _ 10002 major _ 10003 major _ 10004 critical _ 10005 major
Impact Rankings
Map defect impact
Fix priority defects
Report defect remediation
PRODUCTS
1
5
Emacs
Mainline/Trunk/Head/Development
2.4 release
2.4.1 release
2.6 release
2.6.2 release
2.6.2.1 release
Merge fix
Defect in the original development branch and never fixed affects all products
Defect introduced in a release branch before a merge
Defect introduced in a release branch after a merge
Shared Code Branching & Defect Impact
Mainline/Trunk/Head/Development
2.4 release
2.4.1 release
2.6 release
2.6.2 release
2.6.2.1 release
Branch of a codebase: Project 2.4 2 streams
Analyze 2.6, 2.6.2 and 2.6.2.1 releases
Mainline/Trunk/Head/Development
2.4 release
2.4.1 release
2.6 release
2.6.2 release
2.6.2.1 release
Branch of a codebase: Project 2.4 2 streams
Common Defects are merged by CIM
Stream 1
Stream 2 Project 2.6
Stream 3
Copyright © 2011 – Licence CC – Creative Commons 2.0 France – Paternité – Pas d'Utilisation Commerciale – Partage des Conditions Initiales à l'Identique
Agenda
Introduction: 5 minutes
20 minutes by vendor to assess IceScrum2, in this order: Sonar Parasoft XDepend Headway Coverity
Discussion panel: 20 minutes
Conclusion: 5 minutes
Aperitif
33
You are here
Copyright © 2011 – Licence CC – Creative Commons 2.0 France – Paternité – Pas d'Utilisation Commerciale – Partage des Conditions Initiales à l'Identique
Agenda
Introduction: 5 minutes
20 minutes by vendor to assess IceScrum2, in this order: Sonar Parasoft XDepend Headway Coverity
Discussion panel: 20 minutes
Conclusion: 5 minutes
Aperitif
34
You are here
Copyright © 2011 – Licence CC – Creative Commons 2.0 France – Paternité – Pas d'Utilisation Commerciale – Partage des Conditions Initiales à l'Identique
What the IceScrum Team Says
Pain points – Interview with Vincent Barrier Much pain with JSF
SW architecture leading to difficult and costly evolutions
Strong performance issues
Tooling issues (m2 plugin)
Difficulty to take new developers on board
Heterogeneous code and quality issues
35
Copyright © 2011 – Licence CC – Creative Commons 2.0 France – Paternité – Pas d'Utilisation Commerciale – Partage des Conditions Initiales à l'Identique
Share It!
Find these + the vendors’ slides on the JUGL web site http://jugl.ch
Live it on Parleys http://parleys.com/#id=102931&st=4
React and follow further discussions on Twitter #jugl or @cyrilpicat
Read Kalistick report and SQuORING report on IceScrum2
36
http://bit.ly/eB7oRM
http://bit.ly/gDtmnj
Copyright © 2011 – Licence CC – Creative Commons 2.0 France – Paternité – Pas d'Utilisation Commerciale – Partage des Conditions Initiales à l'Identique
Agenda
Introduction: 5 minutes
20 minutes by vendor to assess IceScrum2, in this order: Sonar Parasoft XDepend Headway Coverity
Discussion panel: 20 minutes
Conclusion: 5 minutes
Aperitif
37
You are here