Thursday, June 20, 2013

Android static code analysis tools

If you think you know Java well, you are probably wrong. And even if you are a true pro, you certainly still make mistakes - yes even those silly ones. To make it more daunting, Android is not just plain old Java. It enforces the use of mechanisms that are not easy to understand at all: multithreading, generic types, memory management, and various design patterns. Do you still think you're good enough on your own? Watch the videos below (or at least skim them).



The guy in gray hair is Joshua Bloch - the former Chief Java Architect at Google (he quit in 2012 after 8 years there) and the author of  Java Collections framework. As you can probably guess, he's a pretty smart guy. He also has a good sense of humor, which isn't very common in the IT world. If you'd like to rake your brains some more, check out his book: Java Puzzlers: Traps, Pitfalls, and Corner Cases.

But back to the point. Knowing the syntax of a programming language is not the same as being a good programmer. I remember reading Effective Java (again by Joshua Bloch) and getting surprised every chapter at how little I knew about high quality code. I worship this book for showing me that I had (and most certainly still have) a lot to learn and that Java is much more complex than it appears to be at the first glance. After reading it three times back to back and getting a couple years of experience I feel much more comfortable now in the world of classes, variables, and methods. However, the conclusion you should be getting from this rant is that no matter how skilled or smart you are, you will always be creating bugs.

So, is there anything we, programmers, can do to prevent at least some of the mistakes we make? The answer is yes and we can achieve it using static code analysis.

For all those who are not familiar with this term, do you remember when Eclipse suggested that you get rid of a variable because you were not using it anywhere or when you used the assignment operator for comparison when you actually meant to write ==? That's, more or less, it, but there are much more powerful tools that can take it to the next level. Let's see what they are.

Lint

This tool is already there for you without the need to install anything. It has been introduced in ADT 16 and has been a part of your Eclipse ever since. What can it do? It works with Android specific functionality, checking such things as:
  • missing translations, e.g. when you have a text resource in one language but not in another
  • layout performance problems, e.g. when you nest views unnecessarily
  • unused resources, e.g. when you have images in your res folder that you never refer to
  • accessibility and internationalization problems, e.g. when you hardcode strings
  • icon problems, e.g. when you failed to provide icons for all screen densities or they have wrong sizes
  • manifest errors
Lint is always there for you, running in the background. However, it does not scan the whole project unless you tell it to by pressing the checkbox icon in the toolbar. Make sure you do it from time to time and don't just ignore the messages that appear in the Lint Warnings view. Each of them provides a lengthy explanation of what's wrong with your code and even if you still don't get it - ask Google.


It's one of my favourite tools. You can easily install an Eclipse plugin by going to the Eclipse Marketplace (Help/Eclipse Marketplace...). Then right click your project and choose Find Bugs/Find Bugs...

I guarantee that you'll be surprised at what you find. They scanned the latest Java JDK itself and discovered quite a lot of things that should have been done differently. If the Oracle's employees have been so sloppy, I wonder how your projects do...

Here's what bug patterns FindBugs looks for:
  • difficult language features
  • misunderstood API methods
  • misunderstood invariants when code is modified during maintenance
  • garden variety mistakes: typos, use of the wrong boolean operator
P.S. They use FindBugs regularly at Google to keep their code quality high.


Google CodePro Analytix

You can again get it from the Eclipse Marketplace. It provides similar functionality as FindBugs, but also:
  • finds duplicated code
  • generates JUnit test for you
  • computes code metrics
  • computes test code coverage
  • draws dependency analysis diagrams
I discovered CodePro quite recently and I must say it's very powerful and helps me a lot.


It used to be a tool checking if the code meets the specified coding standards. It has evolved since then and has become a very powerful ally in the battle with bugs. You must certainly get to know it, because it has been the industry constant for a good couple of years. Extremely easy to install through Eclipse Marketplace.


Yet another code analyzer. Very powerful, one of the best known by programmers and downloadable as an Eclipse plugin.






Other tools

If, for some reason, the tools mentioned above are not enough for you or you just want to experiment with more of them, make sure to take a look at the list of tools for static analysis at Wikipedia. It contains useful utilities for languages other that Java as well.


Use it!

I hope I don't have to repeat myself and tell you one more time that using static code analysis is a must. You don't have to install all of the tools mentioned, but choose at least one that you like and run it whenever you add some new functionality. Don't ignore the warnings! There will be false positives from time to time, but treat them with caution and look for a detailed description online whenever you don't quite understand what's wrong. I guarantee, that you'll find bugs you haven't event thought of and that you'll learn a lot by correcting them.


If you feel like sharing your experience, let me know what tools you like the most and what unexpected errors you were able to find. Don't be ashamed of your code. Remember that even smart people make dumb mistakes.



1 comment:

  1. Including open source static analysis tools as a part of the development cycle is the best way to ensure delivery of an efficient and reliable software product.

    ReplyDelete