90% of the time invested into the development of computer software pertains to testing. A portion of a source code is written, tested, debugged, fixed, tested again, and rewritten in portions. At least that’s my procedure: Write, test, fix a couple lines, test again, and rewrite, and test again… it’s exhausting. And finally, when you think you have it right, the build is released to your clients and users, to find out 10 days later that they have found a few more bugs, sent to you via emails and bug reports.
Testing comes in a gamut of methods: debuggers, unit tests, logs and exceptions, user trials, etc… All of which are used procedurally after compile time. But what if there was one more dimension of testing? …One that occurred before compile time. After all, compiling and building so often can be time consuming, especially if we are talking in terms of tens of thousands of lines of code. Another method exists. That dimension is called Static Code Analysis. It’s something that I have researched and trialed in the recent weeks, and it works prior to compile time.
Static code analysis is a dimension of code testing occurring before compile time. It analyzes your code line by line. It will find areas where errors are bound to occur or have a good probability of occurring. Many static code analysis tools will also find duplicate code (which can cause errors if the original source of the duplicate contains an error itself or is changed later, after being duplicated). Many also offer optimizations. You can also adjust your settings to allow the analyzer to search for common code styling issues and ensure that a code complies with common style standards or company specific style standards (although I have all the style checking settings deactivated as they are not a top priority and cause many needless suggestions).
Our code is written in C# with .Net. I tried a dozen different static code analyzer tools. Many of these tools were obsolete and didn’t offer any productivity to testing. Others offered so many suggestions in its findings through which I spent too much time sifting and examining that I added no efficiency and productivity to the testing and debugging process. Others were so expensive (into the tens of thousands of dollars) for a license that it was hard to justify the cost. One stood out, however. ReSharper by JetBrains (the creators IntelliJ IDEA) is exactly what I was looking for.
Here are a few examples…Many areas in the code, Lists are used with the understanding that they must not be null. However, it was innocently forgotten to assert the truth that those lists are in fact not empty. ReSharper reminded me that these Lists had the potential to be null, which would cause a runtime error, and with the click of a button, added an assert statement to affirm that a list was in fact non-null. Another common occurrence in the code was the Boolean comparison of two floating point numbers. Due to the way floating point primitives are implemented, if a number or its decimal is not a power of 2, it will lose its precision due to rounding. Therefore, comparing a floating point number can generate the incorrect result because of that minor rounding detail. ReSharper found these areas and offered suggestions to fix the code. Another, ReSharper found conditionals that always returned true or false, causing unreachable code in areas. This may or may not be intentional on the programmer’s part, but it is still beneficial that ReSharper reminds the programmer of this, in the case that it is unintentional and causes an unwanted error. All this, along with other errors were found before Compile time and Run time, saving me the trouble of trying to debug these aspects with various unit tests and having our clients run into any potential issues.
ReSharper is definitely worth looking at and worth the investment. Their website is: http://www.jetbrains.com/resharper/
Still not convinced?… do some research of your own as well. The following Wikipedia link has a long list of other static code analysis tools: http://en.wikipedia.org/wiki/List_of_tools_for_static_code_analysis
-Your fellow tech friend