Static code analysis with Rational Software Analyzer

I struggled to find time to preform code reviews around projects and tight deadlines? However I found if you are using RAD? then the Analyse tool can help your team be more efficient and reduce the code review time.

There is a cut down version of Rational Software Analyzer that is integrated into Rational Application Developer (RAD) 7.5 that allows you to improve code quality and decrease the time it takes to perform a code review. Initially you’ll probably find a fair few items identified, but trust me this reduces as you move forward and start using the analyser as part of your daily routine or even better nightly build. It’ll also help developers start coding to the same standards.

Our development team took the approach that you don’t ‘have’ to fix all the issues identified in a given project/component, but as a rule you should be running the Software Analyzer on the methods and classes you’ve created or edited. So if you edit a method with an issue (e.g missing java doc) it is your duty to correct it. If it’s more complex refactoring we treated on a case by case basis (normally down to experience of the developer). The pros as that all the developers gained more exposure to Java code standard and we were able to tidying some of the older code as we went along rather than a big block of refactoring.

For our first pass analysis I selected the most critical rules plus a few extra around javadoc.  Some might be not be applicable for example there’s a critical rule states you should check a objects type before casting it, a valid rule indeed however all the RAD generated code in the JSF backing beans breaks this rule, so you’ll want to ignore it for classes in the pagecode.* package. Example of RAD generated code that breaks the casting analysis check.

protected HtmlPanelGrid getNewPremiumdetailsbox1() {
if (newPremiumdetailsbox1 == null) {
newPremiumdetailsbox1 = (HtmlPanelGrid) findComponentInRoot(“newPremiumdetailsbox1”);
}
return newPremiumdetailsbox1;
}

The idea is that you Analysed your code before submitted for code review and that if you haven’t fixed the raised issue they should be a comment explaining why. All developers were asked to pay particular attention to the Java Doc rules – can’t really think of an excuse for not adhering to those rules?

My only gripe is that Rational Software Analyzer doesn’t contain explanation of the issue raised? why is not checking an object’s type before casting just an issue? obvious to some but not others.  This enhanced functionality is included in the standalone paid Rational Software Analyzer product. However found a quick google or question on Stackoverflow explains why certain issues have been flagged.

Here’s a few screen shots on how to kick it off:

Firstly go to Run > Analysis

Screenshot of launching the Analysis tool

This will launch the Software Analyzer config window, create a new configuration and import the rule set (or select a predefined one)

Screenshot Config window

Here’s the rules with there various priority levels these can be edited. Once your happy click Analyse to start.

Screenshot of the Code Analysis Rules

This is what you code will look like after the see the blue underlines and ticks and crosses to the left of the code.

screenshot showing the Rules flagged in code

  • Hi Scott, do you have a reference you can share to a method for ignoring code in a particular Java package? We’re working with WebSphere Integration Developer (WID) and it generates a lot of code that we don’t want to scan. The developers haven’t seen an obvious way to do this.

  • Pingback: Static Analysis of Android Applications | Life in Linux Kernel()