1591469467
1604008800
Static Code Analysis: What It Is? How to Use It?
Static code analysis refers to the technique of approximating the runtime behavior of a program. In other words, it is the process of predicting the output of a program without actually executing it.
Lately, however, the term “Static Code Analysis” is more commonly used to refer to one of the applications of this technique rather than the technique itself — program comprehension — understanding the program and detecting issues in it (anything from syntax errors to type mismatches, performance hogs likely bugs, security loopholes, etc.). This is the usage we’d be referring to throughout this post.
“The refinement of techniques for the prompt discovery of error serves as well as any other as a hallmark of what we mean by science.”
- J. Robert Oppenheimer
Outline
We cover a lot of ground in this post. The aim is to build an understanding of static code analysis and to equip you with the basic theory, and the right tools so that you can write analyzers on your own.
We start our journey with laying down the essential parts of the pipeline which a compiler follows to understand what a piece of code does. We learn where to tap points in this pipeline to plug in our analyzers and extract meaningful information. In the latter half, we get our feet wet, and write four such static analyzers, completely from scratch, in Python.
Note that although the ideas here are discussed in light of Python, static code analyzers across all programming languages are carved out along similar lines. We chose Python because of the availability of an easy to use ast module, and wide adoption of the language itself.
How does it all work?
Before a computer can finally “understand” and execute a piece of code, it goes through a series of complicated transformations:
As you can see in the diagram (go ahead, zoom it!), the static analyzers feed on the output of these stages. To be able to better understand the static analysis techniques, let’s look at each of these steps in some more detail:
Scanning
The first thing that a compiler does when trying to understand a piece of code is to break it down into smaller chunks, also known as tokens. Tokens are akin to what words are in a language.
A token might consist of either a single character, like (, or literals (like integers, strings, e.g., 7, Bob, etc.), or reserved keywords of that language (e.g, def in Python). Characters which do not contribute towards the semantics of a program, like trailing whitespace, comments, etc. are often discarded by the scanner.
Python provides the tokenize module in its standard library to let you play around with tokens:
Python
1
import io
2
import tokenize
3
4
code = b"color = input('Enter your favourite color: ')"
5
6
for token in tokenize.tokenize(io.BytesIO(code).readline):
7
print(token)
Python
1
TokenInfo(type=62 (ENCODING), string='utf-8')
2
TokenInfo(type=1 (NAME), string='color')
3
TokenInfo(type=54 (OP), string='=')
4
TokenInfo(type=1 (NAME), string='input')
5
TokenInfo(type=54 (OP), string='(')
6
TokenInfo(type=3 (STRING), string="'Enter your favourite color: '")
7
TokenInfo(type=54 (OP), string=')')
8
TokenInfo(type=4 (NEWLINE), string='')
9
TokenInfo(type=0 (ENDMARKER), string='')
(Note that for the sake of readability, I’ve omitted a few columns from the result above — metadata like starting index, ending index, a copy of the line on which a token occurs, etc.)
#code quality #code review #static analysis #static code analysis #code analysis #static analysis tools #code review tips #static code analyzer #static code analysis tool #static analyzer
1621137960
Guidelines for Java Code Reviews
Get a jump-start on your next code review session with this list.
Having another pair of eyes scan your code is always useful and helps you spot mistakes before you break production. You need not be an expert to review someone’s code. Some experience with the programming language and a review checklist should help you get started. We’ve put together a list of things you should keep in mind when you’re reviewing Java code. Read on!
1. Follow Java Code Conventions
2. Replace Imperative Code With Lambdas and Streams
3. Beware of the NullPointerException
4. Directly Assigning References From Client Code to a Field
5. Handle Exceptions With Care
…
#java #code quality #java tutorial #code analysis #code reviews #code review tips #code analysis tools #java tutorial for beginners #java code review
1604088000
How to Find the Stinky Parts of Your Code (Part II)
There are more code smells. Let’s keep changing the aromas. We see several symptoms and situations that make us doubt the quality of our development. Let’s look at some possible solutions.
Most of these smells are just hints of something that might be wrong. They are not rigid rules.
This is part II. Part I can be found here.
Code Smell 06 - Too Clever Programmer
The code is difficult to read, there are tricky with names without semantics. Sometimes using language’s accidental complexity.
_Image Source: NeONBRAND on _Unsplash
Problems
- Readability
- Maintainability
- Code Quality
- Premature Optimization
Solutions
- Refactor the code
- Use better names
Examples
- Optimized loops
Exceptions
- Optimized code for low-level operations.
Sample Code
Wrong
function primeFactors(n){
var f = [], i = 0, d = 2;
for (i = 0; n >= 2; ) {
if(n % d == 0){
f[i++]=(d);
n /= d;
}
else{
d++;
}
}
return f;
}
Right
function primeFactors(numberToFactor){
var factors = [],
divisor = 2,
remainder = numberToFactor;
while(remainder>=2){
if(remainder % divisor === 0){
factors.push(divisor);
remainder = remainder/ divisor;
}
else{
divisor++;
}
}
return factors;
}
Detection
Automatic detection is possible in some languages. Watch some warnings related to complexity, bad names, post increment variables, etc.
#pixel-face #code-smells #clean-code #stinky-code-parts #refactor-legacy-code #refactoring #stinky-code #common-code-smells
1595060940
Why VS Code is so popular?
If you’re reading this post, I bet you know or maybe even use VS Code. This fact alone tells us a lot about the VS Code’s popularity. Millions of developers around the world from many different fields of software use this editor for their daily work. But why’s that?
In this article, I’d like to go over some of the most important reasons behind the VS Code’s popularity. We all know that the general answer is “because it’s good”, but I’d like to go deeper than that. To explore what makes a really good code editor and how it’s done!
Initial overview
For those of you wanting no fluff, here are all the reasons why I think the VS Code is so popular (in no particular order):
- open-source
- familiarity
- simplicity
- design
- extendability
Now, some of these reasons might be less or more clear, and even overlap with one another. But even if, we’ll try to dive into each of these reasons individually.
Open-source
The fact that the VS Code is (mostly) open-source is an unprecedented advantage. Not only does it mean that the software is free to use, but also that you can help to improve it.
Another less obvious advantage of going open-source is increased community engagement. While not all VS Code users contribute to its codebase, they get a certain feeling of unity - bondage that - at least in this field - only open-source can provide.
But being open-source is an advantage far from exclusive to VS Code. Other code editors such as Atom and even whole IDEs like Eclipse or NetBeans are also open-source. So, what’s more behind VS Code’s success?
Familiarity
Now, this might be a little convoluted but bear with me.
I think it’s safe to say that VS Code is most popular among web developers. And it’s not without a reason. The language that most web developers are accustomed to is - of course - JavaScript. And what’s powering VS Code and with what does it integrate best? You guessed it, JavaScript!
On the inside, the VS Code is built using Electron - a framework for creating desktop apps with JavaScript with the help of Chromium and Node.js. Many web developers using VS Code are aware of and appreciate this fact. Not all do, mainly because of Electron apps notorious high memory usage and low performance, but there are still people who appreciate how meta this is - you write JavaScript in a JavaScript app!
On the other hand, VS Code utilizes its impressive TypeScript integration to power autocompletion and other useful editing features for both JS and TS. If you’re using TypeScript, it could be said that VS Code is your best bet.
So, the fact that VS Code is built on top of web technologies and also provides great support for them, makes it feel familiar and pretty much the default choice for a large portion of its growing user-base - web developers.
Simplicity
Without a doubt, one of the biggest advantages of the VS Code is its simplicity. From the first steps to the UI to discovering new functionalities, everything in VS Code feels simple.
With that said, I don’t imply that the VS Code is lacking in any way in terms of features - not at all. Thanks to its extendable architecture (which we’ll talk about in a moment), VS Code - even when being just a code editor - can rival the feature-set of full-blown IDEs! But, unlike those IDEs, it still manages to do it in a compact, user-friendly way.
This simplicity also shows through the VS Code performance, which is surprisingly good - especially for an Electron app. Unless you through multiple extensions at it, VS Code will feel lightweight and snappy - as all things should be.
Design
Now, the design is usually a very subjective thing, but not so much with the VS Code. With minimalistic UI and customizable themes, everyone can find something for themselves.
I consider the UI of the VS Code clean and well-designed, without any clutter whatsoever. The only rival to VS Code in this regard is probably Atom - although it falls short in a few other areas.
As for the customizability, nearly all VS Code users have some kind of their most favorite theme. Even more than that, they can make such a theme themselves, as nearly all UI elements are customizable, and the whole process is as easy as setting values in a JSON file can possibly be.
Extendability
Lastly, the advantage that many VS Code users would consider the most important - extendability. There are literally thousands of extensions in the VS Code marketplace with new ones coming seemingly every single day!
Extensions can serve many different purposes. From extension-like UI themes to programming language support, debugging, Git integration, and even Spotify players! I won’t say that there’s everything, but there’s certainly more than enough. And even if there isn’t, then you can easily make your own with the help of some JavaScript/TypeScript and detailed docs.
But why extensions are so important? It’s because they make the VS Code what it currently is - a very capable piece of software. Without them, VS Code would be not much beyond glorified text editor with good design and basic autocompletion here and there. Extensions are really important to customizing your software to suit your personal needs. It’s you who pick what features you need and when do you need them.
#vs code #software #watercooler #visual studio code #coding
1598724000
How we created a GitLab Workflow Extension for VS Code
The people who work at GitLab are encouraged to build the things they want and need, which helps us expand the ways we work with our growing product. We’re thrilled to announce that we’ve created an official GitLab Workflow Extension for VS Code.
How did we get here?
More than two years ago, Fatih Acet, a former senior frontend engineer, Plan, started working on a VS Code extension to allow users to interact with GitLab from within their code editor. At GitLab, everything starts with a Merge Request, which is exactly how Fatih started building the extension. Fatih, along with more than 25 contributors, continued to expand on the extension by adding new features. The extension has been installed more than 160,000 times.
It’s been remarkable to see the way the community collaborated to build the extension, making it a tool that is valuable to their work. The GitLab Workflow Extension is the perfect case study of how developers can create meaningful work at this company.
When Fatih decided to move on from GitLab in March 2020, we had an opportunity to take over the GitLab Workflow Extension, turning it into a tool GitLab would officially maintain and support. We jumped at the opportunity to maintain an auxilary project outside of the main GitLab project. As we continue to move fast and create the best experiences possible for our users, we expect this extension to become a key component of our strategy.
How to use the extension
If you want to start using the extension, you can install it from within VS Code directly by searching for GitLab Workflow which is now published through an official GitLab account.
If you were already using the extension, it automatically updated to the GitLab publisher, and you might have already seen a few updates coming in.
What improvements have we made?
When we took over the extension, we worked with other teams across GitLab to immediately perform an application security review. Along the way, we made sure to create a security release-process. We did this to ensure that users were safe to continue using the extension and so that we could fix any problems that surface. We also worked through some automation to help with publishing the extension and begin to lay a foundation for future testing.
We also shipped version 3.0.0 which was spearheaded by our community and helped to resolve some long-standing bugs and issues. The extension has come a long way in just a few short weeks. We’re excited by the progress we’re making and the engagement we’re continuing to see, but there is still a lot that needs to be done.
What’s next?
Nothing in software development is perfect, and so we are aware of the shortcomings of the extension, some inconsistencies, and some long open feature requests. You can see our many to-dos on our GitLab Workflow Extension issues list. For now, we’re focused on triaging the existing issues and capturing any new bugs. You should see much more involvement from our Create: Editor team as we continue these efforts, and we’re looking forward to engaging with the community on these items.
We’re also evaluating the best path forward for maintaining the extension, by focusing on the test-suite and code-quality, so we won’t break things by accident. You can join us in our discussion on this issue. While this might slow down some new feature releases in the short-term, we’re confident these are the right long-term decisions to ensure you have an extension you can trust, so you can make the GitLab Extension an integral part of your workflow.
Everyone can contribute
The extension is open source, and we’re improving the “How to Contribute” guides alongside some other documentation. We want to have a space where everyone can contribute and make this extension better for all of us.
#visual studio code #code #vs code