FemtoCleaner.jl: The Code Behind Femtocleaner

FemtoCleaner

FemtoCleaner cleans your julia projects by upgrading deprecated syntax, removing version compatibility workarounds and anything else that has a unique upgrade path. FemtoCleaner is designed to be as style-preserving as possible. It does not perform code formatting. The logic behind recognizing and rewriting deprecated constructs can be found in the Deprecations.jl package, which makes use of CSTParser.jl under the hood.

serious femtocleaning

User Manual

To set up FemtoCleaner on your repository, go to https://github.com/integration/femtocleaner and click "Configure" to select the repositories you wish to add.

Invoking FemtoCleaner

There are currently three triggers that cause FemtoCleaner to run over your repository:

  1. FemtoCleaner is installed on your repository for the first time
  2. You change your repositories REQUIRE file to drop support for old versions of julia
  3. Manually, by opening an issue with the title Run femtocleaner on the desired repository.

In all cases, femtocleaner, will clone your repository, upgrade any deprecations it can and then open a pull request with the changes (in case 3, it will convert the existing issue into a PR instead).

Interacting with the PR

FemtoCleaner can automatically perform certain common commands in response to user request in a PR review. These commands are invoked by creating a "Changes Requested" review. FemtoCleaner will attempt to interpret each comment in such a review as a request to perform an automated function. The following commands are currently supported.

  • delete this entirely - FemtoCleaner address the review by deleting the entire expression starting on the referenced line.
  • align arguments - Assuming the preceding line contains a multi-line function signature, reformat the argument list, aligning each line to the opening parenthesis.
  • bad bot - To be used when you deem the action taken by the bot to be incorrect. At present this will automatically open an issue on this repository.

If there are other such actions you would find useful, feel free to file an issue or (even better) submit a PR.

Privacy and Security

FemtoCleaner receives the content of many GitHub hooks. These contain certain publicly available details about the repository and the user who initiated the event. AttoBot will also make several subsequent queries via the public GitHub api to the repository in question. The contents of these may be retained in server logs.

In order to perform its function, FemtoCleaner requires read/write access to your repository and its issues and pull requests. While FemtoCleaner runs in a sandboxed environment and access to the underlying hardware is controlled and restricted, you should be aware that you are extending these rights. If you are intending to install FemtoCleaner on an organizational account, please ensure you are authorized to extend these permissions to FemtoCleaner.

For the foregoing reasons, you should not install FemtoCleaner on a private repository. Doing so may result in disclosure of contents of the private repository.

Please note that the license applies to both the source code and your use of the publicly hosted version thereof. In particular:

THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

Running FemtoCleaner locally

It is possible to run FemtoCleaner locally (to fix, for example, deprecations in a private repository).

Install FemtoCleaner (currently working on Julia v0.6.x only) using

Pkg.clone("https://github.com/Keno/AbstractTrees.jl")
Pkg.clone("https://github.com/JuliaComputing/Deprecations.jl")
Pkg.clone("https://github.com/JuliaComputing/FemtoCleaner.jl")

A repository of Julia code can be cleaned using

FemtoCleaner.cleanrepo(path::String; show_diff = true, delete_local = true)

This clones the repo located at path, which can be a file system path or a URL, to a temporary directory and fix the deprecations. If show_diff is true, the diff from applying the deprecations is showed. If delete_local is true the cleaned repo, is deleted when the function is finished.

Developer Manual

You are encouraged to contribute changes to this repository. This software is used by many people. Even minor changes in usability can make a big difference. If you want to add additional interactions to the bot itself, this repository is the right place. If you want to contribute additional deprecation rewrites, please do so at https://github.com/JuliaComputing/Deprecations.jl.

Deployment of the publicly hosted copy

The publicly hosted copy of FemtoCleaner is automatically deployed from the master branch of this repository whenever a new commit to said branch is made.

Setting up a development copy of femtocleaner

It is possible to set up a copy of femtocleaner to test changes to the codebase before attempting to deploy them on the main version. To do so, you will need a publicly routable server, with a copy of julia and this repository (and its dependencies). You will then need to set up your own GitHub app at https://github.com/settings/apps/new. Make sure to enter your server in the "Webhook URL" portion of the form. By default, the app will listen on port 10000+app_id, where app_id is the ID GitHub assigns your app upon completion of the registration process. Once you have set up your GitHub app, you will need to download the private key and save it as privkey.pem in Pkg.dir("FemtoCleaner"). Additionally, you should create a file named app_id, containing the ID assigned to your app by GitHub (it will be visible on the confirmation page once you have set up your app with GitHub). Then, you may launch FemtoCleaner by running julia -e 'using FemtoCleaner; FemtoCleaner.run_server()'. It is recommended that you set up a separate repository for testing your staging copy that is not covered by the publicly hosted version, to avoid conflicting updates. GitHub provides a powerful interface to see the messages delivered to your app in the "Advanced" tab of your app's settings. In particular, for interactive development, you may use the Revise package to reload FemtoCleaner source code before every request (simply execute using Revise on a separate line in the REPL before running FemtoCleaner). By editing the files on the server and using GitHub's "Redeliver" option to replay events of interest, a quick edit-debug cycle can be achieved.

Download Details:

Author: JuliaComputing
Source Code: https://github.com/JuliaComputing/FemtoCleaner.jl 
License: View license

#julia #clean #github 

What is GEEK

Buddha Community

FemtoCleaner.jl: The Code Behind Femtocleaner
Tyrique  Littel

Tyrique Littel

1604008800

Static Code Analysis: What It Is? How to Use It?

Static code analysis refers to the technique of approximating the runtime behavior of a program. In other words, it is the process of predicting the output of a program without actually executing it.

Lately, however, the term “Static Code Analysis” is more commonly used to refer to one of the applications of this technique rather than the technique itself — program comprehension — understanding the program and detecting issues in it (anything from syntax errors to type mismatches, performance hogs likely bugs, security loopholes, etc.). This is the usage we’d be referring to throughout this post.

“The refinement of techniques for the prompt discovery of error serves as well as any other as a hallmark of what we mean by science.”

  • J. Robert Oppenheimer

Outline

We cover a lot of ground in this post. The aim is to build an understanding of static code analysis and to equip you with the basic theory, and the right tools so that you can write analyzers on your own.

We start our journey with laying down the essential parts of the pipeline which a compiler follows to understand what a piece of code does. We learn where to tap points in this pipeline to plug in our analyzers and extract meaningful information. In the latter half, we get our feet wet, and write four such static analyzers, completely from scratch, in Python.

Note that although the ideas here are discussed in light of Python, static code analyzers across all programming languages are carved out along similar lines. We chose Python because of the availability of an easy to use ast module, and wide adoption of the language itself.

How does it all work?

Before a computer can finally “understand” and execute a piece of code, it goes through a series of complicated transformations:

static analysis workflow

As you can see in the diagram (go ahead, zoom it!), the static analyzers feed on the output of these stages. To be able to better understand the static analysis techniques, let’s look at each of these steps in some more detail:

Scanning

The first thing that a compiler does when trying to understand a piece of code is to break it down into smaller chunks, also known as tokens. Tokens are akin to what words are in a language.

A token might consist of either a single character, like (, or literals (like integers, strings, e.g., 7Bob, etc.), or reserved keywords of that language (e.g, def in Python). Characters which do not contribute towards the semantics of a program, like trailing whitespace, comments, etc. are often discarded by the scanner.

Python provides the tokenize module in its standard library to let you play around with tokens:

Python

1

import io

2

import tokenize

3

4

code = b"color = input('Enter your favourite color: ')"

5

6

for token in tokenize.tokenize(io.BytesIO(code).readline):

7

    print(token)

Python

1

TokenInfo(type=62 (ENCODING),  string='utf-8')

2

TokenInfo(type=1  (NAME),      string='color')

3

TokenInfo(type=54 (OP),        string='=')

4

TokenInfo(type=1  (NAME),      string='input')

5

TokenInfo(type=54 (OP),        string='(')

6

TokenInfo(type=3  (STRING),    string="'Enter your favourite color: '")

7

TokenInfo(type=54 (OP),        string=')')

8

TokenInfo(type=4  (NEWLINE),   string='')

9

TokenInfo(type=0  (ENDMARKER), string='')

(Note that for the sake of readability, I’ve omitted a few columns from the result above — metadata like starting index, ending index, a copy of the line on which a token occurs, etc.)

#code quality #code review #static analysis #static code analysis #code analysis #static analysis tools #code review tips #static code analyzer #static code analysis tool #static analyzer

Samanta  Moore

Samanta Moore

1621137960

Guidelines for Java Code Reviews

Get a jump-start on your next code review session with this list.

Having another pair of eyes scan your code is always useful and helps you spot mistakes before you break production. You need not be an expert to review someone’s code. Some experience with the programming language and a review checklist should help you get started. We’ve put together a list of things you should keep in mind when you’re reviewing Java code. Read on!

1. Follow Java Code Conventions

2. Replace Imperative Code With Lambdas and Streams

3. Beware of the NullPointerException

4. Directly Assigning References From Client Code to a Field

5. Handle Exceptions With Care

#java #code quality #java tutorial #code analysis #code reviews #code review tips #code analysis tools #java tutorial for beginners #java code review

Houston  Sipes

Houston Sipes

1604088000

How to Find the Stinky Parts of Your Code (Part II)

There are more code smells. Let’s keep changing the aromas. We see several symptoms and situations that make us doubt the quality of our development. Let’s look at some possible solutions.

Most of these smells are just hints of something that might be wrong. They are not rigid rules.

This is part II. Part I can be found here.

Code Smell 06 - Too Clever Programmer

The code is difficult to read, there are tricky with names without semantics. Sometimes using language’s accidental complexity.

_Image Source: NeONBRAND on _Unsplash

Problems

  • Readability
  • Maintainability
  • Code Quality
  • Premature Optimization

Solutions

  1. Refactor the code
  2. Use better names

Examples

  • Optimized loops

Exceptions

  • Optimized code for low-level operations.

Sample Code

Wrong

function primeFactors(n){
	  var f = [],  i = 0, d = 2;  

	  for (i = 0; n >= 2; ) {
	     if(n % d == 0){
	       f[i++]=(d); 
	       n /= d;
	    }
	    else{
	      d++;
	    }     
	  }
	  return f;
	}

Right

function primeFactors(numberToFactor){
	  var factors = [], 
	      divisor = 2,
	      remainder = numberToFactor;

	  while(remainder>=2){
	    if(remainder % divisor === 0){
	       factors.push(divisor); 
	       remainder = remainder/ divisor;
	    }
	    else{
	      divisor++;
	    }     
	  }
	  return factors;
	}

Detection

Automatic detection is possible in some languages. Watch some warnings related to complexity, bad names, post increment variables, etc.

#pixel-face #code-smells #clean-code #stinky-code-parts #refactor-legacy-code #refactoring #stinky-code #common-code-smells

Fannie  Zemlak

Fannie Zemlak

1604048400

Softagram - Making Code Reviews Humane

The story of Softagram is a long one and has many twists. Everything started in a small company long time ago, from the area of static analysis tools development. After many phases, Softagram is focusing on helping developers to get visual feedback on the code change: how is the software design evolving in the pull request under review.

Benefits of code change visualization and dependency checks

While it is trivial to write 20 KLOC apps without help of tooling, usually things start getting complicated when the system grows over 100 KLOC.

The risk of god class anti-pattern, and the risk of mixing up with the responsibilities are increasing exponentially while the software grows larger.

To help with that, software evolution can be tracked safely with explicit dependency change reports provided automatically to each pull request. Blocking bad PR becomes easy, and having visual reports also has a democratizing effect on code review.

Example visualization

Basic building blocks of Softagram

  • Architectural analysis of the code, identifying how delta is impacting to the code base. Language specific analyzers are able to extract the essential internal/external dependency structures from each of the mainstream programming languages.

  • Checking for rule violations or anomalies in the delta, e.g. finding out cyclical dependencies. Graph theory comes to big help when finding out unwanted or weird dependencies.

  • Building visualization for humans. Complex structures such as software is not easy to represent without help of graph visualization. Here comes the vital role of change graph visualization technology developed within the last few years.

#automated-code-review #code-review-automation #code-reviews #devsecops #software-development #code-review #coding #good-company

Vincent Lab

Vincent Lab

1605176074

Let's Talk About Selling Your Code

In this video, I’ll be talking about when do I think code is ready to be sold.

#should you sell your code? #digital products #selling your code #sell your code #should you sell your code #should i sell my code