![@Pattern
class PatternExample {
@Pattern("[a-zA-Z]+")
String getName() {
return "my name";
}
}
www.jetbrains.com/idea 23](https://image.slidesharecdn.com/staticanalysisinidea-120320053637-phpapp01/85/Static-Analysis-in-IDEA-23-320.jpg)
Static Analysis in IDEA
- 1. IntelliJ IDEA Static Code Analysis Hamlet D'Arcy Canoo Engineering AG @HamletDRC http://hamletdarcy.blogspot.com
- 2. Static Code Analysis Code Inspections JSR 305 and 308 Annotations Duplicate Detection Stack Trace Analysis Dataflow Analysis Dependency Analysis www.jetbrains.com/idea 2
- 4. Static Code Analysis Code Inspections JSR 305 and 308 Annotations Duplicate Detection Stack Trace Analysis Dataflow Analysis Dependency Analysis www.jetbrains.com/idea 4
- 5. class _01Example { private static long count = 0L; public synchronized void increment() { count++; } } www.jetbrains.com/idea 5
- 6. class _02Example { private boolean active = false; public boolean isActive() { return active; } public synchronized void activate() { active = true; } } www.jetbrains.com/idea 6
- 7. class _03Example { private final ReentrantLock lock = new ReentrantLock(); private boolean active = false; public boolean isActive() throws Exception { lock.lock(); boolean result = active; lock.unlock(); return result; } public void activate() { lock.lock(); active = true; lock.unlock(); } } www.jetbrains.com/idea 7
- 8. class _04Example { private static final boolean DEFAULT = true; void myMethod(Boolean value) { if (value == null) System.out.println("value: null"); value = DEFAULT; System.out.println("received: " + value); } } www.jetbrains.com/idea 8
- 9. class _05Example { Frame makeFrame(int height, int width) { Frame frame = new Frame(); frame.setSize(height, width); return frame; } Rectangle makeRectangle() { int x = 0; int y = 0; return new Rectangle(y, x, 20, 20); } } www.jetbrains.com/idea 9
- 10. class _06Example { { try { doSomething(); } catch (UnsupportedOperationException e) { handleError(e); } catch (IllegalStateException e) { handleError(e); } catch (IllegalArgumentException e) { handleError(e); } } ... } www.jetbrains.com/idea 10
- 11. class _07Example { private def Object lock = new Object() def method() { synchronized(lock) { // do something } } } www.jetbrains.com/idea 11
- 12. class _08Example { var property: String = null def getProperty() { println(property) } } www.jetbrains.com/idea 12
- 13. Correctness Multi-threaded correctness Malicious code vulnerability Bad practice Internationalization Performance Code style violations Dodgy * Bill Pugh, FindBugs www.jetbrains.com/idea 13
- 14. … and more Suppress False Positives Define profiles and scopes Run on demand Run from command line Team City integration FindBugs, PMD & CheckStyle plugins Language and framework support... www.jetbrains.com/idea 14
- 15. Supported Frameworks Android JSF Ant JSP Application Server Junit Inspections LESS CDI(Contexts and Maven Dependency OSGi Injection) RELAX NG CSS SCSS Faces Model Spring Model FreeMarker www.jetbrains.com/idea 15
- 16. Write Your Own IntelliJ IDEA Static Analysis: Custom Rules with Structural Search & Replace On http://JetBrains.tv www.jetbrains.com/idea 16
- 17. 10 Best Unknown Inspections Illegal package dependencies return of collection or array 'this' reference escapes field constructor call to 'Thread.run()' Field accessed in both expression.equals("literal") synched & unsynched rather than contexts "literal".equals(expression) non private field accessed in equals method does not check synched context class of parameter Synchronization on 'this' and method may be static 'synchronized' method http://hamletdarcy.blogspot.com/2008/04/10-best-idea-inspections-youre-not.html www.jetbrains.com/idea 17
- 18. How it Works Searches AST for Bug Patterns www.jetbrains.com/idea 18
- 19. How it Works @Override public void visitMethod(@NotNull final PsiMethod method) { super.visitMethod(method); if (method.hasModifierProperty(PsiModifier.ABSTRACT)) { return; } if (!RecursionUtils.methodMayRecurse(method)) { return; } if (!RecursionUtils.methodDefinitelyRecurses(method)) { return; } super.registerMethodError(method); } www.jetbrains.com/idea 19
- 20. Static Code Analysis Code Inspections JSR 305 and 308 Annotations Duplicate Detection Stack Trace Analysis Dataflow Analysis Dependency Analysis www.jetbrains.com/idea 20
- 21. @Immutable and @GuardedBy @Immutable public class GuardedByExample { private final Object lock = new Object(); @GuardedBy("lock") private final List<Object> myList = new ArrayList<Object>(); public Object getElement(int index) { synchronized (lock) { return myList.get(index); } } public void addElement(Object e) { synchronized (lock) { myList.add(e); } } } www.jetbrains.com/idea 21
- 22. @Nullable and @NotNull public class NullableExample { @Nullable Integer getId() { return 1; } @NotNull String getName() { return "name"; } @Override public String toString() { if (getName() == null) { return getId().toString() + "<unknown>"; } else { return getId().toString() + getName(); } } } www.jetbrains.com/idea 22
- 23. @Pattern class PatternExample { @Pattern("[a-zA-Z]+") String getName() { return "my name"; } } www.jetbrains.com/idea 23
- 24. @Language public class LanguageExample { @Language("Groovy") String getScript() { return "5.times { i -> println "Hello $i" } "; } String getMarkup() { @Language("XML") String markup = "<root><body>Some Text</body></root>"; return markup; } } www.jetbrains.com/idea 24
- 25. @Nls, @NonNls, @PropertyKey Resource bundle & i18n integration Extracting hard-coded String literals: http://goo.gl/VZDln Documentation: http://goo.gl/NWzsv www.jetbrains.com/idea 25
- 26. Static Code Analysis Code Inspections JSR 305 and 308 Annotations Duplicate Detection Stack Trace Analysis Dataflow Analysis Dependency Analysis www.jetbrains.com/idea 26
- 29. Duplicate Detection Anonymizes Local Variables, Fields, Methods, Types, and Literals Provides weighted/scored analysis Supports several languages More info: http://goo.gl/qmhhd www.jetbrains.com/idea 29
- 30. Static Code Analysis Code Inspections JSR 305 and 308 Annotations Duplicate Detection Stack Trace Analysis Dataflow Analysis Dependency Analysis www.jetbrains.com/idea 30
- 33. Analyze Stacktrace Copy and paste log files into IDEA ZKM Unscramble support (& others) More Info: http://goo.gl/A8i87 www.jetbrains.com/idea 33
- 34. Static Code Analysis Code Inspections JSR 305 and 308 Annotations Duplicate Detection Stack Trace Analysis Dataflow Analysis Dependency Analysis www.jetbrains.com/idea 34
- 37. Dataflow Analysis Code archeology to here – how a reference gets set from here – where a reference goes to More info: http://goo.gl/Cp92Q www.jetbrains.com/idea 37
- 38. Static Code Analysis Code Inspections JSR 305 and 308 Annotations Duplicate Detection Stack Trace Analysis Dataflow Analysis Dependency Analysis www.jetbrains.com/idea 38
- 41. UML Generation Dynamically generates diagram Standard Show/Hide options Integrated with Refactorings Dependency Analysis Shows all classes your code depends on Shows specific usages in your classes Allows jump to source www.jetbrains.com/idea 41
- 42. Dependency Structure Matrix Analyzes structure of complex projects Shows module, package, class dependencies Shows cyclic & backwards dependencies Helps eliminate illegal dependencies www.jetbrains.com/idea 42
- 43. Classes on top depend-on classes below www.jetbrains.com/idea 43
- 44. * le click * CalculatorFacade uses: – Conversions, OperationsFactory & BinaryOperation www.jetbrains.com/idea 44
- 45. CalculatorFacade is used by – CalculatorServlet & FPCalculatorServlet www.jetbrains.com/idea 45
- 46. * le click * BinaryOperation is used 4 times by Facade – Darker color == more dependencies Green shows who BinaryOperation is “used by” Yellow shows who BinaryOperation “uses” www.jetbrains.com/idea 46
- 47. Cyclic Dependencies can be highlighted Modules can be collapsed/expanded www.jetbrains.com/idea 47
- 48. Dependency Structure Matrix Demos on JetBrains site & booth Feature Overview: http://goo.gl/0bcz3 JetBrains Blog Post: http://goo.gl/fdj26 Canoo Blog Post: http://goo.gl/M1hTY www.jetbrains.com/idea 48
- 49. Static Code Analysis Code Inspections JSR 305 and 308 Annotations Duplicate Detection Stack Trace Analysis Dataflow Analysis Dependency Analysis www.jetbrains.com/idea 49
- 50. Software Lifecycle Code Inspections JSR 305 and 308 Annotations Duplicate Detection Stack Trace Analysis Dataflow Analysis Dependency Analysis www.jetbrains.com/idea 50
- 51. Software Lifecycle Code Inspections every second JSR 305 and 308 Annotations every second Duplicate Detection Stack Trace Analysis Dataflow Analysis Dependency Analysis www.jetbrains.com/idea 51
- 52. Software Lifecycle Code Inspections every debug JSR 305 and 308 Annotations every debug Duplicate Detection Stack Trace Analysis Dataflow Analysis every debug Dependency Analysis www.jetbrains.com/idea 52
- 53. Software Lifecycle Code Inspections every build JSR 305 and 308 Annotations Duplicate Detection Stack Trace Analysis Dataflow Analysis Dependency Analysis www.jetbrains.com/idea 53
- 54. Software Lifecycle Code Inspections JSR 305 and 308 Annotations Duplicate Detection every day Stack Trace Analysis Dataflow Analysis Dependency Analysis www.jetbrains.com/idea 54
- 55. Software Lifecycle Code Inspections JSR 305 and 308 Annotations Duplicate Detection Stack Trace Analysis Dataflow Analysis Dependency Analysis every release www.jetbrains.com/idea 55
- 56. Learn More – Q & A My JetBrains.tv Screencasts: http://tv.jetbrains.net/tags/hamlet My IDEA blog: http://hamletdarcy.blogspot.com/search/label/IDEA Work's IDEA blog: http://www.canoo.com/blog/tag/idea/ Main blog: http://hamletdarcy.blogspot.com YouTube channel: http://www.youtube.com/user/HamletDRC Twitter: http://twitter.com/hamletdrc IDEA RefCard from DZone: http://goo.gl/Fg4Af IDEA Keyboard Stickers: JetBrains Booth Share-a-Canooie – http://people.canoo.com/share/ Hackergarten – http://www.hackergarten.net/ www.jetbrains.com/idea 56
Editor's Notes
- #4: About Me http://www.manning.com/koenig2/ http://hamletdarcy.blogspot.com Twitter: @HamletDRC Groovy, CodeNarc, JConch Committer GPars, Griffon, Gradle, etc. Contributor GroovyMag, NFJS magazine author JetBrains Academy Member
- #6: Static access on instance lock
- #7: Field accessed in sync and non-sync context
- #8: lock acquired & not properly unlocked
- #9: Suspicious Indentation of Control Statement
- #10: Suspicious Variable/Parameter Name
- #11: Suspicious Variable/Parameter Name
- #12: Suspicious Variable/Parameter Name
- #13: Suspicious Variable/Parameter Name
- #15: - Command line & CI integration - command line: need a valid .idea / .ipr file - http://www.jetbrains.com/idea/webhelp/running-inspections-offline.html - inspect.bat or inspect.sh in idea/bin - CI Integration: TeamCity has inspections built in
- #16: - Mention WebStorm for other inspections
- #22: - @GuardedBy and @Immutable - GuardedByExample.java - Add jcp classes to classpath - non final GuardedBy field, not guarded correctly - non final field in @Immutable class
- #23: - http://www.jetbrains.com/idea/documentation/howto.html - Add annotations to classpath - Can be associated with other annotations (like Hibernate's) - Infer Nullity - http://www.jetbrains.com/idea/webhelp/inferring-nullity.html - http://blogs.jetbrains.com/idea/2011/03/more-flexible-and-configurable-nullublenotnull-annotations/
- #24: - Enforces String against a regex
- #25: - @Language - LanguageExample.java - Syntax checks language snippets - http://www.jetbrains.com/idea/webhelp/using-language-injections.html
- #38: - http://www.jetbrains.com/idea/webhelp/dataflow-analysis.html - code archeology - better understand the inherited project code, interpret complicated parts of the code, find bottlenecks in the source, and more. - Dataflow to here - Shows how a reference gets set. ie Divide by zero example - Dataflow from here - Shows where a reference goes to. ie new Divide() example