CSC/ECE 517 Fall 2010/ch4 4h am

From Expertiza_Wiki
Jump to navigation Jump to search

Static Analysis Tools for Ruby

Static analysis tools are used to create an interface between the program, analysis, and the user. These tools perform many different functions through simple commands. The results of the tools are shown in various ways; through graphs, underlines in code, pop-up text boxes, and many other possibilities. A downside to the use of static analysis tools is knowing whether or not the tool knows exactly what the coder intended. For example, a programmer may not care that the current piece of code is used in another section because it may be more important for it to be in two places, yet not important enough to become its own method.

Tools

There are a number of static analysis tools and code metrics tools that programmers use to sift through their code. The ones that appear to be most popular are described below.

Reek

"Reek v1.2.8 is a tool that examines Ruby classes, modules and methods and reports any Code Smells it finds." [1]

Code Smells

"Smells are indicators of where your code might be hard to read, maintain or evolve, rather than things that are specifically wrong. Naturally this means that Reek is looking towards your code’s future." [1] The following items describe the smells that Reek can find

  • Attribute - attr, attr_reader, attr_writer, and attr_accessor raise a warning
  • Class Variable - these variables are used globally and can break many places where the variable is used
  • Control Couple - the most common type of control couple is a conditional statement that determines the path of execution
  • Data Clump - this occurs when a group of items appear in the same fashion in classes, parameter lists, or when instance variables contain similar substrings
  • Duplication - this occurs when code fragments are similar or perform similar tasks
  • Irresponsible Module - these are classes and methods that do not have comments preceding them that describe the purpose
  • Large Class - this is a class with a large number of variables, methods, or lines of code
  • Long Method - a large number of lines of code
  • Long Parameter List - a method with more than two or three parameters
  • Low Cohesion
    • Feature Envy - the use of other class variables or methods more times than its own class items
    • Utility Function - a function that is never called within the class it is defined in, but is called within other classes
  • Nested Iterators - a block of code that includes another block of code
  • Simulated Polymorphism - case statements with different types in each case, comparisons using if statements of the same variable with different types, etc...
  • Uncommunicative Name - names of variables, methods, or classes that don't make sense for what it is being used

Ruby Version Compliance

Reek v1.2.8 requires Ruby versions - 1.9.1, 1.8.7, or 1.8.6

Installing Reek

From the command line or in eclipse, type 

 gem install reek

Running Reek

From the command line or in eclipse, type 

 reek [options] [dir_or_source_file]*


Saikuro

Saikuro version 0.3 is a cyclomatic complexity analyzer,[2] which essentially counts the number of independent paths through the code.[3] The higher the number that is returned the more complex the code. This means complex code "is more prone to error, harder to understand, harder to test, and harder to modify."[3] The output of the program gives you the complexity number for the file that is tested. It will also tell you the number of tokens per line.

Ruby Version Compliance

Saikuro v0.3 does not list the required version; however it has been tested in 1.8.7 and 1.9.2 and it does not work. The v0.3 was released on June 21, 2008, which corresponds to Ruby version 1.8.6 (according to http://rubyforge.org/frs/?group_id=426)

Installing Saikuro

From the command line, type 

 gem install Saikuro

Running Saikuro

From the command line, type 

saikuro -c -p dir/fileName.rb

The results are saved in the current directory.

For more information on running Saikuro, on the command line type 

saikuro -h

Roodi

Roodi, short for Ruby Object Oriented Design Inferometer, version 2.1.0 sifts through the passed code and performs various checks. The checks that are described below are verbatim from the Readme.txt file.[4]

Checks

  • AssignmentInConditionalCheck - Check for an assignment inside a conditional. It‘s probably a mistaken equality comparison.
  • CaseMissingElseCheck - Check that case statements have an else statement so that all cases are covered.
  • ClassLineCountCheck - Check that the number of lines in a class is below the threshold.
  • ClassNameCheck - Check that class names match convention.
  • CyclomaticComplexityBlockCheck - Check that the cyclomatic complexity of all blocks is below the threshold.
  • CyclomaticComplexityMethodCheck - Check that the cyclomatic complexity of all methods is below the threshold.
  • EmptyRescueBodyCheck - Check that there are no empty rescue blocks.
  • ForLoopCheck - Check that for loops aren‘t used (Use Enumerable.each instead)
  • MethodLineCountCheck - Check that the number of lines in a method is below the threshold.
  • MethodNameCheck - Check that method names match convention.
  • ModuleLineCountCheck - Check that the number of lines in a module is below the threshold.
  • ModuleNameCheck - Check that module names match convention.
  • ParameterNumberCheck - Check that the number of parameters on a method is below the threshold.

Ruby Version Compliance

Roodi v2.1.0 is compliant with Ruby v1.9 (Author's Blog)

Installing Roodi

From the command line 

 gem install roodi

Running Roodi

 roodi "rails_app/**/*.rb"

Flog

Flog version 2.5.0 shows you the most complex code you wrote. Flog essentially scores an ABC metric, Assignments, Branches and Calls, with particular attention placed on Calls. The more complex the code, the higher the score. The higher the score the harder it is to test. It is more meaningful if compared to the scores of the other methods in the same class. Larger numbers indicate greater complexity. If one method has a score that is significantly larger than others then it should probably be broken apart into several methods. [5]

Ruby Version Compliance

There is no specific Ruby version mentioned, but Flog v2.5.0 has been installed and tested on a windows 7 machine running Ruby v1.8.7 and v1.9.2.

Installing Flog

From the command line, type 

gem install flog

Running Flog

 flog app/controller/*.rb

Flay

Flay analyzes ruby code for structural similarities. Differences in literal values, names, whitespace and programming style are all ignored. By using Abstract Syntax Tree of ruby source, instead of ruby source code, it is possible to compare the code structurally. Copy/Pasted code can be detected even if literal values are modified. Flay uses ruby_parser to parse ruby code.[5]

Ruby Version Compliance

Flay 1.4.1 is compliant with Ruby v1.8 (according to http://rubydoc.info/gems/flay/1.4.1/frames)

Installing Flay

From the command line 

 gem install flay

Running Flay

Run verbose to see an N-way diff of the code 

flay -v ruby_code/*.rb

Nitpick

Nitpick is intended to be a customizable static checked for Ruby. It currently consists of a script which scans required code using method_added and outputs various warnings. It also provides code level access to the warnings. Many things Nitpick can do, Ruby can warn about with -w option but that requires you to notice at runtime and many apps won't run clearly with -w option. The goal of Nitpick is to be able to inspect the code for what you care about before putting it in production. [6]

Ruby Version Compliance

Nitpick 1.0.1 is compliant with Ruby v1.8

Installing Nitpick

gem install nitpick -v 1.0.1

Running Nitpick

From the command line, type 

 Nitpick ruby_source/*.rb

Rufus

Rufus allows to check Ruby for unwanted/unsafe. The Rufus allows to check some Ruby code before loading it. Rufus is in fact a set of ruby gems derived from route. [7]

  • rufus-decision - provides CSV decision table mechanism in Ruby (Rufus::Decision::Table)
  • rufus-dollor - A one-method library for substituting ${stuff} in text strings.
  • rufus-treechecker - For checking untrusted code before an eval. The treechecker uses ruby_parser to turn ruby code into s-expressions, the treechecker then checks this sexp tree and raises a Rufus::SecurityError if an excluded pattern is spotted. The excluded patterns are defined at the initialization of the TreeChecker instance by listing rules
  • rufus-lru - LruHash class, a Hash with max size, controlled by a LRU mechanism
  • rufus-lua - Lua embedded in Ruby, via Ruby FFI. (about Lua, Lua is a powerful, fast, lightweight, embeddable scripting language. Lua combines simple procedural syntax with powerful data description constructs based on associative arrays and extensible semantics. Lua is dynamically typed, runs by interpreting bytecode for a register-based virtual machine, and has automatic memory management with incremental garbage collection, making it ideal for configuration, scripting, and rapid prototyping. according to http://www.lua.org/about.html)
  • rufus-mnemo - This gem provides methods for turning integer into easier to remember words and vice-versa.
  • rufus-rtm - A Remember the Milk gem
  • ruby-scheduler - rufus-scheduler is a Ruby gem for scheduling pieces of code or jobs. it understands running a job AT a certain time,

IN a certain time, EVERY x time or simply via a CORN statement

  • rufus-sixjo - A 'Rack application' for RESTfully serving stuff.
  • rufus-verbs - It is an extended HTTP client library (gem). It provides the four main HTTP "verbs" as Ruby methods : get, put, post and delete.It wraps a certain number of techniques that make it a decent tool for manipulating web resources.

Ruby Version Compliance

  • rufus-decsion 1.3.2 is compliant with Ruby v1.8
  • rufus-dollor 1.0.2 is compliant with Ruby v1.8
  • rufus-treechecker 1.0.3 is compliant with Ruby v1.8
  • rufus-lru 1.0.3 is compliant with Ruby v1.8
  • rufus-lua 1.1.0 is compliant with Ruby v1.8.7
  • rufus-mnemo 1.0.0 is compliant with Ruby v1.8
  • rufus-rtm 0.1.3 is compliant with Ruby v1.8
  • rufus-scheduler 2.0.6 is compliant with Ruby v1.8
  • rufus-sixjo 0.1.5 is compatible with Rack 0.9.0
  • rufus-verbs 0.10 is compatible with Ruby v1.8

Installing Rufus Gems

 gem install rufus-decision
 gem install rufus-dollor
 gem install -y rufus-treechecker 
 gem install rufus-lru 
 gem install rufus-lua
 gem install rufus-mnemo 
 gem install rufus-rtm 
 gem install rufus-scheduler --source http://gemcutter.org 
 gem install -y rufus-sixjo 
 gem install gem install rufus-verbs


Metric_fu

Metric_fu version 1.5.1 combines many already created static code analysis tools in one package. "It uses Saikuro, Flog, Flay, Rcov, Reek, Roodi, Churn, RailsBestPractices, Subversion, Git, and Rails built-in stats task to create a series of reports."[8]

A benefit of having a comprehensive tool like Metric_fu is being able to run many different tools from one command.

Ruby Version Compliance

Metric_fu v1.5.1 requires Ruby v1.9.1 and v1.8.7

Installing Metric_fu on Windows

To install metric_fu on windows, you have to install development kit (DevKit). DevKit is a toolkit that makes it easy to build and use native C/C++ extensions such as RDiscount and RedCloth for Ruby on windows. First download the latest DevKit from http://github.com/oneclick/rubyinstaller/wiki/Development-Kit and run the self extractable file and then go to the extracted folder and run msys.bat file (this forks command prompt). To install the metric_fu gem run the following commands. 

 gem sources -a http://gems.github.com
 gem install metric_fu

Unfortunately the Rcov metrics won't be produced even with this fix.

Installing Metric_fu on Unix

 sudo gem install metric_fu

Running Metric_fu

The gem installs rake tasks that can be used to run it. One such task is 

 rake metrics:all


References

1. a, b Rutherford, K. (2010, April 26). Reek Wiki. Retrieved October 15, 2010, from Github: http://github.com/kevinrutherford/reek/wiki

2. Blut, Z. (n.d.). Saikuro:A Cyclomatic Complexity Analyzer. Retrieved October 15, 2010, from Rubyforge: http://saikuro.rubyforge.org

3. a, b Watson, A. H., & McCabe, T. J. (1996). Structured Testing: A Testing Methodology Using the Cyclomatic Complexity Metric. National Institute of Standards and Technology, Computer Systems Laboratory. Gaithersburg: National Institute of Standards and Technology.

4. Andrews, M. (n.d.). Roodi. Retrieved October 15, 2010, from Rubyforge: http://roodi.rubyforge.org

5. a, b Davis, Ryan. (n.d.). Retrieved October 15, 2010, from Confessions of a Ruby Sadist: http://ruby.sadi.st

6. Clark, K. (n.d.). Nitpick Wiki. Retrieved October 15, 2010, from Github: http://github.com/kevinclark/nitpick/wiki

7. Mettraux, J. (n.d.). Rufus: a bunch of ruby gems. Retrieved October 18, 2010, from Rubyforge: http://rufus.rubyforge.org/

8. Skruggs, J. (n.d.). Metric_fu. Retrieved October 15, 2010, from Rubyforge: http://metric-fu.rubyforge.org/

Additional Resources

Retrieved from "https://wiki.expertiza.ncsu.edu/index.php?title=CSC/ECE_517_Fall_2010/ch4_4h_am&oldid=39052"