CSC/ECE 517 Fall 2010/ch4 4h am
Static Analysis Tools for Ruby
Static analysis tools are used to create an interface between the program, analysis, and the user. These tools perform many different functions through simple commands. The results of the tools are shown in various ways; through graphs, underlines in code, pop-up text boxes, and many other possibilities. A downside to the use of static analysis tools is knowing whether or not the tool knows exactly what the coder intended. For example, a programmer may not care that the current piece of code is used in another section because it may be more important for it to be in two places, yet not important enough to become its own method.
Tools
There are a number of static analysis tools and code metrics tools that programmers use to sift through their code. The ones that appear to be most popular are described below.
Reek
"Reek v1.2.8 is a tool that examines Ruby classes, modules and methods and reports any Code Smells it finds." [1]
Code Smells
"Smells are indicators of where your code might be hard to read, maintain or evolve, rather than things that are specifically wrong. Naturally this means that Reek is looking towards your code’s future." [1] The following items describe the smells that Reek can find
- Attribute - attr, attr_reader, attr_writer, and attr_accessor raise a warning
- Class Variable - these variables are used globally and can break many places where the variable is used
- Control Couple - the most common type of control couple is a conditional statement that determines the path of execution
- Data Clump - this occurs when a group of items appear in the same fashion in classes, parameter lists, or when instance variables contain similar substrings
- Duplication - this occurs when code fragments are similar or perform similar tasks
- Irresponsible Module - these are classes and methods that do not have comments preceding them that describe the purpose
- Large Class - this is a class with a large number of variables, methods, or lines of code
- Long Method - a large number of lines of code
- Long Parameter List - a method with more than two or three parameters
- Low Cohesion
- Feature Envy - the use of other class variables or methods more times than its own class items
- Utility Function - a function that is never called within the class it is defined in, but is called within other classes
- Nested Iterators - a block of code that includes another block of code
- Simulated Polymorphism - case statements with different types in each case, comparisons using if statements of the same variable with different types, etc...
- Uncommunicative Name - names of variables, methods, or classes that don't make sense for what it is being used
Ruby Version Compliance
Reek v1.2.8 requires Ruby versions - 1.9.1, 1.8.7, or 1.8.6
Installing Reek
From the command line or in eclipse, type
gem install reek
Running Reek
From the command line or in eclipse, type
reek [options] [dir_or_source_file]*
Saikuro
Saikuro version 0.3 is a cyclomatic complexity analyzer,[2] which essentially counts the number of independent paths through the code.[3] The higher the number that is returned the more complex the code. This means complex code "is more prone to error, harder to understand, harder to test, and harder to modify."[3] The output of the program gives you the complexity number for the file that is tested. It will also tell you the number of tokens per line.
Ruby Version Compliance
Saikuro v0.3 does not list the required version; however it has been tested in 1.8.7 and 1.9.2 and it does not work. The v0.3 was released on June 21, 2008, which corresponds to Ruby version 1.8.6 (according to http://rubyforge.org/frs/?group_id=426)
Installing Saikuro
From the command line, type
gem install Saikuro
Running Saikuro
From the command line, type
saikuro -c -p dir/fileName.rb
The results are saved in the current directory.
For more information on running Saikuro, on the command line type
saikuro -h
Roodi
Roodi, short for Ruby Object Oriented Design Inferometer, version 2.1.0 sifts through the passed code and performs various checks. The checks that are described below are verbatim from the Readme.txt file.[4]
Checks
- AssignmentInConditionalCheck - Check for an assignment inside a conditional. It‘s probably a mistaken equality comparison.
- CaseMissingElseCheck - Check that case statements have an else statement so that all cases are covered.
- ClassLineCountCheck - Check that the number of lines in a class is below the threshold.
- ClassNameCheck - Check that class names match convention.
- CyclomaticComplexityBlockCheck - Check that the cyclomatic complexity of all blocks is below the threshold.
- CyclomaticComplexityMethodCheck - Check that the cyclomatic complexity of all methods is below the threshold.
- EmptyRescueBodyCheck - Check that there are no empty rescue blocks.
- ForLoopCheck - Check that for loops aren‘t used (Use Enumerable.each instead)
- MethodLineCountCheck - Check that the number of lines in a method is below the threshold.
- MethodNameCheck - Check that method names match convention.
- ModuleLineCountCheck - Check that the number of lines in a module is below the threshold.
- ModuleNameCheck - Check that module names match convention.
- ParameterNumberCheck - Check that the number of parameters on a method is below the threshold.
Ruby Version Compliance
Roodi v2.1.0 is compliant with Ruby v1.9 (Author's Blog)
Installing Roodi
From the command line
gem install roodi
Running Roodi
roodi "rails_app/**/*.rb"
Flog
Here is what Flog can do
Ruby Version Compliance
Installing Saikuro
Running Saikuro
Flay
Flay analyzes ruby code for structural similarities. Differences in literal values, names, whitespace and programming style are all ignored. By using Abstract Syntax Tree of ruby source, instead of ruby source code, it is possible to compare the code structurally. Copy/Pasted code can be detected even if literal values are modified. Flay uses ruby_parser to parse ruby code.
Ruby Version Compliance
Flay 1.4.1 is compliant with Ruby v1.8 (according to http://rubydoc.info/gems/flay/1.4.1/frames)
Installing Flay
From the command line
gem install flay
Running Flay
Run verbose to see an N-way diff of the code
flay -v ruby_code/*.rb
Nitpick
Nitpick is intended to be a customizable static checked for Ruby. It currently consists of a script which scans required code using method_added and outputs various warnings. It also provides code level access to the warnings. Many things Nitpick can do, Ruby can warn about with -w option but that requires you to notice at runtime and many apps won't run clearly with -w option. The goal of Nitpick is to be able to inspect the code for what you care about before putting it in production.
Ruby Version Compliance
Nitpick 1.0.1 is compliant with Ruby v1.8
Installing Nitpick
gem install nitpick -v 1.0.1
Running Nitpick
From the command line, type
Nitpick ruby_source/*.rb
Rufus
Rufus allows to check Ruby for unwanted/unsafe. The Rufus allows to check some Ruby code before loading it. Rufus is in fact a set of ruby gems derived from route.
- rufus-decision - provides CSV decision table mechanism in Ruby (Rufus::Decision::Table)
- rufus-dollor - A one-method library for substituting ${stuff} in text strings.
- rufus-treechecker - The treechecker uses ruby_parser to turn ruby code into s-expressions, the treechecker then checks this sexp tree and raises a Rufus::SecurityError if an excluded pattern is spotted. The excluded patterns are defined at the initialization of the TreeChecker instance by listing rules
Ruby Version Compliance
rufus-decsion 1.3.2 is compliant with Ruby v1.8 rufus-dollor 1.0.2 is compliant with Ruby v1.8 rufus-treechecker 1.0.3 is compliant with Ruby v1.8
Installing Rufus-Decision
gem install rufus-decision
gem install rufus-dollor
Running Saikuro
Metric_fu
Metric_fu version 1.5.1 combines many already created static code analysis tools in one package. "It uses Saikuro, Flog, Flay, Rcov, Reek, Roodi, Churn, RailsBestPractices, Subversion, Git, and Rails built-in stats task to create a series of reports."[10]
A benefit of having a comprehensive tool like Metric_fu is being able to run many different tools from one command.
Ruby Version Compliance
Metric_fu v1.5.1 requires Ruby v1.9.1 and v1.8.7
Installing Metric_fu
From the command line
gem install metric_fu
Running Metric_fu
Conclusion
Here it is
References
1. a, b Rutherford, K. (2010, April 26). Reek Wiki. Retrieved October 15, 2010, from Github: http://github.com/kevinrutherford/reek/wiki
2. Blut, Z. (n.d.). Saikuro:A Cyclomatic Complexity Analyzer. Retrieved October 15, 2010, from Rubyforge: http://saikuro.rubyforge.org
3. a, b Watson, A. H., & McCabe, T. J. (1996). Structured Testing: A Testing Methodology Using the Cyclomatic Complexity Metric. National Institute of Standards and Technology, Computer Systems Laboratory. Gaithersburg: National Institute of Standards and Technology.
4. Andrews, M. (n.d.). Roodi. Retrieved October 15, 2010, from Rubyforge: http://roodi.rubyforge.org
4. Ruby Sadists. (n.d.). Retrieved October 15, 2010, from Confessions of a Ruby Sadist: http://ruby.sadi.st
5. Clark, K. (n.d.). Nitpick Wiki. Retrieved October 15, 2010, from Github: http://github.com/kevinclark/nitpick/wiki
6. Schuster, W. (2008, November 07). Static Analysis Tools Roundup: Roodi, Rufus, Reek, Flay. Retrieved October 15, 2010, from InfoQ: http://www.infoq.com/news/2008/11/static-analysis-tool-roundup
7. Sidorov, D. (2009, June 29). Static Analysis for Ruby/Python. Retrieved October 13, 2010, from Klockwork: http://www.klocwork.com/blog/2009/06/static-analysis-for-rubypython/
8. Skruggs, J. (n.d.). Metric_fu. Retrieved October 15, 2010, from Rubyforge: http://metric-fu.rubyforge.org/