Shorticle 1001 – Structural code analysis for better software quality

For a programmer or Architect, static code analysis is not a new topic and they would have encountered it in their day’s job. Static code analysis is the methodology of scanning through the code with best practices and see if there is any gap in the code to improve the overall quality as compared to best practice recommendations. It could be optimizing code, avoiding duplicates, improving readability of code to name a few.

Static code analysis is the most popular quality engineering activity most of the Agile lifecycle follows in software development to automate the review process integrated with CI/CD pipeline. It means, as soon as you check-in a code change or as soon as you trigger a build in CI/CD pipeline after a code change, it builds the code, runs static code analysis and then deploy it to staging server. This automated review is based on rule definitions on defining the priority and severity of the rules which we want to enforce in an organization.

On the other side, new age programmers totally miss to think about structural code analysis. If you are programming for more than a decade or more, then you ?would be aware of this topic ‘structural code analysis’. Now-a-days, no one is aware of this topic or totally misunderstood that static code analysis takes care of this all the time.

Static code analysis tools like PMD, checkstyle, Findbugs, Sonarqube, Veracode and CheckMarx are popular in the market but they don’t take care of structural analysis completely. Structural code analysis is deeper to the flow of operations to check how the code behaves in worst case execution and when code breaks in the flow of operation. Earlier IBM used to have Structural Analysis for Java (SA4J) tool for this and it is discarded later.

Structural analysis includes the following (but not limited to) to handle code flow and operational execution

·????????Cyclomatic complexity (CC) to assess how your code is tangled (A method refers B which refers C and finally it gets referred to A which causes too complex call in the stack memory). Too much tangling (or cyclic reference) is poor coding practice.

·?????????Functional coverage, Call coverage and statement coverage to understand how the code flow really happens and inject test values on how it behaves if the code breaks.

·????????Instrumenting the code (to spy the flow of operation) and identify if the code misbehaves during failure (eg: Null value, array index out or range, object initialization failure).

·????????Test the code behaviour during modified decision or conditional change ?in the flow of call.

·????????Linear code sequence and jump calls in the code flow to understand the behaviour of code and its memory usage (if there is memory access failure or slowness due to tangled reference).

In summary, structural analysis helps you to think beyond best practice (static analysis) and think from architecture, environment and failure scenario testing point of view to strengthen the code and hence it is very important that we should not miss this engineering activity. Though modern programming constructs like Python or Scala may not be seeing this as relevant but we should think in improving quality of code deliverable through both static and structural analysis.?

#magtechbytes #wipro #shorticle #shorticleea #shorticlejava