Faculty of Information Technology, University of Moratuwa

IN2200 - Software Engineering Methods

Batch 13
Level 2 Semester 1

Lab Session 03

Google CodePro Analytix

CodeProAnalytix is the premier Java software testing tool for Eclipse developers who are
concerned about improving software quality and reducing developments costs and schedules.
The Java software audit features of the tool make it an indispensable assistant to the developer in
reducing errors as the code is being developed and keeping coding practices in line with
organizational guidelines. The ability to make corrections to the code immediately can
dramatically reduce developments costs and improve the speed of finished product delivery. Join
the ranks of top software industry leaders and the Fortune 500 who have standardized around
CodeProAnalytix as the most cost effective fully featured tool in the industry. It can be
employed the comprehensive automated software code quality and security analysis toolkit
CodeProAnalytiX to automatically improve software quality, reliability, and maintainability in
developer applications.

Installing CodeProAnalytiX
CodeProAnalytiX includes functionality previously provided by EclipsePro Audit and
EclipsePro Test.
These instructions assume that you have already installed some flavor of Eclipse. If you have
not, Eclipse can be downloaded from http://www.eclipse.org/downloads/.

Update sites

If you are already familiar with installing Eclipse plugins, you can just use the update site URL
below for your version of Eclipse.

Eclipse 3.7 (Indigo)

http://dl.google.com/eclipse/inst/codepro/latest/3.7

Eclipse 3.6 (Helios)

http://dl.google.com/eclipse/inst/codepro/latest/3.6

Eclipse 3.5 (Galileo)

http://dl.google.com/eclipse/inst/codepro/latest/3.5

Eclipse 3.4 (Ganymede)

http://dl.google.com/eclipse/inst/codepro/latest/3.4

CodePro Update Site Installation into Eclipse

Installing software by adding a new update site location

Follow these steps if the product has not been previously installed in this instance of
Eclipse/IDE.
1. In Eclipse, click Help Install New Software...
2. Get the update site location from the product download page. On the download page,
right-click on the Update Site URL button and copy the link location to your clipboard.
Click on the product you wish to install to go to the download page:
3. In the Available Software dialog, enter the product's update site location and select all
the items to install. Click Next to continue.
4. Click Next to confirm installation.
5. Read and accept the license agreement. To continue installing, select "I accept the terms
of the license agreement" and click Finish.
6. When prompted to restart Eclipse, click Yes to restart.
Updating already installed software
Updates can be installed using the above instructions by simply selecting the update site URL
from the drop down list. Another way to update is to check for updates as follows:
1. In Eclipse, click Help Check for Updates...
2. If updates are available, a dialog comes up asking for confirmation. Click Next then
Finish to continue.
3. When prompted to restart Eclipse, click Yes to restart.
2

Getting Started
Once CodePro Analytix is installed, you can create the CodePro Evaluation Project. Go to File
Import and select CodePro CodePro Evaluation Project. Once the project is imported,
the directory structure exists in the Package Explorer.

Features
Code Analysis
o Code Audit
The CodePro AnalytiX code audit feature checks your code against the built-in audit rules and
determines areas where the code doesnt comply with those rules. The audit rules can be enabled
or disabled and can be configured to work the way you want them to. The information about
which rules are enabled and how they are configured is captured by an audit rule set. When noncompliant code is found, a violation is generated and the violations are gathered up into an audit
result set.
CodePro AnalytiX includes over 1200 built-in audit rules, over 150 of which are targeted at
finding Java security issues like SQL Injection and cross-site scripting, with more being added
with every release.
CodePro allows for the exclusion of legacy code via date-based filtering. This filtering can be
applied at the level or a single file, or at the level of the individual lines of code.

Manual Audit
This allows you to select the portion of your code base to be audited and perform an audit using
the default audit rule set. The violations that are found are displayed in the Audit view. In the
Audit view, violations can be grouped by the rule that was violated, the rules category, the
rules severity, the file containing the violating code, or even the author of the file containing the
violation. In addition, CodePro AnalytiX displays over 400 Quick Fix hints providing detailed
explanations on how to fix the violation.
3

Steps
In the Package Explorer view, right-click on the CodePro AnalytiX Evaluation project.
On the context-menu, mouse over CodePro Tools to expand the sub-menu and then select
Audit Code. This produces an audit violation result set, which is then displayed in the
Audit view.

Using Different Rule Sets

CodePro AnalytiX allows you to use different audit rule sets for different purposes. You can also
use multiple audit rule sets at the same time.
Steps
In the Package Explorer view, right-click on the CodePro AnalytiX Evaluation project.
Go to CodePro Tools and select Audit Code Using
In the Choose Audit Rule Sets dialog select Potential Errors and Refactorings. The Audit
view is updated with the new audit results. It is shown that the code has been audited using
the most appropriate audit rules.

Choosing and Importing Rule Sets

This allows you to import an audit rule set and make it be the default audit rule set. This is useful
to allow you to share audit rule sets from other people, such as an audit rule set representing your
development groups coding standards.
Steps
Go to the CodePro menu and select Preferences Audit. From the Rule Sets tab, you can
select any rule set and Import it.
Browse to the CodePro AnalytiX Evaluation folder in your workspace, select the Project
tab and select EvalGuideRules.pref then click OK.
Notice that the Eval Guide Rules rule set is now listed and marked as default with an asterisk.
Click the OK.
Right-click on the CodePro Evaluation project and go to CodePro Tools Audit Code to
audit the code using the new rule set.

Dynamic Audit
The CodePro AnalytiX code audit function can be set to run dynamically, in which case the tool
will audit the code in all of the currently open files, updating the analysis every time you open,
close or save a file. Auditing files while they are open in an editor will help you catch potential
problems even sooner, decreasing the cost of fixing those problems.
Steps

Go to the CodePro menu Preferences Audit.

Enable dynamic code auditing by clicking on the Dynamic tab and checking the box for
Dynamically audit code. Use the audit rule set as CodePro Default.
In the Package Explorer, expand the CodePro AnalytiX Evaluation project and open/close
editor views of different classes from within the project. Watch the Audit view as the audit
violations appear and disappear (increase/decrease in count).

Custom Rule Set Generation

CodePro AnalytiX provides the functionality to define your own audit rule set and export it so
that it can be shared with other developers. This is useful, for example, if you are responsible for
creating and distributing an audit rule set representing your development groups coding
standards.
Steps
Go to CodePro menu Preferences Audit.
Click on Rule Sets tab New.
Type a name for your rule set (such as Test Rule Set) and click Finish.
To begin editing your new rule set, click on the Rules tab and verify that your new rule set is
selected in the Audit Rule Set pulldown menu.
Begin adding rules to your new rule set by expanding the Coding Style rule group in the tree
and selecting the first rule (Accessor Usage in Defining Class). Change the severity of this
violation to Low on the Parameters tab as shown in the following figure.

 Click the missing block rule and change the severity to High on the Parameters tab. Deselect Ignore single statements on same line as shown in the following figure.
Update the notes for this rule by clicking on the Notes tab and adding a comment.
Click Apply.
Set this new rule set as your default by selecting the Rule Sets tab and clicking the Set
Default button (note that the selected rule set now has an asterisk next to it indicating it is the
default rule set). Click the Apply button to make this change take effect.
Export this rule set by clicking the Export button. In the Export Audit Rule Sets dialog
make sure the new rule set is marked for export. Choose a location for the exported rule set
by clicking the Browse button. Check the boxes for Export as locked and Export as default
and then click OK.

 Run an audit of the CodePro AnalytiX Evaluation project using the default rule set. Note in
the Audit view that the Missing Block violations are now marked with a red (high) priority
flag.

Using Audit Reports

The Generate Report item will allow you to save the currently visible results to an HTML
report. Reports can be sorted in a number of manners, including by rule, or category, or severity,
or resource, or author. In addition, it is possible to generate e-mail and send individual reports to
selected users or managers.
The CodePro AnalytiX report feature is a valuable tool in tracking the problems CodePro located
in your code and in providing information that can be used for analysis and troubleshooting.
9

 Metrics
Computing Metrics
Metrics are another means of understanding the quality of a code base.
Steps
In the Package Explorer view, right-click on the CodePro AnalytiX Evaluation project
and select CodePro Tools Compute Metrics. This will open a Metrics view which will
show the computed metrics.

In the Metrics view, you can see the project level computed metrics and those metrics that
exceeded the default threshold are highlighted with red text. Selecting individual metrics will
update the right-hand frame with additional details or graphs of the selected metric.

10

 In the left-hand frame, expand the Average Number of Methods Per Type and select the
package com.instantiations.example.money, right-click on the package and select Go Into.
This recalculates the top-level metrics from this specific package level. In the following
figures, note that the left-hand frame updates to reflect these new metrics.

11

Choosing and Creating Metric Sets

In Google CodePro Analytix, a new metric set can be created and it can be assigned as the
default metric set. Developers use the CodePro AnalytiX Metric facility to configure metrics in a
variety of categories including basics, complexity, dependency, Halstead, inheritance and ratio
categories.
Steps
From the CodePro menu, select Preferences Metrics and click on the Metric Sets tab.
Click the New button and enter a name for your new metric set (such as Eval Guide Metric
Set) and then click OK.
Check the box next to Halstead metrics and then expand the list. Observe that all of the
subsequent metrics have been selected as well. Click through the selected metrics and read
their associated descriptions and parameters. When you are finished, click the Apply button
and then click OK.

In the Package Explorer, right-click on the CodePro AnalytiX Evaluation project and
select CodePro Tools and then select Compute Metrics Using Deselect CodePro
Default and select your custom metric set and click OK. Review the results of your newly
computed metrics.

Metric Reports
The context menu contains a Copy to Clipboard item that will allow you to capture the
currently visible results on the clipboard so that they can be pasted into e-mail messages, text
documents, HTML documents, XML documents or even a spreadsheet application.
After computing the metrics, right-clicking on the Metric view and selecting Export Violations
items allows you to save the currently visible results directly to a text file in simple text, tab
separated, comma separated, HTML or XML format.

12

 Similar Code Analysis

Identifying Similar Code
The CodePro AnalytiX similar code analysis facility provides developers with the capability to
easily find and identify copied bits of code, very similar fragments of code, or even copied code
with renamed or manipulated variables. This makes refactoring code much faster and more
efficient.
Steps
Select the project in Navigator or Project Explorer view, and choose Search
SimilarCode.
If your project is small, check the Find more matches by taking much more time check box.
Click the Search button.

Similar Code view opens automatically when the analysis is complete. The list of matches is
displayed.

13

 Click on a match to open the Compare Editor. The editor shows textual differences between
the matched code snippets. Green lines designate identical code, yellow lines designate
differing code (with differing tokens highlighted with a red background), and red lines
designate inserted or removed code.

Right click on the result and choose Generate Report option to save the report to an html file.

14