1 Introduction
Static code analysis is the analysis of computer software that is performed without actually executing programs. It can help to ensure that code meets uniform expectations around security, reliability, performance, and maintainability
Done properly, this static code analysis provides a foundation for producing solid code by exposing structural errors and preventing entire classes of errors.
The document describes Hammurapi as an automated code review solution.
1.1 Introduction to Hammurapi
Hammurapi is a static analysis tool for identifying potential problems in source code and for collecting metrics. The tool's architecture allows one to analyze source files written in different programming languages.
Hammurapi uses the visitor pattern and a forward chaininginference engine – “Hammurapi Rules” – to analyze code and report potential problems and metrics.
Hammurapi can be used as a plugin for Eclipse or an Ant task.
2 Hammurapi
2.1 Hammurapi architecture
Ant task
The Ant task is used to integrate Hammurapi into the build process. The task has several sub-tasks to load sources to the database, perform review and delete old reports.
Eclipse plug-in
The plug-in provides instant feedback to developers. Both the Ant task and the plug-in use same configuration files to ensure consistency between "development-time" and "build-time" inspections.
Inspector sets
Inspector sets are collections of inspectors. Different types of sources may have to follow different standards. Inspector sets are Hammurapi rules' rule sets with inspectors as rules. Inspector sets are one of Hammurapi extension points.
Inspectors
Inspectors are Java classes which perform inspections of language elements of source code, report violations and collect metrics. Inspectors are specialized rules of Hammurapi rules'. One inspector class can have one or more inspecting methods. Inspectors are one of Hammurapi extension points.
Mesopotamia
Mesopotamia is a framework for parsing sources written in different programming languages, storing them in a repository, and representing as Heterogeneous Abstract Syntax Tree, a Heterogeneous Abstract Semantic Graph, or some other data structure. Heterogeneity of language elements, though not mandatory, simplifies inspectors development.
2.2 How Hammurapi works?
· Mesopotamia parses source files and stores parsed information in the database. Parsed files are represented by Scan object
· Hammurapi retrieves Scan from the database and iterates over its Source units and Language elements.
· Each object is passed to inspectors' inspect() method with compatible parameters
· Inspectors inspects language elements and source units and can post Violations, Warnings or Metrics
· Violations, Warnings and Metrics posted by inspectors are collected by Hammurapi and stored to the database
· Hammurapi Web application is used to render review results
3 Installation of Hammurapi
3.1 Prerequisites
Hammurapi requires Java 5 or above.
3.2 Steps in installation
3.2.1 To test the installation
1. Start HSQLDB.
Run <Hammurapi_home>\db\runServer.bat
2. Start Tomcat.
3. Run <Hammurapi_home>\tomcat\bin\startup.bat
4. Execute ant review in the sample directory. To produce off-line report, execute ant review wget.
4. Start internet browser and navigate to http://localhost:8080/hammurapiweb/. You should see Hammurapi Web application with a single report entry. Click on report ID to navigate to the report.
5. Stop Tomcat.
Run <Hammurapi_home>\tomcat\bin\ shutdown.bat
6. Stop HSQLDB.
Run <Hammurapi_home>\db\ shutdown.bat
4 Using Hammurapi
1. Modify sourceset in the review target in the Hammurapi build.xml to point to the source of the project
E.g. <load
repositoryname="Jmeter"
scandescription="jmeter">
<sourceset
dir="D:\JMETER\myjmeter\src"
includes="**/*.java"
language="Java"
languageversion="5"
/>
</load>
2. Start the database
3. Start Tomcat
4. Run the ant review task
5. View the report at http://localhost:8080/hammurapiweb/
6. To generate offline report ,use the wget utility
Execute ant review wget.
5 Sample Output
6 Advantages of Hammurapi
1. Open source
2. Built in Java inspectors
3. Extensible
The primary extension points of Hammurapi are:
· Development of new inspectors for existing language modules.
· Combining inspectors into new inspector sets.
· Development of additional language modules.
· Adding functionality to the web application.
7 References
http://www.hammurapi.biz/hammurapi-biz/ef/xmenu/hammurapi-group/products/hammurapi/index.html
Static code analysis is the analysis of computer software that is performed without actually executing programs. It can help to ensure that code meets uniform expectations around security, reliability, performance, and maintainability
Done properly, this static code analysis provides a foundation for producing solid code by exposing structural errors and preventing entire classes of errors.
The document describes Hammurapi as an automated code review solution.
1.1 Introduction to Hammurapi
Hammurapi is a static analysis tool for identifying potential problems in source code and for collecting metrics. The tool's architecture allows one to analyze source files written in different programming languages.
Hammurapi uses the visitor pattern and a forward chaininginference engine – “Hammurapi Rules” – to analyze code and report potential problems and metrics.
Hammurapi can be used as a plugin for Eclipse or an Ant task.
2 Hammurapi
2.1 Hammurapi architecture
Ant task
The Ant task is used to integrate Hammurapi into the build process. The task has several sub-tasks to load sources to the database, perform review and delete old reports.
Eclipse plug-in
The plug-in provides instant feedback to developers. Both the Ant task and the plug-in use same configuration files to ensure consistency between "development-time" and "build-time" inspections.
Inspector sets
Inspector sets are collections of inspectors. Different types of sources may have to follow different standards. Inspector sets are Hammurapi rules' rule sets with inspectors as rules. Inspector sets are one of Hammurapi extension points.
Inspectors
Inspectors are Java classes which perform inspections of language elements of source code, report violations and collect metrics. Inspectors are specialized rules of Hammurapi rules'. One inspector class can have one or more inspecting methods. Inspectors are one of Hammurapi extension points.
Mesopotamia
Mesopotamia is a framework for parsing sources written in different programming languages, storing them in a repository, and representing as Heterogeneous Abstract Syntax Tree, a Heterogeneous Abstract Semantic Graph, or some other data structure. Heterogeneity of language elements, though not mandatory, simplifies inspectors development.
2.2 How Hammurapi works?
· Mesopotamia parses source files and stores parsed information in the database. Parsed files are represented by Scan object
· Hammurapi retrieves Scan from the database and iterates over its Source units and Language elements.
· Each object is passed to inspectors' inspect() method with compatible parameters
· Inspectors inspects language elements and source units and can post Violations, Warnings or Metrics
· Violations, Warnings and Metrics posted by inspectors are collected by Hammurapi and stored to the database
· Hammurapi Web application is used to render review results
3 Installation of Hammurapi
3.1 Prerequisites
Hammurapi requires Java 5 or above.
3.2 Steps in installation
- download “hammurapi-5.7.0-setup.jar”
- Run the hammurapi-5.7.0-setup.jar
3.2.1 To test the installation
1. Start HSQLDB.
Run <Hammurapi_home>\db\runServer.bat
2. Start Tomcat.
3. Run <Hammurapi_home>\tomcat\bin\startup.bat
4. Execute ant review in the sample directory. To produce off-line report, execute ant review wget.
4. Start internet browser and navigate to http://localhost:8080/hammurapiweb/. You should see Hammurapi Web application with a single report entry. Click on report ID to navigate to the report.
5. Stop Tomcat.
Run <Hammurapi_home>\tomcat\bin\ shutdown.bat
6. Stop HSQLDB.
Run <Hammurapi_home>\db\ shutdown.bat
4 Using Hammurapi
1. Modify sourceset in the review target in the Hammurapi build.xml to point to the source of the project
E.g. <load
repositoryname="Jmeter"
scandescription="jmeter">
<sourceset
dir="D:\JMETER\myjmeter\src"
includes="**/*.java"
language="Java"
languageversion="5"
/>
</load>
2. Start the database
3. Start Tomcat
4. Run the ant review task
5. View the report at http://localhost:8080/hammurapiweb/
6. To generate offline report ,use the wget utility
Execute ant review wget.
5 Sample Output
6 Advantages of Hammurapi
1. Open source
2. Built in Java inspectors
3. Extensible
The primary extension points of Hammurapi are:
· Development of new inspectors for existing language modules.
· Combining inspectors into new inspector sets.
· Development of additional language modules.
· Adding functionality to the web application.
7 References
http://www.hammurapi.biz/hammurapi-biz/ef/xmenu/hammurapi-group/products/hammurapi/index.html