Automated code review: Difference between revisions
spelling error Tag: Reverted |
sep lede |
||
(35 intermediate revisions by 10 users not shown) | |||
Line 1: | Line 1: | ||
{{Refimprove|date=September 2010}} |
{{Refimprove|date=September 2010}} |
||
'''Automated code review''' software checks [[source code]] for compliance with a predefined set of rules or best practices. |
|||
==Overview== |
|||
The use of analytical methods to inspect and review source code to detect bugs or security issues has been a standard development practice in both [[open source]] and [[commercial software]] domains.<ref>McIntosh, Shane, et al. "The impact of code review coverage and code review participation on software quality: A case study of the qt, vtk, and itk projects." Proceedings of the 11th Working Conference on Mining Software Repositories. 2014. {{doi|10.1145/2597073.2597076}}</ref> This process can be accomplished both manually and in an automated fashion.<ref name="SA_ref">{{cite web|title=An overview of the Static Code Analysis approach in Software Development | first1=Ivo | last1=Gomes | first2=Pedro | last2=Morgado | first3=Tiago | last3=Gomes | first4=Rodrigo | last4=Moreira | publisher= Universidade do Porto | year=2009 | url=http://paginas.fe.up.pt/~ei05021/TQSO%20-%20An%20overview%20on%20the%20Static%20Code%20Analysis%20approach%20in%20Software%20Development.pdf | accessdate=2010-10-03}}</ref><ref>{{cite web|title= Tricorder: Building a Program Analysis Ecosystem | year=2015| url=https://research.google/pubs/pub43322/}}</ref> With automation, software tools provide assistance with the [[code review]] and inspection process. The review program or tool typically displays a list of warnings (violations of programming standards). A review program can also provide an automated or a programmer-assisted way to correct the issues found. This is a component for mastering easily software. This is contributing to the [[Software intelligence|Software Intelligence]] practice. This process is usually called "linting" since one of the first tools for static code analysis was called [[Lint_(software)|Lint]]. |
|||
Some [[static code analysis]] tools can be used to |
Some [[static code analysis]] tools can be used to help with automated code review. They do not compare favorably to manual reviews, however they can be done faster and more efficiently.{{Citation needed|date=January 2018|reason=Need evidence that manual reviews are better than automated}} These tools also encapsulate deep knowledge of underlying rules and semantics required to perform this type analysis such that it does not require the human code reviewer to have the same level of expertise as an expert human auditor.<ref name="SA_ref"/> Many [[Integrated Development Environments]] also provide basic automated code review functionality. For example the [[Eclipse (software)|Eclipse]]<ref>{{cite web|title=Collaborative Code Review Tool Development |publisher=www.eclipse.org |url=http://marketplace.eclipse.org/content/collaborative-code-review-tool |accessdate=2010-10-13 |url-status=dead |archiveurl=https://web.archive.org/web/20100401051935/http://marketplace.eclipse.org/content/collaborative-code-review-tool |archivedate=2010-04-01 }}</ref> and [[Microsoft Visual Studio]]<ref>{{cite web|title=Code Review Plug-in for Visual Studio 2008, ReviewPal | date=4 November 2009 | publisher=www.codeproject.com | url=http://www.codeproject.com/KB/work/ReviewPal.aspx | accessdate=2010-10-13}}</ref> IDEs support a variety of plugins that facilitate code review. |
||
Next to [[static code analysis]] tools, there are also tools that analyze and [[Software visualization|visualize software structures]] and help humans to better understand these. Such systems are geared more to analysis because they typically do not contain a predefined set of rules to check software against. Some of these tools (e.g. [[Imagix 4D]], [[Resharper]], [[SonarJ]], |
Next to [[static code analysis]] tools, there are also tools that analyze and [[Software visualization|visualize software structures]] and help humans to better understand these. Such systems are geared more to analysis because they typically do not contain a predefined set of rules to check software against. Some of these tools (e.g. [[Imagix 4D]], [[Resharper]], [[SonarJ]], Sotoarc, [[Structure101]], ACTool<ref>[http://sourceforge.net/projects/actool/ Architecture Consistency plugin for Eclipse]</ref>) allow one to define target architectures and enforce that target architecture constraints are not violated by the actual software implementation. |
||
==Automated code review tools== |
==Automated code review tools== |
||
Line 12: | Line 14: | ||
==See also== |
==See also== |
||
* [[Program analysis (computer science)]] |
* [[Program analysis (computer science)]] |
||
* [[code review (computer science)]] |
|||
==References== |
==References== |
Latest revision as of 23:36, 2 November 2024
This article needs additional citations for verification. (September 2010) |
Automated code review software checks source code for compliance with a predefined set of rules or best practices.
Overview
[edit]The use of analytical methods to inspect and review source code to detect bugs or security issues has been a standard development practice in both open source and commercial software domains.[1] This process can be accomplished both manually and in an automated fashion.[2][3] With automation, software tools provide assistance with the code review and inspection process. The review program or tool typically displays a list of warnings (violations of programming standards). A review program can also provide an automated or a programmer-assisted way to correct the issues found. This is a component for mastering easily software. This is contributing to the Software Intelligence practice. This process is usually called "linting" since one of the first tools for static code analysis was called Lint.
Some static code analysis tools can be used to help with automated code review. They do not compare favorably to manual reviews, however they can be done faster and more efficiently.[citation needed] These tools also encapsulate deep knowledge of underlying rules and semantics required to perform this type analysis such that it does not require the human code reviewer to have the same level of expertise as an expert human auditor.[2] Many Integrated Development Environments also provide basic automated code review functionality. For example the Eclipse[4] and Microsoft Visual Studio[5] IDEs support a variety of plugins that facilitate code review.
Next to static code analysis tools, there are also tools that analyze and visualize software structures and help humans to better understand these. Such systems are geared more to analysis because they typically do not contain a predefined set of rules to check software against. Some of these tools (e.g. Imagix 4D, Resharper, SonarJ, Sotoarc, Structure101, ACTool[6]) allow one to define target architectures and enforce that target architecture constraints are not violated by the actual software implementation.
Automated code review tools
[edit]See also
[edit]References
[edit]- ^ McIntosh, Shane, et al. "The impact of code review coverage and code review participation on software quality: A case study of the qt, vtk, and itk projects." Proceedings of the 11th Working Conference on Mining Software Repositories. 2014. doi:10.1145/2597073.2597076
- ^ a b Gomes, Ivo; Morgado, Pedro; Gomes, Tiago; Moreira, Rodrigo (2009). "An overview of the Static Code Analysis approach in Software Development" (PDF). Universidade do Porto. Retrieved 2010-10-03.
- ^ "Tricorder: Building a Program Analysis Ecosystem". 2015.
- ^ "Collaborative Code Review Tool Development". www.eclipse.org. Archived from the original on 2010-04-01. Retrieved 2010-10-13.
- ^ "Code Review Plug-in for Visual Studio 2008, ReviewPal". www.codeproject.com. 4 November 2009. Retrieved 2010-10-13.
- ^ Architecture Consistency plugin for Eclipse