Video: High-Quality Code - Development Tools (Bulgarian)

August 01, 2021
Nikolay Kostov (Nikolay.IT)

Topics covered:

Integrated Development Environments (IDEs)
Source Control Systems (Git, SVN, TFS)
Logging Tools
Bug Tracking / Issue Tracking Systems
Code Analysis Tools
Code Decompilation Tools
Code Obfuscators
Code Profilers
Refactoring Tools
Continuous Integration Tools
Deployment in the Public Clouds

Video (in Bulgarian)

Presentation Content

Visual Studio

Visual Studio is official .NET development tool from Microsoft
- Multiple languages: C#, VB.NET, F#, C++, …
- Multiple technologies and platforms: ASP.NET, WPF, WiForms, Silverlight, WWF, WCF, iOS, Windows Mobile, Android, NodeJS, Xamarin…
- Very powerful and feature rich
- Write, compile, model, design GUI, forms, data, build, execute, debug, test, deploy, refactor, …
- Commercial product, has free editions

Other IDEs

JavaScript IDEs
- WebStorm, Sublime Text, VS, Atom, Notepad++
Java IDEs
- Eclipse, Android Studio, NetBeans,IntelliJ IDEA, Jdeveloper
C++ IDEs
- Code::Blocks, Bloodshed Dev-C++, VS
PHP IDEs – PHPStorm, Zend Studio, phpDesigner
Ruby – RubyMine
Objective C (iOS) – Xcode, AppCode

What is а Source Control System?

Source control systems (version control systems, source control repositories)
- Hold the source code and project assets during the development process
- Allow simultaneous changes in the source code and conflict resolution
- Keep version history of the project assets
Some of the most popular source control systems: Git, SVN, TFS, CVS

Git

Distributed revision control system
- Support for distributed, non-linear workflows
- Very efficient and secure
Initially designed and developed by Linus Torvalds for Linux kernel development in 2005
- Become one of the most widely adopted version control system for software development
Independent full-fledged working directories
Used by GitHub
Allows variety of workflows to be used

Git: Centralized Workflow

Someone initializes the central repository
Everybody clones the central repository
John works on his feature
Mary works on her feature
John publishes his feature
Mary tries to publish her feature
Mary rebases on top of John’s commit(s)
Mary resolves a merge conflict
Mary successfully publishes her feature
More info

Git: Feature Branch Workflow

Still uses a central repository
Developers create a new branch every time they start work on a new feature
- Instead of committing directlyon their local master branch
- Feature branches should have descriptive names
This makes it possible to share a feature with other developers without touching official code
Branches make it possible to discuss changes via pull requests
More info

Git: Gitflow Workflow

Defines a strict branching model designed around the project release
- Same but more complicated, for large projects
- Assigns very specific roles to different branches
Master and Develop branches
- Master stores theofficial release history
- Develop serves as anintegration for features
More info

Git: Forking Workflow

Developers push to their own server-side repositories
Only the project maintainer can push to the official repo
- Allows the maintainer to accept commits from others without giving them write access
An ideal workflow for open source projects
Can be combined with other workflows
More info
Subversion (SVN)
- Popular and well established system
- Free, open-source, very large community
- TortoiseSVN – the most popular client
Two versioning models:
- Lock-Modify-Unlock and Copy-Modify-Merge
Official web site:
- http://subversion.tigris.org/
Runs on Linux, Windows
Console client - svn
GUI client
- TortoiseSVN – http://tortoisesvn.tigris.org/

TortoiseSVN

TortoiseSVN
- Open source GUI client for Subversion
- Integrated in Windows Explorer
- http://tortoisesvn.tigris.org/

Lock-Modify-Unlock Model

The lock-modify-unlock model needs locking files before modification
- One file is modified by at most one person in any given moment
- No conflicts, no need of merge
- Suitable for small teams
  - When changes almost don’t need concurrency
- Basic commands: check out, check-in
- Implemented in: Visual SourceSafe, (TFS, SVN)

Copy-Modify-Merge Model

Copy-modify-merge model does not hold locks during the source code modification
- The same file could be simultaneously edited by multiple developers
- Sometimes requires conflict resolution
- Suitable for large teams and projects
  - High concurrency of source code modifications
- Basic commands: update, commit
- Implemented in: SVN, CVS, Git, Mercurial, TFS
Microsoft Team Foundation Server (TFS)
- Works best with Visual Studio
  - Hard to use outside of it
- Commercial license

Other Source Control Systems

CVS
- Was extremely popular in the past
  - Now it is obsolete
- Open source, mostly used in UNIX / Linux
Git and Mercurial
- Fast, distributed, open source
Perforce
- Very powerful and scalable (petabytes of code)
- Commercial product (used by SAP)

Logging

Logging is chronological and systematic record of data processing events in a program
- E.g. the Windows Event Log
Logs can be saved to a persistent medium to be studied at a later time
Use logging in the development phase:
- Logging can help you debug the code
Use logging in the production environment:
- Helps you troubleshoot problems

Log4J / Log4Net

Log4J / Log4Net are a popular logging frameworks for Java / .NET
- Designed to be reliable, fast and extensible
- Simple to understand and to use API
- Allows the developer to control which log statements are output with arbitrary granularity
- Fully configurable at runtime using external configuration files

Log4j / Log4Net Architecture

Log4Net has three main components: loggers, appenders and layouts
- Loggers
  - Channels for printing logging information
- Appenders
  - Output destinations (e.g. XML file, database, …)
- Layouts
  - Formats that appenders use to write their output

Hello Log4Net – Example

class Log4Net_Example_
{
  private static readonly ILog Log =
    LogManager.GetLogger(typeof(Log4Net_Example_));
  static void Main()
  {
    BasicConfigurator.Configure();
    Log.Debug("Debug msg");
    Log.Error("Error msg");
  }
}

Output from Log4Net Example

2010-12-16 23:25:08 DEBUG Log4Net_Example_ – Debug msg
2010-12-16 23:25:08 ERROR Log4Net_Example_ – Error msg
…

Bug Tracking Systems

Bug tracking / issue tracking systems
- Track bugs / issues related to software development, called tickets
Tickets consist of:
- Category: bug / feature request / task
- State: new → assigned → fixed → closed
- Priority: critical / high / low / etc.
- Owner / responsible person
- Summary, description, attachments

SCM and ALM Systems

Software Configuration Management (SCM systems (e.g. Rational ClearCase, StarTeam)
- Change management for requirements, documents, source code, etc.
- Tools, policies, workflow, etc.
Application Lifecycle Management (ALM) systems (e.g. VSTS + TFS, StarTeam, Polarion)
- Covers the entire development process
- Requirements, planning, project management, architecture, build, QA, test, integration, etc.

Code Analysis Tools

Code analysis tools
- Analyze the source code for bad coding style / unwanted coding practices (StyleCop)
Static analysis
- Examine the source code at compile-time
- Could work with the source code or with the compiled assemblies / JAR archives
- Examples: JustCode, ReSharper, FxCop, VS
Dynamic analysis
- Analyses the code at runtime (usually done by code instrumentation) (profiling, tracing)

Code Decomplation

Code decompiler / code disassembler
- Reconstructs the source code (to some extent) from the compiled code
- .NET assembly → C# / VB.NET source code
- JAR archive / .class file → Java source code
- .EXE file → C / C++ / Assembler code
Reconstructed code
- Is not always 100% compilable
- Loses private identifier names, comments, etc.

Code Decomplation Tools

Code decompilers
- .NET
  - JustDecompile – free, powerful .NET decompiler
  - ILSpy – powerful, great usability, free
  - ILDASM – part of .NET SDK, decompiles to IL code
- Java
  - DJ Java Decompiler
  - JD (JD-Core / JD-GUI / JD-Eclipse)
- .EXE file
  - Boomerang Decompiler → outputs C source code
  - IDA Pro – powerful disassembler / debugger
  - OllyDbg, W32DASM, etc.

Code Obfuscation

Transform the source code or compiled .NET / Java code into a difficult to understand form
Obfuscated code has the same behavior
Sometimes is a bit slower due to changes and additions in the control logic
Obfuscated code is the opposite of the high-quality code
Obfuscation is a form of security through obscurity

Code Obfuscation Techniques

Rewrite for-loops as while-loops followed by a series of cascading if-else statements
Change iteration into recursion
Obfuscate programming constructs (e.g. turn if-else statements into ?: operators)
Introduce meaningless identifier names
Remove intermediate variables and literals by repeating them as expressions in the code
Remove literals (e.g. 0 and 1) – use expressions
Randomize code formatting

Simple Obfuscation – Example

Original source code in C#

long first = 1
long second = 1;
for (int i = 3; i <= N; i++)
{
  result = first + second;
  first = second;
  second = result;
}
return result;

Obfuscated and decompiled

long _ = 1L;
long __ = 1L;
for (int ___ = 3; ___ <= _____; ___++)
{
    ____ = _ + __;
    _ = __;
    __ = ____;
}
return ____;

Obfuscation Tools

.NET obfuscators
- ConfuserEx
- Eazfuscator.NET – free
- {smartassembly} – commercial license, very powerful – assembly obfuscation + compression
Java obfuscators
- ProGuard – free, open-source
- yGuard – free, open source
C++ obfuscators
- Stunnix C++ Obfuscator – commercial product

Profilers

Profilers are tools for gathering performance data and finding performance bottlenecks
- Implemented by code instrumentation or based on built-in platform debugging / profiling APIs
- Gather statistics for method calls, uses of classes, objects, data, memory, threads, etc.
CPU profilers
- Find performance bottlenecks
Memory profilers
- Find memory allocation problems

JustTrace Profiler

What is JustTrace?
- Designed for code and memory profiling
- Measures the frequency and duration of function calls
- Collects information about memoryusage

Refactoring

Refactoring
- Improving the design of the existing code without changing its behavior
Typical refactoring patterns
- Rename variable / class / method / member
- Extract method
- Extract constant
- Extract interface
- Encapsulate field

Continuous integration (CI)

Automating the build and integration process
Build the entire system each time any new code is checked in the source control repository
Run all the automated tests for each build
What does “continuous” mean?
- Ideally – build it after every check-in
- Practically – for larger systems, every 1-2 hours
- Or at least a couple of times a day

Components of the Continuous Integration System

Build server – separate machine (or pool)
Source control repository
- Subversion, Team Foundation Server (TFS), etc.
Automated build system
- Ant, NAnt, MSBuild, Cruise Control, TFS, etc.
Status indicators / notifications to make problems visible right away
- Email notifications / tray build notify utilities
- Public build status monitors

CI Systems

CruiseControl
- Very popular, powerful, open source CI tool
- Extensible, plug-in based, large community
CruiseControl.NET
- .NET cloning of CruiseControl
Hudson
- Powerful Java based CI server, open source
Team Foundation Server (TFS)
- TFS provides build-in continuous integration
AppVeyor
- Cloud-based for .NET / example

What is Cloud?

Cloud ≈ multiple hardware machines combine computing power and resources
- Share them between multiple applications
- To save costs and use resources more efficiently
Public clouds
- Provide computing resources on demand
  - Publicly in Internet
  - Paid or free of charge (to some limit)
- Azure, Amazon AWS, Google App Engine, AppHarbor, Rackspace, Heroku, …

AppHarbor

AppHarbor – cloud platform for .NET apps
- Supports a classical .NET development stack
  - C#, .NET Framework, ASP.NET (Web Forms and MVC), WCF, WWF, ADO.NET Entity Framework, …
- Deployment through Git / SVN / TFS
  - Automated build process(compilation + unit tests)
- Build-in load balancing
- Rich set of add-on services