- August 01, 2021
- Nikolay Kostov (Nikolay.IT)
Topics covered:
- Integrated Development Environments (IDEs)
- Source Control Systems (Git, SVN, TFS)
- Logging Tools
- Bug Tracking / Issue Tracking Systems
- Code Analysis Tools
- Code Decompilation Tools
- Code Obfuscators
- Code Profilers
- Refactoring Tools
- Continuous Integration Tools
- Deployment in the Public Clouds
Video (in Bulgarian)
Presentation Content
Visual Studio
- Visual Studio is official .NET development tool from Microsoft
- Multiple languages: C#, VB.NET, F#, C++, …
- Multiple technologies and platforms: ASP.NET, WPF, WiForms, Silverlight, WWF, WCF, iOS, Windows Mobile, Android, NodeJS, Xamarin…
- Very powerful and feature rich
- Write, compile, model, design GUI, forms, data, build, execute, debug, test, deploy, refactor, …
- Commercial product, has free editions
Other IDEs
- JavaScript IDEs
- WebStorm, Sublime Text, VS, Atom, Notepad++
- Java IDEs
- Eclipse, Android Studio, NetBeans,IntelliJ IDEA, Jdeveloper
- C++ IDEs
- Code::Blocks, Bloodshed Dev-C++, VS
- PHP IDEs – PHPStorm, Zend Studio, phpDesigner
- Ruby – RubyMine
- Objective C (iOS) – Xcode, AppCode
What is а Source Control System?
- Source control systems (version control systems, source control repositories)
- Hold the source code and project assets during the development process
- Allow simultaneous changes in the source code and conflict resolution
- Keep version history of the project assets
- Some of the most popular source control systems: Git, SVN, TFS, CVS
Git
- Distributed revision control system
- Support for distributed, non-linear workflows
- Very efficient and secure
- Initially designed and developed by Linus Torvalds for Linux kernel development in 2005
- Become one of the most widely adopted version control system for software development
- Independent full-fledged working directories
- Used by GitHub
- Allows variety of workflows to be used
Git: Centralized Workflow
- Someone initializes the central repository
- Everybody clones the central repository
- John works on his feature
- Mary works on her feature
- John publishes his feature
- Mary tries to publish her feature
- Mary rebases on top of John’s commit(s)
- Mary resolves a merge conflict
- Mary successfully publishes her feature
- More info
Git: Feature Branch Workflow
- Still uses a central repository
- Developers create a new branch every time they start work on a new feature
- Instead of committing directlyon their local master branch
- Feature branches should have descriptive names
- This makes it possible to share a feature with other developers without touching official code
- Branches make it possible to discuss changes via pull requests
- More info
Git: Gitflow Workflow
- Defines a strict branching model designed around the project release
- Same but more complicated, for large projects
- Assigns very specific roles to different branches
- Master and Develop branches
- Master stores theofficial release history
- Develop serves as anintegration for features
- More info
Git: Forking Workflow
- Developers push to their own server-side repositories
- Only the project maintainer can push to the official repo
- Allows the maintainer to accept commits from others without giving them write access
- An ideal workflow for open source projects
- Can be combined with other workflows
- More info
- Subversion (SVN)
- Popular and well established system
- Free, open-source, very large community
- TortoiseSVN – the most popular client
- Two versioning models:
- Lock-Modify-Unlock and Copy-Modify-Merge
- Official web site:
- Runs on Linux, Windows
- Console client - svn
- GUI client
TortoiseSVN
Lock-Modify-Unlock Model
- The lock-modify-unlock model needs locking files before modification
- One file is modified by at most one person in any given moment
- No conflicts, no need of merge
- Suitable for small teams
- When changes almost don’t need concurrency
- Basic commands: check out, check-in
- Implemented in: Visual SourceSafe, (TFS, SVN)
Copy-Modify-Merge Model
- Copy-modify-merge model does not hold locks during the source code modification
- The same file could be simultaneously edited by multiple developers
- Sometimes requires conflict resolution
- Suitable for large teams and projects
- High concurrency of source code modifications
- Basic commands: update, commit
- Implemented in: SVN, CVS, Git, Mercurial, TFS
- Microsoft Team Foundation Server (TFS)
- Works best with Visual Studio
- Hard to use outside of it
- Commercial license
Other Source Control Systems
- CVS
- Was extremely popular in the past
- Open source, mostly used in UNIX / Linux
- Git and Mercurial
- Fast, distributed, open source
- Perforce
- Very powerful and scalable (petabytes of code)
- Commercial product (used by SAP)
Logging
- Logging is chronological and systematic record of data processing events in a program
- E.g. the Windows Event Log
- Logs can be saved to a persistent medium to be studied at a later time
- Use logging in the development phase:
- Logging can help you debug the code
- Use logging in the production environment:
- Helps you troubleshoot problems
Log4J / Log4Net
- Log4J / Log4Net are a popular logging frameworks for Java / .NET
- Designed to be reliable, fast and extensible
- Simple to understand and to use API
- Allows the developer to control which log statements are output with arbitrary granularity
- Fully configurable at runtime using external configuration files
Log4j / Log4Net Architecture
- Log4Net has three main components: loggers, appenders and layouts
- Loggers
- Channels for printing logging information
- Appenders
- Output destinations (e.g. XML file, database, …)
- Layouts
- Formats that appenders use to write their output
Hello Log4Net – Example
class Log4Net_Example_
{
private static readonly ILog Log =
LogManager.GetLogger(typeof(Log4Net_Example_));
static void Main()
{
BasicConfigurator.Configure();
Log.Debug("Debug msg");
Log.Error("Error msg");
}
}
- Output from Log4Net Example
2010-12-16 23:25:08 DEBUG Log4Net_Example_ – Debug msg
2010-12-16 23:25:08 ERROR Log4Net_Example_ – Error msg
…
Bug Tracking Systems
- Bug tracking / issue tracking systems
- Track bugs / issues related to software development, called tickets
- Tickets consist of:
- Category: bug / feature request / task
- State: new → assigned → fixed → closed
- Priority: critical / high / low / etc.
- Owner / responsible person
- Summary, description, attachments
SCM and ALM Systems
- Software Configuration Management (SCM systems (e.g. Rational ClearCase, StarTeam)
- Change management for requirements, documents, source code, etc.
- Tools, policies, workflow, etc.
- Application Lifecycle Management (ALM) systems (e.g. VSTS + TFS, StarTeam, Polarion)
- Covers the entire development process
- Requirements, planning, project management, architecture, build, QA, test, integration, etc.
Code Analysis Tools
- Code analysis tools
- Analyze the source code for bad coding style / unwanted coding practices (StyleCop)
- Static analysis
- Examine the source code at compile-time
- Could work with the source code or with the compiled assemblies / JAR archives
- Examples: JustCode, ReSharper, FxCop, VS
- Dynamic analysis
- Analyses the code at runtime (usually done by code instrumentation) (profiling, tracing)
Code Decomplation
- Code decompiler / code disassembler
- Reconstructs the source code (to some extent) from the compiled code
- .NET assembly → C# / VB.NET source code
- JAR archive / .class file → Java source code
- .EXE file → C / C++ / Assembler code
- Reconstructed code
- Is not always 100% compilable
- Loses private identifier names, comments, etc.
Code Decomplation Tools
- Code decompilers
- .NET
- JustDecompile – free, powerful .NET decompiler
- ILSpy – powerful, great usability, free
- ILDASM – part of .NET SDK, decompiles to IL code
- Java
- DJ Java Decompiler
- JD (JD-Core / JD-GUI / JD-Eclipse)
- .EXE file
- Boomerang Decompiler → outputs C source code
- IDA Pro – powerful disassembler / debugger
- OllyDbg, W32DASM, etc.
Code Obfuscation
- Transform the source code or compiled .NET / Java code into a difficult to understand form
- Obfuscated code has the same behavior
- Sometimes is a bit slower due to changes and additions in the control logic
- Obfuscated code is the opposite of the high-quality code
- Obfuscation is a form of security through obscurity
Code Obfuscation Techniques
- Rewrite for-loops as while-loops followed by a series of cascading if-else statements
- Change iteration into recursion
- Obfuscate programming constructs (e.g. turn if-else statements into ?: operators)
- Introduce meaningless identifier names
- Remove intermediate variables and literals by repeating them as expressions in the code
- Remove literals (e.g. 0 and 1) – use expressions
- Randomize code formatting
Simple Obfuscation – Example
- Original source code in C#
long first = 1
long second = 1;
for (int i = 3; i <= N; i++)
{
result = first + second;
first = second;
second = result;
}
return result;
- Obfuscated and decompiled
long _ = 1L;
long __ = 1L;
for (int ___ = 3; ___ <= _____; ___++)
{
____ = _ + __;
_ = __;
__ = ____;
}
return ____;
Obfuscation Tools
- .NET obfuscators
- ConfuserEx
- Eazfuscator.NET – free
- {smartassembly} – commercial license, very powerful – assembly obfuscation + compression
- Java obfuscators
- ProGuard – free, open-source
- yGuard – free, open source
- C++ obfuscators
- Stunnix C++ Obfuscator – commercial product
Profilers
- Profilers are tools for gathering performance data and finding performance bottlenecks
- Implemented by code instrumentation or based on built-in platform debugging / profiling APIs
- Gather statistics for method calls, uses of classes, objects, data, memory, threads, etc.
- CPU profilers
- Find performance bottlenecks
- Memory profilers
- Find memory allocation problems
JustTrace Profiler
- What is JustTrace?
- Designed for code and memory profiling
- Measures the frequency and duration of function calls
- Collects information about memoryusage
Refactoring
- Refactoring
- Improving the design of the existing code without changing its behavior
- Typical refactoring patterns
- Rename variable / class / method / member
- Extract method
- Extract constant
- Extract interface
- Encapsulate field
Continuous integration (CI)
- Automating the build and integration process
- Build the entire system each time any new code is checked in the source control repository
- Run all the automated tests for each build
- What does “continuous” mean?
- Ideally – build it after every check-in
- Practically – for larger systems, every 1-2 hours
- Or at least a couple of times a day
Components of the Continuous Integration System
- Build server – separate machine (or pool)
- Source control repository
- Subversion, Team Foundation Server (TFS), etc.
- Automated build system
- Ant, NAnt, MSBuild, Cruise Control, TFS, etc.
- Status indicators / notifications to make problems visible right away
- Email notifications / tray build notify utilities
- Public build status monitors
CI Systems
- CruiseControl
- Very popular, powerful, open source CI tool
- Extensible, plug-in based, large community
- CruiseControl.NET
- .NET cloning of CruiseControl
- Hudson
- Powerful Java based CI server, open source
- Team Foundation Server (TFS)
- TFS provides build-in continuous integration
- AppVeyor
- Cloud-based for .NET / example
What is Cloud?
- Cloud ≈ multiple hardware machines combine computing power and resources
- Share them between multiple applications
- To save costs and use resources more efficiently
- Public clouds
- Provide computing resources on demand
- Publicly in Internet
- Paid or free of charge (to some limit)
- Azure, Amazon AWS, Google App Engine, AppHarbor, Rackspace, Heroku, …
AppHarbor
- AppHarbor – cloud platform for .NET apps
- Supports a classical .NET development stack
- C#, .NET Framework, ASP.NET (Web Forms and MVC), WCF, WWF, ADO.NET Entity Framework, …
- Deployment through Git / SVN / TFS
- Automated build process(compilation + unit tests)
- Build-in load balancing
- Rich set of add-on services