Visual Expert is a
static code analysis tool, extracting design and technical information from software
source code
In computing, source code, or simply code, is any collection of code, with or without comments, written using a human-readable programming language, usually as plain text. The source code of a program is specially designed to facilitate the wo ...
by
reverse-engineering
Reverse engineering (also known as backwards engineering or back engineering) is a process or method through which one attempts to understand through deductive reasoning how a previously made device, process, system, or piece of software accompli ...
, used by programmers for software maintenance, modernization or optimization.
It is designed to
parse
Parsing, syntax analysis, or syntactic analysis is the process of analyzing a string of symbols, either in natural language, computer languages or data structures, conforming to the rules of a formal grammar. The term ''parsing'' comes from Lati ...
several programming languages at the same time (
PL/SQL
PL/SQL (Procedural Language for SQL) is Oracle Corporation's procedural extension for SQL and the Oracle relational database. PL/SQL is available in Oracle Database (since version 6 - stored PL/SQL procedures/functions/packages/triggers since ...
,
Transact-SQL
Transact-SQL (T-SQL) is Microsoft's and Sybase's proprietary extension to the SQL (Structured Query Language) used to interact with relational databases. T-SQL expands on the SQL standard to include procedural programming, local variables, vari ...
,
PowerBuilder
PowerBuilder is an integrated development environment owned by SAP since the acquisition of Sybase in 2010. On July 5, 2016, SAP and Appeon entered into an agreement whereby Appeon, an independent company, would be responsible for developing, se ...
...) and analyze cross-language dependencies, in addition to each language's source code.
Visual Expert checks
source code
In computing, source code, or simply code, is any collection of code, with or without comments, written using a human-readable programming language, usually as plain text. The source code of a program is specially designed to facilitate the wo ...
against hundreds of code inspection rules for
vulnerability assessment
A vulnerability assessment is the process of identifying, quantifying, and prioritizing (or ranking) the vulnerabilities in a system. Examples of systems for which vulnerability assessments are performed include, but are not limited to, informatio ...
,
bug fix
A patch is a set of changes to a computer program or its supporting data designed to update, fix, or improve it. This includes fixing security vulnerabilities and other bugs, with such patches usually being called bugfixes or bug fixes. Patches ...
, and
maintenance issues.
Features
* Cross-references exploration:
Impact Analysis,
E/R diagrams,
call graph
A call graph (also known as a call multigraph) is a control-flow graph, which represents calling relationships between subroutines in a computer program. Each node represents a procedure and each edge ''(f, g)'' indicates that procedure ''f'' cal ...
s,
CRUD matrix,
dependency graph
In mathematics, computer science and digital electronics, a dependency graph is a directed graph representing dependencies of several objects towards each other. It is possible to derive an evaluation order or the absence of an evaluation order th ...
s.
* Software documentation: a
documentation generator
A documentation generator is a programming tool that generates software documentation intended for programmers (API documentation) or end users (end-user guide), or both, from a set of source code files, and in some cases, binary files. Some genera ...
produces
technical documentation
Technical documentation is a generic term for the classes of information created to describe (in technical language) the use, functionality or architecture of a product, system or service.
Classes of technical documentation
Classes of technical do ...
and
low-level design descriptions.
*Inspect the code to detect
bugs,
security vulnerabilities
Vulnerabilities are flaws in a computer system that weaken the overall security of the device/system. Vulnerabilities can be weaknesses in either the hardware itself, or the software that runs on the hardware. Vulnerabilities can be exploited by ...
and
maintainability
In engineering, maintainability is the ease with which a product can be maintained to:
* correct defects or their cause,
* Repair or replace faulty or worn-out components without having to replace still working parts,
* prevent unexpected working ...
issues. Native integration with
Jenkins.
*Reports on
duplicate code In computer programming, duplicate code is a sequence of source code that occurs more than once, either within a program or across different programs owned or maintained by the same entity. Duplicate code is generally considered undesirable for a n ...
,
unused objects and methods and
naming conventions
A naming convention is a convention (generally agreed scheme) for naming things. Conventions differ in their intents, which may include to:
* Allow useful information to be deduced from the names based on regularities. For instance, in Manhatta ...
. Calculates
software metrics
In software engineering and development, a software metric is a standard of measure of a degree to which a software system or process possesses some property. Even if a metric is not a measurement (metrics are functions, while measurements are t ...
and
source lines of code
Source lines of code (SLOC), also known as lines of code (LOC), is a software metric used to measure the size of a computer program by counting the number of lines in the text of the program's source code. SLOC is typically used to predict the am ...
.
* Code comparison:
finds differences between several versions of the same code.
*
Performance analysis: identifies code parts that slow down the application because of their syntax - it extracts statistics about code execution from the database and combines it with the static analysis of the code.
Usage
Visual Expert is used in several contexts:
*
Change impact analysis
Change impact analysis (IA) or impact analysis is the analysis of changes within a deployed product or application and their potential consequences.
Change impact analysis is defined by Bohnner and Arnold as "identifying the potential consequenc ...
: evaluating the consequences of a change in the code or in a database. Avoiding negative side effects when evolving a system.
*
Static Application Security Testing (SAST): detecting and removing security issues.
*
Continuous Integration / Continuous Inspection : adding a static code analysis job in a
CI/CD workflow to automatically verify the quality and security of a new build when it is released.
*
Program comprehension
Program comprehension (also program understanding or ourcecode comprehension) is a domain of computer science concerned with the ways software engineers maintain existing source code. The cognitive and other processes involved are identified and s ...
: helping programmers understand and maintain existing code, or modernize
legacy system
In computing, a legacy system is an old method, technology, computer system, or application program, "of, relating to, or being a previous or outdated computer system", yet still in use. Often referencing a system as "legacy" means that it paved ...
s.
Transferring knowledge of the code, from one programmer to another.
*
Software sizing Software sizing or Software size estimation is an activity in software engineering that is used to determine or estimate the size of a software application or component in order to be able to implement other software project management activities ...
: calculating the size of an application, or a piece of code, in order to
estimate development efforts.
*
Code review
Code review (sometimes referred to as peer review) is a software quality assurance activity in which one or several people check a program mainly by viewing and reading parts of its source code, and they do so after implementation or as an interru ...
: improving the code by finding and removing
code smells
In computer programming, a code smell is any characteristic in the source code of a program that possibly indicates a deeper problem. Determining what is and is not a code smell is subjective, and varies by language, developer, and development meth ...
,
dead code The term dead code has multiple definitions. Some use the term to refer to code (i.e. instructions in memory) which can never be executed at run-time.
In some areas of computer programming, dead code is a section in the source code of a program whic ...
, code causing poor performances or violations of
coding conventions
Coding conventions are a set of guidelines for a specific programming language that recommend programming style, practices, and methods for each aspect of a program written in that language. These conventions usually cover file organization, inde ...
.
Limitations
* As a
static code analyzer, Visual Expert is limited to the programming languages supported by its
code parsers -
Oracle
An oracle is a person or agency considered to provide wise and insightful counsel or prophetic predictions, most notably including precognition of the future, inspired by deities. As such, it is a form of divination.
Description
The word '' ...
PL/SQL
PL/SQL (Procedural Language for SQL) is Oracle Corporation's procedural extension for SQL and the Oracle relational database. PL/SQL is available in Oracle Database (since version 6 - stored PL/SQL procedures/functions/packages/triggers since ...
,
SQL Server Transact-SQL
Transact-SQL (T-SQL) is Microsoft's and Sybase's proprietary extension to the SQL (Structured Query Language) used to interact with relational databases. T-SQL expands on the SQL standard to include procedural programming, local variables, vari ...
,
PowerBuilder
PowerBuilder is an integrated development environment owned by SAP since the acquisition of Sybase in 2010. On July 5, 2016, SAP and Appeon entered into an agreement whereby Appeon, an independent company, would be responsible for developing, se ...
.
* A preliminary
reverse engineering
Reverse engineering (also known as backwards engineering or back engineering) is a process or method through which one attempts to understand through deductive reasoning how a previously made device, process, system, or piece of software accompli ...
is required. Visual Expert does it automatically, but its duration depends on the
size of the code parsed. Users must wait for the parsing completion prior to using the features, or
schedule it in advance. They must also allocate sufficient hardware resources to support their volume of code.
* Visual Expert is based on a
client/server architecture: the code analysis is running on a Windows PC - preferably a server. The information extracted from the code is stored in a
RDBMS
A relational database is a (most commonly digital) database based on the relational model of data, as proposed by E. F. Codd in 1970. A system used to maintain relational databases is a relational database management system (RDBMS). Many relation ...
, communicating with a client application installed on the programmer's computer - no
web client
A web browser is application software for accessing websites. When a user requests a web page from a particular website, the browser retrieves its files from a web server and then displays the page on the user's screen. Browsers are used on ...
is available. This requires that the
code
In communications and information processing, code is a system of rules to convert information—such as a letter, word, sound, image, or gesture—into another form, sometimes shortened or secret, for communication through a communication ...
, the
parsers
Parsing, syntax analysis, or syntactic analysis is the process of analyzing a string of symbols, either in natural language, computer languages or data structures, conforming to the rules of a formal grammar. The term ''parsing'' comes from L ...
, the
RDBMS
A relational database is a (most commonly digital) database based on the relational model of data, as proposed by E. F. Codd in 1970. A system used to maintain relational databases is a relational database management system (RDBMS). Many relation ...
and the programmers’ computers are connected to the same
LAN or
VPN
A virtual private network (VPN) extends a private network across a public network and enables users to send and receive data across shared or public networks as if their computing devices were directly connected to the private network. The be ...
.
History
* 1995- 1998 - Prog and Doc - Initial version distributed on the French market
* 2001 - Visual Expert 4.5
* 2003 - Visual Expert 5
* 2007 - Visual Expert 5.7
* 2010 - Visual Expert 6.0
* 2015 - Visual Expert 2015 - Server component added to schedule code analyses
* 2016 - Visual Expert 2016 - Oracle PL/SQL code parser, code inventory (lines of code, number of objects…)
* 2017 - Visual Expert 2017 - SQL Server T-SQL code parser, Code comparison, CRUD matrix
*2018 - Visual Expert 2018 - DB Code Performance Analysis, integration with TFS
*2019 - Visual Expert 2019 - Generation of E/R diagrams from the code
*2020 - Visual Expert 2020 - Object dependency matrix, naming consistency verification, integration with GIT and SVN
*2021 - Visual Expert 2021 - Continuous Code Inspection,
integration with Jenkins
References
{{Reflist
External links
Visual Expert for Oracle
Programming tools
Software documentation
Documentation generators
Code navigation tools
Static program analysis tools
Software review
Oracle database tools
Desktop database application development tools
Microsoft database software