Static code analysis parses the source code, checking the syntax for compliance with a built-in set of rules. These rules are designed to encourage good coding practices and, applied during development and testing work, help you minimize the number of ‘code smells’ that creep into your application and database builds.
For SQL, these ‘smells’ could include problems with table design, such as a missing clustered index; naming problems, such as use of reserved words; or problems with the syntax used in queries, or in routines such as functions and procedures, which could cause performance or security issues.
With Redgate’s acquisition of SQL Code Guard, SQL Monitor 7 has now integrated some of its static code analysis capabilities.
This quick tip will review how SQL Monitor 7 has incorporated SQL Code Guard’s built-in set of Performance Rules for static code analysis. These rules are designed to highlight SQL syntax that could potential cause performance problems, and so indicate ways to improve the overall quality and performance of the workload, over time.
The performance rules
The performance rules cover a range of general best practices for SQL performance, ranging from the need to qualify object names, to avoiding over-reliance of hints, to misuse of cursors:
If your SQL code flouts any of these rules, SQL Monitor will now highlight it automatically. If you haven’t noticed this until now, don’t worry, it’s quite subtle! Let’s look at a couple of simple examples. You’ll need to have SQL Monitor 7 installed, or alternatively you can visit the online demo.
Navigate to the Overview screen for one of your monitored SQL Server instances, and look at the query details for one of the Top 10 Queries. If you see any query text with a blue wiggly line underneath it, hover over that line, and a ToolTip will indicate the performance rule that has been contravened. In this case, it’s rule PE002, because the highlighted code fails to specify the schema name for a table.
Failing to qualify the owner of an object can cause performance problems for several reasons. For example, we force the engine to check for the object in two places, first in the authenticated user’s default schema and then in the dbo schema, instead of just one. Also, SQL Server can fail to reuse a perfectly valid execution plan, if for example a query is executed first with and again then without object qualification.
The required action is simply to rewrite such queries to schema-qualify all objects.
Over-reliance on hints
Figure 3 shows the Query Details screen, in SQL Monitor, for a Top 10 query that flouts another static code analysis performance rule, this time relating to the use of hints.
In this example, the developer has chosen to force the query optimizer to implement the
INNER JOIN as a Merge join. Given a free hand, for example if we remove the join hint, the optimizer chooses a Nested Loops join.
Occasionally, during development, you will encounter cases where the optimizer appears to have erred in its decision making, and that better performance can be achieved by forcing it to make a different choice, via a query or table or join hint.
It’s rare that hints offer substantial performance benefits. Often their use results simply from the developer not performing enough iterations during testing to rule out statistical variation in performance.
Conversely, it’s common to find cases where hints cause performance problems, especially because over time they prevent the optimizer from making different choices, based on changes in the data, in the distribution of that data, or as a result of improvements in the optimizer with subsequent service packs or new releases.
SQL Code Guard’s static analysis rules are not designed to offer a comprehensive query analysis tool, but to provide a useful first step in determining if there is something obviously wrong with your SQL, which needs further investigation.
At the time of writing, SQL Monitor surfaces only SQL Code Guard’s static analysis performance rules, but there are many other rules that could be included. We want to get your feedback on how useful the feature would be in diagnosing poor performance. Are these rules useful? Is there anything you think we could add/remove? We’d welcome your feedback.
Also in Hub
SQL Prompt implements a static code analysis rule, PE001, which will check code automatically, during development and testing work, for occurrences of a stored procedure being called, via the EXECUTE ...
Also in Product learning
If you're working with SQL Server, one of the most appealing features of cloud-based computing services, such as Azure and AWS, is that they make it so much easier to design systems that are both high...
Also in SQL Monitor
The SQL Monitor team are hard at work, improving how you manage your alerts. We’re currently researching whether the ability to see similar alerts grouped together (akin to the threaded email view...
Also about SQL Code Guard
I’ve been working with SQL Server for a long time. I love it but it has its downsides too and a while ago I realized I was spending an awful lot of time writing T-SQL Code. And sometimes it literall...
Also about SQL Monitor
SQL Monitor's dev team has made huge improvements to the product over the last year. In the first half of 2017 alone, they released reporting capabilities, support for collecting metrics from VMWare h...
Also about static code analysis
What is code analysis?
Code analysis is a formal automated process of scanning a piece of software code and deducing potential problems, issues and faults that may not be apparent to programmers at f...