Book Image

Sonar Code Quality Testing Essentials

By : Charalampos S Arapidis
Book Image

Sonar Code Quality Testing Essentials

By: Charalampos S Arapidis

Overview of this book

Sonar is an open source platform used by development teams to manage source code quality. Sonar has been developed with this main objective in mind: make code quality management accessible to everyone with minimal effort. As such, Sonar provides code analyzers, reporting tools, manual reviews, defect-hunting modules, and TimeMachine as core functionalities. It also comes with a plugin mechanism enabling the community to extend the functionality, making Sonar the one-stop-shop for source code quality by addressing not only the developer's requirements, but also the manager's needs.The "Sonar Code Quality Testing Essentials" book will help you understand the different factors that define code quality and how to improve your own or your team's code using Sonar. You will learn to use Sonar effectively and explore the quality of your source code in the following axes: Coding Standards Documentation and Comments Potential Bugs and Defects Unit Testing Coverage Design and Complexity Through practical examples, you will customize Sonar components and widgets to identify areas where your source code is lacking. The book goes down to proposing good practices and common solutions that you can put to use to improve such code.You will start with installing and setting up a Sonar server and performing your first project analysis. Then you will go through the process of creating a custom and balanced quality profile exploring all Sonar components through practical examples. After reading the book, you will be able to analyze any project using Sonar and know how to read and evaluate quality metrics.Hunting potential bugs and eliminating complexity are the hottest topics regarding code quality. The book will guide you through the process of finding such problematic areas, leveraging and customizing the most appropriate components. Knowing the best tool for each task is essential. While you improve code and design through the book, you will notice that metrics go high and alerts turn green. You will use the Time Machine and the Timeline to examine how your changes affected the quality."Sonar Code Quality Testing Essentials" will enable you to perform custom quality analysis on any Java project and quickly gain insight on even large code bases, as well as provide possible solutions to code defects and complexity matters.
Table of Contents (18 chapters)
Sonar Code Quality Testing Essentials
Credits
About the Author
About the Reviewers
www.PacktPub.com
Preface
Sonar Metrics Index

Covering software quality on Seven Axes


First of all, it is important to point out that quality is a perceptional concept and quite subjective. One way to define software quality is through abstractions and examining it from different perspectives.

Take a moment to read the following lines:

I cdnuolt blveiee taht I cluod aculaclty uesdnatnrd waht I was rdgnieg. The phaonmneal pweor of the hmuan mnid. It deosn't mttaer in waht oredr the leteerrs in a wrod are, the olny iprmoatnt tihng is taht the frist and lsat ltteer be in the rghit pclae. The rset can be a taotl msess and you can sitll raed it wouthit a porbelm. Tihs is bcuseae the huamn mnid deos not raed ervey lteter by istlef, but the wrod as a wlohe.

The preceding text does not contain one single word spelled correctly but proves to be readable. The preceding paragraph tests the human brain's ability to recognize common patterns rather than convey a message to the reader. From a product perspective, someone could support that although the text is flawed it does the job, since it manages to remain understandable. But this has the side effect of deteriorating the final reading experience, requiring additional effort to reconstruct the words and phrases. The reader unconsciously stresses his mind in an effort to adapt and decipher the messed-up words, sharing focus between restructuring text, and understanding what is actually written, a not-so-pleasant user experience. On the other hand, the editor assigned to improve or add to the text would have to cope with this non-standard writing practice delaying the whole process.

Switch the corrupt text for a software product's source code. The reader is now the end user of the product and the editor the developer. They both experience product quality differently, each one from their own views. The end user from a functional perspective while the developer from a structural one.

Generally speaking, it is common to separate quality into:

  • External quality—assures that the product obeys to the functional requirements/specifications

  • Internal quality—assures that the software's structure supports the delivery of the functional requirements

To measure external quality the product is treated like a black box, testing and interacting its exposed features, observing behavior, and reassuring that it works as expected according to the requirements.

To measure internal quality, esoteric inspection of the software is required. The structure of the source code is analyzed and evaluated against coding standards and practices. As for software design, it is necessary to examine at what level it adheres to basic principles of software architecture. This approach of measuring quality is referred to as a white box approach because it deals with the software's internal workings, peeking inside source code. The Sonar platform does exactly that, measuring the internal quality of a software piece. However, it is important to note that high internal quality does not enforce or guarantee external quality, but it indirectly betters it in terms of its overall outcome.

How Sonar manages quality

Software quality measurement is a quantitative process summing up weighted attribute values, which in part describe specific software characteristics. For each characteristic, a set of such measurable attributes is defined, and the existence of such characteristic, or its quality factor, is directly correlated to those attributes.

As a matter of fact, quality is rated along many different dimensions. Likewise, Sonar classifies associated attributes and metrics in seven dimensions, seven technical axes of quality which the Sonar team prefers to cal them as:

The seven deadly sins of a developer.

Overall, Sonar defines the following technical axes:

  • Coding standards—respect coding standards and follow best practices

  • Potential bugs—eliminate code violations to prevent vulnerabilities

  • Documentation and comments—provide documentation especially for the Public API, the source code

  • Duplicated code—isolates and refines duplications, Don't Repeat Yourself

  • Complexity—equalizes disproportionate distributed complexity among components; eliminates complexity if possible

  • Test coverage—writes unit tests, especially for complex parts of the software

  • Design and architecture—minimize dependencies

    Note

    DRY—Don't Repeat Yourself

    Don't Repeat Yourself is a programming principle aimed at reducing repetition of code. The DRY principle is stated as:

    Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

    Source code written with this principle in mind is obviously easier to maintain. When a bug arises, there is only one single point in the source responsible for the malfunction and patching this point would suffice, without the need to modify other parts of the software.