Browse Library
Sign In Start Free Trial
Close icon Search icon
Account
Browse Library Advanced Search Sign In Start Free Trial

Add to playlist

Create a Playlist

Modal Close icon
You need to login to use this feature.
  • Book Overview & Buying Sonar Code Quality Testing Essentials
  • Table Of Contents Toc
  • Feedback & Rating feedback
Sonar Code Quality Testing Essentials

Sonar Code Quality Testing Essentials

By : Charalampos S Arapidis
3.5 (4)
Buy this Book
close
close
Sonar Code Quality Testing Essentials

Sonar Code Quality Testing Essentials

3.5 (4)
By: Charalampos S Arapidis
Buy this Book

Overview of this book

Sonar is an open source platform used by development teams to manage source code quality. Sonar has been developed with this main objective in mind: make code quality management accessible to everyone with minimal effort. As such, Sonar provides code analyzers, reporting tools, manual reviews, defect-hunting modules, and TimeMachine as core functionalities. It also comes with a plugin mechanism enabling the community to extend the functionality, making Sonar the one-stop-shop for source code quality by addressing not only the developer's requirements, but also the manager's needs.The "Sonar Code Quality Testing Essentials" book will help you understand the different factors that define code quality and how to improve your own or your team's code using Sonar. You will learn to use Sonar effectively and explore the quality of your source code in the following axes: Coding Standards Documentation and Comments Potential Bugs and Defects Unit Testing Coverage Design and Complexity Through practical examples, you will customize Sonar components and widgets to identify areas where your source code is lacking. The book goes down to proposing good practices and common solutions that you can put to use to improve such code.You will start with installing and setting up a Sonar server and performing your first project analysis. Then you will go through the process of creating a custom and balanced quality profile exploring all Sonar components through practical examples. After reading the book, you will be able to analyze any project using Sonar and know how to read and evaluate quality metrics.Hunting potential bugs and eliminating complexity are the hottest topics regarding code quality. The book will guide you through the process of finding such problematic areas, leveraging and customizing the most appropriate components. Knowing the best tool for each task is essential. While you improve code and design through the book, you will notice that metrics go high and alerts turn green. You will use the Time Machine and the Timeline to examine how your changes affected the quality."Sonar Code Quality Testing Essentials" will enable you to perform custom quality analysis on any Java project and quickly gain insight on even large code bases, as well as provide possible solutions to code defects and complexity matters.
Table of Contents (18 chapters)
close
close
close
Sonar Code Quality Testing Essentials
Sonar Code Quality Testing Essentials
Credits
Credits
About the Author
About the Author
About the Reviewers
About the Reviewers
www.PacktPub.com
www.PacktPub.com
Preface
Preface
Free Chapter
1
An Overview of Sonar
chevron up
An Overview of Sonar
What is Sonar
Features of Sonar
Covering software quality on Seven Axes
Architecture of Sonar
Source code analyzers
The Sonar community and ecosystem
Summary
2
Installing Sonar
Installing Sonar
Prerequisites for Sonar
Downloading Sonar
Installing the Sonar web server
Configuring MySQL
Starting Sonar as a service
Logging in to Sonar for the first time
Securing your Sonar instance
Creating users and groups
Backing up your data
Extending Sonar with plugins
Upgrading Sonar from the Update Center section
Summary
3
Analyzing your First Project
Analyzing your First Project
Using a Java runner
Analysis with the Sonar Maven plugin
Analysis with Ant
Browsing the Sonar web interface
Sonar components—an overview
Anatomy of the dashboard
Eliminating your first violations
Summary
4
Following Coding Standards
Following Coding Standards
A brief overview of coding standards and conventions
Sonar profiles, rules, and violations
Managing quality profiles
Managing rules
Creating a coding standards profile
5
Managing Measures and Getting Feedback
Managing Measures and Getting Feedback
Reviewing code
Sonar manual reviews
Configuring notifications
Defining metric thresholds and alerts
Sonar manual measures
Quality reporting on your project
Getting visual feedback
Summary
6
Hunting Potential Bugs
Hunting Potential Bugs
Potential bugs violations
Installing the Violation Density plugin
Integrating Sonar to Eclipse
Summary
7
Refining Your Documentation
Refining Your Documentation
Writing effective documentation
Documentation metrics definitions
Overview of Sonar documentation violations
Locating undocumented code
Generating documentation automatically
Summary
8
Working with Duplicated Code
Working with Duplicated Code
Code duplication
Sonar code duplication metrics
Locating duplicated code with Sonar
The Useless Code Tracker plugin
Using extraction and inheritance to attack duplication
Summary
9
Analyzing Complexity and Design
Analyzing Complexity and Design
Measuring software complexity
Cohesion and coupling
Sonar Code Complexity metrics
The Response for Class metric
Lack of Cohesion in Methods and the LCOM4 metric
Locating and eliminating dependencies
Summary
10
Code Coverage and Testing
Code Coverage and Testing
Measuring code coverage
Code coverage tools
Code coverage analysis
Assessing the impact of your tests
Using the coverage tag cloud component
jUnit Quickstart
Reviewing test results in Sonar
Summary
11
Integrating Sonar
Integrating Sonar
The Continuous Inspection paradigm
Installing Subversion
Setting up a Subversion server
Installing the Jenkins CI server
Configuring Jenkins
Creating a build job
Installing the Sonar plugin
Summary
Sonar Metrics Index
Sonar Metrics Index
Sonar metrics

Source code analyzers

To analyze code, Sonar utilizes some of the most popular and proven tools available in the open source community. These tools pass through source code performing standard checks reviewing errors and possible bugs, each from their own perspective. The nature of the checks range from minor styling ones, for example the detection of unwanted trailing spaces, to more complex ones that easily promote to potential bugs, such as unchecked variables eligible to result in null references. Since version 2.1 Sonar provides its own rules engine too, based on Squid.

Sonar includes the following five analyzers:

Squid

Sonar's core analyzer Squid, works on Java dependencies and calculates object-oriented metrics. It implements the visitor pattern to visit dependencies between methods, fields, classes, and packages. Some of the metrics calculated are the following:

  • RFC—Response for Class

  • LCOM4—Lack of Cohesion Methods

  • DIT—Depth of Inheritance Tree

  • NOC—Number of Children

Checkstyle

Checkstyle ensures that all source code adheres to coding standards. Its main duty is to check code from an aesthetic perspective with emphasis on layout and styling. However, during its development more checks were added straying away from the initial coding style and standards concept. Now Checkstyle is capable of performing broader checks like identifying class design problems, duplication, and common bug patterns. Checkstlyle, and the rest of the tools we are going to examine here, can also run standalone.

Note

Bug patterns

A bug pattern is badly structured code that under certain circumstances can produce errors. These vulnerabilities may not always fail a test case but can potentially lead to memory outage, performance degradation, security breaches, and many other problems. Such common error-prone structures have been identified and standardized, so that they can be identified easily by source code analyzers.

PMD

According to its creator, a standard definition for the PMD acronym does not exist. In any case, the following are some interpretations taken straight away from the What does it mean section of the project 's SourceForge page:

Project Mess Detector

Programs of Mass Destruction

Project Meets Deadline

Head on to PMD's home page for a more comprehensive list.

PMD scans Java source code and reports on problems such as the following:

  • Possible bugs—empty / try / catch / finally / switch statements

  • Dead code—unused local variables, parameters, and private methods

  • Suboptimal code—wasteful String / StringBuffer code

  • Complex expressions—unnecessary if statements, for loops instead of while

  • Duplicate code—copied/ pasted code

FindBugs

FindBugs performs static analysis to check source code and trace bugs and defects. It covers many different aspects such as vulnerabilities, malicious code, performance, and coding standards.

Cobertura and Clover

Cobertura, based on the jcoverage Java library, is used to calculate the percentage of code accessed by tests and identify which parts of your source code lack test coverage. Additionally, it calculates cyclomatic complexity for each class and the average cyclomatic complexity for each package.

Clover emphasizes more on test coverage, providing a rich user interface and can be easily used as a standalone tool, offering a complete quality testing solution.

End of Section 6
Next Section
bookmark search playlist font-size

Change the font size

margin-width

Change margin width

day-mode

Change background colour

Close icon Search
Country selected
Close icon Your notes and bookmarks

Delete Bookmark

Modal Close icon
Are you sure you want to delete it?
Cancel
Yes, Delete

Confirmation

Modal Close icon
claim successful
Order Page Read Now

Buy this book with your credits?

Modal Close icon
Are you sure you want to buy this book with one of your credits?
Close
YES, BUY