39,59 €
Mehr erfahren.
- Herausgeber: Packt Publishing
- Kategorie: Wissenschaft und neue Technologien
- Sprache: Englisch
Sonar is an open source platform used by development teams to manage source code quality. Sonar has been developed with this main objective in mind: make code quality management accessible to everyone with minimal effort. As such, Sonar provides code analyzers, reporting tools, manual reviews, defect-hunting modules, and TimeMachine as core functionalities. It also comes with a plugin mechanism enabling the community to extend the functionality, making Sonar the one-stop-shop for source code quality by addressing not only the developer's requirements, but also the manager's needs.The "Sonar Code Quality Testing Essentials" book will help you understand the different factors that define code quality and how to improve your own or your team's code using Sonar.
You will learn to use Sonar effectively and explore the quality of your source code in the following axes:
Coding Standards
Documentation and Comments
Potential Bugs and Defects
Unit Testing Coverage
Design and Complexity
Through practical examples, you will customize Sonar components and widgets to identify areas where your source code is lacking. The book goes down to proposing good practices and common solutions that you can put to use to improve such code.You will start with installing and setting up a Sonar server and performing your first project analysis. Then you will go through the process of creating a custom and balanced quality profile exploring all Sonar components through practical examples. After reading the book, you will be able to analyze any project using Sonar and know how to read and evaluate quality metrics.Hunting potential bugs and eliminating complexity are the hottest topics regarding code quality. The book will guide you through the process of finding such problematic areas, leveraging and customizing the most appropriate components. Knowing the best tool for each task is essential. While you improve code and design through the book, you will notice that metrics go high and alerts turn green. You will use the Time Machine and the Timeline to examine how your changes affected the quality."Sonar Code Quality Testing Essentials" will enable you to perform custom quality analysis on any Java project and quickly gain insight on even large code bases, as well as provide possible solutions to code defects and complexity matters.
Das E-Book können Sie in Legimi-Apps oder einer beliebigen App lesen, die das folgende Format unterstützen:
Seitenzahl: 288
Veröffentlichungsjahr: 2012
Ähnliche
Table of Contents
Sonar Code Quality Testing Essentials
Sonar Code Quality Testing Essentials
Copyright © 2012 Packt Publishing
All rights reserved. No part of this book may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written permission of the publisher, except in the case of brief quotations embedded in critical articles or reviews.
Every effort has been made in the preparation of this book to ensure the accuracy of the information presented. However, the information contained in this book is sold without warranty, either express or implied. Neither the author, nor Packt Publishing, and its dealers and distributors will be held liable for any damages caused or alleged to be caused directly or indirectly by this book.
Packt Publishing has endeavored to provide trademark information about all of the companies and products mentioned in this book by the appropriate use of capitals. However, Packt Publishing cannot guarantee the accuracy of this information.
First published: August 2012
Production Reference: 1190812
Published by Packt Publishing Ltd.
Livery Place
35 Livery Street
Birmingham B3 2PB, UK.
ISBN 978-1-84951-786-7
www.packtpub.com
Cover Image by Asher Wishkerman (<[email protected]>)
Credits
Author
Charalampos S. Arapidis
Reviewers
Christopher Bartling
Efraim Kyriakidis
Kosmas Mackrogamvrakis
Lefteris Ntouanoglou
Acquisition Editor
Usha Iyer
Lead Technical Editor
Azharuddin Sheikh
Technical Editors
Prasad Dalvi
Veronica Fernandes
Manasi Poonthottam
Project Coordinator
Sai Gamare
Proofreader
Sandra Hopper
Indexer
Monica Ajmera Mehta
Graphics
Manu Joseph
Production Coordinators
Aparna Bhagat
Nilesh R. Mohite
Cover Work
Aparna Bhagat
About the Author
Charalampos S. Arapidis is a Senior Software Engineer located at Athens, Greece. He specializes in J2EE enterprise application design and implementation. His other specialties include data-mining/visualization techniques and tuning continuous integrated environments.
From a very early age, Charalampos showed particular interest in advanced Mathematics and software development and has been honored twice at the Panhellenic Mathematical Contest for providing prototype and innovative solutions. He graduated in Computer and Software Engineering from the Polytechnic School of the Aristotle University.
After graduation, he dynamically entered the enterprise field, where he helped his organization make the transition from legacy client server ERP and CRM applications to full-stack J2EE web applications, all in a streamlined and integrated development environment.
The development of the Proteus Web Document Management System for the Greek Public Sector and his solutions to Kallikratis—the largest data integration project ever conceived in the latter years of Greece's public sector—are two of his most recognizable achievements nationwide.
Charalampos currently works at Siemens Enterprise Communications as a Senior Software Applications Engineer, designing and implementing Unified Communications software at multinational level.
When not working he enjoys blogging, playing the classical guitar, and composing music, exploring new ways to translate polynomial equations to sound.
I would like to thank and express my gratitude to Lefteris Ntouanoglou for providing me with guidance and vision in the IT field especially in the last two years, and Olivier Gaudin and Fabrice Bellingard for their interest in the book. From the Packt Publishing staff, I would like to thank, in particular, Newton Sequeira, Ashwin Shetty, Sai Gamare, and Usha Iyer for supporting and guiding me through the writing process, and all the technical reviewers for their helpful suggestions. Finally, I would like to thank Kostas Vasiliou, Christos Chrysos, Vassilis Arapidis, and Evangelia Vlachantoni for their support.
About the Reviewers
Christopher Bartling has been in the IT industry since 1995. He has served in the roles of application developer, mentor, and agile coach. He also has experience in biometrics, genomics and computational biology, healthcare, insurance, and legal/regulatory domains. He also helps develop and deliver training for DevJam (http://www.devjam.com). Prior to his career in IT, he was involved in electrophysiology and biomedical research at the Mayo Clinic in Rochester Minnesota. You can find his blog at http://bartling.blogspot.com and tweets at @cbartling.
Efraim Kyriakidis is a skilled software engineer with over seven years of experience in developing and delivering software solutions for diverse customers. He's well versed in all stages of the software development lifecycle. His first acquaintance with computers and programming was a state-of-the-art Commodore 64, back in the '80s as a kid. Since then he has grown and received his Diploma in Electrotechnic Engineering from Aristotle University, Thessaloniki. Through his career, he mainly worked with Microsoft Technologies and has an interest in technologies such as Silverlight and Windows Phone. He currently works for Siemens AG in Germany as a Software Developer.
Kosmas Mackrogamvrakis was born in 1971 on the island of Crete in Greece. He moved at an early age to the capital of Greece, Athens. There he attended public school and graduated as an engineer in Automatic Electronics. Later, he continued his studies at the Technical School of Computers in Athens, but he was forced to interrupt, as he was obliged to join the army.
In the army he served as a Sergeant in the artillery section and trained in computer-guided canon targeting, based on his previous knowledge of computer technology.
Even before high school, he was highly interested in computer science, and he managed to learn Basic, Pascal, and Assembly language.
After his army obligations, he was employed by Athens News Agency, where he worked as a technician and desktop-publishing employee. There he was trained by Unibrain, in Ventura Publishing software, Photoshop, and Corel Draw. In parallel, he installed a Fax distribution network with Canada, for redistribution of a FAX newspaper.
After three years he moved to Hellenic Scientific S.A., as a technician. There he managed to get trained and show his natural talent in computer engineering. He was trained on the job and successfully undertook all the responsibilities of a Senior Systems Engineer after six years, and learned and used the following operating systems and software and services: Microsoft Windows 98/2000/XP/Vista, Microsoft Windows Server NT/2000/2003, Novel, Unix/Xenix, Mac OS/X, Linux, AIX, AS/400; Networks including WAN/LAN Protocols, TCP/IP, DNS, FTP, HTTP, IMAP/POP3, SMTP, VPN; E-mail systems Sendmail, Microsoft Exchange, Postfix, and clients such as Outlook, Mozilla Thunderbird, Kmail, and Evolution. He specialized in the hardware of IBM, HP, Dell, Fujitsu Servers, Desktops, and Notebooks.
He got certifications on Exchange Server from Microsoft, AIX from IBM, Tivoli IT Director from IBM, and AS/400 from IBM.
After seven years, and due to market needs and degradation of the company's share in the market, he moved to freelancing.
As a freelancer, he supported a large number of small-to medium-sized companies, as systems engineer, consultant, and technician.
Some of the companies that he was supporting included Rothmans, Adidas, Kraft Hellas, Vivechrom (Akzo), Public Sector (ministries and prefectures), Pan Systems.
After seven years of freelancing, he was asked by Siemens to undertake the position of Systems Engineer for the public sector and later Project Manager.
After three years in Siemens, the public sector IT support stopped in Greece, and he left the company.
Lately, and right after Siemens, he undertook the position of IT Services Manager for southeast Europe in Adidas.
Lefteris Ntouanoglou is a co-founder and the CEO of Schoox Inc, a Delaware company based in Austin, Texas, which developed schooX—a Social Academy for Self-learners (www.schoox.com). He has extensive administrative and management experience in the software sector. Prior to Schoox Inc, he joined a European startup company, OTS SA, which developed administrative and financial software for the Public Sector. He served the company from a various number of managerial positions and as the COO of the company he built one of the largest software companies in Greece.
During his PhD, he developed computer algorithms for fast computation of holographic patterns and graduated with Honor. In 1998, he was praised with the Award of Innovation from the Association of Holographic Techniques in Germany for inventing and implementing an innovative anticounterfeiting system based on a coded Holographic Label and a Web Application.
He is a highly skilled engineer and a visionary entrepreneur. Creativity and innovative thinking is part of his personality. Implementing new ideas and turning them into successful business by building and motivating strong and result-oriented teams is one of his strengths.
He was born and grew up in Germany and speaks fluent Greek, German, and English.
www.PacktPub.com
Support files, eBooks, discount offers and more
You might want to visit www.PacktPub.com for support files and downloads related to your book.
Did you know that Packt offers eBook versions of every book published, with PDF and ePub files available? You can upgrade to the eBook version at www.PacktPub.com and as a print book customer, you are entitled to a discount on the eBook copy. Get in touch with us at <[email protected]> for more details.
At www.PacktPub.com, you can also read a collection of free technical articles, sign up for a range of free newsletters and receive exclusive discounts and offers on Packt books and eBooks.
http://PacktLib.PacktPub.com
Do you need instant solutions to your IT questions? PacktLib is Packt's online digital book library. Here, you can access, read and search across Packt's entire library of books.
Why Subscribe?
Free Access for Packt account holders
If you have an account with Packt at www.PacktPub.com, you can use this to access PacktLib today and view nine entirely free books. Simply use your login credentials for immediate access.
To my parents, Simeon Arapidis and Ioanna Tsonona
Preface
Developers continuously strive to achieve higher levels of source code quality. It is the holy grail in the software development industry. Sonar is an all-out platform confronting quality from numerous aspects as it covers quality on seven axes, provides an abundance of hunting tools to pinpoint code defects, and continuously generates quality reports following the continuous inspection paradigm in an integrated environment. It offers a complete and cost-effective quality management solution, an invaluable tool for every business.
Sonar is an open source platform used by development teams to manage source code quality. Sonar has been developed with this main objective in mind: make code quality management accessible to everyone with minimal effort. As such, Sonar provides code analyzers, reporting tools, manual reviews, defect-hunting modules, and Time Machine as core functionalities. It also comes with a plugin mechanism enabling the community to extend the functionality, making Sonar the one-stop-shop for source code quality by addressing not only the developer's requirements, but also the manager's needs.
Sonar Code Quality Testing Essentials will help you understand the different factors that define code quality and how to improve your own or your team's code using Sonar.
You will learn to use Sonar effectively and explore the quality of your source code on the following axes:
Through practical examples, you will customize Sonar components and widgets to identify areas where your source code is lacking. The book goes on to propose good practices and common solutions that you can put to use to improve such code.
You will start with installing and setting up a Sonar server and performing your first project analysis. Then you will go through the process of creating a custom and balanced quality profile exploring all Sonar components through practical examples. After reading the book, you will be able to analyze any project using Sonar and know how to read and evaluate quality metrics.
Hunting potential bugs and eliminating complexity are the hottest topics regarding code quality. The book will guide you through the process of finding such problematic areas, leveraging and customizing the most appropriate components. Knowing the best tool for each task is essential.
While you improve code and design through the book, you will notice that metrics go high and alerts turn green. You will use the Time Machine and the Timeline to examine how your changes affected the quality.
Sonar Code Quality Testing Essentials will enable you to perform custom quality analysis on any Java project and quickly gain insight on even large code bases, as well as provide possible solutions to code defects and complexity matters.
What this book covers
Chapter 1, An Overview of Sonar, covers the Sonar quality management platform and its features. It also discusses the different aspects of quality and the role of metrics.
Chapter 2, Installing Sonar, guides you to successfully installing the Sonar platform, and how to perform basic administration tasks such as backing up project data and installing plugins.
Chapter 3, Analyzing Your First Project, walks you through setting up a project for analysis and showcasing the Sonar dashboard. Finally, you will eliminate violations and further reflect on project quality and progression.
Chapter 4, Following Coding Standards, introduces coding standards and Sonar rules. You will learn how to detect coding standards errors and eliminate code violations through practical examples.
Chapter 5, Managing Measures and Getting Feedback, introduces Sonar quality profiles and discusses different development needs and rule sets. Additionally, the reader will learn how to create custom metric alerts and get visual feedback on quality and review historical data.
Chapter 6, Hunting Potential Bugs, covers code violations that can lead to potential software bugs. You will learn how to use Sonar hunting tools to detect such violations following practical examples.
Chapter 7, Refining Your Documentation, teaches how to find undocumented source code. We then discuss documentation practices and documentation-generation tools.
Chapter 8, Working with Duplicated Code, discusses code duplication and guides you on how to spot duplicated code and possible methods to eliminate it.
Chapter 9, Analyzing Complexity and Design, covers how software complexity is presented in Sonar and further discusses complexity metrics. You will get a good grasp of complexity metrics and learn how to identify and review them with Sonar.
Chapter 10, Code Coverage and Testing, covers how Sonar measures code coverage and how it helps in writing cost-effective unit tests covering complexity that matters.
Chapter 11, Integrating Sonar, introduces you to the Continuous Inspection Paradigm and serves as a reference guide on how to set up and enable an integrated build environment providing constant Sonar quality reporting.
Appendix, Sonar Metrics Index, has reference to software metrics supported by Sonar.
What you need for this book
You will need the following software to follow the examples:
Who this book is for
This book is for you if you are a Java developer or a Team Manager familiar with Java and want to ensure the quality of your code using Sonar. You should have a background with Java and unit testing in general. The book follows a step-by-step tutorial enriched with practical examples and the necessary screenshots for easy and quick learning.
Reader feedback
Feedback from our readers is always welcome. Let us know what you think about this book—what you liked or may have disliked. Reader feedback is important for us to develop titles that you really get the most out of.
To send us general feedback, simply send an e-mail to <[email protected]>, and mention the book title through the subject of your message.
If there is a topic that you have expertise in and you are interested in either writing or contributing to a book, see our author guide on www.packtpub.com/authors.
Customer support
Now that you are the proud owner of a Packt book, we have a number of things to help you to get the most from your purchase.
Downloading the example code
You can download the example code files for all Packt books you have purchased from your account at http://www.packtpub.com. If you purchased this book elsewhere, you can visit http://www.packtpub.com/support and register to have the files e-mailed directly to you.
Errata
Although we have taken every care to ensure the accuracy of our content, mistakes do happen. If you find a mistake in one of our books—maybe a mistake in the text or the code—we would be grateful if you would report this to us. By doing so, you can save other readers from frustration and help us improve subsequent versions of this book. If you find any errata, please report them by visiting http://www.packtpub.com/support, selecting your book, clicking on the errata submission form link, and entering the details of your errata. Once your errata are verified, your submission will be accepted and the errata will be uploaded to our website, or added to any list of existing errata, under the Errata section of that title.
Piracy
Piracy of copyright material on the Internet is an ongoing problem across all media. At Packt, we take the protection of our copyright and licenses very seriously. If you come across any illegal copies of our works, in any form, on the Internet, please provide us with the location address or website name immediately so that we can pursue a remedy.
Please contact us at <[email protected]> with a link to the suspected pirated material.
We appreciate your help in protecting our authors, and our ability to bring you valuable content.
Questions
You can contact us at <[email protected]> if you are having a problem with any aspect of the book, and we will do our best to address it.
Chapter 1. An Overview of Sonar
This chapter provides an overview of Sonar, presenting the objectives and features of the platform, and highlighting how developers and software quality benefit from it. It follows an overview of the platform's architecture, so as to gain a better understanding about how Sonar analyzes and measures quality. Finally, the chapter closes by discussing the Sonar community and its ecosystem. In this chapter we cover:
What is Sonar
Sonar is a software quality management platform primarily for Java programming language, enabling developers to access and track code analysis data ranging from styling errors, potential bugs, and code defects to design inefficiencies, code duplication, lack of test coverage, and excess complexity. Everything that affects our code base, from minor styling details to critical design errors, is inspected and evaluated by Sonar.
Consider Sonar as your team's quality and improvement agent. While the primary supported language is Java, more languages are supported with extensions or commercial plugins, for example C, PHP, and JavaScript. At the time of writing, more than 10 languages were supported with plans to add more in the future. The additional languages are supported in the form of plugins, taking advantage of the platform's extensible and flexible architecture.
How it works
Sonar collects and analyzes source code, measuring quality and providing reports for your projects. It combines static and dynamic analysis tools and enables quality to be measured continuously over time. More than 600 code rules are incorporated into the platform, checking the code from different perspectives.
Rules are separated into different logical groups and each one contributes at a different level towards the overall quality of the project in case. Analysis results, code violations, and historical data are all available and accessible through a well-thought-out user interface consisting of different components, with each one serving and fulfilling different needs and scopes.
The Sonar platform analyzes source code from different aspects. To achieve this, Sonar drills down to your code layer by layer, moving from module level down to class level. Picture this as a vertical movement through your source code from top to bottom components. At each level, Sonar performs both static and dynamic analysis producing metric values and statistics, revealing problematic areas in the source that require inspection or improvement. The analysis is not a monolithic procedure but examines code from different perspectives, introducing the concept of axes of quality. The results are then interpreted and consolidated in a very informative and visually appealing dashboard, enabling you to form an opinion about defective code and quality testing over projects. You can now take educated decisions as to where to start fixing things in a cost-effective manner, reducing the technical debt.
Although Sonar can be run as a one-off auditor, where the platform really shines is when you have it track and check your source code continuously. While a single inspection proves to be useful at times, it does not make the most out of the platform. The intended use is to have Sonar integrated into the team's development process, exploiting the platform's true capabilities.
If all these sound complex and advanced, they are not. It is a matter of a single download and running a script to have Sonar up and running, waiting to assess our code. Afterward, we can choose among different methods of how to import projects into the platform for analysis.
What makes Sonar different
What makes Sonar really stand out is that it not only provides metrics and statistics about your code but translates these nondescript values to real business values such as risk and technical debt. This conversion plays a major role in the philosophy of the platform enabling a new business dimension to unfold, which is invaluable to project management. Sonar not only addresses to core developers and programmers but to project managers and even higher managerial levels as well, due to the management aspect it offers. This concept is strengthened more by Sonar's enhanced reporting capabilities and multiple views addressing source code from different perspectives.
From a managerial perspective, transparent and continuous access on historical data enables the manager to ask the right questions.
To better illustrate this, the following are some possible cases discussing quality and source code matters based on feedback from Sonar, either visual or textual:
Case 1: Complexity has jumped up lately; should we further examine the design and implementation of the recently added features? (Notice the line that represents overall complexity increasing close to 9.000.)
Case 2: Many major violations popped up during the last iteration. Are things moving too fast? Is the team taking more than it can handle? What about pace? (Sonar reports 589 major code violations.)
Case 3: Documentation is lacking and team composition is about to change. Let us clarify and better explain what our code is about. At least the public API! (Big red boxes represent undocumented public APIs.)
Sonar in the lifecycle
Sonar in the development environment acts as a quality management center. It is the place of reference when code quality matters arise, and sessions with team members drilling down views, exploring deficiencies and discussing software design and its implementation are not uncommon. The ease of the installation process and the broad accessibility by the web interface make it a perfect choice to inspect and share code quality among managers and developers.
An extra step is added to the developers' lifecycle, that of quality review and inspection. After updating and committing code, tests are executed within the context of the build server, producing a fresh artifact. Then, Sonar takes over collecting and analyzing source code and test results. Once the analysis process is complete, the Sonar dashboard is updated with inspection data reflecting the latest changes.
It is vital not to force Sonar into the development process but let the team embrace it.
Let us put technical details and issues aside for a moment and focus more on the psychological aspect of this process as a whole. There is no more rewarding experience for a developer than watching the results of his/her work on a daily basis, experiencing how his/her actions directly reflect upon the improvisation of the final product. Eventually, Sonar proves to be an essential part of a development setup, while the whole process becomes second nature to the developer.
There is one obstacle though that every development team will meet, that of the fear barrier and how to get over it. And by fear, we mean the fear to expose the quality of team members' source code, or most importantly the lack of it. And this is perfectly normal and expected.
Tip
Overcoming the fear barrier
What you can do is run Sonar undercover for a couple of iterations, touching and bettering only your code, escaping comments and reviews on team members. Another approach would be to use it only as an information tool, without emphasizing it. Once you start writing better code, and have substantially improved and corrected errors, you can then host a team session highlighting the platform, presenting the positive effects upon the project, in an effort to encourage team members to use it for improvisation.
One good point would be to emphasize on how rewarding the experience is to watch quality grow over time in response to code corrections and design changes. This warm feeling is the best incentive for each and every developer.
Features of Sonar
The Sonar platform comes with a vast array of components in order to provide insightful and accurate information. Moreover, its flexible architecture allows functionality to be added on demand via a plugin system.
Let's take a closer look at the features the core platform has to offer:
