book

Sonar Code Quality Testing Essentials

Name: Sonar Code Quality Testing Essentials
Author: Charalampos S Arapidis
ISBN: 9781849517867

by Charalampos S Arapidis

August 2012

Intermediate to advanced

318 pages

5h 56m

English

Packt Publishing

Read now

Unlock full access

Sonar Code Quality Testing Essentials
Table of Contents
Sonar Code Quality Testing Essentials
Credits
About the Author
About the Reviewers
www.PacktPub.com
Support files, eBooks, discount offers and moreWhy Subscribe?Free Access for Packt account holders
Preface
What this book covers
What you need for this book
Who this book is for

Conventions
Reader feedback
Customer support
Downloading the example codeErrataPiracyQuestions
1. An Overview of Sonar
What is SonarHow it worksWhat makes Sonar differentSonar in the lifecycle
Features of Sonar
Overview of all projectsCoding rulesStandard software metricsUnit testsDrill down to source codeTime MachineMaven readyUser friendlyUnified componentsSecurity measuresExtensible plugin system
Covering software quality on Seven Axes
How Sonar manages quality
Architecture of Sonar
Source code analyzers
SquidCheckstylePMDFindBugsCobertura and Clover
The Sonar community and ecosystem
The SonarSource companyAwards and conferencesSonar license
Summary
2. Installing Sonar
Prerequisites for SonarChecking your Java installationInstalling Maven on LinuxInstalling Maven on WindowsInstalling MySQL on LinuxInstalling MySQL on Windows
Downloading Sonar
Installing the Sonar web server
Sonar server basic configuration
Configuring MySQL
Creating the databaseSetting up Sonar with MySQL
Starting Sonar as a service
Run as a service on LinuxRun as a service on Windows
Logging in to Sonar for the first time
Securing your Sonar instance
Sonar authentication and sources visibility
Creating users and groups
Managing project roles
Backing up your data
Sonar instance configuration backupFilesystem backupBacking up the MySQL sonar database
Extending Sonar with plugins
Installing the Useless Code Tracker plugin
Upgrading Sonar from the Update Center section
Checking compatibility of pluginsUpgrading to latest Sonar version
Summary
3. Analyzing your First Project
Using a Java runnerConfiguring the runnerSetting up a Sonar server for remote connectionsConfiguring the project
Analysis with the Sonar Maven plugin
Installing MavenConfiguring the Sonar Maven pluginPerforming the analysis
Analysis with Ant
Installing AntConfiguring and running Sonar analysis task
Browsing the Sonar web interface
The treemap gadgetFiltering your projectsThe "What Coverage?" filter
Sonar components—an overview
DashboardComponentsViolations drilldownTime MachineCloudsDesignHotspotsLibraries
Anatomy of the dashboard
Layout and widget arrangement
Eliminating your first violations
Unused modifier violationModified Order violationCorrectness - Repeated conditional testsCreating your first analysis eventGetting visual feedback
Summary
4. Following Coding Standards
A brief overview of coding standards and conventionsJava standards
Sonar profiles, rules, and violations
The Rules Compliance Index
Managing quality profiles
Creating a profileAssociating projects to profiles
Managing rules
Adding a ruleConfiguring a ruleRegular expressionsBoolean expressionsToken and value-based rulesBacking up and restoring profiles
Creating a coding standards profile
Selecting the rulesNaming conventions and declarations rulesDeclaration orderAbstract class nameVariable, parameter, and method namesMultiple variable declarationsLocal home namingVariable lengthsNaming - Avoid field name matching method nameNaming - Suspicious equals method nameStandards rulesUnused importsUnnecessary final modifierUnused modifierMagic numberFinal classMissing constructorAbstract class without any methodsCode layout and indentationAvoid inline conditionalsLeft CurlyParen PadTrailing commentMultiple String literalsThe for loops must use bracesInspecting violations with the Radiator componentInstalling the Radiator pluginWatch the quality improvingConfiguring the Timeline widgetSummary
5. Managing Measures and Getting Feedback
Reviewing code
Sonar manual reviews
Assigning reviewsBrowsing reviews
Configuring notifications
Defining metric thresholds and alerts
The Build Breaker
Sonar manual measures
Creating the Story Points measureManaging manual measures
Quality reporting on your project
Installing the PDF report pluginGetting the project reportCustomizing the report
Getting visual feedback
Timeline pluginMotion Chart pluginBubble chartBar chart
Summary
6. Hunting Potential Bugs
Potential bugs violationsDodgy code rulesUse notifyAll instead of notifyStringBuffer instantiation with charUse StringBuffer for String appendsConstructor calls overridable methodClose ResourceAmbiguous invocation of either an inherited or outer methodConsider returning a zero length array rather than nullMethod ignores return valueMethod does not release lock on all pathsNull pointer dereferenceSuspicious reference comparisonMisplaced null checkImpossible castProgram flow rulesDo not throw exception in finallyFinalize does not call Super FinalizeAvoid calling finalizeAvoid catching NPEMethod ignores exceptional return valueSwitch statement found where default case is missingMissing break in switchAvoid catching ThrowableSecurity rulesClass exposes synchronization and semaphores in its public interfaceMethod returns internal arrayHardcoded constant database password
Installing the Violation Density plugin
Integrating Sonar to Eclipse
Installing the Sonar Eclipse pluginLinking an Eclipse project to Sonar serverUsing the Sonar perspective
Summary
7. Refining Your Documentation
Writing effective documentationComments structureJavadoc block commentJavadoc line commentJavadoc common tags
Documentation metrics definitions
Comment linesCommented-out Lines of CodeDensity of Comment LinesDensity of Public Documented APIMonitoring documentation levelsStatements
Overview of Sonar documentation violations
Javadoc rulesUndocumented APIJavadoc MethodJavadoc PackageJavadoc StyleJavadoc TypeJavadoc VariableInline Comments RulesUncommented Empty ConstructorUncommented Empty MethodUncommented Main
Locating undocumented code
Creating the documentation filter
Generating documentation automatically
Installing GraphvizInstalling DoxygenUsing the Sonar Documentation plugin
Summary
8. Working with Duplicated Code
Code duplicationDon't Repeat Yourself (DRY)
Sonar code duplication metrics
Creating Duplicated Code Alert
Locating duplicated code with Sonar
Cross-project duplication detectionUsing the Radiator component to detect duplication
The Useless Code Tracker plugin
Tracking duplicated linesTracking dead codeInstalling the Useless Code plugin
Using extraction and inheritance to attack duplication
The Extract Method refactoring patternRefactoring with inheritance
Summary
9. Analyzing Complexity and Design
Measuring software complexityThe Cyclomatic Complexity metric
Cohesion and coupling
Afferent couplingEfferent coupling
Sonar Code Complexity metrics
Boolean Expression ComplexityClass Data Abstraction CouplingClass Fan Out ComplexityCyclomatic ComplexityJavaNCSSNested For DepthSimplify Boolean ReturnToo many methodsToo many fieldsAvoid too complex classAvoid too deep inheritance tree
The Response for Class metric
Lack of Cohesion in Methods and the LCOM4 metric
Exceptions to the LCOM4 metric
Locating and eliminating dependencies
Using the Sonar design matrix
Summary
10. Code Coverage and Testing
Measuring code coverage
Code coverage tools
Selecting a code coverage tool for SonarCoberturaJaCoCoClover Sonar pluginEmma Sonar plugin
Code coverage analysis
Statement coverageBranch/decision coverageCondition coveragePath coverage
Assessing the impact of your tests
Uncovered linesUncovered branches
Using the coverage tag cloud component
Quick wins modeTop risk modeWhere to start testingThe Top risk approach
jUnit Quickstart
Writing a simple unit test
Reviewing test results in Sonar
Summary
11. Integrating Sonar
The Continuous Inspection paradigmContinuous integration servers
Installing Subversion
Ubuntu/Debian Subversion installationRed Hat Subversion installationInstalling Subversion on other Linux distributionsWindows Subversion installation
Setting up a Subversion server
Creating a Subversion repositorySubversion security and authorizationImporting a project into Subversion
Installing the Jenkins CI server
Ubuntu/Debian Jenkins installationRedhat/Fedora/CentOS Jenkins installationWindows Jenkins installation
Configuring Jenkins
JDK configurationMaven configurationRepository configurationE-mail server configurationSecuring Jenkins
Creating a build job
Cron expression and scheduling
Installing the Sonar plugin
Building and monitoring your project
Summary
A. Sonar Metrics Index
Sonar metricsComplexity metricsDesign metricsDocumentation metricsDuplication metricsGeneral metricsCode Coverage and Unit Test metricsRules Compliance metricsSize metricsManagement metrics
Index

Content preview from Sonar Code Quality Testing Essentials

Chapter 6. Hunting Potential Bugs

In this chapter, we will review and detail some of the most common violations that can lead to bugs or defects—unexpected behavior. We will then add coding standards rules to complement the custom profile. Next, we will install the Violation Density plugin, an alternate overall representation of project quality. Finally, we will install the Sonar Eclipse plugin, an ultimate tool that brings Sonar measures directly to our IDE.

In this chapter we cover:

Potential bugs violations
Installing the Violation Density plugin
Integrating Sonar to Eclipse

Potential bugs violations

The three Sonar analyzers feature an extensive set of rules checking code that can lead to potential bugs and deficiencies. We are going to add to the ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Read now

Unlock full access

More than 5,000 organizations count on O’Reilly

O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.

Julian F.

Head of Cybersecurity

I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.

Addison B.

Field Engineer

I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.

Amir M.

Data Platform Tech Lead

I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.

Mark W.

Embedded Software Engineer

Server Disk Management in a Windows Environment

Publisher Resources

ISBN: 9781849517867Other

Cloud Computing

Data Engineering

Data Science

AI & ML

Programming Languages

Software Architecture

IT/Ops

Security

Design

Business

Soft Skills

Sonar Code Quality Testing Essentials

by Charalampos S Arapidis

Chapter 6. Hunting Potential Bugs

Potential bugs violations

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.