It’s fair to say that the quality of your code has a direct correlation to the success of your product. Products crafted to a high quality using proven techniques and industry accepted standards have a better chance of succeeding. This applies to any field; be it. car production, joinery and most certainly software development.
Most computer programmers agree it is good practice to write code that follows a strict coding standard. Common rules are accepted within the industry in relation to code quality: such as; keeping your functions and procedures small and simple; ensuring objects have high cohesion and low coupling; and, implementing principles like inheritance, encapsulation and polymorphism. However, what we find within the software industry is these rules are well known; but, more often not followed. This isn’t because rogue programmers are intentionally ignoring these principles, or, lazy, it is more the case that these things are difficult to do and equally difficult to measure.
It is not uncommon for an organisation, or, an individual to require code quality management for multiple source code repositories written in different languages. Does such a tool exist? Yes. Introducing sonar. Sonar is an open platform to manage code quality. The documentation on the official site includes installation instructions and much more – so I will not repeat this here. But I will cover the basics.
After installing sonar, one must start the sonar software. It can be started from the command line, by calling a batch file. This batch file is called ‘StartSonar.bat’ and resides within the ‘\bin\arch\’ installation sub-directory e.g.
Sonar can take a while to start, but once started you can log on to the management interface using browser. The management interface is available on port 9000. Thus, it is accessible via the URL http://localhost:9000. The default screen includes a summary of any projects that you have previously analysed:
The information within this screen very useful. The ‘Lines of code’ (LOC) and ‘Rule compliance’ column shows the rating and trends for each project analysed: hopefully this will show an upward compliance trend! Drilling into a project reveals the specific details:
The details summarized in this page are very useful. When a project is analysed it is assessed using a default rule-set. Sonar compares the source code for the project and compares it against the rule-set, looking for violations against common good practices. Trends are provided for the violation count, including categorised violations. Interesting statistics and analysis shows instants of duplicate code, percentage of commented code and the results of any unit tests! Very powerful indeed.
Further drill downs reveal the detail of each. For example, the following screen details the two critical violations noted above.
Using this information one can then refer the results back to the development team to rectify the findings.
The analysis is performed by running the tool ‘sonar-runner.bat’. This should be executed from the base directory of the source code. The sonar-runner process expects one input: a properties file. This file specifies properties such as the name and version of the project to be analysed, source code language and directory structure. The format of the file is well documented on the official site so I will not go into the detail; however, an example follows:
On completion the results are instantly available within the management interface:
The above now shows the Chess project is 100% compliant with the rule-set.
As you can see this product is very powerful indeed. In fact, the above only scratches the surface. The sonar project allows much more; including, user-defined rule-sets, continues automated integration, unit test execution and plug-in driven extension model!