Sonar Code Quality Testing Essentials电子书

Sonar Code Quality Testing Essentials

Table of Contents

Sonar Code Quality Testing Essentials

Credits

About the Author

About the Reviewers

www.PacktPub.com

Support files, eBooks, discount offers and more

Why Subscribe?

Free Access for Packt account holders

Preface

What this book covers

What you need for this book

Who this book is for

Conventions

Reader feedback

Customer support

Downloading the example code

Errata

Piracy

Questions

1. An Overview of Sonar

What is Sonar

How it works

What makes Sonar different

Sonar in the lifecycle

Features of Sonar

Overview of all projects

Coding rules

Standard software metrics

Unit tests

Drill down to source code

Time Machine

Maven ready

User friendly

Unified components

Security measures

Extensible plugin system

Covering software quality on Seven Axes

How Sonar manages quality

Architecture of Sonar

Source code analyzers

Squid

Checkstyle

PMD

FindBugs

Cobertura and Clover

The Sonar community and ecosystem

The SonarSource company

Awards and conferences

Sonar license

Summary

2. Installing Sonar

Prerequisites for Sonar

Checking your Java installation

Installing Maven on Linux

Installing Maven on Windows

Installing MySQL on Linux

Installing MySQL on Windows

Downloading Sonar

Installing the Sonar web server

Sonar server basic configuration

Configuring MySQL

Creating the database

Setting up Sonar with MySQL

Starting Sonar as a service

Run as a service on Linux

Run as a service on Windows

Logging in to Sonar for the first time

Securing your Sonar instance

Sonar authentication and sources visibility

Creating users and groups

Managing project roles

Backing up your data

Sonar instance configuration backup

Filesystem backup

Backing up the MySQL sonar database

Extending Sonar with plugins

Installing the Useless Code Tracker plugin

Upgrading Sonar from the Update Center section

Checking compatibility of plugins

Upgrading to latest Sonar version

Summary

3. Analyzing your First Project

Using a Java runner

Configuring the runner

Setting up a Sonar server for remote connections

Configuring the project

Analysis with the Sonar Maven plugin

Installing Maven

Configuring the Sonar Maven plugin

Performing the analysis

Analysis with Ant

Installing Ant

Configuring and running Sonar analysis task

Browsing the Sonar web interface

The treemap gadget

Filtering your projects

The "What Coverage?" filter

Sonar components—an overview

Dashboard

Components

Violations drilldown

Time Machine

Clouds

Design

Hotspots

Libraries

Anatomy of the dashboard

Layout and widget arrangement

Eliminating your first violations

Unused modifier violation

Modified Order violation

Correctness - Repeated conditional tests

Creating your first analysis event

Getting visual feedback

Summary

4. Following Coding Standards

A brief overview of coding standards and conventions

Java standards

Sonar profiles, rules, and violations

The Rules Compliance Index

Managing quality profiles

Creating a profile

Associating projects to profiles

Managing rules

Adding a rule

Configuring a rule

Regular expressions

Boolean expressions

Token and value-based rules

Backing up and restoring profiles

Creating a coding standards profile

Selecting the rules

Naming conventions and declarations rules

Declaration order

Abstract class name

Variable, parameter, and method names

Multiple variable declarations

Local home naming

Variable lengths

Naming - Avoid field name matching method name

Naming - Suspicious equals method name

Standards rules

Unused imports

Unnecessary final modifier

Unused modifier

Magic number

Final class

Missing constructor

Abstract class without any methods

Code layout and indentation

Avoid inline conditionals

Left Curly

Paren Pad

Trailing comment

Multiple String literals

The for loops must use braces

Inspecting violations with the Radiator component

Installing the Radiator plugin

Watch the quality improving

Configuring the Timeline widget

Summary

5. Managing Measures and Getting Feedback

Reviewing code

Sonar manual reviews

Assigning reviews

Browsing reviews

Configuring notifications

Defining metric thresholds and alerts

The Build Breaker

Sonar manual measures

Creating the Story Points measure

Managing manual measures

Quality reporting on your project

Installing the PDF report plugin

Getting the project report

Customizing the report

Getting visual feedback

Timeline plugin

Motion Chart plugin

Bubble chart

Bar chart

Summary

6. Hunting Potential Bugs

Potential bugs violations

Dodgy code rules

Use notifyAll instead of notify

StringBuffer instantiation with char

Use StringBuffer for String appends

Constructor calls overridable method

Close Resource

Ambiguous invocation of either an inherited or outer method

Consider returning a zero length array rather than null

Method ignores return value

Method does not release lock on all paths

Null pointer dereference

Suspicious reference comparison

Misplaced null check

Impossible cast

Program flow rules

Do not throw exception in finally

Finalize does not call Super Finalize

Avoid calling finalize

Avoid catching NPE

Method ignores exceptional return value

Switch statement found where default case is missing

Missing break in switch

Avoid catching Throwable

Security rules

Class exposes synchronization and semaphores in its public interface

Method returns internal array

Hardcoded constant database password

Installing the Violation Density plugin

Integrating Sonar to Eclipse

Installing the Sonar Eclipse plugin

Linking an Eclipse project to Sonar server

Using the Sonar perspective

Summary

7. Refining Your Documentation

Writing effective documentation

Comments structure

Javadoc block comment

Javadoc line comment

Javadoc common tags

Documentation metrics definitions

Comment lines

Commented-out Lines of Code

Density of Comment Lines

Density of Public Documented API

Monitoring documentation levels

Statements

Overview of Sonar documentation violations

Javadoc rules

Undocumented API

Javadoc Method

Javadoc Package

Javadoc Style

Javadoc Type

Javadoc Variable

Inline Comments Rules

Uncommented Empty Constructor

Uncommented Empty Method

Uncommented Main

Locating undocumented code

Creating the documentation filter

Generating documentation automatically

Installing Graphviz

Installing Doxygen

Using the Sonar Documentation plugin

Summary

8. Working with Duplicated Code

Code duplication

Don't Repeat Yourself (DRY)

Sonar code duplication metrics

Creating Duplicated Code Alert

Locating duplicated code with Sonar

Cross-project duplication detection

Using the Radiator component to detect duplication

The Useless Code Tracker plugin

Tracking duplicated lines

Tracking dead code

Installing the Useless Code plugin

Using extraction and inheritance to attack duplication

The Extract Method refactoring pattern

Refactoring with inheritance

Summary

9. Analyzing Complexity and Design

Measuring software complexity

The Cyclomatic Complexity metric

Cohesion and coupling

Afferent coupling

Efferent coupling

Sonar Code Complexity metrics

Boolean Expression Complexity

Class Data Abstraction Coupling

Class Fan Out Complexity

Cyclomatic Complexity

JavaNCSS

Nested For Depth

Simplify Boolean Return

Too many methods

Too many fields

Avoid too complex class

Avoid too deep inheritance tree

The Response for Class metric

Lack of Cohesion in Methods and the LCOM4 metric

Exceptions to the LCOM4 metric

Locating and eliminating dependencies

Using the Sonar design matrix

Summary

10. Code Coverage and Testing

Measuring code coverage

Code coverage tools

Selecting a code coverage tool for Sonar

Cobertura

JaCoCo

Clover Sonar plugin

Emma Sonar plugin

Code coverage analysis

Statement coverage

Branch/decision coverage

Condition coverage

Path coverage

Assessing the impact of your tests

Uncovered lines

Uncovered branches

Using the coverage tag cloud component

Quick wins mode

Top risk mode

Where to start testing

The Top risk approach

jUnit Quickstart

Writing a simple unit test

Reviewing test results in Sonar

Summary

11. Integrating Sonar

The Continuous Inspection paradigm

Continuous integration servers

Installing Subversion

Ubuntu/Debian Subversion installation

Red Hat Subversion installation

Installing Subversion on other Linux distributions

Windows Subversion installation

Setting up a Subversion server

Creating a Subversion repository

Subversion security and authorization

Importing a project into Subversion

Installing the Jenkins CI server

Ubuntu/Debian Jenkins installation

Redhat/Fedora/CentOS Jenkins installation

Windows Jenkins installation

Configuring Jenkins

JDK configuration

Maven configuration

Repository configuration

E-mail server configuration

Securing Jenkins

Creating a build job

Cron expression and scheduling

Installing the Sonar plugin

Building and monitoring your project

Summary

A. Sonar Metrics Index

Sonar metrics

Complexity metrics

Design metrics

Documentation metrics

Duplication metrics

General metrics

Code Coverage and Unit Test metrics

Rules Compliance metrics

Size metrics

Management metrics

Index