The hunting toolbox in Sonar

Did we ever mention why, two years ago, we chose Sonar as a name for the open source platform to manage quality we wanted to build ? It was obviously to make an analogy with a sonar that is an acronym for SOund Navigation And Ranging ! Sonar sounds the sea of your projects to identify flaws and evaluate part of your technical debt. To do so it offers 3 main functionality :

  • Quality profiles Manager
  • Project and portfolio dashboards
  • TimeMachine

The first one sets the base to tune your Sonar, the next two are being used to quickly see where projects stand and how they evolve in time according to the following axes :

  • Source code duplications
  • Respect of coding conventions
  • Potential bugs
  • Unit tests errors
  • Source code coverage by unit tests
  • Over-complicated source code

Once you’ve identified a wreck, you certainly want to take actions : that is the purpose of what we call the hunting toolbox. There are three tools in Sonar that help you refund the technical debt : Measures Drilldown, Violations Drilldown and Coverage Clouds. The current economic climate and the blow-up of the financial bubble should remind the most reluctant not to accumulate debts, even if they are intangible :-).Here are several use cases of this hunting toolbox :

Code duplication
Project A has for instance 10% of code involved in a duplication. If you click on the “10%” in the dashboard you land in the Measures Drilldown service : you get a list of components ordered by highest number of duplication. Want to see exactly which block of lines are duplicated ? Simply click on the source file name and look at the “Duplications” tab (Sonar 1.7). Cost of hunting : 2 clicks.

duplications-1

Code Complexity
Project B has an average cyclomatic complexity (CC) by class of 50 which might mean that several classes have too many responsibilities and should be refactored. To get more information, click on “50″ to get a list of classes ordered by highest CC and split them.

Unit tests
In project C, 4 unit tests have failed for some reasons : simply click on “4″ to display all the associated unit test classes. Then click on these classes and the error/failure details will appear.

unittests

Let’s carry on unit tests. Project D has a code coverage less than 20%. You know by experience that doing maintenance with such a low number is going to be a nightmare, so you want to increase it. Go to the Coverage clouds service and click on the “Quick wins” tab. All classes in your project show up alphabetically ordered. The size of the name represents the cyclomatic complexity when the color represents the code coverage. You can immediately start improving the code coverage by working on the most complex and yet less tested classes.

coverage

Coding rules
Last but not least in project E, the density of coding conventions violations or the number of potential bugs is too high. You switch to the Violations drilldown service to hunt and fix those violations and potential bugs. You define a filter on a given rule for instance to see which files have the greatest number of violations. Clicking on those files will display the source code with all violations or potential bugs contained in the source.

violations

Maybe you start getting the strange feeling that something is missing ? I got the same feeling a couple of months ago : it would be great that Sonar shows in one page the most complex classes, the less tested and yet most complex classes, the classes with the greatest number of duplicated lines, the classes with the longest unit tests… The functionality is part of the 1.8 release that is planned for April : it is going to be called Hotspots !

hotspots

© 2008-2013, SonarSource S.A, Switzerland. All content is copyright protected. SONARQUBE and SONARSOURCE are
trademarks of SonarSource SA. All other trademarks and copyrights are the property of their respective owners. All rights are expressly reserved.