Software Development Quality Control with SONAR
-
Upload
cornelius-mellino-mm-cmpm-pmp -
Category
Documents
-
view
45 -
download
0
Transcript of Software Development Quality Control with SONAR
![Page 1: Software Development Quality Control with SONAR](https://reader034.fdocuments.us/reader034/viewer/2022052414/55d0a1f7bb61ebaa688b475a/html5/thumbnails/1.jpg)
Software Development Quality Control
with
SONAR
Cornelius Mellino, PMP.
![Page 2: Software Development Quality Control with SONAR](https://reader034.fdocuments.us/reader034/viewer/2022052414/55d0a1f7bb61ebaa688b475a/html5/thumbnails/2.jpg)
From theory ... into practice
• Learning experience : IS Management at Binus MMSI. (2008-2010)
• Working experience :
• IT Manager at Prasetiya Mulia. (2009)
• Senior Java Developer at Knowment AIE. (2010)
• Project Manager at Telkomsigma (2011-now)
Experience without theory is blind, but theory without experience is mere intellectual play. – Immanuel Kant
![Page 3: Software Development Quality Control with SONAR](https://reader034.fdocuments.us/reader034/viewer/2022052414/55d0a1f7bb61ebaa688b475a/html5/thumbnails/3.jpg)
![Page 4: Software Development Quality Control with SONAR](https://reader034.fdocuments.us/reader034/viewer/2022052414/55d0a1f7bb61ebaa688b475a/html5/thumbnails/4.jpg)
![Page 5: Software Development Quality Control with SONAR](https://reader034.fdocuments.us/reader034/viewer/2022052414/55d0a1f7bb61ebaa688b475a/html5/thumbnails/5.jpg)
Scenario 1:
• Your team doesn’t collect code metrics from projects. Therefore, your code base could be getting worse and worse without anyone ever noticing. You might start noticing when the technical debt (we will elaborate on this concept later) has reached a
certain level where it’s tooexpensive
to address them, given the time and budget constraints.
http://blogs.sourceallies.com - Akrem Saed
![Page 6: Software Development Quality Control with SONAR](https://reader034.fdocuments.us/reader034/viewer/2022052414/55d0a1f7bb61ebaa688b475a/html5/thumbnails/6.jpg)
![Page 7: Software Development Quality Control with SONAR](https://reader034.fdocuments.us/reader034/viewer/2022052414/55d0a1f7bb61ebaa688b475a/html5/thumbnails/7.jpg)
The Answer
• Collecting code metrics continuously can give your team the advantage of keeping the technical debt of your code base under control. For example, you can make it a rule that you don’t allow your code base to extend beyond a certain threshold in terms of some metric values. Whenever that threshold is reached you are notified immediately through your continuous build.
• Implements LEAD MEASURES
![Page 8: Software Development Quality Control with SONAR](https://reader034.fdocuments.us/reader034/viewer/2022052414/55d0a1f7bb61ebaa688b475a/html5/thumbnails/8.jpg)
Scenario 2:
• Time and time again I’ve witnessed teams that start refactoring because they are convinced
the code base was bad in terms of performance, brittleness, instability, difficulty to maintain and/or to extend. While our intentions are good, we don’t know what part of the code base is responsible for the issue we encounter. Hence, there is a good chance changes will be applied to the wrong code. Or we end up refactoring the right code in the wrong way. Or we only fix part of the problem.
http://blogs.sourceallies.com - Akrem Saed
![Page 9: Software Development Quality Control with SONAR](https://reader034.fdocuments.us/reader034/viewer/2022052414/55d0a1f7bb61ebaa688b475a/html5/thumbnails/9.jpg)
The Answer
• This is where metrics and tools like Sonar can help.
• Sonar points out the parts of the code that
are causing problems.
• Once these issues are identified they can be prioritized and added to the backlog.
• Sonar helps teams identify and address issues with confidence.
![Page 10: Software Development Quality Control with SONAR](https://reader034.fdocuments.us/reader034/viewer/2022052414/55d0a1f7bb61ebaa688b475a/html5/thumbnails/10.jpg)
Scenario 3:
• Another team is the best in the world and has remarkable instincts in identifying and correcting issues, but they fail to track the quantity of issues fixed in their triumphant voyage.
• Let’s face it, managers and team leaders would definitely appreciate having a clear idea of how many improvements were made with their resources and budget.
• They also want to know which issues still need to be fixed in the future.
http://blogs.sourceallies.com - Akrem Saed
![Page 11: Software Development Quality Control with SONAR](https://reader034.fdocuments.us/reader034/viewer/2022052414/55d0a1f7bb61ebaa688b475a/html5/thumbnails/11.jpg)
The Answer
• Now, if you preserve a snapshot of metric values before the voyage, you could report something like this “… before our code base was 75% compliant with the company’s best practices and now it’s at 95%”.
• Sonar helps you track your improvement progress.
![Page 12: Software Development Quality Control with SONAR](https://reader034.fdocuments.us/reader034/viewer/2022052414/55d0a1f7bb61ebaa688b475a/html5/thumbnails/12.jpg)
If you can’t measure it, you can’t improve it. - Peter Drucker
![Page 13: Software Development Quality Control with SONAR](https://reader034.fdocuments.us/reader034/viewer/2022052414/55d0a1f7bb61ebaa688b475a/html5/thumbnails/13.jpg)
![Page 14: Software Development Quality Control with SONAR](https://reader034.fdocuments.us/reader034/viewer/2022052414/55d0a1f7bb61ebaa688b475a/html5/thumbnails/14.jpg)
Why Sonar?
• Free
• Quantitative measurements of code quality
• A set of measurement metrics
• Discourage bad practices
![Page 15: Software Development Quality Control with SONAR](https://reader034.fdocuments.us/reader034/viewer/2022052414/55d0a1f7bb61ebaa688b475a/html5/thumbnails/15.jpg)
Quantitative measurementsof code quality
![Page 16: Software Development Quality Control with SONAR](https://reader034.fdocuments.us/reader034/viewer/2022052414/55d0a1f7bb61ebaa688b475a/html5/thumbnails/16.jpg)
A set of measurement metrics
![Page 17: Software Development Quality Control with SONAR](https://reader034.fdocuments.us/reader034/viewer/2022052414/55d0a1f7bb61ebaa688b475a/html5/thumbnails/17.jpg)
Discourage bad practices
![Page 18: Software Development Quality Control with SONAR](https://reader034.fdocuments.us/reader034/viewer/2022052414/55d0a1f7bb61ebaa688b475a/html5/thumbnails/18.jpg)
Sonar give guidances
![Page 19: Software Development Quality Control with SONAR](https://reader034.fdocuments.us/reader034/viewer/2022052414/55d0a1f7bb61ebaa688b475a/html5/thumbnails/19.jpg)
Broken Window Theory
• Don’t leave “broken windows” (bad designs, wrong decisions, or poor code) unrepaired. Fix each one as soon as it is discovered. If there is insufficient time to fix it properly, then board it up. Perhaps you can comment out the offending code, or display a “Not Implemented” message, or substitute dummy data instead. Take some action to prevent further damage and to show that you’re on top of the situation.
![Page 20: Software Development Quality Control with SONAR](https://reader034.fdocuments.us/reader034/viewer/2022052414/55d0a1f7bb61ebaa688b475a/html5/thumbnails/20.jpg)
Broken Window Theory
• We’ve seen clean, functional systems deteriorate pretty quickly once windows start breaking. There are other factors that can contribute to software rot, and we’ll touch on some of them elsewhere, but neglect accelerates the rot faster than any other factor.
• You may be thinking that no one has the time to go around cleaning up all the broken glass of a project. If you continue to think like that, then you’d better plan on getting a dumpster, or moving to another neighborhood. Don’t let entropy win.
![Page 21: Software Development Quality Control with SONAR](https://reader034.fdocuments.us/reader034/viewer/2022052414/55d0a1f7bb61ebaa688b475a/html5/thumbnails/21.jpg)
• Continuously collecting and reviewing
software metrics can help identify and fix “broken windows” before they affect other windows.
• The longer a bad design and bad code are left unfixed, the more vulnerable your code is to receiving additional hacks. Leads to bigger Nonconformance Cost.
http://blogs.sourceallies.com - Akrem Saed
![Page 22: Software Development Quality Control with SONAR](https://reader034.fdocuments.us/reader034/viewer/2022052414/55d0a1f7bb61ebaa688b475a/html5/thumbnails/22.jpg)
“Quality is not an act, it is a habit.”
―Aristotle
![Page 23: Software Development Quality Control with SONAR](https://reader034.fdocuments.us/reader034/viewer/2022052414/55d0a1f7bb61ebaa688b475a/html5/thumbnails/23.jpg)
Sonar is Not Alone
• Sonar uses various static code analysis tools such as Checkstyle, PMD, FindBugs, Clover to extract software metrics, which then can be used to improve software quality.
![Page 24: Software Development Quality Control with SONAR](https://reader034.fdocuments.us/reader034/viewer/2022052414/55d0a1f7bb61ebaa688b475a/html5/thumbnails/24.jpg)
The Metrics
![Page 25: Software Development Quality Control with SONAR](https://reader034.fdocuments.us/reader034/viewer/2022052414/55d0a1f7bb61ebaa688b475a/html5/thumbnails/25.jpg)
![Page 26: Software Development Quality Control with SONAR](https://reader034.fdocuments.us/reader034/viewer/2022052414/55d0a1f7bb61ebaa688b475a/html5/thumbnails/26.jpg)
Technical Debt
http://c2.com/doc/oopsla92.htmlhttp://docs.codehaus.org/display/SONAR/Technical+Debt+Plugin
![Page 27: Software Development Quality Control with SONAR](https://reader034.fdocuments.us/reader034/viewer/2022052414/55d0a1f7bb61ebaa688b475a/html5/thumbnails/27.jpg)
The Formula
• Debt(in man days) =
cost_to_fix_duplications
+ cost_to_fix_violations
+ cost_to_comment_public_API
+ cost_to_fix_uncovered_complexity
+ cost_to_bring_complexity_below_threshold
http://c2.com/doc/oopsla92.htmlhttp://docs.codehaus.org/display/SONAR/Technical+Debt+Plugin
![Page 28: Software Development Quality Control with SONAR](https://reader034.fdocuments.us/reader034/viewer/2022052414/55d0a1f7bb61ebaa688b475a/html5/thumbnails/28.jpg)
The Formula
• Duplications = cost_to_fix_one_block *duplicated_blocks
• Violations = cost_to fix_one_violation *mandatory_violations
• Comments = cost_to_comment_one_API *public_undocumented_api
• Coverage = cost_to_cover_one_of_complexity *uncovered_complexity_by_tests (80% of coverage is the objective)
• Complexity = cost_to_split_a_method *(function_complexity_distribution >= 8) + cost_to_split_a_class * (class_complexity_distribution >= 60)
http://c2.com/doc/oopsla92.htmlhttp://docs.codehaus.org/display/SONAR/Technical+Debt+Plugin
![Page 29: Software Development Quality Control with SONAR](https://reader034.fdocuments.us/reader034/viewer/2022052414/55d0a1f7bb61ebaa688b475a/html5/thumbnails/29.jpg)
Duplication
![Page 30: Software Development Quality Control with SONAR](https://reader034.fdocuments.us/reader034/viewer/2022052414/55d0a1f7bb61ebaa688b475a/html5/thumbnails/30.jpg)
Complexity
![Page 31: Software Development Quality Control with SONAR](https://reader034.fdocuments.us/reader034/viewer/2022052414/55d0a1f7bb61ebaa688b475a/html5/thumbnails/31.jpg)
Sonar Metric Definitions
• http://docs.codehaus.org/display/SONAR/Metric+definitions
o Complexity
o Design
o Documentation
o Duplications
o Reviews
o Rules
o Size
o Tests
![Page 32: Software Development Quality Control with SONAR](https://reader034.fdocuments.us/reader034/viewer/2022052414/55d0a1f7bb61ebaa688b475a/html5/thumbnails/32.jpg)
“Quality is everyone's responsibility.”
―W. Edwards Deming
![Page 33: Software Development Quality Control with SONAR](https://reader034.fdocuments.us/reader034/viewer/2022052414/55d0a1f7bb61ebaa688b475a/html5/thumbnails/33.jpg)