Integrating Sonar with Eclipse

Let the world know ...Tweet about this on TwitterShare on Google+Share on FacebookEmail this to someoneShare on LinkedIn

Note: 1st published at SCN on 20.4.2012

Note 2: this plugin is not anymore valid. The blog is from 2012!

 

Sonar comes with a killer feature: Eclipse integration. This does not only mean that there is an Eclipse perspective available, but Sonar findings can be used with Mylyn.

Sonar perspective

To make use of the Sonar perspective, the Java project needs to be linked to the Sonar project.

Associate project with Sonar project

Select Sonar project

Now the Eclipse Sonar plugin is reading the identified issues from the Sonar server and integrates them in the editor view:

Clicking on the item in the right opens – like any other Eclipse message – a window and shows possible solutions.

The developer can now act on the violations inside Eclipse without needing to logon to the Sonar server and find there the violations for the source code he is working on.

Mylyn integration

Assume that besides the actual developers you have a code quality or coordination group that analyzes code and uses Sonar for doing so. Now Sonar shows all these violations, errors, bugs and so on, but how to communicate to the developer that he has to act on the violation? Or to guide him with documentation or how to find out why the code is written like it is? Mylyn can be used to enable that kind of collaboration. The Sonar web interface allows creating for every violation to add a comment and assign the violation to a specific user.

Sonar web interface

This review was created with the id #30 assigned to it:

After configuring Mylyn to work in Eclipse together with Sonar, the review shows up under this id in the task list:

Opening the task reveals the tasks information:

Without leaving Eclipse the developer can act on the violations assigned to him. A special feature is the ability to click on the resource link in the tasks and Eclipse will open the corresponding file automatically. The developer can mark the task as solved from within Eclipse and the task will get updated.

Mylyn:

Sonar:

This change is visible immediately and does not require a new code analysis by Sonar.

Using Eclipse brings a major benefit: plugins and an eco-system. Unfortunately, SAP decides to not make their Eclipse plugins easily accessible via the update functionality, but other software vendors are not as restrictive, transforming Eclipse into a productivity tool for Java developers, making it possible to integrate it into a Java developer landscape. One can only hope that ABAP for Eclipse won’t get a second NWDS.

Let the world know ...Tweet about this on TwitterShare on Google+Share on FacebookEmail this to someoneShare on LinkedIn

Java quality management with Sonar part 1

Let the world know ...Tweet about this on TwitterShare on Google+Share on FacebookEmail this to someoneShare on LinkedIn

Note: 1st published at SCN on 16.4.2012

Code quality is an ongoing topic for software development. For most programming languages a QM product is available. SAP with ABAP comes with code quality tools, and so does Java. From the several (commercial) tools available, let me show how an open source one can be used for SAP Java projects: Sonar. Sonar is a server application that allows for a central code quality analysis. The primary focus is Java, several plugins exists that allow analyzing different languages. From the obvious ones like JSP and JavaScript, ABAP is also available (commercial). With the main focus on Java, Sonar comes with Eclipse IDE plugins to really enable productivity for developers. How does Sonar look like?

Main overview screen

Overview of one project

Drilldown into a severity area

Drilldown into source code

From an overview page a developer can drill down to the class to the actual source code where an issue is identified. As Sonar is a central server with permission control, a hierarchy and roles can be established like project owner, senior developer, developer, clients. Everybody can access the project and see or give feedback of the status and identified issues. Sonar can be used to established code guidelines in a project / company, help the developers to produce better and standardized code and used to show to the customer the quality of the code.

The analysis of the code can be done by looking at the plain source code and use rules to identify violations of pre-defined best practices or by a more advanced analysis of the binary code. For the later findbugs is used. This gives more control over possible bugs that normally only will be discovered during runtime. As runtime means that the project has to be deployed, started and executed, any bug found by findbugs helps saving time. To make findbugs work, Sonar has to know where to find all the classes referenced in the byte code. If the class files are not available, the analysis won’t be executed.

Run the analysis by using the source code on a PAR file for SAP Portal.

Looks good, as no blocker or critical error is found. That code shouldn`t crash when executed with an exception.

Analyzing the same code with a different profile: findbugs.

Compared to the source code analysis, findbugs now shows 2 blockers and 2 critical bugs. Unlikely that the program won`t crash when executed.

To show what findbugs do I prepared a rather simple example. The code simply will do a cast that cannot work:

Findbugs is able to find this out and correctly report an impossible cast. It even shows what I try to do: cast from Integer to String. Depending where this kind of cast is hidden in the source code, maybe only a really profound testing would have shown the error, maybe only in production. To see how findbugs works with Web Dynpro Java I wrote a really simple WDJ application. Web Dynpro Java program analyzed, only the source code:

The issues found are more or less caused by the code generator of WDJ.

Most of these issues can be resolved my naming variables, methods, etc differently and by SAP looking at the code generator. Now with findbugs

The dead store issue may or not be an error of the developer (or javac). Because I prepared the code, I know that the error stems from a coding error. In the view a value node with cardinality 0..n was created. Without initialization of the node this throws a NullPointerException during runtime. Changing the cardinality to 1..n and running Sonar again:

In that case, Sonar helped to identify an error that only can be discovered after deploying the WDJ application. As that kind of error immediately occurs when the user is accessing the view and thus ending the test case, Sonar helps to resolve these kinds of errors faster.

Sonar is for Java, but SAP interpreted Java sometimes in an interesting way; think of Web Dynpro Java. As shown, Sonar can be used to analyze all kinds of SAP Java projects. WDJ produces in the end . java and .class files, portal applications are Java projects and so is the rest of Java projects (like PI). Currently SAP is endorsing NWDI for Java development and while ABAP comes with a code inspector (you are using, right?), there is no such solution from SAP for Java. If you want to get started with code quality management in Java for SAP, there are several solutions for Java available. To get started you can try Sonar.

What is needed are accelerators, guidelines and plugins from SAP for their specific Java project types. That would really make a difference for developers.

Let the world know ...Tweet about this on TwitterShare on Google+Share on FacebookEmail this to someoneShare on LinkedIn