Regular code reviews are like physical exercise: everybody agrees how important it is but only few have time and energy for it. Yet, code reviews are one of the best ways to reduce defects and associated waste in debugging time, not to mention the overall product reliability.
There is a distinction between low-level tedious review of syntax of programs and review of their business functions. It is the low-level syntax and structure that are the ones that take most time and are also least interesting.
Reviews for technical components of the program have been automated for quite some time. Tools like PMD, FindBugs and Checkstyle are very popular Eclipse plugins and represent the first line of defense against simple but dangerous bugs. The problem with those tools is that they are intended for separate individuals and their reporting is done at a relatively low-level of detail.
Enter Sonar (see screenshots below).
Sonar is a web-based tool that analyzes your code using countless different metrics. It checks violations of coding rules similar to PMD/FindBugs/CheckStyle. It also presents an extremely useful dashboard of aggregated stats such as LOC, classes, duplications %. It even keeps track of how those metrics were changing in time. Best of all it’s easily integratable with Maven and Hudson and works seamlessly behind the scenes on each build.
Having high-level overview of code IMO is extremely important especially when the code base is large. Stats like coding-rules violations, test-coverage, complexity-per-method or per-class, cohesion are conveniently presented in numerical form. And these are just few of dozens (if not more) relevant stats.
If you want to see thorniest places in the code – go to Hotspots view. It ranks parts of your code using various metrics of “badness”. These include most violated rules, most untested classes, most complex classes, etc. Hotspots view is linked with Violation Drilldown views where you can expand areas of interest. In addition to that, Design view can be used to find cyclical dependencies between packages (a big no-no in proper OO design).
Ability to observe how these metrics change in time is very important because it allows to trace meaningful degradation in code quality down to individual code modification (i.e. when someone submits a bunch of spaghetti).
Overall Sonar is a great tool that exposes previously hidden data about code and presents it in a very convenient, interactive and intuitive format.
If you want to keep you code clean (no pun intended on Uncle Bob’s book) – Sonar is your tool.
