The Sonar team is proud to announce the release of Sonar 2.2. As usual, this new release includes numerous improvements, bug-fixes and also brand new features that we believe are worth stopping your daily work for a few minutes to review. Those features can be divided into three categories :

• Favourites resources
• Filters homepage
• Plugin classloaders

Favourites

When you are working in a company that makes an intensive usage of Sonar, the project(s) you want to monitor can be quickly lost among hundred of others projects. Favourites makes it possible to flag those projects but also modules, packages and files. You then get quickly an overview of those resources at any time.

To use this feature, the user must be logged into Sonar. Resources can then be flagged by clicking on the star icon available in the “Dashboard”, “Components” and “Filters” pages :

Once a resource is flagged as a favourite, it is automatically displayed in the “My Favourites” tab in the homepage :

Filters

The Sonar homepage had several drawbacks when Sonar was intensively used :

• Displaying the page took too much time with more than 500 projects
• Only root projects were displayed
• There was no way to quickly get a list of resources according to some criteria. For instance, the list of projects whose technical debt ratio is greater than 10%, the list of Files whose complexity is greater than 300…
• The Treemap was too small and so not usable with many projects
• There was no way for a user to customize the homepage

The new “Filters” page allows to overcome those limitations :

Of course, this feature comes along with configuration capabilities :

Plugin classloaders

Plugins are now executed in independent classloaders. The main advantage is that plugins can declare and embed their own dependencies instead of being limited to libraries provided by Sonar. As a direct consequence, Sonar no longer depends on Maven Checkstyle and PMD plugins but now directly embed Checkstyle and PMD libraries.

To find out more about Sonar 2.2 and the 63 issues that have been fixed, you can read the release notes or maybe you prefer to download it to give a ride. Have fun !

Welcome to the roundup of blog posts and pages that mentioned Sonar last month…

Use Sonar to Develop a Quality Feedback Loop into the Build Cycle

By Brian Chaplin on ServerSide, 29 june 2010
The number of business defects in an application tracks with the number of technical defects. More technical defects normally means more business defects. This means that technical defects can be used as a metric for the overall quality of a development approach. Sonar is a great dashboard for tracking code quality at the project and file level. But how can it be used to as part of the daily workflow?

Making the Most of Maven: Nexus, Hudson, Sonar
By Joel Confino, 15 June 2010
Maven is a build tool. I like Maven because it supports dependency management, consistent builds and a modular code base. But if you are just using Maven without using Nexus, Hudson, Sonar you are really missing out on a lot of goodness. Nexus is a Maven repository manager, Hudson is a CI server, and Sonar is a code metrics server.

Google Summer of Code 2010 with Sonar team – first steps
By Evgeny Mandrikov, 7 June 2010
As I promised in previous post, that progress of my work on Google Summer of Code 2010 would be available publicly – here is a brief overview of what was done for Sonar IDE project, what we have now and what expected in nearest future.

The Code Quality game
By Ricki Sickenger, 4 June 2010
Most programmers think they can recognize good code and a lot of them think they produce good code, but the sad truth is that not a lot of programmers actually do. Between time constraints, feature creep, and laziness, programmers hardly ever end up producing super quality code.

Code-Metriken auf dem Prüfstand
By Sandro Ruch, 4 June 2010
Wie lässt sich die Qualität von Code bestimmen? Welche Kriterien sollen dafür hinzugezogen werden? Eine mögliche Antwort könnte sein: “So gut wie die Abnahme-Testresultate des Kunden”…

Changing a project’s artifact id in Sonar
By Oliver Gierke, 2 Jun 2010
Sonar is a great tool to take care of code quality in your software projects. I use it heavily to monitor the open source projects I am involved with. When working on getting Hades published into Maven central I had to polish it’s pom.xml and felt the need to align the parent project’s artifact to our chosen OSGi compatible package notation for artifacts

Code Quality Management Tool Sonar Provides Design and Architecture Metrics
By Srini Penchikala on InfoQ, 1 June 2010
The new version of open source code quality management tool Sonar provides design and architecture metrics. Sonar 2.0 introduced the analysis of design, architecture and object-oriented metrics for Java applications. And Sonar 2.1 version, which was released recently, supports the detection of unused methods.

It has now been more than ten years since Kent Beck and Martin Fowler started to talk about Continuous Integration. At that time, it was hard to believe this practice would have such an impact on our daily work and would be so much adopted in the world of software development. Today, we at SonarSource but also in many places, can simply not imagine to go back and work without Continuous Integration.

Here is what can be read about Continuous Integration on Wikipedia :
Continuous integration aims to improve the quality of software, and to reduce the time taken to deliver it, by replacing the traditional practice of applying quality control after completing all development.

The ultimate goal of Continuous is to be able to fire any type of release at any time with minimal risk whether it is a Milestone, Release Candidate or GA : quality requirements become a must-have and no more a nice-to-have. Let’s review which requirements are correctly covered by continuous integration environments today :

• Anybody must be able to build the project from any place and at anytime.
• Every Unit Tests must be executed during the Continuous Integration build.
• Every Unit Tests must pass during the Continuous Integration build.
• The output of the Continuous Integration build is a package ready to ship.
• When one of the above requirement is violated nothing is more important for the team than fixing it.

This is a really a good starting point but does not sound sufficient to talk about total quality . What’s about those other source code quality requirements ?

• Any new code should come with corresponding unit tests (regardless of previous state in code coverage).
• New methods must not have a complexity higher than a defined threshold.
• No cycle between packages must be added.
• No duplication blocks must be added.
• No violation to coding standard must be added.
• No call to deprecated methods should be added.
• …

More generally, those requirements are about keeping overall technical debt under control and only let it increase consciously (see the Technical Debt Quadrant) : this is the concept of Continuous Inspection. This concept seems to have appeared around five years ago (see this IBM Article) and has been recently described and defined (see DZone Refcards 87 about Continuous Integration and Continuous Inspection, see book “Continuous Integration : Improving Software Quality and Reducing Risk” ) but is still an emerging concept as was Continuous Integration ten years ago.

Continuous Inspection requires a tool to automate data collection, to report on measures and to highlight hot spots and defects. Sonar is currently the leading “all-in-one” Continuous Inspection engine. A Continuous Inspection engine can be seen as an Information Radiator dedicated to make the source code quality information available at anytime to every stakeholder. Transparency is certainly one of the main reason why Open Source Software is most of the time of better quality than Close Source Software. A developer writing a new piece of code should always think about the next person/team who will maintain it : Continuous Inspection helps to never forget this golden rule.

But of course, Continuous Inspection only comes after Continuous Integration is solidly implemented : this is the next maturity level and this maturity level can be implemented with Sonar.

The Sonar Team is very proud to announce the availability of the first version of the Sonar Eclipse plugin. This plugin is part of the Sonar IDE Project. This first version comes just few a weeks after the release of the Sonar IntelliJ IDEA plugin. The project has 2 active contributors : Jérémie and myself.

The work has been greatly facilitated by the good feedback we received from the Sonar community on the release candidate version. It is going to be followed by new ones in the upcoming weeks/months (see My proposal for GSoC (Google Summer of Code) 2010).

This version 0.1 only displays violations. Duplicated blocks, code coverage and commented out lines of code will be added later. As for the Sonar IntelliJ IDEA plugin, source code is decorated on the fly with information provided by the Sonar web server.

As usual for releases, let’s go through screenshots to discover this new functionality and how it can be used in your daily work to track violations. Enjoy !

Configuration

By default, the plugin tries to reach a local Sonar web server on port 9000 to get violations. But it is possible to define different and several Sonar web servers to use in the Eclipse global preferences :

For instance, for Open Source projects available in Nemo, the configuration would be :

Once, the Sonar web server to be used has been configured, the next step is to activate the Sonar plugin on a given project. If you use m2eclipse, there is nothing to do as the groupId and artifactId of your project are automatically configured. Nevertheless, you may want to change the default Sonar server to use :

Source code decoration

Then you just have to open the java file you want to work on and violations are displayed with markers (on the left-hand side) :

Global source code Inspection

To start hunting violations on the overall project, you can use the Problems View :

Go to Sonar

At any time you can jump onto the Sonar Web dashboard directly from the IDE, to get information that is not yet available in the Sonar Eclipse plugin :

Navigator

Sonar Server Navigator allows you to browse all available projects in a specified Sonar server :

Roadmap

Next version 0.2 will allow to visualize duplicated blocks, code coverage, … directly inside Eclipse, so stay tuned.

To give it a try, you can add it to your favourites in Eclipse Marketplace or install directly using update-site. For more information you can visit Sonar IDE site.

Welcome to the roundup of blog posts and pages that mentioned Sonar last month…

Developers dashboard : Mash-up activity streams from Jira, Sonar and Hudson
By exoPlatform, 21 May 2010
We are going to build a space in exo social to follow the development of a software. We are going to take as an example the development of eXo Social. We want to integrate the 3 following things: Our task manager – Jira, our code quality tool – Sonar and our building system – Hudson.

Coding Standards with Sonar, Maven and Intellij IDEA
By Mike Nash, 18 May 2010
One of the ways to ensure quality in a software project is to find a set of coding standards that your team can agree on then put automated checks in place to ensure they are adhered to. In this post I’d like to take a very small example of such a stanard, and show how you can use several different tools to help ensure and measure compliance.

Sonar Cobol Plugin released
By SonarSource, 17 May 2010
We are happy to announce the release of the Sonar Cobol Plugin. SonarSource has developed its own state of the art Cobol parser and packaged it as a Sonar Plugin. It allows to perform objective and automated Cobol code reviews against pre-defined or homemade coding best practices.

Passing Hudson BUILD_NUMBER to Sonar Plugin
By arensa, 17 May 2010
Sonar is a great source code analysis tool that integrates through its plugin neatly into the Hudson continuous integration server. One major feature of Sonar is the module called “Time machine” where you can review the progress of the quality metrics for your project over time.

Obeo et SonarSource annoncent la sortie du plugin Sonar1.0 pour VisualBasic 6
By Programmez!, 12 May 2010
Les deux sociétés ont décidé de combiner leur savoir-faire afin de fournir une solution permettant d’analyser automatiquement la qualité du code d’applications VisualBasic 6.

The perfect agile test management tool
By Gojko Adzic, 4 May 2010
David Evans and I facilitated a session on designing a killer agile test management tool last week at the UK Test Management Forum, with the goal of learning what are the biggest currently unsolved problems for agile teams in the area of testing at the moment. So for any tool vendors our there, here are the ideas.

First build of JTheque with Sonar 2.0
By Baptiste Wicht, 2 May 2010
This week-end I updated the version of Sonar to the new version 2.0 and migrated it from Tomcat 5.5 to Tomcat 6.0. I waited until now for the plugins I use to be compatible.

An IntelliJ IDEA Plugin for Sonar
By Evgeny Mandrikov, 1 May 2010
The Sonar Team is very proud to announce the release of a first version of a Sonar plugin for IntelliJ IDEA. Sonar (http://sonar.codehaus.org) is an open-source Code Quality Management Platform based on many well known analysis tools like Checkstyle, PMD, Findbugs, Cobertura, …

Sonar: Understanding your codebase
By Mark Thomas, 29 March 2010
Large code bases can be difficult to understand, particularly for a new joiner to a team. Reading code is a great way to get the detail, but getting a high-level view can sometimes be hard. There are a range of open source tools that can provide Information about code coverage, design attributes and complexity, but it is often hard…

Java Build Server
By Manuel Küblböck, 23 January 2010
In my last Java project, I set up a build server with Continuous Integration (CI) capability. I am a big fan of Test Driven Development (TDD) and I quite enjoyed Hudson telling us right away when someone checked in code that broke the build. It just gives you so much more confidence in your code and keeps it releasable at all times. In addition, we used Sonar to measure the quality of our code.

Up to version 2.1, Sonar was relying only on external coding rules engines such as Checkstyle, PMD and Findbugs to report violations on Java applications. But since version 2.1, Sonar also provides its own rules engine to work on Java dependencies. This rules engine is based on Squid and three rules are currently available :

Squid provides an easy to use visitor pattern to be able to visit dependencies between methods, fields, classes and packages. This visitor pattern has been used in Sonar 2.0 to calculate Object Oriented metrics like LCOM4, RFC, DIT, NOC, … and has been reused in Sonar 2.1 to implement this new rules engine.

Here is a description of the three new rules :

• Use of deprecated method : Once deprecated, a method should no longer be used as it means that the method might be removed one day; it might also mean its usage is inefficient or does not enable to benefit from certain features. Using a deprecated method is a sort of technical debt that must be repaid earlier rather than later. The rule detects calls to deprecated methods not only inside but also outside the project. It means that you can track usage of deprecated methods on Java API or any other external libraries. Here is an example of violation :
  
• Unused protected method or Unused private method : Protected or private methods that are never used by any classes in the same project are strongly suspected to be dead code. Dead code means unnecessary, inoperative code that should be removed. This helps in maintenance by decreasing the maintained code size, making it easier to understand the program. Protected methods that override a method from a parent class are not considered as dead code as those methods are most often used through polymorphism.

To support those new functionality, a new Open Source library called sonar-check-api has been added in the Sonar toolbox. This library offers a mechanism to describe the rule : title, description, default priority, ISO category… For Checkstyle, PMD and Findbugs, an XML file is used to provide such description but this library allows use of java annotations to embed the description inside the rule. Here is an example of use with the new “Use of deprecated method” rule :

Have fun with those three new rules while waiting for new ones like a rule to define the architecture layering :)

As usual this new release includes numerous improvements, bug-fixes and also brand new features that we believe are worth stopping your daily work for a few minutes to review. Those features can be divided into two categories :

• Libraries cartography : what project is using which library and how ?
• Powerful Squid rules to detect dead methods and calls to deprecated methods

Libraries cartography

Starting from use cases is the best way to explain how useful those new features are and how Sonar can now easily help you to solve your problem.

Imagine that you want to eradicate the use of Commons Logging library from your projects (because it’s evil). Simply go to the new “Dependencies” page, search for “commons logging”, optionally select a version of the library and quickly see which applications need to be refactored :

Let’s say that you now want to know which transitive dependency can explain why your application depends on Fusesource Commons-Management library. Simply go to the new “Libraries” page on your application and start typing fuseso… :

For more details, you can read the user guide.

New Squid rules for Java

Squid, the home made parser embarked within Sonar, has a pretty unique capability in the fact that it works not only on source code but also on byte-code. So far Squid was only used to compute metrics like LCOM4, RFC, complexity, …. From Sonar 2.1, we have created a rule engine on top of Squid. Three rules are already available :

• detect unused private and protected methods as they are dead code. Dead code means unnecessary, inoperative code that should be removed. This helps in maintenance by decreasing the maintained code size, making it easier to understand the program.
• detect calls to deprecated methods. Once deprecated, a method should no longer be used as it means that the method might be removed sooner or later. Squid analyzes both application, java API and external libraries bytecode to determine which methods / classes / fields are deprecated.

System info

The new page “System Info” provides detailed information about system properties, sonar configuration, installed plugins, Java VM memory statistics and database statistics. As the Sonar ecosystem is growing, there is a real need to provide such administration tools . In the upcoming Sonar versions, a new page should allow to dynamically install, uninstall, upgrade plugins and thereby imitate its older brother Hudson CI engine.

Better usability of drilldown pages

Small but useful UI improvement : when navigating through the drilldown pages, the columns are now automatically scrolled to the selected items, so they are always displayed. This little UI improvement was loudly requested by the Sonar community :)

To find out more about Sonar 2.1 and the 50 issues that have been fixed, you can read the release notes or maybe you prefer to download it to give a ride. Have fun !

The Sonar Team is very proud to announce the release of the first version of the Sonar IntelliJ IDEA plugin. The Sonar IDE project consists at the moment of two plugins, one for Eclipse and one for IntelliJ IDEA, and has 2 active contributors : Jérémie and myself. This release is going to be followed by new ones in the upcoming weeks/months.

The main objective of the Sonar IDE project is to bring the power of the Sonar platform inside the developer’s IDE. In the initial versions of both plugins, the source code will be decorated on the fly with information provided by the Sonar web server. It means that the footprint of the plugins are very light and the continuous workflow of the developer is not disturbed. Note that source code from Sonar server may be slightly different from source code of the working copy, this is why a heuristic algorithm is used to match violations lines.

Version 0.1 has the following limitations : it only works on Maven projects (feel free to vote for issue SONARIDE-38 if you wish support for non-Maven projects to be added) and only displays violations. Duplicated blocks, code coverage and commented out lines of code will be added later.

As usual for releases, let’s go through screenshots to discover this new functionality and how it can be used in your daily work to track violations. Enjoy !

Configuration

This step is straightforward : once a Maven project has been opened, the URL of the Sonar server and optionally username and password must be defined :

Source code decoration

Then you just have to open the java file you want to work on and violations are displayed with markers (on the left-hand side) :

Global source code Inspection

In order to start hunting violations on the overall project, you can use the IDEA inspection toolset with a separate inspection profile for Sonar (All violations are currently associated to a single priority – warning, see SONARIDE-31) :

Go to Sonar

At any time you can jump into the Sonar Web dashboard directly from the IDE to get more information not yet available in the Sonar IntelliJ IDEA plugin :

Roadmap

Next version 0.2 will allow to visualize duplicated blocks, code coverage, … directly inside IDEA, so stay tuned.

To give it a try, you can download it or more simply install it using IntelliJ IDEA Plugin Manager. For more information you can visit Sonar IDE site.

Welcome to the roundup of blog posts and pages that mentioned Sonar last month…

Practical Maven tips – Part 1
By Mike van Vendeloo, 27 Apr 2010
Since I have used Maven a lot over the years, I know my way around Maven. However I encounter a lot of people in projects that just know a few commands (mvn clean install) by head and do not know how maven works or how to add and use functionality within Maven.

An introduction to Sonar
By Freddy Mallet and Olivier Gaudin, 23 April 2010
Sonar is an open source Platform used by development teams to manage source code quality. Sonar has been developed with a main objective in mind: make code quality management accessible to everyone with minimal effort.

The Sonar page in Wikipedia
By Mercer Traieste, 21 April 2010
Sonar has now got a page in Wikipedia, thanks to Mercer.

Code Analysis Tools and Tips
By Darryl Parks,
This talk will present a variety of tools that analyze Java source code. It will begin with an introduction and statistics related to manual code analysis (code reviews). Next, it will introduce automated code analysis and show basic setup and examples of…

Compare between RSM and Sonar
By Rajesh Kumar, 16 April 2010

Analíza la calidad de tu código Java con Sonar 2.0
By Jota, 6 April 2010
Sonar es un proyecto OpenSource de codehaus.org para analizar la calidad tu código en Java con diferentes tipos de métricas, solo funciona con proyectos construidos con Maven2.

Tool to compute Technical Debt as a Percentage and a Dollar amount
On Yahoo Groups, March 2010

This is sometimes a bit frustrating, when you are contributing to an Open Source project, to have doubts about who your users are… really. Not knowing them might lead to not understand their needs and therefore not being close enough to deliver value.

Despite the fact that we are always ready to answer questions on the mailing lists, the Sonar team wanted to be sure it knows well enough its users and their experience using the platform. That is why we recently made two polls and today I would like to share their results :

General Figures Where are you from ?

• Switzerland
• France
• United States of America
• Poland
• Republic of Macedonia
• Germany
• Netherlands
• Belgium
• Spain
• Latvia
• Czech republic
• Luxembourg
• India
• Canada
• Russia
• …

How many Projects use Sonar?

• Less than 5 : 8 (20%)
• Between 5 and 10 : 9 (22%)
• Between 10 and 50 : 14 (34%)
• More than 50 : 10 (24%)

Which is the average Size of your projects?

• Less than 5,000 lines of code : 4 (10%)
• Between 5,000 and 10,000 lines : 10 (24%)
• Between 10,000 and 50,000 lines : 14 (34%)
• More than 50,000 lines : 12 (29%)

How long have you been using Sonar?

• More than 1 year : 9 (20%)
• About 1 year : 18 (39%)
• Less than 1 year : 19 (41%)

Which Sonar Version do you use?

Maybe it’s good time for you to follow the mass and download latest version right now? ;)

IDE Integration

As you probably know, we are working on some plugins for IDEs, which will help developers improve source code quality directly from their favorite development environment.
So, which is your favorite IDE?

We’re happy to know that your needs perfectly corresponds to our vision: integration of Sonar with Eclipse it’s a must have part for Enterprise – we are now sure at 200%. So, our priorities: 1-Eclipse, 2-IntelliJ IDEA, 3-NetBeans.

Integration with Hudson

Thanks to Henri Gomez who’s provided the following poll results about user experience in Sonar integration with Hudson:
Which kind of Hudson job do you use?

How do you trigger Sonar build?

• Unconditionnal Nightly build : 18 (44%)
• Specific Sonar build : 12 (29%)
• Build on SCM update : 10 (24%)
• Nightly build if SCM update : 8 (20%)

* People may select more than one checkbox, so percentages may add up to more than 100%.

Which ratio of projects not built with Maven?

Sonar Plugins

And last but not least, is your opinion about the Plugins Forge and about the commercial plugins.
Which Sonar plugins do you use?

• Technical Debt : 26 (51%)
• Taglist : 24 (47%)
• Timeline : 24 (47%)
• Motion chart : 20 (39%)
• Quality Index : 19 (37%)
• Radiator : 17 (33%)
• SIG Maintainability Model : 15 (29%)
• PDF Report : 14 (27%)
• SCM Activity : 14 (27%)
• Artifact Size : 10 (20%)
• Rules Meter : 11 (22%)
• Security Rules : 11 (22%)
• Build Stability : 10 (20%)
• LDAP : 10 (20%)
• JIRA Issues : 10 (20%)
• Views : 7 (14%)
• Other : 6 (12%)
• Master Project : 4 (8%)
• SonarJ : 3 (6%)
• Identity : 3 (6%)
• Emma : 2 (4%)
• PL/SQL : 2 (4%)
• Build Breaker : 1 (2%)
• Crowd : 1 (2%)

* People may select more than one checkbox, so percentages may add up to more than 100%.

Thus the most useful plugin in the opinion of users is the Technical Debt Plugin. The LDAP plugin has the lowest Technical Debt Ratio of all plugins with 2.5%, so this is the plugin of the month from a code quality point of view.

The most sexy plugin is the Motion Chart Plugin.

The best plugin for meditation the Radiator Plugin.

Testimonials

We also gathered from the polls some testimonials from our users and I thought it would be interesting to share them:

© Nicolas De Loof 2009-2010 all rights reserved, France
Sonar is the Google Earth for source code.
Jamie Whitehouse, Toronto, Canada
Sonar is amazing, I don’t know why anyone would want to sift through the separate tools reports and manually correlate information, nor miss out on the added features from Squid and dependency analysis (DSM).
Sébastien Touzet, France
Waiting for the Cobol plugin with great interest!
Anonymous
Just a heart felt “thank you” for moving the reporting out of Hudson and especially Bamboo and into a real reporting tool. Sonar has really helped with helping identify problems and to motivate change.
Anonymous
1 project has more than 200 000 lines of code Build on SCM update if Hudson build is successful. Congratulations sonar team !
Erik Bartholomeus, Belgium
We probably will stop using sonar because it is becoming crowded when there are too many projects.

We also asked about missing features in Sonar and received some good ideas that we are going to review. But feel free to create issues in JIRA to log new ideas. You can also start a new thread of discussion by submitting your ideas to the user mailing list.

When learning Object-oriented programming, two of the concepts are fairly difficult to understand and therefore to digest : classes must be loosely coupled and highly cohesive. In today’s post, I am going to explain why this is important and how Sonar can help you evaluating how cohesive are your classes.

A few weeks ago, I started a discussion on how to Fight Back Design Erosion by Breaking Cycles with Sonar in which I mentioned that good design should enable to replace any part of a system by a new piece of code with little pain. The first aspect to look at is really the “macro level”, i.e. packages, to ensure for instance that there are no cycles between packages. But to obtain modularity at any level of the design you also need to consider the “micro level”, i.e. the classes / methods, by keeping it loosely coupled and highly cohesive.

Coupling is the degree to which each class is tight to the others. In other words if a class is highly coupled, any change you make to this class can have direct or indirect impact on many other classes : not what I would call great modularity ! You can use for example the inversion of control principle to reduce the coupling between classes.

Cohesion is the degree to which the methods of a single class are tight together. When two methods in a class do not use a common attribute or a common method, it means that they share nothing and should probably not belong to the same class to respect the Single Responsibility Principle. In other words you can split your class into several new classes to gain modularity at class level.

So whereas classes should be very unrelated with lowest possible coupling, methods should on the opposite be strongly related with high possible cohesion. This is pretty similar to an agile organization : each team (class) should be very autonomous (low coupling) but all members (methods) of a team should be very tight to each other (high cohesion).

Sonar 2.0 comes with a new experimental and very promising metric : LCOM4 (Lack Of Cohesion Methods) to measure how cohesive classes are. Interpreting this metric is pretty simple as value 1 means that a class has only one responsibility (good) and value X means that a class has probably X responsibilities (bad) and should be refactored/split.

There is not any magic here, only common sense. Let’s take a simple example with class Driver. This class has two fields : Car and Brain, and five methods : drive(), goTo(), stop(), getAngry() and drinkCoffee(). Here is the dependency graph between those components. There are three blocks of related components, so LCOM4 = 3, so the class seems to have three different responsibilities and breaks the Single Responsibility Principle.

When it comes to Sonar, things remain pretty simple. A first widget is available within the project dashboard to get a quick insight :

From there, you can click to drill down and view the suspect classes. Knowing the LCOM4 value of a class is a good starting point but definitely not sufficient. Click on the class you are interested in and you will be presented with the block of cohesive methods :

Refactoring can start !

While writing this post, II found out a great post from Stuart Gunter : Assessing the Single Responsibility Principle with LCOM4 with Sonar 2.0. This is a post on “Sonar’s LCOM4 in action” that gives us good feedback on how to improve our algorithm to compute this experimental but valuable metric.

Earlier on this year, we mentioned in the Sonar roadmap for 2010 that after version 2.0 the main objective was to enable other languages on the platform through plugins. This development is on its way and the first plugin to come out is an Open Source plugin to analyze Flex / ActionScript projects that was released last week.

The version 0.1 of the plugin already enables to get base metrics such as Lines, Comments, Classes, Complexity and Statements with help of FlexMetrics. It also embeds FlexPMD (the equivalent of PMD for ActionScript) to provide an extensible and powerful coding rule engine. Finally it enables to report on duplicated code by using FlexCPD. As usual, all those tools are transparently orchestrated by Sonar to ease the installation and the use of the plugin.

As you can see, the release of this Sonar plugin for Flex projects was not possible without Adobe guys, thanks to François and Xavier, that have developed and keep improving the tools to analyze the code. The next steps for the plugin might consist of integrating FlexUnit for unit tests.

You might want to download the plugin straight away to give it a try, but you can also see it in action on Nemo.

Here are the next milestones in the roadmap of multi-languages :

• a SonarSource commercial Cobol Plugin planned for the end of April, but that can already be evaluated in beta
• SQLI, a French consulting company, is currently making a great contribution to deliver an open source plugin to analyze PHP projects
• A plugin to cover VisualBasic 6

Welcome to the roundup of blog posts and pages that mentioned Sonar last month…

Monetizing the Technical Debt
By Vikas Hazrati, 30 March 2010
Most Agile teams recognize the evils associated with technical debt. Just like a financial debt, the technical debt incurs interest payments. These are paid in the form of extra effort required to maintain and enhance the software which has either decayed or is built on a shaky foundation.

Assessing the Single Responsibility Principle with LCOM4 with Sonar 2.0
By Stuart Gunter, 26 March 2010
A while ago I mentioned that I’d set up Sonar as part of our continuous integration system here at G3. Every time I use it, I’m amazed at what a fantastic system it is. It’s incredible that such a seemingly small piece of software can be of such great value!

Anti Sonar Furtive Code
By The Invisible Man, 20 March 2010
How to make sonar happy with the least possible effort

Innovation to the Max: sonarsource
By Bill, 19 March 2010
Those guys were able to innovate constantly to provide a great platform and enable an ecosystem (through plug-ins some free, some are not) around them. Sonar is now in version 2.0 (good number) and support Flex (released recently), code review plug-in and COBOL is coming soon.

Think About Code Quality
By dotKam Blog, 7 March 2010
“Recently one of my friends from work asked me to help him improve the process around code quality and developer productivity. So I compiled my thoughts and e-mailed to him, but then I realized that it may be very helpful for others who are involved in software industry. Are you? Then keep reading…”

Upping the game : Improving your software development process
By John Ferguson, 3 March 2010
“How can you improve, harmonize and automate your development process using tools like Maven, Hudson, and Nexus? This presentation is a high-level overview of Java software development process improvement.”

Using Credit Limits to Constrain “Development on Margin”
By Israel Gat, 1 March 2010
“Buying (stocks) on margin is broadly recognized as a risky investment strategy. Funding long-term investments with short-term debt exposes the investor to margin calls as he/she might not be able to secure more financing when needed. The resultant margin call is never pleasant.”

Navigating your Code with Sonar
By Fred Stock, 15 February 2010
“Over the last few months I have been given the task of promoting code quality at work. The trouble is that “code quality” is a petty vague term, and once you add assorted egos from management, development and QE then the whole thing can become an exercise in futility. Luckily I stumbled across a tool that so far has kept both my managers and my peers happy.”

And in french and spanish :

Revue de code…
By Nicolas Delooof, 16 March 2010
“Je cherche depuis un moment un outil pour accompagner la revue de code, autre chose que l’impression des listings et le stabilo. Il y a évidemment l’excellente suite Atlassian, mais bien sûr accompagnée de son tarif – sans doute justifié – qui limite sensiblement mes chances de le voir accepté dans la boite à outils standard.”

Cómo romper dependencias cíclicas entre paquetes
By Emilio Escobar, 12 March 2010
“Sonar, con su versión 2.0, viene a cubrir todas las necesidades de control de la calidad de los proyectos de desarrollo; proporcionando además, herramientas sufientes para solucionar los problemas encontrados.”

2ème JUG : Sonar et les 7 péchés capitaux
By Jacques Couvreur, on 2 March 2010
“Arrivé vers 18h avec Johnny et Marc Elian… La salle est déjà bien remplie mais pas encore pleine… Je suis content d’être arrivé à l’heure, car il y a des rumeurs de surbooking dans le sens où des personnes non inscrites viendraient quand même… Au programme, Sonar et les 7 péchés capitaux du développeur…”