Bad code leads to bugs, hard understanding, hard maintenance. We should really learn to write good code, and with so much open source tools for code analysis we could improve it one step higher.
Sonar is a tool for code quality analysis. It helps improving software quality using static analysis tools. It targets Java code, but there are plugins for Flex, C, PHP, .Net and other languages. The Flex plug-in specifically uses
FlexPMD,
FlexMetrics,
FlexCPD and
FlexMojos.
In this post I will show you the features that FlexPMD gives us within Sonar. I think that this tool is not really known by the Flex developers, I admit that I also didn't have an idea what it is until recently.
Have you used eclipse for Java developing? I really love when warnings like unused variables and not called methods appear. Well FlexPMD does this for us along with a lot more things. It even can be used
inside of Eclipse to show you live reports. There are defined rules that FlexPMD follows to catch issues in the code and bad practices. Great thing is that you can also define your own rules using this
flex app
Step 1. So first go and download
Sonar. After that download the
flex plugin for it. It is a jar file. Now extract the contents of the sonar archive in a desired location, and place the
sonar-flex-plugin-x.x.x.jar in
extensions\plugins directory of sonar. That's pretty much what you need to start sonar. By default it uses an embeded
Apache Derby database, that you can change to whatever you want in
sonar.properties file in
conf folder. So now start Sonar. I start it from bin\windows-x86-32\StartSonar.bat as I am a windows user, if you are on other operating system start it from bin\YOUR_SYSTEM\sonar.sh. Have in mind that it takes a while to start so have patience. To assure that it is started open a browser and navigate to
http://localhost:9000/
Step 2. Create a flex project. I will create a small test project with one class written really ugly and bad and doesn't actually do a thing it is here to show you what errors Sonar will find. Pff It doesn't even deserve to be put it in a code tag and to be styled because I am embarrassed of it :)
Here it is:
MyTestComponent.as
public class MyTestComponent extends UIComponent
{
private var r:Number;
private var variableNotUsed:Object;
override protected function updateDisplayList(unscaledWidth:Number, unscaledHeight:Number):void
{
r = Math.random()* 85;
var child1:UIComponent = new UIComponent();
addChild(child1);
}
public function myFunctionWithVeryLongNameAndLotsOfParametersThatDoesNothing(p1:String, p2:Number, p3:Object, p4:Boolean, p5:int, p6:*, p7:Array):void
{
return;
}
}
Step 3. Run analysis built with
Maven. For this step you should have Maven 2 on your computer (I think Maven 3 will also work, but I have tested it with 2).
Note A lot of Flex developers think of Maven as the Black ninja, Java developers use for their projects. Maven is a tool that helps managing the building, documentation, testing and reporting for Java projects. With FlexMojos you can even use it for your Flex projects also. It is a lot useful for continuous integration. So my note to the Flex developers: don't be afraid of Maven, it is here to help us :)
Assuming that you have Maven on your computer, as the documentation on the sonar site suggests, add
flex
flexpmd.opensource.adobe
true
false
FlexPMD repository on opensource.adobe.com
http://opensource.adobe.com/svn/opensource/flexpmd/maven-repository/release/
this to the settings.xml file of maven located either in
$M2_HOME/conf/settings.xml or
${user.home}/.m2/settings.xml
And now in the flex project folder add a new file named
pom.xml
4.0.0
Test Sonar Project
com.tgeorgiev
sonar.test
0.1
pom
src
flex
false
Now open a console, navigate to the location of your flex project and type "mvn sonar:sonar -Pflex".
Step 4. After some time of downloading the needed jars for the build and running the analysis task we can check what happened when we open
http://localhost:9000/ There should be displayed our project with all the violations that were detected.
For my test project I have
Blocker 12
Critical 0
Major 9
Minor 0
Info 1
And when I select to see the Blocker issues for example I see:
Hmm strange, but it found most of the issues I think are present in this code :)
So tell me, do you use Sonar for static analysis of the code, or maybe some other tool? And I'm really interested on how do you use it? Did you integrated it in continuous build or do you check the code once in a while on your computer? Do you use it individually or your whole team uses it.