Skip to content

Latest commit

 

History

History
145 lines (83 loc) · 10.6 KB

README.md

File metadata and controls

145 lines (83 loc) · 10.6 KB
Name Toxicity Chart Plugin
License GNU LGPL 3
Author Cezar Coca
Issue tracker https://github.com/cezarcoca/sonar-toxicity-chart/issues
Version Date Description SonarQube
1.0 Jan 09, 2015 Supports both, Java and C# languages 4.5.1+ (LTS) Release Notes Download
1.1 May 03, 2015 Add support for SonarQube 5.x 5.0+ Release Notes Download

Motivation

Why is the quality of the code important? Firstly, it is important for economic reasons. For calculating the total cost of a software application, the following formula [Bek071] can be applied:

cost_total= cost_develop + cost_maintain

Where the maintenance cost is made of:

cost_maintain = cost_understand + cost_change + cost_test + cost_deploy

Since statistically it has been noticed that the balance of the maintenance cost greatly exceeds that of the development cost (as depicted in image below), it becomes obvious that the monitoring of the quality of the code in view of diminishing the maintenance costs represents a key factor in the realization of a long-lasting/ stable software system.

Software Life Cycle

source: [Object-oriented and Classical Software Engineering]

An obvious step to achieving cost effective maintenance includes selecting the appropriate maintenance strategy and monitor each of the 4 cost elements listed below:

Read vs Write code

source: [blog.codinghorror.com]

  • cost_understand Programs are read more often than they are written (see above image). Code communicates well when a reader can understand it, modify it, or use it.
  • cost_change Eliminating excess complexity and duplication enables those reading, using, and modifying programs to understand them more quickly and to change successfully in the future
  • cost_test Testable code is essential to lower maintenance costs
  • cost_deploy Continuous delivery practices help to drive down costs and reduce the risks

Description / Features

This plugin is an implementation of the Toxicity Chart visualization technique presented by Erik Dörnenburg on his blog, here and here. This technique is useful to quickly get an idea of the general quality of a large existing code base. Toxicity Charts stack multiple static analysis metrics for classes, methods, or components within an application, providing a combined toxicity score for each area of the code base. This can be extremely useful in helping managers and non-developers understand the internal quality of the code.

Toxicity Chart for Hibernate (Java)

Toxicity Chart - Java

Toxicity Chart for NHibernate (C#)

Toxicity Chart - C#

In a Toxicity Chart each bar represents a class and the height of the bar shows the toxicity score for that class. The score is based on a set of rules rules (see Usage & Installation section) and different colours are used to represent each one. This makes it possible to easily spot not only how toxic a code base is, but also how the problems are distributed and what the preponderant code smell is. The classes that score zero points are left off the chart. The metrics are computed using the threshold value set for corresponding rule from SonarQube / C# SonarQube repositories.

Rules configuration

For example if the Method Length metric has a threshold of 30 and a class comprises three methods, one that is 25 lines, one that is 45 lines and another that is 60 lines long, then the score is calculated to be proportional to the length of the method in relation to the threshold and for the given scenario the class gets 1.5 + 2 = 3.5 points.

Axes of Quality

All the metrics are computed using the approach presented above.

File Length

Total of points accumulated due to the violation of File Length rule. The possible associated technical debts are: Understandability, Maintainability and Single Responsibility Principle violation.

Method Length

Total of points accumulated due to the violation of Method Length rule. The possible associated technical debts are: Understandability, Maintainability and Single Responsibility Principle violation.

Cyclomatic Complexity

Total of points accumulated due to the violation of Cyclomatic Complexity rule. The possible associated technical debts are: Understandability, Maintainability and Testability.

Parameter Number

Total of points accumulated due to the violation of Parameter Number rule. The possible associated technical debts are: Understandability, Maintainability and Testability.

Boolean Expression Complexity

Total of points accumulated due to the violation of Boolean Expression Complexity rule. The possible associated technical debts are: Understandability, Maintainability and Testability.

Nested If Depth

Total of points accumulated due to the violation of Nested If Depth rule. The possible associated technical debts are: Understandability, Maintainability and Testability.

Nested Try Depth

Total of points accumulated due to the violation of Nested Try Depth rule. The possible associated technical debts are: Understandability, Maintainability and Testability.

Missing Switch Default

Total of points accumulated due to the violation of Missing Switch Default rule. The possible associated technical debt is: Correctness.

Class Fan Out Complexity

Total of points accumulated due to the violation of Class Fan out Complexity rule. The possible associated technical debts are: Understandability, Maintainability, Testability and High Coupling.

Anon Inner Length

Total of points accumulated due to the violation of SonarQube Anon Inner Length rule. The possible associated technical debt is: Maintainability. Average value

Total of points accumulated due violation of all above rules divided by the number of classes that score more than one point.

Installation

  1. Download the plugin into the SONARQUBE_HOME/extensions/plugins directory
  2. Restart the SonarQube server

Usage

  1. Make sure the SonarQube / C# SonarQube Rules listed below are enabled in your profile and that the threshold values are set appropriately.
  2. Launch a new quality analysis to calculate the metrics.
  3. Add the widget "Toxicity Chart" available under the category "Technical Debt" in your dashboard to see the results.

The table below lists the Squid rules that should be enabled in order to generate the Toxicity Chart.

Issue SonarQube Repository rule C# SonarQube Repository rule
File Length S00104 FileLoc (4.5.x) or S104 (5.x)
Method Length S138 -
Cyclomatic Complexity MethodCyclomaticComplexity FunctionComplexity (4.5.x) or S1541 (5.x)
Parameter Number S00107 S107
Boolean Expression Complexity S1067 S1067
Nested If Depth S134 -
Nested Try Depth S1141 -
Missing Switch Default SwitchLastCaseIsDefaultCheck SwitchWithoutDefault (4.5.x) or S131 (5.x)
Class Fan Out Complexity S1200 ClassCoupling or AvoidExcessiveClassCoupling
Anon Inner Length S1188 -

If the number of classes that score more than one point is greater than 125, then the numbers on the X axis will overlap each other. In order to make the chart readable in this situation the Toxicity Chart threshold value can be changed in Configuration > General Settings > Toxicity Chart panel. The classes that have the score below the threshold value are left off the chart. The threshold value is not taken into account in toxicity metrics computing.

Toxicity Chart threshold setting

Supported Languages

Java and C# projects