Expert system for source code quality analysis – codeNforcer

Alexander Lipanov, Ph.D. in Computer science, Softarex Technologies Inc

What is a modern code quality?

It is well known that quality assurance is a crucial step in the software product lifecycle. And it is not surprising that there are plenty of sophisticated concepts, approaches, standards (including ISO), models,
methods, and tools aimed at facilitating and improving the testing processes and code quality analysis. At first glance, all software developers and QA teams are free to choose whatever they like or whatever best fits their internal workflows.

However, there are two major problems that still exist:

• The first problem is that most of these methods, standards, and tools are more about formal QA indicators, such as functionality, performance, reliability, and security, rather than source code quality, such as extendibility, scalability, reusability, understandability, compliance with the object-oriented paradigms,
  and so on.
• The second problem is that even formal checks of the source code quality analysis and possible improvements are often difficult and time-consuming and, therefore, many QA teams are forced to minimize them or even skip entirely.

Unfortunately, the importance of source code quality is often underestimated by many software companies that focus on saving development costs and reducing time-to-market. But we still believe that clear, concise, and supportable source code is a cornerstone of each premium-quality software product. This basic concept has laid the foundation of our flagship product, codeNforcer.

How can codeNforcer help?

Our codeNforcer is a powerful QA system for both centralized and
distributed teams with a focus on source code quality analysis and improvements.

Basically, it offers three large groups of indicators (or metrics) that represent the results of source code analysis and provides you with a comprehensive picture of the source code quality:

• Statistical metrics — this group contains metrics that assess the number of entities on the application level and on the method level. Statistical metrics, in turn, comprise two subgroups, which are quantitative metrics and complexity metrics. The quantitative metrics indicate the number of classes, methods, structures, interfaces, lines of code, number of comments, etc., while the complexity metrics are calculated using special formulas, including various algorithm complexity evaluations.
   
   
  The entities supported on the application level include packages, namespaces, types, classes, interfaces, structures, methods, properties, fields, lines of code and lines of comments, the density of comments, public data percentage, Halstead complexity, and more.
   
  The entities supported on the method level include parameters, overloads, functions, and more.
   
  Statistical metrics are provided for source code written in Java, C++, C#, and PHP. Most of them are language-specific, as shown in the table below:
   
  

  

• Object-oriented metrics — this group contains metrics that assess the compatibility with the object-oriented paradigms: coupling, afferent/efferent coupling, instability, relational cohesion,
  distance from the main sequence, abstractness, association between classes, cyclomatic complexity, depth of inheritance tree, etc. Just like the statistical metrics, most object-oriented metrics are also
  language-specific:
   

  

• CISQ metrics — these are the traditional QA indicators proposed by the Consortium for IT Software Quality (CISQ), such as Reliability, Performance Efficiency, Security, and Maintainability.
  CodeNforcer providing abilities for source code checking using CISQ metrics and show all CISQ metrics violations for Reliability, Performance Efficiency, Security, and Maintainability.

Certainly, many of the above-mentioned indicators are not the common purpose and sometimes not so informative, but taken generally and with all their mutual dependencies, they can give very useful insights to QA teams.

Tools for source code analysis in CodeNforcer

In addition to a variety of source code quality analysis metrics, CodeNforcer provides a powerful set of tools for QA checks and source code improvements. These include:

• Code review tools — convenient software modules for automatic and semi-automatic assessment of large and sophisticated source code, when manual checks are too hard or time-consuming to perform.
• Source code style checkers — tools that automatically check the source code for style errors. Most development teams and companies have their own style guides that must be strictly followed by
  each developer since the style is not about code aesthetics – it’s about code readability. CodeNforcercan help maintains the proper style of the entire source code and even automatically correct certain errors, e.g. remove unnecessary variables and unused methods, as well as resolve security issues in SQL constructions and event handlers.
• Tools for architecture quality checks — these tools are used for the proper assessment of the software architecture quality that is always a challenge especially when you need to restructure the basic design of your software without losing any of its features. CodeNforcer provides everything you need to objectively assess and seamlessly restructure the application design without sacrificing its functionality or performance.

And how do all of the above work together?

codeNforcer integrates all the features described above into a
the streamlined and easily configurable workflow shown in the picture below.

If you want to quickly get started with codeNforcer and perform a rapid,
yet thorough, check of your source code base, this workflow is just for you. And once all the checks are finished and all the improvements are done, the source code can be easily submitted to your GitHub, Git, or TFS repository directly from CodeNforcer.