2. Who am I ?
• Senior Technical Architect @ Accenture Software
• Current Role
• Focusing on improving the software design /code quality
• Previous Roles:
• Application Architect, Infrastructure Architect and
Operation Architect for SOA Java Projects
3. Presentation Goals
• Knowledge of the Seven Deadly Developer Sins
• Role of SonarQube in identifying them
• Software patterns and principles to reduce the
same.
• Q/A
4. Sin
• Sin can be viewed as anything
that violates the ideal
relationship between an
individual and his conscience
• Software sin can be viewed as
anything that violates the ideal
relationship between an
software developer and
SonarQube.
Developer
Sin
Separates
Developer
and Code
SonarQube
5. Architecture/Design Sin 1 :
Violation of architecture layer
Presentation
Layer
Controller
Layer
Service Layer
Persistence
Layer
• MVC is a design
pattern to separate
the different layers.
• SonarQube helps
you to identify the
violations of the
architecture
patterns
6. Architecture/Design Sin 1 :
Violation of architecture layer
• Create Architecture
Rules
• Create Package
Structure
• no access to
*.controller.* from
*.dao.* classes
7. Architecture/Design Sin 2:
Creating Dependency Cycle
• Design Structure Matrix
(DSM) showing how
components depend
one on the other,
highlighting dependency
cycles and showing
details on dependencies
• Dependency –Inversion
Principle
• Interface Segregation
Principle
9. Lack of Proper Unit Test Sin 4:
• Make sure the JUnit tests are
aligned to business
requirements and it tests the
right business functionality.
• Check for both positive and
negative results
• Provide logical names for
your unit tests.
• Verify all the mock objects to
ensure unnecessary mocking
is not done for the test case.
• SonarQube also shares
the failures and errors
in the unit test success.
10. Un Documented Source Code Sin 5:
• Public API
• Public Class
• Public Method
• Public Property
• SonarQube measures the
quantity and not the quality
of the API
• Include the purpose of the
method also the
descriptions of input and
output parameters
/**
* Test Condition 1: Check
to make sure that the person is
responsible for the General Medical
Benefit
* Inputs: Eligible programs
to the rules engine.
* Expected Results:
Verified eligible programs are in the
results.
11. Duplicate Source Code Sin 6:
• Use Patterns like Extract
Method to reduce
duplication.
• Violates DRY principle
• SonarQube will help you to
identify the duplicate code
in the same file , project and
even across multiple
projects.
• SonarQube shares
the duplicate lines,
blocks and files
12. Coding Standard Breach Sin 7 :
Indication of
programmer
error
Severity
BugsPotential
bugs
Inefficiencies
BlockerCriticalMajorMinorInfo
Future
programmer error
Style
Issues require
urgent fix
Issues require
analysis
Source: Campbell, Papapetrou: SonarQube in Action
13. Bugs and Potential Bugs
• Bug (Blocker and Critical) : Failures to close file
handles or database connections
• Potential bugs (Critical or Major): Potential Null
pointer condition during a certain scenario
14. Bugs and Potential Bugs
• Indication of Programming error (Major) : Avoid
logging and throwing – as this results in multiple log
messages for the same problem. Exception should
be logged as the last resort error handler.
• Future Programming Error (Major/Minor): Methods
that are too long and complex.
• Inefficiencies (Minor) : Unused import and
methods.