Ensuring Code Quality
Noriaki Tatsumi, Mgr, Performance Engineering
Scott Hurrey, Developer Relations Engineer
Blackboard, Inc.

How’s your application’s code quality?
2

Why Code Quality Matters
• Your code is your asset
• Increase
robustness, maintainability, security, performance, scal
ability, extensibility, etc.
• Keeps your cost down as you grow
Prevention is the best medicine!
3

Challenges with Code Quality
• Often talked about in theory but not actually practiced
• Hard to measure or prove
• Difficult to plan and prioritize
4

Blackboard Learn Code Quality Initiatives
• Coding guidelines
• Design reviews
• API standards
• Peer code review for every check-in
• Automated testing (unit, functional, perf, security)
• Static analysis
• Anti-patterns repository
5

Sonar – All Java Projects Aggregated Metric
6

Sonar – Quality Management Platform
http://www.sonarsource.org/
• Open source and extensible
• Manages code quality with
• Views of all projects at a glace, drill down to source
code, differential, hotspots
• Coding Rules
• Unit Tests
• Standard Metrics
• Time Machine
• Integration with tools such as
PMD, Findbugs, Checkstyle, JSLint, Clover, Cobetura, Huds
on (many plugins available)
7

Sonar – Timeline
You can’t improve if you don’t measure!
8

Sonar – Code Duplication Metric
You don’t have to have technical knowledge to understand!
9

Sonar – Duplicated Code Drilldown
10

Sonar – Rule Compliance Metric
You don’t have to have technical knowledge to understand!
11

Sonar – Rule Violation Drilldown
12

Sonar – Static analysis rule
13

Static Code Analysis (SCA)
• Applies rules to find potential bugs, anti-patterns, and
code style violations
• Catches problems as early as possible in the
development process
• A well-established industry practice for validating the
quality of source code
• Can be automated and tracked by tools like Sonar
14

SCA – Blackboard Learn Objectives
• No Blocker/Critical violations (Go/No-Go criteria for
releases starting SP10)
• Trend Major/Minor/Informational violations downwards
15

SCA – Blackboard Learn Supporting Process
Developer check-in
1. Run Blackboard’s custom pre-commit Sonar analysis
tool against files in changelists
2. Review results
• Fix blocker/critical violations
• Use granular suppression and document detailed reason for
no-fix
3. Repeat until at a minimum all Blocker/Critical
violations are addressed
16

SCA – Blackboard Learn Supporting Process
Nightly automation process
1. Execute Sonar analysis
2. Send violation email to the responsible engineers
3. Report all violations to engineering managers
4. Open JIRA tickets as necessary
17

SCA – Blackboard Learn Rule Sets
• 394 JAVA rules (20 custom rules)
• 10 JSP rules
• 14 JavaScript rules
• 5 CSS rules (Home grown plugin)
18

SCA – Go check it out!
• Sonar
http://www.sonarsource.org/
• Blackboard LearnTM custom PMD rules and Sonar Java
profile
http://tinyurl.com/bbquality
19

Code Quality for the Community
• A resource to assist Building BlockTM developers in
avoiding common performance, security and other
pitfalls.
• Product Development and Business Development
working together
• Will be built as a new section on edugarage.
• Self-service
• Tool recommendations
20

Code Quality Community Resources
• Custom Rule Sets
• Wiki
• Sample Code
• Recommended Tools
• Coming Soon:
• Plan to add an Anti-Pattern Repository
• Some method of allowing Community members to submit
anti-patterns back to Blackboard.
21

Code Quality Tool Types
• Static Code Analysis
• Sonar
• Forensic Analysis
• VisualVM
• Peer Code Review
• Crucible
• Automated Testing
• Junit
• Selenium
22

How Can I Help?
• Add your anti-patterns
• Add your lessons learned
• Add your system tuning tweaks
• Add your optimized sample code
• Join TechBUG and present your Code Quality
modifications and gotchas to your peers.
• Let us know what other areas you see that improvement
needs to be made
23