Expert System for Source Code Analysis and Improvements



Alexander Lipanov, PhD in Computer science, Softarex Technologies Inc

What is a modern code quality?

It is well known that quality assurance is a crucial step in the software product lifecycle. And it is not
surprising that there are plenty of sophisticated concepts, approaches, standards (including ISO), models,
methods, and tools aimed at facilitating and improving the testing processes. At first glance, all software
developers and QA teams are free to choose whatever they like or whatever best fits their internal workflows.

However, there are two major problems that still exist:

  • The first problem is that most of these methods, standards, and tools are more about formal QA indicators,
    such as functionality, performance, reliability, and security, rather than source code quality, such as
    extendibility, scalability, reusability, understandability, compliance with the object-oriented paradigms,
    and so on.
  • The second problem is that even formal checks of the source code quality and possible improvements are
    often difficult and time-consuming and, therefore, many QA teams are forced to minimize them or even
    skip entirely.

Unfortunately, the importance of source code quality is often underestimated by many software companies
that focus on saving development costs and reducing time-to-market. But we still believe that clear,
concise, and supportable source code is a cornerstone of each premium-quality software product. This
basic concept has laid the foundation of our flagship product, codeNforcer.

How can codeNforcer help?

Our codeNforcer is a powerful QA system for both centralized and
distributed teams with a focus on source code quality and improvements.

Basically, it offers three large groups of indicators (or metrics) that represent the results of source code
analysis and provides you with a comprehensive picture of the source code quality:

  • Statistical metrics – this group contains metrics that assess the number of entities on the
    application level and on the method level. Statistical metrics, in turn, comprise two subgroups, which are
    quantitative metrics and complexity metrics. The quantitative metrics indicate the number of
    classes, methods, structures, interfaces, lines of code, number of comments, etc., while the complexity
    metrics are calculated using special formulas, including various algorithm complexity evaluations.

    The entities supported on the application level include: packages, namespaces, types, classes,
    interfaces, structures, methods, properties, fields, lines of code and lines of comments, density of
    comments, public data percentage, Halstead complexity, and more.

    The entities supported on the method level include parameters, overloads, functions, and more.

    Statistical metrics are provided for source code written in Java, C++, C#, and PHP. Most of them are
    language-specific, as shown in the table below:

  • Object-oriented metrics – this group contains metrics that assess the compatibility with the
    object-oriented paradigms: coupling, afferent/efferent coupling, instability, relational cohesion,
    distance from main sequence, abstractness, association between classes, cyclomatic complexity, depth
    of inheritance tree, etc. Just like the statistical metrics, most object-oriented metrics are also
    language-specific:

  • CISQ metrics – these are the traditional QA indicators proposed by the Consortium for IT Software
    Quality (CISQ), such as Reliability, Performance Efficiency, Security, and Maintainability.
    CodeNforcer providing abilities for source code checking with using CISQ metrics and show all
    CISQ metrics violations for Reliability, Performance efficiency, Security and Maintainability.

Certainly, many of the above mentioned indicators are not common-purpose and sometimes not so informative,
but taken generally and with all their mutual dependencies, they can give very useful insights to QA teams.

Tools for source code analysis in CodeNforcer

In addition to a variety of source code quality metrics, CodeNforcer provides a powerful set of tools for QA
checks and source code improvements. These include:

  • Code review tools – convenient software modules for automatic and semi-automatic assessment of
    large and sophisticated source code, when manual checks are too hard or time-consuming to perform.

  • Source code style checkers – tools that automatically check the source code for style errors.
    Most development teams and companies have their own style guides that must be strictly followed by
    each developer, since the style is not about code aesthetics – it’s about code readability. CodeNforcer
    can help maintain the proper style of the entire source code and even automatically correct certain errors, e.g. remove unnecessary variables and unused methods, as well as resolve security issues in SQL constructions and event handlers.

  • Tools for architecture quality checks – these tools are used for the proper assessment of the
    software architecture quality that is always a challenge especially when you need to restructure the
    basic design of your software without losing any of its features. CodeNforcer provides everything
    you need to objectively assess and seamlessly restructure the application design without sacrificing its
    functionality or performance.

And how do all of the above work together?

codeNforcer integrates all of the features described above into a
streamlined and easily configurable workflow shown in the picture below.

If you want to quickly get started with codeNforcer and perform a rapid,
yet thorough, check of your source code base, this workflow is just for you. And once all the checks are
finished and all the improvements are done, the source code can be easily submitted to your GitHub, Git or
TFS repository directly from CodeNforcer