2014-05-17

How to Assure Code Quality & Standards

Code quality is an essential part of reliable high quality software where malfunctions — once they occur — can be detected and resolved quickly. To achieve a high level of software quality, certain conditions must be established to make quality not only a result of high effort and engineering passion but the result of an explicit systemic rule set. 

There are several ways for automated code quality assessment and validation. For JVM (Java Virtual Machine) languages there are two ways to facilitate automated code analysis:
  • Using static byte code based analyzers like FindBugs, that look for (anti-) patterns in the compiled JVM language code.
    • The advantage of this tool is that it is suitable for polyglot environments and is JVM language agnostic. On the one hand it can detect issues other kind of tools cannot (e.g. UCF_USELESS_CONTROL_FLOW), on the other hand it depends on a specific class file format that is different in every major JVM release. And so far (16-05-2014) support for Java 8 is not yet available.
  • Using static code analyzers like PMD is also dependent on the Java language code version and is not available for all JVM languages (e.g. Groovy and Scala) but has the advantage that you do not need to compile the code base before analysisSonarQube is another tool of this kind though it is better integrated into most CIs and IDEs and accommodates a broader range of validation patterns that can be applied.
    • The common assumption and base for this kind of analyzers is that there are some idiomatic code constructs & patterns which usage should be encouraged. Correspondingly there are non-idiomatic or even (known) bogus code patterns which usage could result in building up harmful non-efficient & badly maintainable architectures.
    • Another consequence of using code pattern matching, is that analyzers based on this technique are not very well suitable for polyglot project environments as they are language-specific.
There are vendor-specific code quality assurance tools like JetBrains' Code Inspection capability that is well integrated into both JetBrains' IDE IntelliJ and the TeamCity CI. The advantage of this tool is that it has the best integration of all, previously mentioned code quality assurance tools and offers a bulk fix feature suitable for polyglot and multi-framework projects. This feature enables developers to fix some specific code quality issue classes with just a single click, automatically, and across the entire project. The disadvantage is the obvious vendor dependency as this tool is not OSS.

Example for Code Quality & Standards Issues