Skip to Content

Quality of software projects is a huge topic and most of the time is focused around management of the project: agile, change management, etc. An area of equal importance is code quality. For most programming languages a QM product is available. SAP with ABAP comes with code quality tools, and because Java has an enormous eco system, Java also does have a wide range of code quality tools available. From the several (commercial) tools available, let me show how an open source one can be used for SAP Java projects: Sonar.

Sonar is a server application that allows for a central code quality analysis. The primary focus is Java, several plugins exists that allow analyzing different languages. From the obvious ones like JSP and Javascript, ABAP is also available (commercial). With the main focus on Java, Sonar comes with Eclipse IDE plugins to really enable productivity for developers. How does Sonar look like?

/wp-content/uploads/2012/04/sonar1_1_93412.jpg

Overview of one project

/wp-content/uploads/2012/04/sonar1_2_93413.jpg

Drill down into a severity area

/wp-content/uploads/2012/04/sonar1_3_93414.jpg

Drill down into source code

From an overview page a developer can drill down to the class to the actual source code where an issue is identified. As Sonar is a central server with permission control, a hierarchy and roles can be established like project owner, senior developer, developer, clients. Everybody can access the project and see or give feedback of the status and identified issues. Sonar can be used to established code guidelines in a project / company, help the developers to produce better and standardized code and used to show to the customer the quality of the code.


The analysis of the code can be done by looking at the plain source code and use rules to identify violations of pre-defined best practices or by a more advanced analysis of the binary code. For the later findbugs is used. This gives more control over possible bugs that normally only will be discovered during runtime. As runtime means that the project has to be deployed, started and executed, any bug found by findbugs helps saving time. To make findbugs work, Sonar has to know where to find all the classes referenced in the byte code. If the class files are not available, the analysis won’t be executed.

Run the analysis by using the source code on a PAR file for SAP Portal

/wp-content/uploads/2012/04/sonar1_4_93415.jpg

Looks good, as no blocker or critical error is found. That code shouldn’t throw an exception when executed. Analyzing the same code with a different profile: findbugs.

/wp-content/uploads/2012/04/sonar1_5_93416.jpg

Compared to the source code analysis, findbugs now shows 2 blockers and 2 critical bugs. Unlikely that the program won`t crash when executed.

/wp-content/uploads/2012/04/sonar1_6_93418.jpg

To show what findbugs do I prepared a rather simple example. The code simply will do a cast that cannot work:

/wp-content/uploads/2012/04/sonar1_7_93417.jpg

Findbugs is able to find this out and correctly report an impossible cast. It even shows what I try to do: cast from Integer to String. Depending where this kind of cast is hidden in the source code, maybe only a really profound testing would have shown the error, maybe only in production.


Web Dynpro Java

To see how findbugs works with Web Dynpro Java I wrote a really simple WDJ application. Web Dynpro Java program analyzed, only the source code:

/wp-content/uploads/2012/04/sonar1_8_93419.jpg

The issues found are more or less caused by the code generator of WDJ.

/wp-content/uploads/2012/04/sonar1_9_93420.jpg

Most of these issues can be resolved my naming variables, methods, etc differently and by SAP looking at the code generator. Now with findbugs:

/wp-content/uploads/2012/04/sonar1_10_93421.jpg

The dead store issue may or not be an error of the developer (or javac). Because I prepared the code, I know that the error stems from a coding error. In the view a value node with cardinality 0..n was created. Without initialization of the node this throws a NullPointerException during runtime. Changing the cardinality to 1..n and running Sonar again:

/wp-content/uploads/2012/04/sonar1_11_93423.jpg

In that case, Sonar helped to identify an error that only can be discovered after deploying the WDJ application. As that kind of error immediately occurs when the user is accessing the view and thus ending the test case, Sonar helps to resolve these kinds of errors faster.

Sonar is for Java, but SAP interpreted Java sometimes in an interesting way; think of Web Dynpro Java. As shown, Sonar can be used to analyze all kinds of SAP Java projects. WDJ produces in the end . java and .class files, portal applications are Java projects and so is the rest of Java projects (like PI). While ABAP comes with a code inspector (you are using, right?), there is no such solution from SAP for Java. If you want to get started with code quality management in Java for SAP, there are several solutions for Java available. To get started you can try Sonar.

What is needed are accelerators, guidelines and plugins from SAP for their specific Java project types. That would really make a difference for Java developers.

To report this post you need to login first.

6 Comments

You must be Logged on to comment or reply to a post.

    1. Tobias Hofmann Post author

      Hi Tom,

      yeah, this one took way longer than I thought. And actually it’s just a part of what I’ve written. Next time I’ll blog about Sonar and Eclipse integration. And then about Jenkins, jMeter, TestNG, Selenium, etc.

      (0) 
    1. Tobias Hofmann Post author

      Hi Markus,

      In that case: any chances that you’ll write a blog about it? And I’m sure you are not only implementing Sonar, some CI and test tools are also involved, right? Should be a really interesting blog to read …

      (0) 
      1. Markus Riedinger

        now you got me… since months myself and my team say: “we should write a blog about this”…. we will try !. We are also heavily using jmeter and for funcational acceptance we use cucumber. In any case we are looking foreward to read more from you.

        (0) 

Leave a Reply