search

Tools and techniques for ensuring code quality

hashtag
Quality

Code quality divided into 4 levels:

hashtag
Correctness

Writing code that’s correct is the most basic requirement for a software engineer. It’s imperative to write code that can handle any input, no matter what it is. If you can do that, you will avoid giving the caller of your code any unwanted surprises.To achieve this level of coding “correctness”, you need to have a good understanding of code testability. You must also have extensive unit tests for your code.

hashtag
Efficiency

There are several types of efficiencies to consider. For instance, performance efficiency, space efficiency, power efficiency, algorithm convergence speed, user interaction efficiency, etc. Code efficiency is very context-dependent. The goal when writing any code is to be as efficient as possible under the given constraints.

One last note about efficiency: overdoing it is bad too. This is known as “premature optimization” and should be avoided. Only optimize what you need to optimize. When unsure, use the simplest solution first, and then do performance testing to decide if you need to improve the code further.

hashtag
Readability

Modern software engineering is always about teamwork. The code you write is not yours. It belongs to your team (or even other teams). So that the code should be readable and understandable and is able to be maintained by every team member.

A common industry practice used to get teams on the same page is called a coding style guide. In a coding style guide, a set of agreed-upon coding styles are shared by an entire team or organization.

Always follow your team’s existing convention. Do this even if it’s slightly different from other commonly accepted conventions. The most important thing is for your team’s code to be consistent.

So the key takeaway about readability is this: your teammates will be the judge of your code’s readability. The goal is for your colleagues to easily understand your code.

hashtag
Extensibility

Problems change. Code evolves. A good programmer can foresee changes that will come, take them into account, and write code that’s future-compatible. This is the magic of “extensibility”.

This is the key of extensibility: knowing what level is the right level. Answering this question is strangely more art than science. If you make your code too specific, the use case will be limited and every time the requirement changes, the code will need to be modified. If you make your code too generic, your clients need to do a lot to build on top of your code for their specific needs, and then it’s too difficult to use. It takes a lot of experience and intelligence to master extensibility. For most, the way to improve extensibility skills is to learn from our mistakes — try, fail, rinse, and repeat.

hashtag
Cyclomatic complexity

Cyclomatic complexity - is a measure of the code branches that can happen, it is most useful at the function or method level. The more branches and loops there are, the more difficult it is to follow the logic in that function.

Cyclomatic complexity is computed using the control-flow graph of the program: the nodes of the graph correspond to indivisible groups of commands of a program, and a directed edge connects two nodes if the second command might be executed immediately after the first command. Cyclomatic complexity may also be applied to individual functions, modules, methods or classes within a program.

‌ One testing strategy, called basis path testing by McCabe who first proposed it, is to test each linearly independent path through the program; in this case, the number of test cases will equal the cyclomatic complexity of the program.

hashtag
Sonar

SonarQubearrow-up-right is an automatic code review tool to detect bugs, vulnerabilities, and code smells in your code. It can integrate with your existing workflow to enable continuous code inspection across your project branches and pull requests.

SonarQube gives you the tools you need to write clean and safe code:

  • SonarLintarrow-up-right – SonarLint is a companion product that works in your editor giving immediate feedback so you can catch and fix issues before they get to the repository.

  • Quality Gatearrow-up-right – The Quality Gate lets you know if your project is ready for production.

  • Clean as You Codearrow-up-right – Clean as You Code is an approach to code quality that eliminates a lot of the challenges that come with traditional approaches. As a developer, you focus on maintaining high standards and taking responsibility specifically in the New Code you're working on.

  • Issuesarrow-up-right – SonarQube raises issues whenever a piece of your code breaks a coding rule, whether it's an error that will break your code (bug), a point in your code open to attack (vulnerability), or a maintainability issue (code smell).

  • Security Hotspotsarrow-up-right – SonarQube highlights security-sensitive pieces of code that need to be reviewed. Upon review, you'll either find there is no threat or you need to apply a fix to secure the code.

hashtag
Metrics:

  • Complexity (Cyclomatic Complexity, Cognitive Complexity)

  • Duplications (Duplicated blocks, Duplicated files, Duplicated lines, Duplicated lines (%))

  • Maintainability (Code Smells, New Code Smells, Maintainability Rating, Technical DebtTechnical Debt on New Code, Technical Debt Ratio)

  • Reliability (Bugs, New Bugs , Reliability Rating, Reliability remediation effort)

  • Security (Vulnerabilities, Vulnerabilities on new code, Security Rating, Security remediation effort)

  • Tests (coverage, coverage by line, conditional coverage)

PreviousUnit vs Integration vs E2E TestingNextPatterns

Last updated