SourceMeter

SourceMeter
SourceMeter
Developer	FrontEndART Ltd.
Stable release	7.0 / May 31, 2015
Written in	C/C++
Operating system	Cross-platform
License	EULA
Website	www.sourcemeter.com

SourceMeter is a source code analyzer tool, which can perform deep static analysis of the source code of complex Java, C/C++, RPG (AS/400) and Python systems^[1]. FrontEndART has developed SourceMeter based on the Columbus technology^[2] researched and developed at the Department of Software Engineering of the University of Szeged.

The source code of a program is usually its only up-to-date documentation. At the same time, the source code is the exquisite bearer of knowledge, business processes and methodology, accumulated over a long period of time. Source code quality decrease, which happens due to many quick fixes and time pressure, results in the increase of development and testing costs, and operational risks. In spite of this, the source code usually receives hostile treatment and is merely considered as a tool^[3]^[4].

Background

During the static analysis, an Abstract Semantic Graph (ASG) is constructed from the language elements of the source code. This ASG is then processed by the different tools in the package to calculate product metrics ^[5] like LLOC^[6], NLE or NOA, identify copy-pasted code (clones), coding rule violations, etc.

SourceMeter can analyze source code conforming to Java 8 and earlier versions, C/C++, RPG III and RPG IV versions (including free-form as well) and Python 2.7.8 and earlier versions. In the case of C/C++, SourceMeter supports the ISO/IEC 14882:2011 international standard ^[7] extended with several new features from ISO/IEC 14882:2014, and C language defined by the ANSI/ISO 9899:1990, ISO/IEC 9899:1999 and ISO/IEC 9899:2011 standards. Besides the standard features, several GCC and Microsoft specific extensions are also supported.

Features

Precise and deep static analysis, building full semantic graphs, containing semantic edges (calls, references), comments, etc.
60+ source code metrics (complexity, coupling, cohesion, inheritance, etc.), on different levels (package, namespace, class, method, etc.)
Type-2 duplications with respect to syntax boundaries
Code duplication metrics (stability, embeddedness, dispersion, etc.)
Detecting inconsistent changes of duplications
Checking coding rules
Detection of security vulnerabilities based on data-flow (SQL injection, XSS, etc.)
Checking metric-based rule violations
Checking Android specific rule violations
Detecting runtime exceptions by means of symbolic code execution (for Java only)

SonarQube plug-in

FrontEndART SourceMeter SonarQube plug-in^[8] is specifically developed for SonarQube users, who would like to boost the built-in capabilities of SonarQube and increase productivity. The SourceMeter SonarQube plug-in is an extension of SonarQube™, an open-source platform for managing code quality made by SonarSource S.A, Switzerland. The plug-in extends the built-in Java code analysis engine of SonarQube with FrontEndART’s high-end Java code analysis engine^[9]. Most of SonarQube’s original analysis results are replaced (including the detected source code clones), while the range of available analyses is extended with a number of additional metrics and issue detectors. Additionally, the plug-in offers new features on the SonarQube dashboard and drill-down views.

Supported platforms

Microsoft Windows XP Service pack 3
Microsoft Windows 7
Microsoft Windows 8 and 8.1
Microsoft Windows 2008 R2 Server
Microsoft Windows 2012 Server
GNU/Linux with kernel version 2.6.18 and GNU C library 2.11 or newer

References

^ Gábor Szőke, Csaba Nagy, Rudolf Ferenc, Tibor Gyimóthy: "A Case Study of Refactoring Large-Scale Industrial Systems to Efficiently Improve Source Code Quality" In Proceedings of the 14th International Conference on Computational Science and Its Applications (ICCSA 2014), Guimaraes, Portugal, June 30 - July 3, 2014. Published in Lecture Notes in Computer Science (LNCS), Springer-Verlag, volume 8584, pages 524-540, 2014.
^ Árpád Beszédes , Rudolf Ferenc , Tibor Gyimóthy: "Columbus: A reverse engineering approach"
^ SourceMeter on QA Testing Tools
^ SourceMeter on Testtool Review
^ Source code metrics reference
^ István Siket, Árpád Beszédes, John Taylor: "Differences in the Definition and Calculation of the LOC Metric in Free Tools"
^ SourceMeter at ISO C++ standard
^ Ferenc R., Langó L., Siket I., Gyimóthy T.: "Source Meter Sonar Qube Plug-in" In Proceedings of the 14th IEEE International Working Conference on Source Code Analysis and Manipulation (SCAM 2014). Victoria, British Columbia, Canada, pages 77-82. September 28-29, 2014]
^ Differences between PMD rule violations and FaultHunter rule violations

This programming-tool-related article is a stub. You can help Wikipedia by expanding it.

[1] Gábor Szőke, Csaba Nagy, Rudolf Ferenc, Tibor Gyimóthy: "A Case Study of Refactoring Large-Scale Industrial Systems to Efficiently Improve Source Code Quality" In Proceedings of the 14th International Conference on Computational Science and Its Applications (ICCSA 2014), Guimaraes, Portugal, June 30 - July 3, 2014. Published in Lecture Notes in Computer Science (LNCS), Springer-Verlag, volume 8584, pages 524-540, 2014.

[2] Árpád Beszédes , Rudolf Ferenc , Tibor Gyimóthy: "Columbus: A reverse engineering approach"

[3] SourceMeter on QA Testing Tools

[4] SourceMeter on Testtool Review

[5] Source code metrics reference

[6] István Siket, Árpád Beszédes, John Taylor: "Differences in the Definition and Calculation of the LOC Metric in Free Tools"

[7] SourceMeter at ISO C++ standard

[8] Ferenc R., Langó L., Siket I., Gyimóthy T.: "Source Meter Sonar Qube Plug-in" In Proceedings of the 14th IEEE International Working Conference on Source Code Analysis and Manipulation (SCAM 2014). Victoria, British Columbia, Canada, pages 77-82. September 28-29, 2014]

[9] Differences between PMD rule violations and FaultHunter rule violations

[1]

[2]

[3]

[4]

[5]

[6]

[7]

[8]

[9]