SourceMeter explained
SourceMeter |
Latest Release Version: | 8.2 |
Operating System: | Cross-platform |
Programming Language: | C, C++ |
SourceMeter is a source code analyzer tool, which can perform deep static program analysis of the source code of complex programs in C, C++, Java, Python, C#, and RPG (AS/400).[1] FrontEndART has developed SourceMeter based on the Columbus technology[2] researched and developed at the Department of Software Engineering of the University of Szeged.[3] [4]
Background
During the static analysis, an abstract semantic graph (ASG) is constructed from the language elements of the source code. This ASG is then processed by the different tools in the package to calculate product metrics[5] like LLOC,[6] NLE or NOA, identify duplicate code (copy-pasted code; clones), coding rule violations, etc.
SourceMeter can analyze source code conforming to Java 8 and earlier versions, C/C++, RPG III and RPG IV versions (including free-form), C# 6.0 and earlier versions and Python 2.7.8 and earlier versions. In the case of C/C++, SourceMeter supports the ISO/IEC 14882:2011 international standard[7] extended with several new features from ISO/IEC 14882:2014, and C language defined by the ANSI/ISO 9899:1990, ISO/IEC 9899:1999 and ISO/IEC 9899:2011 standards. Besides the standard features, several GCC and Microsoft specific extensions are also supported.
Features
- Precise and deep static analysis, building full semantic graphs, containing semantic edges (calls, references), comments, etc.
- 60+ source code metrics (complexity, coupling, cohesion, inheritance, etc.), on different levels (package, namespace, class, method, etc.)
- Type-2 duplications regarding syntax boundaries
- Code duplication metrics (stability, embeddedness, dispersion, etc.)
- Detecting inconsistent changes of duplications
- Checking coding rules (Differences between PMD rule violations and FaultHunter rule violations)
- Detecting security vulnerabilities based on data-flow (SQL injection, XSS, etc.)
- Checking metric-based rule violations
- Checking Android specific rule violations
- Detecting runtime exceptions by means of symbolic code execution, for Java only
SonarQube plug-in
SourceMeter plug-in for SonarQube platform is an extension of the open-source SonarQube platform for managing code quality. The plug-in executes SourceMeter from the SonarQube platform and uploads the source code analysis results of SourceMeter into the SonarQube database. The plug-in is open-source, and provides all the usual SonarQube code analysis results, extended with many additional metrics and issue detectors provided by the SourceMeter tool. The plug-in supports the C/C++, Java, C#, Python and RPG languages.[8]
Notes and References
- Book: 10.1007/978-3-319-09156-3_37. A Case Study of Refactoring Large-Scale Industrial Systems to Efficiently Improve Source Code Quality. Computational Science and its Applications – ICCSA 2014. 8583. 524–540. Lecture Notes in Computer Science. 2014. Szőke. Gábor. Nagy. Csaba. Ferenc. Rudolf. Gyimóthy. Tibor. 978-3-319-09155-6. http://publicatio.bibl.u-szeged.hu/8996/1/Szoke_ICCSA2014_u.pdf.
- Árpád Beszédes, Rudolf Ferenc, Tibor Gyimóthy: "Columbus: A reverse engineering approach"
- http://www.sed.inf.u-szeged.hu/softwarequality Department of Software Engineering
- http://www.u-szeged.hu/english/ University of Szeged
- https://sonarqube.sourcemeter.com/plugins/home/sm-help Source code metrics reference
- István Siket, Árpád Beszédes, John Taylor: "Differences in the Definition and Calculation of the LOC Metric in Free Tools"
- https://isocpp.org/blog/2015/07/sourcemeter-for-c-cpp-with-open-source-sonarqube-plugin-released SourceMeter at ISO C++ standard
- Ferenc R., Langó L., Siket I., Gyimóthy T.: "Source Meter Sonar Qube Plug-in" In Proceedings of the 14th IEEE International Working Conference on Source Code Analysis and Manipulation (SCAM 2014). Victoria, British Columbia, Canada, pages 77-82. September 28–29, 2014