Supriya Ghosh (Editor)

SourceMeter

Updated on
Edit
Like
Comment
Share on FacebookTweet on TwitterShare on LinkedInShare on Reddit
Developer(s)
  
FrontEndART Ltd.

Operating system
  
Cross-platform

Website
  
www.sourcemeter.com

Written in
  
C, C++

License
  
EULA

Stable release
  
8.0 / February 1, 2016; 13 months ago (2016-02-01)

SourceMeter is a source code analyzer tool, which can perform deep static program analysis of the source code of complex programs in C, C++, Java, Python, C#, and RPG (AS/400). FrontEndART has developed SourceMeter based on the Columbus technology researched and developed at the Department of Software Engineering of the University of Szeged.

Contents

The source code of a program is usually its only up-to-date documentation. At the same time, the source code is the exquisite bearer of knowledge, business processes and methodology, accumulated over a long period of time. Source code quality decrease, which happens due to many quick fixes and time pressure, results in the increase of development and testing costs, and operational risks. Despite this, the source code usually receives hostile treatment and is considered as a mere tool.

Background

During the static analysis, an abstract semantic graph (ASG) is constructed from the language elements of the source code. This ASG is then processed by the different tools in the package to calculate product metrics like LLOC, NLE or NOA, identify duplicate code (copy-pasted code; clones), coding rule violations, etc.

SourceMeter can analyze source code conforming to Java 8 and earlier versions, C/C++, RPG III and RPG IV versions (including free-form), C# 6.0 and earlier versions and Python 2.7.8 and earlier versions. In the case of C/C++, SourceMeter supports the ISO/IEC 14882:2011 international standard extended with several new features from ISO/IEC 14882:2014, and C language defined by the ANSI/ISO 9899:1990, ISO/IEC 9899:1999 and ISO/IEC 9899:2011 standards. Besides the standard features, several GCC and Microsoft specific extensions are also supported.

Features

  • Precise and deep static analysis, building full semantic graphs, containing semantic edges (calls, references), comments, etc.
  • 60+ source code metrics (complexity, coupling, cohesion, inheritance, etc.), on different levels (package, namespace, class, method, etc.)
  • Type-2 duplications regarding syntax boundaries
  • Code duplication metrics (stability, embeddedness, dispersion, etc.)
  • Detecting inconsistent changes of duplications
  • Checking coding rules (Differences between PMD rule violations and FaultHunter rule violations)
  • Detecting security vulnerabilities based on data-flow (SQL injection, XSS, etc.)
  • Checking metric-based rule violations
  • Checking Android specific rule violations
  • Detecting runtime exceptions by means of symbolic code execution, for Java only

    • SonarQube plug-in

    SourceMeter plug-in for SONARQUBETM platform* is an extension of the open-source SonarQubeTM platform for managing code quality. The plug-in executes SourceMeter from the SONARQUBETM platform and uploads the source code analysis results of SourceMeter into the SONARQUBETM database. The plug-in is open-source, and provides all the usual SONARQUBETM code analysis results, extended with many additional metrics and issue detectors provided by the SourceMeter tool. The plug-in supports the C/C++, Java, C#, Python and RPG languages.

    SONARQUBETM is a trademark of SonarSource SA, Switzerland.

    Supported platforms

  • Microsoft Windows XP Service pack 3
  • Microsoft Windows 7
  • Microsoft Windows 8 and 8.1
  • Microsoft Windows Server 2008 R2
  • Microsoft Windows Server 2012
  • GNU/Linux with kernel version 2.6.18 and GNU C library 2.11 or newer

    • References

    SourceMeter Wikipedia
    (Text) CC BY-SA