Saturday, August 27, 2011

NetBeans 7 and Software Quality Environment

It is easy to configure NetBeans 7 to use Software Quality Environment (SQE) to integrate popular software quality tools (FindBugs, PMD, CheckStyle, and Dependency Finder) with the NetBeans 7 development environment. The steps to do this are the subject of this post.

The main Software Quality Environment page provides the URI of the NetBeans Update Center ( to use to access SQE as a NetBeans plugin. This is the same process explained in detail in the blog post XML Schema Editor in NetBeans IDE 7.0.1 and which I used in the related post NetBeans (7.0.1) Has An XML Schema Editor! I will be demonstrating this process using NetBeans 7.0.1.

In NetBeans 7, the Plugins Manager is easily accessed by selecting Tools and then Plugins as depicted in the next screen snapshot.

The next screen snapshot depicts selecting the "Settings" tab of the Plugins popup. The image also depicts the results of clicking on the "Add" button in this "Plugins" window, which is the new popup window with title "Update Center Customizer." The image shows the URL provided by the SQE page and cited above pasted into the "URL:" field. I provided a name for it as well ("NetBeans SQE"). As a side note, the customizer that I added for XML Tools (XSD editor) is shown to still be registered (but now I have it renamed to "NetBeans XML Tools").

With the SQE Update Center added, the next step is to select the "Available Plugins" tab on the same "Plugins" window. The next image shows the results of doing that and clicking on the "Category" filter to get the plugins ordered by alphabetical ordering of categories. The four plugins related to SQE are have a category of "Quality" and these four are checked in the image because I am adding them to my NetBeans installation.

When I click on the "Install" button to install the four "Quality" plugins, the popup that comes up shows which version of each plugin is being installed. This is shown in the next screen snapshot.

After clicking on the "Next" button, applicable licenses must be read and agreed to and then the fact that the plugins are not signed must be acknowledged. A window like the one shown in the next screen snapshot indicates when the process has been successfully completed. The installation of these SQE plugins does not require restarting NetBeans.

It isn't difficult to start seeing the SQE-provided plugins working. For example, the next screen snapshot demonstrates several flagged issues resulting from simply creating a new Java Application Project with a "main" class created automatically as part of the project's creation.

That's a lot of warning yellow for a simple new class! These work similarly to the core NetBeans hints and warnings. The next three screen snapshots shows the details provided when I hover over the respective of the yellow-highlighted areas.

Some of the warnings are really useful. For example, it is desirable to always have a named package for a Java class and the PMD warning alerts me that I don't have one in this case (I forgot to specify the package when creating the class in the new Project wizard). I used NetBeans 7's refactor capability to "Move" this to a new package called "dustin.examples."

Most of us who have used code quality tools know that not all warnings are created equal. For example, I'm not too upset about the warning that my Java source code file doesn't end with a newline because, in fact, it really does.

The next screen snapshot shows the above warnings addressed and a simple "Hello World" application built from that starting point.

In this case, the FindBugs warning "Null pointer dereference of System.out" does not concern me, but it is nice to see PMD's warning "System.out print is used" because that may not be intentional. I am a big fan of statically importing java.lang.System.out when I intentionally am using that functionality with no plans to move to a logger or other output mechanism. The one drawback to doing this when it is only meant to be used temporarily is that then the PMD warning about use of System.out.println is not triggered.

The SQE plugin for NetBeans provides graphics of the source code defects detected as well as other forms of output summarizing the defects found. The next screen snapshot attempts to capture all of these in one image. Note that there is a new window on the left side that can be selected where "Projects", "Files", and "Services" traditionally reside. This one, called "Quality," is where one can click on the upper left icon to run all the quality tools to have the various graphics and output produced. The images to the right zoom in on the window and show "Projects" tab focus and "Quality" tab focus.

It is interesting to see how the SQE-provided plugins interact with each other when finding an issue on the same line of source code. Ignore the nonsense code in the next screen snapshot and instead look at the message when the cursor is pointed on one of the down-pointing black arrows. The black arrow indicates there are multiple annotations and clicking on it allows one to cycle through them. The icon shows which one is in focus with the FindBugs, Checkstyle, and PMD icons all shown in this screen snapshot.

One drawback of using the SQE code quality plugins the first time after installation may be loss of some reporting functionality of NetBeans hints, warnings, and errors. The example in the next screen snapshot demonstrates that although the Projects window "knows" that I have a compilation error (used integer rather than Integer), the source code editor itself does not. There are PMD warnings against using short variable names and for using explicit scoping, but there is no red squiggly line underneath the bad data type of "integer." Related to this, there's no red line on the long vertical margin along the right side of the IDE to indicate an error either.

I similarly don't see core NetBeans warnings and hints, though I'm less worried about loss of these because many are covered by the warnings provided by the quality tools. The good news is that exiting NetBeans and bringing NetBeans up again happened to return my NetBeans core error and warning messages alongside the quality analysis products' warnings. It is probable that it is due to NetBeans truly needing to be restarted after installation of a new version of SQE.

The last portion of this post briefly looks at using Dependency Finder in NetBeans via the SQE plugins. This can be done by selecting the NetBeans Project of interest in the left ("JaxbDemo" in my case) and then clicking on the appropriate icon under "Controls." This is shown in the next screen snapshot.

At this point, the graphic is pretty uninteresting, showing only the packages in the current project, which in this case is the single package "dustin.examples." It gets more interesting when the "JDK" link is clicked and the project's dependencies on the JDK are displayed.

It can be even more interesting to see all external dependencies (outside of the project and outside of the JDK) by clicking on "External" and showing those in addition to the JDK dependencies.

If a developer wants to see external dependencies without seeing JDK dependencies, the JDK button can be toggled so that only non-JDK external dependencies are shown.

A final nice feature of the Dependency Finder in NetBeans that I'll cover here is the ability to manually edit these dependency diagrams. I can drag any of the ovals wherever I please and the links stay attached. This is handy for making the graphic easier to read, smaller or larger is expanse, and grouping dependencies by preferred category or other grouping. The next screen snapshot demonstrates the results of this so that the diagram takes less space and has JDK dependencies grouped together and non-JDK external dependencies grouped together.


The large Java ecosystem includes many powerful tools. Although these tools can be run independently and as parts of continuous integration efforts, it is very convenient to have these issues flagged while working in the code because many of them can be easily and quickly remedied at first sighting. The best way to fix bugs is to never introduce them and these kinds of tools integrated with the IDE make it possible to do just this in more cases than we normally might. The integration of NetBeans with Software Quality Environment provides this benefit.

Additional References

Other potentially useful references related to use of NetBeans with Software Quality Environment include Findbugs, PMD, Checkstyle & Dependency Finder in Netbeans, How to integrate and use Software Quality Environment (SQE) plug-in for NetBeans IDE 6.0, and NetBeans SQE.


johnstosh said...

Excellent. I'm going to try this out right away.

vizzdoom said...

Very good article!