Tuesday, 4 October 2016

Improve Code Quality with NDepend

One of the most important things you could do to increase the code quality of your product and bring your team up to speed in terms of code reviews is to leverage the code quality analysis to a third party component. Nowadays I rely on FXCop (a free static code analysis tool from Microsoft that checks .NET managed code assemblies for conformance to Microsoft's .NET Framework Design Guidelines. source: wikipedia) to catch any code smell for me but this time I'm bringing an additional player into the game: NDepend.

NDepend "is a static analysis tool for .NET managed code. This tool supports a large number of code metrics, allows for visualization of dependencies using directed graphs and dependency matrix. The tools also performs code base snapshots comparison, and validation of architectural and quality rules. User-defined rules can be written using LINQ queries. This possibility is named CQLinq. The tool also comes with a large number of predefined CQLinq code rules. Code rules can be checked automatically in Visual Studio or during continuous integration". source: wikipedia.

Review your code!
The best time to find any potential issues in code is as soon as the code is written. "If you let code sit and rot for a while, it won't smell any prettier" by S. Venkat, H Andy on Practices of an Agile Developer.
"Formal code inspections are about as twice as efficient as any known form of testing in finding deep and obscure programming bugs and are the only known methid to top 80% in defect-removal efficiency." by Capers Jones in Estimating Software Costs.
As pointed out, code reviews are the best way to find and solve problems. Make sure you include a code analysis step during your continuous integration/continuous delivery model so issues are spotted earlier rather than later. Below you can see a simple pipeline that I tend to follow for any of my builds. This pipeline only refers to the commit stage and following the best practices to provide fast and provide useful feedback.

When any code is checked-in to git, tfs, subversion, etc your build agent aka TeamCity, Cruise Control, Jenkins, etc. should pick up those changes and start processing that code through the pipeline. During this process, notifications should be sent to the user when something "breaks". In my case, anytime additional code duplicates or code smells increase during the build, the pipeline stops building and reports back to the user with the specific problem. I believe this is crucial to spot any possible issues in the code and that will help the developer to take ownership of the code.

During the Code Analysis step, I rely on FXCop and NDepend to provide a suite of principles and practices that will make the code follow certain standards that are adopted by thousands of other developers. FXCop only provides a fair list of code inspections which are really useful but NDepend can give you more.  Let's see what NDepend can do for you! (note that I'm assuming that you know FXCop quite well).

Integrating NDepend with Visual Studio
NDepend extension is really easy to install and integrate with your VS. Download the latest from here and follow the steps in this video for its integration.

Integrating NDepend with TeamCity
This is the bit that interests me the most. Thanks to the easy integration of NDepend with TeamCity I can leverage the code analysis step to focus on the final code review as the code should reach a common quality standard. To integrate NDepend with TeamCity, you can follow the steps in the following tutorial.

Once configured you should see NDepend under your build runners:
The next step is related to the project configuration itself. NDepend build step expects an NDepend Project file. To create one, you will have to do it in Visual Studio and check it in as part of the solution to your repository. Then TeamCity should see it as part of the source code.

Example of NDepend project as part of the source code:

To create a new project, go to VS and NDepend -> Project -> New Project and create a project under your main solution. Then you'll have to configure the dependencies that you want to attach to the project and once that's done you'll be able to explore the nice report that gets generated out of it.

Example of configuration:

Notice that I had to open the project file to change the paths to relative paths as TeamCity works via relative paths and I was getting an error when running the project file.

Once you have your project configured, run Ndepend from your VS and generate your report:

From this html Report, you can get all the summary metrics about your project and by clicking on them you can drill into the items to expand on those results.

Once you configure NDepend in your TeamCity build step, you will get the same information with the amount of code inspections and errors that are encountered during the build:
The number of inspections appear on the build results so TeamCity can keep track of it overtime:

Once you drill into the build results, you will see the code inspections results (with all the findings from NDepend):
And also the same report you saw in VS:

Now that our system is up and running and the integration of NDepend is done, we can focus on the important stuff...code quality.

One of the things I like the most is the way code rules are set up. It's so easy to enable/disable rules that it's all done in the NDepend Project file. So if you are not agreeing with one particular rule for code quality, just disable it and it won't bother you anymore (try to disable one of the rules for FXCop...and you tell me how you did it and how long it took you..):

Here the full list of code metric definitions.

The main features of NDepend are listed below:
  • Dependency Graph
  • Dependency Matrix
  • Treemap Metric View
  • Abstractness vs. Instability
  • Code Query
Dependency Graph
This very useful diagram allows you to see the relationship between different objects in your solution/s.

Dependency Matrix
The Dependency matrix gives you a coupling score matrix. This will help you identify highly coupled dependencies and if you click on the number, you can see the number of relationships for that particular entry:

Treemap Metric View
In this spectacular view, your source code is mapped into nested rectangles showing methods that are relative to other methods. This will give you a great list of candidates for refactoring. In my case I have few boxes with a cyclomatic complexity of 6 units which tell me that are good candidates for my review and analysis. Once you click on one of this rectangles the source code is shown.

Abstractness vs. Instability
This graph give us a high level overview of our application in terms of where it is heading (too abstract or too unstable).

Here is how to read this chart:

  • If an assembly is very stable (that is, lots of assemblies depend on it) and it's not extensible (no abstract classes, no virtuals, etc) then you're in the lower-left quadrant of the chart in the well-named Zone of Pain.
  • If an assembly is very abstract, very extensible, but no one depends on it (it's not really being used) then it moves towards the Zone of Uselessness.

Code Query
Code Query is NDepend tool that uses its scripting language (CQLinq). This allows users to write their own queries and rules. I like the fact that it is highly customisable and developers love scripting components. I haven't played much with it but I can see the potential for it.

I do believe that NDepend needs to be included in your tool-belt kit. Once you start using it you can't leave without it. Just the amount of information that handles for you is amazing and it gives you that level of confidence that all your developers are writing code with the same standards and code practices out there. It also helps you to spot complexity details that you might miss by just doing an informal review.

Thanks to it's integration with TeamCity it made the decision easy for me as I rely a lot on catching   everything during the commit stage. If any rule is broken, the build agent will inform the developer so he/she can take ownership of the committed changes and there won't be any argument about it. All the rules are set as part of the project and shared as part of the solution. NDepend is about $335 per developer license and about $671 for a build server license. It is highly documented and I found all the help I needed online..the guys from NDepend did really a great job!.

Full Disclosure: I received a complimentary copy of NDepend to provide a review from my point of view. I'm a working professional with loads of years of commercial development experience with hundreds of hours (not to say millions) of code reviews on my shoulders and I don't have time to use useless tools and certainly this is not the case. NDepend is extremely helpful and a great addition to be considered by any development team out there.