Sonar JavaScript Duplicates Detection
1,425 views
Skip to first unread message
moritz...@gmail.com
Aug 12, 2016, 8:18:27 AM8/12/16
to SonarQube
I have recently installed Sonar with the JavaScript Plugin, and have let the sonar-scanner analyze some sample projects. I started investigating the Duplications detection a litte closer. For one of my samples, I let Sonar scan the src/ folder of JQuery and received 0.0% Duplications in the Code. However, there are duplicates in the JQuery src Folder. For instance, the final lines in both src/core/ready.js and src/core/ready-no-deferred.js are:
// Catch cases where $(document).ready() is called
// after the browser event has already occurred.
// Support: IE <=9 - 10 only
// Older IE sometimes signals "interactive" too soon
if ( document.readyState === "complete" ||
( document.readyState !== "loading" && !document.documentElement.doScroll ) ) {
// Handle it asynchronously to allow scripts the opportunity to delay ready
window.setTimeout( jQuery.ready );
} else {
// Use the handy event callback
document.addEventListener( "DOMContentLoaded", completed );
// A fallback to window.onload, that will always work
window.addEventListener( "load", completed );
}
} );This is, in my purely subjective opinion, a pretty big duplicate, that should be noticed by a static code analysis. However, I am new to Sonar so I would like to know if anyone can reproduce this result or if I have made a misconfiguration somewhere. I did run other analyses that have detected Duplications and I have already included
# Rules
sonar.cpd.javascript.minimumTokens=5
sonar.cpd.javascript.minimumLines=3in sonar-project.properties file, without any effect.
Moritz Tiedje
Aug 15, 2016, 4:46:57 AM8/15/16
to SonarQube, moritz...@gmail.com
So, I looked into a few other static code analysis tools and I found the same BUG in Kiuwan and TeamScale. Kiuwan also displays 0.0% Code Coverage. TeamScale finds one of the duplications in src/core/ready.js and src/core/ready-no-deferred.js, but not the one described below. The only tool so far, that is capable of finding all of the duplicates, is WebStorm. I can only guess, but I think the problem here is the expense of a proper duplication search. It takes time [Complexity O(LOC ^ 2), if I had to guess], to properly look for duplicates and WebStorm, unlike the other tools, does not make this analysis automatically but waits for the developer to trigger it and then takes a while. SonarQube probably cuts a few corners here, that lead to some major oversights.
Scott B.
Aug 15, 2016, 7:42:30 AM8/15/16
to SonarQube, moritz...@gmail.com
Hi.
The "language key" in the Javascript plugin is "js". So, the parameters are:
sonar.cpd.js.minimumTokens=5
sonar.cpd.js.minimumLines=3
moritz...@gmail.com
Aug 15, 2016, 9:38:23 AM8/15/16
to SonarQube, moritz...@gmail.com
Yep, that fixed it. Sonar now finds all of the duplicates in question, which makes me happy.
If anyone has a good StackOverflow Rating, he can go ahead and burn/correct this one, unless I misunderstood something:
http://stackoverflow.com/questions/32517832/sonarqube-is-it-possible-to-adapt-duplication-metric-for-javascript-code
Thanks a lot
If anyone has a good StackOverflow Rating, he can go ahead and burn/correct this one, unless I misunderstood something:
http://stackoverflow.com/questions/32517832/sonarqube-is-it-possible-to-adapt-duplication-metric-for-javascript-code
Thanks a lot
marcos.c...@optimyth.com
Oct 19, 2016, 9:41:50 AM10/19/16
to SonarQube, moritz...@gmail.com
Hi Moritz
In Kiuwan, to treat duplicated code correctly you have to configure the minimum number of tokens that are required so as to consider it duplicate.
Have a look at https://www.kiuwan.com/blog/avoid-duplicated-code-clone-detector/ where we explain in detail the whole process.
Thanks!
Marcos
In Kiuwan, to treat duplicated code correctly you have to configure the minimum number of tokens that are required so as to consider it duplicate.
Have a look at https://www.kiuwan.com/blog/avoid-duplicated-code-clone-detector/ where we explain in detail the whole process.
Thanks!
Marcos
Freddy Mallet
Oct 19, 2016, 12:47:24 PM10/19/16
to moritz...@gmail.com, SonarQube
In general Moritz, whatever clone detection engine you'll use, if you tune them to not generate any false-negative (in other words to not miss any duplications), then you'll start getting some false-positives (at least perceived as false-positives by end-users).
So out-of the box, SonarQube analysers are configured to not generate any FP while missing small duplicated blocks.
Kind regards
Freddy
--
You received this message because you are subscribed to the Google Groups "SonarQube" group.
To unsubscribe from this group and stop receiving emails from it, send an email to sonarqube+...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/sonarqube/0f17d220-627b-4f1e-912e-038eec4281c1%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
--
Freddy MALLET | SonarSource
Product Director & Co-Founder
http://sonarsource.com
http://sonarsource.com
Reply all
Reply to author
Forward
0 new messages