Tarin Gamberini

A software engineer and a passionate java programmer

Ready To Use Java Static Code Analyzers

A static code analyzer is a software which inspects a given source code, or compiled code, in order to discover problems of various kind, ranging from bugs to duplicate code, from performance to readability.

FindBugs, PMD and Checkstyle are three static code analyzers extremely easy to use. Lots of information yet exist about them, both on their main site and on the Internet, so I’d prefer trying to convince you about how to use them right now.

Use Source Code Analyzer Right Now

I want you use FindBugs, PMD and Checkstyle right now because they are very easy to install in your favourite IDE. In fact there are plugins for the most popular IDEs: few clicks and you are ready to use them.

Don’t think you have to wait for the next starting project in order to benefit from static code analysis. You can get valuable feedback from these tools right on the project you’re currently working on.

If you don’t believe in my words start giving FindBugs a try: install it in your IDE, run it against your code and quickly you’ll amaze yourself discovering the scariest bugs hiding in your well known code.

FindBugs groups analysis results by category, each one explained with a brief description, and let you directly jump into the affected source code:

After little practice fixing issues you’ll discover both which are your bad programming behaviours and learn how to correct them by replacing with safer ones.

Similar things happens installing and using PMD and Checkstyle.

Build Automation & Continuous Static Analysis

If you wouldn’t depend on a specific IDE (that is a best practice on projects where developers, each one with their favourite IDE, come and go) you would leverage on plugins available for the most popular build tools like: Ant, Maven, Gradle, etc…

Automating static code analysis in your build scripts has others very interesting consequences. On one hand you check your code more frequently, not only when you remember yourself to check it. On the other hand static code analysis can be run even from a continuous integration server.

Moreover plugins available for the most popular continuous integration server collect static analysis results and show them as insightful diagrams. Here you are FinBugs, PMD and Checkstyle reports generated by Jenkins:

Anytime the continuous server triggers a build you’ll get your static analysis reports, in other words you get continuous static analysis of your code: Static Code Analyzers + Continuous Integration = Continuous Static Analysis.

These reports give you, and your whole team, a quick feedback about how slowly and relentlessly bugs, readability and performance issues, bad programming practices, etc… creep into your code. These are undoubtedly valuable information which help you deciding when it’s time to fix the reported issues.

Take Action

Now it’s time for you to take action.

Start installing FindBugs in your IDE, become confident with it, than move on with PMD, Checkstyle, build automation and continuous static analysis.

If you’d like to share your experience, please let me know, I’ll publish it as a comment to this post (I will not share your e-mail address with anyone else).

Post a comment

A comment is submitted by an ordinary e-mail. Your e-mail address will not be published or broadcast.

This blog is moderated, therefore some comments might not be published. Comments are usually approved by the moderator in one/three days.