Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Ease of writing custom rules in (Java) static code analysis tools

Tags:

sonarqube

findbugs

checkstyle

pmd

At present I am working for a group where source code (Java) for multiple projects have to be analysed by static code analysic tools

But I would like to write custom rules that I can add to the existing set of rules provided by the tool (the rules would involve mostly regular expressions matching for text/string within the source code).

Especially keeping the perspective that I should be able to easily write/add my own custom rules that can be used alongwith the existing list of rules of the tool.

Can anyone please suggest which tool (or combination of tools) among the below given list should I use ?

  1. PMD
  2. Checkstyle
  3. Findbugs

Edited : Thanks Ira for the direction. I am looking for static code analysis tools to be used along with Sonar. I hope now the question is clear.

like image 538
Manoj Avatar asked Apr 15 '11 13:04

Manoj

3 Answers

Here are some tutorials on setting up custom rules on PMD, I use PMD integrated with Maven myself in addition to sonar.

http://www.techtraits.com/Programming/2011/10/31/writting-pretty-code-with-pmd/

http://www.techtraits.com/Programming/2011/11/05/custom-pmd-rules-using-xpath/

http://blog.code-cop.org/2010/05/custom-pmd-rules.html

like image 83
Usman Ismail Avatar answered Oct 01 '22 06:10

Usman Ismail

I have used all of these tools for many years, and I would recommend them all!

Checkstyle, Findbugs, and PMD all integrate very well with sonar, all three allow the creation of custom checks, and all three allow those custom checks to be used in sonar.

PMD probably makes it easiest to create new checks, but it is also slightly limited compared to the others. Findbugs needs .class files, but since the whole thing usually integrates into some form of automated build process, that's no problem. Checkstyle is the tool that I use most heavily, because it is both light-weight and powerful.

Each of the tools has some checks that the others don't have. Especially Findbugs has some quite sophisticated checks that suprised me in a positive way several times. By combining the advantages of all three tools in sonar, you can build a powerful static code analysis system that really helps your development team.

like image 35
barfuin Avatar answered Oct 01 '22 08:10

barfuin

I use FindBugs and PMD integrated with Sonar. I discourage the usage of CheckStyke since introduce a formatting style which is not pleasing to all developers .

FundBugs is very complete and hepled me to find a lot of bugs. I suggest to integrate FindBugs with a continuous integration tool such as hudson (http://www.eclipse.org/hudson/).

Hudson supports FindBugs, CheckStyle and PMD both.

like image 37
venergiac Avatar answered Oct 01 '22 06:10

venergiac
Sign in to Comment

Related questions

sonar findbugs heap size
Can FindBugs be used to flag code that uses a method that's been blacklisted?
Something like FindBugs for .NET/C# [duplicate]
FindBugs 3 not working in Eclipse Luna
How to detect a new value was added to an enum and is not handled in a switch
Suppressing Java Findbugs error (EI_EXPOSE_REP)
Findbugs - Method ignores exceptional return value
JUnit test fails when method arg is annotated @Nonnull
Maven Codehaus findbugs plugin "onlyAnalyze" option not working as expected
FindBugs raises a bug called EI_EXPOSE_REP caused by Array
Findbugs BC_UNCONFIRMED_CAST warning
How to use FindBugs’ @CheckForNull, @Nonnull and @Nullable annotations correctly
FindBugs stopped working after upgrading Android Gradle Plugin from 3.1.3 to 3.2.0
findbugs complains about Eclipse's auto-generated code
Suppress Android Unread Field warning with byte[]
Using StringUtils.isEmpty without losing compiler warnings about null pointers
Can an anonymous class implement the non abstract method of the abstract class?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!