Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Ease of writing custom rules in (Java) static code analysis tools

At present I am working for a group where source code (Java) for multiple projects have to be analysed by static code analysic tools

But I would like to write custom rules that I can add to the existing set of rules provided by the tool (the rules would involve mostly regular expressions matching for text/string within the source code).

Especially keeping the perspective that I should be able to easily write/add my own custom rules that can be used alongwith the existing list of rules of the tool.

Can anyone please suggest which tool (or combination of tools) among the below given list should I use ?

  1. PMD
  2. Checkstyle
  3. Findbugs

Edited : Thanks Ira for the direction. I am looking for static code analysis tools to be used along with Sonar. I hope now the question is clear.

like image 538
Manoj Avatar asked Apr 15 '11 13:04

Manoj


3 Answers

Here are some tutorials on setting up custom rules on PMD, I use PMD integrated with Maven myself in addition to sonar.

http://www.techtraits.com/Programming/2011/10/31/writting-pretty-code-with-pmd/

http://www.techtraits.com/Programming/2011/11/05/custom-pmd-rules-using-xpath/

http://blog.code-cop.org/2010/05/custom-pmd-rules.html

like image 83
Usman Ismail Avatar answered Oct 01 '22 06:10

Usman Ismail


I have used all of these tools for many years, and I would recommend them all!

Checkstyle, Findbugs, and PMD all integrate very well with sonar, all three allow the creation of custom checks, and all three allow those custom checks to be used in sonar.

PMD probably makes it easiest to create new checks, but it is also slightly limited compared to the others. Findbugs needs .class files, but since the whole thing usually integrates into some form of automated build process, that's no problem. Checkstyle is the tool that I use most heavily, because it is both light-weight and powerful.

Each of the tools has some checks that the others don't have. Especially Findbugs has some quite sophisticated checks that suprised me in a positive way several times. By combining the advantages of all three tools in sonar, you can build a powerful static code analysis system that really helps your development team.

like image 35
barfuin Avatar answered Oct 01 '22 08:10

barfuin


I use FindBugs and PMD integrated with Sonar. I discourage the usage of CheckStyke since introduce a formatting style which is not pleasing to all developers .

FundBugs is very complete and hepled me to find a lot of bugs. I suggest to integrate FindBugs with a continuous integration tool such as hudson (http://www.eclipse.org/hudson/).

Hudson supports FindBugs, CheckStyle and PMD both.

like image 37
venergiac Avatar answered Oct 01 '22 06:10

venergiac