Menu
There was a question comparing PMD and CheckStyle. However, I can't find a nice breakdown on the differences/similarities between PMD and FindBugs. I believe a key difference is that PMD works on source code, while FindBugs works on compiled bytecode files. But in terms of capabilities, should it be an either/or choice or do they complement each other?
886
PMD, FindBugs and Checkstyle, are the most popular open-source code analyzers, they are extensively used in Java development to improve the codebase and identify potential vulnerabilities along with design flaws; every tool has its feature, purpose and strength, targeting a specific type of coding rules.
Find bugs in Java Programs It is free software, distributed under the terms of the GNU Lesser General Public License. SpotBugs is a fork of FindBugs (which is now an abandoned project), carrying on from the point where it left off with support of its community. Please check the official manual for details.
Yes and no. In addition to the other answers. SonarQube is currently on the way to deprecate PMD, Checkstyle and Findbugs and use their own technology to analyze Java code (called SonarJava).
FindBugs is an open source tool used to perform static analysis on Java code. In this article, we're going to have a look at setting up FindBugs on a Java project and integrating it into the IDE and the Maven build.
I'm using both. I think they complement each other.
As you said, PMD works on source code and therefore finds problems like: violation of naming conventions, lack of curly braces, misplaced null check, long parameter list, unnecessary constructor, missing break in switch, etc. PMD also tells you about the Cyclomatic complexity of your code which I find very helpful (FindBugs doesn't tell you about the Cyclomatic complexity).
FindBugs works on bytecode. Here are some problems FindBugs finds which PMD doesn't: equals() method fails on subtypes, clone method may return null, reference comparison of Boolean values, impossible cast, 32bit int shifted by an amount not in the range of 0-31, a collection which contains itself, equals method always returns true, an infinite loop, etc.
Usually each of them finds a different set of problems. Use both. These tools taught me a lot about how to write good Java code.
87
The best feature of PMD, is its XPath Rules, bundled with a Rule Designer to let you easily construct new rules from code samples (similar to RegEx and XPath GUI builders). FindBugs is stronger out of the box, but constructing project specific rules and patterns is very important.
For example, I encountered a performance problem involving 2 nested for loops, resulting in a O(n^2) running time, which could easily be avoided. I used PMD to construct an ad-hoc query, to review other instances of nested for loops - //ForStatement/Statement//ForStatement. This pointed out 2 more instances of the problem. This is not a generic rule whatsoever.
31
PMD is
2
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
