Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

What's the current state of static analysis tools for Scala?

I saw a StackOverflow question regarding static analysis in Scala, but that one was answered in 2009. As you know, the Scala tools are changing very rapidly.

I was therefore wondering if someone familiar with the current state of static analysis tools in Scala could tell me if there's, say, a Findbugs equivalent for Scala. I found that Findbugs issues many unnecessary warnings for Scala, probably having to do with the way the "object" singleton compiles to bytecode, due to traits, etc. I heard that Scalastyle is not only a Scala version of Java's CheckStyle, that it also includes bits of Findbugs and PMD. But if it doesn't implement all of Findbugs and/or PMD, then are there other tools that supplement it? Or, is Scalastyle good not only for style checking, but is it good for improving code quality?

Also, what about Scala's integration with, say, Sonar? Is the Scala Sonar plugin (which works with Scalastyle) reliable?

like image 920
marekinfo Avatar asked Mar 24 '14 18:03

marekinfo


People also ask

What is the most popular static code analysis tool?

SonarQube is our top pick for a static code analysis tool because its four editions make it suitable for all types of organizations. The Community Edition is feature-rich, including security analysis as well as bug identification and it is ideal for development environments.

In which stage static code analysis is performed?

Static code analysis is performed early in development, before software testing begins. For organizations practicing DevOps, static code analysis takes place during the “Create” phase.

What do static analysis tools analyze?

Static analysis, also called static code analysis, is a method of computer program debugging that is done by examining the code without executing the program. The process provides an understanding of the code structure and can help ensure that the code adheres to industry standards.


2 Answers

Here is an updated answer as of August 2014 for some that are aimed or work well with Scala.

Personally I think the JVM or Java ones end up with far too many false positives, or have inspections that are aimed mostly at Java specific classes. For example, since in Scala we don't tend to use the Java Collections, all the findbugs collection based inspections are not needed. Another example is the inspections for use of static fields which are irrelevant in Scala.

  • Scalastyle https://github.com/scalastyle/scalastyle
  • Scapegoat https://github.com/sksamuel/scalac-scapegoat-plugin
  • Wart remover https://github.com/typelevel/wartremover
  • Linter https://github.com/HairyFotr/linter
  • CPD https://github.com/sbt/cpd4sbt
  • Abide https://github.com/scala/scala-abide
  • Codacy-scalameta https://github.com/codacy/codacy-scalameta
like image 70
sksamuel Avatar answered Sep 22 '22 14:09

sksamuel


Would the wartremover be counted as an alternative? Also -Xlint and -Ywarn-adapted-args command line parameters of scalac might help catching certain types of bugs.

like image 29
Gábor Bakos Avatar answered Sep 23 '22 14:09

Gábor Bakos