Open Source Java Static Code Analyzers: PMD vs FindBugs vs Checkstyle Open Source Java Static Code Analyzers: PMD vs FindBugs vs Checkstyle How to Choose Web Hosting for Your E-Commerce Business Successful E-Commerce Websites: 15 Factors Impacting Online Shopping Behavior Posted by Pivotree Growth Team on July 3, 2012 in Blog, Ecommerce, Latest Trends 0 Comments Reviewing java source code on a regular basis is a really good idea. All programmers take shortcuts in writing code. Shortcuts save time and usually go unnoticed…until something breaks at the wrong time. Besides catching pitfalls in code, java code analyzers can help keep coding consistent on a project. Running a code style analyzer on code can help ensure a team is formatting their code all the same way. Thankfully, the open source community has produced many java source code analyzers for catching problems or conventions before they reach a critical state. Three open source static analyzers stand out; PMD, Checkstyle and FindBugs. PMD PMD is an extremely useful tool in analyzing source code. According to the project website, it ‘scans source code and looks for potential problems, possible bugs, unused and suboptimal code, over-complicated expressions and duplicate code’. PMD comes with a huge set of rules that can analyze many different things in java code. To name a few: – Empty try/catch blocks – Over-complicated expressions – Using .equals() instead of ‘==’ – Unused variables and imports – Unnecessary loops and if statements – Enforce naming conventions Additionally, PMD comes with a copy-paste detector to find blocks of copied and pasted code. Best of all, custom PMD rules are easily written with XPath and a GUI included with the software. Out of the box, reports from PMD are transformed with XSLT into HTML reports. A custom XSLT transformation can be written to cater to specific needs. Here’s the result of running just 3 PMD rulesets on Apache Tomcat’s source. There were just under 10,000 problems found. FindBugs FindBugs is another static code analyzer very similar to PMD. The biggest difference between PMD and FindBugs is that FindBugs works on byte code, whereas PMD works on source code. FindBugs can find things like: – Improper use of .equals() and .hashCode() – Unsafe casts – When something will always be null – Possible StackOverflows – Possible ignored exceptions There is a lot of overlap between FindBugs and PMD. Because of the limitations of working with byte code or source code, each excels in their own area. They compliment each other, but are not the same thing. Here’s the FindBugs GUI after running through the Apache Tomcat lib. Checkstyle Checkstyle is a tool for analyzing coding style and conventions. It’s not going to stop any rouge exceptions, but it will give feedback on how the code is put together. Checkstyle is useful to ensure java code is being written right. Here are some things Checkstyle will catch: – Missing/improper javadoc – Whitespace – Placement of braces and parentheses – Line length – Naming conventions Checkstyle is most-different from PMD and FindBugs. While it has checks for things like empty catch blocks and .equals() vs ‘==’, the main focus on the project is ensuring the coding style adheres to a set of conventions. Here’s a small snippet of checkstyle being run on Apache Tomcat’s source. Unfortunately, the project does not come with any XSLT renderers. However, output can be directed into an XML file and a custom renderer could be made. Final Thoughts Arguably, PMD, FindBugs and Checkstyle are the most popular open source java code analyzers out there today. There is a good amount of overlap between them, but each provides a unique service. The ideal static code analyzer would combine PMD, FindBugs and Checkstyle, so all aspects of coding practice could be covered. One open source project bears mentioning – Sonar. Without any heavy experimenting, Sonar wraps PMD, FindBugs and Checkstyle into one package, plus more. A big drawback to Sonar is that it requires a database and hosting on a web server. PMD, FindBugs and Checkstyle can be downloaded and running on source code in less than five minutes. Regardless of what software package is used, running a static code analyzer is a great idea for java projects. Not only do they enforce project-wide coding standards, but they help prevent buggy code from reaching a critical environment. Best of all, some of the best java source code analyzers are open source. Share this article: About Pivotree Growth Team Related Articles 360 Degrees of Retail Omnichannel Commerce Our CPQ Replatforming Decision – Part 1: The Catalyst Our CPQ Replatforming Decision – Part 2: The Decision Matrix Our CPQ Replatforming Decision – Part 3: The Choice 0 Comments Leave a reply Click here to cancel the replyYour email address will not be published. Required fields are marked *CommentName * Email * Website