Java Code Analysis

- JavaTouch

Code Analysis Tools:
- FindBugs

- Java SE Home
- Java EE Home
- Spring Framework Home
- Junit Home 
- Software Design Home



My software never has bugs. it just develops random features!

Why you need Java Code Analysis tools?

Quality assurance focuses on the most important features of any
given product, normally functionally testing a thin path within the whole
code base.
One issue that is not always addressed is the consistency of bad practices by a given team, or the general level of defects. Static analysis works from the bottom up and pays attention evenly throughout the whole code base.
Further, static analysis captures a large swath of real errors. Not all of
them are particularly interesting; sometimes the reports sound more like nags. However, the number of real errors, trivial or not, is around the 50-75 percent correct rate.

  • You being a human is not perfect.

  • You may be blind to mistakes done by you.
  • Tools are faster in analysis.
  • Tool may suggest you good practices that you may not be aware before.
  • Last but not the least, If you have already use Code analysis tool and corrected all the mistakes, when your lead or PM run the analysis tools on your code base, he will fing your code error free and upto the standerds :-)

What are the things that a Code Analysis Tool reports?

  • Correctness (Possible bugs)
  • Code snippets with uncertain outcomes (Dodgy)
  • Dead code - unused local variables, parameters and private methods
  • Bad practice

        - Suboptimal code. eg:  Wasteful String/StringBuffer usage
        - Overcomplicated expressions eg: Unnecessary if
           statements,for loops that could be while loops
        - Duplicate code i.e. Copied/pasted code means copied/pasted

  • Performance realted
  • Multi threaded related

Who will be using Code Analysis Tools ?

  • Developers - To find bugs in their code to fix them early and also to improve quality of code.
  • Leads/Architects - To review the code of their team members and correct any issues and bad practices early.
  • Project Managers - May run Analysis tool to identify who is writing quality code and vise versa.

Does using Code Analysis Tool an additional burdan on coading?

If used in smart manner, using a code analysis tool is not going to cause additional burden on the developer. Here are few tips;

1. Integrate your code analysis tool with your IDE so that it will generate the warnings as you code. So you can fix those right away and they will never get accumilated.

2. Integrade the code analysis tool with your builds so that it will generate the code analysis report at the end of each build which can be mailed for those responsible.


Use of Code Analysis Tools- Best Practices

1.Choose the rules that are right for you.
   Running every ruleset will result in a huge number of rule violations, most of which will be unimportant. Having to sort through a thousand line report to find the few you're really interested in takes all the fun out of things. Generally, pick the ones you like, and ignore or suppress the warnings you don't like. It's just a tool.

2. Integrate your code analysis tool with your IDE
   Detect all the warrnings while you code. This is the best time to fix those.

3. Integrade the code analysis tool with your builds
  This may detect errors and issues which are not detected by individuals for example duplicate code checked in by two individuals etc. This is handy for leads and PM's as well. You can integrate code analysis report with daily build mail. "Build completed successfully. xx number of warnings raised.." may be a wake up call for all the developers in the project.

What are the good Java code analysis tools available?

1. FindBugs

FindBugs™ is a program to find bugs in Java programs. It looks for instances of "bug patterns" --- code instances that are likely to be errors.FindBugs is platform independent, and is known to run on GNU/Linux, Windows, and MacOS X platforms. It is free software, distributed under the terms of the Lesser GNU Public License.
- You may confugure FindBug tool to run as a part of your builds.
- You may use FindBug in Eclipse IDE.
 Learn more..

2. PMD

PMD scans Java source code and looks for potential problems like:

- Possible bugs - empty try/catch/finally/switch statements
- Dead code - unused local variables, parameters and private methods
- Suboptimal code - wasteful String/StringBuffer usage
- Overcomplicated expressions - unnecessary if statements, for loops that could be while loops
- Duplicate code - copied/pasted code means copied/pasted bugs


Duplicate code can be hard to find, especially in a large project. But PMD's Copy/Paste Detector (CPD) can find it for you! CPD works with Java, JSP, C, C++, and PHP code. This tool is a suset of PMD tool.


"Anyone who has never made a mistake has never tried anything new."

"The only reason for time is so that everything doesn't happen at once."

"The only source of knowledge is experience."

- Albert Einstein