Trending: iOS · Python · PyPy · Scala · IndexedDB · CSS · WP7 · Vagrant · ASP.NET · Heroku · Amazon Cloud · Cloud Foundry
Javalobby
Did you know? DZone has great portals for Python, Cloud, NoSQL, and HTML5!

Follow me on twitter or flattr me!
Check my open source twitter search Jetwick to get the latest news without noise. And if you would like to be teached here in Germany about Java, algorithms, design patterns or TDD please contact me. Peter is a DZone MVB and is not an employee of DZone and has posted 58 posts at DZone. You can read more from them at their website. View Full User Profile

Code Quality Tools in Java

May 25, 2009 AT 1:03 AM
  • submit to reddit

We Recommend These Resources

Web Load Testing is Good Business

Why Load Testing From The Cloud Doesn't Work

There are several tools to measure the code quality. The ones I have tried with a lot of success are:

  • FindBugs (latest version 1.3.8) – uses static analysis to look for bugs in Java code. This is a great tool, it discovered possible NullPointerExceptions and a lot more bugs in my projects. Sometimes I asked myself how this program could have discovered this ‘complicated’ bug.With the maven plugin you can do: 
    mvn findbugs:findbugs

    which will use version 1.3.8 out of the box

  • PMD (latest version 4.2.5) – scans Java source code and looks for potential problems. The rules are configurable, but at the beginning you will only need the provided one (and spend a lot of time to choose your favourites ;-) )In NetBeans 6.5 this tool is well integrated and works like a charme (CTRL+ALT+P).

    With the maven plugin you can do:

    mvn pmd:pmd

    after you specified the following in the pom.xml under<reporting> <plugins> :

    <plugin>
      <groupId>org.apache.maven.plugins</groupId>
      <artifactId>maven-pmd-plugin</artifactId>
      <version>2.3</version>
      <configuration>
        <targetJdk>1.5</targetJdk>
      </configuration>
     </plugin>

Other tools could be

  • JarAnalyzerIs a dependency management utility for jar files. It’s primary purpose is to traverse through a directory, parse each of the jar files in that directory, and identify the dependencies between the jar files.
  • HammurAPIa code quality governance platform

but I haven’t tried them so far.

For Findbugs  and pmd there is a NetBeans plugin (SQE … software quality environment) which looks promising, but fails with a NullPointerException after I installed it via the update center and tried it on my project. Maybe I should use one of the snapshots. (BTW: I successfully used the pmd-plugin and findbugs in the standalone version).

Sonar is another interesting approach to use several code quality tools at a time. With Sonar it is possible to see the violations or possible bugs over das or weeks  – so, you are looking at the improvements and you will not get lost in the mass of bugs at the beginning. Another “multi-tooling” project is XRadar.

A little bit offtopic, but a great tool is proguard, which shrinks, optimizes, obfuscates and preverifies Java class files. There is even a maven plugin for that.

From http://karussell.wordpress.com/

(Note: Opinions expressed in this article and its replies are the opinions of their respective authors and not those of DZone, Inc.)

Comments

Sven Reimers replied on Mon, 2009/05/25 - 2:56am

As the maintainer of SQE I can confiram that the latest available SQE version has problems in newer NetBeans version(s). That is the bad news. The good news is that the new SQE version will be release Real Soon Now... and fixes all those nasty NPE's and the remaining issues in NetBeans issue tracker...

David Karr replied on Mon, 2009/05/25 - 11:43am

One of the interesting factors that makes PMD useful in unusual situations is that you actually have the ability to write your own rules. When PMD parses a source file, it builds an abstract syntax tree (pretty normal so far), but then it provides access to that tree through XPath or a pure Java api. That provides a lot of power if it's something you need.

Pether Sorling replied on Tue, 2009/05/26 - 6:17am

Xradar (http://xradar.sourceforge.net/) is excellent , view sample report at http://xradar.sourceforge.net/reports/release4/index.html . Development looks like it's pretty active..

Walter Bogaardt replied on Tue, 2009/05/26 - 11:23am

A couple of things also missed, and I wouldn't discount is  code coverage tools/reports like surefire reports, or checkstyles. Using these in your build process outside of the IDE environment and in a continious integration environment like Continuum provides valuable statistics. Couple that with maven dashboard plugin with persistence can give you historic trending of how your code is progressing.

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.