8

At present I am working for a group where source code (Java) for multiple projects have to be analysed by static code analysic tools

But I would like to write custom rules that I can add to the existing set of rules provided by the tool (the rules would involve mostly regular expressions matching for text/string within the source code).

Especially keeping the perspective that I should be able to easily write/add my own custom rules that can be used alongwith the existing list of rules of the tool.

Can anyone please suggest which tool (or combination of tools) among the below given list should I use ?

  1. PMD
  2. Checkstyle
  3. Findbugs

Edited : Thanks Ira for the direction. I am looking for static code analysis tools to be used along with Sonar. I hope now the question is clear.

Community
  • 1
  • 1
Manoj
  • 113
  • 1
  • 2
  • 7
  • Custom rules for the test coverage tool? I don't think most of them have such a concept. The tools you list aren't code coverage tools. Can you please give an example? – Ira Baxter Apr 15 '11 at 15:15
  • like ira said, you probably mean static analysis tools. sonar combines pmd, checkstyle and findbugs and lets you enable/disablke rules easily. But i don't know about writing own rules. Especially because tools 1-3 are totally differnt, in the way they analyse code. – oers Apr 15 '11 at 16:15
  • you can rule out Findbugs. FindBugs works on byte code not sourcecode. I'd think PMD is what you'd want. – MeBigFatGuy Apr 17 '11 at 04:07
  • Thank you all for your valuable comments. My mistake that question was not free from confusion. I have edited the same. Any answers most welcome. – Manoj Apr 20 '11 at 15:14
  • 1
    PMD. See [question] http://stackoverflow.com/questions/4297014/what-are-the-differences-between-pmd-and-findbugs – Dekel Aug 30 '11 at 21:06

3 Answers3

2

Here are some tutorials on setting up custom rules on PMD, I use PMD integrated with Maven myself in addition to sonar.

http://www.techtraits.com/Programming/2011/10/31/writting-pretty-code-with-pmd/

http://www.techtraits.com/Programming/2011/11/05/custom-pmd-rules-using-xpath/

http://blog.code-cop.org/2010/05/custom-pmd-rules.html

Usman Ismail
  • 17,999
  • 14
  • 83
  • 165
1

I have used all of these tools for many years, and I would recommend them all!

Checkstyle, Findbugs, and PMD all integrate very well with sonar, all three allow the creation of custom checks, and all three allow those custom checks to be used in sonar.

PMD probably makes it easiest to create new checks, but it is also slightly limited compared to the others. Findbugs needs .class files, but since the whole thing usually integrates into some form of automated build process, that's no problem. Checkstyle is the tool that I use most heavily, because it is both light-weight and powerful.

Each of the tools has some checks that the others don't have. Especially Findbugs has some quite sophisticated checks that suprised me in a positive way several times. By combining the advantages of all three tools in sonar, you can build a powerful static code analysis system that really helps your development team.

barfuin
  • 16,865
  • 10
  • 85
  • 132
1

I use FindBugs and PMD integrated with Sonar. I discourage the usage of CheckStyke since introduce a formatting style which is not pleasing to all developers .

FundBugs is very complete and hepled me to find a lot of bugs. I suggest to integrate FindBugs with a continuous integration tool such as hudson (http://www.eclipse.org/hudson/).

Hudson supports FindBugs, CheckStyle and PMD both.

venergiac
  • 7,469
  • 2
  • 48
  • 70
  • Checkstyle can check much more than formatting. I usually disable the formatting related checks and use an automated code formatter instead. But formatting is only a small portion of Checkstyle. – barfuin Nov 27 '13 at 20:31