For a long time I thought that the static code analysis for a Java project was a waste of time. We know how to code correctly and nicely, we have the compiler, we have the unit tests, integration tests etc. why need to bother with something else? 


What’s great with the static code analysis is that the check comes almost for free – you only have to enabled and configure the tools.

 

I was looking for tools that can help me with this and I was amazed to see that finally there are mainly 3 tools that are used by everybody: CheckstylePMD and Findbugs. They are also ultimately used by Sonar as well.  Furthermore, the tools seem to overlap in different areas, so in the end you have to use the three of them and make sure that the common areas are configured similarly.

 I described here my first experience with these tools. If you’re still hesitating to add them to your list of development tools, this may help you to decide.

 Findbugs and PMD are great to help you assessing the current status of a project and then keep a certain level of confidence in your code’s quality. But in my opinion they both fail in making the life easy for the teams who’d like to continuously improve the level of quality of their code in a sustainable manner.

 

Creating new rules in Findbugs seems quite difficult. In PMD it seems a bit easier using the XPATH framework, but it’s still quite hard and unnatural. Additionally even existing XPATH rules have problems because they match on class’ simple name instead of the full name (try having for example a class called Statement or Thread in any package you want :). Generics are not well taken into account as well.

 While looking at the PMD documentation, you see that most of the rules come with examples. So I came up with the following idea: why not describing the rules by using examples? (bug by example).

The idea is to write compilable code snippets using a specific library to describe the bugs and then to detect those patterns in your code.

 

import static org.bugby.wildcard.Wildcards.someTypedValue;
import org.bugby.annotation.BadExample; 

@BadExample

public class DontCallThreadRun {

 public void someCode() {

    someTypedValue(Thread.class).run();
 }

}

Making easy for the developers to create new rules is like creating unit tests for code yet to be written! Can you imagine delivering your libraries together with some rules that would statically check if it’s wrongly used!

Currently there are around 700-800 rules in Findbugs + PMD. But I believe that if teams and the community contribute to the rule database it shouldn’t be unusual to see enterprise projects with 5000-10000 rules enabled!

The Bugby project is still in its inception, proof of concept phase. If you believe that it can be the future static code analysis tool, your help to move faster would be greatly appreciated!