OSS Code Analysers

Document created by resplin Employee on Jun 6, 2015Last modified by alfresco-archivist on Aug 31, 2016
Version 5Show Document
  • View in full screen mode

Obsolete Pages{{Obsolete}}

The official documentation is at: http://docs.alfresco.com



OSS QA Tools
Back to OSTT




A comparison done by the University of Maryland can be found here: |A Comparison of Bug Finding Tools for Java


FindBugs


FindBugs looks for bugs in Java programs. It can detect a variety of common coding mistakes, including thread synchronization problems, misuse of API methods, etc.

http://findbugs.sourceforge.net/

Steve: Tick.gif Does work, but output only viewable in any legable format within the application itself - more suited to individual use.

ZbbFufu: Tick.gif Can also be used as ant task to output html reports. Good reports for continuous integration.


QJ-Pro


QJ-Pro is a comprehensive software inspection tool targeted towards the software developer. Developers can automatically inspect their Java source code and improve their Java programming skills as they write their programs. QJ-Pro provides descriptive Java patterns explaining error prone code constructs and providing solutions for it.

http://qjpro.sourceforge.net/

Steve: Cross.gif Does not work with Java 1.5.


PMD


PMD scans Java source code and looks for potential problems like:

* Unused local variables
* Empty catch blocks
* Unused parameters
* Empty 'if' statements
* Duplicate import statements
* Unused private methods
* Classes which could be Singletons
* Short/long variable and method names

http://pmd.sourceforge.net/

Steve: Tick.gif Works and outputs results as html.


JLint


Jlint will check your Java code and find bugs, inconsistencies and synchronization problems by doing data flow analysis and building the lock graph.

http://artho.com/jlint/

Steve: Cross.gif Not been updated for 9 months, does not work on Java 1.5.


Hammurapi


Hammurapi is an open source code inspection tool. Its release comes with more than 100 inspectors which inspect different aspects of code: Compliance with EJB specification, threading issues, coding standards, and much more.

http://www.hammurapi.org/

Steve: Cross.gif Does not work on Java 1.5.


DoctorJ


DoctorJ analyzes Java code, in the following functional areas:

* documentation verification
* statistics generation
* syntax analysis

http://doctorj.sourceforge.net/

Steve: Question.gif Only analyses comments and documentation within the code.


Condenser


Condenser is a tool for finding and removing duplicated Java code. Unlike tools that only locate duplicated code, the aim of Condenser is to also automatically remove duplicated code where it is safe to do so.

http://condenser.sourceforge.net/

Steve: Cross.gif Not been updated since 2002.


JCSC


JCSC is a powerful tool to check source code against a highly definable coding standard and potential bad code. The standard covers naming conventions for class, interfaces, fields, parameter, ... . Also the structural layout of the type (class/interface) can be defined. Like where to place fields, either before or after the methods and in which order. The order can be defined through the visibility or by type (instance, class, constant). The same is applicable for methods. Each of those rules is highly customizable. Readability is enhanced by defining where to put white spaces in the code and when to use braces. The existence of correct JavaDoc can be enforced and various levels. Apart from that, it finds weaknesses in the the code -- potential bugs -- like empty catch/finally block, switch without default, throwing of type 'Exception', slow code, ...

http://jcsc.sourceforge.net/

Steve: Cross.gif Not been updated for 10 months, does not work on Java 1.5.


JDepend


JDepend traverses Java class file directories and generates design quality metrics for each Java package. JDepend allows you to automatically measure the quality of a design in terms of its extensibility, reusability, and maintainability to effectively manage and control package dependencies.

http://www.clarkware.com/software/JDepend.html

Steve: Question.gif No information on when the latest release is from, only checks a small set of issues.


Dependency Finder


Extracts dependencies and OO metrics from Java class files produced by most Java compilers.

http://depfind.sourceforge.net/

Steve: Question.gif Only finds dependencies within the code.


CheckStyle


Checkstyle is a development tool to help programmers write Java code that adheres to a coding standard. It automates the process of checking Java code to spare humans of this boring (but important) task. This makes it ideal for projects that want to enforce a coding standard. Checkstyle is highly configurable and can be made to support almost any coding standard. An example configuration file is supplied supporting the Sun Code Conventions. As well, other sample configuration files are supplied for other well known conventions. Can be integrated into CruiseControl and Eclipse.

http://checkstyle.sourceforge.net/

Steve: Question.gif Only checks that code conforms to their coding standard.


Classycle


Classycle's Analyser analyses the static class and package dependencies in Java applications or libraries. It is especially helpful for finding cyclic dependencies between classes or packages. Classycle's Dependency Checker searchs for unwanted class dependencies described in a dependency definition file. Dependency checking helps to monitor whether certain architectural constrains (e.g. in a layered architecture) are fulfilled or not.

http://classycle.sourceforge.net/

Steve: Question.gif Only checks for cyclic classes.

Attachments

Outcomes