Ease of writing custom rules in (Java) static code analysis tools
At present I am working for a group where source code (Java) for multiple projects have to be analysed by static code analysic tools
But I would like to write custom rules that I can add to the existing s开发者_C百科et of rules provided by the tool (the rules would involve mostly regular expressions matching for text/string within the source code).
Especially keeping the perspective that I should be able to easily write/add my own custom rules that can be used alongwith the existing list of rules of the tool.
Can anyone please suggest which tool (or combination of tools) among the below given list should I use ?
- PMD
- Checkstyle
- Findbugs
Edited : Thanks Ira for the direction. I am looking for static code analysis tools to be used along with Sonar. I hope now the question is clear.
Here are some tutorials on setting up custom rules on PMD, I use PMD integrated with Maven myself in addition to sonar.
http://www.techtraits.com/Programming/2011/10/31/writting-pretty-code-with-pmd/
http://www.techtraits.com/Programming/2011/11/05/custom-pmd-rules-using-xpath/
http://blog.code-cop.org/2010/05/custom-pmd-rules.html
I have used all of these tools for many years, and I would recommend them all!
Checkstyle, Findbugs, and PMD all integrate very well with sonar, all three allow the creation of custom checks, and all three allow those custom checks to be used in sonar.
PMD probably makes it easiest to create new checks, but it is also slightly limited compared to the others. Findbugs needs .class files, but since the whole thing usually integrates into some form of automated build process, that's no problem. Checkstyle is the tool that I use most heavily, because it is both light-weight and powerful.
Each of the tools has some checks that the others don't have. Especially Findbugs has some quite sophisticated checks that suprised me in a positive way several times. By combining the advantages of all three tools in sonar, you can build a powerful static code analysis system that really helps your development team.
I use FindBugs and PMD integrated with Sonar. I discourage the usage of CheckStyke since introduce a formatting style which is not pleasing to all developers .
FundBugs is very complete and hepled me to find a lot of bugs. I suggest to integrate FindBugs with a continuous integration tool such as hudson (http://www.eclipse.org/hudson/).
Hudson supports FindBugs, CheckStyle and PMD both.
精彩评论