Ovidijus Okinskas Ovi is a Software Developer at IDRsolutions, currently working on BuildVu and improving internal processes. He enjoys self-help reading, batch-cooking and card games.

How to run CheckStyle, PMD and FindBugs from Maven

2 min read

What is static program analysis?

Static analysis provides testing against code bases and binaries without the execution of any code. IDEs do this too by highlighting areas of code they do not like. Ensuring code quality and identifying issues without running the code can save a huge amount of time for your team; we recommend using CheckStyle, PMD and Findbugs in conjunction to achieve full coverage.

What do the plugins do and why should I use all three?

CheckStyle ensures “programmers write Java code that adheres to a coding standard” in Java. Using it will allow you to define and enforce good coding practices for a project.

PMD is a cross-language tool that “finds common programming flaws like unused variables, empty catch blocks, unnecessary object creation, and so forth”.

Using FindBugs allows teams to “inspect Java bytecode for occurrences of bug patterns”. Identifying and flagging unused private methods, potential null occurrences and other key issues becomes trivial.

Integrating static analysis into Maven

Maven provides plugins for all three tools which can be nested in the pom.xml of a Maven project. Configurations for the plugins can be adapted to suit the team’s needs and can be further adapted via rule-sets.

CheckStyle config
Example of CheckStyle config.

The plugin definition is clean and simple to read. In this case, the configuration section says that a violation will fail the build and to include test directories in the static analysis. Defining the plugin’s phase of execution and goal is possible in the ‘executions’ section. We’ll take a look into phases in the next section.

CheckStyle execution section.
Example execution section.

The setup for each of the tools are generally very similar with naming conversions that might differ slightly from one to another. All possible Maven configurations and executions are documented for each of the plugins and can be found by following these links: CheckStylePMDFindBugs. The full plugin setup will look something like this:

Full plugin section
Full CheckStyle plugin section.

 

Static analysis and the Maven Lifecycle

The Maven Lifecycle is the order in which tasks execute when building a Maven project. The sub-sections of each phase (light blue in the image) show the underlying actions in a certain phase.

Maven Lifecycle

 

The tools provide different functionality and can require different aspects of the code they are running against. FindBugs runs against binaries requiring the compiled source code whereas PMD and CheckStyle do not. This means that the latter two can operate at earlier sections of the cycle while FindBugs must operate after the compile phase.

Optimising static analysis in the Lifecycle

Choosing where to execute static analysis tests will depend on how the team wants to implement them. For instance, at IDRsolutions we currently execute PMD and CheckStyle during the validate phase. This allows the build process to highlight any violations and fail the build prior to the compile phase. We can then easily know if our new code conforms to our rule-sets without going through the entire cycle.

It is best to know exactly what your team requires and plan the Lifecycle accordingly in order to get the fastest feedback. For some teams, this will be quick feedback on structure, for others it might be quick feedback on compilation and ensuring FindBugs rules are followed.

If build speed is a key factor, the maven-buildtime-extension plugin will display how long certain parts of the Lifecycle take in your build. This is useful for seeing how changes affect build time.

Display build times via plugin

How does your team implement static analysis? Let us know and we might adapt your configuration ideas!

If you’re a first-time reader, or simply want to be notified when we post new articles and updates, you can keep up to date by social media (Twitter, Facebook and Google+) or the Blog RSS.

Ovidijus Okinskas Ovi is a Software Developer at IDRsolutions, currently working on BuildVu and improving internal processes. He enjoys self-help reading, batch-cooking and card games.

Hacking the NetBeans IDE – 4. Changing the way…

To help us prepare for our talks for our talks at Oracle CodeOne – “Writing Better Code (Faster) in the Apache NetBeans IDE ” and “Hacking...
Mark Stephens
1 min read

Leave a Reply

Your email address will not be published. Required fields are marked *