Comparison of Static Code Analysis Tools for Java - Findbugs vs PMD vs Checkstyle

BY MARKUS SPRUNCK

The static code analysis tools Findbugs, PMD and Checkstyle are widely used in the Java development community. Each has an own purpose, strength and weaknesses. The following article compares the most important aspects and gives some recommendations for the introduction in your teams.

Recommendations

As you may see in the direct comparison — the three tools have some aspects and/or rules in common, but they give just in the combination 100% functionality you may need in your project. In the beginning (first weeks) the best is to start with Findbugs. You will not have a lot discussions about the warnings with the developers. Almost all warnings of Findbugs are without any doubt possible defects or things which are harmful in some way.

After the developers are used to work with static code analysis you should start with some PMD rules and later with the more style questions from Checkstyle. Be careful with the Checkstyle rules - just activate what is really necessary and accepted by the team. My recommended way to use the three tools is Codehaus Sonar. The dashboard of Sonar summaries the results in one report, enables to manage a central rule set and an excellent Eclipse Plug-in for local analysis is available.

The standalone client of Findbugs can be used to analyze Java byte code in the case the source code is not available, e.g., to get an impression about the quality of 3^rd party libraries.

References

[1] Findbugs (http://findbugs.sourceforge.net) Is a static code analysis tool that analyses Java byte code and detects a wide range of problems.

[2] Checkstyle (http://checkstyle.sourceforge.net/index.html) Is a development tool to help programmers write Java code that adheres to a coding standard.

[3] PMD (http://pmd.sourceforge.net/pmd-5.0.0) Scans source code and looks for potential problems possible bugs, unused and sub-optimal code and over-complicated expressions.