Java code analysis

From Arnout Engelen

For my Masters' thesis, I did some research on Java source code analysis. I should put a short explanation of what I did, why this area is cool and how this can be put into practice here.

Contents 1 Overview 2 Tools 2.1 ESC/Java 2.2 Findbugs 2.3 PMD 2.4 Other 2.5 Idea: warlint

[edit] Overview

[edit] Tools

[edit] ESC/Java

Inapa, Houdini

[edit] Findbugs

Definitely ready for real-world use, a very useful programming tool.

[edit] PMD

http://pmd.sf.net

[edit] Other

• lint4j - looks good, haven't tried.
• jlint - haven't tried yet (works with eclipse

[edit] Idea: warlint

I like how Java is statically typed. As it is, however, dynamically linked, you can still get into trouble if you link against the wrong version of a lib (or omit a lib entirely).

It would be useful to have a tool that can tell me, prior to releasing a war, if there are i.e. function calls in there that are guaranteed to fail given the jars in that .war.

Of course that can't be complete (e.g. if you're using reflection), but it should be possible to mark some simple cases.

Something like this doesn't seem to be available yet. It could also check if multiple versions of the same jar ended up in the war - another common source of problems.