Geek Answers Handbook

Do you find source code analyzers useful?

  • Do you use source code analyzers? If so, which and for which development language?
  • Do you find them useful in resolving potential errors in your code? Or are most of their warnings trivial?
  • After prolonged use, you will find that the quality of your code is higher than before?
+6
debugging static-analysis code-analysis
source share
7 answers

I use several static analysis tools in Java. FindBugs is the first line of defense that catches a lot of common mistakes and provides fairly useful feedback. He often notices the stupid mistakes of tired programmers and does not place a heavy burden on the user.

PMD is good for many other smaller errors, but requires a much larger configuration. You will see that default PMD values ​​often exceed. There are too many rules that are probably useful on a tiny scale, but ultimately do not help other programmers support your code. Some of the PMD rules often bring premature optimization.

Most likely, CPD support in PMD is more useful. He's trying to find code that has been duplicated elsewhere to make refactoring a lot easier. Running throughout the project, it really helps to determine where the highest priorities are cleaning the code and stopping any DRY violations.

Checkstyle is also convenient, making sure your encoders comply with the coding style standard. it overlaps a bit with PMD, but is usually much more convenient.

Finally, Cobertura is a great coverage kit for testing. It is very convenient to discover where single tests are missing and where you should give high priority to creating new tests.

Oh, and I also tested Jester . This seems to be very well suited for finding holes in tests, even if the code has some coverage. Not recommended, simply because I have not used it enough, but one to check.

I run these tools both from Eclipse and as part of an automatic build kit.

+3
source share

I am a long-term PC-Lint user for C and C ++ and find it very useful. These tools are most useful when moving to a code base that you cannot handle. Over time, you fall into the law of diminishing returns, where the number of new errors that you discover tends to lag.

I always stay in the full version of the project on a large release.

Edit: there is a good list of relevant wikipedia tools here

+1
source share

For C, I use MEMWATCH . It is really easy to use and free.

I used it to find many memory errors in the past.

+1
source share

I used resharper and MS TS (mainly FXCop), and both of them are very useful, especially in the following areas:

  • Dead code identification
  • Wide coverage
  • Performance improvements (related to globalization, etc.).

Recommendations are not always great, but usually improve the quality of the code.

+1
source share

I am using StyleCop for C #. This is a great tool for maintaining a consistent code style, which leads to improved code quality. In addition, ReSharper does some code analysis, but it is pretty simple.

0
source share

I am very pleased with ReSharper . It not only provides useful bits of information during coding (for example, unnecessary casts, apply readonly, etc.), but its refactoring functions are great for quick code swapping.

It does not cover everything, so FxCop (or similar) is a worthy addition to the toolbar. However, since Resharper provides immediate feedback, the processing time is really good. (I know that FxCop can be run from VS, but this is just not the same).

0
source share

I find the analyzers somewhat useful, I use buildin for visual studio (e.g. / for c / C ++ and custom rules for .net), sometimes I use stylecop and codeitright for C # mainly for guidance on how things should be.

I do not think that there is an ideal tool for everything that every bug finds, but I think that the tools help to find some errors, and not impossible to track, but believe me, you would spend a lot of time finding them.

Yes, the quality of your SOMEWHAT code is better than before, but I also believe that manual debugging is still necessary. Source analyzers are not the ultimate cure, although they are a good cure. If there was a tool that you just completed and found any errors and corrections, then it will cost you millions.

Some programmers I know swear that IBM Rational PurifyPlus is excellent, but that's their opinion. I just spent 2-3 sessions with the tool.

But always remember that one of the basic principles of programming logical errors is the most difficult to find and fix, so long hours of debugging are inevitable. A good code analyzer combined with unit testing can work on miracles.

PS. I tend to give far fewer errors in C # than in C ++, someone may say that I am wrong, but although I have been using C ++ for more years than C #, I find the "code and I will take care of this "C # gc approach is much simpler than C ++ especially for projects you are in a hurry to finish on time / deadline, which EVERY project is like these days ...

0
source share

More articles:


All Articles