Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 754
  • Last Modified:

Static code analysis tool

Which static code analysis tool (or software metrics tool) is good for Java/J2EE?
0
nbkd72e
Asked:
nbkd72e
  • 4
  • 3
  • 2
  • +1
2 Solutions
 
Mayank SAssociate Director - Product EngineeringCommented:
There are several mentioned here:

http://www.spinellis.gr/blog/20050211/

I guess this one  is good - http://www.semdesigns.com/Products/Metrics/JavaMetrics.html
0
 
nbkd72eAuthor Commented:
Have you used it before? Why do you believe it is a good one, compare to others?
0
 
Ajay-SinghCommented:
I have used OptimizeIt (http://www.borland.com/downloads/download_optimizeit.html)  - found it really useful.
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
nbkd72eAuthor Commented:
OptimizeIt is a dynamic analysis tool, which profiles Java runtime to find out performance and memory related issues.

What I am looking for is a static analysis tool, which scans and analyze Java source code to find out design and implementation issues, as well as generate metrics to indicate the complexity and quality of the code.
0
 
Mayank SAssociate Director - Product EngineeringCommented:
>> Why do you believe it is a good one, compare to others?

My colleagues have used it, and gave good feedback
0
 
nbkd72eAuthor Commented:
Can you provide more details of the features you like and dislike? Also, have you used other tools?
0
 
Jeroen RosinkCommented:
You also might take a look at:
http://javatoolbox.com/categories/code-analysers-standards-verifiers
http://www.agilejournal.com/component/option,com_magazine/func,show_article/id,36/


Still it depends what you want to measure. If it is the complexitiy you should take notice on what kind of formula they use. The obvious formulas used for measuring cyclomatic complexity are from McCabe (http://www.mccabe.com/) (http://www.sei.cmu.edu/str/descriptions/cyclomatic_body.html), Halstead (http://www.sei.cmu.edu/str/descriptions/halstead_body.html)  and McClure (http://portal.acm.org/citation.cfm?id=988131.988142&coll=GUIDE&dl=GUIDE&CFID=768228&CFTOKEN=84533385).

regards,
Jeroen
0
 
nbkd72eAuthor Commented:
The link "http://javatoolbox.com/categories/code-analysers-standards-verifiers" is nice and helpful. But it contains so many tools. Which one would you recemmend? What I need is a tool to analyze the quality of the implementation, design and even architecture of Java/J2EE applications.

Also, Halstead is a different complexity measurement than cyclomatic ones (e.g. McCabe).
Which type of OO metrics you think is useful and helpful?
0
 
Jeroen RosinkCommented:
I don't have that much experience with static analysis tools myself, only for heard and say and courses. And therefor even harder to select a tool you need. It has to fit your requirements. All I asume is that you want to increase the quality of your code and avoid errors in a later stage. With refering towards the CC I wanted to point out that not always tools give insight which kind of calculation they are using.
Still it depends on what you want to measure.

I can imagine that you want some kind of cyclomatic complexity (CC) measured which gives insight on the possibility of errors, the higher the number the complexer the code. If that code also contains a hugh number of lines of code then it also gives some expectation on raising errors. Then you also might consider the number of functions/classes which are called within the cycle. This is more a point of view regarding the chance errors occur.

Some figure you even might want is how many times a certain function/class is called. And what about the inheretence of classes.

Another way errors could occur is based on not using coding standards. I know there are also tools which check the source against your coding standards like naming conventions etc.

Perhaps this give some additional info to create a check  list what you need in your tool and compare the tools based on that checklist.

regards,
Jeroen
0
 
Mayank SAssociate Director - Product EngineeringCommented:
There are many code analyzers which are open source:

http://java-source.net/open-source/code-analyzers
0

Featured Post

Hire Technology Freelancers with Gigs

Work with freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely, and get projects done right.

  • 4
  • 3
  • 2
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now