Jai’s Weblog – Tech, Security & Fun…

Tech, Security & Fun…

  • Jaibeer Malik

    Jaibeer Malik
  • View Jaibeer Malik's profile on LinkedIn
  • Subscribe

  • Feedburner

  • Enter your email address to subscribe to this blog and receive notifications of new posts by email.

    Join 32 other followers

  • Archives

  • Categories

  • Stats

    • 415,137
  • Live Traffic

  • Advertisements

Code Quality – Measurement (Static Code Analysis) Tools

Posted by Jai on April 12, 2009

This article covers the third part of the series of articles Code Quality – Learn, Measure and Organize Awareness which is about the Code Quality – Learning code quality aspects, Using different code quality Measurement Tools and How to organize the awareness with in the team . Here we will discuss about the different static code analysis tools as code quality measurement tools which you can use to put a check on the quality of the code produced.

In my small experience of auditing, I have tried to mention these points a lot of times that many of the code quality issues are very common in every application and can be figured out at very early stage of the project. What lies behind of scenes in every project is more or less exposed in the code auditing process. A small story What is happening behind the scenes explains a bit about the common problems in terms of quality of code, which will give you some idea what we are talking about here.

Why Static Code Analysis:

Static code analysis can help you to figure out the possible coding errors in your software. You can gain real quality improvements in your software by integrating these SCA tools in your development process. What is better than finding these problems during development phase rather than once the software is live. These tools can do the first hand review of the piece of the code written by the developers.

SCA Tools:

The List static code analysis tools gives you plenty of tools available to use, some of which are open source and some of these are licensed. I am gonna mentioned few of these which I personally have used and definitely would like to recommend.

a) Clover & Cobertura (Test Coverage Measurement Tools)
b) Simian (Code Metrics Tool for code duplication)
c) PMD & FindBugs (Code Quality Tools)
d) Junit (Unit Testing Tool)
e) CheckStyle (Coding Style Violations Checking Tool)

Junit : Junit is a unit testing tool which gives the information regarding success rate of the test cases.

Clover : Clover is a powerful and highly configurable code coverage analysis tool. It discovers sections of code that are not being adequately exercised by your unit tests.

Simian : Simian (Similarity Analyser) identifies duplication in Java source code.

PMD : Scans Java source code and looks for potential problems like Possible bugs, Dead code, Suboptimal code, Overcomplicated expressions and Duplicate code.

Cobertura : Calculates the percentage of code accessed by tests.It can be used to identify which parts of your Java program are lacking test coverage. It is based on jcoverage.

Findbugs : FindBugs is a program which looks for bugs in Java code.

CheckStyle : Checkstyle is a development tool to help programmers write Java code that adheres to a coding standard.

Metrics : Provide metrics calculation and dependency analyzer plugin for the Eclipse platform. Measure various metrics with average and standard deviation and detect cycles in package and type dependencies and graph them.

XRadar : It gives measurements on standard software metrics such as package metrics and dependencies, code size and complexity, code duplications, coding violations and code-style violations.

Feel free to have a look at the few comparison metrics, Talking about SCA and Tools Review List .

How to use:

It depends on you that how you integrate these tools with in your development process. Either you can integrate these tools as part of your build process itself or can plan separate quality build to put the check on the code quality.

  • Integrate with build process
  • Separate quality build
  • Dedicated time to find and fix quality problems

Enforce it:

You can also plan to force the quality check before some check-in the code in the code repository. Like SVN provides you pre-commit handlers etc. which you can run to check that the incoming piece of code is following these quality standards otherwise do not allow to check in the stuff.


In the end, still the SCA tools only will not solve the problem. As very well stated that these tools only give you the idea of under lying bigger problem, SCA just tip of the iceberg.


4 Responses to “Code Quality – Measurement (Static Code Analysis) Tools”

  1. According to your post, I’m pretty sure you could be interested by Sonar and I’m a bit surprised you don’t mention it as the community is a lot more active than XRadar’s one.

  2. Joe Wright said

    Hey, you might be interested in the Sonar project which collates SCA/test runs very well:

  3. […] https://jaibeermalik.wordpress.com/2009/04/12/code-quality-measurement-static-code-analysis-tools/ […]

  4. Kutzi said

    I now that this is nitpicking, but by definition (see e.g. http://en.wikipedia.org/wiki/Static_code_analysis) JUnit, Clover and Cobertura are not STATIC code analysis tools.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: