Code Analysis
Taking a look at the software development process we have to realize that we spent more time in reading software as in developing software. Bugfixing and refactoring is taking it's time. So what could we do analyse code or to make it much more easier?
Types of bugs
You can find bugs in every non-trivial program. They range from simple style issues to severe dis-functions. Here are some examples:
Bad practice
try {
performDangerousAction();
} catch (Exception exception) {
//never happens
}
An example of ignored exception.
Correctness
public class Summarizer {
private final BigDecimal summary = BigDecimal.ZERO;
public void addToSummary(final BigDecimal value) {
summary.add(value);
}
An example of ignored return value
Code style violations
public void displayCustomer(Customer customer) {
if (customer==null)
logger.trace("Customer not set yet");
customer=createNewCustomer();
showCustomerDetails(customer);
}
An example of incorrectly indented code. A style issue hides a severe functional problem here.
Code review
Reviewing the code by other programmers in more or less formal sessions is one way to check for potential problems in the code.
Static code analysis
Static Code Analysis tools can review the code automatically using an internal database of known bug patterns. They can be run in two basic modes. In the on-demand mode the analysis tool summarizes all the found problems into a report, which developers then go through to fix bugs in the code. In the on-the-fly mode the tools inspect the code directly in the editor, while the developer types, highlighting all potential bug occurrences in the code.
The available tools differ in the bug databases they provide, the ability to extends the bug database with custom, project-specific, patterns, the level of integration into IDEs, ability to mark false positives or configure multiple analysis profiles and some more criteria.
Besides IntelliJ IDEA and ReSharper, the most popular tools for static code analysis are FindBugs, PMD and CheckStyle.