Over at the Building Real Software Blog, a good summary of the value of static code analysis (SCA) tools (specifically for Java) has been published that summarizes that tool space as well as the benefits (and drawbacks) one team found in using them.
Our approach has been very similar to the one described in that post, although we started getting traction with PMD much faster than we did with FindBugs. The SCA space has grown considerably in the last few years, and most Java IDEs have adopted many of the most common rules from these tools — meaning that even if you haven’t used an explicit SCA tool, you are still likely benefiting from the research that has gone into them.
These tools are best suited for finding common errors (and error patterns), providing a “sanity check” for your code.
As noted on the Building Real Software Blog,
When it comes to static analysis tools, you’d be foolish not to use a tool at all, but at the same time you’d be foolish to expect too much from them – or pay too much for them.
Our work with PMD has given us a net return on the effort we’ve put into integrating it with our build process, and over time I have no doubt that other tools will give us similar benefits.
Links:
