{ by david linsin }

July 30, 2008

Why is Static Analysis Uncommon?

This is another of those very interesting poll results coming up on java.net regularly. The reason why it's interesting is the number of votes behind "No, I live under a rock and have no clue what static analysis is good for" option.

I've first heard about static analysis in 2005 and have used different plug-ins in my IDE ever since. So I strongly doubt that 20% of the people who gave their vote, really don't know what static analysis is. It has been covered so many times during the last couple of months through various channels, that you just couldn't have missed it!

So if you've never heard of findbugs, checkstyle or fortify then I'll strongly recommend to climb out of your cave and go check it out!


unmaintainable said...

Actually, almost every developer uses static code analysis on a daily basis. Modern compilers and IDEs have lots of built-in checks ("unreachable code", "unused variable" etc.), you just don't think about them because they don't live in a separate tool.

For example, ten years ago, you had to reach for lint(1) for static analysis of C code, but a modern GCC comes with most of the checks lint provided back then. All you have to do is activate them and, most importantly, actually fix the warnings they produce.

david said...

You are totally right! I guess I should have asked "Why does none know about static code analysis?"

IDEs are a great assistance today. If you have such a powerful tool as IDEA's built-in static code analysis at hand, you have the chance to catch a lot of bugs before you check-in your code.

Casper Bang said...

I can tell you why I rarely use the mosre sophisticated static analysis tools like PMD and FindBugs. Each time I try out the plugins available for NetBeans, they are broken. Since this used to be the same case for JUnit integration etc., I am guessing that in a few years all IDE's incl. NetBeans will have this build right in.

david said...

Casper I guess you are using the wrong IDE... :-) It all works great in IDEA and Eclipse.

Casper Bang said...

Same story though for JDeveloper. But I hear ya ;)

Anonymous said...

@Casper - Forget the individual plugins. Grab Checkstyle, Findbugs, PDM, Lint4J and Dependency Finder as one bundler from the SQE project at https://sqe.dev.java.net/
It works great and addresses all the brokenness that was a syptom of the individual plugins on netbeans.


  • mail(dlinsin@gmail.com)
  • jabber(dlinsin@gmail.com)
  • skype(dlinsin)