3

I am a newbie to static code analysis tools for java like CheckStyle. I downloaded the Checkstyle package and see 2 sets of checks:

  • checkstyle_checks.xml
  • sun_checks.xml.

I compared these and geosoft_checks.xml to the master list of all available in checkstyle...essentially a 4 table full outer join to see which checks were included in most of the 3 sources.

checks |source
-----------|--------------------------------------------------------
134.......| All available
75.........| checkstyle_checks.xml (plus a SuppressionFilter pointing to suppressions.xml)
63.........| sun_checks.xml
73.........| geosoft_chekcs.xml (after removing 4 which don't work in checkstyle 5.7)

  • DoubleCheckedLocking
  • PackageHtml
  • TabCharacter
  • GenericIllegalRegexp

I've only done the analysis on sun_checks and geosoft_checks to determine which ones i can safely remove based on actual findings in the code base (of course someone can come along and violate one of the many checks not included in either)

Are there recent guidelines for which checks to include which won't unnecessarily frustrate a development team ? Have people extended checkstyle with useful checks which have been contributed back to the opensource community ?

Improve this question

1 Answer 1

Reset to default
2

This is an excellent question, and one that warrants an answer much longer than a simple SO post. Let me still try.

First off, there is no accepted general guideline that would help you. Anyone who comes to you with such a guideline is in fact marketing only his own stuff. So, I firmly believe that there is nothing you could simply take and activate and be done. This is kind of sad, but there we are.

The sun_checks are mostly historical, and have a focus on formatting and naming. They are probably still the best start, if you have nothing else. The checkstyle_checks are what the Checkstyle team uses to check their own code. I don't know the geosoft_checks, which appear to be a well-documented form of local guideline. There is also Google Java Style, which has become quite popular, but afaik has no corresponding Checkstyle ruleset yet.

Checkstyle is a tool that can do much more than just check the style of Java code. You already showed that there are almost twice as many checks available as are being used by the rulesets. My own ruleset uses 99 checks, but it is highly tailored to the solution we are building.

As things stand, I believe that if you do static code analysis seriously, you will one day have to go through the list of all available checks and put together your own ruleset. And you will add to it as the project goes on in order to cover more and more cases where you've identified the potential for bugs in the solution you are building. Fine-tuning and adding to the Checkstyle profile will be an ongoing task (of, say, an hour per week).

If you want to avoid "unnecessarily frustrating the development team", the most important aspect is to be clear, well-documented, and consistent about your rules. Also, integrate Checkstyle with your nightly build and/or version control system.

The most prominent Checkstyle extensions are SevNTU Checkstyle and Checkstyle Addons. The lead guy of SevNTU Checkstyle is also the main committer of Checkstyle today, so maybe the two will merge some time in the future.

Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

Great answer, thx. We identified a few checks to be tailored like the "line length of 80 chars" to something more reasonable. We also plan to have this run within Intellij and with nightly builds like Bamboo. I will look at the other links you sent and go to sleep knowing this is not a one time activity. Hopefully the next sets of static analysis tools (Findbugs, PDM and Hamumrapi) will be more clear. I see that Intellij also has a code inspector & plugins to address this. Static code analysis seems to be a far bigger effort with an entire subculture than i originally anticipated.
FYI, the Checkstyle team is working on a configuration for Google Java Style (link).
FYI, Google Java Style is now officially supported by Checkstyle v6.0.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.