Hacker News new | comments | show | ask | jobs | submit login

FindBugs [1] is a great code analysis tool for Java. It's free, open source, and supports plugins for writing your own checks. The FindBugs site reports an interesting story from a Google test day:

"Google held a global "fixit" day using UMD's FindBugs static analysis tool for finding coding mistakes in Java software. More than 700 engineers ran FindBugs from dozens of offices.

Engineers have already submitted changes that made more than 1,100 of the 3,800 issues go away. Engineers filed more than 1,700 bug reports, of which 600 have already been marked as fixed. Work continues on addressing the issues raised by the fixit, and on supporting the integration of FindBugs into the software development process at Google."

[1] http://findbugs.sourceforge.net/




For Java code, I am a big fan of Sonar Source [1]. It is open source, is able to leverage checkers such as FindBugs, and has integration with code coverage tools such as Cobertura. I have found the clean dashboard to be a great boon, and have never felt intimated by the reported warnings like I've been with Coverity et al.

[1] http://www.sonarsource.org


As long as we're on an open source kick here (since I prefer open source over proprietary):

http://checkstyle.sourceforge.net/

http://cppcheck.sourceforge.net/

http://google-styleguide.googlecode.com/svn/trunk/cpplint/cp...

http://www.dwheeler.com/flawfinder/

http://www.dsm.fordham.edu/~ftnchek/

http://community.haskell.org/~ndm/hlint/

http://jlint.sourceforge.net/

http://search.cpan.org/dist/Perl-Critic/bin/perlcritic

http://deployingradius.com/pscan/

http://pychecker.sourceforge.net/

http://pypi.python.org/pypi/pyflakes

http://www.logilab.org/857

http://packages.debian.org/squeeze/rats

http://www.splint.org/

http://www.incava.org/projects/303902593

http://packages.debian.org/stable/devel/icheck

Please note: I have not used all of these; one day I was bored and decided to see how many code checking tools I could find packaged for Debian and put them all in a script with the warnings cranked to the max and make that part of my default nightly build and test script. Of course, you can also crank up warnings on your compilers and interpreters as well (-Wall -Wextra, python -tt3 with warnings.simplefilter("always"), perl -tTW with use strict and use warnings, etc)




Applications are open for YC Winter 2018

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | DMCA | Apply to YC | Contact

Search: