SoftwareBY RabIT software engineering · April 14, 2020
Java has held a special place in the hearts of many developers since its release more than two decades ago, including our own. Since it is such a mature, widely-used technology, there are also plenty of great automated Java code review tools to choose from today.
According to last year’s Stack Overflow Developer Survey, it is still among the 5 most popular programming languages.
Source: Stack Overflow
Also, according to the TIOBE index, Java is still the number one programming language today, just barely surpassing C. The index is calculated using the number of skilled engineers world-wide, courses and third party vendors, as well as queries in popular search engines such as Google, Bing, Yahoo!, Wikipedia, Amazon, YouTube and Baidu.
Briefly about code review & analysis:
Code reviews are processes where software developers and testers check if an already written source code complies with coding conventions and standards.
Apart from manual code reviews, static and dynamic code analysis can also be conducted with the help of automated tools.
Static code analysis tools examine the source code without executing it. Dynamic analysis is conducted while the code, or a part/unit of it (for example unit or integration testing) is being run.
Why are code reviews important?
Poor source code quality causes plenty of headaches, overworked days and sleepless nights for developers and product owners alike. Planning and conducting code reviews is often ignored by management, usually leading to long-lasting negative effects on development efficiency and even the whole business.
To briefly summarize, if the quality of the source code is left to deteriorate:
- adding new features becomes increasingly difficult, while potentially breaking existing ones in the process
- bug fixes take up more of the team’s time, missing deadlines and prolonging crucial updates
- onboarding new developers requires more time if the code base is hard to read and understand
- poor source code quality can also negatively impact users’ perception of the product, and the whole organization
- future development estimations also become less accurate if it’s impossible to predict how long it takes to add new features without breaking existing ones.
For anyone who is interested in reading more about the effects of low-quality code, we’ve dedicated a whole article to this topic not long ago.
What is the basis of our recommendations?
Java has been our go-to technology for many custom software development projects over the last decade. It is, in fact, our most frequently-used programming language to date.
We’ve encountered many Java-based software projects throughout our work that were struggling to move forward because the source code had gotten so unstable that it was difficult, or straight-up impossible to develop further.
We were only able to stabilize these software products and continue feature development after running a whole assortment of tests and completing a ton of code refactoring work. The following recommendations are based on the experience gained throughout these projects.
We recommend using these Java code review tools:
Checkstyle is a static code analysis tool used in software development for checking if Java source code complies with coding rules. It basically automates the lengthy process of checking code and helps Java developers enforce coding standards.
It can find anything from class or method design problems to code layout and formatting issues. You can find the complete list of checks here.
Checkstyle has a large number of plug-ins as well that let teams integrate continuous code checks into their projects.
PMD or Programming Mistake Detector is an open source static source code analyzer that reports on issues found within application code.
The tool is used to detect common mistakes made in the code by using the standard rules or defining custom rule sets. Using PMD, teams can detect common flaws around naming conventions, unused variables and parameters, empty catch blocks, unnecessary object creation, etc.
PMD has plugins for JDeveloper, Eclipse, jEdit, JBuilder, Maven, Ant, Gradle, Jenkins, SonarQube and many other tools and IDEs.
PMD also contains CPD (or the Copy/Paste Detector), which is used to detect duplicate code in. We find this to be a very useful add-on, as duplicate code can be quite hard to find, especially in a large project.
Eliminating duplicated blocks of code is important for a number of reasons, like removing unnecessary grunt work during refactoring. It puts a lot of pressure on the developer to remember where they are located and edit them when making significant changes on the code base.
Also, if they are working in a team, developers otherwise have no way of knowing where other team members inserted duplicate code segments. This can make future development and maintenance tasks much more complicated.
SonarQube is an open-source code quality inspection platform. It is used to perform automatic reviews with static analysis of code to detect bugs, coding errors, and security vulnerabilities.
The platform offers reports on duplicate code blocks, coding standards, unit tests, code coverage, code complexity, comments, bugs, etc.
It is a popular choice for analyzing Java code, especially for teams using Maven and Gradle, but others can also use it by manually providing bytecode to the analysis.
JArchitect is a static analysis tool specifically meant for Java code. It supports a large number of code metrics like number of parameters, variables and lines of code, cyclomatic complexity, afferent and efferent coupling and so forth.
JArchitect also allows teams to expose architectural flaws, visualize and manage dependencies using directed graphs and a dependency matrix. This is only a few of the many useful features the platform can provide.
JUnit is a unit testing framework for the Java programming language. For reference, unit testing is a method for evaluating the performance of individual units, components or modules of the source code.
The framework allows teams to write and run unit tests for Java 8 and above. Its latest version, JUnit 5 is composed of several different modules:
- The JUnit Platform – responsible for launching testing frameworks on the JVM.
- JUnit Jupiter – a module that includes new programming and extension models for writing tests.
- JUnit Vintage – which supports running JUnit 3 and JUnit 4 tests on the platform.
JUnit is the most popular unit testing framework for Java development projects, and is often listed among the most commonly included external libraries in general.
JaCoCo is an open-source toolkit for Java, used for measuring and reporting code coverage.
The term ‘code coverage’ is used in software development to define how much of a program’s source code is covered by a testing plan.
We are including this as sort of an honorable mention, as some other tools, IDEs and platforms already include JaCoCo as a plug-in. A few examples of these are:
- Visual Studio
Of course, these recommendations are purely based on our own experience and preferences.
Which Java code review tools you’ll choose for your own development projects should be based on a fair amount of testing and their compatibility with your technology stack of choice.
If at any point you find yourself in need of another set of eyes during code reviews, don’t hesitate to reach out to us with your questions.
Thanks for reading our article!
RabIT software engineering
RabIT is an innovative software engineering company from Hungary. Our goal is to help startups and enterprises drive growth through technology innovation and make a real impact in their industries.
Code quality and transparency are our main priorities throughout each project.