Monday, December 20, 2010

CodePro AnalytiX first impression

I'm evaluating CodePro AnalytiX in order to use it in a project. We're currently using Checkstyle.

At first sight, it seems that CodePro AnalytiX is more strict and validates more topics. However, I'm just trying the default configuration.

  • It suggest you always overriding toString() method.
  • Checkstyle ignores the lack of Javadoc comment if the method has an @Override annotation. CodePro doesn't. Also, CodePro doesn't take in account the {@inheritDoc} Javadoc annotation, so you must specify all the method documentation (even for toString(), for example).
  • There is a validation for package names: they should start with a reverse domain name.
  • It suggest not using String literals. You can add an //$NON-NLS-1$ comment for Strings that are not internationalized.
  • Constants ending with digits (for example, TEXT_1) produces a warning.
  • The use of System.out is discouraged.
  • Checkstyle asked variable parameters to be final. CodePro suggest local variables to be final too.

However, the scope of CodePro goes beyond syntax checking. It also has metrics reports and code analisys (for example, detecting dead and duplicated code). So it could be compared with PMD and FindBugs too. But this, my friends, is is matter for another post :)


  1. Nice post.

    In our company, we use both CheckStyle and PMD together. Each with a different purpose. I wouldnt compare each other as they have different purposes.

    Just a thought!.

  2. Thanks for posting. I meant that CodePro (not Checkstyle) could be compared to PMD and FindBugs.

    Best regards!

  3. Note that the default configuration of CodePro AnalytiX only turns on a fraction of its available rules (over 1,200 in total), so you might want to look at some of the other built-in audit rule sets (configurations) or the full list of rules which can be seen in the prefs. Some of the most powerful/complex rules (such as the OWASP security rules) are not turned on by default because they are quite CPU intensive (they do a whole program data flow analysis, for example).

  4. Thanks for the comment! I'll look at it.