编程知识 cdmana.com

IntelliJ idea - installation and use of static code analysis tool (checkstyle, findbugs, P3C)

    Static code analysis is a method of program analysis without running a computer program . Static code analysis only analyzes the lexical aspects of the code 、 grammar 、 semantics 、 Control flow to check the correctness of the code , Help software developers 、 Quality assurance personnel look for structural errors in code 、 What doesn't conform to the code specification 、 Security holes, etc , So as to ensure the overall quality of the software .
    There are many mature static code analysis tools on the market , such as : CheckStyleFindBugsP3C. They can all be used as IDE Plug in for , Real time static scanning during the coding phase , Prompt code defects in real time , It can save us a lot of time for code review and repair .

One 、Checkstyle

1, Basic introduction

  • Checkstyle yes SourceForge Open source projects for , It's a help Java Tools that developers follow certain coding specifications . It can encode the format of the code 、 Naming method 、 Javadoc 、 Class design for automated code specification and style checking , In order to effectively constrain developers to follow the code writing specification .
  • Checkstyle At present, almost all the mainstream IDE, stay Intelli ] IDEA and Eclipse both Checkstyle plug-in unit .
  • Checkstyle Support users to customize code review specifications according to their requirements , Users can check existing specifications such as naming conventions 、Javadoc、 block 、 Add or delete custom check specification based on class design .Checkstyle Plug ins can also directly import code review configuration files , For example, it can be used directly Checkstyle coordination Google Java Style Guic Configuration file for Java Code for static scanning . 

2, Installation configuration

(1) stay IntelliJ IDEA Select from the settings menu “ Plugins” A menu item , stay “ Marketplace” Search for and install CheckStyle Just plug in .

(2) After installation “ Other Settings...” Find... In the options Checkstyle Setting entrance of , Here we choose to use Google Java Style Guide Code scan .

3, Instructions

    The configured Checkstyle Then you can scan the code . Checkstyle There's a separate view , This includes code scanning 、 Choice of rules 、 Code defect list display and other functions .

Two 、FindBugs

1, Basic introduction

  • FindBugs It's an open source one from the University of Maryland, mainly for Java Language static code analysis tool , By checking class files or JAR file , Compare bytecode with a predefined defect pattern to discover code defects , To achieve the purpose of static code analysis .
  • and Checkstyle equally ,FindBugs It can provide visualization UI Interface , It can also be used as Intellij IDEAEclipse The plug-in USES .

2, Installation configuration

(1) FindBugs Plugins are now IDEA Of Plugins We can't find , But we can install it by manually downloading the plug-in package . First IDEA Official website plug-in address ( Click on the access ) Search for the plug-in in :

(2) Then select the latest version and download :

(3) open IDEA, In turn Settings / Preferences -> Plugins, Click on “ Intall Plugin from Disk...” Button , Choose the one you just downloaded zip Just install the package .

(4) Restart after installation IDEA, stay “ Other Settings...” See... In the options FindBugs Related settings page of .

3, Instructions

(1) FindBugs It can be applied to projects 、 modular 、 package 、 Classes are analyzed separately , Right click on the file to be analyzed and select - FindBugs- Choose the scope of the analysis .

(2) Scan complete , The console will output the specific defects of the code , You can click in to see the details . FindBugs In addition to prompting the code what problems , We will also provide some reasons for the problems and suggestions for revision , It can help developers improve their coding ability while modifying code defects .
FindBugs There is a separate view page for the scan results of , It depends on the nature of the code defect , Scan out the code defects roughly divided into the following categories :
  • Dodgy code: Bad code .
  • Bad practice: Bad practice .
  • Correctness: It may not be right .
  • Experimental: experiment .
  • Internationalization: internationalization .
  • Malicious code vulnerility: Malicious code vulnerabilities .
  • Multithreaded correctness: Multithreading problem .
  • Performance: Performance issues .

3、 ... and 、P3C

1, Basic introduction

(1) stay 2017 year 10 month 14 At the cloud habitat conference held in Hangzhou on May 15 , Java Code specification scanning plug-in global launch ceremony officially launched ,《 Alibaba Java Develop specifications 》( Later referred to as" “ standard ”) Officially open to the industry in the form of plug-ins , lead Java The way of language standardization .

(2) The plug-in is a tool for static code analysis based on specifications , It also supports many popular IDE, for example IDEAEclipse etc. .
    The plug-in scans the code , Press... For code that does not conform to the specification BlockerCriticalMajor Three levels are shown below and even IDEA On . The plug-in is also based on Inspection Mechanism provides real-time detection function , In writing code at the same time can quickly find the problem . and , The plug-in can give code modification suggestions , It can also provide one key modification function for some rules , It is convenient for developers to modify problematic code .

2, Installation configuration

stay IntelliJ IDEA Select from the settings menu “ Plugins” A menu item , stay “ Marketplace” Search for and install P3C Just plug in .

3, Instructions

(1) Right click where you need to scan , Click on 【 Code protocol scan 】 Options can be :

(2) P3C Also in IDE A separate view is provided in , We can check here through P3C List and details of code defects obtained after scanning .

版权声明
本文为[hangge]所创,转载请带上原文链接,感谢
https://cdmana.com/2020/12/20201224160639748z.html

Scroll to Top