Static Code Analysis Tools

Static code analysis tools — analyze code without executing it. Generally used to find bugs or ensure conformance to coding guidelines. Helps to keep your code healthy and maintain code quality.

On Android the most popular code analysis tools are:

Lint

PMD

Findbugs

I usually keep static code analysis scripts and related file in separate folder.

Lint

The lint tool checks your Android project source files for potential bugs and optimization improvements for correctness, security, performance, usability, accessibility, and internationalization.

Config

To add lint to your android project create script-lint.gradle file.

Important lint options:

lintConfig — path to lint rulesets file where you can suppress issues.

htmlOutput — path where html report will be generated.

Import script-lint.gradle to your build.gradle file.

Test

Rebuild your project and then run lint with ./gradlew lint command. In case it finds some issues you will see similar output.

./gradlew lint Execution failed for task ':app:lint.

Lint found errors in the project; aborting build.

Wrote HTML report to: template/app/build/outputs/lint/lint.html

When you open lint.html report file you will see list of issues with description and advices how to fix them.

In case you want to ignore this issues add following rule to rules-lint.xml file.

Note: there are other ways how you can suppress lint warnings. More information about lint is available on official site.

Findbugs

Static code analysis tool that analyses Java bytecode and detects a wide range of problems.

Config

To add findbugs to your android project create script-findbugs.gradle file.

Important findbugs options:

excludeFilter — path to findbugs rulesets file where you can suppress issues.

classes — path to generated classes (if you have more then one flavor, path consists of flavor name, in current case ‘dev’).

source — path to source code.

html.destination — path where html report will be generated.

Import script-findbugs.gradle to your build.gradle file.

Test

For testing purposes we will create following method.

Rebuild your project and then run findbugs with ./gradlew findbugs command. In case it finds some issues you will see similar output.

>./gradlew findbugs Execution failed for task ':app:findbugs'.

FindBugs rule violations were found.

See the report at: template/app/build/outputs/findbugs/findbugs.html

When you open findbugs.html report file you will see list of issues with description and advices how to fix them.

In case you want to ignore this issues add following rule to rules-findbugs.xml file.

Note: there are other ways how you can suppress findbugs warnings. More information about findbugs is available on official site.

PMD

PMD is a source code analyzer. It finds common programming flaws like unused variables, empty catch blocks, unnecessary object creation, and so forth.

Config

To add pmd to your android project create script-pmd.gradle file.

Important pmd options:

ruleSetFiles — path to pmd rulesets file where you can suppress issues and define which issues to track.

source — path to source code.

html.destination — path where html report will be generated.

Import script-pmd.gradle to your build.gradle file.

Test

For testing purposes we will create following method.

Rebuild your project and then run pmd with ./gradlew pmd command. In case it finds some issues you will see similar output.

>./gradlew pmd Execution failed for task ':app:pmd.

7 PMD rule violations were found.

See the report at: template/app/build/outputs/pmd/pmd.html

When you open pmd.html report file you will see list of issues with description and advices how to fix them.

In case you want to ignore this issues add following rule to rules-pmd.xml file.

Note: there are other ways how you can suppress pmd warnings. More information about pmd is available on official site.