PMD vs Findbugs vs Hammurapi

Posted on December 28th, 2007 by Rajs

Posted in blog city on June 21st 2004  

There are quite a few open source static code analyzers for Java. Here is a comparision chart of three tools that I found useful/promising.




Feature PMD Findbugs Hammurapi
Website http://pmd.sourceforge.net

http://findbugs.sourceforge.net

http://www.hammurapi.org
Version Number 1.8 0.7.4 2.2
JDK Version 1.3 1.4 Ant 1.5.2
Ease of Installation Easy Easy

Difficult. Ant is kind of pre-requisite
License BSD-Style LGPL GPL
Number of default rules
available		 Could not count the total rules easily. However, it is easily comparable with other two ~90 ~109

Ease of extensibility

 Easy Very Difficult Extensible, but could not locate documentation on how to extend
Works on Source code or
Class files		 Source code (converted to AST using JavaCC) Class files (used BCEL) Source code (uses Java Meta Model, JSEL)
Command Line Interface Yes Yes It must be possible, but could not locate documentation on how to invoke from command line.
Eclipse Plugins Yes Yes No
Ant Task Yes Yes Yes
Can filter the analysis for some rules? No Yes Yes (called as Waivers)
Severity of Errors No * Yes
Documentation Very Good Fair Poor
Speed*      
Memory Usage*      
Remarks

PMD has been there for quite sometime and is very easy to use.
It has very good documentation. Also, it very easy to customize by adding new rules. However, it lacks the advanced features such as exclude few files from analysis.

Attempts to find “bug patterns”, such as Double Checked locking. It seems that it is not possible to find this kind of patterns using other two. Findbugs works only on class files. In my view, this is the most difficult to extend. There is fair amount of documentation (two articles in IBM Developerworks) which can help you get started, but customizing this is a difficult task.

Hammurapi has few J2EE related default rules (Inspectors) that can be used out-of-the-box.Waiver rules are interesting with “expiry” mechanism. Not much documentation is around to understand the tool in depth.

* - If you have more information on this, please let me know.

It is important to note that I have not used these tools extensively to make this comparision. These are just my initial impressions. If you are an extensive user of these tools and found any of the above to be stated incorrectly, please let me know. Also, if you want to see more parameters of comparision, please let me know.

Update on July 1, 2004: Please read the comments. They contain useful information.

Comments

1
‘ posted this on Tue 22 Jun 2004, 8:55 pm

Hi Raj -Thanks for the post. FWIW, PMD has 99 rules so far:[tom@hal pmd]$ grep -rn “rule name” rulesets/ | wc -l
99
[tom@hal pmd]$Yours,tomTom Copeland [tom@infoether.com]
#2
‘ posted this on Tue 29 Jun 2004, 11:28 am

Hello,Hammurapi documentation in PDF format is part of binary distribution and also available here: http://www.hammurapi.org/doc/UserManual.pdfIt describes how to write custom inspectors and other aspects of usage.Hammurapi has command line interface and you can use it right off the box. Read user manual for details.

Best regards, Pavel.Pavel Vlasov [vlasov@pavelvlasov.com]
#4
Dibyendu‘ posted this on Wed 19 Dec 2007, 3:33 pm

Does PMD show HTML version of source code inside the report? I feel Hammurapi reports are more extensive, it incorporates source code in reports, making the report entirely self-contained. Clicking on line number we can see the line of source code where violation took place. It provides both rule-centric and file-centric views of violations. Metrics are also very useful in Hammurapi. Whereas PMD reports are just a single page report.

Share

Filed under: Java, Technology

« Unit Testing - Necessary but not Sufficient         On Doclipse »

4 Responses to “PMD vs Findbugs vs Hammurapi”

  1. Gladwin, on October 27th, 2008 at 22:51 Said:

    I have PMD ecliplse plugin. I checked today through PMD’s exported rule set, PMD has 236 rules.

    I have used customization and it is very easy in PMD.

    We can also change priority of each rule and define our own custom rules easily.

    It has got severity of errors and it can filter violations based on priority

  2. Gladwin, on October 28th, 2008 at 00:01 Said:

    PMD Rules:
    pmd.sourceforge.net/rules/

    FindBugs Bug Rules:
    findbugs.sourceforge.net/bugDescriptions.html

  3. Ray, on February 27th, 2009 at 03:41 Said:

    Be warned, this information is significantly out-of-date.

  4. PMD vs Findbugs vs Hammurapi «                            Thoughts in progress…, on April 14th, 2009 at 01:38 Said:

    [...] vs Findbugs vs Hammurapi Posted on December 28, 2007 by Rajs This post is moved to http://blog.thoughtsinprogress.co.in/2007/12/28/pmd-vs-findbugs-vs-hammurapi/ Possibly related posts: (automatically generated)Code Review Dengan [...]

Leave a Reply