appendix B Extending static analysis tools

 

As we have seen throughout this book, many bugs in our programs can be detected by static analyzers. However, even the best static analyzer cannot find all the problems in your code that could be potentially found statically. That’s because your project likely uses your own APIs and has your own patterns and antipatterns. In many projects and libraries, there are methods that should not be called with specific arguments in a specific sequence or under specific conditions. Surely, it’s possible to describe all the caveats in the API documentation, but it would be naïve to expect every developer to read the documentation and remember it when using the API.

In appendix A, we discussed how annotation packages could be used to help the static analyzer learn something about your project. Sometimes, static analyzers support configuration options that can also help adapt the analyzer to your project. For example, the IntelliJ IDEA inspection Result of Method Call Ignored allows you to specify a list of methods that should be reported if their return value is ignored. You can add methods from your project there. In this case, you should take care to share the inspection configuration profile with other team members, preferably by committing it into version control, so other people may benefit from your configuration.

B.1 Error Prone plugins

B.2 SpotBugs plugins

B.3 IntelliJ IDEA plugin

B.4 Using structural search and replacement in IntelliJ IDEA