Bindings, Platforms, and Innovation
This presentation focuses on the Internet and separating myth from fact, history from the future, and the mundane from the imaginative. Bob Frankston presents a vision of what could and should be.
News
PMD: Automated source code analysis and bug detection
Posted by Ryan Slobojan on Jul 20, 2007 01:00 PM
PMD, an open-source automated Java source code analysis and bug detection tool, recently reached version 4.0. InfoQ spoke with Tom Copeland, PMD project lead, to learn more about PMD and what capabilities it provides.
PMD is a static Java source code analysis tool, similar in concept to Checkstyle, FindBugs and Coverity. It searches Java code for inefficient code, bugs, common coding problems, and other such issues. PMD can be used in the development environment through IDE integrations, or it can be incorporated directly into an Ant or Maven build. PMD uses rules to perform the source code analysis, and the rules are grouped into rulesets. InfoQ asked Cohen to describe them in more detail:
The rules are categorized by the sort of problem they check for - thus the unused code ruleset finds unused local variables and private fields and methods, the strict exception ruleset finds methods that throw Exception and catch blocks that catch NullPointerException, and so forth. There are also library-specific rulesets. For example, there's a JUnit ruleset that finds common problems (such as usingassert(x==null)vsassertNull(x)) in JUnit test suites. Currently we've got around 225 rules and there are more in the pipeline.
New rules are added as folks think of them and submit patches or feature requests. Each rule has a suite of unit tests to minimize the number of obvious false positives reported; we hope this helps keep the PMD reports reasonably clean.
InfoQ asked Copeland what was new in 4.0, and he said that the biggest new feature is Java 5. PMD has been rewritten in Java 5, and it now expects to analyze Java 5 source code by default - Java 1.4 and earlier are still supported though. Increases in performance were also mentioned, along with bugfixes and new code-checking rules. When asked what the next major step would be for PMD, Copeland said:
Type resolution is the next big thing. Currently PMD examines one source file at a time, which limits the scope of its rules. Allan Caplan, one of the PMD core committers, has done a lot of work in this direction by using the bytecode manipulation library ASM to parse classfile dependencies, and we think that this will reduce false positives and find more real problems. We've also got a data flow analysis layer that will be able to take advantage of this type resolution ability once it's finished. Should be fun times!
RelatedVendorContent
Performance Management and Diagnostics in Distributed Java and .NET Applications
Effective Management of Static Analysis Vulnerabilities and Defects
Ensuring Code Quality in Multi-threaded Applications
Related Sponsor
The Adobe Flash Platform provides everything you need to develop applications, content and video across operating systems and devices.
No comments
Watch Thread Reply