InfoQ

News

PMD: Automated source code analysis and bug detection

Posted by Ryan Slobojan on Jul 20, 2007 01:00 PM

Community
Java
Topics
Debugging ,
Programming ,
Code Analysis
Tags
Open Source Project Releases ,
PMD

PMD, an open-source automated Java source code analysis and bug detection tool, recently reached version 4.0. InfoQ spoke with Tom Copeland, PMD project lead, to learn more about PMD and what capabilities it provides.

PMD is a static Java source code analysis tool, similar in concept to Checkstyle, FindBugs and Coverity. It searches Java code for inefficient code, bugs, common coding problems, and other such issues. PMD can be used in the development environment through IDE integrations, or it can be incorporated directly into an Ant or Maven build. PMD uses rules to perform the source code analysis, and the rules are grouped into rulesets. InfoQ asked Cohen to describe them in more detail:

The rules are categorized by the sort of problem they check for - thus the unused code ruleset finds unused local variables and private fields and methods, the strict exception ruleset finds methods that throw Exception and catch blocks that catch NullPointerException, and so forth. There are also library-specific rulesets. For example, there's a JUnit ruleset that finds common problems (such as using assert(x==null) vs assertNull(x)) in JUnit test suites. Currently we've got around 225 rules and there are more in the pipeline.

New rules are added as folks think of them and submit patches or feature requests. Each rule has a suite of unit tests to minimize the number of obvious false positives reported; we hope this helps keep the PMD reports reasonably clean.

InfoQ asked Copeland what was new in 4.0, and he said that the biggest new feature is Java 5. PMD has been rewritten in Java 5, and it now expects to analyze Java 5 source code by default - Java 1.4 and earlier are still supported though. Increases in performance were also mentioned, along with bugfixes and new code-checking rules. When asked what the next major step would be for PMD, Copeland said:

Type resolution is the next big thing. Currently PMD examines one source file at a time, which limits the scope of its rules. Allan Caplan, one of the PMD core committers, has done a lot of work in this direction by using the bytecode manipulation library ASM to parse classfile dependencies, and we think that this will reduce false positives and find more real problems. We've also got a data flow analysis layer that will be able to take advantage of this type resolution ability once it's finished. Should be fun times!

No comments

Watch Thread Reply

Educational Content

Bindings, Platforms, and Innovation

This presentation focuses on the Internet and separating myth from fact, history from the future, and the mundane from the imaginative. Bob Frankston presents a vision of what could and should be.

Orchestrating Long Running Activities with JBoss / JBPM

This article explores the use of JBoss and jBPM to implement design solutions that effectively address the issue of orchestrating long running activities.

Neo4j - The Benefits of Graph Databases

This presentation covers the use of graph databases as an optimal solution for data that is difficult to fit in static tables, rapidly evolving data or data that has a lot of optional attributes.

Realistic about Risk: Software development with Real Options

This session introduces Real Options and shows how it can help in running your project. Real Options is a decision-making process that can be used to manage risk.

Communication Flexibility Using Bindings

This article discusses the use of bindings on services and references (including the instance of non-configured bindings) as the means to implement SCA communications in a Web and SOA environment.

Writing DSLs in Groovy

After a short introduction to DSLs, Scott Davis plays with the keyboard showing how to approach the creation of a DSL by typing working snippets of Groovy code that get executed.

Scaling Agile with C/ALM (Collaborative Application Lifecycle Management)

IBM Rational and InfoQ present, Scaling Agile with C/ALM, an eBook showing organizations how to become “finely tuned software delivery machines” by enabling team integration and scaling.

Concurrent Programming with Microsoft F#

Amanda Laucher presents a real life enterprise application written in F#. She shows actual code snippets, explaining design decisions and suggesting how to use some of the F# constructs.