PMD

티스토리 뷰

IS & Audit/Tool & Tips

PMD

Auditories 2009. 2. 27. 14:01

Programming Mistake Detector / Pretty Much Done...

1. Overview

PMD is, an open source, Java static-analysis tool sponsored under the umbrella of the DARPA(Defense Advanced Research Projects Agency) project "Cougaar."

PMD scans Java source code and looks for potential problems like:

Possible bugs - empty try/catch/finally/switch statements
Dead code - unused local variables, parameters and private methods
Suboptimal code - wasteful String/StringBuffer usage
Overcomplicated expressions - unnecessary if statements, for loops that could be while loops
Duplicate code - copied/pasted code means copied/pasted bugs

PMD is integrated with JDeveloper, Eclipse, JEdit, JBuilder, BlueJ, CodeGuide, NetBeans/Sun Java Studio Enterprise/Creator, IntelliJ IDEA, TextPad, Maven, Ant, Gel, JCreator, and Emacs.

If you want to get this product and more informations, you can visit to the http://pmd.sourceforge.net/ right now.

2. Getting Started

2.1 Installation

Prerequisites:

JDK 1.4 or higher
Alzip or Winzip

Download the latest binary distribution - i.e., pmd-bin-x.xx.zip (4.2.5 at this citation time)

Unzip it into any directory, i.e., c:\pmd

Set the directory with RULESET to windows classpath environmental variable.

c:\pmd

2.2 Sample Scans

Basic command line Usage:

pmd [filename | jar or zip file containing source code | directory] [report format] [ruleset file]

ex1) pmd .\src\samples html c:\pmd\rulesets\all-java.xml > results.html

ex2) pmd .\src\samples xml rulesets\all-java.xml > results.xml

An Output sample (Copying 'results.html' to EXCEL)

3. Ruleset

3.1 Ruleset

List of rulesets and rules contained in each ruleset.

Android Rules: These rules deal with the Android SDK, mostly related to best practices. To get better results, make sure that the auxclasspath is defined for type resolution to work.
Basic JSF rules: Rules concerning basic JSF guidelines.
Basic JSP rules: Rules concerning basic JSP guidelines.
Basic Rules: The Basic Ruleset contains a collection of good practices which everyone should follow.
Braces Rules: The Braces Ruleset contains a collection of braces rules.
Clone Implementation Rules: The Clone Implementation ruleset contains a collection of rules that find questionable usages of the clone() method.
Code Size Rules: The Code Size Ruleset contains a collection of rules that find code size related problems.
Controversial Rules: The Controversial Ruleset contains rules that, for whatever reason, are considered controversial. They are separated out here to allow people to include as they see fit via custom rulesets. This ruleset was initially created in response to discussions over UnnecessaryConstructorRule which Tom likes but most people really dislike :-)
Coupling Rules: These are rules which find instances of high or inappropriate coupling between objects and packages.
Design Rules: The Design Ruleset contains a collection of rules that find questionable designs.
Finalizer Rules: These rules deal with different problems that can occur with finalizers.
Import Statement Rules: These rules deal with different problems that can occur with a class' import statements.
J2EE Rules: These are rules for J2EE
JavaBean Rules: The JavaBeans Ruleset catches instances of bean rules not being followed.
JUnit Rules: These rules deal with different problems that can occur with JUnit tests.
Jakarta Commons Logging Rules: The Jakarta Commons Logging ruleset contains a collection of rules that find questionable usages of that framework.
Java Logging Rules: The Java Logging ruleset contains a collection of rules that find questionable usages of the logger.
Migration Rules: Contains rules about migrating from one JDK version to another. Don't use these rules directly, rather, use a wrapper ruleset such as migrating_to_13.xml.
Migration13: Contains rules for migrating to JDK 1.3
Migration14: Contains rules for migrating to JDK 1.4
Migration15: Contains rules for migrating to JDK 1.5
MigratingToJava4: Contains rules for migrating to JDK 1.5
Naming Rules: The Naming Ruleset contains a collection of rules about names - too long, too short, and so forth.
Optimization Rules: These rules deal with different optimizations that generally apply to performance best practices.
Strict Exception Rules: These rules provide some strict guidelines about throwing and catching exceptions.
String and StringBuffer Rules: These rules deal with different problems that can occur with manipulation of the class String or StringBuffer.
Security Code Guidelines: These rules check the security guidelines from Sun, published at http://java.sun.com/security/seccodeguide.html#gcg
Type Resolution Rules: These are rules which resolve java Class files for comparisson, as opposed to a String
Unused Code Rules: The Unused Code Ruleset contains a collection of rules that find unused code.

3.2 Implement Your Own Ruleset

Following example shows importing all 'naming' and 'basic' ruleset, extracting the specific two rules of 'design' ruleset, and excluding the 'ExcessiveClassLength' rule of 'codesize' ruleset.

[sampleruleset.xml]

<?xml version="1.0"?>

Sample ruleset for checkers example

</description>

</rule>

</ruleset>

4. Reporting

4.1 Define Priority

Rule priority may changes a lot depending on the context of the project. However, you can use the following guidelines to assert the legitimate priority of your rule:

Absolutely required. Behavior is critically broken/buggy.
Highly recommended. Behavior is quite likely to be broken/buggy.
Recommended. Behavior is confusing, perhaps buggy, and/or against standards/best practices.
Optional. Behavior is not likely to be buggy, but more just flies in the face of standards/style/good taste.
Highly optional. Nice to have, such as a consistent naming policy for package/class/fields...

4.2 To Sumup

Read the file 'result.xml' in EXCEL sheets.