![]() The PMD Web site explains the predefined rules in detail, so I won't try to duplicate that information here. The tool allows you to pick the rules you wish to use, and also to define new rules using either Java classes or XPath statements. The latest version at the time of this writing, 1.7, comes with more than 80 built-in rules. PMD can be executed at the command line, but I think more benefit is derived from integrating it into an IDE or Ant build, so my article will focus on these techniques. The SourceForge project page shows that it has been downloaded about 70,000 times. PMD is both free and open source it is released under a BSD-style license that allows you to use, modify, or distribute it, so long as the copyright notice is left intact.Īlthough PMD is only about two years old, it is under active development with more than 100 programmers working on the project. ![]() It was originally developed to improve the Cougaar project, a DARPA initiative that developed a framework for distributed, agent-based applications. ![]() PMD is a static source code analysis tool, meaning that it analyzes source code lexically rather than by executing it as would be done in a unit test. There are several available code analysis tools, but one of the better ones is PMD. A report released by The Standish Group confirms this, finding that automated code inspection reduced the number of people needed for manual code reviews by 50%. This allows for earlier and more frequent inspections, while letting the programmer eliminate the more obvious problems before meeting with others to review the code. Given that code reviews can be effective at locating software defects during development when they are most easily and inexpensively fixed, it makes sense to automate this process as much as possible. Perhaps more importantly, reading and completely understanding someone else's code can be very tedious and time consuming. My explanation for this is that the best candidates for leading the reviews - senior development talent - are constantly in short supply and high demand. In some places, they're deemed an unwarranted impediment to finishing a project, while in others they degenerate into arguments about trivial issues such as whitespace and brace placement. Certainly every programmer has at one time spent hours trying to track down a problem only to have someone else spot it immediately.Ĭode reviews can be an effective technique for finding errors, but in my experience, useful code reviews are surprisingly uncommon. Problems can arise when we get too involved with the code to be objective or to consider unusual paths of execution. The goal of both is to detect mistakes, but the distinction between them is how this is achieved. Automated testing attempts to expose problems by executing the code, while reviews rely on "another set of eyes" to verify that it's correct. Two common methods for improving software quality are code reviews and automated testing. Although the report concluded that it is not practical to locate and remove all defects from an application, it stated that nearly 40% could be eliminated by an improved inspection and testing process. The report also confirmed what most developers already know: the difficulty and cost of fixing a problem grows dramatically throughout the development cycle. A 2003 report from the National Institute of Standards and Technology (NIST) calculated the total annual cost of bugs at nearly $60 billion. In addition to the consequences of system malfunction, software defects have a substantial financial cost. In the most extreme cases, the bug will cause system failure, as was the case in the massive blackout in the Northeast last summer. ![]() Usually these are minor typographical errors that will be caught at compile time, but others may remain undetected until the system is in production. Writing and maintaining complicated software is a difficult task, and every programmer inadvertently makes mistakes.
0 Comments
Leave a Reply. |