RSS Feed
Download our iPhone app
Browse DevX
Sign up for e-mail newsletters from DevX


PMD Squashes Code Bugs : Page 4

Despite being among the most effective ways of finding defects and improving code quality, code reviews are rarely done with any consistency. Enter PMD, a static analysis tool that can make reviewing code easier and more fun.


Configuring PMD Rules

Click to enlarge
Figure 9. Configuring PMD in Eclipse

When you introduce coding standards and best practices into an organization, it is important to tailor the rules to your exact needs. This should be a team effort—get everyone who's going to be applying the rules involved. Each PMD rule has a detailed description and examples, available both on the Web site and visible in the configuration screens (see Sidebar 1. PMD Rules to see a listing of all main PMD rule sets). Review each rule and come to a joint decision on whether and when that rule should be applied in your organization.

The most convenient place to configure the PMD rule set is from within Eclipse, in the PMD entry of the "Windows->Preferences_>PMD->Rules configuration" window (see Figure 9). This window contains a list of all the available PMD rules. From this list, you can go through the rules, adjust rule priorities, modify any of the other rule-specific properties, and also remove any rules you don't need.

Click to enlarge
Figure 10. Building a Rule Set from Scratch

You can also build a rule set from scratch: just delete all the current rules ("Clear All") and then import selected individual rule sets one by one (See Figure 10).

When you're happy with your new customized rule set, you can export it in the form of an XML file ("Export Rule Set"). Other team members can now clear their existing rule set and import the new rule set into their environments.

You can also activate or deactivate individual rules for a project in the project properties window (See Figure 11).

And if you do anything really silly, you can always get back to the default rule set using the "Restore Defaults" button.

Click to enlarge
Figure 11. Project-Specific PMD Configuration

Using PMD on Legacy Code

If you are using PMD for the first time on an existing code base, it is good practice to create a minimal rule set containing the most important and potentially dangerous issues. For example, an initial rule set might contain the Unused Code rules. Once these are cleaned up, you might add the Basic rules to find any empty catch blocks, and so on.

Fixing all the relatively minor coding standards issues in a body of legacy code is tedious and time-consuming, and the relative return on investment is much less than with fresh code, where standards can be easily verified in real-time from within the IDE. It is important to know when to stop and get on with more productive work.

PMD in the Build Process

If you want to introduce PMD into your organization, integrating PMD into each developer's work environment is a good place to start. Nevertheless, you should also integrate PMD checks into your nightly builds. You can then post the generated report in the public place, or, if not, at least display it on the project Web site.

You can run PMD from the command line or by using an Ant task. It is also well integrated into Maven, where the PMD reports fit seamlessly into the Maven-generated project Web site (see Figure 12). Issues are directly linked from the PMD report to the HTML version of the source code.

Click to enlarge
Figure 12. Example of a PMD Report

Individual and Peer Code Reviews with PMD

Tools like PMD and Checkstyle can considerably reduce the time and effort involved in personal and peer code reviews. Virtually all coding convention rules, and a large number of best practices, can be automatically verified using these tools. If Checkstyle or PMD don't raise any issues for a class, the reviewer can concentrate on reading the flow of the code, understanding and validating the business logic, and working with a short checklist of project and/or company-specific design and architecture guidelines. In practice, this is a highly effective way of reducing defects and increasing code quality and reliability.

Despite its merits, even individual code reviews require quite a bit of discipline to do consistently, especially across a large team. Group training and individual mentoring can help get people up to speed. Consider giving your team an internal training course on code reviews, the best practices and guidelines that your organization has selected, and code quality in general. It is well worth the investment!

It is also vital to get management buy-in and support. Make sure management fully and visibly understands and supports quality initiatives such as code reviews and best practices.

Increase Code Quality

Static code analyzers like PMD can greatly contribute to reducing defects and improving code quality. They do not replace human code reviews, as there will always be errors that only a human can detect. Nor do they replace a disciplined QA process, as tools alone are of little use without a well-understood way of applying them. But when automatic code analysis techniques are combined with manual code reviews, the result is increased code quality, reduced defects, lower maintenance costs, and better-trained developers.

John Ferguson Smart is principal consultant at Wakaleo Consulting, a company that provides consulting, training, and mentoring services in Enterprise Java and Agile Development. Well known in the Java community for his many published articles and talks, he is also the author of the book Java Power Tools.
Email AuthorEmail Author
Close Icon
Thanks for your registration, follow us on our social networks to keep up-to-date