Wednesday, October 04, 2006

Automating Code Audits.

I’ve recently been researching the best ways of automating code audits within a development environment, what I mean my automated is that there will be a few alarm bells ringing and a reminder for the developer that there is something gone amiss when they break some rules. Before my research began I made a list of the things I was looking for, these were:

  • Those Alarm bell’s, it’s FAR to easy for a developer to just make a mistake and leave it there, I want something to remind them that they have made a mistake and keep reminding them until they have fixed it.
  • The ability to create my own custom rules. While yes I do want to find all the area where people for instance left out a curly brace around an if statement, I also want to look for things that would be company/project/personal specific rules. These can be anything, but I really really want them.
  • The ability to generate reports based on the issues found. Preferably I would like these not to be too technical, simple enough so someone with no development skill can understand.
  • The ability to bundle all my rules up and have them there nice and handy so that people can use only the ones I want to them too.
  • Last but definitely no least I wanted all this as a plug-in for eclipse, I develop in eclipse, so it only made sense to look for this while I was there.

While I know what I was looking for was pretty close to a miracle, my miracle came in the form of PMD.

Before I elaborate on PMD, let me just say that my second option had been staring me in the face all along, that is error’s/warning functionality built into eclipse.

This is great, for the following reasons.

  • It’s already part of eclipse
  • Good selection of built in rules, from unused code, to JDK specific rules, also a very useful rule set for enforcing the use of Java Docs.
  • I could automate the build set up se that all developers are using the same rules.
  • And very important it has those very important alarm bells.

What eclipse did have (and therefore the reason I stopped loving it)

  • No custom rules. This is extremely important, all companies/developers have there own standards and while in a perfect world it would be great if people always remember to use these rules, Alas it is not always the case.
  • No report generation. I really think this could be invaluable to managers monitoring the quality of projects. If the amount of issues are decreasing by 100 every alpha, then GREAT!!! Big clap on the back for the developers. However if the issues keep increasing by 100 every alpha then maybe you need to have a chat with those guys.

Back to PMD,

While I’m not going to say much on the technology behind PMD as there is plenty of articles and web sites dedicated to this (bottom of this blog), what I am going to say is this, PMD has every thing and more of what I was looking for, custom rules can be easily (if not slightly cumbersome) created by means XPATH, allowing to search for custom string and by applying plenty of logic come up with some very interesting rules. While the reports generated are shabby (they come in the fore of xml, csv, html, txt) at least there is a report (and we can always work with the csv stuff).

So if we were to have one more look at that check list with regards PMD:

  • Alarm Bells: Yes, errors levels can be set from Low to Hikearumba what are you doing!
  • Custom rules. Yes, different methods of creating them, but xpath being the easiest
  • Reports: Yes, messy but there.
  • Bundle them all up: Yes
  • Plug-in for eclipse, Yes.

And on top:

  • Excellent Support, this is a very big open source project which is still very much active, so bugs are quickly fixed.
  • Documentation, trying to create custom rules at first was daunting but this was quickly done one I found the reams of online documentation (and a book if you want to bug it)

Conclusion:

If you are looking for a code auditing tool for use with JAVA, PMD is defiantly worth having a look into. It’s pushing all the right buttons for what I want and I have been using it for the last 3/4 weeks and is still working like a dream.

Reference:

http://pmd.sourceforge.net/

http://www.eclipsezone.com/articles/pmd/

http://sourceforge.net/projects/pmd/

http://pmdapplied.com/

Posted by Niall Mulhare at 1:10 PM

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)