pmd

PMD tells me A switch with less than 3 branches is inefficient, use a if statement instead. Why is that? Why 3? How do they define efficiency? Because a switch statement is compiled with two special JVM instructions that are lookupswitch and tableswitch . They are useful when working with a lot of cases but they cause an overhead when you have just few branches. An if/else statement instead is compiled into typical je jne ... chains which are faster but require many more comparisons when used in a long chain of branches. You can see the difference by looking at byte code, in any case I wouldn

I was recently asked about alternatives to Coverity Prevent for a code base that includes both C/C++ and Java. Obviously, on the Java side, the free tools available include Findbugs (compiled code analysis) and PMD (static code analysis). They are very powerful, especially when you start investigating integration with IDEs (which, again, are free). However, things are dicey when you start moving into the C/C++ realm with the various compilers, architectures, etc. I have proposed a variety of tools for the Java side, including both Findbugs and PMD. What I am looking for is the best option for

1、是什么？ 　　PMD 是一个开源静态源代码分析器 ，它报告在应用程序代码中发现的问题。PMD包含内置规则集，并支持编写自定义规则的功能。PMD不报告编译错误，因为它只能处理格式正确的源文件。PMD报告的问题是效率很低的代码或不良的编程习惯，如果累积这些问题，它们可能会降低程序的性能和可维护性。 2、安装插件 　　File -> Settings -> Plugins -> Marketplace 搜索 "PMD" 下载插件 3、使用方法 在代码编辑框或Project 窗口的文件夹、包、文件右键，选择“Run PMD”，“Pre Defined”，“All”，对指定的文件夹、包、文件进行分析： 来源： https://www.cnblogs.com/GuixinChan/p/11755145.html

We are working on a web project from scratch and are looking at the following static code analysis tools. Conventions (Checkstyle) Bad practices (PMD) Potential bugs (FindBugs) The project is built on Maven. Instead of using multiple tools for the purpose, I was looking at a single flexible solution and came across SonarQube. Is it true that we can achieve the results from Checkstyle, PMD and Findbugs with SonarQube? Sonar will run CheckStyle, FindBugs and PMD, as well as a few other "plugins" such as Cobertura (code coverage) by default for Java projects. The main added value, however, is

PMD report NullAssignment of the following code, what is the best practice to fix it? Assigning an Object to null is a code smell. Consider refactoring. The following code is not written by me, I also have a question on why creating a temporary timer instance, then assign this instance to timer? startTimer and stopTimer will be used in multithread context. private Timer timer; private void startTimer() { if (timer == null) { Timer aTimer = timerService.createTimer(DEFAULT_TIMER_VALUE, null); aTimer.setListener(this); timer = aTimer; } } private void stopTimer() { if (timer != null) { Timer

 前段时间fastjson报出了漏洞，只要打开setAutoType特性就会存在风险，自己测试环境的一个项目被揪出来了-_-!。虽然改动很小，但就是觉得憋屈。fastjson还是挺好的，想着禁用的话太可惜，用的话又要注意安全，就想着找款工具提示下在用fastjson的时候不要打开这个特性。刚好阿里开源了p3c（ https://github.com/alibaba/p3c ），一款代码规范的检查工具，有对应的ide插件，能在编码过程中对设置的规则进行提示，便打算对它进行拓展，增加对fastjson检查是否打开setAutoType特性的检查。  p3c主要包括3部分： PMD实现(p3c-pmd)：使用PMD https://pmd.github.io/ 来实现代码规范检查 Intellij IDEA插件 Eclipse插件  《阿里巴巴Java开发手册》中的大部分规则都是在p3c-pmd模块中实现的，该部分也是这节研究的主要部分。 1. PMD  p3c使用了PMD。PMD是一款静态代码扫描工具，该工具可以做到检查Java代码中是否含有未使用的变量、是否含有空的抓取块、是否含有不必要的对象等。PMD使用JavaCC生成解析器来解析源代码并生成AST(抽象语法树)，通过对AST的检查可以直接从源代码文本层面来对代码进行检查，在PMD内部称为规则。即是否符合规则指的是

I am reading an interesting tutorial here: http://www.avajava.com/tutorials/lessons/how-do-i-generate-pmd-and-cpd-reports-for-a-site.html?page=1 This tutorial shows how to use Maven to run the open-source static-analysis tool, PMD, and to see the generated output on a Maven created website. Maven can easily create websites with mvn site command, but this tutorial shows how to use PMD for more helpful metrics on the source code. The instructions were followed to the best of my ability. Here is my pom.xml file that came from reading the tutorial: <project xmlns="http://maven.apache.org/POM/4.0.0

I would like to confirm if this is a bug on PMD? How do I file a ticket if it is. public static void main(final String[] args) { for (final String string : args) { string.getBytes(); //UR Anomaly } for (int i = 0; i < args.length; i++) { args[i].getBytes(); } } Lines 1-3 are being flagged as UR anomaly, while rewriting it to iterate with a local variable is fine. Would like to eliminate as much PMD violations, but it is inconvenient to have to resort to old loop construct as a workaround. While controversial, I do not wish to disable this rule since I find DD, and DU anomaly flagging as useful