Sundarrajk's Weblog

Archive for the ‘Static Code Checks’ Category

In addition to all the Rule validation done by PMD, PMD also checks for copy paste occurrences in the code. This is by far one of the most important checks that PMD does. More the occurrences of Copy-Paste more the likelihood of errors in the code. More the occurrences of Copy Paste the more the possibility of creating errors. One would change in one place and forget in another. Also it leads to code bloat and inefficient memory usage.

One should pay close attention to these results and read Refactoring by Martin Fowler to solve the copy paste problems.

This is the twenty fourth installment of explanation of PMD rules covering some Android rules.

Android Rules

These rules deal with the Android SDK, mostly related to best practices. To get better results, make sure that the auxclasspath is defined for type resolution to work.

CallSuperFirst

Super should be called at the start of the method

Example

public class DummyActivity extends Activity {
    public void onCreate(Bundle bundle) {
     // missing call to super.onCreate(bundle)
     foo();
    }
   }

CallSuperLast

Super should be called at the end of the method

Example

public class DummyActivity extends Activity {
    public void onPause() {
     foo();
     // missing call to super.onPause()
    }
   }

ProtectLogD

Log.d calls should be protected by checking Config.LOGD first

Example

public class DummyActivity extends Activity {
    public void foo() {
     Log.d("TAG", "msg1"); // Bad
 
     bar();
 
     if (Config.LOGD) Log.d("TAG", "msg1"); // Good
    }
   }

ProtectLogV

Log.v calls should be protected by checking Config.LOGV first

Example

public class DummyActivity extends Activity {
    public void foo() {
     Log.v("TAG", "msg1"); // Bad
 
     bar();
 
     if (Config.LOGV) Log.v("TAG", "msg1"); // Good
    }
This is the twenty third installment of explanation of PMD rules covering rules related to JSP and JSF

Basic JSF rules

Rules concerning basic JSF guidelines.

DontNestJsfInJstlIteration

Do not nest JSF component custom actions inside a custom action that iterates over its body.

Example

                           
                                       
  •                        

Basic JSP rules

Rules concerning basic JSP guidelines.

NoLongScripts

Scripts should be part of Tag Libraries, rather than part of JSP pages.

Example

<!–

function calcDays(){

  var date1 = document.getElementById(‘d1’).lastChild.data;

  var date2 = document.getElementById(‘d2’).lastChild.data;

  date1 = date1.split(“-“);

  date2 = date2.split(“-“);

  var sDate = new Date(date1[0]+”/”+date1[1]+”/”+date1[2]);

  var eDate = new Date(date2[0]+”/”+date2[1]+”/”+date2[2]);

  var daysApart = Math.abs(Math.round((sDate-eDate)/86400000));

  document.getElementById(‘diffDays’).lastChild.data = daysApart;

}

 

onload=calcDays;

//–>

NoScriptlets

Scriptlets should be factored into Tag Libraries or JSP declarations, rather than being part of JSP pages.

Example

<%
response.setHeader(“Pragma”, “No-cache”);
%>
           
                        String title = “Hello world!”;
           

NoInlineStyleInformation

Style information should be put in CSS files, not in JSPs. Therefore, don’t use or tags, or attributes like “align=’center'”.

Example

text

NoClassAttribute

Do not use an attribute called ‘class’. Use “styleclass” for CSS styles.

Example

 
Some text
 

NoJspForward

Do not do a forward from within a JSP file.

Example

IframeMissingSrcAttribute

IFrames which are missing a src element can cause security information popups in IE if you are accessing the page through SSL. See http://support.microsoft.com/default.aspx?scid=kb;EN-US;Q261188

Example

bad example>

 

good example>

http://foo

NoHtmlComments

In a production system, HTML comments increase the payload between the application server to the client, and serve little other purpose. Consider switching to JSP comments.

Example

bad example>

 

good example>

DuplicateJspImports

Avoid duplicate import statements inside JSP’s.

Example

<img src=\"/foo\”>xxtext

JspEncoding

A missing ‘meta’ tag or page directive will trigger this rule, as well as a non-UTF-8 charset.

Example

Most browsers should be able to interpret the following headers:

               

               

                   

                

This is the twenty second installment of explanation of PMD rules covering Cloning of objects.

Clone Implementation Rules

The Clone Implementation ruleset contains a collection of rules that find questionable usages of the clone() method.
Clone is a method used to create a copy of objects in Java. The resulting object must be an exact replica of the object from which it was cloned. It is important to note that in the process of cloning if we use a statement like
this.attribute = classcloned.attribute
will only achieve a shallow copy as only the reference of the object attribute will be copied into the cloned class. Any changes to attribute in the clone will impact the original object. Instead we should use
this.attribute = classcloned.attribute,clone()
This will ensure that the cloned object gets a cloned copy of the attribute object too.

ProperCloneImplementation

Object clone() should be implemented with super.clone().

Example

class Foo{
    public Object clone(){
        return new Foo(); // This is bad
    }
}

CloneThrowsCloneNotSupportedException

The method clone() should throw a CloneNotSupportedException.

Example

public class MyClass implements Cloneable{
     public Object clone() { // will cause an error
          MyClass clone = (MyClass)super.clone();
          return clone;
     }
}

CloneMethodMustImplementCloneable

The method clone() should only be implemented if the class implements the Cloneable interface with the exception of a final method that only throws CloneNotSupportedException.

Example

public class MyClass {
public Object clone() throws CloneNotSupportedException {
  return foo;
}
}
This is the twenty first installment of explanation of PMD rules covering J2EE Rules.

J2EE Rules

These are rules for J2EE

UseProperClassLoader

In J2EE getClassLoader() might not work as expected. Use Thread.currentThread().getContextClassLoader() instead.

Example

public class Foo {
ClassLoader cl = Bar.class.getClassLoader();
}

MDBAndSessionBeanNamingConvention

The EJB Specification state that any MessageDrivenBean or SessionBean should be suffixed by Bean.

Example

/* Proper name */
public class SomeBean implements SessionBean{}
/* Bad name */
public class MissingTheProperSuffix implements SessionBean {}

RemoteSessionInterfaceNamingConvention

Remote Home interface of a Session EJB should be suffixed by ‘Home’.

Example

/* Proper name */
public interface MyBeautifulHome extends javax.ejb.EJBHome {}
/* Bad name */
public interface MissingProperSuffix extends javax.ejb.EJBHome {}

LocalInterfaceSessionNamingConvention

The Local Interface of a Session EJB should be suffixed by ‘Local’.

Example

/* Proper name */
public interface MyLocal extends javax.ejb.EJBLocalObject {}
/* Bad name */
public interface MissingProperSuffix extends javax.ejb.EJBLocalObject {}

LocalHomeNamingConvention

The Local Home interface of a Session EJB should be suffixed by ‘LocalHome’.

Example

/* Proper name */
public interface MyBeautifulLocalHome extends javax.ejb.EJBLocalHome {}
/* Bad name */
public interface MissingProperSuffix extends javax.ejb.EJBLocalHome {}

RemoteInterfaceNamingConvention

Remote Interface of a Session EJB should NOT be suffixed.

Example

/* Bad Session suffix */
public interface BadSuffixSession extends javax.ejb.EJBObject {}
/* Bad EJB suffix */
public interface BadSuffixEJB extends javax.ejb.EJBObject {}
/* Bad Bean suffix */
public interface BadSuffixBean extends javax.ejb.EJBObject {}

DoNotCallSystemExit

Web applications should not call System.exit(), since only the web container or the application server should stop the JVM.

Example

public class Foo {
    public void bar() {
        // NEVER DO THIS IN A APP SERVER !!!
        System.exit(0);
    }
}

StaticEJBFieldShouldBeFinal

According to the J2EE specification (p.494), an EJB should not have any static fields with write access. However, static read only fields are allowed. This ensures proper behavior especially when instances are distributed by the container on several JREs.

Example

public class SomeEJB extends EJBObject implements EJBLocalHome {
        private static int BAD_STATIC_FIELD;
 
        private static final int GOOD_STATIC_FIELD;
}

DoNotUseThreads

The J2EE specification explicitly forbid use of threads.

Example

// This is not allowed
public class UsingThread extends Thread {
 
}
// Neither this,
public class OtherThread implements Runnable {
        // Nor this ...
        public void methode() {
                Runnable thread = new Thread(); thread.run();
        }
}
This is the twentieth installment of explanation of PMD rules covering Unused Code Checks.

Unused Code Rules

The Unused Code Ruleset contains a collection of rules that find unused code.

UnusedPrivateField

Detects when a private field is declared and/or assigned a value, but not used.

Example

public class Something {
  private static int FOO = 2; // Unused
  private int i = 5; // Unused
  private int j = 6;
  public int addOne() {
    return j++;
  }
}

UnusedLocalVariable

Detects when a local variable is declared and/or assigned, but not used.

Example

public class Foo {
public void doSomething() {
  int i = 5; // Unused
}
}

UnusedPrivateMethod

Unused Private Method detects when a private method is declared but is unused.

Example

public class Something {
private void foo() {} // unused
}

UnusedFormalParameter

Avoid passing parameters to methods or constructors and then not using those parameters.

Example

public class Foo {
private void bar(String howdy) {
  // howdy is not used
}
This is the nineteenth installment of explanation of PMD rules covering Type Resolution Rules.

Type Resolution Rules

These are rules which resolve java Class files for comparisson, as opposed to a String

LooseCoupling

Avoid using implementation types (i.e., HashSet); use the interface (i.e, Set) instead

Example

import java.util.ArrayList;
import java.util.HashSet;
public class Bar {
// Use List instead
private ArrayList list = new ArrayList();
// Use Set instead
public HashSet getFoo() {
  return new HashSet();
}
}

CloneMethodMustImplementCloneable

The method clone() should only be implemented if the class implements the Cloneable interface with the exception of a final method that only throws CloneNotSupportedException. This version uses PMD’s type resolution facilities, and can detect if the class implements or extends a Cloneable class

Example

public class MyClass {
public Object clone() throws CloneNotSupportedException {
  return foo;
}
}

UnusedImports

Avoid unused import statements. This rule will find unused on demand imports, i.e. import com.foo.*.

Example

// this is bad
import java.io.*;
public class Foo {}

SignatureDeclareThrowsException

It is unclear which exceptions that can be thrown from the methods. It might be difficult to document and understand the vague interfaces. Use either a class derived from RuntimeException or a checked exception. Junit classes are excluded.

Example

public void methodThrowingException() throws Exception {
}

Categories