Must have Java code analysis Tools - Part 3

• Must have Java code analysis Tools - Part 1
• Must have Java code analysis Tools - Part 2

In the last post, we looked at Spotbugs, which focuses on the code linting at the bytecode level.

In this post, we will look at PMD, which again works at the source level to find out possible bugs in your java code.

The list of entire checks which PMD finds can be found here

There is also a discussion of differences between Findbugs and PMD

Running the PMD

Instead of focusing on running with build process, I will focus on running it manually. Though it still can be integrated with build process and that remains the recommended approach.

On MAC, it can be simply installed with command brew install pmd

On other OS, installation instructions are given here

Configuring Rules

As shown in the documentation, PMD comes with rich set of rules. As opposed to Checkstyle, PMD is lot fuzzier in its analysis i.e. it can flag rules, which sometimes might not be really a violation. For this reason, PMD allows you to assign priorities (a number between 1 to 5) to the rules and then based on your preferences, you can choose to fix, let’s say highest priority issues only (1 being the highest).

Executing PMD

Once PMD is installed, it can be executed simply as below in the root directory of your project.

pmd pmd -d ./ -language java -R rulesets/java/quickstart.xml

Here rulesets/java/quickstart.xml specifies the list of rules to be executed which is an inbuilt ruleset to get started with.

We can also filter the output by priority, such as

pmd pmd -d ./ -language java -R rulesets/java/quickstart.xml - min 2

I prefer to create my own rules file for my projects. A custom rule file can be specified as

pmd pmd -d ./ -language java -R ./pmd-rules.xml

Finally, here is the list of rules, which I use for my projects. This has served us really well.