Re: [pmd-devel] Inquiry Regarding PMD and CPD
A source code analyzer
Brought to you by:
adangel,
juansotuyo
From: Romain P. <be...@gm...> - 2012-05-22 17:53:35
|
Hi all, @Tom: thanks for forwarding this me. >> By means of this letter I would like to express my interest in the > static code analysis tools, and to ask some information relevant to this > tool. > >> > >> 1. What specifically does PMD and CPD detect? On this point, please look at our website<http://pmd.sourceforge.net/pmd-5.0.0/>, and especially the rules description section<http://pmd.sourceforge.net/pmd-5.0.0/rules/index.html>. It should give you a fair idea of what PMD is able to detect. > What is going on for the project now and what is the current stage? We have just release - proudly, the 5.0 and its main feature is the support for "other language". You can now write rule to be applied on ECMAScript (Javascript), XML, XSL (any XML based language to be correct). The next step (5.1 probably) is to add support for other languages. The first one will probably be Groovy (which may allow to merge CodeNarc<http://codenarc.sourceforge.net/>with PMD) > Are there any other static code analysis tools that are being developed or > you plan to develop in the near future? > Not by us, but many are probably being develop... Do your googling<http://bit.ly/KJ3rkT>! >> 2. Have these tools been used for safety/mission-critical system? > It's hard to say for Open Source product, but I've seen many "closed source" products remorselessly embedded PMD and other tools. Of course, the current Open Source leader, SonarSource, is also using PMD. As a member of my previous team, Open Source Center (Atos Origin, France), we did quite a lot of engagement around those topics - so I guess, the answer would be "yes" or "most likely". > >> If so, what specific system is it used for (e.g. Avionics, Automotive, > Medical, etc.)? Dido - difficult to say. Probably most of them, if not all. > If not, is there any plan to commercialize this tool in the future? > There is no plan to commercialize PMD by itself, it's Open Source - and it will be pointless. The closest thing to a "commercialization" of PMD, is definitely Sonar, from Sonar Source. Note, as I already pointed out, that many "product" from different software vendor are embedding PMD. (Starting by Eclipse based product) >> > >> 3. What industry standards/guidelines are these tools following > (e.g. MISRA, FDA)? > Commons sense and whatever the people doing the rule wants to follow. > >> 4. Following Q3, how do you collaborate, if any this kind of > experience. with other organizations (e.g. Government, Standards, Industry > Association, OEMs) to make those guidelines? > Not directly. I guess part of our community must have, but this is not really a part of our work here. We maintain and release PMD, that's all - and that's already quite a lot ! -- Romain PELISSE, *"The trouble with having an open mind, of course, is that people will insist on coming along and trying to put things in it" -- Terry Pratchett* http://belaran.eu/wordpress/belaran |