Re: [pmd-devel] Inquiry Regarding PMD and CPD
A source code analyzer
Brought to you by:
adangel,
juansotuyo
From: Wang, J. <Wa...@nr...> - 2012-05-22 22:58:48
|
Dear Mr. Pelisse, Many thanks for the detailed elaboration and useful information. That helps us a lot. We are very likely to have follow-up questions and look forward to hearing your insights further regarding PMD and its application. If possible, could you talk with us over phone sometime in the next couple weeks? We will keep in touch with you. Again my sincere appreciation for your time and patience. Best Jingmei From: Romain Pelisse [mailto:be...@gm...] Sent: Tuesday, May 22, 2012 1:53 PM To: Wang, Jingmei; Shono, Akari Cc: Tom Copeland; pmd...@li... Subject: Re: Inquiry Regarding PMD and CPD Hi all, @Tom: thanks for forwarding this me. >> By means of this letter I would like to express my interest in the static code analysis tools, and to ask some information relevant to this tool. >> >> 1. What specifically does PMD and CPD detect? On this point, please look at our website<http://pmd.sourceforge.net/pmd-5.0.0/>, and especially the rules description section<http://pmd.sourceforge.net/pmd-5.0.0/rules/index.html>. It should give you a fair idea of what PMD is able to detect. What is going on for the project now and what is the current stage? We have just release - proudly, the 5.0 and its main feature is the support for "other language". You can now write rule to be applied on ECMAScript (Javascript), XML, XSL (any XML based language to be correct). The next step (5.1 probably) is to add support for other languages. The first one will probably be Groovy (which may allow to merge CodeNarc<http://codenarc.sourceforge.net/> with PMD) Are there any other static code analysis tools that are being developed or you plan to develop in the near future? Not by us, but many are probably being develop... Do your googling<http://bit.ly/KJ3rkT> ! >> 2. Have these tools been used for safety/mission-critical system? It's hard to say for Open Source product, but I've seen many "closed source" products remorselessly embedded PMD and other tools. Of course, the current Open Source leader, SonarSource, is also using PMD. As a member of my previous team, Open Source Center (Atos Origin, France), we did quite a lot of engagement around those topics - so I guess, the answer would be "yes" or "most likely". >> If so, what specific system is it used for (e.g. Avionics, Automotive, Medical, etc.)? Dido - difficult to say. Probably most of them, if not all. If not, is there any plan to commercialize this tool in the future? There is no plan to commercialize PMD by itself, it's Open Source - and it will be pointless. The closest thing to a "commercialization" of PMD, is definitely Sonar, from Sonar Source. Note, as I already pointed out, that many "product" from different software vendor are embedding PMD. (Starting by Eclipse based product) >> >> 3. What industry standards/guidelines are these tools following (e.g. MISRA, FDA)? Commons sense and whatever the people doing the rule wants to follow. >> 4. Following Q3, how do you collaborate, if any this kind of experience. with other organizations (e.g. Government, Standards, Industry Association, OEMs) to make those guidelines? Not directly. I guess part of our community must have, but this is not really a part of our work here. We maintain and release PMD, that's all - and that's already quite a lot ! -- Romain PELISSE, "The trouble with having an open mind, of course, is that people will insist on coming along and trying to put things in it" -- Terry Pratchett http://belaran.eu/wordpress/belaran ________________________________ PLEASE READ: This message is for the named person's use only. It may contain confidential, proprietary or legally privileged information. No confidentiality or privilege is waived or lost by any mistransmission. If you receive this message in error, please immediately delete it and all copies from your system, destroy any hard copies and notify the sender. You must not, directly or indirectly, use, disclose, distribute, print, or copy any part of this message if you are not the intended recipient. Nomura Research Institute America, Inc. reserves the right to monitor all e-mail communications through its networks. Any views expressed in this message are those of the individual sender, except where the message states otherwise and the sender is authorized to state the views of such entity. No representation is made that this message or its attachments are without defect. |