Table of Contents
Previous versions of PMD can be downloaded here: Releases - pmd/pmd (GitHub)
25-October-2024 - 7.7.0
The PMD team is pleased to announce PMD 7.7.0.
This is a minor release.
Table Of Contents
- 🚀 New and noteworthy
- 🌟 Rule Changes
- 🐛 Fixed Issues
- 🚨 API Changes
- ✨ Merged pull requests
- 📦 Dependency updates
- 📈 Stats
🚀 New and noteworthy
CPD can now ignore literals and identifiers in C++ code
When searching for duplicated code in C++ differences in literals or identifiers can be
ignored now (like in Java). This can be enabled via the command line options --ignore-literal
and --ignore-identifiers
.
See PR #5040 for details.
🌟 Rule Changes
Changed Rules
SwitchStmtsShouldHaveDefault
(Java Best Practices) doesn’t report empty switch statements anymore. To detect these, useEmptyControlStatement
.UnitTestShouldUseAfterAnnotation
(Java Best Practices) now also considers JUnit 5 and TestNG tests.UnitTestShouldUseBeforeAnnotation
(Java Best Practices) now also considers JUnit 5 and TestNG tests.TooFewBranchesForSwitch
(Java Performance) doesn’t report empty switches anymore. To detect these, useEmptyControlStatement
.
Renamed Rules
- Several rules for unit testing have been renamed to better reflect their actual scope. Lots of them were called
after JUnit / JUnit 4, even when they applied to JUnit 5 and / or TestNG.
UnitTestAssertionsShouldIncludeMessage
(Java Best Practices) has been renamed fromJUnitAssertionsShouldIncludeMessage
.UnitTestContainsTooManyAsserts
(Java Best Practices) has been renamed fromJUnitTestContainsTooManyAsserts
.UnitTestShouldIncludeAssert
(Java Best Practices) has been renamed fromJUnitTestsShouldIncludeAssert
.UnitTestShouldUseAfterAnnotation
(Java Best Practices) has been renamed fromJUnit4TestShouldUseAfterAnnotation
.UnitTestShouldUseBeforeAnnotation
(Java Best Practices) has been renamed fromJUnit4TestShouldUseBeforeAnnotation
.UnitTestShouldUseTestAnnotation
(Java Best Practices) has been renamed fromJUnit4TestShouldUseTestAnnotation
.
- Several rules about switch statements and switch expression have been renamed, as they apply both to Switch Statements
and to Switch Expressions:
DefaultLabelNotLastInSwitch
(Java Best Practices) has been renamed fromDefaultLabelNotLastInSwitchStmt
.NonCaseLabelInSwitch
(Java Error Prone) has been renamed fromNonCaseLabelInSwitchStatement
.TooFewBranchesForSwitch
(Java Performance) has been renamed fromTooFewBranchesForASwitchStatement
.NonExhaustiveSwitch
(Java Best Practices) has been renamed fromSwitchStmtsShouldHaveDefault
.
The old rule names still work but are deprecated.
🐛 Fixed Issues
- apex-performance
- #5270: [apex] AvoidNonRestrictiveQueries when LIMIT is followed by bind expression
- java
- java-bestpractices
- java-codestyle
- #5253: [java] BooleanGetMethodName: False-negatives with
Boolean
wrapper
- #5253: [java] BooleanGetMethodName: False-negatives with
- java-design
- #5030: [java] SwitchDensity false positive with pattern matching
- java-errorprone
- java-performance
🚨 API Changes
- java-bestpractices
- The old rule name
JUnit4TestShouldUseAfterAnnotation
has been deprecated. Use the new nameUnitTestShouldUseAfterAnnotation
instead. - The old rule name
JUnit4TestShouldUseBeforeAnnotation
has been deprecated. Use the new nameUnitTestShouldUseBeforeAnnotation
instead. - The old rule name
JUnit4TestShouldUseTestAnnotation
has been deprecated. Use the new nameUnitTestShouldUseTestAnnotation
instead. - The old rule name
JUnitAssertionsShouldIncludeMessage
has been deprecated. Use the new nameUnitTestAssertionsShouldIncludeMessage
instead. - The old rule name
JUnitTestContainsTooManyAsserts
has been deprecated. Use the new nameUnitTestContainsTooManyAsserts
instead. - The old rule name
JUnitTestsShouldIncludeAssert
has been deprecated. Use the new nameUnitTestShouldIncludeAssert
instead. - The old rule name
DefaultLabelNotLastInSwitchStmt
has been deprecated. Use the new nameDefaultLabelNotLastInSwitch
instead. - The old rule name
SwitchStmtsShouldHaveDefault
has been deprecated. USe the new nameNonExhaustiveSwitch
instead.
- The old rule name
- java-errorprone
- The old rule name
NonCaseLabelInSwitchStatement
has been deprecated. Use the new nameNonCaseLabelInSwitch
instead.
- The old rule name
- java-performance
- The old rule name
TooFewBranchesForASwitchStatement
has been deprecated. Use the new nameTooFewBranchesForSwitch
instead.
- The old rule name
✨ Merged pull requests
- #4965: Fix #4532: [java] Rename JUnit rules with overly restrictive names - Juan Martín Sotuyo Dodero (@jsotuyod)
- #5040: [cpp] Ignore literals and ignore identifiers capability to C++ CPD - Jakub Dupak (@jdupak)
- #5225: Fix #5067: [java] CloseResource: False positive for FileSystems.getDefault() - Lukas Gräf (@lukasgraef)
- #5241: Ignore javacc code in coverage report - Juan Martín Sotuyo Dodero (@jsotuyod)
- #5245: [java] Improve UnitTestShouldUse{After,Before}Annotation rules to support JUnit5 and TestNG - Andreas Dangel (@adangel)
- #5247: Fix #5030: [java] SwitchDensity false positive with pattern matching - Andreas Dangel (@adangel)
- #5248: Fix #3362: [java] ImplicitSwitchFallThrough should consider switch expressions - Andreas Dangel (@adangel)
- #5251: Fix #5249 and #5250: [java] TooFewBranchesForSwitch ignore pattern matching and support switch expressions - Andreas Dangel (@adangel)
- #5252: Fix #4813: [java] SwitchStmtsShouldHaveDefault false positive with pattern matching - Andreas Dangel (@adangel)
- #5255: [java] Rename rule DefaultLabelNotLastInSwitch - Andreas Dangel (@adangel)
- #5256: Fix #5257: [java] NonCaseLabelInSwitch - support switch expressions - Andreas Dangel (@adangel)
- #5258: Ignore generated antlr classes in coverage reports - Juan Martín Sotuyo Dodero (@jsotuyod)
- #5264: Fix #5261: [java] Fix NPE with empty pattern list - Clément Fournier (@oowekyala)
- #5267: [java] Rename rule SwitchStmtsShouldHaveDefault to NonExhaustiveSwitch - Andreas Dangel (@adangel)
- #5269: Fix #5253: [java] Support Boolean wrapper class for BooleanGetMethodName rule - Aryant Tripathi (@Aryant-Tripathi)
- #5273: Fix #5270: [apex] AvoidNonRestrictiveQueries: Fix regex for detecting LIMIT clause - Andreas Dangel (@adangel)
- #5275: Use plugin-classpath to simplify javacc-wrapper.xml - Andreas Dangel (@adangel)
- #5278: [java] CouplingBetweenObjects: improve violation message - Andreas Dangel (@adangel)
- #5279: Fix #5244: [java] UselessOperationOnImmutable: consider java.time.* types - Andreas Dangel (@adangel)
📦 Dependency updates
- #5234: Bump com.google.protobuf:protobuf-java from 3.25.3 to 4.28.2
- #5274: Bump org.junit from 5.8.2 to 5.11.2
- #5276: Bump org.checkerframework:checker-qual from 2.11.1 to 3.48.1
- #5280: Bump danger from 9.5.0 to 9.5.1 in the all-gems group across 1 directory
- #5281: Bump org.scala-lang:scala-reflect from 2.13.13 to 2.13.15
📈 Stats
- 98 commits
- 32 closed tickets & PRs
- Days since last release: 27
27-September-2024 - 7.6.0
The PMD team is pleased to announce PMD 7.6.0.
This is a minor release.
Table Of Contents
- 🚀 New and noteworthy
- 🐛 Fixed Issues
- 🚨 API Changes
- ✨ Merged pull requests
- 📦 Dependency updates
- 📈 Stats
🚀 New and noteworthy
New Git default branch - “main”
We are joining the Git community and updating “master” to “main”. Using the term “master” for the main
development branch can be offensive to some people. Existing versions of Git have been always capable of
working with any branch name and since 2.28.0 (July 2020) the default initial branch is configurable
(init.defaultBranch
). Since October 2020, the default branch for new repositories on GitHub
is “main”. Finally, PMD will also use this new name for the main branch in all our own repositories.
Why “main”? PMD uses a very simple branching model - pull requests with feature branches and one main development branch, from which releases are created. That’s why “main” is currently the best fitting name.
More information:
- https://sfconservancy.org/news/2020/jun/23/gitbranchname/
- https://github.blog/changelog/2020-10-01-the-default-branch-for-newly-created-repositories-is-now-main/
What changes?
- We change the default branch on GitHub, so that pull requests are automatically created against
main
from now on. - If you have already a local clone of PMD’s repository, you’ll need to rename the old master branch locally:
git branch --move master main git fetch origin git branch --set-upstream-to=origin/main main git remote set-head origin --auto
More info: https://git-scm.com/book/en/v2/Git-Branching-Branch-Management#_changing_master and https://docs.github.com/en/repositories/configuring-branches-and-merges-in-your-repository/managing-branches-in-your-repository/renaming-a-branch#updating-a-local-clone-after-a-branch-name-changes
- If you created a fork on GitHub, you’ll need to change the default branch in your fork to
main
as well (Settings > Default Branch). - Some time after this release, we’ll delete the old master branch on GitHub. Then only
main
can be used. - This change is expanded to the other PMD repositories as well, e.g. pmd-designer and pmd-regression-tester.
🐛 Fixed Issues
- apex
- #5138: [apex] Various false-negatives since 7.3.0 when using triggers (ApexCRUDViolation, CognitiveComplexity, OperationWithLimitsInLoop)
- #5163: [apex] Parser error when using toLabel in SOSL query
- #5182: [apex] Parser error when using GROUPING in a SOQL query
- #5218: [apex] Parser error when using nested subqueries in SOQL
- #5228: [apex] Parser error when using convertCurrency() in SOQL
- core
- #5059: [core] xml output doesn’t escape CDATA inside its own CDATA
- #5201: [core] PMD sarif schema file points to nonexistent location
- #5222: [core] RuleReference/RuleSetWriter don’t handle changed default property values correctly
- #5229: [doc] CLI flag
--show-suppressed
needs to mention xml, html, summaryhtml
- java
- #5190: [java] NPE in type inference
- java-codestyle
- #5046: [java] LocalVariableCouldBeFinal false positive with try/catch
- java-errorprone
🚨 API Changes
No changes.
✨ Merged pull requests
- #5186: [java] Cleanup things about implicit classes - Clément Fournier (@oowekyala)
- #5188: [apex] Use new apex-parser 4.2.0 - Andreas Dangel (@adangel)
- #5191: [java] Fix #5046 - FPs in LocalVariableCouldBeFinal - Clément Fournier (@oowekyala)
- #5192: [java] Fix #5190 - NPE in type inference caused by null type - Clément Fournier (@oowekyala)
- #5195: [apex] Fix various FNs when using triggers - Andreas Dangel (@adangel)
- #5202: [core] Sarif format: refer to schemastore.org - David Schach (@dschach)
- #5208: [doc] Added Codety to “Tools / Integrations” - Tony (@random1223)
- #5210: [core] Fix PMD’s XMLRenderer to escape CDATA - Andreas Dangel (@adangel)
- #5211: Change branch master to main - Andreas Dangel (@adangel)
- #5212: [java] Adjust signature matching in CheckSkipResultRule - Juan Martín Sotuyo Dodero (@jsotuyod)
- #5223: [core] Fix RuleReference / RuleSetWriter handling of properties - Andreas Dangel (@adangel)
- #5224: [java] Fix #5068: Class incorrectly identified as non-instantiatable - Lukas Gräf (@lukasgraef)
- #5230: [doc] Documentation update for –show-suppressed flag - David Schach (@dschach)
- #5237: [apex] Support convertCurrency() in SOQL/SOSL - Andreas Dangel (@adangel)
📦 Dependency updates
- #5185: Bump checkstyle from 10.14.0 to 10.18.1
- #5187: Bump org.apache.maven.plugins:maven-install-plugin from 3.1.1 to 3.1.3
- #5199: Bump org.apache.maven.plugins:maven-deploy-plugin from 3.1.1 to 3.1.3
- #5216: Bump com.github.siom79.japicmp:japicmp-maven-plugin from 0.20.0 to 0.23.0
- #5226: Bump rouge from 4.3.0 to 4.4.0 in the all-gems group across 1 directory
- #5227: Bump com.google.code.gson:gson from 2.10.1 to 2.11.0
- #5232: Bump com.google.protobuf:protobuf-java from 3.25.3 to 3.25.5
- #5233: Bump webrick from 1.8.1 to 1.8.2 in /docs
📈 Stats
- 60 commits
- 27 closed tickets & PRs
- Days since last release: 27
30-August-2024 - 7.5.0
The PMD team is pleased to announce PMD 7.5.0.
This is a minor release.
Table Of Contents
- 🚀 New: Java 23 Support
- 🌟 New Rules
- 🐛 Fixed Issues
- 🚨 API Changes
- ✨ External Contributions
- 📦 Dependency updates
- 📈 Stats
🚀 New: Java 23 Support
This release of PMD brings support for Java 23. There are no new standard language features, but a couple of preview language features:
- JEP 455: Primitive Types in Patterns, instanceof, and switch (Preview)
- JEP 476: Module Import Declarations (Preview)
- JEP 477: Implicitly Declared Classes and Instance Main Methods (Third Preview)
- JEP 482: Flexible Constructor Bodies (Second Preview)
Note that String Templates (introduced as preview in Java 21 and 22) are not supported anymore in Java 23, see JDK-8329949 for details.
In order to analyze a project with PMD that uses these preview language features,
you’ll need to enable it via the environment variable PMD_JAVA_OPTS
and select the new language
version 23-preview
:
export PMD_JAVA_OPTS=--enable-preview
pmd check --use-version java-23-preview ...
Note: Support for Java 21 preview language features have been removed. The version “21-preview” are no longer available.
🌟 New Rules
- The new Java rule
AvoidSynchronizedStatement
finds synchronization blocks that could cause performance issues with virtual threads due to pinning. - The new JavaScript rule
AvoidConsoleStatements
finds any function calls on the Console API (e.g.console.log
). Using these in production code might negatively impact performance.
🐛 Fixed Issues
- apex-performance
- #5139: [apex] OperationWithHighCostInLoop: false negative for triggers
- java
- java-bestpractices
- #3602: [java] GuardLogStatement: False positive when compile-time constant is created from external constants
- #4731: [java] GuardLogStatement: Documentation is unclear why getters are flagged
- #5145: [java] UnusedPrivateMethod: False positive with method calls inside lambda
- #5151: [java] GuardLogStatement: Should not need to guard parameterized log messages where the replacement arg is a constant from another class
- #5152: [java] GuardLogStatement: Should not need to guard parameterized log messages where the replacement arg is “this”
- #5153: [java] GuardLogStatement: Should not need to guard parameterized log messages where the replacement arg is an array element
- java-design
- java-multithreading
- #5175: [java] Update AvoidSynchronizedAtMethodLevel message to mention ReentrantLock, new rule AvoidSynchronizedStatement
- javascript-performance
- #5105: [javascript] Prohibit any console methods
- plsql
- #5125: [plsql] Improve merge statement (order of merge insert/update flexible, allow prefixes in column names)
- plsql-bestpractices
- #5132: [plsql] TomKytesDespair: XPathException for more complex exception handler
🚨 API Changes
Deprecations
- pmd-jsp
JspParserImpl
is deprecated now. It should have been package-private because this is an implementation class that should not be used directly.
- pmd-plsql
MergeUpdateClausePrefix
is deprecated. This production is not used anymore and will be removed. Note: The whole parser implementation class has been deprecated since 7.3.0, as it is supposed to be internalized.
- pmd-velocity
VtlParserImpl
is deprecated now. It should have been package-private because this is an implementation class that should not be used directly.
- pmd-visualforce
VfParserImpl
is deprecated now. It should have been package-private because this is an implementation class that should not be used directly.
Experimental
- pmd-java
✨ External Contributions
- #5125: [plsql] Improve merge statement (order of merge insert/update flexible, allow prefixes in column names) - Arjen Duursma (@duursma)
- #5175: [java] Update AvoidSynchronizedAtMethodLevel message to mention ReentrantLock, new rule AvoidSynchronizedStatement - Chas Honton (@chonton)
📦 Dependency updates
- #5100: Enable Dependabot
- #5141: Bump org.apache.maven.plugins:maven-checkstyle-plugin from 3.3.1 to 3.4.0
- #5142: Bump org.apache.maven.plugins:maven-compiler-plugin from 3.12.1 to 3.13.0
- #5144: Bump org.codehaus.mojo:versions-maven-plugin from 2.16.2 to 2.17.1
- #5148: Bump org.apache.commons:commons-text from 1.11.0 to 1.12.0
- #5149: Bump org.apache.maven.plugins:maven-site-plugin from 4.0.0-M13 to 4.0.0-M16
- #5160: Bump org.pcollections:pcollections from 3.2.0 to 4.0.2
- #5161: Bump danger from 9.4.3 to 9.5.0 in the all-gems group across 1 directory
- #5164: Bump org.apache.maven.plugins:maven-dependency-plugin from 3.6.1 to 3.7.1
- #5165: Bump the all-gems group across 1 directory with 2 updates
- #5171: Bump net.bytebuddy:byte-buddy-agent from 1.14.12 to 1.14.19
- #5180: Bump net.sf.saxon:Saxon-HE from 12.4 to 12.5
📈 Stats
- 87 commits
- 25 closed tickets & PRs
- Days since last release: 35
26-July-2024 - 7.4.0
The PMD team is pleased to announce PMD 7.4.0.
This is a minor release.
Table Of Contents
🌟 New and changed rules
New Rules
- The new Apex rule
AvoidNonRestrictiveQueries
finds SOQL and SOSL queries without a where or limit statement. This can quickly cause governor limit exceptions.
Changed rules
ClassNamingConventions
(Apex Codestyle): Two new properties to configure different patterns for inner classes and interfaces:innerClassPattern
andinnerInterfacePattern
.
Renamed rules
InaccurateNumericLiteral
(JavaScript Error Prone) has been renamed fromInnaccurateNumericLiteral
. The old rule name still works but is deprecated.
🐛 Fixed Issues
- apex
- #5094: [apex] “No adapter exists for type” error message printed to stdout instead of stderr
- apex-bestpractices
- #5095: [apex] ApexUnitTestShouldNotUseSeeAllDataTrue false negative due to casing (regression in PMD 7)
- apex-codestyle
- #4800: [apex] ClassNamingConvention: Support naming convention for inner classes
- apex-performance
- #635: [apex] New Rule: Avoid soql/sosl queries without a where clause or limit statement
- java-bestpractices
- java-errorprone
- #1488: [java] MissingStaticMethodInNonInstantiatableClass: False positive with Lombok Builder on Constructor
- javascript-errorprone
- plsql
- #5086: [plsql] Fixed issue with missing optional table alias in MERGE usage
- #5087: [plsql] Add support for SQL_MACRO
- #5088: [plsql] Add support for ‘DEFAULT’ clause on the arguments of some oracle functions
- #5133: [plsql] AssertionError: Root of the tree should implement RootNode for a PL/SQL type declaration
- cli
- #5120: [cli] Can’t start designer under Windows
- core
- #5091: [core] PMD CPD v7.3.0 gives deprecation warning for skipLexicalErrors even when not used
🚨 API Changes
- javascript
- The old rule name
InnaccurateNumericLiteral
has been deprecated. Use the new nameInaccurateNumericLiteral
instead.
- The old rule name
✨ External Contributions
- #5048: [apex] Added Inner Classes to Apex Class Naming Conventions Rule - Justin Stroud (@justinstroudbah / @sgnl-labs)
- #5086: [plsql] Fixed issue with missing optional table alias in MERGE usage - Arjen Duursma (@duursma)
- #5087: [plsql] Add support for SQL_MACRO - Arjen Duursma (@duursma)
- #5088: [plsql] Add support for ‘DEFAULT’ clause on the arguments of some oracle functions - Arjen Duursma (@duursma)
- #5107: [doc] Update maven.md - Typo fixed for maven target - karthikaiyasamy (@karthikaiyasamy)
- #5109: [java] Exclude constructor with lombok.Builder for MissingStaticMethodInNonInstantiatableClass - Krzysztof Debski (@kdebski85)
- #5111: [java] Fix UnusedPrivateMethod for @lombok.Builder.ObtainVia - Krzysztof Debski (@kdebski85)
- #5118: [java] FP for UnusedPrivateMethod with Jakarta @PostConstruct/PreDestroy annotations - Krzysztof Debski (@kdebski85)
- #5121: [plsql] Fixed issue with missing optional table alias in MERGE usage - Arjen Duursma (@duursma)
📈 Stats
- 81 commits
- 32 closed tickets & PRs
- Days since last release: 27
28-June-2024 - 7.3.0
The PMD team is pleased to announce PMD 7.3.0.
This is a minor release.
Table Of Contents
🚀 New and noteworthy
✨ New Rules
- The new Java rule
UseEnumCollections
reports usages forHashSet
andHashMap
when the keys are of an enum type. The specialized enum collections are more space- and time-efficient.
💥 pmd-compat6 removed (breaking)
The already deprecated PMD 6 compatibility module (pmd-compat6) has been removed. It was intended to be used with older versions of the maven-pmd-plugin, but since maven-pmd-plugin 3.22.0, PMD 7 is supported directly and this module is not needed anymore.
If you currently use this dependency (net.sourceforge.pmd:pmd-compat6
), remove it and upgrade maven-pmd-plugin
to the latest version (3.23.0 or newer).
See also Maven PMD Plugin.
🐛 Fixed Issues
- cli
- #2827: [cli] Consider processing errors in exit status
- core
- apex
- apex-bestpractices
- #5000: [apex] UnusedLocalVariable FP with binds in SOSL / SOQL
- java
- java-bestpractices
- plsql
🚨 API Changes
CPD Report Format XML
There are some important changes:
- The XML format will now use an XSD schema, that is available at https://pmd.github.io/schema/cpd-report_1_0_0.xsd. This schema defines the valid elements and attributes that one can expect from a CPD report.
- The root element
pmd-cpd
contains the new attributespmdVersion
,timestamp
andversion
. The latter is the schema version and is currently “1.0.0”. - The CPD XML report will now also contain recoverable errors as additional
<error>
elements.
See Report formats for CPD for an example.
The XML format should be compatible as only attributes and elements have been added. However, if you parse
the document with a namespace aware parser, you might encounter some issues like no elements being found.
In case the new format doesn’t work for you (e.g. namespaces, unexpected error elements), you can
go back using the old format with the renderer “xmlold” (XMLOldRenderer
). Note, that
this old renderer is deprecated and only there for compatibility reasons. Whatever tooling is used to
read the XML format should be updated.
CLI
-
New exit code 5 introduced. PMD and CPD will exit now by default with exit code 5, if any recoverable error (e.g. parsing exception, lexing exception or rule exception) occurred. PMD will still create a report with all detected violations or duplications if recoverable errors occurred. Such errors mean, that the report might be incomplete, as either violations or duplications for an entire file or for a specific rule are missing. These cases can be considered as false-negatives.
In any case, the root cause should be investigated. If it’s a problem in PMD itself, please create a bug report.
-
New CLI parameter
--no-fail-on-error
to ignore such errors and not exit with code 5. By default, a build with errors will now fail and with that parameter, the previous behavior can be restored. This parameter is available for both PMD and CPD. -
The CLI parameter
--skip-lexical-errors
is deprecated. By default, lexical errors are skipped but the build is failed. Use the new parameter--[no-]fail-on-error
instead to control whether to fail the build or not.
Ant
- CPDTask has a new parameter
failOnError
. It controls, whether to fail the build if any recoverable error occurred. By default, the build will fail. CPD will still create a report with all detected duplications, but the report might be incomplete. - The parameter
skipLexicalError
in CPDTask is deprecated and ignored. Lexical errors are now always skipped. Use the new parameterfailOnError
instead to control whether to fail the build or not.
Deprecated API
- pmd-ant
CPDTask#setSkipLexicalErrors
: UsesetFailOnError
instead to control, whether to ignore errors or fail the build.
- pmd-core
CPDConfiguration#isSkipLexicalErrors
andsetSkipLexicalErrors
: UsesetFailOnError
to control whether to ignore errors or fail the build.net.sourceforge.pmd.cpd.XMLOldRenderer
(the CPD format “xmlold”).- The constructor
AntlrToken#AntlrToken
shouldn’t be used directly. UseAntlrTokenManager
instead.
- pmd-java
ASTResource#getStableName
and the corresponding attribute@StableName
.ASTRecordPattern#getVarId
This method was added here by mistake. Record patterns don’t declare a pattern variable for the whole pattern, but rather for individual record components, which can be accessed viagetComponentPatterns
.
- pmd-plsql
PLSQLParserImpl
is deprecated now. It should have been package-private because this is an implementation class that should not be used directly.- The node
ASTKEYWORD_UNRESERVED
is deprecated and is now removed from the AST.
Breaking changes: pmd-compat6 removed
The already deprecated PMD 6 compatibility module (pmd-compat6) has been removed. See above for details.
📈 Stats
- 88 commits
- 32 closed tickets & PRs
- Days since last release: 27
31-May-2024 - 7.2.0
The PMD team is pleased to announce PMD 7.2.0.
This is a minor release.
Table Of Contents
🚀 New and noteworthy
Collections exposed as XPath attributes
Up to now, all AST node getters would be exposed to XPath, as long as the return type was a primitive (boxed or unboxed), String or Enum. That meant that collections, even of these basic types, were not exposed, so for instance accessing Apex’s ASTUserClass.getInterfaceNames()
to list the interfaces implemented by a class was impossible from XPath, and would require writing a Java rule to check it.
Since this release, PMD will also expose any getter returning a collection of any supported type as a sequence through an XPath attribute. They would require to use apropriate XQuery functions to manipulate the sequence. So for instance, to detect any given ASTUserClass
in Apex that implements Queueable
, it is now possible to write:
/UserClass[@InterfaceNames = 'Queueable']
Updated PMD Designer
This PMD release ships a new version of the pmd-designer. For the changes, see PMD Designer Changelog (7.2.0).
🐛 Fixed Issues
- core
- java
- #4912: [java] Unable to parse some Java9+ resource references
- #4973: [java] Stop parsing Java for CPD
- #4980: [java] Bad intersection, unrelated class types java.lang.Object[] and java.lang.Number
- #4988: [java] Fix impl of ASTVariableId::isResourceDeclaration / VariableId/@ResourceDeclaration
- #4990: [java] Add an attribute @PackageQualifier to ASTClassType
- #5006: [java] Bad intersection, unrelated class types Child and Parent<? extends Child>
- #5029: [java] PMD 7.x throws stack overflow in TypeOps$ProjectionVisitor while parsing a Java class
- java-bestpractices
- #4278: [java] UnusedPrivateMethod FP with Junit 5 @MethodSource and default factory method name
- #4852: [java] ReplaceVectorWithList false-positive (neither Vector nor List usage)
- #4975: [java] UnusedPrivateMethod false positive when using @MethodSource on a @Nested test
- #4985: [java] UnusedPrivateMethod false-positive / method reference in combination with custom object
- java-codestyle
- #1619: [java] LocalVariableCouldBeFinal on ‘size’ variable in for loop
- #3122: [java] LocalVariableCouldBeFinal should consider blank local variables
- #4903: [java] UnnecessaryBoxing, but explicit conversion is necessary
- #4924: [java] UnnecessaryBoxing false positive in PMD 7.0.0 in lambda
- #4930: [java] EmptyControlStatement should not allow empty try with concise resources
- #4954: [java] LocalVariableNamingConventions should allow unnamed variables by default
- #5028: [java] FormalParameterNamingConventions should accept unnamed parameters by default
- java-errorprone
- java-multithreading
- #2368: [java] False positive UnsynchronizedStaticFormatter in static initializer
🚨 API Changes
Deprecated API
- pmd-java
ASTResource#getStableName
and the corresponding attribute@StableName
✨ External Contributions
📈 Stats
- 152 commits
- 46 closed tickets & PRs
- Days since last release: 35
26-April-2024 - 7.1.0
The PMD team is pleased to announce PMD 7.1.0.
This is a minor release.
Table Of Contents
🚀 New and noteworthy
More robust CPD reports
There were a number of circumstances, specially around (but not limited to) literal sequences, were CPD would report duplicate overlapping or partially overlapping matches. These have now been fixed, and CPD will report only the longest non-overlapping duplicate.
These improvements apply to all supported languages, irrespective of supported flags.
✨ New Rules
- The new Java rule
UnnecessaryVarargsArrayCreation
reports explicit array creation when a varargs is expected. This is more heavy to read and could be simplified. - The new Java rule
ConfusingArgumentToVarargsMethod
reports some confusing situations where a varargs method is called with an inexact argument type. These may end up in a mismatch between the expected parameter type and the actual value. - The new Java rule
LambdaCanBeMethodReference
reports lambda expressions that can be replaced with a method reference. Please read the documentation of the rule for more info. This rule is now part of the Quickstart ruleset.
🌟 Rule Changes
JUnitTestsShouldIncludeAssert
andJUnitTestContainsTooManyAsserts
have a new property namedextraAssertMethodNames
. With this property, you can configure which additional static methods should be considered as valid verification methods. This allows to use custom mocking or assertion libraries.
🐛 Fixed Issues
- core
- cli
- doc
- #4901: [doc] Improve documentation on usage of violationSuppressXPath
- apex
- #4418: [apex] ASTAnnotation.getImage() does not return value as written in the class
- apex-errorprone
- #3953: [apex] EmptyCatchBlock false positive with formal (doc) comments
- cpp
- #2438: [cpp] Repeated Duplication blocks
- java
- java-bestpractices
- #1084: [java] Allow JUnitTestsShouldIncludeAssert to configure verification methods
- #3216: [java] New rule: UnnecessaryVarargsArrayCreation
- #4435: [java] [7.0-rc1] UnusedAssignment for used field
- #4569: [java] ForLoopCanBeForeach reports on loop
for (int i = 0; i < list.size(); i += 2)
- #4618: [java] UnusedAssignment false positive with conditional assignments of fields
- java-codestyle
- #4602: [java] UnnecessaryImport: false positives with static imports
- #4785: [java] False Positive: PMD Incorrectly report violation for UnnecessaryImport
- #4779: [java] Examples in documentation of MethodArgumentCanBeFinal do not trigger the rule
- #4881: [java] ClassNamingConventions: interfaces are identified as abstract classes (regression in 7.0.0)
- java-design
- java-errorprone
- #2056: [java] CloseResource false-positive with URLClassLoader in cast expression
- #4751: [java] PMD crashes when analyzing CloseResource Rule
- #4928: [java] EmptyCatchBlock false negative when allowCommentedBlocks=true
- #4948: [java] ImplicitSwitchFallThrough: False-positive with nested switch statements
- java-performance
- pom-errorprone
- #4388: [pom] InvalidDependencyTypes doesn’t consider dependencies at all
- misc
- #4967: Fix reproducible build issues with 7.0.0
🚨 API Changes
Deprecated methods
- pmd-java
ASTLambdaExpression#getBlock
andASTLambdaExpression#getExpression
SingularFieldRule#mayBeSingular
has been deprecated for removal. The method is only useful for the rule itself and shouldn’t be used otherwise.
✨ External Contributions
- #4864: Fix #1084 [Java] add extra assert method names to Junit rules - Erwan Moutymbo (@emouty)
- #4894: Fix #4791 Error caused by space in JDK path - Scrates1 (@Scrates1)
📈 Stats
- 205 commits
- 71 closed tickets & PRs
- Days since last release: 34
22-March-2024 - 7.0.0
🎉 After a long time, we’re excited to bring you now the next major version of PMD! 🎉
Since this is a big release, we provide here only a concise version of the release notes. We prepared a separate page with the full Detailed Release Notes for PMD 7.0.0.
🤝🙏 Many thanks to all users and contributors who were testing the release candidates and provided feedback and/or PRs!
✨ PMD 7…
- …has a new logo
- …analyzes Java 21 and Java 22 projects with even better type resolution and symbol table support
- …analyzes Kotlin and Swift
- …analyzes Apex with a new parser
- …finds duplicated code in Coco, Julia, TypeScript
- …ships 11 new rules and tons of improvements for existing rules
- …provides a new CLI interface with progress bar
- …supports Antlr based languages
- …and many more enhancements
💥 Note: Since PMD 7 is a major release, it is not a drop-in replacement for PMD 6.55.0. A detailed documentation of required changes are available in the Migration Guide for PMD 7.
Expand to see Release Notes
Table Of Contents
- Changes since 7.0.0-rc4
- 🚀 Major Features and Enhancements
- 🎉 Language Related Changes
- New: CPD support for Apache Velocity Template Language (VTL)
- New: CPD support for Coco
- New: CPD support for Julia
- New: CPD support for TypeScript
- New: Java 21 and 22 Support
- New: Kotlin support
- New: Swift support
- Changed: Apex Support: Replaced Jorje with fully open source front-end
- Changed: CPP can now ignore identifiers in sequences (CPD)
- Changed: Groovy Support (CPD)
- Changed: HTML support
- Changed: JavaScript support
- Changed: Language versions
- Changed: Rule properties
- Changed: Velocity Template Language (VTL)
- Changed: Visualforce
- 🌟 New and changed rules
- 🚨 API
- 💥 Compatibility and migration notes
- 🐛 Fixed Issues
- ✨ External Contributions
- 📈 Stats
Changes since 7.0.0-rc4
This section lists the most important changes from the last release candidate. The remaining section describes the complete release notes for 7.0.0.
New and Noteworthy
Maven PMD Plugin compatibility with PMD 7
In order to use PMD 7 with maven-pmd-plugin a new compatibility module has been created. This allows to use PMD 7 by simply adding one additional dependency:
- Follow the guide Upgrading PMD at Runtime
- Add additionally the following dependency:
<dependency>
<groupId>net.sourceforge.pmd</groupId>
<artifactId>pmd-compat6</artifactId>
<version>${pmdVersion}</version>
</dependency>
It is important to add this dependency as the first in the list, so that maven-pmd-plugin sees the (old) compatible versions of some classes.
This module is available beginning with version 7.0.0-rc4 and will be there at least for the first final version PMD 7 (7.0.0). It’s not decided yet, whether we will keep updating it, after PMD 7 is finally released.
Note: This compatibility module only works for the built-in rules, that are still available in PMD 7. E.g. you need to review your rulesets and look out for deprecated rules and such. See the use case I’m using only built-in rules in the Migration Guide for PMD 7.
As PMD 7 revamped the Java module, if you have custom rules, you need to migrate these rules. See the use case I’m using custom rules in the Migration Guide.
Note: Once the default version of PMD is upgraded to PMD7 in maven-pmd-plugin (see MPMD-379), this compatibility module is no longer needed. The module pmd-compat6 might not be maintained then any further, hence it is already declared as deprecated.
No guarantee is given, that the (deprecated) module pmd-compat6 is being maintained over the whole lifetime of PMD 7.
Java 22 Support
This release of PMD brings support for Java 22. There are the following new standard language features, that are supported now:
PMD also supports the following preview language features:
- JEP 447: Statements before super(…) (Preview)
- JEP 459: String Templates (Second Preview)
- JEP 463: Implicitly Declared Classes and Instance Main Methods (Second Preview)
In order to analyze a project with PMD that uses these language features,
you’ll need to enable it via the environment variable PMD_JAVA_OPTS
and select the new language
version 22-preview
:
export PMD_JAVA_OPTS=--enable-preview
pmd check --use-version java-22-preview ...
Note: Support for Java 20 preview language features have been removed. The version “20-preview” is no longer available.
Swift Support
- limited support for Swift 5.9 (Macro Expansions)
Groovy Support (CPD)
- We now support parsing all Groovy features from Groovy 3 and 4.
- We now support suppression through
CPD-ON
/CPD-OFF
comment pairs. - See PR #4726 for details.
Updated PMD Designer
This PMD release ships a new version of the pmd-designer. The designer artifact has been renamed from “pmd-ui” to “pmd-designer”. While the designer still works with Java 8, the recommended Java Runtime is Java 11 (or later) with OpenJFX 17 (or later).
For the detailed changes, see PMD Designer Changelog (7.0.0).
Apex Support: Replaced Jorje with fully open source front-end
When PMD added Apex support with version 5.5.0, it utilized the Apex Jorje library to parse Apex source and generate an AST. This library is however a binary-blob provided as part of the Salesforce Extensions for VS Code, and it is closed-source.
This causes problems, if binary blobs are not allowed by e.g. a company-wide policy. In that case, the Jorje library prevented that PMD Apex could be used at all.
Also having access to the source code, enhancements and modifications are easier to do.
Under the hood, we use two open source libraries instead:
- apex-parser originally by Kevin Jones (@nawforce). This project provides the grammar for a ANTLR based parser.
- Summit-AST by Google (@google) This project translates the ANTLR parse tree into an AST, that is similar to the AST Jorje provided. Note: This is not an official Google product.
Although the parser is completely switched, there are only little known changes to the AST. These are documented in the Migration Guide for PMD 7: Apex AST.
With the new Apex parser, the new language constructs like
User Mode Database Operations
and the new Null Coalescing Operator ??
can be parsed now. PMD should be able to parse Apex code up to version 60.0 (Spring ‘24).
See #3766 for details.
Contributors: Aaron Hurst (@aaronhurst-google), Edward Klimoshenko (@eklimo)
Changed: Visualforce
There was an inconsistency between the naming of the maven module and the language id. The language id used the abbreviation “vf”, while the maven module used the longer name “visualforce”. This has been solved by renaming the language module to its full name “visualforce”. The java packages have been renamed as well.
If you import rules, you also need to adjust the paths, e.g.
category/vf/security.xml
➡️category/visualforce/security.xml
Changed: HTML support
Support for HTML was introduced in PMD 6.55.0 as an experimental feature. With PMD 7.0.0 this is now considered stable.
Changed: Kotlin support
Support for Kotlin was introduced with PMD 7.0.0-rc1 as an experimental feature. With PMD 7.0.0 this is now considered stable.
Changed: Velocity Template Language (VTL)
The module was named just “vm” which was not a good name. Its module name, language id and package names have been renamed to “velocity”.
If you import rules, you also need to adjust the paths, e.g.
category/vm/...
➡️category/velocity/...
Rule Changes
New Rules
OperationWithHighCostInLoop
finds Schema class methods called in a loop, which is a potential performance issue.UseExplicitTypes
reports usages ofvar
keyword, which was introduced with Java 10.MissingEncoding
finds XML files without explicit encoding.
Changed Rules
EmptyControlStatement
: The rule has a new property to allow empty blocks when they contain a comment (allowCommentedBlocks
).MethodNamingConventions
: The deprecated rule propertyskipTestMethodUnderscores
has been removed. It was actually deprecated since PMD 6.15.0, but was not mentioned in the release notes back then. Use the propertytestPattern
instead to configure valid names for test methods.CommentRequired
: The deprecated propertyheaderCommentRequirement
has been removed. Use the propertyclassCommentRequirement
instead.NonSerializableClass
: The deprecated propertyprefix
has been removed without replacement. In a serializable class all fields have to be serializable regardless of the name.
Renamed Rulesets
category/vf/security.xml
➡️category/visualforce/security.xml
category/vm/bestpractices.xml
➡️category/velocity/bestpractices.xml
category/vm/design.xml
➡️category/velocity/design.xml
category/vm/errorprone.xml
➡️category/velocity/errorprone.xml
Removed Rules
The following previously deprecated rules have been finally removed:
- Apex
- performance.xml/AvoidSoqlInLoops (deleted) ➡️ use
OperationWithLimitsInLoop
- performance.xml/AvoidSoslInLoops (deleted) ➡️ use
OperationWithLimitsInLoop
- performance.xml/AvoidDmlStatementsInLoops (deleted) ➡️ use
OperationWithLimitsInLoop
- performance.xml/AvoidSoqlInLoops (deleted) ➡️ use
- Java
- design.xml/ExcessiveClassLength (deleted) ➡️ use
NcssCount
- design.xml/ExcessiveMethodLength (deleted) ➡️ use
NcssCount
- errorprone.xml/BeanMembersShouldSerialize (deleted) ➡️ use
NonSerializableClass
- errorprone.xml/EmptyFinallyBlock (deleted) ➡️ use
EmptyControlStatement
- errorprone.xml/EmptyIfStmt (deleted) ➡️ use
EmptyControlStatement
- errorprone.xml/EmptyInitializer (deleted) ➡️ use
EmptyControlStatement
- errorprone.xml/EmptyStatementBlock (deleted) ➡️ use
EmptyControlStatement
- errorprone.xml/EmptyStatementNotInLoop (deleted) ➡️ use
UnnecessarySemicolon
- errorprone.xml/EmptySwitchStatements (deleted) ➡️ use
EmptyControlStatement
- errorprone.xml/EmptySynchronizedBlock (deleted) ➡️ use
EmptyControlStatement
- errorprone.xml/EmptyTryBlock (deleted) ➡️ use
EmptyControlStatement
- errorprone.xml/EmptyWhileStmt (deleted) ➡️ use
EmptyControlStatement
- design.xml/ExcessiveClassLength (deleted) ➡️ use
Removed deprecated rulesets
The following previously deprecated rulesets have been removed. These were the left-over rulesets from PMD 5. The rules have been moved into categories with PMD 6.
List of deprecated rulesets
- rulesets/apex/apexunit.xml
- rulesets/apex/braces.xml
- rulesets/apex/complexity.xml
- rulesets/apex/empty.xml
- rulesets/apex/metrics.xml
- rulesets/apex/performance.xml
- rulesets/apex/ruleset.xml
- rulesets/apex/securty.xml
- rulesets/apex/style.xml
- rulesets/java/android.xml
- rulesets/java/basic.xml
- rulesets/java/clone.xml
- rulesets/java/codesize.xml
- rulesets/java/comments.xml
- rulesets/java/controversial.xml
- rulesets/java/coupling.xml
- rulesets/java/design.xml
- rulesets/java/empty.xml
- rulesets/java/finalizers.xml
- rulesets/java/imports.xml
- rulesets/java/j2ee.xml
- rulesets/java/javabeans.xml
- rulesets/java/junit.xml
- rulesets/java/logging-jakarta-commons.xml
- rulesets/java/logging-java.xml
- rulesets/java/metrics.xml
- rulesets/java/migrating.xml
- rulesets/java/migrating_to_13.xml
- rulesets/java/migrating_to_14.xml
- rulesets/java/migrating_to_15.xml
- rulesets/java/migrating_to_junit4.xml
- rulesets/java/naming.xml
- rulesets/java/optimizations.xml
- rulesets/java/strictexception.xml
- rulesets/java/strings.xml
- rulesets/java/sunsecure.xml
- rulesets/java/typeresolution.xml
- rulesets/java/unnecessary.xml
- rulesets/java/unusedcode.xml
- rulesets/ecmascript/basic.xml
- rulesets/ecmascript/braces.xml
- rulesets/ecmascript/controversial.xml
- rulesets/ecmascript/unnecessary.xml
- rulesets/jsp/basic.xml
- rulesets/jsp/basic-jsf.xml
- rulesets/plsql/codesize.xml
- rulesets/plsql/dates.xml
- rulesets/plsql/strictsyntax.xml
- rulesets/plsql/TomKytesDespair.xml
- rulesets/vf/security.xml
- rulesets/vm/basic.xml
- rulesets/pom/basic.xml
- rulesets/xml/basic.xml
- rulesets/xsl/xpath.xml
- rulesets/releases/*
Fixed issues
- cli
- core
- #1027: [core] Apply the new PropertyDescriptor<Pattern> type where applicable
- #3903: [core] Consolidate
n.s.pmd.reporting
package - #3905: [core] Stabilize tree export API
- #3917: [core] Consolidate
n.s.pmd.lang.rule
package - #4065: [core] Rename TokenMgrError to LexException, Tokenizer to CpdLexer
- #4309: [core] Cleanups in XPath area
- #4312: [core] Remove unnecessary property
color
and system propertypmd.color
inTextColorRenderer
- #4313: [core] Remove support for <lang>-<ruleset> hyphen notation for ruleset references
- #4314: [core] Remove ruleset compatibility filter (RuleSetFactoryCompatibility) and CLI option
--no-ruleset-compatibility
- #4348: [core] Consolidate @InternalApi classes
- #4349: [core] Cleanup remaining experimental and deprecated API
- #4378: [core] Ruleset loading processes commented rules
- #4674: [core] WARNING: Illegal reflective access by org.codehaus.groovy.reflection.CachedClass
- #4694: [core] Fix line/col numbers in TokenMgrError
- #4717: [core] XSLTRenderer doesn’t close report file
- #4750: [core] Fix flaky SummaryHTMLRenderer
- #4782: [core] Avoid using getImage/@Image
- doc
- #995: [doc] Document API evolution principles as ADR
- #2511: [doc] Review guides for writing java/xpath rules for correctness with PMD 7
- #3175: [doc] Document language module features
- #4308: [doc] Document XPath API @DeprecatedAttribute
- #4319: [doc] Document TypeRes API and Symbols API
- #4659: [doc] Improve ant documentation
- #4669: [doc] Add bld PMD Extension to Tools / Integrations
- #4676: [doc] Clarify how CPD
--ignore-literals
and--ignore-identifiers
work - #4704: [doc] Multivalued properties do not accept | as a separator
- miscellaneous
- #4699: Make PMD buildable with java 21
- #4586: Use explicit encoding in ruleset xml files
- #4642: Update regression tests with Java 21 language features
- #4736: [ci] Improve build procedure
- #4741: Add pmd-compat6 module for maven-pmd-plugin
- #4749: Fixes NoSuchMethodError on processing errors in pmd-compat6
- #4776: [ci] Upgrade to ruby 3
- #4796: Remove deprecated and release rulesets
- #4823: Update to use renamed pmd-designer
- #4827: [compat6] Support config errors and cpd for csharp
- #4830: Consolidate packages in each maven module
- #4867: [dist] ./mvnw command not found in dist-src
- apex
- apex-bestpractices
- #4556: [apex] UnusedLocalVariable flags for variables which are using in SOQL/SOSL binds
- apex-documentation
- #4774: [apex] ApexDoc false-positive for the first method of an annotated Apex class
- apex-performance
- #4675: [apex] New Rule: OperationWithHighCostInLoop
- groovy
- #4726: [groovy] Support Groovy to 3 and 4 and CPD suppressions
- java
- java-bestpractices
- java-codestyle
- #2847: [java] New Rule: Use Explicit Types
- #4239: [java] UnnecessaryLocalBeforeReturn - false positive with catch clause
- #4578: [java] CommentDefaultAccessModifier comment needs to be before annotation if present
- #4631: [java] UnnecessaryFullyQualifiedName fails to recognize illegal self reference in enums
- #4645: [java] CommentDefaultAccessModifier - False Positive with JUnit5’s ParameterizedTest
- #4754: [java] EmptyControlStatementRule: Add allowCommentedBlocks property
- #4816: [java] UnnecessaryImport false-positive on generic method call with on lambda
- java-design
- #174: [java] SingularField false positive with switch in method that both assigns and reads field
- java-errorprone
- #718: [java] BrokenNullCheck false positive with parameter/field confusion
- #932: [java] SingletonClassReturningNewInstance false positive with double assignment
- #1831: [java] DetachedTestCase reports abstract methods
- #4719: [java] UnnecessaryCaseChange: example doc toUpperCase() should compare to a capitalized string
- javascript
- plsql
- #4820: [plsql] WITH clause is ignored for SELECT INTO statements
- swift
- #4697: [swift] Support Swift 5.9 features (mainly macros expansion expressions)
- xml-bestpractices
- #4592: [xml] Add MissingEncoding rule
API Changes
See Detailed Release Notes for PMD 7.
External Contributions
- #4093: [apex] Summit-AST Apex module - Part 1 - Edward Klimoshenko (@eklimo)
- #4151: [apex] Summit-AST Apex module - Part 2 - expression nodes - Aaron Hurst (@aaronhurst-google)
- #4171: [apex] Summit-AST Apex module - Part 3 - initializers - Aaron Hurst (@aaronhurst-google)
- #4206: [apex] Summit-AST Apex module - Part 4 - statements - Aaron Hurst (@aaronhurst-google)
- #4219: [apex] Summit-AST Apex module - Part 5 - annotations, triggers, misc. - Aaron Hurst (@aaronhurst-google)
- #4242: [apex] Merge 6.52 into experimental-apex-parser - Aaron Hurst (@aaronhurst-google)
- #4251: [apex] Summit-AST Apex module - Part 6 Passing testsuite - Aaron Hurst (@aaronhurst-google)
- #4448: [apex] Bump summit-ast to new release 2.1.0 (and remove workaround) - Aaron Hurst (@aaronhurst-google)
- #4479: [apex] Merge main (7.x) branch into experimental-apex-parser and fix tests - Aaron Hurst (@aaronhurst-google)
- #4562: [apex] Fixes #4556 - Update Apex bind regex match for all possible combinations - nwcm (@nwcm)
- #4640: [cli] Launch script fails if run via “bash pmd” - Shai Bennathan (@shai-bennathan)
- #4673: [javascript] CPD: Added support for decorator notation - Wener (@wener-tiobe)
- #4677: [apex] Add new rule: OperationWithHighCostInLoop - Thomas Prouvot (@tprouvot)
- #4698: [swift] Add macro expansion support for swift 5.9 - Richard B. (@kenji21)
- #4706: [java] DetachedTestCase should not report on abstract methods - Debamoy Datta (@Debamoy)
- #4719: [java] UnnecessaryCaseChange: example doc toUpperCase() should compare to a capitalized string - ciufudean (@ciufudean)
- #4738: [doc] Added reference to the PMD extension for bld - Erik C. Thauvin (@ethauvin)
- #4749: Fixes NoSuchMethodError on processing errors in pmd-compat6 - Andreas Bergander (@bergander)
- #4750: [core] Fix flaky SummaryHTMLRenderer - 219sansim (@219sansim)
- #4752: [core] Fix flaky LatticeRelationTest - 219sansim (@219sansim)
- #4754: [java] EmptyControlStatementRule: Add allowCommentedBlocks property - Andreas Bergander (@bergander)
- #4759: [java] fix: remove delimiter attribute from ruleset category/java/errorprone.xml - Marcin Dąbrowski (@marcindabrowski)
- #4825: [plsql] Fix ignored WITH clause for SELECT INTO statements - Laurent Bovet (@lbovet)
- #4857: [javascript] Fix UnnecessaryBlock issues with empty statements - Oleksandr Shvets (@oleksandr-shvets)
🚀 Major Features and Enhancements
New official logo
The new official logo of PMD:
For more information, see the Detailed Release Notes for PMD 7.
Revamped Java module
- Java grammar substantially refactored - more correct regarding the Java Language Specification (JLS)
- Built-in rules have been upgraded for the changed AST
- Rewritten type resolution framework and symbol table correctly implements the JLS
- AST exposes more semantic information (method calls, field accesses)
For more information, see the Detailed Release Notes for PMD 7.
Contributors: Clément Fournier (@oowekyala), Andreas Dangel (@adangel), Juan Martín Sotuyo Dodero (@jsotuyod)
Revamped Command Line Interface
- Unified and consistent Command Line Interface for both Linux/Unix and Windows across our different utilities
- Single script
pmd
(pmd.bat
for Windows) to launch the different utilities:pmd check
to run PMD rules and analyze a projectpmd cpd
to run CPD (copy paste detector)pmd designer
to run the PMD Rule Designer
- Progress bar support for
pmd check
- Shell completion
For more information, see the Detailed Release Notes for PMD 7.
Contributors: Juan Martín Sotuyo Dodero (@jsotuyod)
Full Antlr support
- Antlr based grammars can now be used to build full-fledged PMD rules.
- Previously, Antlr grammar could only be used for CPD
- New supported languages: Swift and Kotlin
For more information, see the Detailed Release Notes for PMD 7.
Contributors: Lucas Soncini (@lsoncini), Matías Fraga (@matifraga), Tomás De Lucca (@tomidelucca)
Updated PMD Designer
This PMD release ships a new version of the pmd-designer. The designer artifact has been renamed from “pmd-ui” to “pmd-designer”. While the designer still works with Java 8, the recommended Java Runtime is Java 11 (or later) with OpenJFX 17 (or later).
For the detailed changes, see
- PMD Designer Changelog (7.0.0).
- PMD Designer Changelog (7.0.0-rc4).
- PMD Designer Changelog (7.0.0-rc1).
New CPD report format cpdhtml-v2.xslt
Thanks to @mohan-chinnappan-n a new CPD report format has been added which features a data table. It uses an XSLT stylesheet to convert CPD’s XML format into HTML.
See the example report.
Contributors: Mohan Chinnappan (@mohan-chinnappan-n)
🎉 Language Related Changes
Note that this is just a concise listing of the highlights. For more information on the languages, see the Detailed Release Notes for PMD 7.
New: CPD support for Apache Velocity Template Language (VTL)
PMD supported Apache Velocity for a very long time, but the CPD integration never got finished.
This is now done and CPD supports Apache Velocity Template language for detecting copy and paste.
It is shipped in the module pmd-velocity
.
New: CPD support for Coco
Thanks to a contribution, CPD now supports Coco, a modern programming language
designed specifically for building event-driven software. It is shipped in the new
module pmd-coco
.
Contributors: Wener (@wener-tiobe)
New: CPD support for Julia
Thanks to a contribution, CPD now supports the Julia language. It is shipped
in the new module pmd-julia
.
Contributors: Wener (@wener-tiobe)
New: CPD support for TypeScript
Thanks to a contribution, CPD now supports the TypeScript language. It is shipped
with the rest of the JavaScript support in the module pmd-javascript
.
Contributors: Paul Guyot (@pguyot)
New: Java 21 and 22 Support
This release of PMD brings support for Java 21 and 22. There are the following new standard language features, that are supported now:
- JEP 456: Unnamed Variables & Patterns (Java 22)
- JEP 440: Record Patterns (Java 21)
- JEP 441: Pattern Matching for switch (Java 21)
PMD also supports the following preview language features:
- JEP 447: Statements before super(…) (Preview) (Java 22)
- JEP 459: String Templates (Second Preview) (Java 21 and 22)
- JEP 463: Implicitly Declared Classes and Instance Main Methods (Second Preview) (Java 21 and 22)
In order to analyze a project with PMD that uses these preview language features,
you’ll need to enable it via the environment variable PMD_JAVA_OPTS
and select the new language
version 22-preview
:
export PMD_JAVA_OPTS=--enable-preview
pmd check --use-version java-22-preview ...
Note: Support for Java 19 and Java 20 preview language features have been removed. The versions “19-preview” and “20-preview” are no longer available.
New: Kotlin support
- Use PMD to analyze Kotlin code with PMD rules.
- Support for Kotlin 1.8 grammar
- Initially 2 built-in rules
- Support for Kotlin was introduced with PMD 7.0.0-rc1 as an experimental feature. With PMD 7.0.0 this is now considered stable.
Contributors: Jeroen Borgers (@jborgers), Peter Paul Bakker (@stokpop)
New: Swift support
- Use PMD to analyze Swift code with PMD rules.
- Limited support for Swift 5.9 (Macro Expansions)
- Initially 4 built-in rules
Contributors: Lucas Soncini (@lsoncini), Matías Fraga (@matifraga), Tomás De Lucca (@tomidelucca)
Changed: Apex Support: Replaced Jorje with fully open source front-end
When PMD added Apex support with version 5.5.0, it utilized the Apex Jorje library to parse Apex source and generate an AST. This library is however a binary-blob provided as part of the Salesforce Extensions for VS Code, and it is closed-source.
This causes problems, if binary blobs are not allowed by e.g. a company-wide policy. In that case, the Jorje library prevented that PMD Apex could be used at all.
Also having access to the source code, enhancements and modifications are easier to do.
Under the hood, we use two open source libraries instead:
- apex-parser by Kevin Jones (@nawforce) This project provides the grammar for a ANTLR based parser.
- Summit-AST by Google (@google) This project translates the ANTLR parse tree into an AST, that is similar to the AST Jorje provided. Note: This is not an official Google product.
Although the parsers is completely switched, there are only little known changes to the AST.
These are documented in the Migration Guide for PMD 7: Apex AST.
With the new Apex parser, the new language constructs like
User Mode Database Operations
and the new Null Coalescing Operator ??
can be parsed now. PMD should be able to parse Apex code up to version 60.0 (Spring ‘24).
See #3766 for details.
Contributors: Aaron Hurst (@aaronhurst-google), Edward Klimoshenko (@eklimo)
Changed: CPP can now ignore identifiers in sequences (CPD)
- New command line option for CPD:
--ignore-sequences
. - This option is used for CPP only: with the already existing option
--ignore-literal-sequences
, only literals were ignored. The new option additionally ignores identifiers as well in sequences. - See PR #4470 for details.
Contributors: Wener (@wener-tiobe)
Changed: Groovy Support (CPD)
- We now support parsing all Groovy features from Groovy 3 and 4.
- We now support suppression through
CPD-ON
/CPD-OFF
comment pairs. - See PR #4726 for details.
Contributors: Juan Martín Sotuyo Dodero (@jsotuyod)
Changed: HTML support
Support for HTML was introduced in PMD 6.55.0 as an experimental feature. With PMD 7.0.0 this is now considered stable.
Changed: JavaScript support
- Latest version supports ES6 and also some new constructs (see Rhino)
- Comments are retained
Changed: Language versions
- More predefined language versions for each supported language
- Can be used to limit rule execution for specific versions only with
minimumLanguageVersion
andmaximumLanguageVersion
attributes.
Changed: Rule properties
- The old deprecated classes like
IntProperty
andStringProperty
have been removed. Please usePropertyFactory
to create properties. - All properties which accept multiple values now use a comma (
,
) as a delimiter. The previous default was a pipe character (|
). The delimiter is not configurable anymore. If needed, the comma can be escaped with a backslash. - The
min
andmax
attributes in property definitions in the XML are now optional and can appear separately or be omitted.
Changed: Velocity Template Language (VTL)
The module was named just “vm” which was not a good name. Its module name, language id and package names have been renamed to “velocity”.
If you import rules, you also need to adjust the paths, e.g.
category/vm/...
➡️category/velocity/...
Changed: Visualforce
There was an inconsistency between the naming of the maven module and the language id. The language id used the abbreviation “vf”, while the maven module used the longer name “visualforce”. This has been solved by renaming the language module to its full name “visualforce”. The java packages have been renamed as well.
If you import rules, you also need to adjust the paths, e.g.
category/vf/security.xml
➡️category/visualforce/security.xml
🌟 New and changed rules
New Rules
Apex
OperationWithHighCostInLoop
finds Schema class methods called in a loop, which is a potential performance issue.UnusedMethod
finds unused methods in your code.
Java
UnnecessaryBoxing
reports boxing and unboxing conversions that may be made implicit.UseExplicitTypes
reports usages ofvar
keyword, which was introduced with Java 10.
Kotlin
FunctionNameTooShort
finds functions with a too short name.OverrideBothEqualsAndHashcode
finds classes with only eitherequals
orhashCode
overridden, but not both. This leads to unexpected behavior once instances of such classes are used in collections (Lists, HashMaps, …).
Swift
ForceCast
flags all force casts, making sure you are defensively considering all types. Having the application crash shouldn’t be an option.ForceTry
flags all force tries, making sure you are defensively handling exceptions. Having the application crash shouldn’t be an option.ProhibitedInterfaceBuilder
flags any usage of interface builder. Interface builder files are prone to merge conflicts, and are impossible to code review, so larger teams usually try to avoid it or reduce its usage.UnavailableFunction
flags any function throwing afatalError
not marked as@available(*, unavailable)
to ensure no calls are actually performed in the codebase.
XML
MissingEncoding
finds XML files without explicit encoding.
Other changes
The information about changed rules, removed rules and rulesets can be found in the Detailed Release Notes for PMD 7.
🚨 API
The API of PMD has been growing over the years and needed some cleanup. The goal is, to have a clear separation between a well-defined API and the implementation, which is internal. This should help us in future development.
Also, there are some improvement and changes in different areas. For the detailed description of the changes listed here, see Detailed Release Notes for PMD 7.
- Miscellaneous smaller changes and cleanups
- XPath 3.1 support for XPath-based rules
- Node stream API for AST traversal
- Metrics framework
- Testing framework
- Language Lifecycle and Language Properties
- Rule Properties
- New Programmatic API for CPD
💥 Compatibility and migration notes
A detailed documentation of required changes are available in the Migration Guide for PMD 7.
See also Detailed Release Notes for PMD 7.
🐛 Fixed Issues
More than 300 issues have been fixed in PMD 7. See Detailed Release Notes for PMD 7 for the complete list of fixed issues.
✨ External Contributions
Many thanks to the following contributors: @219sansim, @aaronhurst-google, @anastasiia-koba, @AndreyBozhko, @bergander, @ciufudean, @cyw3, @dague1, @Debamoy, @eklimo, @ethauvin, @JerritEic, @joaodinissf, @kenji21, @krdabrowski, @lbovet, @lsoncini, @LynnBroe, @marcindabrowski, @matifraga, @mohan-chinnappan-n, @mohui1999, @nawforce, @nirvikpatel, @nwcm, @oleksandr-shvets, @pguyot, @PimvanderLoos, @rcorfieldffdc, @sfdcsteve, @shai-bennathan, @tomidelucca, @tprouvot, @wener-tiobe.
See Detailed Release Notes for PMD 7 for the full list of PRs.
📈 Stats
- 5741 commits
- 849 closed tickets & PRs
- Days since last release (6.55.0): 390
- Days since last release (7.0.0-rc4): 173
30-September-2023 - 7.0.0-rc4
We’re excited to bring you the next major version of PMD!
Since this is a big release, we provide here only a concise version of the release notes. We prepared a separate page with the full Detailed Release Notes for PMD 7.0.0.
PMD 7.0.0 is finally almost ready. In order to gather feedback, we are going to ship a couple of release candidates. These are officially available on GitHub and Maven Central and can be used as usual (e.g. as a dependency). We encourage you to try out the new features, but keep in mind that we may introduce API breaking changes between the release candidates. It should be stable enough if you don't use custom rules.
We have still some tasks planned for the next release candidates. You can see the progress in PMD 7 Tracking Issue #3898.
If you find any problem or difficulty while updating from PMD 6, please provide feedback via our issue tracker. That way we can improve the experience for all.
Table Of Contents
- Changes since 7.0.0-rc3
- 🚀 Major Features and Enhancements
- 🎉 Language Related Changes
- New: Swift support
- New: Kotlin support (experimental)
- New: CPD support for TypeScript
- New: CPD support for Julia
- New: CPD support for Coco
- New: Java 21 Support
- Changed: JavaScript support
- Changed: Language versions
- Changed: CPP can now ignore identifiers in sequences (CPD)
- Changed: Apex Jorje Updated
- Changed: Rule properties
- 🌟 New and changed rules
- 🚨 API
- 💥 Compatibility and migration notes
- 🐛 Fixed Issues
- ✨ External Contributions
- 📈 Stats
Changes since 7.0.0-rc3
This section lists the most important changes from the last release candidate. The remaining section describes the complete release notes for 7.0.0.
New and Noteworthy
Migration Guide for PMD 7
A detailed documentation of required changes are available in the Migration Guide for PMD 7.
Apex Jorje Updated
With the new version of Apex Jorje, the new language constructs like User Mode Database Operations can be parsed now. PMD should now be able to parse Apex code up to version 59.0 (Winter ‘23).
Java 21 Support
This release of PMD brings support for Java 21. There are the following new standard language features, that are supported now:
PMD also supports the following preview language features:
- JEP 430: String Templates (Preview)
- JEP 443: Unnamed Patterns and Variables (Preview)
- JEP 445: Unnamed Classes and Instance Main Methods (Preview)
In order to analyze a project with PMD that uses these language features,
you’ll need to enable it via the environment variable PMD_JAVA_OPTS
and select the new language
version 21-preview
:
export PMD_JAVA_OPTS=--enable-preview
pmd check --use-version java-21-preview ...
Note: Support for Java 19 preview language features have been removed. The version “19-preview” is no longer available.
Fixed issues
- miscellaneous
- core
- #1204: [core] Allow numeric properties in XML to be within an unbounded range
- #3919: [core] Merge CPD and PMD language
- #4204: [core] Provide a CpdAnalysis class as a programmatic entry point into CPD
- #4301: [core] Remove deprecated property concrete classes
- #4302: [core] Migrate Property Framework API to Java 8
- #4323: [core] Refactor CPD integration
- #4397: [core] Refactor CPD
- #4611: [core] Fix loading language properties from env vars
- #4621: [core] Make
ClasspathClassLoader::getResource
child first
- cli
- #4423: [cli] Fix NPE when only
--file-list
is specified
- #4423: [cli] Fix NPE when only
- doc
- apex
- apex-design
- #4596: [apex] ExcessivePublicCount ignores properties
- apex-security
- #4646: [apex] ApexSOQLInjection does not recognise SObjectType or SObjectField as safe variable types
- java
- java-bestpractices
- #4634: [java] JUnit4TestShouldUseTestAnnotation false positive with TestNG
API Changes
pmd-java
- Support for Java 19 preview language features have been removed. The version “19-preview” is no longer available.
Rule properties
- The old deprecated classes like
IntProperty
andStringProperty
have been removed. Please usePropertyFactory
to create properties. - All properties which accept multiple values now use a comma (
,
) as a delimiter. The previous default was a pipe character (|
). The delimiter is not configurable anymore. If needed, the comma can be escaped with a backslash. - The
min
andmax
attributes in property definitions in the XML are now optional and can appear separately or be omitted.
New Programmatic API for CPD
See Detailed Release Notes for PMD 7 and PR #4397 for details.
Removed classes and methods
The following previously deprecated classes have been removed:
- pmd-core
net.sourceforge.pmd.cpd.AbstractTokenizer
➡️ useAnyTokenizer
insteadnet.sourceforge.pmd.cpd.CPD
➡️ usePmdCli
frompmd-cli
module for CLI support or useCpdAnalysis
for programmatic APInet.sourceforge.pmd.cpd.GridBagHelper
(now package private)net.sourceforge.pmd.cpd.TokenEntry.State
net.sourceforge.pmd.lang.document.CpdCompat
net.sourceforge.pmd.properties.BooleanMultiProperty
net.sourceforge.pmd.properties.BooleanProperty
net.sourceforge.pmd.properties.CharacterMultiProperty
net.sourceforge.pmd.properties.CharacterProperty
net.sourceforge.pmd.properties.DoubleMultiProperty
net.sourceforge.pmd.properties.DoubleProperty
net.sourceforge.pmd.properties.EnumeratedMultiProperty
net.sourceforge.pmd.properties.EnumeratedProperty
net.sourceforge.pmd.properties.EnumeratedPropertyDescriptor
net.sourceforge.pmd.properties.FileProperty
(note: without replacement)net.sourceforge.pmd.properties.FloatMultiProperty
net.sourceforge.pmd.properties.FloatProperty
net.sourceforge.pmd.properties.IntegerMultiProperty
net.sourceforge.pmd.properties.IntegerProperty
net.sourceforge.pmd.properties.LongMultiProperty
net.sourceforge.pmd.properties.LongProperty
net.sourceforge.pmd.properties.MultiValuePropertyDescriptor
net.sourceforge.pmd.properties.NumericPropertyDescriptor
net.sourceforge.pmd.properties.PropertyDescriptorField
net.sourceforge.pmd.properties.RegexProperty
net.sourceforge.pmd.properties.SingleValuePropertyDescriptor
net.sourceforge.pmd.properties.StringMultiProperty
net.sourceforge.pmd.properties.StringProperty
net.sourceforge.pmd.properties.ValueParser
net.sourceforge.pmd.properties.ValueParserConstants
net.sourceforge.pmd.properties.builders.MultiNumericPropertyBuilder
net.sourceforge.pmd.properties.builders.MultiPackagedPropertyBuilder
net.sourceforge.pmd.properties.builders.MultiValuePropertyBuilder
net.sourceforge.pmd.properties.builders.PropertyDescriptorBuilder
net.sourceforge.pmd.properties.builders.PropertyDescriptorBuilderConversionWrapper
net.sourceforge.pmd.properties.builders.PropertyDescriptorExternalBuilder
net.sourceforge.pmd.properties.builders.SingleNumericPropertyBuilder
net.sourceforge.pmd.properties.builders.SinglePackagedPropertyBuilder
net.sourceforge.pmd.properties.builders.SingleValuePropertyBuilder
net.sourceforge.pmd.properties.modules.EnumeratedPropertyModule
net.sourceforge.pmd.properties.modules.NumericPropertyModule
The following previously deprecated methods have been removed:
- pmd-core
net.sourceforge.pmd.properties.PropertyBuilder.GenericCollectionPropertyBuilder#delim(char)
net.sourceforge.pmd.properties.PropertySource#setProperty(...)
net.sourceforge.pmd.properties.internal.PropertyTypeId#factoryFor(...)
net.sourceforge.pmd.properties.internal.PropertyTypeId#typeIdFor(...)
net.sourceforge.pmd.properties.PropertyDescriptor
: removed methods errorFor, type, isMultiValue, uiOrder, compareTo, isDefinedExternally, valueFrom, asDelimitedString
The following methods have been removed:
- pmd-core
CPDConfiguration
#sourceCodeFor(File)
,#postConstruct()
,#tokenizer()
,#filenameFilter()
removed
Mark
#getSourceSlice()
,#setLineCount(int)
,#getLineCount()
,#setSourceCode(SourceCode)
removed#getBeginColumn()
,#getBeginLine()
,#getEndLine()
,#getEndColumn()
removed ➡️ usegetLocation
instead
Match
#LABEL_COMPARATOR
removed#setMarkSet(...)
,#setLabel(...)
,#getLabel()
,#addTokenEntry(...)
removed#getSourceCodeSlice()
removed ➡️ useCPDReport#getSourceCodeSlice
instead
TokenEntry
#getEOF()
,#clearImages()
,#getIdentifier()
,#getIndex()
,#setHashCode(int)
removed#EOF
removed ➡️ useisEof
instead
Parser.ParserTask
#getFileDisplayName()
removed ➡️ usegetFileId
instead (getFileId().getAbsolutePath()
)
The following classes have been removed:
- pmd-core
net.sourceforge.pmd.cpd.AbstractLanguage
net.sourceforge.pmd.cpd.AnyLanguage
net.sourceforge.pmd.cpd.Language
net.sourceforge.pmd.cpd.LanguageFactory
net.sourceforge.pmd.cpd.MatchAlgorithm
(now package private)net.sourceforge.pmd.cpd.MatchCollector
(now package private)net.sourceforge.pmd.cpd.SourceCode
(and all inner classes likeFileCodeLoader
, …)net.sourceforge.pmd.cpd.token.TokenFilter
Moved packages
- pmd-core
NumericConstraints
(old package:net.sourceforge.pmd.properties.constraints.NumericConstraints
)PropertyConstraint
(old package:net.sourceforge.pmd.properties.constraints.PropertyConstraint
)- not experimental anymore
ReportException
(old package:net.sourceforge.pmd.cpd
, moved to modulepmd-ant
)- it is now a RuntimeException
CPDReportRenderer
(old package:net.sourceforge.pmd.cpd.renderer
)AntlrTokenFilter
(old package:net.sourceforge.pmd.cpd.token
)BaseTokenFilter
(old package:net.sourceforge.pmd.cpd.token.internal
)JavaCCTokenFilter
(old package:net.sourceforge.pmd.cpd.token
)
Changed types and other changes
- pmd-core
PropertyDescriptor
is now a class (was an interface) and it is not comparable anymore.AbstractConfiguration#setSourceEncoding
- previously this method took a simple String for the encoding.
PmdConfiguration
andCPDConfiguration
- many getters and setters have been moved to the parent class
AbstractConfiguration
- many getters and setters have been moved to the parent class
CPDListener#addedFile
- no
File
parameter anymore
- no
CPDReport#getNumberOfTokensPerFile
returns aMap
ofFileId,Integer
instead ofString
CPDReport#filterMatches
now takes ajava.util.function.Predicate
as parameterTokenizer
- constants are now
PropertyDescriptor
instead ofString
, to be used as language properties tokenize
changed parameters. Now takes aTextDocument
and aTokenFactory
(instead ofSourceCode
andTokens
)
- constants are now
Language
- method
#createProcessor(LanguagePropertyBundle)
moved toPmdCapableLanguage
- method
StringUtil#linesWithTrimIndent
now takes aChars
instead of aString
.
- All language modules (like pmd-apex, pmd-cpp, …)
- consistent package naming:
net.sourceforge.pmd.lang.<langId>.cpd
- adapted to use
CpdCapableLanguage
- consistent static method
#getInstance()
- removed constants like
ID
,TERSE_NAME
orNAME
. UsegetInstance().getName()
etc. instead
- consistent package naming:
Internal APIs
Deprecated API
-
Language#getTerseName
➡️ usegetId
instead -
The method
ASTPattern#getParenthesisDepth
has been deprecated and will be removed. It was introduced for supporting parenthesized patterns, but that was removed with Java 21. It is only used when parsing code as java-19-preview.
Experimental APIs
- To support the Java preview language features “String Templates” and “Unnamed Patterns and Variables”, the following AST nodes have been introduced as experimental:
- The AST nodes for supporting “Record Patterns” and “Pattern Matching for switch” are not experimental anymore:
ASTRecordPattern
ASTPatternList
(Note: it was renamed fromASTComponentPatternList
)ast
(Note: it was renamed fromASTSwitchGuard
)
External Contributions
- #4528: [apex] Update to apexlink - Kevin Jones (@nawforce)
- #4637: [java] fix #4634 - JUnit4TestShouldUseTestAnnotation false positive with TestNG - Krystian Dabrowski (@krdabrowski)
- #4649: [apex] Add SObjectType and SObjectField to list of injectable SOQL variable types - Richard Corfield (@rcorfieldffdc)
- #4651: [doc] Add “Tencent Cloud Code Analysis” in Tools / Integrations - yale (@cyw3)
- #4664: [cli] CPD: Fix NPE when only
--file-list
is specified - Wener (@wener-tiobe) - #4665: [java] Doc: Fix references AutoClosable -> AutoCloseable - Andrey Bozhko (@AndreyBozhko)
🚀 Major Features and Enhancements
New official logo
The new official logo of PMD:
Revamped Java module
- Java grammar substantially refactored - more correct regarding the Java Language Specification (JLS)
- Built-in rules have been upgraded for the changed AST
- Rewritten type resolution framework and symbol table correctly implements the JLS
- AST exposes more semantic information (method calls, field accesses)
For more information, see the Detailed Release Notes for PMD 7.
Contributors: Clément Fournier (@oowekyala), Andreas Dangel (@adangel), Juan Martín Sotuyo Dodero (@jsotuyod)
Revamped Command Line Interface
- unified and consistent Command Line Interface for both Linux/Unix and Windows across our different utilities
- single script
pmd
(pmd.bat
for Windows) to launch the different utilities:pmd check
to run PMD rules and analyze a projectpmd cpd
to run CPD (copy paste detector)pmd designer
to run the PMD Rule Designer
- progress bar support for
pmd check
- shell completion
For more information, see the Detailed Release Notes for PMD 7.
Contributors: Juan Martín Sotuyo Dodero (@jsotuyod)
Full Antlr support
- Antlr based grammars can now be used to build full-fledged PMD rules.
- Previously, Antlr grammar could only be used for CPD
- New supported languages: Swift and Kotlin
For more information, see the Detailed Release Notes for PMD 7.
Contributors: Lucas Soncini (@lsoncini), Matías Fraga (@matifraga), Tomás De Lucca (@tomidelucca)
Updated PMD Designer
This PMD release ships a new version of the pmd-designer. For the changes, see PMD Designer Changelog.
New CPD report format cpdhtml-v2.xslt
Thanks to @mohan-chinnappan-n a new CPD report format has been added which features a data table. It uses an XSLT stylesheet to convert CPD’s XML format into HTML.
See the example report.
🎉 Language Related Changes
Note that this is just a concise listing of the highlight. For more information on the languages, see the Detailed Release Notes for PMD 7.
New: Swift support
- use PMD to analyze Swift code with PMD rules
- initially 4 built-in rules
Contributors: Lucas Soncini (@lsoncini), Matías Fraga (@matifraga), Tomás De Lucca (@tomidelucca)
New: Kotlin support (experimental)
- use PMD to analyze Kotlin code with PMD rules
- Support for Kotlin 1.8 grammar
- initially 2 built-in rules
New: CPD support for TypeScript
Thanks to a contribution, CPD now supports the TypeScript language. It is shipped
with the rest of the JavaScript support in the module pmd-javascript
.
Contributors: Paul Guyot (@pguyot)
New: CPD support for Julia
Thanks to a contribution, CPD now supports the Julia language. It is shipped
in the new module pmd-julia
.
Contributors: Wener (@wener-tiobe)
New: CPD support for Coco
Thanks to a contribution, CPD now supports Coco, a modern programming language
designed specifically for building event-driven software. It is shipped in the new
module pmd-coco
.
Contributors: Wener (@wener-tiobe)
New: Java 21 Support
This release of PMD brings support for Java 21. There are the following new standard language features, that are supported now:
PMD also supports the following preview language features:
- JEP 430: String Templates (Preview)
- JEP 443: Unnamed Patterns and Variables (Preview)
- JEP 445: Unnamed Classes and Instance Main Methods (Preview)
In order to analyze a project with PMD that uses these language features,
you’ll need to enable it via the environment variable PMD_JAVA_OPTS
and select the new language
version 21-preview
:
export PMD_JAVA_OPTS=--enable-preview
pmd check --use-version java-21-preview ...
Note: Support for Java 19 preview language features have been removed. The version “19-preview” is no longer available.
Changed: JavaScript support
- latest version supports ES6 and also some new constructs (see Rhino])
- comments are retained
Changed: Language versions
- more predefined language versions for each supported language
- can be used to limit rule execution for specific versions only with
minimumLanguageVersion
andmaximumLanguageVersion
attributes.
Changed: CPP can now ignore identifiers in sequences (CPD)
- new command line option for CPD:
--ignore-sequences
. - This option is used for CPP only: with the already existing option
--ignore-literal-sequences
, only literals were ignored. The new option additional ignores identifiers as well in sequences. - See PR #4470 for details.
Changed: Apex Jorje Updated
With the new version of Apex Jorje, the new language constructs like User Mode Database Operations can be parsed now. PMD should now be able to parse Apex code up to version 59.0 (Winter ‘23).
Changed: Rule properties
- The old deprecated classes like
IntProperty
andStringProperty
have been removed. Please usePropertyFactory
to create properties. - All properties which accept multiple values now use a comma (
,
) as a delimiter. The previous default was a pipe character (|
). The delimiter is not configurable anymore. If needed, the comma can be escaped with a backslash. - The
min
andmax
attributes in property definitions in the XML are now optional and can appear separately or be omitted.
🌟 New and changed rules
New Rules
Apex
UnusedMethod
finds unused methods in your code.
Java
UnnecessaryBoxing
reports boxing and unboxing conversions that may be made implicit.
Kotlin
Swift
Changed Rules
General changes
- All statistical rules (like ExcessiveClassLength, ExcessiveParameterList) have been simplified and unified.
The properties
topscore
andsigma
have been removed. The propertyminimum
is still there, however the type is not a decimal number anymore but has been changed to an integer. This affects rules in the languages Apex, Java, PLSQL and Velocity Template Language (vm):- Apex:
ExcessiveClassLength
,ExcessiveParameterList
,ExcessivePublicCount
,NcssConstructorCount
,NcssMethodCount
,NcssTypeCount
- Java:
ExcessiveImports
,ExcessiveParameterList
,ExcessivePublicCount
,SwitchDensity
- PLSQL:
ExcessiveMethodLength
,ExcessiveObjectLength
,ExcessivePackageBodyLength
,ExcessivePackageSpecificationLength
,ExcessiveParameterList
,ExcessiveTypeLength
,NcssMethodCount
,NcssObjectCount
,NPathComplexity
- VM:
ExcessiveTemplateLength
- Apex:
- The general property
violationSuppressXPath
which is available for all rules to suppress warnings now uses XPath version 3.1 by default. This version of the XPath language is mostly identical to XPath 2.0. In PMD 6, XPath 1.0 has been used. If you upgrade from PMD 6, you need to verify yourviolationSuppressXPath
properties.
Apex General changes
- The properties
cc_categories
,cc_remediation_points_multiplier
,cc_block_highlighting
have been removed from all rules. These properties have been deprecated since PMD 6.13.0. See issue #1648 for more details.
Java General changes
-
Violations reported on methods or classes previously reported the line range of the entire method or class. With PMD 7.0.0, the reported location is now just the identifier of the method or class. This affects various rules, e.g.
CognitiveComplexity
.The report location is controlled by the overrides of the method
getReportLocation
in different node types.See issue #4439 and issue #730 for more details.
Java Best Practices
ArrayIsStoredDirectly
: Violations are now reported on the assignment and not anymore on the formal parameter. The reported line numbers will probably move.AvoidReassigningLoopVariables
: This rule might not report anymore all reassignments of the control variable in for-loops when the propertyforReassign
is set toskip
. See issue #4500 for more details.LooseCoupling
: The rule has a new property to allow some types to be coupled to (allowedTypes
).UnusedLocalVariable
: This rule has some important false-negatives fixed and finds many more cases now. For details see issues #2130, #4516, and #4517.
Java Codestyle
MethodNamingConventions
: The propertycheckNativeMethods
has been removed. The property was deprecated since PMD 6.3.0. Use the propertynativePattern
to control whether native methods should be considered or not.ShortVariable
: This rule now also reports short enum constant names.UseDiamondOperator
: The propertyjava7Compatibility
has been removed. The rule now handles Java 7 properly without a property.UnnecessaryFullyQualifiedName
: The rule has two new properties, to selectively disable reporting on static field and method qualifiers. The rule also has been improved to be more precise.UselessParentheses
: The rule has two new properties which control how strict the rule should be applied. WithignoreClarifying
(default: true) parentheses that are strictly speaking not necessary are allowed, if they separate expressions of different precedence. The other propertyignoreBalancing
(default: true) is similar, in that it allows parentheses that help reading and understanding the expressions.
Java Design
CyclomaticComplexity
: The propertyreportLevel
has been removed. The property was deprecated since PMD 6.0.0. The report level can now be configured separated for classes and methods usingclassReportLevel
andmethodReportLevel
instead.ImmutableField
: The propertyignoredAnnotations
has been removed. The property was deprecated since PMD 6.52.0.LawOfDemeter
: The rule has a new propertytrustRadius
. This defines the maximum degree of trusted data. The default of 1 is the most restrictive.NPathComplexity
: The propertyminimum
has been removed. It was deprecated since PMD 6.0.0. Use the propertyreportLevel
instead.SingularField
: The propertiescheckInnerClasses
anddisallowNotAssignment
have been removed. The rule is now more precise and will check these cases properly.UseUtilityClass
: The propertyignoredAnnotations
has been removed.
Java Documentation
CommentContent
: The propertiescaseSensitive
anddisallowedTerms
are removed. The new propertyforbiddenRegex
can be used now to define the disallowed terms with a single regular expression.CommentRequired
:- Overridden methods are now detected even without the
@Override
annotation. This is relevant for the propertymethodWithOverrideCommentRequirement
. See also pull request #3757. - Elements in annotation types are now detected as well. This might lead to an increased number of violations for missing public method comments.
- Overridden methods are now detected even without the
CommentSize
: When determining the line-length of a comment, the leading comment prefix markers (e.g.*
or//
) are ignored and don’t add up to the line-length. See also pull request #4369.
Java Error Prone
AvoidDuplicateLiterals
: The propertyexceptionfile
has been removed. The property was deprecated since PMD 6.10.0. Use the propertyexceptionList
instead.DontImportSun
:sun.misc.Signal
is not special-cased anymore.EmptyCatchBlock
:CloneNotSupportedException
andInterruptedException
are not special-cased anymore. Rename the exception parameter toignored
to ignore them.ImplicitSwitchFallThrough
: Violations are now reported on the case statements rather than on the switch statements. This is more accurate but might result in more violations now.
Removed Rules
Many rules, that were previously deprecated have been finally removed. See Detailed Release Notes for PMD 7 for the complete list.
🚨 API
The API of PMD has been growing over the years and needed some cleanup. The goal is, to have a clear separation between a well-defined API and the implementation, which is internal. This should help us in future development.
Also, there are some improvement and changes in different areas. For the detailed description of the changes listed here, see Detailed Release Notes for PMD 7.
- Miscellaneous smaller changes and cleanups
- XPath 3.1 support for XPath-based rules
- Node stream API for AST traversal
- Metrics framework
- Testing framework
- Language Lifecycle and Language Properties
- Rule Properties
- New Programmatic API for CPD
💥 Compatibility and migration notes
A detailed documentation of required changes are available in the Migration Guide for PMD 7.
See also Detailed Release Notes for PMD 7.
🐛 Fixed Issues
- miscellaneous
- #881: [all] Breaking API changes for 7.0.0
- #896: [all] Use slf4j
- #1431: [ui] Remove old GUI applications (designerold, bgastviewer)
- #1451: [core] RulesetFactoryCompatibility stores the whole ruleset file in memory as a string
- #2496: Update PMD 7 Logo on landing page
- #2497: PMD 7 Logo page
- #2498: Update PMD 7 Logo in documentation
- #3797: [all] Use JUnit5
- #4462: Provide Software Bill of Materials (SBOM)
- #4460: Fix assembly-plugin warnings
- #4582: [dist] Download link broken
- #4691: [CVEs] Critical and High CEVs reported on PMD and PMD dependencies
- ant
- #4080: [ant] Split off Ant integration into a new submodule
- core
- #880: [core] Make visitors generic
- #1204: [core] Allow numeric properties in XML to be within an unbounded range
- #1622: [core] NodeStream API
- #1687: [core] Deprecate and Remove XPath 1.0 support
- #1785: [core] Allow abstract node types to be valid rulechain visits
- #1825: [core] Support NoAttribute for XPath
- #2038: [core] Remove DCD
- #2218: [core]
isFindBoundary
should not be an attribute - #2234: [core] Consolidate PMD CLI into a single command
- #2239: [core] Merging Javacc build scripts
- #2500: [core] Clarify API for ANTLR based languages
- #2518: [core] Language properties
- #2602: [core] Remove ParserOptions
- #2614: [core] Upgrade Saxon, add XPath 3.1, remove Jaxen
- #2696: [core] Remove DFA
- #2821: [core] Rule processing error filenames are missing paths
- #2873: [core] Utility classes in pmd 7
- #2885: [core] Error recovery mode
- #3203: [core] Replace RuleViolationFactory implementations with ViolationDecorator
- #3692: [core] Analysis listeners
- #3782: [core] Language lifecycle
- #3815: [core] Update Saxon HE to 10.7
- #3893: [core] Text documents
- #3902: [core] Violation decorators
- #3918: [core] Make LanguageRegistry non static
- #3919: [core] Merge CPD and PMD language
- #3922: [core] Better error reporting for the ruleset parser
- #4035: [core] ConcurrentModificationException in DefaultRuleViolationFactory
- #4120: [core] Explicitly name all language versions
- #4204: [core] Provide a CpdAnalysis class as a programmatic entry point into CPD
- #4301: [core] Remove deprecated property concrete classes
- #4302: [core] Migrate Property Framework API to Java 8
- #4323: [core] Refactor CPD integration
- #4353: [core] Micro optimizations for Node API
- #4365: [core] Improve benchmarking
- #4397: [core] Refactor CPD
- #4420: [core] Remove PMD.EOL
- #4425: [core] Replace TextFile::pathId
- #4454: [core] “Unknown option: ‘-min’” but is referenced in documentation
- #4611: [core] Fix loading language properties from env vars
- #4621: [core] Make
ClasspathClassLoader::getResource
child first
- cli
- #2234: [core] Consolidate PMD CLI into a single command
- #3828: [core] Progress reporting
- #4079: [cli] Split off CLI implementation into a pmd-cli submodule
- #4423: [cli] Fix NPE when only
--file-list
is specified - #4482: [cli] pmd.bat can only be executed once
- #4484: [cli] ast-dump with no properties produce an NPE
- doc
- testing
Language specific fixes:
- apex
- #1937: [apex] Apex should only have a single RootNode
- #1648: [apex,vf] Remove CodeClimate dependency
- #1750: [apex] Remove apex statistical rules
- #2836: [apex] Remove Apex ProjectMirror
- #3973: [apex] Update parser to support new ‘as user’ keywords (User Mode for Database Operations)
- #4427: [apex] ApexBadCrypto test failing to detect inline code
- #4453: [apex] [7.0-rc1] Exception while initializing Apexlink (Index 34812 out of bounds for length 34812)
- apex-design
- apex-security
- #4646: [apex] ApexSOQLInjection does not recognise SObjectType or SObjectField as safe variable types
- java
- #520: [java] Allow
@SuppressWarnings
with constants instead of literals - #864: [java] Similar/duplicated implementations for determining FQCN
- #905: [java] Add new node for anonymous class declaration
- #910: [java] AST inconsistency between primitive and reference type arrays
- #997: [java] Java8 parsing corner case with annotated array types
- #998: [java] AST inconsistencies around FormalParameter
- #1019: [java] Breaking Java Grammar changes for PMD 7.0.0
- #1124: [java] ImmutableList implementation in the qname codebase
- #1128: [java] Improve ASTLocalVariableDeclaration
- #1150: [java] ClassOrInterfaceType AST improvements
- #1207: [java] Resolve explicit types using FQCNs, without hitting the classloader
- #1367: [java] Parsing error on annotated inner class
- #1661: [java] About operator nodes
- #2366: [java] Remove qualified names
- #2819: [java] GLB bugs in pmd 7
- #3642: [java] Parse error on rare extra dimensions on method return type on annotation methods
- #3763: [java] Ambiguous reference error in valid code
- #3749: [java] Improve
isOverridden
in ASTMethodDeclaration - #3750: [java] Make symbol table support instanceof pattern bindings
- #3752: [java] Expose annotations in symbol API
- #4237: [java] Cleanup handling of Java comments
- #4317: [java] Some AST nodes should not be TypeNodes
- #4359: [java] Type resolution fails with NPE when the scope is not a type declaration
- #4367: [java] Move testrule TypeResTest into internal
- #4383: [java] IllegalStateException: Object is not an array type!
- #4401: [java] PMD 7 fails to build under Java 19
- #4405: [java] Processing error with ArrayIndexOutOfBoundsException
- #4583: [java] Support JDK 21 (LTS)
- #520: [java] Allow
- java-bestpractices
- #342: [java] AccessorMethodGeneration: Name clash with another public field not properly handled
- #755: [java] AccessorClassGeneration false positive for private constructors
- #770: [java] UnusedPrivateMethod yields false positive for counter-variant arguments
- #807: [java] AccessorMethodGeneration false positive with overloads
- #833: [java] ForLoopCanBeForeach should consider iterating on this
- #1189: [java] UnusedPrivateMethod false positive from inner class via external class
- #1205: [java] Improve ConstantsInInterface message to mention alternatives
- #1212: [java] Don’t raise JUnitTestContainsTooManyAsserts on JUnit 5’s assertAll
- #1422: [java] JUnitTestsShouldIncludeAssert false positive with inherited @Rule field
- #1455: [java] JUnitTestsShouldIncludeAssert: False positives for assert methods named “check” and “verify”
- #1563: [java] ForLoopCanBeForeach false positive with method call using index variable
- #1565: [java] JUnitAssertionsShouldIncludeMessage false positive with AssertJ
- #1747: [java] PreserveStackTrace false-positive
- #1969: [java] MissingOverride false-positive triggered by package-private method overwritten in another package by extending class
- #1998: [java] AccessorClassGeneration false-negative: subclass calls private constructor
- #2130: [java] UnusedLocalVariable: false-negative with array
- #2147: [java] JUnitTestsShouldIncludeAssert - false positives with lambdas and static methods
- #2464: [java] LooseCoupling must ignore class literals: ArrayList.class
- #2542: [java] UseCollectionIsEmpty can not detect the case
foo.bar().size()
- #2650: [java] UseTryWithResources false positive when AutoCloseable helper used
- #2796: [java] UnusedAssignment false positive with call chains
- #2797: [java] MissingOverride long-standing issues
- #2806: [java] SwitchStmtsShouldHaveDefault false-positive with Java 14 switch non-fallthrough branches
- #2822: [java] LooseCoupling rule: Extend to cover user defined implementations and interfaces
- #2843: [java] Fix UnusedAssignment FP with field accesses
- #2882: [java] UseTryWithResources - false negative for explicit close
- #2883: [java] JUnitAssertionsShouldIncludeMessage false positive with method call
- #2890: [java] UnusedPrivateMethod false positive with generics
- #2946: [java] SwitchStmtsShouldHaveDefault false positive on enum inside enums
- #3672: [java] LooseCoupling - fix false positive with generics
- #3675: [java] MissingOverride - fix false positive with mixing type vars
- #3858: [java] UseCollectionIsEmpty should infer local variable type from method invocation
- #4433: [java] [7.0-rc1] ReplaceHashtableWithMap on java.util.Properties
- #4492: [java] GuardLogStatement gives false positive when argument is a Java method reference
- #4503: [java] JUnitTestsShouldIncludeAssert: false negative with TestNG
- #4516: [java] UnusedLocalVariable: false-negative with try-with-resources
- #4517: [java] UnusedLocalVariable: false-negative with compound assignments
- #4518: [java] UnusedLocalVariable: false-positive with multiple for-loop indices
- #4634: [java] JUnit4TestShouldUseTestAnnotation false positive with TestNG
- java-codestyle
- #1208: [java] PrematureDeclaration rule false-positive on variable declared to measure time
- #1429: [java] PrematureDeclaration as result of method call (false positive)
- #1480: [java] IdenticalCatchBranches false positive with return expressions
- #1673: [java] UselessParentheses false positive with conditional operator
- #1790: [java] UnnecessaryFullyQualifiedName false positive with enum constant
- #1918: [java] UselessParentheses false positive with boolean operators
- #2134: [java] PreserveStackTrace not handling
Throwable.addSuppressed(...)
- #2299: [java] UnnecessaryFullyQualifiedName false positive with similar package name
- #2391: [java] UseDiamondOperator FP when expected type and constructed type have a different parameterization
- #2528: [java] MethodNamingConventions - JUnit 5 method naming not support ParameterizedTest
- #2739: [java] UselessParentheses false positive for string concatenation
- #2748: [java] UnnecessaryCast false positive with unchecked cast
- #2973: [java] New rule: UnnecessaryBoxing
- #3195: [java] Improve rule UnnecessaryReturn to detect more cases
- #3218: [java] Generalize UnnecessaryCast to flag all unnecessary casts
- #3221: [java] PrematureDeclaration false positive for unused variables
- #3238: [java] Improve ExprContext, fix FNs of UnnecessaryCast
- #3500: [java] UnnecessaryBoxing - check for Integer.valueOf(String) calls
- #4268: [java] CommentDefaultAccessModifier: false positive with TestNG annotations
- #4273: [java] CommentDefaultAccessModifier ignoredAnnotations should include “org.junit.jupiter.api.extension.RegisterExtension” by default
- #4357: [java] Fix IllegalStateException in UseDiamondOperator rule
- #4432: [java] [7.0-rc1] UnnecessaryImport - Unused static import is being used
- #4455: [java] FieldNamingConventions: false positive with lombok’s @UtilityClass
- #4487: [java] UnnecessaryConstructor: false-positive with @Inject and @Autowired
- #4511: [java] LocalVariableCouldBeFinal shouldn’t report unused variables
- #4512: [java] MethodArgumentCouldBeFinal shouldn’t report unused parameters
- #4557: [java] UnnecessaryImport FP with static imports of overloaded methods
- java-design
- #1014: [java] LawOfDemeter: False positive with lambda expression
- #1605: [java] LawOfDemeter: False positive for standard UTF-8 charset name
- #2160: [java] Issues with Law of Demeter
- #2175: [java] LawOfDemeter: False positive for chained methods with generic method call
- #2179: [java] LawOfDemeter: False positive with static property access - should treat class-level property as global object, not dot-accessed property
- #2180: [java] LawOfDemeter: False positive with Thread and ThreadLocalRandom
- #2182: [java] LawOfDemeter: False positive with package-private access
- #2188: [java] LawOfDemeter: False positive with fields assigned to local vars
- #2536: [java] ClassWithOnlyPrivateConstructorsShouldBeFinal can’t detect inner class
- #3668: [java] ClassWithOnlyPrivateConstructorsShouldBeFinal - fix FP with inner private classes
- #3754: [java] SingularField false positive with read in while condition
- #3786: [java] SimplifyBooleanReturns should consider operator precedence
- #3840: [java] LawOfDemeter disallows method call on locally created object
- #4238: [java] Make LawOfDemeter not use the rulechain
- #4254: [java] ImmutableField - false positive with Lombok @Setter
- #4434: [java] [7.0-rc1] ExceptionAsFlowControl when simply propagating
- #4456: [java] FinalFieldCouldBeStatic: false positive with lombok’s @UtilityClass
- #4477: [java] SignatureDeclareThrowsException: false-positive with TestNG annotations
- #4490: [java] ImmutableField - false negative with Lombok @Getter
- #4549: [java] Make LawOfDemeter results deterministic
- java-documentation
- java-errorprone
- #659: [java] MissingBreakInSwitch - last default case does not contain a break
- #1005: [java] CloneMethodMustImplementCloneable triggers for interfaces
- #1669: [java] NullAssignment - FP with ternay and null as constructor argument
- #1899: [java] Recognize @SuppressWanings(“fallthrough”) for MissingBreakInSwitch
- #2320: [java] NullAssignment - FP with ternary and null as method argument
- #2532: [java] AvoidDecimalLiteralsInBigDecimalConstructor can not detect the case
new BigDecimal(Expression)
- #2579: [java] MissingBreakInSwitch detects the lack of break in the last case
- #2880: [java] CompareObjectsWithEquals - false negative with type res
- #2893: [java] Remove special cases from rule EmptyCatchBlock
- #2894: [java] Improve MissingBreakInSwitch
- #3071: [java] BrokenNullCheck FP with PMD 6.30.0
- #3087: [java] UnnecessaryBooleanAssertion overlaps with SimplifiableTestAssertion
- #3100: [java] UseCorrectExceptionLogging FP in 6.31.0
- #3173: [java] UseProperClassLoader false positive
- #3351: [java] ConstructorCallsOverridableMethod ignores abstract methods
- #3400: [java] AvoidUsingOctalValues FN with underscores
- #3843: [java] UseEqualsToCompareStrings should consider return type
- #4063: [java] AvoidBranchingStatementAsLastInLoop: False-negative about try/finally block
- #4356: [java] Fix NPE in CloseResourceRule
- #4449: [java] AvoidAccessibilityAlteration: Possible false positive in AvoidAccessibilityAlteration rule when using Lambda expression
- #4457: [java] OverrideBothEqualsAndHashcode: false negative with anonymous classes
- #4493: [java] MissingStaticMethodInNonInstantiatableClass: false-positive about @Inject
- #4505: [java] ImplicitSwitchFallThrough NPE in PMD 7.0.0-rc1
- #4510: [java] ConstructorCallsOverridableMethod: false positive with lombok’s @Value
- #4513: [java] UselessOperationOnImmutable various false negatives with String
- #4514: [java] AvoidLiteralsInIfCondition false positive and negative for String literals when ignoreExpressions=true
- #4546: [java] OverrideBothEqualsAndHashCode ignores records
- java-multithreading
- #2537: [java] DontCallThreadRun can’t detect the case that call run() in
this.run()
- #2538: [java] DontCallThreadRun can’t detect the case that call run() in
foo.bar.run()
- #2577: [java] UseNotifyAllInsteadOfNotify falsely detect a special case with argument:
foo.notify(bar)
- #4483: [java] NonThreadSafeSingleton false positive with double-checked locking
- #2537: [java] DontCallThreadRun can’t detect the case that call run() in
- java-performance
- #1224: [java] InefficientEmptyStringCheck false negative in anonymous class
- #2587: [java] AvoidArrayLoops could also check for list copy through iterated List.add()
- #2712: [java] SimplifyStartsWith false-positive with AssertJ
- #3486: [java] InsufficientStringBufferDeclaration: Fix NPE
- #3848: [java] StringInstantiation: false negative when using method result
- #4070: [java] A false positive about the rule RedundantFieldInitializer
- #4458: [java] RedundantFieldInitializer: false positive with lombok’s @Value
- kotlin
- swift
- xml
- #1800: [xml] Unimplement org.w3c.dom.Node from the XmlNodeWrapper
✨ External Contributions
- #1658: [core] Node support for Antlr-based languages - Matías Fraga (@matifraga)
- #1698: [core] [swift] Antlr Base Parser adapter and Swift Implementation - Lucas Soncini (@lsoncini)
- #1774: [core] Antlr visitor rules - Lucas Soncini (@lsoncini)
- #1877: [swift] Feature/swift rules - Matías Fraga (@matifraga)
- #1881: [doc] Add ANTLR documentation - Matías Fraga (@matifraga)
- #1882: [swift] UnavailableFunction Swift rule - Tomás de Lucca (@tomidelucca)
- #2830: [apex] Apexlink POC - Kevin Jones (@nawforce)
- #3866: [core] Add CLI Progress Bar - @JerritEic (@JerritEic)
- #4402: [javascript] CPD: add support for Typescript using antlr4 grammar - Paul Guyot (@pguyot)
- #4403: [julia] CPD: Add support for Julia code duplication - Wener (@wener-tiobe)
- #4412: [doc] Added new error msg to ConstantsInInterface - David Ljunggren (@dague1)
- #4426: [cpd] New XML to HTML XLST report format for PMD CPD - mohan-chinnappan-n (@mohan-chinnappan-n)
- #4428: [apex] ApexBadCrypto bug fix for #4427 - inline detection of hard coded values - Steven Stearns (@sfdcsteve)
- #4431: [coco] CPD: Coco support for code duplication detection - Wener (@wener-tiobe)
- #4444: [java] CommentDefaultAccessModifier - ignore org.junit.jupiter.api.extension.RegisterExtension by default - Nirvik Patel (@nirvikpatel)
- #4450: [java] Fix #4449 AvoidAccessibilityAlteration: Correctly handle Lambda expressions in PrivilegedAction scenarios - Seren (@mohui1999)
- #4452: [doc] Update PMD_APEX_ROOT_DIRECTORY documentation reference - nwcm (@nwcm)
- #4470: [cpp] CPD: Added strings as literal and ignore identifiers in sequences - Wener (@wener-tiobe)
- #4474: [java] ImmutableField: False positive with lombok (fixes #4254) - Pim van der Loos (@PimvanderLoos)
- #4488: [java] Fix #4477: A false-positive about SignatureDeclareThrowsException - AnnaDev (@LynnBroe)
- #4494: [java] Fix #4487: A false-positive about UnnecessaryConstructor and @Inject and @Autowired - AnnaDev (@LynnBroe)
- #4495: [java] Fix #4493: false-positive about MissingStaticMethodInNonInstantiatableClass and @Inject - AnnaDev (@LynnBroe)
- #4507: [java] Fix #4503: A false negative about JUnitTestsShouldIncludeAssert and testng - AnnaDev (@LynnBroe)
- #4520: [doc] Fix typo: missing closing quotation mark after CPD-END - João Dinis Ferreira (@joaodinissf)
- #4528: [apex] Update to apexlink - Kevin Jones (@nawforce)
- #4533: [java] Fix #4063: False-negative about try/catch block in Loop - AnnaDev (@LynnBroe)
- #4536: [java] Fix #4268: CommentDefaultAccessModifier - false positive with TestNG’s @Test annotation - AnnaDev (@LynnBroe)
- #4537: [java] Fix #4455: A false positive about FieldNamingConventions and UtilityClass - AnnaDev (@LynnBroe)
- #4538: [java] Fix #4456: A false positive about FinalFieldCouldBeStatic and UtilityClass - AnnaDev (@LynnBroe)
- #4540: [java] Fix #4457: false negative about OverrideBothEqualsAndHashcode - AnnaDev (@LynnBroe)
- #4541: [java] Fix #4458: A false positive about RedundantFieldInitializer and @Value - AnnaDev (@LynnBroe)
- #4542: [java] Fix #4510: A false positive about ConstructorCallsOverridableMethod and @Value - AnnaDev (@LynnBroe)
- #4553: [java] Fix #4492: GuardLogStatement gives false positive when argument is a Java method reference - Anastasiia Koba (@anastasiia-koba)
- #4637: [java] fix #4634 - JUnit4TestShouldUseTestAnnotation false positive with TestNG - Krystian Dabrowski (@krdabrowski)
- #4649: [apex] Add SObjectType and SObjectField to list of injectable SOQL variable types - Richard Corfield (@rcorfieldffdc)
- #4651: [doc] Add “Tencent Cloud Code Analysis” in Tools / Integrations - yale (@cyw3)
- #4664: [cli] CPD: Fix NPE when only
--file-list
is specified - Wener (@wener-tiobe) - #4665: [java] Doc: Fix references AutoClosable -> AutoCloseable - Andrey Bozhko (@AndreyBozhko)
📈 Stats
- 5007 commits
- 658 closed tickets & PRs
- Days since last release: 122
30-May-2023 - 7.0.0-rc3
We’re excited to bring you the next major version of PMD!
Since this is a big release, we provide here only a concise version of the release notes. We prepared a separate page with the full Detailed Release Notes for PMD 7.0.0.
PMD 7.0.0 is finally almost ready. In order to gather feedback, we are going to ship a couple of release candidates. These are officially available on GitHub and Maven Central and can be used as usual (e.g. as a dependency). We encourage you to try out the new features, but keep in mind that we may introduce API breaking changes between the release candidates. It should be stable enough if you don't use custom rules.
We have still some tasks planned for the next release candidates. You can see the progress in PMD 7 Tracking Issue #3898.
If you find any problem or difficulty while updating from PMD 6, please provide feedback via our issue tracker. That way we can improve the experience for all.
Table Of Contents
- Changes since 7.0.0-rc2
- 🚀 Major Features and Enhancements
- 🎉 Language Related Changes
- 🌟 New and changed rules
- 🚨 API
- 💥 Compatibility and migration notes
- 🐛 Fixed Issues
- ✨ External Contributions
- 📈 Stats
Changes since 7.0.0-rc2
This section lists the most important changes from the last release candidate. The remaining section describes the complete release notes for 7.0.0.
New CPD report format cpdhtml-v2.xslt
Thanks to @mohan-chinnappan-n a new CPD report format has been added which features a data table. It uses an XSLT stylesheet to convert CPD’s XML format into HTML.
See the example report.
Fixed issues
- miscellaneous
- #4460: Fix assembly-plugin warnings
- core
- java-bestpractices
- java-codestyle
- #4268: [java] CommentDefaultAccessModifier: false positive with TestNG annotations
- #4432: [java] [7.0-rc1] UnnecessaryImport - Unused static import is being used
- #4455: [java] FieldNamingConventions: false positive with lombok’s @UtilityClass
- #4557: [java] UnnecessaryImport FP with static imports of overloaded methods
- java-design
- java-errorprone
- #4063: [java] AvoidBranchingStatementAsLastInLoop: False-negative about try/finally block
- #4457: [java] OverrideBothEqualsAndHashcode: false negative with anonymous classes
- #4510: [java] ConstructorCallsOverridableMethod: false positive with lombok’s @Value
- #4546: [java] OverrideBothEqualsAndHashCode ignores records
- java-performance
- #4458: [java] RedundantFieldInitializer: false positive with lombok’s @Value
API Changes
- The following previously deprecated classes have been removed:
- pmd-core
net.sourceforge.pmd.PMD
net.sourceforge.pmd.cli.PMDCommandLineInterface
net.sourceforge.pmd.cli.PMDParameters
net.sourceforge.pmd.cli.PmdParametersParseResult
- pmd-core
-
The asset filenames of PMD on GitHub Releases are now
pmd-dist-<version>-bin.zip
,pmd-dist-<version>-src.zip
andpmd-dist-<version>-doc.zip
. Keep that in mind, if you have an automated download script.The structure inside the ZIP files stay the same, e.g. we still provide inside the binary distribution ZIP file the base directory
pmd-bin-<version>
. - The CLI option
--stress
(or-stress
) has been removed without replacement. - The CLI option
--minimum-priority
was changed with 7.0.0-rc1 to only take the following values: High, Medium High, Medium, Medium Low, Low. With 7.0.0-rc2 compatibility has been restored, so that the equivalent integer values (1 to 5) are supported as well. -
Replaced
RuleViolation::getFilename
with newRuleViolation#getFileId
, that returns aFileId
. This is an identifier for aTextFile
and could represent a path name. This allows to have a separate display name, e.g. renderers useFileNameRenderer
to either display the full path name or a relative path name (seeRenderer#setFileNameRenderer
andConfigurableFileNameRenderer
). Many places where we used a simple String for a path-like name before have been adapted to use the newFileId
.See PR #4425 for details.
External Contributions
- #4426: [cpd] New XML to HTML XLST report format for PMD CPD - mohan-chinnappan-n (@mohan-chinnappan-n)
- #4431: [coco] CPD: Coco support for code duplication detection - Wener (@wener-tiobe)
- #4470: [cpp] CPD: Added strings as literal and ignore identifiers in sequences - Wener (@wener-tiobe)
- #4507: [java] Fix #4503: A false negative about JUnitTestsShouldIncludeAssert and testng - AnnaDev (@LynnBroe)
- #4533: [java] Fix #4063: False-negative about try/catch block in Loop - AnnaDev (@LynnBroe)
- #4536: [java] Fix #4268: CommentDefaultAccessModifier - false positive with TestNG’s @Test annotation - AnnaDev (@LynnBroe)
- #4537: [java] Fix #4455: A false positive about FieldNamingConventions and UtilityClass - AnnaDev (@LynnBroe)
- #4538: [java] Fix #4456: A false positive about FinalFieldCouldBeStatic and UtilityClass - AnnaDev (@LynnBroe)
- #4540: [java] Fix #4457: false negative about OverrideBothEqualsAndHashcode - AnnaDev (@LynnBroe)
- #4541: [java] Fix #4458: A false positive about RedundantFieldInitializer and @Value - AnnaDev (@LynnBroe)
- #4542: [java] Fix #4510: A false positive about ConstructorCallsOverridableMethod and @Value - AnnaDev (@LynnBroe)
- #4553: [java] Fix #4492: GuardLogStatement gives false positive when argument is a Java method reference - Anastasiia Koba (@anastasiia-koba)
🚀 Major Features and Enhancements
New official logo
The new official logo of PMD:
Revamped Java module
- Java grammar substantially refactored - more correct regarding the Java Language Specification (JLS)
- Built-in rules have been upgraded for the changed AST
- Rewritten type resolution framework and symbol table correctly implements the JLS
- AST exposes more semantic information (method calls, field accesses)
For more information, see the Detailed Release Notes for PMD 7.
Contributors: Clément Fournier (@oowekyala), Andreas Dangel (@adangel), Juan Martín Sotuyo Dodero (@jsotuyod)
Revamped Command Line Interface
- unified and consistent Command Line Interface for both Linux/Unix and Windows across our different utilities
- single script
pmd
(pmd.bat
for Windows) to launch the different utilities:pmd check
to run PMD rules and analyze a projectpmd cpd
to run CPD (copy paste detector)pmd designer
to run the PMD Rule Designer
- progress bar support for
pmd check
- shell completion
For more information, see the Detailed Release Notes for PMD 7.
Contributors: Juan Martín Sotuyo Dodero (@jsotuyod)
Full Antlr support
- Antlr based grammars can now be used to build full-fledged PMD rules.
- Previously, Antlr grammar could only be used for CPD
- New supported languages: Swift and Kotlin
For more information, see the Detailed Release Notes for PMD 7.
Contributors: Lucas Soncini (@lsoncini), Matías Fraga (@matifraga), Tomás De Lucca (@tomidelucca)
Updated PMD Designer
This PMD release ships a new version of the pmd-designer. For the changes, see PMD Designer Changelog.
New CPD report format cpdhtml-v2.xslt
Thanks to @mohan-chinnappan-n a new CPD report format has been added which features a data table. It uses an XSLT stylesheet to convert CPD’s XML format into HTML.
See the example report.
🎉 Language Related Changes
Note that this is just a concise listing of the highlight. For more information on the languages, see the Detailed Release Notes for PMD 7.
New: Swift support
- use PMD to analyze Swift code with PMD rules
- initially 4 built-in rules
Contributors: Lucas Soncini (@lsoncini), Matías Fraga (@matifraga), Tomás De Lucca (@tomidelucca)
New: Kotlin support (experimental)
- use PMD to analyze Kotlin code with PMD rules
- Support for Kotlin 1.8 grammar
- initially 2 built-in rules
New: CPD support for TypeScript
Thanks to a contribution, CPD now supports the TypeScript language. It is shipped
with the rest of the JavaScript support in the module pmd-javascript
.
Contributors: Paul Guyot (@pguyot)
New: CPD support for Julia
Thanks to a contribution, CPD now supports the Julia language. It is shipped
in the new module pmd-julia
.
Contributors: Wener (@wener-tiobe)
New: CPD support for Coco
Thanks to a contribution, CPD now supports Coco, a modern programming language
designed specifically for building event-driven software. It is shipped in the new
module pmd-coco
.
Contributors: Wener (@wener-tiobe)
Changed: JavaScript support
- latest version supports ES6 and also some new constructs (see Rhino])
- comments are retained
Changed: Language versions
- more predefined language versions for each supported language
- can be used to limit rule execution for specific versions only with
minimumLanguageVersion
andmaximumLanguageVersion
attributes.
Changed: CPP can now ignore identifiers in sequences (CPD)
- new command line option for CPD:
--ignore-sequences
. - This option is used for CPP only: with the already existing option
--ignore-literal-sequences
, only literals were ignored. The new option additional ignores identifiers as well in sequences. - See PR #4470 for details.
🌟 New and changed rules
New Rules
Apex
UnusedMethod
finds unused methods in your code.
Java
UnnecessaryBoxing
reports boxing and unboxing conversions that may be made implicit.
Kotlin
Swift
Changed Rules
General changes
- All statistical rules (like ExcessiveClassLength, ExcessiveParameterList) have been simplified and unified.
The properties
topscore
andsigma
have been removed. The propertyminimum
is still there, however the type is not a decimal number anymore but has been changed to an integer. This affects rules in the languages Apex, Java, PLSQL and Velocity Template Language (vm):- Apex:
ExcessiveClassLength
,ExcessiveParameterList
,ExcessivePublicCount
,NcssConstructorCount
,NcssMethodCount
,NcssTypeCount
- Java:
ExcessiveImports
,ExcessiveParameterList
,ExcessivePublicCount
,SwitchDensity
- PLSQL:
ExcessiveMethodLength
,ExcessiveObjectLength
,ExcessivePackageBodyLength
,ExcessivePackageSpecificationLength
,ExcessiveParameterList
,ExcessiveTypeLength
,NcssMethodCount
,NcssObjectCount
,NPathComplexity
- VM:
ExcessiveTemplateLength
- Apex:
- The general property
violationSuppressXPath
which is available for all rules to suppress warnings now uses XPath version 3.1 by default. This version of the XPath language is mostly identical to XPath 2.0. In PMD 6, XPath 1.0 has been used. If you upgrade from PMD 6, you need to verify yourviolationSuppressXPath
properties.
Apex General changes
- The properties
cc_categories
,cc_remediation_points_multiplier
,cc_block_highlighting
have been removed from all rules. These properties have been deprecated since PMD 6.13.0. See issue #1648 for more details.
Java General changes
-
Violations reported on methods or classes previously reported the line range of the entire method or class. With PMD 7.0.0, the reported location is now just the identifier of the method or class. This affects various rules, e.g.
CognitiveComplexity
.The report location is controlled by the overrides of the method
getReportLocation
in different node types.See issue #4439 and issue #730 for more details.
Java Best Practices
ArrayIsStoredDirectly
: Violations are now reported on the assignment and not anymore on the formal parameter. The reported line numbers will probably move.AvoidReassigningLoopVariables
: This rule might not report anymore all reassignments of the control variable in for-loops when the propertyforReassign
is set toskip
. See issue #4500 for more details.LooseCoupling
: The rule has a new property to allow some types to be coupled to (allowedTypes
).UnusedLocalVariable
: This rule has some important false-negatives fixed and finds many more cases now. For details see issues #2130, #4516, and #4517.
Java Codestyle
MethodNamingConventions
: The propertycheckNativeMethods
has been removed. The property was deprecated since PMD 6.3.0. Use the propertynativePattern
to control whether native methods should be considered or not.ShortVariable
: This rule now also reports short enum constant names.UseDiamondOperator
: The propertyjava7Compatibility
has been removed. The rule now handles Java 7 properly without a property.UnnecessaryFullyQualifiedName
: The rule has two new properties, to selectively disable reporting on static field and method qualifiers. The rule also has been improved to be more precise.UselessParentheses
: The rule has two new properties which control how strict the rule should be applied. WithignoreClarifying
(default: true) parentheses that are strictly speaking not necessary are allowed, if they separate expressions of different precedence. The other propertyignoreBalancing
(default: true) is similar, in that it allows parentheses that help reading and understanding the expressions.
Java Design
CyclomaticComplexity
: The propertyreportLevel
has been removed. The property was deprecated since PMD 6.0.0. The report level can now be configured separated for classes and methods usingclassReportLevel
andmethodReportLevel
instead.ImmutableField
: The propertyignoredAnnotations
has been removed. The property was deprecated since PMD 6.52.0.LawOfDemeter
: The rule has a new propertytrustRadius
. This defines the maximum degree of trusted data. The default of 1 is the most restrictive.NPathComplexity
: The propertyminimum
has been removed. It was deprecated since PMD 6.0.0. Use the propertyreportLevel
instead.SingularField
: The propertiescheckInnerClasses
anddisallowNotAssignment
have been removed. The rule is now more precise and will check these cases properly.UseUtilityClass
: The propertyignoredAnnotations
has been removed.
Java Documentation
CommentContent
: The propertiescaseSensitive
anddisallowedTerms
are removed. The new propertyforbiddenRegex
can be used now to define the disallowed terms with a single regular expression.CommentRequired
:- Overridden methods are now detected even without the
@Override
annotation. This is relevant for the propertymethodWithOverrideCommentRequirement
. See also pull request #3757. - Elements in annotation types are now detected as well. This might lead to an increased number of violations for missing public method comments.
- Overridden methods are now detected even without the
CommentSize
: When determining the line-length of a comment, the leading comment prefix markers (e.g.*
or//
) are ignored and don’t add up to the line-length. See also pull request #4369.
Java Error Prone
AvoidDuplicateLiterals
: The propertyexceptionfile
has been removed. The property was deprecated since PMD 6.10.0. Use the propertyexceptionList
instead.DontImportSun
:sun.misc.Signal
is not special-cased anymore.EmptyCatchBlock
:CloneNotSupportedException
andInterruptedException
are not special-cased anymore. Rename the exception parameter toignored
to ignore them.ImplicitSwitchFallThrough
: Violations are now reported on the case statements rather than on the switch statements. This is more accurate but might result in more violations now.
Removed Rules
Many rules, that were previously deprecated have been finally removed. See Detailed Release Notes for PMD 7 for the complete list.
🚨 API
The API of PMD has been growing over the years and needed some cleanup. The goal is, to have a clear separation between a well-defined API and the implementation, which is internal. This should help us in future development.
Also, there are some improvement and changes in different areas. For the detailed description of the changes listed here, see Detailed Release Notes for PMD 7.
- Miscellaneous smaller changes and cleanups
- XPath 3.1 support for XPath-based rules
- Node stream API for AST traversal
- Metrics framework
- Testing framework
- Language Lifecycle and Language Properties
💥 Compatibility and migration notes
See Detailed Release Notes for PMD 7.
🐛 Fixed Issues
- miscellaneous
- #881: [all] Breaking API changes for 7.0.0
- #896: [all] Use slf4j
- #1431: [ui] Remove old GUI applications (designerold, bgastviewer)
- #1451: [core] RulesetFactoryCompatibility stores the whole ruleset file in memory as a string
- #2496: Update PMD 7 Logo on landing page
- #2497: PMD 7 Logo page
- #2498: Update PMD 7 Logo in documentation
- #3797: [all] Use JUnit5
- #4462: Provide Software Bill of Materials (SBOM)
- #4460: Fix assembly-plugin warnings
- ant
- #4080: [ant] Split off Ant integration into a new submodule
- core
- #880: [core] Make visitors generic
- #1622: [core] NodeStream API
- #1687: [core] Deprecate and Remove XPath 1.0 support
- #1785: [core] Allow abstract node types to be valid rulechain visits
- #1825: [core] Support NoAttribute for XPath
- #2038: [core] Remove DCD
- #2218: [core]
isFindBoundary
should not be an attribute - #2234: [core] Consolidate PMD CLI into a single command
- #2239: [core] Merging Javacc build scripts
- #2500: [core] Clarify API for ANTLR based languages
- #2518: [core] Language properties
- #2602: [core] Remove ParserOptions
- #2614: [core] Upgrade Saxon, add XPath 3.1, remove Jaxen
- #2696: [core] Remove DFA
- #2821: [core] Rule processing error filenames are missing paths
- #2873: [core] Utility classes in pmd 7
- #2885: [core] Error recovery mode
- #3203: [core] Replace RuleViolationFactory implementations with ViolationDecorator
- #3692: [core] Analysis listeners
- #3782: [core] Language lifecycle
- #3815: [core] Update Saxon HE to 10.7
- #3893: [core] Text documents
- #3902: [core] Violation decorators
- #3918: [core] Make LanguageRegistry non static
- #3922: [core] Better error reporting for the ruleset parser
- #4035: [core] ConcurrentModificationException in DefaultRuleViolationFactory
- #4120: [core] Explicitly name all language versions
- #4353: [core] Micro optimizations for Node API
- #4365: [core] Improve benchmarking
- #4420: [core] Remove PMD.EOL
- #4425: [core] Replace TextFile::pathId
- #4454: [core] “Unknown option: ‘-min’” but is referenced in documentation
- cli
- doc
- testing
Language specific fixes:
- apex
- apex-design
- java
- #520: [java] Allow
@SuppressWarnings
with constants instead of literals - #864: [java] Similar/duplicated implementations for determining FQCN
- #905: [java] Add new node for anonymous class declaration
- #910: [java] AST inconsistency between primitive and reference type arrays
- #997: [java] Java8 parsing corner case with annotated array types
- #998: [java] AST inconsistencies around FormalParameter
- #1019: [java] Breaking Java Grammar changes for PMD 7.0.0
- #1124: [java] ImmutableList implementation in the qname codebase
- #1128: [java] Improve ASTLocalVariableDeclaration
- #1150: [java] ClassOrInterfaceType AST improvements
- #1207: [java] Resolve explicit types using FQCNs, without hitting the classloader
- #1367: [java] Parsing error on annotated inner class
- #1661: [java] About operator nodes
- #2366: [java] Remove qualified names
- #2819: [java] GLB bugs in pmd 7
- #3642: [java] Parse error on rare extra dimensions on method return type on annotation methods
- #3763: [java] Ambiguous reference error in valid code
- #3749: [java] Improve
isOverridden
in ASTMethodDeclaration - #3750: [java] Make symbol table support instanceof pattern bindings
- #3752: [java] Expose annotations in symbol API
- #4237: [java] Cleanup handling of Java comments
- #4317: [java] Some AST nodes should not be TypeNodes
- #4359: [java] Type resolution fails with NPE when the scope is not a type declaration
- #4367: [java] Move testrule TypeResTest into internal
- #4383: [java] IllegalStateException: Object is not an array type!
- #4405: [java] Processing error with ArrayIndexOutOfBoundsException
- #520: [java] Allow
- java-bestpractices
- #342: [java] AccessorMethodGeneration: Name clash with another public field not properly handled
- #755: [java] AccessorClassGeneration false positive for private constructors
- #770: [java] UnusedPrivateMethod yields false positive for counter-variant arguments
- #807: [java] AccessorMethodGeneration false positive with overloads
- #833: [java] ForLoopCanBeForeach should consider iterating on this
- #1189: [java] UnusedPrivateMethod false positive from inner class via external class
- #1205: [java] Improve ConstantsInInterface message to mention alternatives
- #1212: [java] Don’t raise JUnitTestContainsTooManyAsserts on JUnit 5’s assertAll
- #1422: [java] JUnitTestsShouldIncludeAssert false positive with inherited @Rule field
- #1455: [java] JUnitTestsShouldIncludeAssert: False positives for assert methods named “check” and “verify”
- #1563: [java] ForLoopCanBeForeach false positive with method call using index variable
- #1565: [java] JUnitAssertionsShouldIncludeMessage false positive with AssertJ
- #1747: [java] PreserveStackTrace false-positive
- #1969: [java] MissingOverride false-positive triggered by package-private method overwritten in another package by extending class
- #1998: [java] AccessorClassGeneration false-negative: subclass calls private constructor
- #2130: [java] UnusedLocalVariable: false-negative with array
- #2147: [java] JUnitTestsShouldIncludeAssert - false positives with lambdas and static methods
- #2464: [java] LooseCoupling must ignore class literals: ArrayList.class
- #2542: [java] UseCollectionIsEmpty can not detect the case
foo.bar().size()
- #2650: [java] UseTryWithResources false positive when AutoCloseable helper used
- #2796: [java] UnusedAssignment false positive with call chains
- #2797: [java] MissingOverride long-standing issues
- #2806: [java] SwitchStmtsShouldHaveDefault false-positive with Java 14 switch non-fallthrough branches
- #2822: [java] LooseCoupling rule: Extend to cover user defined implementations and interfaces
- #2843: [java] Fix UnusedAssignment FP with field accesses
- #2882: [java] UseTryWithResources - false negative for explicit close
- #2883: [java] JUnitAssertionsShouldIncludeMessage false positive with method call
- #2890: [java] UnusedPrivateMethod false positive with generics
- #2946: [java] SwitchStmtsShouldHaveDefault false positive on enum inside enums
- #3672: [java] LooseCoupling - fix false positive with generics
- #3675: [java] MissingOverride - fix false positive with mixing type vars
- #3858: [java] UseCollectionIsEmpty should infer local variable type from method invocation
- #4433: [java] [7.0-rc1] ReplaceHashtableWithMap on java.util.Properties
- #4492: [java] GuardLogStatement gives false positive when argument is a Java method reference
- #4503: [java] JUnitTestsShouldIncludeAssert: false negative with TestNG
- #4516: [java] UnusedLocalVariable: false-negative with try-with-resources
- #4517: [java] UnusedLocalVariable: false-negative with compound assignments
- #4518: [java] UnusedLocalVariable: false-positive with multiple for-loop indices
- java-codestyle
- #1208: [java] PrematureDeclaration rule false-positive on variable declared to measure time
- #1429: [java] PrematureDeclaration as result of method call (false positive)
- #1480: [java] IdenticalCatchBranches false positive with return expressions
- #1673: [java] UselessParentheses false positive with conditional operator
- #1790: [java] UnnecessaryFullyQualifiedName false positive with enum constant
- #1918: [java] UselessParentheses false positive with boolean operators
- #2134: [java] PreserveStackTrace not handling
Throwable.addSuppressed(...)
- #2299: [java] UnnecessaryFullyQualifiedName false positive with similar package name
- #2391: [java] UseDiamondOperator FP when expected type and constructed type have a different parameterization
- #2528: [java] MethodNamingConventions - JUnit 5 method naming not support ParameterizedTest
- #2739: [java] UselessParentheses false positive for string concatenation
- #2748: [java] UnnecessaryCast false positive with unchecked cast
- #2973: [java] New rule: UnnecessaryBoxing
- #3195: [java] Improve rule UnnecessaryReturn to detect more cases
- #3218: [java] Generalize UnnecessaryCast to flag all unnecessary casts
- #3221: [java] PrematureDeclaration false positive for unused variables
- #3238: [java] Improve ExprContext, fix FNs of UnnecessaryCast
- #3500: [java] UnnecessaryBoxing - check for Integer.valueOf(String) calls
- #4268: [java] CommentDefaultAccessModifier: false positive with TestNG annotations
- #4273: [java] CommentDefaultAccessModifier ignoredAnnotations should include “org.junit.jupiter.api.extension.RegisterExtension” by default
- #4357: [java] Fix IllegalStateException in UseDiamondOperator rule
- #4432: [java] [7.0-rc1] UnnecessaryImport - Unused static import is being used
- #4455: [java] FieldNamingConventions: false positive with lombok’s @UtilityClass
- #4487: [java] UnnecessaryConstructor: false-positive with @Inject and @Autowired
- #4511: [java] LocalVariableCouldBeFinal shouldn’t report unused variables
- #4512: [java] MethodArgumentCouldBeFinal shouldn’t report unused parameters
- #4557: [java] UnnecessaryImport FP with static imports of overloaded methods
- java-design
- #1014: [java] LawOfDemeter: False positive with lambda expression
- #1605: [java] LawOfDemeter: False positive for standard UTF-8 charset name
- #2160: [java] Issues with Law of Demeter
- #2175: [java] LawOfDemeter: False positive for chained methods with generic method call
- #2179: [java] LawOfDemeter: False positive with static property access - should treat class-level property as global object, not dot-accessed property
- #2180: [java] LawOfDemeter: False positive with Thread and ThreadLocalRandom
- #2182: [java] LawOfDemeter: False positive with package-private access
- #2188: [java] LawOfDemeter: False positive with fields assigned to local vars
- #2536: [java] ClassWithOnlyPrivateConstructorsShouldBeFinal can’t detect inner class
- #3668: [java] ClassWithOnlyPrivateConstructorsShouldBeFinal - fix FP with inner private classes
- #3754: [java] SingularField false positive with read in while condition
- #3786: [java] SimplifyBooleanReturns should consider operator precedence
- #3840: [java] LawOfDemeter disallows method call on locally created object
- #4238: [java] Make LawOfDemeter not use the rulechain
- #4254: [java] ImmutableField - false positive with Lombok @Setter
- #4434: [java] [7.0-rc1] ExceptionAsFlowControl when simply propagating
- #4456: [java] FinalFieldCouldBeStatic: false positive with lombok’s @UtilityClass
- #4477: [java] SignatureDeclareThrowsException: false-positive with TestNG annotations
- #4490: [java] ImmutableField - false negative with Lombok @Getter
- #4549: [java] Make LawOfDemeter results deterministic
- java-documentation
- java-errorprone
- #659: [java] MissingBreakInSwitch - last default case does not contain a break
- #1005: [java] CloneMethodMustImplementCloneable triggers for interfaces
- #1669: [java] NullAssignment - FP with ternay and null as constructor argument
- #1899: [java] Recognize @SuppressWanings(“fallthrough”) for MissingBreakInSwitch
- #2320: [java] NullAssignment - FP with ternary and null as method argument
- #2532: [java] AvoidDecimalLiteralsInBigDecimalConstructor can not detect the case
new BigDecimal(Expression)
- #2579: [java] MissingBreakInSwitch detects the lack of break in the last case
- #2880: [java] CompareObjectsWithEquals - false negative with type res
- #2893: [java] Remove special cases from rule EmptyCatchBlock
- #2894: [java] Improve MissingBreakInSwitch
- #3071: [java] BrokenNullCheck FP with PMD 6.30.0
- #3087: [java] UnnecessaryBooleanAssertion overlaps with SimplifiableTestAssertion
- #3100: [java] UseCorrectExceptionLogging FP in 6.31.0
- #3173: [java] UseProperClassLoader false positive
- #3351: [java] ConstructorCallsOverridableMethod ignores abstract methods
- #3400: [java] AvoidUsingOctalValues FN with underscores
- #3843: [java] UseEqualsToCompareStrings should consider return type
- #4063: [java] AvoidBranchingStatementAsLastInLoop: False-negative about try/finally block
- #4356: [java] Fix NPE in CloseResourceRule
- #4449: [java] AvoidAccessibilityAlteration: Possible false positive in AvoidAccessibilityAlteration rule when using Lambda expression
- #4457: [java] OverrideBothEqualsAndHashcode: false negative with anonymous classes
- #4493: [java] MissingStaticMethodInNonInstantiatableClass: false-positive about @Inject
- #4505: [java] ImplicitSwitchFallThrough NPE in PMD 7.0.0-rc1
- #4510: [java] ConstructorCallsOverridableMethod: false positive with lombok’s @Value
- #4513: [java] UselessOperationOnImmutable various false negatives with String
- #4514: [java] AvoidLiteralsInIfCondition false positive and negative for String literals when ignoreExpressions=true
- #4546: [java] OverrideBothEqualsAndHashCode ignores records
- java-multithreading
- #2537: [java] DontCallThreadRun can’t detect the case that call run() in
this.run()
- #2538: [java] DontCallThreadRun can’t detect the case that call run() in
foo.bar.run()
- #2577: [java] UseNotifyAllInsteadOfNotify falsely detect a special case with argument:
foo.notify(bar)
- #4483: [java] NonThreadSafeSingleton false positive with double-checked locking
- #2537: [java] DontCallThreadRun can’t detect the case that call run() in
- java-performance
- #1224: [java] InefficientEmptyStringCheck false negative in anonymous class
- #2587: [java] AvoidArrayLoops could also check for list copy through iterated List.add()
- #2712: [java] SimplifyStartsWith false-positive with AssertJ
- #3486: [java] InsufficientStringBufferDeclaration: Fix NPE
- #3848: [java] StringInstantiation: false negative when using method result
- #4070: [java] A false positive about the rule RedundantFieldInitializer
- #4458: [java] RedundantFieldInitializer: false positive with lombok’s @Value
- kotlin
- swift
- xml
- #1800: [xml] Unimplement org.w3c.dom.Node from the XmlNodeWrapper
✨ External Contributions
- #1658: [core] Node support for Antlr-based languages - Matías Fraga (@matifraga)
- #1698: [core] [swift] Antlr Base Parser adapter and Swift Implementation - Lucas Soncini (@lsoncini)
- #1774: [core] Antlr visitor rules - Lucas Soncini (@lsoncini)
- #1877: [swift] Feature/swift rules - Matías Fraga (@matifraga)
- #1881: [doc] Add ANTLR documentation - Matías Fraga (@matifraga)
- #1882: [swift] UnavailableFunction Swift rule - Tomás de Lucca (@tomidelucca)
- #2830: [apex] Apexlink POC - Kevin Jones (@nawforce)
- #3866: [core] Add CLI Progress Bar - @JerritEic (@JerritEic)
- #4402: [javascript] CPD: add support for Typescript using antlr4 grammar - Paul Guyot (@pguyot)
- #4403: [julia] CPD: Add support for Julia code duplication - Wener (@wener-tiobe)
- #4412: [doc] Added new error msg to ConstantsInInterface - David Ljunggren (@dague1)
- #4426: [cpd] New XML to HTML XLST report format for PMD CPD - mohan-chinnappan-n (@mohan-chinnappan-n)
- #4428: [apex] ApexBadCrypto bug fix for #4427 - inline detection of hard coded values - Steven Stearns (@sfdcsteve)
- #4431: [coco] CPD: Coco support for code duplication detection - Wener (@wener-tiobe)
- #4444: [java] CommentDefaultAccessModifier - ignore org.junit.jupiter.api.extension.RegisterExtension by default - Nirvik Patel (@nirvikpatel)
- #4450: [java] Fix #4449 AvoidAccessibilityAlteration: Correctly handle Lambda expressions in PrivilegedAction scenarios - Seren (@mohui1999)
- #4452: [doc] Update PMD_APEX_ROOT_DIRECTORY documentation reference - nwcm (@nwcm)
- #4470: [cpp] CPD: Added strings as literal and ignore identifiers in sequences - Wener (@wener-tiobe)
- #4474: [java] ImmutableField: False positive with lombok (fixes #4254) - Pim van der Loos (@PimvanderLoos)
- #4488: [java] Fix #4477: A false-positive about SignatureDeclareThrowsException - AnnaDev (@LynnBroe)
- #4494: [java] Fix #4487: A false-positive about UnnecessaryConstructor and @Inject and @Autowired - AnnaDev (@LynnBroe)
- #4495: [java] Fix #4493: false-positive about MissingStaticMethodInNonInstantiatableClass and @Inject - AnnaDev (@LynnBroe)
- #4507: [java] Fix #4503: A false negative about JUnitTestsShouldIncludeAssert and testng - AnnaDev (@LynnBroe)
- #4520: [doc] Fix typo: missing closing quotation mark after CPD-END - João Dinis Ferreira (@joaodinissf)
- #4533: [java] Fix #4063: False-negative about try/catch block in Loop - AnnaDev (@LynnBroe)
- #4536: [java] Fix #4268: CommentDefaultAccessModifier - false positive with TestNG’s @Test annotation - AnnaDev (@LynnBroe)
- #4537: [java] Fix #4455: A false positive about FieldNamingConventions and UtilityClass - AnnaDev (@LynnBroe)
- #4538: [java] Fix #4456: A false positive about FinalFieldCouldBeStatic and UtilityClass - AnnaDev (@LynnBroe)
- #4540: [java] Fix #4457: false negative about OverrideBothEqualsAndHashcode - AnnaDev (@LynnBroe)
- #4541: [java] Fix #4458: A false positive about RedundantFieldInitializer and @Value - AnnaDev (@LynnBroe)
- #4542: [java] Fix #4510: A false positive about ConstructorCallsOverridableMethod and @Value - AnnaDev (@LynnBroe)
- #4553: [java] Fix #4492: GuardLogStatement gives false positive when argument is a Java method reference - Anastasiia Koba (@anastasiia-koba)
📈 Stats
- 4694 commits
- 617 closed tickets & PRs
- Days since last release: 30
29-April-2023 - 7.0.0-rc2
We’re excited to bring you the next major version of PMD!
Since this is a big release, we provide here only a concise version of the release notes. We prepared a separate page with the full Detailed Release Notes for PMD 7.0.0.
PMD 7.0.0 is finally almost ready. In order to gather feedback, we are going to ship a couple of release candidates. These are officially available on GitHub and Maven Central and can be used as usual (e.g. as a dependency). We encourage you to try out the new features, but keep in mind that we may introduce API breaking changes between the release candidates. It should be stable enough if you don't use custom rules.
We have still some tasks planned for the next release candidates. You can see the progress in PMD 7 Tracking Issue #3898.
If you find any problem or difficulty while updating from PMD 6, please provide feedback via our issue tracker. That way we can improve the experience for all.
Table Of Contents
- Changes since 7.0.0-rc1
- 🚀 Major Features and Enhancements
- 🎉 Language Related Changes
- 🌟 New and changed rules
- 🚨 API
- 💥 Compatibility and migration notes
- 🐛 Fixed Issues
- ✨ External Contributions
- 📈 Stats
Changes since 7.0.0-rc1
This section lists the most important changes from the last release candidate. The remaining section describes the complete release notes for 7.0.0.
API Changes
- Moved the two classes
AntlrTokenizer
andJavaCCTokenizer
frominternal
package into packagenet.sourceforge.pmd.cpd.impl
. These two classes are part of the API and are base classes for CPD language implementations. AntlrBaseRule
is gone in favor ofAbstractVisitorRule
.- The classes
KotlinInnerNode
andSwiftInnerNode
are package-private now. - The parameter order of
addSourceFile
has been swapped in order to have the same meaning as in 6.55.0. That will make it easier if you upgrade from 6.55.0 to 7.0.0. However, that means, that you need to change these method calls if you have migrated to 7.0.0-rc1 already.
Updated PMD Designer
This PMD release ships a new version of the pmd-designer. For the changes, see PMD Designer Changelog.
Language Related Changes
- New: CPD support for TypeScript
- New: CPD support for Julia
Rule Changes
ImmutableField
: the propertyignoredAnnotations
has been removed. The property was deprecated since PMD 6.52.0.SwitchDensity
: the type of the propertyminimum
has been changed from decimal to integer for consistency with other statistical rules.
Fixed Issues
- cli
- core
- #2500: [core] Clarify API for ANTLR based languages
- doc
- java-codestyle
- java-design
- java-errorprone
- java-multithreading
- #4483: [java] NonThreadSafeSingleton false positive with double-checked locking
- miscellaneous
- #4462: Provide Software Bill of Materials (SBOM)
External contributions
- #4402: [javascript] CPD: add support for Typescript using antlr4 grammar - Paul Guyot (@pguyot)
- #4403: [julia] CPD: Add support for Julia code duplication - Wener (@wener-tiobe)
- #4444: [java] CommentDefaultAccessModifier - ignore org.junit.jupiter.api.extension.RegisterExtension by default - Nirvik Patel (@nirvikpatel)
- #4450: [java] Fix #4449 AvoidAccessibilityAlteration: Correctly handle Lambda expressions in PrivilegedAction scenarios - Seren (@mohui1999)
- #4452: [doc] Update PMD_APEX_ROOT_DIRECTORY documentation reference - nwcm (@nwcm)
- #4474: [java] ImmutableField: False positive with lombok (fixes #4254) - Pim van der Loos (@PimvanderLoos)
- #4488: [java] Fix #4477: A false-positive about SignatureDeclareThrowsException - AnnaDev (@LynnBroe)
- #4494: [java] Fix #4487: A false-positive about UnnecessaryConstructor and @Inject and @Autowired - AnnaDev (@LynnBroe)
- #4495: [java] Fix #4493: false-positive about MissingStaticMethodInNonInstantiatableClass and @Inject - AnnaDev (@LynnBroe)
- #4520: [doc] Fix typo: missing closing quotation mark after CPD-END - João Dinis Ferreira (@joaodinissf)
🚀 Major Features and Enhancements
New official logo
The new official logo of PMD:
Revamped Java module
- Java grammar substantially refactored - more correct regarding the Java Language Specification (JLS)
- Built-in rules have been upgraded for the changed AST
- Rewritten type resolution framework and symbol table correctly implements the JLS
- AST exposes more semantic information (method calls, field accesses)
For more information, see the Detailed Release Notes for PMD 7.
Contributors: Clément Fournier (@oowekyala), Andreas Dangel (@adangel), Juan Martín Sotuyo Dodero (@jsotuyod)
Revamped Command Line Interface
- unified and consistent Command Line Interface for both Linux/Unix and Windows across our different utilities
- single script
pmd
(pmd.bat
for Windows) to launch the different utilities:pmd check
to run PMD rules and analyze a projectpmd cpd
to run CPD (copy paste detector)pmd designer
to run the PMD Rule Designer
- progress bar support for
pmd check
- shell completion
For more information, see the Detailed Release Notes for PMD 7.
Contributors: Juan Martín Sotuyo Dodero (@jsotuyod)
Full Antlr support
- Antlr based grammars can now be used to build full-fledged PMD rules.
- Previously, Antlr grammar could only be used for CPD
- New supported languages: Swift and Kotlin
For more information, see the Detailed Release Notes for PMD 7.
Contributors: Lucas Soncini (@lsoncini), Matías Fraga (@matifraga), Tomás De Lucca (@tomidelucca)
Updated PMD Designer
This PMD release ships a new version of the pmd-designer. For the changes, see PMD Designer Changelog.
🎉 Language Related Changes
Note that this is just a concise listing of the highlight. For more information on the languages, see the Detailed Release Notes for PMD 7.
New: Swift support
- use PMD to analyze Swift code with PMD rules
- initially 4 built-in rules
Contributors: Lucas Soncini (@lsoncini), Matías Fraga (@matifraga), Tomás De Lucca (@tomidelucca)
New: Kotlin support (experimental)
- use PMD to analyze Kotlin code with PMD rules
- Support for Kotlin 1.8 grammar
- initially 2 built-in rules
New: CPD support for TypeScript
Thanks to a contribution, CPD now supports the TypeScript language. It is shipped
with the rest of the JavaScript support in the module pmd-javascript
.
Contributors: Paul Guyot (@pguyot)
New: CPD support for Julia
Thanks to a contribution, CPD now supports the Julia language. It is shipped
in the new module pmd-julia
.
Contributors: Wener (@wener-tiobe)
Changed: JavaScript support
- latest version supports ES6 and also some new constructs (see Rhino])
- comments are retained
Changed: Language versions
- more predefined language versions for each supported language
- can be used to limit rule execution for specific versions only with
minimumLanguageVersion
andmaximumLanguageVersion
attributes.
🌟 New and changed rules
New Rules
Apex
UnusedMethod
finds unused methods in your code.
Java
UnnecessaryBoxing
reports boxing and unboxing conversions that may be made implicit.
Kotlin
Swift
Changed Rules
General changes
- All statistical rules (like ExcessiveClassLength, ExcessiveParameterList) have been simplified and unified.
The properties
topscore
andsigma
have been removed. The propertyminimum
is still there, however the type is not a decimal number anymore but has been changed to an integer. This affects rules in the languages Apex, Java, PLSQL and Velocity Template Language (vm):- Apex:
ExcessiveClassLength
,ExcessiveParameterList
,ExcessivePublicCount
,NcssConstructorCount
,NcssMethodCount
,NcssTypeCount
- Java:
ExcessiveImports
,ExcessiveParameterList
,ExcessivePublicCount
,SwitchDensity
- PLSQL:
ExcessiveMethodLength
,ExcessiveObjectLength
,ExcessivePackageBodyLength
,ExcessivePackageSpecificationLength
,ExcessiveParameterList
,ExcessiveTypeLength
,NcssMethodCount
,NcssObjectCount
,NPathComplexity
- VM:
ExcessiveTemplateLength
- Apex:
- The general property
violationSuppressXPath
which is available for all rules to suppress warnings now uses XPath version 3.1 by default. This version of the XPath language is mostly identical to XPath 2.0. In PMD 6, XPath 1.0 has been used. If you upgrade from PMD 6, you need to verify yourviolationSuppressXPath
properties.
Apex General changes
- The properties
cc_categories
,cc_remediation_points_multiplier
,cc_block_highlighting
have been removed from all rules. These properties have been deprecated since PMD 6.13.0. See issue #1648 for more details.
Java General changes
-
Violations reported on methods or classes previously reported the line range of the entire method or class. With PMD 7.0.0, the reported location is now just the identifier of the method or class. This affects various rules, e.g.
CognitiveComplexity
.The report location is controlled by the overrides of the method
getReportLocation
in different node types.See issue #4439 and issue #730 for more details.
Java Best Practices
ArrayIsStoredDirectly
: Violations are now reported on the assignment and not anymore on the formal parameter. The reported line numbers will probably move.AvoidReassigningLoopVariables
: This rule might not report anymore all reassignments of the control variable in for-loops when the propertyforReassign
is set toskip
. See issue #4500 for more details.LooseCoupling
: The rule has a new property to allow some types to be coupled to (allowedTypes
).UnusedLocalVariable
: This rule has some important false-negatives fixed and finds many more cases now. For details see issues #2130, #4516, and #4517.
Java Codestyle
MethodNamingConventions
: The propertycheckNativeMethods
has been removed. The property was deprecated since PMD 6.3.0. Use the propertynativePattern
to control whether native methods should be considered or not.ShortVariable
: This rule now also reports short enum constant names.UseDiamondOperator
: The propertyjava7Compatibility
has been removed. The rule now handles Java 7 properly without a property.UnnecessaryFullyQualifiedName
: The rule has two new properties, to selectively disable reporting on static field and method qualifiers. The rule also has been improved to be more precise.UselessParentheses
: The rule has two new properties which control how strict the rule should be applied. WithignoreClarifying
(default: true) parentheses that are strictly speaking not necessary are allowed, if they separate expressions of different precedence. The other propertyignoreBalancing
(default: true) is similar, in that it allows parentheses that help reading and understanding the expressions.
Java Design
CyclomaticComplexity
: The propertyreportLevel
has been removed. The property was deprecated since PMD 6.0.0. The report level can now be configured separated for classes and methods usingclassReportLevel
andmethodReportLevel
instead.ImmutableField
: The propertyignoredAnnotations
has been removed. The property was deprecated since PMD 6.52.0.LawOfDemeter
: The rule has a new propertytrustRadius
. This defines the maximum degree of trusted data. The default of 1 is the most restrictive.NPathComplexity
: The propertyminimum
has been removed. It was deprecated since PMD 6.0.0. Use the propertyreportLevel
instead.SingularField
: The propertiescheckInnerClasses
anddisallowNotAssignment
have been removed. The rule is now more precise and will check these cases properly.UseUtilityClass
: The propertyignoredAnnotations
has been removed.
Java Documentation
CommentContent
: The propertiescaseSensitive
anddisallowedTerms
are removed. The new propertyforbiddenRegex
can be used now to define the disallowed terms with a single regular expression.CommentRequired
:- Overridden methods are now detected even without the
@Override
annotation. This is relevant for the propertymethodWithOverrideCommentRequirement
. See also pull request #3757. - Elements in annotation types are now detected as well. This might lead to an increased number of violations for missing public method comments.
- Overridden methods are now detected even without the
CommentSize
: When determining the line-length of a comment, the leading comment prefix markers (e.g.*
or//
) are ignored and don’t add up to the line-length. See also pull request #4369.
Java Error Prone
AvoidDuplicateLiterals
: The propertyexceptionfile
has been removed. The property was deprecated since PMD 6.10.0. Use the propertyexceptionList
instead.DontImportSun
:sun.misc.Signal
is not special-cased anymore.EmptyCatchBlock
:CloneNotSupportedException
andInterruptedException
are not special-cased anymore. Rename the exception parameter toignored
to ignore them.ImplicitSwitchFallThrough
: Violations are now reported on the case statements rather than on the switch statements. This is more accurate but might result in more violations now.
Removed Rules
Many rules, that were previously deprecated have been finally removed. See Detailed Release Notes for PMD 7 for the complete list.
🚨 API
The API of PMD has been growing over the years and needed some cleanup. The goal is, to have a clear separation between a well-defined API and the implementation, which is internal. This should help us in future development.
Also, there are some improvement and changes in different areas. For the detailed description of the changes listed here, see Detailed Release Notes for PMD 7.
- Miscellaneous smaller changes and cleanups
- XPath 3.1 support for XPath-based rules
- Node stream API for AST traversal
- Metrics framework
- Testing framework
- Language Lifecycle and Language Properties
💥 Compatibility and migration notes
See Detailed Release Notes for PMD 7.
🐛 Fixed Issues
- miscellaneous
- #881: [all] Breaking API changes for 7.0.0
- #896: [all] Use slf4j
- #1431: [ui] Remove old GUI applications (designerold, bgastviewer)
- #1451: [core] RulesetFactoryCompatibility stores the whole ruleset file in memory as a string
- #2496: Update PMD 7 Logo on landing page
- #2497: PMD 7 Logo page
- #2498: Update PMD 7 Logo in documentation
- #3797: [all] Use JUnit5
- #4462: Provide Software Bill of Materials (SBOM)
- ant
- #4080: [ant] Split off Ant integration into a new submodule
- core
- #880: [core] Make visitors generic
- #1622: [core] NodeStream API
- #1687: [core] Deprecate and Remove XPath 1.0 support
- #1785: [core] Allow abstract node types to be valid rulechain visits
- #1825: [core] Support NoAttribute for XPath
- #2038: [core] Remove DCD
- #2218: [core]
isFindBoundary
should not be an attribute - #2234: [core] Consolidate PMD CLI into a single command
- #2239: [core] Merging Javacc build scripts
- #2500: [core] Clarify API for ANTLR based languages
- #2518: [core] Language properties
- #2602: [core] Remove ParserOptions
- #2614: [core] Upgrade Saxon, add XPath 3.1, remove Jaxen
- #2696: [core] Remove DFA
- #2821: [core] Rule processing error filenames are missing paths
- #2873: [core] Utility classes in pmd 7
- #2885: [core] Error recovery mode
- #3203: [core] Replace RuleViolationFactory implementations with ViolationDecorator
- #3692: [core] Analysis listeners
- #3782: [core] Language lifecycle
- #3815: [core] Update Saxon HE to 10.7
- #3893: [core] Text documents
- #3902: [core] Violation decorators
- #3918: [core] Make LanguageRegistry non static
- #3922: [core] Better error reporting for the ruleset parser
- #4035: [core] ConcurrentModificationException in DefaultRuleViolationFactory
- #4120: [core] Explicitly name all language versions
- #4353: [core] Micro optimizations for Node API
- #4365: [core] Improve benchmarking
- #4420: [core] Remove PMD.EOL
- cli
- doc
- testing
Language specific fixes:
- apex
- apex-design
- java
- #520: [java] Allow
@SuppressWarnings
with constants instead of literals - #864: [java] Similar/duplicated implementations for determining FQCN
- #905: [java] Add new node for anonymous class declaration
- #910: [java] AST inconsistency between primitive and reference type arrays
- #997: [java] Java8 parsing corner case with annotated array types
- #998: [java] AST inconsistencies around FormalParameter
- #1019: [java] Breaking Java Grammar changes for PMD 7.0.0
- #1124: [java] ImmutableList implementation in the qname codebase
- #1128: [java] Improve ASTLocalVariableDeclaration
- #1150: [java] ClassOrInterfaceType AST improvements
- #1207: [java] Resolve explicit types using FQCNs, without hitting the classloader
- #1367: [java] Parsing error on annotated inner class
- #1661: [java] About operator nodes
- #2366: [java] Remove qualified names
- #2819: [java] GLB bugs in pmd 7
- #3642: [java] Parse error on rare extra dimensions on method return type on annotation methods
- #3763: [java] Ambiguous reference error in valid code
- #3749: [java] Improve
isOverridden
in ASTMethodDeclaration - #3750: [java] Make symbol table support instanceof pattern bindings
- #3752: [java] Expose annotations in symbol API
- #4237: [java] Cleanup handling of Java comments
- #4317: [java] Some AST nodes should not be TypeNodes
- #4359: [java] Type resolution fails with NPE when the scope is not a type declaration
- #4367: [java] Move testrule TypeResTest into internal
- #520: [java] Allow
- java-bestpractices
- #342: [java] AccessorMethodGeneration: Name clash with another public field not properly handled
- #755: [java] AccessorClassGeneration false positive for private constructors
- #770: [java] UnusedPrivateMethod yields false positive for counter-variant arguments
- #807: [java] AccessorMethodGeneration false positive with overloads
- #833: [java] ForLoopCanBeForeach should consider iterating on this
- #1189: [java] UnusedPrivateMethod false positive from inner class via external class
- #1205: [java] Improve ConstantsInInterface message to mention alternatives
- #1212: [java] Don’t raise JUnitTestContainsTooManyAsserts on JUnit 5’s assertAll
- #1422: [java] JUnitTestsShouldIncludeAssert false positive with inherited @Rule field
- #1455: [java] JUnitTestsShouldIncludeAssert: False positives for assert methods named “check” and “verify”
- #1563: [java] ForLoopCanBeForeach false positive with method call using index variable
- #1565: [java] JUnitAssertionsShouldIncludeMessage false positive with AssertJ
- #1747: [java] PreserveStackTrace false-positive
- #1969: [java] MissingOverride false-positive triggered by package-private method overwritten in another package by extending class
- #1998: [java] AccessorClassGeneration false-negative: subclass calls private constructor
- #2130: [java] UnusedLocalVariable: false-negative with array
- #2147: [java] JUnitTestsShouldIncludeAssert - false positives with lambdas and static methods
- #2464: [java] LooseCoupling must ignore class literals: ArrayList.class
- #2542: [java] UseCollectionIsEmpty can not detect the case
foo.bar().size()
- #2650: [java] UseTryWithResources false positive when AutoCloseable helper used
- #2796: [java] UnusedAssignment false positive with call chains
- #2797: [java] MissingOverride long-standing issues
- #2806: [java] SwitchStmtsShouldHaveDefault false-positive with Java 14 switch non-fallthrough branches
- #2822: [java] LooseCoupling rule: Extend to cover user defined implementations and interfaces
- #2843: [java] Fix UnusedAssignment FP with field accesses
- #2882: [java] UseTryWithResources - false negative for explicit close
- #2883: [java] JUnitAssertionsShouldIncludeMessage false positive with method call
- #2890: [java] UnusedPrivateMethod false positive with generics
- #2946: [java] SwitchStmtsShouldHaveDefault false positive on enum inside enums
- #3672: [java] LooseCoupling - fix false positive with generics
- #3675: [java] MissingOverride - fix false positive with mixing type vars
- #3858: [java] UseCollectionIsEmpty should infer local variable type from method invocation
- #4516: [java] UnusedLocalVariable: false-negative with try-with-resources
- #4517: [java] UnusedLocalVariable: false-negative with compound assignments
- #4518: [java] UnusedLocalVariable: false-positive with multiple for-loop indices
- java-codestyle
- #1208: [java] PrematureDeclaration rule false-positive on variable declared to measure time
- #1429: [java] PrematureDeclaration as result of method call (false positive)
- #1480: [java] IdenticalCatchBranches false positive with return expressions
- #1673: [java] UselessParentheses false positive with conditional operator
- #1790: [java] UnnecessaryFullyQualifiedName false positive with enum constant
- #1918: [java] UselessParentheses false positive with boolean operators
- #2134: [java] PreserveStackTrace not handling
Throwable.addSuppressed(...)
- #2299: [java] UnnecessaryFullyQualifiedName false positive with similar package name
- #2391: [java] UseDiamondOperator FP when expected type and constructed type have a different parameterization
- #2528: [java] MethodNamingConventions - JUnit 5 method naming not support ParameterizedTest
- #2739: [java] UselessParentheses false positive for string concatenation
- #2748: [java] UnnecessaryCast false positive with unchecked cast
- #2973: [java] New rule: UnnecessaryBoxing
- #3195: [java] Improve rule UnnecessaryReturn to detect more cases
- #3218: [java] Generalize UnnecessaryCast to flag all unnecessary casts
- #3221: [java] PrematureDeclaration false positive for unused variables
- #3238: [java] Improve ExprContext, fix FNs of UnnecessaryCast
- #3500: [java] UnnecessaryBoxing - check for Integer.valueOf(String) calls
- #4273: [java] CommentDefaultAccessModifier ignoredAnnotations should include “org.junit.jupiter.api.extension.RegisterExtension” by default
- #4357: [java] Fix IllegalStateException in UseDiamondOperator rule
- #4487: [java] UnnecessaryConstructor: false-positive with @Inject and @Autowired
- #4511: [java] LocalVariableCouldBeFinal shouldn’t report unused variables
- #4512: [java] MethodArgumentCouldBeFinal shouldn’t report unused parameters
- java-design
- #1014: [java] LawOfDemeter: False positive with lambda expression
- #1605: [java] LawOfDemeter: False positive for standard UTF-8 charset name
- #2160: [java] Issues with Law of Demeter
- #2175: [java] LawOfDemeter: False positive for chained methods with generic method call
- #2179: [java] LawOfDemeter: False positive with static property access - should treat class-level property as global object, not dot-accessed property
- #2180: [java] LawOfDemeter: False positive with Thread and ThreadLocalRandom
- #2182: [java] LawOfDemeter: False positive with package-private access
- #2188: [java] LawOfDemeter: False positive with fields assigned to local vars
- #2536: [java] ClassWithOnlyPrivateConstructorsShouldBeFinal can’t detect inner class
- #3668: [java] ClassWithOnlyPrivateConstructorsShouldBeFinal - fix FP with inner private classes
- #3754: [java] SingularField false positive with read in while condition
- #3786: [java] SimplifyBooleanReturns should consider operator precedence
- #4238: [java] Make LawOfDemeter not use the rulechain
- #4254: [java] ImmutableField - false positive with Lombok @Setter
- #4477: [java] SignatureDeclareThrowsException: false-positive with TestNG annotations
- #4490: [java] ImmutableField - false negative with Lombok @Getter
- java-documentation
- java-errorprone
- #659: [java] MissingBreakInSwitch - last default case does not contain a break
- #1005: [java] CloneMethodMustImplementCloneable triggers for interfaces
- #1669: [java] NullAssignment - FP with ternay and null as constructor argument
- #1899: [java] Recognize @SuppressWanings(“fallthrough”) for MissingBreakInSwitch
- #2320: [java] NullAssignment - FP with ternary and null as method argument
- #2532: [java] AvoidDecimalLiteralsInBigDecimalConstructor can not detect the case
new BigDecimal(Expression)
- #2579: [java] MissingBreakInSwitch detects the lack of break in the last case
- #2880: [java] CompareObjectsWithEquals - false negative with type res
- #2893: [java] Remove special cases from rule EmptyCatchBlock
- #2894: [java] Improve MissingBreakInSwitch
- #3071: [java] BrokenNullCheck FP with PMD 6.30.0
- #3087: [java] UnnecessaryBooleanAssertion overlaps with SimplifiableTestAssertion
- #3100: [java] UseCorrectExceptionLogging FP in 6.31.0
- #3173: [java] UseProperClassLoader false positive
- #3351: [java] ConstructorCallsOverridableMethod ignores abstract methods
- #3400: [java] AvoidUsingOctalValues FN with underscores
- #3843: [java] UseEqualsToCompareStrings should consider return type
- #4356: [java] Fix NPE in CloseResourceRule
- #4449: [java] AvoidAccessibilityAlteration: Possible false positive in AvoidAccessibilityAlteration rule when using Lambda expression
- #4493: [java] MissingStaticMethodInNonInstantiatableClass: false-positive about @Inject
- #4505: [java] ImplicitSwitchFallThrough NPE in PMD 7.0.0-rc1
- #4513: [java] UselessOperationOnImmutable various false negatives with String
- #4514: [java] AvoidLiteralsInIfCondition false positive and negative for String literals when ignoreExpressions=true
- java-multithreading
- #2537: [java] DontCallThreadRun can’t detect the case that call run() in
this.run()
- #2538: [java] DontCallThreadRun can’t detect the case that call run() in
foo.bar.run()
- #2577: [java] UseNotifyAllInsteadOfNotify falsely detect a special case with argument:
foo.notify(bar)
- #4483: [java] NonThreadSafeSingleton false positive with double-checked locking
- #2537: [java] DontCallThreadRun can’t detect the case that call run() in
- java-performance
- #1224: [java] InefficientEmptyStringCheck false negative in anonymous class
- #2587: [java] AvoidArrayLoops could also check for list copy through iterated List.add()
- #2712: [java] SimplifyStartsWith false-positive with AssertJ
- #3486: [java] InsufficientStringBufferDeclaration: Fix NPE
- #3848: [java] StringInstantiation: false negative when using method result
- kotlin
- swift
- xml
- #1800: [xml] Unimplement org.w3c.dom.Node from the XmlNodeWrapper
✨ External Contributions
- #1658: [core] Node support for Antlr-based languages - Matías Fraga (@matifraga)
- #1698: [core] [swift] Antlr Base Parser adapter and Swift Implementation - Lucas Soncini (@lsoncini)
- #1774: [core] Antlr visitor rules - Lucas Soncini (@lsoncini)
- #1877: [swift] Feature/swift rules - Matías Fraga (@matifraga)
- #1881: [doc] Add ANTLR documentation - Matías Fraga (@matifraga)
- #1882: [swift] UnavailableFunction Swift rule - Tomás de Lucca (@tomidelucca)
- #2830: [apex] Apexlink POC - Kevin Jones (@nawforce)
- #3866: [core] Add CLI Progress Bar - @JerritEic (@JerritEic)
- #4402: [javascript] CPD: add support for Typescript using antlr4 grammar - Paul Guyot (@pguyot)
- #4403: [julia] CPD: Add support for Julia code duplication - Wener (@wener-tiobe)
- #4412: [doc] Added new error msg to ConstantsInInterface - David Ljunggren (@dague1)
- #4428: [apex] ApexBadCrypto bug fix for #4427 - inline detection of hard coded values - Steven Stearns (@sfdcsteve)
- #4444: [java] CommentDefaultAccessModifier - ignore org.junit.jupiter.api.extension.RegisterExtension by default - Nirvik Patel (@nirvikpatel)
- #4450: [java] Fix #4449 AvoidAccessibilityAlteration: Correctly handle Lambda expressions in PrivilegedAction scenarios - Seren (@mohui1999)
- #4452: [doc] Update PMD_APEX_ROOT_DIRECTORY documentation reference - nwcm (@nwcm)
- #4474: [java] ImmutableField: False positive with lombok (fixes #4254) - Pim van der Loos (@PimvanderLoos)
- #4488: [java] Fix #4477: A false-positive about SignatureDeclareThrowsException - AnnaDev (@LynnBroe)
- #4494: [java] Fix #4487: A false-positive about UnnecessaryConstructor and @Inject and @Autowired - AnnaDev (@LynnBroe)
- #4495: [java] Fix #4493: false-positive about MissingStaticMethodInNonInstantiatableClass and @Inject - AnnaDev (@LynnBroe)
- #4520: [doc] Fix typo: missing closing quotation mark after CPD-END - João Dinis Ferreira (@joaodinissf)
📈 Stats
- 4557 commits
- 572 closed tickets & PRs
- Days since last release: 35
25-March-2023 - 7.0.0-rc1
We’re excited to bring you the next major version of PMD!
Since this is a big release, we provide here only a concise version of the release notes. We prepared a separate page with the full Detailed Release Notes for PMD 7.0.0.
PMD 7.0.0 is finally almost ready. In order to gather feedback, we are going to ship a couple of release candidates. These are officially available on GitHub and Maven Central and can be used as usual (e.g. as a dependency). We encourage you to try out the new features, but keep in mind that we may introduce API breaking changes between the release candidates. It should be stable enough if you don't use custom rules.
We have still some tasks planned for the next release candidates. You can see the progress in PMD 7 Tracking Issue #3898.
If you find any problem or difficulty while updating from PMD 6, please provide feedback via our issue tracker. That way we can improve the experience for all.
Table Of Contents
- 🚀 Major Features and Enhancements
- 🎉 Language Related Changes
- 🌟 New and changed rules
- 🚨 API
- 💥 Compatibility and migration notes
- 🐛 Fixed Issues
- ✨ External Contributions
- 📈 Stats
🚀 Major Features and Enhancements
New official logo
The new official logo of PMD:
Revamped Java module
- Java grammar substantially refactored - more correct regarding the Java Language Specification (JLS)
- Built-in rules have been upgraded for the changed AST
- Rewritten type resolution framework and symbol table correctly implements the JLS
- AST exposes more semantic information (method calls, field accesses)
For more information, see the Detailed Release Notes for PMD 7.
Contributors: Clément Fournier (@oowekyala), Andreas Dangel (@adangel), Juan Martín Sotuyo Dodero (@jsotuyod)
Revamped Command Line Interface
- unified and consistent Command Line Interface for both Linux/Unix and Windows across our different utilities
- single script
pmd
(pmd.bat
for Windows) to launch the different utilities:pmd check
to run PMD rules and analyze a projectpmd cpd
to run CPD (copy paste detector)pmd designer
to run the PMD Rule Designer
- progress bar support for
pmd check
- shell completion
For more information, see the Detailed Release Notes for PMD 7.
Contributors: Juan Martín Sotuyo Dodero (@jsotuyod)
Full Antlr support
- Antlr based grammars can now be used to build full-fledged PMD rules.
- Previously, Antlr grammar could only be used for CPD
- New supported languages: Swift and Kotlin
For more information, see the Detailed Release Notes for PMD 7.
Contributors: Lucas Soncini (@lsoncini), Matías Fraga (@matifraga), Tomás De Lucca (@tomidelucca)
🎉 Language Related Changes
Note that this is just a concise listing of the highlight. For more information on the languages, see the Detailed Release Notes for PMD 7.
New: Swift support
- use PMD to analyze Swift code with PMD rules
- initially 4 built-in rules
Contributors: Lucas Soncini (@lsoncini), Matías Fraga (@matifraga), Tomás De Lucca (@tomidelucca)
New: Kotlin support (experimental)
- use PMD to analyze Kotlin code with PMD rules
- Support for Kotlin 1.8 grammar
- initially 2 built-in rules
Changed: JavaScript support
- latest version supports ES6 and also some new constructs (see Rhino])
- comments are retained
Changed: Language versions
- more predefined language versions for each supported language
- can be used to limit rule execution for specific versions only with
minimumLanguageVersion
andmaximumLanguageVersion
attributes.
🌟 New and changed rules
New Rules
Apex
UnusedMethod
finds unused methods in your code.
Java
UnnecessaryBoxing
reports boxing and unboxing conversions that may be made implicit.
Kotlin
Swift
Changed Rules
Java
UnnecessaryFullyQualifiedName
: the rule has two new properties, to selectively disable reporting on static field and method qualifiers. The rule also has been improved to be more precise.UselessParentheses
: the rule has two new properties which control how strict the rule should be applied. WithignoreClarifying
(default: true) parentheses that are strictly speaking not necessary are allowed, if they separate expressions of different precedence. The other propertyignoreBalancing
(default: true) is similar, in that it allows parentheses that help reading and understanding the expressions.LooseCoupling
: the rule has a new property to allow some types to be coupled to (allowedTypes
).EmptyCatchBlock
:CloneNotSupportedException
andInterruptedException
are not special-cased anymore. Rename the exception parameter toignored
to ignore them.DontImportSun
:sun.misc.Signal
is not special-cased anymore.UseDiamondOperator
: the propertyjava7Compatibility
is removed. The rule now handles Java 7 properly without a property.SingularField
: PropertiescheckInnerClasses
anddisallowNotAssignment
are removed. The rule is now more precise and will check these cases properly.UseUtilityClass
: The propertyignoredAnnotations
has been removed.LawOfDemeter
: the rule has a new propertytrustRadius
. This defines the maximum degree of trusted data. The default of 1 is the most restrictive.CommentContent
: The propertiescaseSensitive
anddisallowedTerms
are removed. The new propertyfobiddenRegex
can be used now to define the disallowed terms with a single regular expression.
Removed Rules
Many rules, that were previously deprecated have been finally removed. See Detailed Release Notes for PMD 7 for the complete list.
🚨 API
The API of PMD has been growing over the years and needed some cleanup. The goal is, to have a clear separation between a well-defined API and the implementation, which is internal. This should help us in future development.
Also, there are some improvement and changes in different areas. For the detailed description of the changes listed here, see Detailed Release Notes for PMD 7.
- Miscellaneous smaller changes and cleanups
- XPath 3.1 support for XPath-based rules
- Node stream API for AST traversal
- Metrics framework
- Testing framework
- Language Lifecycle and Language Properties
💥 Compatibility and migration notes
See Detailed Release Notes for PMD 7.
🐛 Fixed Issues
- miscellaneous
- #881: [all] Breaking API changes for 7.0.0
- #896: [all] Use slf4j
- #1431: [ui] Remove old GUI applications (designerold, bgastviewer)
- #1451: [core] RulesetFactoryCompatibility stores the whole ruleset file in memory as a string
- #2496: Update PMD 7 Logo on landing page
- #2497: PMD 7 Logo page
- #2498: Update PMD 7 Logo in documentation
- #3797: [all] Use JUnit5
- ant
- #4080: [ant] Split off Ant integration into a new submodule
- core
- #880: [core] Make visitors generic
- #1622: [core] NodeStream API
- #1687: [core] Deprecate and Remove XPath 1.0 support
- #1785: [core] Allow abstract node types to be valid rulechain visits
- #1825: [core] Support NoAttribute for XPath
- #2038: [core] Remove DCD
- #2218: [core]
isFindBoundary
should not be an attribute - #2234: [core] Consolidate PMD CLI into a single command
- #2239: [core] Merging Javacc build scripts
- #2518: [core] Language properties
- #2602: [core] Remove ParserOptions
- #2614: [core] Upgrade Saxon, add XPath 3.1, remove Jaxen
- #2696: [core] Remove DFA
- #2821: [core] Rule processing error filenames are missing paths
- #2873: [core] Utility classes in pmd 7
- #2885: [core] Error recovery mode
- #3203: [core] Replace RuleViolationFactory implementations with ViolationDecorator
- #3692: [core] Analysis listeners
- #3782: [core] Language lifecycle
- #3815: [core] Update Saxon HE to 10.7
- #3893: [core] Text documents
- #3902: [core] Violation decorators
- #3918: [core] Make LanguageRegistry non static
- #3922: [core] Better error reporting for the ruleset parser
- #4035: [core] ConcurrentModificationException in DefaultRuleViolationFactory
- #4120: [core] Explicitly name all language versions
- #4353: [core] Micro optimizations for Node API
- #4365: [core] Improve benchmarking
- #4420: [core] Remove PMD.EOL
- cli
- testing
Language specific fixes:
- apex
- apex-design
- #2667: [apex] Integrate nawforce/ApexLink to build robust Unused rule
- java
- #520: [java] Allow
@SuppressWarnings
with constants instead of literals - #864: [java] Similar/duplicated implementations for determining FQCN
- #905: [java] Add new node for anonymous class declaration
- #910: [java] AST inconsistency between primitive and reference type arrays
- #997: [java] Java8 parsing corner case with annotated array types
- #998: [java] AST inconsistencies around FormalParameter
- #1019: [java] Breaking Java Grammar changes for PMD 7.0.0
- #1124: [java] ImmutableList implementation in the qname codebase
- #1128: [java] Improve ASTLocalVariableDeclaration
- #1150: [java] ClassOrInterfaceType AST improvements
- #1207: [java] Resolve explicit types using FQCNs, without hitting the classloader
- #1367: [java] Parsing error on annotated inner class
- #1661: [java] About operator nodes
- #2366: [java] Remove qualified names
- #2819: [java] GLB bugs in pmd 7
- #3763: [java] Ambiguous reference error in valid code
- #3749: [java] Improve
isOverridden
in ASTMethodDeclaration - #3750: [java] Make symbol table support instanceof pattern bindings
- #3752: [java] Expose annotations in symbol API
- #4237: [java] Cleanup handling of Java comments
- #4317: [java] Some AST nodes should not be TypeNodes
- #4359: [java] Type resolution fails with NPE when the scope is not a type declaration
- #4367: [java] Move testrule TypeResTest into internal
- #520: [java] Allow
- java-bestpractices
- #342: [java] AccessorMethodGeneration: Name clash with another public field not properly handled
- #755: [java] AccessorClassGeneration false positive for private constructors
- #770: [java] UnusedPrivateMethod yields false positive for counter-variant arguments
- #807: [java] AccessorMethodGeneration false positive with overloads
- #833: [java] ForLoopCanBeForeach should consider iterating on this
- #1189: [java] UnusedPrivateMethod false positive from inner class via external class
- #1205: [java] Improve ConstantsInInterface message to mention alternatives
- #1212: [java] Don’t raise JUnitTestContainsTooManyAsserts on JUnit 5’s assertAll
- #1422: [java] JUnitTestsShouldIncludeAssert false positive with inherited @Rule field
- #1565: [java] JUnitAssertionsShouldIncludeMessage false positive with AssertJ
- #1747: [java] PreserveStackTrace false-positive
- #1969: [java] MissingOverride false-positive triggered by package-private method overwritten in another package by extending class
- #1998: [java] AccessorClassGeneration false-negative: subclass calls private constructor
- #2130: [java] UnusedLocalVariable: false-negative with array
- #2147: [java] JUnitTestsShouldIncludeAssert - false positives with lambdas and static methods
- #2464: [java] LooseCoupling must ignore class literals: ArrayList.class
- #2542: [java] UseCollectionIsEmpty can not detect the case
foo.bar().size()
- #2650: [java] UseTryWithResources false positive when AutoCloseable helper used
- #2796: [java] UnusedAssignment false positive with call chains
- #2797: [java] MissingOverride long-standing issues
- #2806: [java] SwitchStmtsShouldHaveDefault false-positive with Java 14 switch non-fallthrough branches
- #2822: [java] LooseCoupling rule: Extend to cover user defined implementations and interfaces
- #2843: [java] Fix UnusedAssignment FP with field accesses
- #2882: [java] UseTryWithResources - false negative for explicit close
- #2883: [java] JUnitAssertionsShouldIncludeMessage false positive with method call
- #2890: [java] UnusedPrivateMethod false positive with generics
- #2946: [java] SwitchStmtsShouldHaveDefault false positive on enum inside enums
- #3672: [java] LooseCoupling - fix false positive with generics
- #3675: [java] MissingOverride - fix false positive with mixing type vars
- java-codestyle
- #1208: [java] PrematureDeclaration rule false-positive on variable declared to measure time
- #1429: [java] PrematureDeclaration as result of method call (false positive)
- #1673: [java] UselessParentheses false positive with conditional operator
- #1790: [java] UnnecessaryFullyQualifiedName false positive with enum constant
- #1918: [java] UselessParentheses false positive with boolean operators
- #2134: [java] PreserveStackTrace not handling
Throwable.addSuppressed(...)
- #2299: [java] UnnecessaryFullyQualifiedName false positive with similar package name
- #2391: [java] UseDiamondOperator FP when expected type and constructed type have a different parameterization
- #2528: [java] MethodNamingConventions - JUnit 5 method naming not support ParameterizedTest
- #2739: [java] UselessParentheses false positive for string concatenation
- #2748: [java] UnnecessaryCast false positive with unchecked cast
- #2973: [java] New rule: UnnecessaryBoxing
- #3195: [java] Improve rule UnnecessaryReturn to detect more cases
- #3218: [java] Generalize UnnecessaryCast to flag all unnecessary casts
- #3221: [java] PrematureDeclaration false positive for unused variables
- #3238: [java] Improve ExprContext, fix FNs of UnnecessaryCast
- #3500: [java] UnnecessaryBoxing - check for Integer.valueOf(String) calls
- #4357: [java] Fix IllegalStateException in UseDiamondOperator rule
- java-design
- #1014: [java] LawOfDemeter: False positive with lambda expression
- #1605: [java] LawOfDemeter: False positive for standard UTF-8 charset name
- #2175: [java] LawOfDemeter: False positive for chained methods with generic method call
- #2179: [java] LawOfDemeter: False positive with static property access - should treat class-level property as global object, not dot-accessed property
- #2180: [java] LawOfDemeter: False positive with Thread and ThreadLocalRandom
- #2182: [java] LawOfDemeter: False positive with package-private access
- #2188: [java] LawOfDemeter: False positive with fields assigned to local vars
- #2536: [java] ClassWithOnlyPrivateConstructorsShouldBeFinal can’t detect inner class
- #3668: [java] ClassWithOnlyPrivateConstructorsShouldBeFinal - fix FP with inner private classes
- #3754: [java] SingularField false positive with read in while condition
- #3786: [java] SimplifyBooleanReturns should consider operator precedence
- #4238: [java] Make LawOfDemeter not use the rulechain
- java-documentation
- java-errorprone
- #659: [java] MissingBreakInSwitch - last default case does not contain a break
- #1005: [java] CloneMethodMustImplementCloneable triggers for interfaces
- #1669: [java] NullAssignment - FP with ternay and null as constructor argument
- #1899: [java] Recognize @SuppressWanings(“fallthrough”) for MissingBreakInSwitch
- #2320: [java] NullAssignment - FP with ternary and null as method argument
- #2532: [java] AvoidDecimalLiteralsInBigDecimalConstructor can not detect the case
new BigDecimal(Expression)
- #2579: [java] MissingBreakInSwitch detects the lack of break in the last case
- #2880: [java] CompareObjectsWithEquals - false negative with type res
- #2893: [java] Remove special cases from rule EmptyCatchBlock
- #2894: [java] Improve MissingBreakInSwitch
- #3071: [java] BrokenNullCheck FP with PMD 6.30.0
- #3087: [java] UnnecessaryBooleanAssertion overlaps with SimplifiableTestAssertion
- #3100: [java] UseCorrectExceptionLogging FP in 6.31.0
- #3173: [java] UseProperClassLoader false positive
- #3351: [java] ConstructorCallsOverridableMethod ignores abstract methods
- #3400: [java] AvoidUsingOctalValues FN with underscores
- #4356: [java] Fix NPE in CloseResourceRule
- java-multithreading
- java-performance
- kotlin
- swift
- xml
- #1800: [xml] Unimplement org.w3c.dom.Node from the XmlNodeWrapper
✨ External Contributions
- #1658: [core] Node support for Antlr-based languages - Matías Fraga (@matifraga)
- #1698: [core] [swift] Antlr Base Parser adapter and Swift Implementation - Lucas Soncini (@lsoncini)
- #1774: [core] Antlr visitor rules - Lucas Soncini (@lsoncini)
- #1877: [swift] Feature/swift rules - Matías Fraga (@matifraga)
- #1881: [doc] Add ANTLR documentation - Matías Fraga (@matifraga)
- #1882: [swift] UnavailableFunction Swift rule - Tomás de Lucca (@tomidelucca)
- #2830: [apex] Apexlink POC - Kevin Jones (@nawforce)
- #3866: [core] Add CLI Progress Bar - @JerritEic (@JerritEic)
- #4412: [doc] Added new error msg to ConstantsInInterface - David Ljunggren (@dague1)
- #4428: [apex] ApexBadCrypto bug fix for #4427 - inline detection of hard coded values - Steven Stearns (@sfdcsteve)
📈 Stats
- 4416 commits
- 464 closed tickets & PRs
- Days since last release: 28
25-February-2023 - 6.55.0
The PMD team is pleased to announce PMD 6.55.0.
This is a minor release.
Table Of Contents
New and noteworthy
PMD 7 Development
This release is the last planned release of PMD 6. The first version 6.0.0 was released in December 2017. Over the course of more than 5 years we published almost every month a new minor version of PMD 6 with new features and improvements.
Already in November 2018 we started in parallel the development of the next major version 7.0.0, and we are now in the process of finalizing the scope of the major version. We want to release a couple of release candidates before publishing the final version 7.0.0.
We plan to release 7.0.0-rc1 soon. You can see the progress in PMD 7 Tracking Issue #3898.
Java 20 Support
This release of PMD brings support for Java 20. There are no new standard language features.
PMD supports JEP 433: Pattern Matching for switch (Fourth Preview) and JEP 432: Record Patterns (Second Preview) as preview language features.
In order to analyze a project with PMD that uses these language features,
you’ll need to enable it via the environment variable PMD_JAVA_OPTS
and select the new language
version 20-preview
:
export PMD_JAVA_OPTS=--enable-preview
./run.sh pmd --use-version java-20-preview ...
T-SQL support
Thanks to the contribution from Paul Guyot PMD now has CPD support for T-SQL (Transact-SQL).
Being based on a proper Antlr grammar, CPD can:
- ignore comments
- honor comment-based suppressions
Fixed Issues
- core
- #4395: [core] Support environment variable CLASSPATH with pmd.bat under Windows
- java
- #4333: [java] Support JDK 20
- java-errorprone
- #4393: [java] MissingStaticMethodInNonInstantiatableClass false-positive for Lombok’s @UtilityClass for classes with non-private fields
API Changes
Go
- The LanguageModule of Go, that only supports CPD execution, has been deprecated. This language is not fully supported by PMD, so having a language module does not make sense. The functionality of CPD is not affected by this change. The following class has been deprecated and will be removed with PMD 7.0.0:
Java
- Support for Java 18 preview language features have been removed. The version “18-preview” is no longer available.
- The experimental class
net.sourceforge.pmd.lang.java.ast.ASTGuardedPattern
has been removed.
External Contributions
- #4384: [swift] Add more swift 5.x support (#unavailable mainly) - Richard B. (@kenji21)
- #4390: Add support for T-SQL using Antlr4 lexer - Paul Guyot (@pguyot)
- #4392: [java] Fix #4393 MissingStaticMethodInNonInstantiatableClass: Fix false-positive for field-only class - Dawid Ciok (@dawiddc)
Stats
- 40 commits
- 11 closed tickets & PRs
- Days since last release: 28
28-January-2023 - 6.54.0
The PMD team is pleased to announce PMD 6.54.0.
This is a minor release.
Table Of Contents
New and noteworthy
New report format html-report-v2.xslt
Thanks to @mohan-chinnappan-n a new PMD report format has been added which features a data table with charting functions. It uses an XSLT stylesheet to convert PMD’s XML format into HTML.
See the example report.
Fixed Issues
- apex-bestpractices
- #2669: [apex] UnusedLocalVariable false positive in dynamic SOQL
- core
- java
- #4364: [java] Parsing error with textblock containing quote followed by two backslashes
- testing
- #4236: [test] kotest logs look broken
API Changes
PMD CLI
- PMD now supports a new
--relativize-paths-with
flag (or short-z
), which replaces--short-names
. It serves the same purpose: Shortening the pathnames in the reports. However, with the new flag it’s possible to explicitly define one or more pathnames that should be used as the base when creating relative paths. The old flag--short-names
is deprecated.
Deprecated APIs
For removal
ApexRootNode#getApexVersion
has been deprecated for removal. The version returned is alwaysVersion.CURRENT
, as the apex compiler integration doesn’t use additional information which Apex version actually is used. Therefore, this method can’t be used to determine the Apex version of the project that is being analyzed.CPDConfiguration#setEncoding
andCPDConfiguration#getEncoding
. Use the methodsgetSourceEncoding
andsetSourceEncoding
instead. Both are available forCPDConfiguration
which extendsAbstractConfiguration
.BaseCLITest
andBaseCPDCLITest
have been deprecated for removal without replacement. CLI tests should be done in pmd-core only (and in PMD7 in pmd-cli). Individual language modules shouldn’t need to test the CLI integration logic again. Instead, the individual language modules should test their functionality as unit tests.-
FileCollector#addZipFile
has been deprecated. It is replaced byFileCollector#addZipFileWithContent
which directly adds the content of the zip file for analysis. PMDConfiguration#setReportShortNames
andPMDConfiguration#isReportShortNames
have been deprecated for removal. UsePMDConfiguration#addRelativizeRoot
instead.
Internal APIs
CSVWriter
- Some fields in
AbstractAntTestHelper
Experimental APIs
- CPDReport has a new method which limited mutation of a given report:
filterMatches
creates a new CPD report with some matches removed with a given predicate based filter.
External Contributions
- #4110: [apex] Feature/unused variable bind false positive with dynamic SOQL - Thomas Prouvot (@tprouvot)
- #4125: [core] New report format html-report-v2.xslt to provide html with datatable and chart features - Mohan Chinnappan - (@mohan-chinnappan-n)
- #4280: [apex] Deprecate ApexRootNode.getApexVersion - Aaron Hurst (@aaronhurst-google)
- #4285: [java] CommentDefaultAccessModifier - add co.elastic.clients.util.VisibleForTesting as default suppressed annotation - Matthew Luckam (@mluckam)
Stats
- 107 commits
- 19 closed tickets & PRs
- Days since last release: 27
31-December-2022 - 6.53.0
The PMD team is pleased to announce PMD 6.53.0.
This is a minor release.
Table Of Contents
New and noteworthy
Modified rules
- The Java rule
UnusedPrivateField
has a new propertyreportForAnnotations
. This is a list of fully qualified names of the annotation types that should be reported anyway. If an unused field has any of these annotations, then it is reported. If it has any other annotation, then it is still considered to be used and is not reported.
Deprecated rules
-
The Java rules
ExcessiveClassLength
andExcessiveMethodLength
have been deprecated. The ruleNcssCount
can be used instead. The deprecated rules will be removed with PMD 7.0.0. -
The Java rule
EmptyStatementNotInLoop
is deprecated. Use the ruleUnnecessarySemicolon
instead. Note: Actually it was announced to be deprecated since 6.46.0 but the rule was not marked as deprecated yet. This has been done now.
Fixed Issues
- core
- #4248: [core] Can’t analyze sources in zip files
- apex-security
- #4146: [apex] ApexCRUDViolation: Recognize User Mode in SOQL + DML
- java
- #4266: [java] PMD fails to process a record with lambda in compact constructor
- java-bestpractices
- java-design
- #2127: [java] Deprecate rules ExcessiveClassLength and ExcessiveMethodLength
- java-errorprone
- #4164: [java][doc] AvoidAssertAsIdentifier and AvoidEnumAsIdentifier - clarify use case
- java-multithreading
- #4210: [java] DoNotUseThreads report duplicate warnings
API Changes
Deprecated APIs
For removal
These classes / APIs have been deprecated and will be removed with PMD 7.0.0.
ExcessiveLengthRule
(Java)
External Contributions
- #4244: [apex] ApexCRUDViolation: user mode and system mode with test cases added - Tarush Singh (@Tarush-Singh35)
- #4274: [java] Fix finding lambda scope in record compact constructor - kdebski85 (@kdebski85)
Stats
- 43 commits
- 17 closed tickets & PRs
- Days since last release: 35
26-November-2022 - 6.52.0
The PMD team is pleased to announce PMD 6.52.0.
This is a minor release.
Table Of Contents
New and noteworthy
New rules
- The new Java rule
InvalidJavaBean
identifies beans, that don’t follow the JavaBeans API specification, like beans with missing getters or setters.
<rule ref="category/java/design.xml/InvalidJavaBean"/>
Renamed rules
-
The Java rule
BeanMembersShouldSerialize
has been renamed toNonSerializableClass
. It has been revamped to only check for classes that are marked withSerializable
and reports each field in it, that is not serializable.The property
prefix
has been deprecated, since in a serializable class all fields have to be serializable regardless of the name.
Modified rules
-
The rule
ClassNamingConventions
has a new propertytestClassPattern
, which is applied to test classes. By default, test classes should end with the suffix “Test”. Test classes are top-level classes, that either inherit from JUnit 3 TestCase or have at least one method annotated with the Test annotations from JUnit4/5 or TestNG. -
The property
ignoredAnnotations
of ruleImmutableField
has been deprecated and doesn’t have any effect anymore. Since PMD 6.47.0, the rule only considers fields, that are initialized once and never changed. If the field is just declared but never explicitly initialized, it won’t be reported. That’s the typical case when a framework sets the field value by reflection. Therefore, the property is not needed anymore. If there is a special case where this rule misidentifies fields as immutable, then the rule should be suppressed for these fields explicitly.
Fixed Issues
- cli
- #4215: NullPointerException when trying to open designer
- doc
- #4207: [doc] List all languages in rule doc
- java
- java-codestyle
- java-design
- #4175: [java] ImmutableField - deprecate property
ignoredAnnotations
- #4177: [java] New Rule InvalidJavaBean
- #4188: [java] ClassWithOnlyPrivateConstructorsShouldBeFinal false positive with Lombok’s @NoArgsConstructor
- #4189: [java] AbstractClassWithoutAnyMethod should consider lombok’s @AllArgsConstructor
- #4200: [java] ClassWithOnlyPrivateConstructorsShouldBeFinal should consider lombok’s @Value
- #4175: [java] ImmutableField - deprecate property
- java-errorprone
- #1668: [java] BeanMembersShouldSerialize is extremely noisy
- #4172: [java] InvalidLogMessageFormat false positive on externally formatted strings
- #4174: [java] MissingStaticMethodInNonInstantiatableClass does not consider nested builder class
- #4176: [java] Rename BeanMembersShouldSerialize to NonSerializableClass
- #4185: [java] InvalidLogMessageFormat rule produces a NPE
- #4224: [java] MissingStaticMethodInNonInstantiatableClass should consider Lombok’s @UtilityClass
- #4225: [java] MissingStaticMethodInNonInstantiatableClass should consider Lombok’s @NoArgsConstructor
- java-performance
- #4183: [java] AvoidArrayLoops regression: from false negative to false positive with final variables
API Changes
PMD CLI
-
PMD now supports a new
--use-version
flag, which receives a language-version pair (such asjava-8
orapex-54
). This supersedes the usage of-language
/-l
and-version
/-v
, allowing for multiple versions to be set in a single run. PMD 7 will completely remove support for-language
and-version
in favor of this new flag. -
Support for
-V
is being deprecated in favor of--verbose
in preparation for PMD 7. In PMD 7,-v
will enable verbose mode and-V
will show the PMD version for consistency with most Unix/Linux tools. -
Support for
-min
is being deprecated in favor of--minimum-priority
for consistency with most Unix/Linux tools, where-min
would be equivalent to-m -i -n
.
CPD CLI
- CPD now supports using
-d
or--dir
as an alias to--files
, in favor of consistency with PMD. PMD 7 will remove support for--files
in favor of these new flags.
Linux run.sh parameters
-
Using
run.sh cpdgui
will now warn about it being deprecated. Userun.sh cpd-gui
instead. -
The old designer (
run.sh designerold
) is completely deprecated and will be removed in PMD 7. Switch to the new JavaFX designer:run.sh designer
. -
The old visual AST viewer (
run.sh bgastviewer
) is completely deprecated and will be removed in PMD 7. Switch to the new JavaFX designer:run.sh designer
for a visual tool, or userun.sh ast-dump
for a text-based alternative.
Deprecated API
- The following core APIs have been marked as deprecated for removal in PMD 7:
PMD
andPMD.StatusCode
- PMD 7 will ship with a revamped CLI split from pmd-core. To programmatically launch analysis you can usePmdAnalysis
.PMDConfiguration#getAllInputPaths
- It is now superseded byPMDConfiguration#getInputPathList
PMDConfiguration#setInputPaths
- It is now superseded byPMDConfiguration#setInputPathList
PMDConfiguration#addInputPath
- It is now superseded byPMDConfiguration#addInputPath
PMDConfiguration#getInputFilePath
- It is now superseded byPMDConfiguration#getInputFile
PMDConfiguration#getIgnoreFilePath
- It is now superseded byPMDConfiguration#getIgnoreFile
PMDConfiguration#setInputFilePath
- It is now superseded byPMDConfiguration#setInputFilePath
PMDConfiguration#setIgnoreFilePath
- It is now superseded byPMDConfiguration#setIgnoreFilePath
PMDConfiguration#getInputUri
- It is now superseded byPMDConfiguration#getUri
PMDConfiguration#setInputUri
- It is now superseded byPMDConfiguration#setInputUri
PMDConfiguration#getReportFile
- It is now superseded byPMDConfiguration#getReportFilePath
PMDConfiguration#setReportFile
- It is now superseded byPMDConfiguration#setReportFile
PMDConfiguration#isStressTest
andPMDConfiguration#setStressTest
- Will be removed with no replacement.PMDConfiguration#isBenchmark
andPMDConfiguration#setBenchmark
- Will be removed with no replacement, the CLI will still support it.CPD
andCPD.StatusCode
- PMD 7 will ship with a revamped CLI split from pmd-core. An alterative to programatically launch CPD analysis will be added in due time.
- In order to reduce the dependency on Apex Jorje classes, the method
DataType#fromBasicType
has been deprecated. The equivalent methodfromTypeName
should be used instead.
External Contributions
- #4184: [java][doc] TestClassWithoutTestCases - fix small typo in description - Valery Yatsynovich (@valfirst)
- #4198: [doc] Add supported CPD languages - Jeroen van Wilgenburg (@jvwilge)
- #4202: [java] Fix #4200 and #4201: ClassWithOnlyPrivateConstructorsShouldBeFinal, CommentDefaultAccessModifier: Exclude lombok @Value annotation - Lynn (@LynnBroe)
- #4205: [doc] Clarify Scala support (no built-in rules) - Eldrick Wega (@Eldrick19)
- #4226: [visualforce] Replace uses of Jorje types in pmd-visualforce - Aaron Hurst (@aaronhurst-google)
- #4227: [java] Fix #4225 MissingStaticMethodInNonInstantiatableClass: Exclude lombok’s @NoArgsConstructor annotation - Lynn (@LynnBroe)
- #4228: [java] Fix #4224 MissingStaticMethodInNonInstantiatableClass: Exclude lombok’s UtilityClass - Lynn (@LynnBroe)
- #4232: [doc] Fixing typos - Andreas Deininger (@deining)
Stats
- 96 commits
- 40 closed tickets & PRs
- Days since last release: 28
29-October-2022 - 6.51.0
The PMD team is pleased to announce PMD 6.51.0.
This is a minor release.
Table Of Contents
New and noteworthy
New Rules
- The new Apex rule
ApexUnitTestClassShouldHaveRunAs
ensures that unit tests use System.runAs() at least once. This makes the tests more robust, and independent from the user running it.
<rule ref="category/apex/bestpractices.xml/ApexUnitTestClassShouldHaveRunAs"/>
The rule is part of the quickstart.xml ruleset.
Modified Rules
- The Java rule
TestClassWithoutTestCases
has a new propertytestClassPattern
. This is used to detect empty test classes by name. Previously this rule could only detect empty JUnit3 test cases properly. To switch back to the old behavior, this property can be set to an empty value which disables the test class detection by pattern.
Fixed Issues
- apex
- #4149: [apex] New rule: ApexUnitTestClassShouldHaveRunAs
- doc
- java-bestpractices
- #4140: [java] [doc] AccessorClassGeneration violations hidden with Java 11
- java-codestyle
- #4139: [java] UnnecessaryFullyQualifiedName FP when the same simple class name exists in the current package
- java-documentation
- #4141: [java] UncommentedEmptyConstructor FP when constructor annotated with @Autowired
- java-performance
- #1167: [java] AvoidArrayLoops false positive on double assignment
- #2080: [java] StringToString rule false-positive with field access
- #2692: [java] [doc] AvoidArrayLoops flags copy assignment in same array as sub-optimal
- #3437: [java] StringToString doesn’t trigger on Bar.class.getSimpleName().toString()
- #3681: [java] StringToString doesn’t trigger on string literals
- #3847: [java] AvoidArrayLoops should consider final variables
- #3977: [java] StringToString false-positive with local method name confusion
- #4091: [java] AvoidArrayLoops false negative with do-while loops
- #4148: [java] UseArrayListInsteadOfVector ignores Vector when other classes are imported
- java-errorprone
- javascript
- #4165: [javascript] InaccurateNumericLiteral underscore separator notation false positive
API Changes
No changes.
External Contributions
- #4142: [java] fix #4141 Update UncommentedEmptyConstructor - ignore @Autowired annotations - Lynn (@LynnBroe)
- #4147: [java] Added support for Do-While for AvoidArrayLoops - Yasar Shaikh (@yasarshaikh)
- #4150: [apex] New rule ApexUnitTestClassShouldHaveRunAs #4149 - Thomas Prouvot (@tprouvot)
Stats
- 63 commits
- 28 closed tickets & PRs
- Days since last release: 28
30-September-2022 - 6.50.0
The PMD team is pleased to announce PMD 6.50.0.
This is a minor release.
Table Of Contents
New and noteworthy
Lua now supports additionally Luau
This release of PMD adds support for Luau, a gradually typed language derived from Lua. This means, that the Lua language in PMD can now parse both Lua and Luau.
Modified rules
- The Java rule
UnusedPrivateField
now ignores private fields, if the fields are annotated with any annotation or the enclosing class has any annotation. Annotations often enable a framework (such as dependency injection, mocking or e.g. Lombok) which use the fields by reflection or other means. This usage can’t be detected by static code analysis. Previously these frameworks where explicitly allowed by listing their annotations in the property “ignoredAnnotations”, but that turned out to be prone of false positive for any not explicitly considered framework. That’s why the property “ignoredAnnotations” has been deprecated for this rule. - The Java rule
CommentDefaultAccessModifier
now by default ignores JUnit5 annotated methods. This behavior can be customized using the propertyignoredAnnotations
.
Fixed Issues
- cli
- #4118: [cli] run.sh designer reports “integer expression expected”
- core
- #4116: [core] Missing –file arg in TreeExport CLI example
- doc
- java
- #3431: [java] Add sample java project to regression-tester which uses new language constructs
- java-bestpractices
- java-codestyle
- #3859: [java] CommentDefaultAccessModifier is triggered in JUnit5 test class
- #4085: [java] UnnecessaryFullyQualifiedName false positive when nested and non-nested classes with the same name and in the same package are used together
- #4133: [java] UnnecessaryFullyQualifiedName - FP for inner class pkg.ClassA.Foo implementing pkg.Foo
- java-design
- #4090: [java] FinalFieldCouldBeStatic false positive with non-static synchronized block (regression in 6.48, worked with 6.47)
- java-errorprone
- scala
- #4138: [scala] Upgrade scala-library to 2.12.7 / 2.13.9 and scalameta to 4.6.0
API Changes
CPD CLI
- CPD now supports the
--ignore-literal-sequences
argument when analyzing Lua code.
Financial Contributions
Many thanks to our sponsors:
- Oliver Siegmar (@osiegmar)
External Contributions
- #4066: [lua] Add support for Luau syntax and skipping literal sequences in CPD - Matt Hargett (@matthargett)
- #4100: [java] Update UnusedPrivateFieldRule - ignore any annotations - Lynn (@LynnBroe)
- #4116: [core] Fix missing –file arg in TreeExport CLI example - mohan-chinnappan-n (@mohan-chinnappan-n)
- #4124: [doc] Fix typos in Java rule docs - Piotrek Żygieło (@pzygielo)
- #4128: [java] Fix False-positive UnnecessaryFullyQualifiedName when nested and non-nest… #4103 - Oleg Andreych (@OlegAndreych)
- #4130: [ci] GitHub Workflows security hardening - Alex (@sashashura)
- #4131: [doc] TooFewBranchesForASwitchStatement - Use “if-else” instead of “if-then” - Suvashri (@Suvashri)
- #4137: [java] Fixes 3859: Exclude junit5 test methods from the commentDefaultAccessModifierRule - Luis Alcantar (@lfalcantar)
Stats
- 100 commits
- 26 closed tickets & PRs
- Days since last release: 29
31-August-2022 - 6.49.0
The PMD team is pleased to announce PMD 6.49.0.
This is a minor release.
Table Of Contents
New and noteworthy
Updated PMD Designer
This PMD release ships a new version of the pmd-designer. For the changes, see PMD Designer Changelog.
Fixed Issues
- apex
- #4096: [apex] ApexAssertionsShouldIncludeMessage and ApexUnitTestClassShouldHaveAsserts: support new Assert class (introduced with Apex v56.0)
- core
- #3970: [core] FileCollector.addFile ignores language parameter
- java-codestyle
- #4082: [java] UnnecessaryImport false positive for on-demand imports of nested classes
API Changes
Deprecated API
- In order to reduce the dependency on Apex Jorje classes, the following methods have been deprecated.
These methods all leaked internal Jorje enums. These enums have been replaced now by enums the
PMD’s AST package.
ASTAssignmentExpression#getOperator
ASTBinaryExpression#getOperator
ASTBooleanExpression#getOperator
ASTPostfixExpression#getOperator
ASTPrefixExpression#getOperator
All these classes have now a new
getOp()
method. Existing code should be refactored to use this method instead. It returns the new enums, likeAssignmentOperator
, and avoids the dependency to Jorje.
External Contributions
- #4081: [apex] Remove Jorje leaks outside
ast
package - @eklimo - #4083: [java] UnnecessaryImport false positive for on-demand imports of nested classes (fix for #4082) - @abyss638
- #4092: [apex] Implement ApexQualifiableNode for ASTUserEnum - @aaronhurst-google
- #4095: [core] CPD: Added begin and end token to XML reports - @pacvz
- #4097: [apex] ApexUnitTestClassShouldHaveAssertsRule: Support new Assert class (Apex v56.0) - @tprouvot
- #4104: [doc] Add MegaLinter in the list of integrations - @nvuillam
Stats
- 49 commits
- 10 closed tickets & PRs
- Days since last release: 32
30-July-2022 - 6.48.0
The PMD team is pleased to announce PMD 6.48.0.
This is a minor release.
Table Of Contents
New and noteworthy
Java 19 Support
This release of PMD brings support for Java 19. There are no new standard language features.
PMD supports JEP 427: Pattern Matching for switch (Third Preview) and JEP 405: Record Patterns (Preview) as preview language features.
In order to analyze a project with PMD that uses these language features,
you’ll need to enable it via the environment variable PMD_JAVA_OPTS
and select the new language
version 19-preview
:
export PMD_JAVA_OPTS=--enable-preview
./run.sh pmd -language java -version 19-preview ...
Note: Support for Java 17 preview language features have been removed. The version “17-preview” is no longer available.
Gherkin support
Thanks to the contribution from Anne Brouwers PMD now has CPD support for the Gherkin language. It is used to defined test cases for the Cucumber testing tool for behavior-driven development.
Being based on a proper Antlr grammar, CPD can:
- ignore comments
- honor comment-based suppressions
Fixed Issues
- apex
- #4056: [apex] ApexSOQLInjection: Add support count query
- core
- #3796: [core] CPD should also provide a
--debug
flag - #4021: [core] CPD: Add total number of tokens to XML reports
- #4031: [core] If report is written to stdout, stdout should not be closed
- #4051: [doc] Additional rulesets are not listed in documentation
- #4053: [core] Allow building PMD under Java 18+
- #3796: [core] CPD should also provide a
- java
- #4015: [java] Support JDK 19
- java-bestpractices
- #3455: [java] WhileLoopWithLiteralBoolean - false negative with complex expressions
- java-design
- java-performance
- #3625: [java] AddEmptyString - false negative with empty var
- lua
- #4061: [lua] Fix several related Lua parsing issues found when using CPD
- test
API Changes
CPD CLI
- CPD has a new CLI option
--debug
. This option has the same behavior as in PMD. It enables more verbose logging output.
Rule Test Framework
- The module “pmd-test”, which contains support classes to write rule tests, now requires Java 8. If you depend on this module for testing your own custom rules, you’ll need to make sure to use at least Java 8.
- The new module “pmd-test-schema” contains now the XSD schema and the code to parse the rule test XML files. The schema has been extracted in order to easily share it with other tools like the Rule Designer or IDE plugins.
- Test schema changes:
- The attribute
isRegressionTest
oftest-code
is deprecated. The new attributedisabled
should be used instead for defining whether a rule test should be skipped or not. - The attributes
reinitializeRule
anduseAuxClasspath
oftest-code
are deprecated and assumed true. They will not be replaced. - The new attribute
focused
oftest-code
allows disabling all tests except the focused one temporarily.
- The attribute
- More information about the rule test framework can be found in the documentation: Testing your rules
Deprecated API
- The experimental Java AST class
ASTGuardedPattern
has been deprecated and will be removed. It was introduced for Java 17 and Java 18 Preview as part of pattern matching for switch, but it is no longer supported with Java 19 Preview. - The interface
CPDRenderer
is deprecated. For custom CPD renderers the new interfaceCPDReportRenderer
should be used. - The class
TestDescriptor
is deprecated, replaced withRuleTestDescriptor
. - Many methods of
RuleTst
have been deprecated as internal API.
Experimental APIs
- To support the Java preview language features “Pattern Matching for Switch” and “Record Patterns”, the following AST nodes have been introduced as experimental:
Internal API
Those APIs are not intended to be used by clients, and will be hidden or removed with PMD 7.0.0.
You can identify them with the @InternalApi
annotation. You’ll also get a deprecation warning.
CPDConfiguration#setRenderer
CPDConfiguration#setCPDRenderer
CPDConfiguration#getRenderer
CPDConfiguration#getCPDRenderer
CPDConfiguration#getRendererFromString
CPDConfiguration#getCPDRendererFromString
CPDRendererAdapter
Financial Contributions
Many thanks to our sponsors:
- Matt Hargett (@matthargett)
External Contributions
- #3984: [java] Fix AddEmptyString false-negative issue - @LiGaOg
- #3988: [java] Modify WhileLoopWithLiteralBoolean to meet the missing case #3455 - @VoidxHoshi
- #3992: [java] FinalFieldCouldBeStatic - fix false negative with unnecessary parenthesis - @dalizi007
- #3994: [java] TooManyMethods - improve getter/setter detection (#3729) - @341816041
- #4017: Add Gherkin support to CPD - @ASBrouwers
- #4021: [core] CPD: Add total number of tokens to XML reports - @maikelsteneker
- #4056: [apex] ApexSOQLInjection: Add support count query - @gwilymatgearset
- #4061: [lua] Fix several related Lua parsing issues found when using CPD - @matthargett
Stats
- 102 commits
- 26 closed tickets & PRs
- Days since last release: 35
25-June-2022 - 6.47.0
The PMD team is pleased to announce PMD 6.47.0.
This is a minor release.
Table Of Contents
Fixed Issues
- core
- java-bestpractices
- java-design
- #3823: [java] ImmutableField: Do not flag fields in @Entity
- #3981: [java] ImmutableField reports fields annotated with @Value (Spring)
- #3998: [java] ImmutableField reports fields annotated with @Captor (Mockito)
- #4004: [java] ImmutableField reports fields annotated with @GwtMock (GwtMockito) and @Spy (Mockito)
- #4008: [java] ImmutableField not reporting fields that are only initialized in the declaration
- #4011: [java] ImmutableField: Do not flag fields annotated with @Inject
- #4020: [java] ImmutableField reports fields annotated with @FindBy and @FindBys (Selenium)
- java-errorprone
API Changes
No changes.
External Contributions
- #3985: [java] Fix false negative problem about Enum in AvoidFieldNameMatchingMethodName #3936 - @Scrsloota
- #3993: [java] AvoidDuplicateLiterals - Add the method “buz” definition to test cases - @dalizi007
- #4002: [java] ImmutableField - Ignore fields annotated with @Value (Spring) or @Captor (Mockito) - @jjlharrison
- #4003: [java] UnusedPrivateField - Ignore fields annotated with @Id/@EmbeddedId/@Version (JPA) or @Mock/@Spy/@MockBean (Mockito/Spring) - @jjlharrison
- #4006: [doc] Fix eclipse plugin update site URL - @shiomiyan
- #4010: [core] Bump kotlin to version 1.7.0 - @maikelsteneker
Stats
- 45 commits
- 23 closed tickets & PRs
- Days since last release: 27
28-May-2022 - 6.46.0
The PMD team is pleased to announce PMD 6.46.0.
This is a minor release.
Table Of Contents
New and noteworthy
CLI improvements
The PMD CLI now allows repeating the --dir
(-d
) and --rulesets
(-R
) options,
as well as providing several space-separated arguments to either of them. For instance:
pmd -d src/main/java src/test/java -R rset1.xml -R rset2.xml
This also allows globs to be used on the CLI if your shell supports shell expansion. For instance, the above can be written
pmd -d src/*/java -R rset*.xml
Please use theses new forms instead of using comma-separated lists as argument to these options.
C# Improvements
When executing CPD on C# sources, the option --ignore-annotations
is now supported as well.
It ignores C# attributes when detecting duplicated code. This option can also be enabled via
the CPD GUI. See #3974 for details.
New Rules
This release ships with 2 new Java rules.
-
EmptyControlStatement
reports many instances of empty things, e.g. control statements whose body is empty, as well as empty initializers.EmptyControlStatement also works for empty
for
anddo
loops, while there were previously no corresponding rules.This new rule replaces the rules EmptyFinallyBlock, EmptyIfStmt, EmptyInitializer, EmptyStatementBlock, EmptySwitchStatements, EmptySynchronizedBlock, EmptyTryBlock, and EmptyWhileStmt.
<rule ref="category/java/codestyle.xml/EmptyControlStatement"/>
The rule is part of the quickstart.xml ruleset.
-
UnnecessarySemicolon
reports semicolons that are unnecessary (so called “empty statements” and “empty declarations”).This new rule replaces the rule EmptyStatementNotInLoop.
<rule ref="category/java/codestyle.xml/UnnecessarySemicolon"/>
The rule is part of the quickstart.xml ruleset.
Deprecated Rules
- The following Java rules are deprecated and removed from the quickstart ruleset, as the new rule
EmptyControlStatement
merges their functionality: - The Java rule
EmptyStatementNotInLoop
is deprecated and removed from the quickstart ruleset. Use the new ruleUnnecessarySemicolon
instead.
Fixed Issues
- cli
- #1445: [core] Allow CLI to take globs as parameters
- core
- cs (c#)
- #3974: [cs] Add option to ignore C# attributes (annotations)
- go
- #2752: [go] Error parsing unicode values
- html
- java
- #3423: [java] Error processing identifiers with Unicode
- java-bestpractices
- #3954: [java] NPE in UseCollectionIsEmptyRule when .size() is called in a record
- java-design
- #3874: [java] ImmutableField reports fields annotated with @Autowired (Spring) and @Mock (Mockito)
- java-errorprone
- #3096: [java] EmptyStatementNotInLoop FP in 6.30.0 with IfStatement
- java-performance
- javascript
- python
- #2604: [python] Support unicode identifiers
API Changes
Deprecated ruleset references
Ruleset references with the following formats are now deprecated and will produce a warning when used on the CLI or in a ruleset XML file:
<lang-name>-<ruleset-name>
, egjava-basic
, which resolves torulesets/java/basic.xml
- the internal release number, eg
600
, which resolves torulesets/releases/600.xml
Use the explicit forms of these references to be compatible with PMD 7.
Deprecated API
toString
is now deprecated. The format of this method will remain the same until PMD 7. The deprecation is intended to steer users away from relying on this format, as it may be changed in PMD 7.getInputPaths
andsetInputPaths
are now deprecated. A new set of methods have been added, which use lists and do not rely on comma splitting.
Internal API
Those APIs are not intended to be used by clients, and will be hidden or removed with PMD 7.0.0.
You can identify them with the @InternalApi
annotation. You’ll also get a deprecation warning.
CPDCommandLineInterface
has been internalized. In order to execute CPD eitherCPD#run
orCPD#main
should be used.- Several members of
BaseCPDCLITest
have been deprecated with replacements. - The methods
Formatter#start
,Formatter#end
,Formatter#getRenderer
, andFormatter#isNoOutputSupplied
have been internalized.
External Contributions
- #3961: [java] Fix #3954 - NPE in UseCollectionIsEmptyRule with record - @flyhard
- #3964: [java] Fix #3874 - ImmutableField: fix mockito/spring false positives - @lukelukes
- #3974: [cs] Add option to ignore C# attributes (annotations) - @maikelsteneker
Stats
- 92 commits
- 30 closed tickets & PRs
- Days since last release: 28
30-April-2022 - 6.45.0
The PMD team is pleased to announce PMD 6.45.0.
This is a minor release.
Table Of Contents
New and noteworthy
PMD User Survey
Help shape the future of PMD by telling us how you use it.
Our little survey is still open in case you didn’t participate yet. Please participate in our survey at https://forms.gle/4d8r1a1RDzfixHDc7.
Thank you!
Support for HTML
This version of PMD ships a new language module to support analyzing of HTML. Support for HTML is experimental and might change without notice. The language implementation is not complete yet and the AST doesn’t look well for text nodes and comment nodes and might be changed in the future. You can write your own rules, but we don’t guarantee that the rules work with the next (minor) version of PMD without adjustments.
Please give us feedback about how practical this new language is in discussions. Please report missing features or bugs as new issues.
New rules
- The HTML rule
AvoidInlineStyles
finds elements which use a style attribute. In order to help maintaining a webpage it is considered good practice to separate content and styles. Instead of inline styles one should use CSS files and classes.
<rule ref="category/html/bestpractices.xml/AvoidInlineStyles" />
- The HTML rule
UnnecessaryTypeAttribute
finds “link” and “script” elements which still have a “type” attribute. This is not necessary anymore since modern browsers automatically use CSS and JavaScript.
<rule ref="category/html/bestpractices.xml/UnnecessaryTypeAttribute" />
- The HTML rule
UseAltAttributeForImages
finds “img” elements without an “alt” attribute. An alternate text should always be provided in order to help screen readers.
<rule ref="category/html/bestpractices.xml/UseAltAttributeForImages" />
Modified rules
- The Java rule
UnusedPrivateField
has a new propertyignoredFieldNames
. The default ignores serialization-specific fields (egserialVersionUID
). The property can be used to ignore more fields based on their name. Note that the rule used to ignore fields namedIDENT
, but doesn’t anymore (add this value to the property to restore the old behaviour).
Fixed Issues
- core
- doc
- #2505: [doc] Improve side bar to show release date
- java
- java-bestpractices
- #3910: [java] UnusedPrivateField - Allow the ignored fieldnames to be configurable
- #1185: [java] ArrayIsStoredDirectly false positive with field access
- #1474: [java] ArrayIsStoredDirectly false positive with method call
- #3879 [java] ArrayIsStoredDirectly reports duplicated violation
- #3929: [java] ArrayIsStoredDirectly should report the assignment rather than formal parameter
- java-design
- #3603: [java] SimplifiedTernary: no violation for ‘condition ? true : false’ case
- java-performance
- #3867: [java] UseArraysAsList with method call
- plsql
API Changes
Experimental APIs
- Report has two new methods which allow limited mutations of a given report:
Report#filterViolations
creates a new report with some violations removed with a given predicate based filter.Report#union
can combine two reports into a single new Report.
net.sourceforge.pmd.util.Predicate
will be replaced in PMD7 with the standard Predicate interface from java8.- The module
pmd-html
is entirely experimental right now. Anything in the packagenet.sourceforge.pmd.lang.html
should be used cautiously.
External Contributions
- #3883: [doc] Improve side bar by Adding Release Date - @jasonqiu98
- #3910: [java] UnusedPrivateField - Allow the ignored fieldnames to be configurable - @laoseth
- #3928: [plsql] Fix plsql parsing error in parenthesis groups - @LiGaOg
- #3935: [plsql] Fix parser exception in EXECUTE IMMEDIATE BULK COLLECT #3687 - @Scrsloota
- #3938: [java] Modify SimplifiedTernary to meet the missing case #3603 - @VoidxHoshi
- #3943: chore: Set permissions for GitHub actions - @naveensrinivasan
Stats
- 97 commits
- 31 closed tickets & PRs
- Days since last release: 33
27-March-2022 - 6.44.0
The PMD team is pleased to announce PMD 6.44.0.
This is a minor release.
Table Of Contents
New and noteworthy
PMD User Survey
Help shape the future of PMD by telling us how you use it.
Please participate in our survey at https://forms.gle/4d8r1a1RDzfixHDc7.
Thank you!
Java 18 Support
This release of PMD brings support for Java 18. There are no new standard language features.
PMD also supports JEP 420: Pattern Matching for switch (Second Preview) as a
preview language feature. In order to analyze a project with PMD that uses these language features,
you’ll need to enable it via the environment variable PMD_JAVA_OPTS
and select the new language
version 18-preview
:
export PMD_JAVA_OPTS=--enable-preview
./run.sh pmd -language java -version 18-preview ...
Note: Support for Java 16 preview language features have been removed. The version “16-preview” is no longer available.
Better XML XPath support
The new rule class DomXPathRule
is intended to replace
usage of the XPathRule
for XML rules. This rule executes the XPath query in a different
way, which sticks to the XPath specification. This means the expression is interpreted
the same way in PMD as in all other XPath development tools that stick to the standard.
You can for instance test the expression in an online XPath editor.
Prefer using this class to define XPath rules: replace the value of the class
attribute with net.sourceforge.pmd.lang.xml.rule.DomXPathRule
like so:
<rule name="MyXPathRule"
language="xml"
message="A message"
class="net.sourceforge.pmd.lang.xml.rule.DomXPathRule">
<properties>
<property name="xpath">
<value><![CDATA[
/a/b/c[@attr = "5"]
]]></value>
</property>
<!-- Note: the property "version" is ignored, remove it. The query is XPath 2. -->
</properties>
</rule>
The rule is more powerful than XPathRule
, as it can now handle XML namespaces,
comments and processing instructions. Please refer to the Javadoc of DomXPathRule
for information about the differences with XPathRule
and examples.
XPathRule
is still perfectly supported for all other languages, including Apex and Java.
New XPath functions
The new XPath functions pmd:startLine
, pmd:endLine
, pmd:startColumn
,
and pmd:endColumn
are now available in XPath rules for all languages. They
replace the node attributes @BeginLine
, @EndLine
and such. These attributes
will be deprecated in a future release.
Please refer to the documentation of these functions for more information, including usage samples.
Note that the function pmd:endColumn
returns an exclusive index, while the
attribute @EndColumn
is inclusive. This is for forward compatibility with PMD 7,
which uses exclusive end indices.
New programmatic API
This release introduces a new programmatic API to replace the inflexible PMD
class.
Programmatic execution of PMD should now be done with a PMDConfiguration
and a PmdAnalysis
, for instance:
PMDConfiguration config = new PMDConfiguration();
config.setDefaultLanguageVersion(LanguageRegistry.findLanguageByTerseName("java").getVersion("11"));
config.setInputPaths("src/main/java");
config.prependAuxClasspath("target/classes");
config.setMinimumPriority(RulePriority.HIGH);
config.addRuleSet("rulesets/java/quickstart.xml");
config.setReportFormat("xml");
config.setReportFile("target/pmd-report.xml");
try (PmdAnalysis pmd = PmdAnalysis.create(config)) {
// note: don't use `config` once a PmdAnalysis has been created.
// optional: add more rulesets
pmd.addRuleSet(pmd.newRuleSetLoader().loadFromResource("custom-ruleset.xml"));
// optional: add more files
pmd.files().addFile(Paths.get("src", "main", "more-java", "ExtraSource.java"));
// optional: add more renderers
pmd.addRenderer(renderer);
// or just call PMD
pmd.performAnalysis();
}
The PMD
class still supports methods related to CLI execution: runPmd
and main
.
All other members are now deprecated for removal.
The CLI itself remains compatible, if you run PMD via command-line, no action is required on your part.
Fixed Issues
- apex
- #3817: [apex] Add designer bindings to display main attributes
- apex-performance
- #3773: [apex] EagerlyLoadedDescribeSObjectResult false positives with SObjectField.getDescribe()
- core
- java
- #3809: [java] Support JDK 18
- doc
- java-design
- xml
API Changes
Deprecated API
- Several members of
PMD
have been newly deprecated, including:PMD#EOL
: useSystem#lineSeparator()
PMD#SUPPRESS_MARKER
: useDEFAULT_SUPPRESS_MARKER
PMD#processFiles
: use the new programmatic APIPMD#getApplicableFiles
: is internal
PMDConfiguration#prependClasspath
is deprecated in favour ofprependAuxClasspath
.PMDConfiguration#setRuleSets
andgetRuleSets
are deprecated. Use insteadsetRuleSets
,addRuleSet
, andgetRuleSetPaths
.- Several members of
BaseCLITest
have been deprecated with replacements. -
Several members of
PMDCommandLineInterface
have been explicitly deprecated. The whole class however was deprecated long ago already with 6.30.0. It is internal API and should not be used. - In modelica, the rule classes
AmbiguousResolutionRule
andConnectUsingNonConnector
have been deprecated, since they didn’t comply to the usual rule class naming conventions yet. The replacements are in the subpackagebestpractices
.
Experimental APIs
-
Together with the new programmatic API the interface
TextFile
has been added as experimental. It intends to replaceDataSource
andSourceCode
in the long term.This interface will change in PMD 7 to support read/write operations and other things. You don’t need to use it in PMD 6, as
FileCollector
decouples you from this. A file collector is available throughPmdAnalysis#files
.
External Contributions
- #3773: [apex] EagerlyLoadedDescribeSObjectResult false positives with SObjectField.getDescribe() - @filiprafalowicz
- #3811: [doc] Improve “Edit me on github” button - @btjiong
- #3836: [doc] Make TOC scrollable when too many subheadings - @JerritEic
Stats
- 124 commits
- 23 closed tickets & PRs
- Days since last release: 29
26-February-2022 - 6.43.0
The PMD team is pleased to announce PMD 6.43.0.
This is a minor release.
Table Of Contents
New and noteworthy
Fixed Issues
- core
- doc
- java
- #3698: [java] Parsing error with try-with-resources and qualified resource
- java-bestpractices
- #3605: [java] SwitchStmtsShouldHaveDefault triggered when default case is present
- java-codestyle
- #278: [java] ConfusingTernary should treat
!= null
as positive condition
- #278: [java] ConfusingTernary should treat
- java-performance
- #3374: [java] UseStringBufferForStringAppends: Wrong example in documentation
- misc
- #3759: [lang-test] Upgrade dokka maven plugin to 1.4.32
- plsql
- #3746: [plsql] Parsing exception “Less than or equal to/Greater than or equal to” operators in DML statements
API Changes
Deprecated API
Some API deprecations were performed in core PMD classes, to improve compatibility with PMD 7.
Report
: the constructor and other construction methods like addViolation or createReportRuleContext
: all constructors, getters and setters. A new set of stable methods, matching those in PMD 7, was added to replace theaddViolation
overloads ofAbstractRule
. In PMD 7,RuleContext
will be the API to report violations, and it can already be used as such in PMD 6.- The field
configuration
is unused and will be removed.
Internal API
Those APIs are not intended to be used by clients, and will be hidden or removed with PMD 7.0.0.
You can identify them with the @InternalApi
annotation. You’ll also get a deprecation warning.
RuleSet
: methods that serve to apply rules, includingapply
,start
,end
,removeDysfunctionalRules
AbstractAccumulatingRenderer#renderFileReport
is internal API and should not be overridden in own renderers.
Changed API
It is now forbidden to report a violation:
- With a
null
node - With a
null
message - With a
null
set of format arguments (prefer a zero-length array)
Note that the message is set from the XML rule declaration, so this is only relevant if you instantiate rules manually.
RuleContext
now requires setting the current rule before calling
apply
. This is
done automatically by RuleSet#apply
and such. Creating and configuring a
RuleContext
manually is strongly advised against, as the lifecycle of RuleContext
will change drastically in PMD 7.
External Contributions
- #3767: [core] Update GUI.java - Vyom Yadav
- #3804: [doc] Add floating table of contents (issue #2502) - JerritEic
Stats
- 49 commits
- 22 closed tickets & PRs
- Days since last release: 27
29-January-2022 - 6.42.0
The PMD team is pleased to announce PMD 6.42.0.
This is a minor release.
Table Of Contents
New and noteworthy
Javascript: Rhino updated to latest version 1.7.14
Rhino, the implementation of JavaScript we use for parsing JavaScript code, has been updated to the latest version 1.7.14. Now language features like template strings can be parsed. However Rhino does not support all features of the latest EcmaScript standard.
New rules
- The new Java rule
FinalParameterInAbstractMethod
detects parameters that are declared as final in interfaces or abstract methods. Declaring the parameters as final is useless because the implementation may choose to not respect it.
<rule ref="category/java/codestyle.xml/FinalParameterInAbstractMethod" />
The rule is part of the quickstart.xml ruleset.
Modified rules
- The Apex rule
ApexDoc
has a new propertyreportProperty
. If set tofalse
(default istrue
if unspecified) doesn’t report missing ApexDoc comments on properties. It allows you to enforce ApexDoc comments for classes and methods without requiring them for properties.
Fixed Issues
- core
- #3328: [core] designer.bat errors when JAVAFX_HOME contains spaces
- java
- #3698: [java] Error resolving Symbol Table
- java-bestpractices
- java-design
- #3679: [java] Make FinalFieldCouldBeStatic detect constant variable
- java-errorprone
- #3644: [java] InvalidLogMessageFormat: false positives with logstash structured logging
- #3686: [java] ReturnEmptyCollectionRatherThanNull - false negative with conditioned returns
- #3701: [java] MissingStaticMethodInNonInstantiatableClass false positive with method inner classes
- #3721: [java] ReturnEmptyCollectionRatherThanNull - false positive with stream and lambda
- java-performance
- javascript
- #3703: [javascript] Error - no Node adapter class registered for XmlPropRef
API Changes
No changes.
External Contributions
- #3631: [java] Fixed False positive for UselessStringValueOf when there is no initial String to append to - John Armgardt
- #3683: [java] Fixed 3468 UnusedPrivateMethod false positive when outer class calls private static method on inner class - John Armgardt
- #3688: [java] Bump log4j to 2.16.0 - Sergey Nuyanzin
- #3693: [apex] ApexDoc: Add reportProperty property - Steve Babula
- #3704: [java] Fix for #3686 - Fix ReturnEmptyCollectionRatherThanNull - Oleksii Dykov
- #3713: [java] Enhance UnnecessaryModifier to support records - Vincent Galloy
- #3719: [java] Upgrade log4j to 2.17.1 - Daniel Paul Searles
- #3720: [java] New rule: FinalParameterInAbstractMethod - Vincent Galloy
- #3724: [java] Fix for #3679 - fix FinalFieldCouldBeStatic - Oleksii Dykov
- #3727: [java] #3724 - fix FinalFieldCouldBeStatic: triggers only if the referenced name is static - Oleksii Dykov
- #3742: [java] Fix #3701 - fix MissingStaticMethodInNonInstantiatableClass for method local classes - Oleksii Dykov
- #3744: [core] Updated SaxonXPathRuleQueryTest.java - Vyom Yadav
- #3745: [java] Fix #3712: InsufficientStringBufferDeclaration setLength false positive - Daniel Gredler
- #3747: [visualforce] Updated DataType.java - Vyom Yadav
Stats
- 88 commits
- 35 closed tickets & PRs
- Days since last release: 62
27-November-2021 - 6.41.0
The PMD team is pleased to announce PMD 6.41.0.
This is a minor release.
Table Of Contents
New and noteworthy
GitHub Action for PMD
PMD now has its own official GitHub Action: GitHub Action for PMD. It can execute PMD with your own ruleset against your project. It creates a SARIF report which is uploaded as a build artifact. Furthermore the build can be failed based on the number of violations.
Feedback and pull requests are welcome at https://github.com/pmd/pmd-github-action.
Last release in 2021
This minor release will be the last one in 2021. The next release is scheduled to be end of January 2022.
Fixed Issues
- core
- java-bestpractices
- #3595: [java] PrimitiveWrapperInstantiation: no violation on ‘new Boolean(val)’
- #3613: [java] ArrayIsStoredDirectly doesn’t consider nested classes
- #3614: [java] JUnitTestsShouldIncludeAssert doesn’t consider nested classes
- #3618: [java] UnusedFormalParameter doesn’t consider anonymous classes
- #3630: [java] MethodReturnsInternalArray doesn’t consider anonymous classes
- java-design
- #3620: [java] SingularField doesn’t consider anonymous classes defined in non-private fields
- java-errorprone
- #3624: [java] TestClassWithoutTestCases reports wrong classes in a file
- java-performance
- #3491: [java] UselessStringValueOf: False positive when
valueOf(char [], int, int)
is used
- #3491: [java] UselessStringValueOf: False positive when
API Changes
Command Line Interface
The command line options for PMD and CPD now use GNU-syle long options format. E.g. instead of -rulesets
the
preferred usage is now --rulesets
. Alternatively one can still use the short option -R
.
Some options also have been renamed to a more consistent casing pattern at the same time
(--fail-on-violation
instead of -failOnViolation
).
The old single-dash options are still supported but are deprecated and will be removed with PMD 7.
This change makes the command line interface more consistent within PMD and also less surprising
compared to other cli tools.
The changes in detail for PMD:
old option | new option |
---|---|
-rulesets |
--rulesets (or -R ) |
-uri |
--uri |
-dir |
--dir (or -d ) |
-filelist |
--file-list |
-ignorelist |
--ignore-list |
-format |
--format (or -f ) |
-debug |
--debug |
-verbose |
--verbose |
-help |
--help |
-encoding |
--encoding |
-threads |
--threads |
-benchmark |
--benchmark |
-stress |
--stress |
-shortnames |
--short-names |
-showsuppressed |
--show-suppressed |
-suppressmarker |
--suppress-marker |
-minimumpriority |
--minimum-priority |
-property |
--property |
-reportfile |
--report-file |
-force-language |
--force-language |
-auxclasspath |
--aux-classpath |
-failOnViolation |
--fail-on-violation |
--failOnViolation |
--fail-on-violation |
-norulesetcompatibility |
--no-ruleset-compatibility |
-cache |
--cache |
-no-cache |
--no-cache |
The changes in detail for CPD:
old option | new option |
---|---|
--failOnViolation |
--fail-on-violation |
-failOnViolation |
--fail-on-violation |
--filelist |
--file-list |
External Contributions
- #3600: [core] Implement GNU-style long options and ‘–version’ - Yang
- #3612: [java] Created fix for UselessStringValueOf false positive - John Armgardt
- #3648: [doc] Rename Code Inspector to Codiga - Julien Delange
Stats
- 80 commits
- 23 closed tickets & PRs
- Days since last release: 28
30-October-2021 - 6.40.0
The PMD team is pleased to announce PMD 6.40.0.
This is a minor release.
Table Of Contents
New and noteworthy
Updated Apex Support
- The Apex language support has been bumped to version 54.0 (Spring ‘22).
New rules
- The new Apex rule
EagerlyLoadedDescribeSObjectResult
findsDescribeSObjectResult
s which could have been loaded eagerly viaSObjectType.getDescribe()
.
<rule ref="category/apex/performance.xml/EagerlyLoadedDescribeSObjectResult" />
Modified rules
-
The Apex rule
ApexUnitTestClassShouldHaveAsserts
has a new propertyadditionalAssertMethodPattern
. When specified the pattern is evaluated against each invoked method name to determine whether it represents a test assertion in addition to the standard names. -
The Apex rule
ApexDoc
has a new propertyreportMissingDescription
. If set tofalse
(default istrue
if unspecified) doesn’t report an issue if the@description
tag is missing. This is consistent with the ApexDoc dialect supported by derivatives such as SfApexDoc and also with analogous documentation tools for other languages, e.g., JavaDoc, ESDoc/JSDoc, etc. -
The Apex rule
ApexCRUDViolation
has a couple of new properties: These allow specification of regular-expression-based patterns for additional methods that should be considered valid for pre-CRUD authorization beyond those offered by the system Apex checks and ESAPI, e.g.,sirono-common
’sAuthorizationUtil
class. Two new properties have been added per-CRUD operation, one to specify the naming pattern for a method that authorizes that operation and another to specify the argument passed to that method that contains theSObjectType
instance of the type being authorized. Here is an example of these new properties:<rule ref="category/apex/security.xml/ApexCRUDViolation" message="..."> <priority>3</priority> <properties> <property name="createAuthMethodPattern" value="AuthorizationUtil\.(is|assert)(Createable|Upsertable)"/> <!-- There's one of these properties for each operation, and the default value is 0 so this is technically superfluous, but it's included it here for example purposes. --> <property name="createAuthMethodTypeParamIndex" value="0"/> <property name="readAuthMethodPattern" value="AuthorizationUtil\.(is|assert)Accessible"/> <property name="updateAuthMethodPattern" value="AuthorizationUtil\.(is|assert)(Updateable|Upsertable)"/> <property name="deleteAuthMethodPattern" value="AuthorizationUtil\.(is|assert)Deletable"/> <property name="undeleteAuthMethodPattern" value="AuthorizationUtil\.(is|assert)Undeletable"/> <property name="mergeAuthMethodPattern" value="AuthorizationUtil\.(is|assert)Mergeable"/> </properties> </rule>
-
The Apex rule
EmptyStatementBlock
has two new properties:Setting
reportEmptyPrivateNoArgConstructor
tofalse
ignores empty private no-arg constructors that are commonly used in singleton pattern implementations and utility classes in support of prescribed best practices.Setting
reportEmptyVirtualMethod
tofalse
ignores empty virtual methods that are commonly used in abstract base classes as default no-op implementations when derived classes typically only override a subset of virtual methods.By default, both properties are
true
to not change the default behaviour of this rule. -
The Apex rule
EmptyCatchBlock
has two new properties modeled after the analogous Java rule:The
allowCommentedBlocks
property, when set totrue
(defaults tofalse
), ignores empty blocks containing comments, e.g.:try { doSomethingThatThrowsAnExpectedException(); System.assert(false, 'Expected to catch an exception.'); } catch (Exception e) { // Expected }
The
allowExceptionNameRegex
property is a regular expression for exception variable names for which empty catch blocks should be ignored by this rule. For example, using the default property value of^(ignored|expected)$
, the following empty catch blocks will not be reported:try { doSomethingThatThrowsAnExpectedException(); System.assert(false, 'Expected to catch an exception.'); } catch (IllegalStateException ignored) { } catch (NumberFormatException expected) { }
-
The Apex rule
OneDeclarationPerLine
has a new propertyreportInForLoopInitializer
: If set tofalse
(default istrue
if unspecified) doesn’t report an issue for multiple declarations in afor
loop’s initializer section. This is support the common idiom of one declaration for the loop variable and another for the loop bounds condition, e.g.,for (Integer i = 0, numIterations = computeNumIterations(); i < numIterations; i++) { }
-
The Java rule
ClassNamingConventions
uses a different default value of the propertyutilityClassPattern
: This rule was detecting utility classes by default since PMD 6.3.0 and enforcing the naming convention that utility classes has to be suffixed with Util or Helper or Constants. However this turned out to be not so useful as a default configuration, as there is no standard naming convention for utility classes.With PMD 6.40.0, the default value of this property has been changed to
[A-Z][a-zA-Z0-9]*
(Pascal case), effectively disabling the special handling of utility classes. This is the same default pattern used for concrete classes.This means, that the feature to enforce a naming convention for utility classes is now a opt-in feature and can be enabled on demand.
To use the old behaviour, the property needs to be configured as follows:
<rule ref="category/java/codestyle.xml/ClassNamingConventions"> <properties> <property name="utilityClassPattern" value="[A-Z][a-zA-Z0-9]+(Utils?|Helper|Constants)" /> </properties> </rule>
Fixed Issues
- apex
- #1089: [apex] ApexUnitTestClassShouldHaveAsserts: Test asserts in other methods not detected
- #1090: [apex] ApexCRUDViolation: checks not detected if done in another method
- #3532: [apex] Promote usage of consistent getDescribe() info
- #3566: [apex] ApexDoc rule should not require “@description”
- #3568: [apex] EmptyStatementBlock: should provide options to ignore empty private constructors and empty virtual methods
- #3569: [apex] EmptyCatchBlock: should provide an option to ignore empty catch blocks in test methods
- #3570: [apex] OneDeclarationPerLine: should provide an option to ignore multiple declarations in a for loop initializer
- #3576: [apex] ApexCRUDViolation should provide an option to specify additional patterns for methods that encapsulate authorization checks
- #3579: [apex] ApexCRUDViolation: false negative with undelete
- java-bestpractices
- #3542: [java] MissingOverride: False negative for enum method
- java-codestyle
- java-errorprone
- #3560: [java] InvalidLogMessageFormat: False positive with message and exception in a block inside a lambda
- java-performance
- #2364: [java] AddEmptyString false positive in annotation value
- java-security
- #3368: [java] HardcodedCryptoKey false negative with variable assignments
API Changes
Experimental APIs
- The interface
ASTCommentContainer
has been added to the Apex AST. It provides a way to check whether a node contains at least one comment. Currently this is only implemented forASTCatchBlockStatement
and used by the ruleEmptyCatchBlock
. This information is also available via XPath attribute@ContainsComment
.
External Contributions
- #3538: [apex] New rule EagerlyLoadedDescribeSObjectResult - Jonathan Wiesel
- #3549: [java] Ignore AddEmptyString rule in annotations - Stanislav Myachenkov
- #3561: [java] InvalidLogMessageFormat: False positive with message and exception in a block inside a lambda - Nicolas Filotto
- #3565: [doc] Fix resource leak due to Files.walk - lujiefsi
- #3571: [apex] Fix for #1089 - Added new configuration property additionalAssertMethodPattern to ApexUnitTestClassShouldHaveAssertsRule - Scott Wells
- #3572: [apex] Fix for #3566 - Added new configuration property reportMissingDescription to ApexDocRule - Scott Wells
- #3573: [apex] Fix for #3568 - Added new configuration properties reportEmptyPrivateNoArgConstructor and reportEmptyVirtualMethod to EmptyStatementBlock - Scott Wells
- #3574: [apex] Fix for #3569 - Added new configuration properties allowCommentedBlocks and allowExceptionNameRegex to EmptyCatchBlock - Scott Wells
- #3575: [apex] Fix for #3570 - Added new configuration property reportInForLoopInitializer to OneDeclarationPerLine - Scott Wells
- #3577: [apex] Fix for #3576 - Added new configuration properties *AuthMethodPattern and *AuthMethodTypeParamIndex to ApexCRUDViolation rule - Scott Wells
- #3578: [apex] ApexCRUDViolation: Documentation changes for #3576 - Scott Wells
- #3580: [doc] Release notes updates for the changes in issue #3569 - Scott Wells
- #3581: [apex] #3569 - Requested changes for code review feedback - Scott Wells
Stats
- 72 commits
- 37 closed tickets & PRs
- Days since last release: 34
25-September-2021 - 6.39.0
The PMD team is pleased to announce PMD 6.39.0.
This is a minor release.
Table Of Contents
New and noteworthy
All Contributors
PMD follows the All Contributors specification. Contributions of any kind welcome!
See credits for our complete contributors list.
Fixed Issues
- core
- #3499: [core] Fix XPath rulechain with combined node tests
- java-errorprone
- #3493: [java] AvoidAccessibilityAlteration: add tests and fix rule
- javascript
- #3516: [javascript] NPE while creating rule violation when specifying explicit line numbers
- plsql
API Changes
No changes.
External Contributions
- #3516: [javascript] NPE while creating rule violation when specifying explicit line numbers - Kevin Guerra
Stats
- 37 commits
- 10 closed tickets & PRs
- Days since last release: 27
28-August-2021 - 6.38.0
The PMD team is pleased to announce PMD 6.38.0.
This is a minor release.
Table Of Contents
Fixed Issues
- apex
- core
- #3446: [core] Allow XPath rules to access the current file name
- java-bestpractices
- #3403: [java] MethodNamingConventions junit5TestPattern does not detect parameterized tests
External Contributions
- #3445: [java] Fix #3403 about MethodNamingConventions and JUnit5 parameterized tests - Cyril Sicard
- #3470: [apex] Fix ApexCRUDViolationRule - add super call - Josh Feingold
Stats
- 32 commits
- 8 closed tickets & PRs
- Days since last release: 27
31-July-2021 - 6.37.0
The PMD team is pleased to announce PMD 6.37.0.
This is a minor release.
Table Of Contents
New and noteworthy
Java 17 Support
This release of PMD brings support for Java 17. PMD supports JEP 409: Sealed Classes which has been promoted to be a standard language feature of Java 17.
PMD also supports JEP 406: Pattern Matching for switch (Preview) as a preview
language feature. In order to analyze a project with PMD that uses these language features, you’ll need to enable
it via the environment variable PMD_JAVA_OPTS
and select the new language version 17-preview
:
export PMD_JAVA_OPTS=--enable-preview
./run.sh pmd -language java -version 17-preview ...
Note: Support for Java 15 preview language features have been removed. The version “15-preview” is no longer available.
Updated PMD Designer
This PMD release ships a new version of the pmd-designer. For the changes, see PMD Designer Changelog.
New rules
This release ships with 3 new Java rules.
PrimitiveWrapperInstantiation
reports usages of primitive wrapper constructors. They are deprecated since Java 9 and should not be used.
<rule ref="category/java/bestpractices.xml/PrimitiveWrapperInstantiation" />
The rule is part of the quickstart.xml ruleset.
SimplifiableTestAssertion
suggests rewriting some test assertions to be more readable.
<rule ref="category/java/bestpractices.xml/SimplifiableTestAssertion" />
The rule is part of the quickstart.xml ruleset.
ReturnEmptyCollectionRatherThanNull
suggests returning empty collections / arrays instead of null.
<rule ref="category/java/errorprone.xml/ReturnEmptyCollectionRatherThanNull" />
The rule is part of the quickstart.xml ruleset.
Renamed rules
- The Java rule
MissingBreakInSwitch
has been renamed toImplicitSwitchFallThrough
(category error prone) to better reflect the rule’s purpose: The rule finds implicit fall-through cases in switch statements, which are most likely unexpected. The old rule name described only one way how to avoid a fall-through, namely usingbreak
butcontinue
,throw
andreturn
avoid a fall-through as well. This enables us to improve this rule in the future.
Deprecated rules
- The following Java rules are deprecated and removed from the quickstart ruleset,
as the new rule
SimplifiableTestAssertion
merges their functionality: -
The Java rule
ReturnEmptyArrayRatherThanNull
is deprecated and removed from the quickstart ruleset, as the new ruleReturnEmptyCollectionRatherThanNull
supersedes it. - The following Java rules are deprecated and removed from the quickstart ruleset,
as the new rule
PrimitiveWrapperInstantiation
merges their functionality: - The Java rule
UnnecessaryWrapperObjectCreation
is deprecated with no planned replacement before PMD 7. In it’s current state, the rule is not useful as it finds only contrived cases of creating a primitive wrapper and unboxing it explicitly in the same expression. In PMD 7 this and more cases will be covered by a new ruleUnnecessaryBoxing
.
Fixed Issues
- apex
- core
- java-bestpractices
- java-errorprone
- java-performance
- #3420: [java] NPE in
InefficientStringBuffering
with Records
- #3420: [java] NPE in
API Changes
PMD CLI
-
PMD has a new CLI option
-force-language
. With that a language can be forced to be used for all input files, irrespective of filenames. When using this option, the automatic language selection by extension is disabled and all files are tried to be parsed with the given language. Parsing errors are ignored and unparsable files are skipped.This option allows to use the xml language for files, that don’t use xml as extension. See also the examples on PMD CLI reference.
Experimental APIs
- The AST types and APIs around Sealed Classes are not experimental anymore:
Internal API
Those APIs are not intended to be used by clients, and will be hidden or removed with PMD 7.0.0.
You can identify them with the @InternalApi
annotation. You’ll also get a deprecation warning.
- The inner class
net.sourceforge.pmd.cpd.TokenEntry.State
is considered to be internal API. It will probably be moved away with PMD 7.
External Contributions
- #3367: [apex] Check SOQL CRUD on for loops - Jonathan Wiesel
- #3373: [apex] Add ApexCRUDViolation support for database class, inline no-arg object construction DML and inline list initialization DML - Jonathan Wiesel
- #3385: [core] CPD: Optimize –skip-lexical-errors option - Woongsik Choi
- #3388: [doc] Add Code Inspector in the list of tools - Julien Delange
- #3417: [core] Support forcing a specific language from the command-line - Aidan Harding
Stats
- 82 commits
- 29 closed tickets & PRs
- Days since last release: 35
26-June-2021 - 6.36.0
The PMD team is pleased to announce PMD 6.36.0.
This is a minor release.
Table Of Contents
New and noteworthy
Improved Incremental Analysis
Incremental Analysis has long helped our users obtain faster analysis results, however, its implementation tended to be too cautious in detecting changes to the runtime and type resolution classpaths, producing more cache invalidations than necessary. We have now improved the heuristics to remove several bogus invalidations, and slightly sped up the cache usage along the way.
PMD will now ignore:
- Non class files in classpath and jar / zip files being referenced.
- Changes to the order of file entries within a jar / zip
- Changes to file metadata within jar / zip (ie: creation and modification time, significant in multi-module / composite build projects where lateral artifacts are frequently recreated)
New rules
- The new Apex rule
AvoidDebugStatements
finds usages ofSystem.debug
calls. Debug statements contribute to longer transactions and consume Apex CPU time even when debug logs are not being captured. You can try out this rule like so:
<rule ref="category/apex/performance.xml/AvoidDebugStatements" />
- The new Apex rule
InaccessibleAuraEnabledGetter
checks that anAuraEnabled
getter is public or global. This is necessary if it is referenced in Lightning components. You can try out this rule like so:
<rule ref="category/apex/errorprone.xml/InaccessibleAuraEnabledGetter" />
Renamed rules
- The Java rule
BadComparison
has been renamed toComparisonWithNaN
to better reflect what the rule actually detects. It now considers usages ofDouble.NaN
orFloat.NaN
in more cases and fixes false negatives.
Fixed Issues
- apex
- core
- java-bestpractices
- #957: [java] GuardLogStatement: False positive with compile-time constant arguments
- #3076: [java] UnusedAssignment reports unused variable when used in increment expr
- #3114: [java] UnusedAssignment false positive when reporting unused variables
- #3315: [java] LiteralsFirstInComparisons false positive with two constants
- #3341: [java] JUnitTestsShouldIncludeAssert should support Junit 5
- #3340: [java] NullPointerException applying rule GuardLogStatement
- java-codestyle
- #3317: [java] Update UnnecessaryImport to recognize usage of imported types in javadoc’s
@exception
tag
- #3317: [java] Update UnnecessaryImport to recognize usage of imported types in javadoc’s
- java-errorprone
- #2895: [java] Improve BadComparison and rename to ComparisonWithNaN
- #3284: [java] InvalidLogMessageFormat may examine the value of a different but identically named String variable
- #3304: [java] NPE in MoreThanOneLoggerRule on a java 16 record
- #3305: [java] ConstructorCallsOverridableMethodRule IndexOutOfBoundsException on a java16 record
- #3343: [java] CloneMethodMustImplementCloneable: FN with local classes
- java-performance
API Changes
No changes.
External Contributions
- #3276: [apex] Update ApexCRUDViolation and OperationWithLimitsInLoop docs - Jonathan Wiesel
- #3306: [java] More than one logger rule test null pointer exception - Arnaud Jeansen
- #3317: [java] Update UnnecessaryImport to recognize usage of imported types in javadoc’s
@exception
tag - Piotrek Żygieło - #3319: [apex] New AvoidDebugStatements rule to mitigate performance impact - Jonathan Wiesel
- #3320: [java] Fix incorrect increment for “else if” branch in Cognitive Complexity docs - Denis Borovikov
- #3322: [apex] added rule to detect inaccessible AuraEnabled getters - Philippe Ozil
- #3323: [core] Adds fullDescription and tags in SARIF report - Clint Chester
- #3339: [java] JUnitTestsShouldIncludeAssert Tweak assertion definition to avoid false positive with modern JUnit5 - Arnaud Jeansen
Stats
- 81 commits
- 36 closed tickets & PRs
- Days since last release: 28
29-May-2021 - 6.35.0
The PMD team is pleased to announce PMD 6.35.0.
This is a minor release.
Table Of Contents
New and noteworthy
Javascript module now requires at least Java 8
The latest version of Rhino, the implementation of JavaScript we use for parsing JavaScript code, requires at least Java 8. Therefore we decided to upgrade the pmd-javascript module to Java 8 as well. This means that from now on, a Java 8 or later runtime is required in order to analyze JavaScript code. Note that PMD core still only requires Java 7.
New rules
This release ships with 3 new Java rules.
JUnit5TestShouldBePackagePrivate
enforces the convention that JUnit 5 tests should have minimal visibility. You can try out this rule like so:<rule ref="category/java/bestpractices.xml/JUnit5TestShouldBePackagePrivate" />
CognitiveComplexity
uses the cognitive complexity metric to find overly complex code. This metric improves on the similar cyclomatic complexity in several ways, for instance, it incentivizes using clearly readable shorthands and idioms. See the rule documentation for more details. You can try out this rule like so:<rule ref="category/java/design.xml/CognitiveComplexity" />
MutableStaticState
finds non-private static fields that are not final. These fields break encapsulation since these fields can be modified from anywhere within the program. You can try out this rule like so:<rule ref="category/java/design.xml/MutableStaticState" />
Modified rules
- The Java rule
CompareObjectsWithEquals
has now a new propertytypesThatCompareByReference
. With that property, you can configure types, that should be whitelisted for comparison by reference. By default,java.lang.Enum
andjava.lang.Class
are allowed, but you could add custom types here. Additionally comparisons against constants are allowed now. This makes the rule less noisy when two constants are compared. Constants are identified by looking for an all-caps identifier.
Deprecated rules
-
The java rule
DefaultPackage
has been deprecated in favor ofCommentDefaultAccessModifier
.The rule “DefaultPackage” assumes that any usage of package-access is accidental, and by doing so, prohibits using a really fundamental and useful feature of the language.
To satisfy the rule, you have to make the member public even if it doesn’t need to, or make it protected, which muddies your intent even more if you don’t intend the class to be extended, and may be at odds with other rules like
AvoidProtectedFieldInFinalClass
.The rule
CommentDefaultAccessModifier
should be used instead. It flags the same thing, but has an escape hatch. -
The Java rule
CloneThrowsCloneNotSupportedException
has been deprecated without replacement.The rule has no real value as
CloneNotSupportedException
is a checked exception and therefore you need to deal with it while implementing theclone()
method. You either need to declare the exception or catch it. If you catch it, then subclasses can’t throw it themselves explicitly. However,Object.clone()
will still throw this exception if theCloneable
interface is not implemented.Note, this rule has also been removed from the Quickstart Ruleset (
rulesets/java/quickstart.xml
).
Fixed Issues
- apex
- core
- doc
- #3230: [doc] Remove “Edit me” button for language index pages
- dist
- #2466: [dist] Distribution archive doesn’t include all batch scripts
- java
- #3269: [java] Fix NPE in MethodTypeResolution
- java-bestpractices
- #1175: [java] UnusedPrivateMethod FP with Junit 5 @MethodSource
- #2219: [java] Document Reasons to Avoid Reassigning Parameters
- #2737: [java] Fix misleading rule message on rule SwitchStmtsShouldHaveDefault with non-exhaustive enum switch
- #3236: [java] LiteralsFirstInComparisons should consider constant fields (cont’d)
- #3239: [java] PMD could enforce non-public methods for Junit5 / Jupiter test methods
- #3254: [java] AvoidReassigningParameters reports violations on wrong line numbers
- java-codestyle
- #2655: [java] UnnecessaryImport false positive for on-demand imports
- #3206: [java] Deprecate rule DefaultPackage
- #3262: [java] FieldDeclarationsShouldBeAtStartOfClass: false negative with anon classes
- #3265: [java] MethodArgumentCouldBeFinal: false negatives with interfaces and inner classes
- #3266: [java] LocalVariableCouldBeFinal: false negatives with interfaces, anon classes
- #3274: [java] OnlyOneReturn: false negative with anonymous class
- #3275: [java] UnnecessaryLocalBeforeReturn: false negatives with lambda and anon class
- java-design
- java-errorprone
- #3110: [java] Enhance CompareObjectsWithEquals with list of exceptions
- #3112: [java] Deprecate rule CloneThrowsCloneNotSupportedException
- #3205: [java] Make CompareObjectWithEquals allow comparing against constants
- #3248: [java] Documentation is wrong for SingletonClassReturningNewInstance rule
- #3249: [java] AvoidFieldNameMatchingTypeName: False negative with interfaces
- #3268: [java] ConstructorCallsOverridableMethod: IndexOutOfBoundsException with annotations
- java-performance
- #1438: [java] InsufficientStringBufferDeclaration false positive for initial calculated StringBuilder size
- javascript
API Changes
Deprecated API
PMD#doPMD
is deprecated. UsePMD#runPMD
instead.PMD#run
is deprecated. UsePMD#runPMD
instead.ThreadSafeReportListener
and the methods to use them inReport
(addListener
,getListeners
,addListeners
) are deprecated. This functionality will be replaced by another TBD mechanism in PMD 7.
External Contributions
- #3272: [apex] correction for ApexUnitTestMethodShouldHaveIsTestAnnotation false positives - William Brockhus
- #3246: [java] New Rule: MutableStaticState - Vsevolod Zholobov
- #3247: [java] New rule: JUnit5TestShouldBePackagePrivate - Arnaud Jeansen
- #3293: [java] Cognitive Complexity Metric - Denis Borovikov
- pmd.github.io#12: Update quickstart.html - Igor Lyadov
Stats
- 143 commits
- 53 closed tickets & PRs
- Days since last release: 34
24-April-2021 - 6.34.0
The PMD team is pleased to announce PMD 6.34.0.
This is a minor release.
Table Of Contents
New and noteworthy
New rules
-
The new Java rule
UseStandardCharsets
finds usages ofCharset.forName
, whereStandardCharsets
can be used instead.This rule is also part of the Quickstart Ruleset (
rulesets/java/quickstart.xml
) for Java. -
The new Java rule
UnnecessaryImport
replaces the rulesUnusedImports
,DuplicateImports
,ImportFromSamePackage
, andDontImportJavaLang
.This rule is also part of the Quickstart Ruleset (
rulesets/java/quickstart.xml
) for Java.
Modified rules
- The Apex rule
ApexCRUDViolation
does not ignore getters anymore and also flags SOQL/SOSL/DML operations without access permission checks in getters. This will produce false positives now for VF getter methods, but we can’t reliably detect, whether a getter is a VF getter or not. In such cases, the violation should be suppressed.
Deprecated rules
- java-bestpractices
UnusedImports
: use the ruleUnnecessaryImport
instead
- java-codestyle
DuplicateImports
: use the ruleUnnecessaryImport
insteadDontImportJavaLang
: use the ruleUnnecessaryImport
instead
- java-errorprone
ImportFromSamePackage
: use the ruleUnnecessaryImport
instead
Fixed Issues
- apex-performance
- #3198: [apex] OperationWithLimitsInLoopRule: Support more limit consuming static method invocations
- apex-security
- java-bestpractices
- java-codestyle
- #3128: [java] New rule UnnecessaryImport, deprecate DuplicateImports, ImportFromSamePackage, UnusedImports
- java-errorprone
API Changes
No changes.
External Contributions
- #3193: [java] New rule: UseStandardCharsets - Andrea Aime
- #3198: [apex] OperationWithLimitsInLoopRule: Support more limit consuming static method invocations - Jonathan Wiesel
- #3211: [apex] ApexCRUDViolationRule: Do not assume method is VF getter to avoid CRUD checks - Jonathan Wiesel
- #3234: [apex] ApexCRUDViolation: COUNT is indeed CRUD checkable since it exposes data (false-negative) - Jonathan Wiesel
Stats
- 74 commits
- 18 closed tickets & PRs
- Days since last release: 27
27-March-2021 - 6.33.0
The PMD team is pleased to announce PMD 6.33.0.
This is a minor release.
Table Of Contents
New and noteworthy
PLSQL parsing exclusions
The PMD PLSQL parser might not parse every valid PL/SQL code without problems. In order to still use PMD on such files, you can now mark certain lines for exclusion from the parser. More information can be found in the language specific documentation for PLSQL.
Fixed Issues
- apex-design
- #3142: [apex] ExcessiveClassLength multiple warning on the same class
- java
- java-bestpractices
- #3118: [java] UnusedPrivateMethod false positive when passing in lombok.val as argument
- #3144: [java] GuardLogStatement can have more detailed example
- #3155: [java] GuardLogStatement: False negative with unguarded method call
- #3160: [java] MethodReturnsInternalArray does not consider static final fields and fields initialized with empty array
- java-errorprone
- #2977: [java] CloseResource: false positive with reassignment detection
- #3146: [java] InvalidLogMessageFormat detection failing when String.format used
- #3148: [java] CloseResource false positive with Objects.nonNull
- #3165: [java] InvalidLogMessageFormat detection failing when String.format used in a variable
- java-performance
- plsql
- #195: [plsql] Ampersand ‘&’ causes PMD processing error in sql file - Lexical error in file
External Contributions
- #3161: [plsql] Add support for lexical parameters in SQL*Plus scripts, allow excluding lines which the parser does not understand - Henning von Bargen
- #3167: [java] Minor typo in quickstart ruleset - Austin Tice
Stats
- 49 commits
- 27 closed tickets & PRs
- Days since last release: 28
27-February-2021 - 6.32.0
The PMD team is pleased to announce PMD 6.32.0.
This is a minor release.
Table Of Contents
New and noteworthy
Java 16 Support
This release of PMD brings support for Java 16. PMD supports JEP 394: Pattern Matching for instanceof and JEP 395: Records. Both have been promoted to be a standard language feature of Java 16.
PMD also supports JEP 397: Sealed Classes (Second Preview) as a preview
language feature. In order to analyze a project with PMD that uses these language features, you’ll need to enable
it via the environment variable PMD_JAVA_OPTS
and select the new language version 16-preview
:
export PMD_JAVA_OPTS=--enable-preview
./run.sh pmd -language java -version 16-preview ...
Note: Support for Java 14 preview language features have been removed. The version “14-preview” is no longer available.
Modified Rules
- The Apex rule
ApexDoc
has two new properties:reportPrivate
andreportProtected
. Previously the rule only considered public and global classes, methods, and properties. With these properties, you can verify the existence of ApexDoc comments for private and protected methods as well. By default, these properties are disabled to preserve backwards compatible behavior.
Fixed Issues
- apex-documentation
- #3075: [apex] ApexDoc should support private access modifier
- java
- #3101: [java] NullPointerException when running PMD under JRE 11
- java-bestpractices
- #3132: [java] UnusedImports with static imports on subclasses
- java-errorprone
- plsql
- #3106: [plsql] ParseException while parsing EXECUTE IMMEDIATE ‘drop database link ‘ || linkname;
API Changes
Experimental APIs
- The experimental class
ASTTypeTestPattern
has been renamed toASTTypePattern
in order to align the naming to the JLS. - The experimental class
ASTRecordConstructorDeclaration
has been renamed toASTCompactConstructorDeclaration
in order to align the naming to the JLS. - The AST types and APIs around Pattern Matching and Records are not experimental anymore:
Internal API
Those APIs are not intended to be used by clients, and will be hidden or removed with PMD 7.0.0.
You can identify them with the @InternalApi
annotation. You’ll also get a deprecation warning.
- The protected or public member of the Java rule
AvoidUsingHardCodedIPRule
are deprecated and considered to be internal API. They will be removed with PMD 7.
External Contributions
- #3098: [apex] ApexDoc optionally report private and protected - Jonathan Wiesel
- #3107: [plsql] Fix ParseException for EXECUTE IMMEDIATE str1||str2; - hvbtup
- #3125: [doc] Fix sample code indentation in documentation - Artur Dryomov
Stats
- 43 commits
- 21 closed tickets & PRs
- Days since last release: 27
30-January-2021 - 6.31.0
The PMD team is pleased to announce PMD 6.31.0.
This is a minor release.
Table Of Contents
New and noteworthy
SARIF Format
PMD now supports the Static Analysis Results Interchange Format (SARIF)
as an additional report format. Just use the command line parameter -format sarif
to select it.
SARIF is an OASIS standard format for static analysis tools.
PMD creates SARIF JSON files in SARIF version 2.1.0.
An example report can be found in the documentation in Report formats for PMD.
CPD
- The C++ module now supports the new option
--ignore-literal-sequences
, which can be used to avoid detection of some uninteresting clones. This options has been introduced with PMD 6.30.0 for C# and is now available for C++ as well. See #2963.
New Rules
-
The new Apex rule
OverrideBothEqualsAndHashcode
brings the well known Java rule to Apex. In Apex the same principle applies:equals
andhashCode
should always be overridden together to ensure collection classes such as Maps and Sets work as expected. -
The new Visualforce rule
VfHtmlStyleTagXss
checks for potential XSS problems when using<style>
tags on Visualforce pages.
Deprecated rules
- java-performance
AvoidUsingShortType
: arithmetic on shorts is not significantly slower than on ints, whereas using shorts may provide significant memory savings in arrays.SimplifyStartsWith
: the suggested code transformation has an insignificant performance impact, and decreases readability.
Fixed Issues
- core
- java-bestpractices
- #575: [java] LiteralsFirstInComparisons should consider constant fields
- #2454: [java] UnusedPrivateMethod violation for disabled class in 6.23.0
- #2833: [java] NPE in UseCollectionIsEmptyRule with enums
- #2876: [java] UnusedPrivateField cannot override ignored annotations property
- #2957: [java] Ignore unused declarations that have special name
- java-codestyle
- #2960: [java] Thread issue in MethodNamingConventionsRule
- java-design
- #3006: [java] NPE in SingularFieldRule with concise resource syntax
- java-errorprone
- #2976: [java] CompareObjectsWithEquals: FP with array.length
- #2977: [java] 6.30.0 introduces new false positive in CloseResource rule?
- #2979: [java] UseEqualsToCompareStrings: FP with “var” variables
- #3004: [java] UseEqualsToCompareStrings false positive with PMD 6.30.0
- #3062: [java] CloseResource FP with reassigned stream
- java-performance
- vf-security
- #3081: [vf] VfUnescapeEl: Inherently un-XSS-able built-in functions trigger false positives
API Changes
Deprecated API
AbstractDomXmlRule
AbstractWsdlRule
- A few methods of
AbstractXmlRule
Experimental APIs
- The method
GenericToken#getKind
has been added as experimental. This unifies the token interface for both JavaCC and Antlr. The already existing methodAntlrToken#getKind
is therefore experimental as well. The returned constant depends on the actual language and might change whenever the grammar of the language is changed.
External Contributions
- #2666: [swift] Manage swift5 string literals - kenji21
- #2959: [apex] New Rule: override equals and hashcode rule - recdevs
- #2963: [cpp] Add option to ignore sequences of literals - Maikel Steneker
- #2964: [cs] Update C# grammar for additional C# 7 and C# 8 features - Maikel Steneker
- #2965: [cs] Improvements for ignore sequences of literals functionality - Maikel Steneker
- #2968: [java] NPE in UseCollectionIsEmptyRule with enums - foxmason
- #2983: [java] LiteralsFirstInComparisons should consider constant fields - Ozan Gulle
- #2994: [core] Fix code climate severity strings - Vincent Maurin
- #3005: [vf] [New Rule] Handle XSS violations that can occur within Html Style tags - rmohan20
- #3073: [core] Include SARIF renderer - Manuel Moya Ferrer
- #3084: [vf] VfUnescapeEl false-positive with builtin functions - Josh Feingold
Stats
- 116 commits
- 40 closed tickets & PRs
- Days since last release: 49
12-December-2020 - 6.30.0
The PMD team is pleased to announce PMD 6.30.0.
This is a minor release.
Table Of Contents
- New and noteworthy * CPD * Type information for VisualForce
- Fixed Issues
- API Changes
- External Contributions
- Stats
New and noteworthy
CPD
-
The C# module now supports the new option
--ignore-literal-sequences
, which can be used to avoid detection of some uninteresting clones. Support for other languages may be added in the future. See #2945 -
The Scala module now supports suppression through
CPD-ON
/CPD-OFF
comment pairs. See #2929
Type information for VisualForce
The Visualforce AST now can resolve the data type of Visualforce expressions that reference Apex Controller properties and Custom Object fields. This feature improves the precision of existing rules, like VfUnescapeEl
.
This can be configured using two environment variables:
PMD_VF_APEXDIRECTORIES
: Comma separated list of directories for Apex classes. Absolute or relative to the Visualforce directory. Default is../classes
. Specifying an empty string will disable data type resolution for Apex Controller properties.PMD_VF_OBJECTSDIRECTORIES
: Comma separated list of directories for Custom Objects. Absolute or relative to the Visualforce directory. Default is../objects
. Specifying an empty string will disable data type resolution for Custom Object fields.
This feature is experimental, in particular, expect changes to the way the configuration is specified. We’ll probably extend the CLI instead of relying on environment variables in a future version.
Thanks to Jeff Bartolotta and Roopa Mohan for contributing this!
Fixed Issues
- core
- cs
- #2938: [cs] CPD: ignoring using directives could not be disabled
- java
- scala
- #2480: [scala] Support CPD suppressions
API Changes
Deprecated API
Around RuleSet parsing
RuleSetFactory
andRulesetsFactoryUtils
have been deprecated in favor ofRuleSetLoader
. This is easier to configure, and more maintainable than the multiple overloads ofRulesetsFactoryUtils
.- Some static creation methods have been added to
RuleSet
for simple cases, egforSingleRule
. These replace some counterparts inRuleSetFactory
- Since
RuleSets
is also deprecated, many APIs that require a RuleSets instance now are deprecated, and have a counterpart that expects aList<RuleSet>
. RuleSetReferenceId
,RuleSetReference
,RuleSetFactoryCompatibility
are deprecated. They are most likely not relevant outside of the implementation of pmd-core.
Around the PMD
class
Many classes around PMD’s entry point (PMD
) have been deprecated as internal, including:
- The contents of the packages
net.sourceforge.pmd.cli
,net.sourceforge.pmd.processor
SourceCodeProcessor
- The constructors of
PMD
(the class will be made a utility class)
Miscellaneous
ASTPackageDeclaration#getPackageNameImage
,ASTTypeParameter#getParameterName
and the corresponding XPath attributes. In both cases they’re replaced with a new methodgetName
, the attribute is@Name
.ASTClassOrInterfaceBody#isAnonymousInnerClass
, andASTClassOrInterfaceBody#isEnumChild
, refs #905
Internal API
Those APIs are not intended to be used by clients, and will be hidden or removed with PMD 7.0.0.
You can identify them with the @InternalApi
annotation. You’ll also get a deprecation warning.
net.sourceforge.pmd.lang.ecmascript.Ecmascript3Handler
net.sourceforge.pmd.lang.ecmascript.Ecmascript3Parser
EcmascriptParser#parserOptions
EcmascriptParser#getSuppressMap
net.sourceforge.pmd.lang.rule.ParametricRuleViolation
ParserOptions#suppressMarker
net.sourceforge.pmd.lang.modelica.rule.ModelicaRuleViolationFactory
External Contributions
- #2864: [vf] Provide expression type information to Visualforce rules to avoid false positives - Jeff Bartolotta
- #2914: [core] Include rule name in text renderer - Gunther Schrijvers
- #2925: Cleanup: Correct annotation array initializer indents from checkstyle #8083 - Abhishek Kumar
- #2929: [scala] Add support for CPD-ON and CPD-OFF special comments - Andy Robinson
- #2936: [java] (doc) Fix typo: “an accessor” not “a” - Igor Moreno
- #2938: [cs] CPD: fix issue where ignoring using directives could not be disabled - Maikel Steneker
- #2945: [cs] Add option to ignore sequences of literals - Maikel Steneker
- #2962: [cpp] Add support for C++ 14 binary literals - Maikel Steneker
Stats
- 190 commits
- 25 closed tickets & PRs
- Days since last release: 49
24-October-2020 - 6.29.0
The PMD team is pleased to announce PMD 6.29.0.
This is a minor release.
Table Of Contents
New and noteworthy
Updated Apex Support
- The Apex language support has been bumped to version 50 (Winter ‘21). All new language features are now properly parsed and processed. Especially the Safe Navigation Operator is now supported. See also Salesforce Winter ‘21 Release Notes
New Rules
- The new Apex rule
OperationWithLimitsInLoop
(apex-performance
) finds operations in loops that may hit governor limits such as DML operations, SOQL queries and more. The rule replaces the three rules “AvoidDmlStatementsInLoops”, “AvoidSoqlInLoops”, and “AvoidSoslInLoops”.
Renamed Rules
- The Java rule
DoNotCallSystemExit
has been renamed toDoNotTerminateVM
, since it checks for all the following calls:System.exit(int)
,Runtime.exit(int)
,Runtime.halt(int)
. All these calls terminate the Java VM, which is bad, if the VM runs an application server which many independent applications.
Deprecated Rules
- The Apex rules
AvoidDmlStatementsInLoops
,AvoidSoqlInLoops
andAvoidSoslInLoops
(apex-performance
) are deprecated in favour of the new ruleOperationWithLimitsInLoop
. The deprecated rules will be removed with PMD 7.0.0.
Fixed Issues
- apex
- #2839: [apex] Apex classes with safe navigation operator from Winter 21 (50.0) are skipped
- apex-performance
- #1713: [apex] Mark Database DML statements in For Loop
- core
- #2831: [core] Fix XMLRenderer newlines when running under IBM Java
- java-errorprone
- miscellaneous
- #2823: [doc] Renamed/Moved rules are missing in documentation
- vf (Salesforce VisualForce)
- #2765: [vf] Attributes with dot cause a VfParseException
External Contributions
- #2803: [java] Improve DoNotCallSystemExit (Fixes #2157) - Vitaly Polonetsky
- #2809: [java] Move test config from file to test class - Stefan Birkner
- #2810: [core] Move method “renderTempFile” to XMLRendererTest - Stefan Birkner
- #2811: [java] CloseResource - Fix #2764: False-negative when re-assigning variable - Andi Pabst
- #2813: [core] Use JUnit’s TemporaryFolder rule - Stefan Birkner
- #2816: [apex] Detect ‘Database’ method invocations inside loops - Jeff Bartolotta
- #2829: [doc] Small correction in pmd_report_formats.md - Gustavo Krieger
- #2834: [vf] Allow attributes with dot in Visualforce - rmohan20
- #2842: [core] Bump antlr4 from 4.7 to 4.7.2 - Adrien Lecharpentier
- #2865: [java] (doc) Update ExcessiveImports example code for clarity - Gustavo Krieger
- #2866: [java] (doc) Fix example for CouplingBetweenObjects - Gustavo Krieger
Stats
- 50 commits
- 23 closed tickets & PRs
- Days since last release: 27
26-September-2020 - 6.28.0
The PMD team is pleased to announce PMD 6.28.0.
This is a minor release.
Table Of Contents
New and noteworthy
CPD’s AnyTokenizer has been improved
The AnyTokenizer is used for languages, that don’t have an own lexer/grammar based tokenizer. AnyTokenizer now handles string literals and end-of-line comments. Fortran, Perl and Ruby have been updated to use AnyTokenizer instead of their old custom tokenizer based on AbstractTokenizer. See #2758 for details.
AbstractTokenizer and the custom tokenizers of Fortran, Perl and Ruby are deprecated now.
Fixed Issues
- cpd
- apex-security
- #2774: [apex] ApexSharingViolations does not correlate sharing settings with class that contains data access
- java
- #2738: [java] Custom rule with @ExhaustiveEnumSwitch throws NPE
- #2755: [java] [6.27.0] Exception applying rule CloseResource on file … java.lang.NullPointerException
- #2756: [java] TypeTestUtil fails with NPE for anonymous class
- #2767: [java] IndexOutOfBoundsException when parsing an initializer BlockStatement
- #2783: [java] Error while parsing with lambda of custom interface
- java-bestpractices
- #2759: [java] False positive in UnusedAssignment
- java-design
- #2708: [java] False positive FinalFieldCouldBeStatic when using lombok Builder.Default
API Changes
Deprecated API
For removal
net.sourceforge.pmd.RuleViolationComparator
. UseRuleViolation#DEFAULT_COMPARATOR
instead.net.sourceforge.pmd.cpd.AbstractTokenizer
. Usenet.sourceforge.pmd.cpd.AnyTokenizer
instead.net.sourceforge.pmd.cpd.FortranTokenizer
. Was replaced by anAnyTokenizer
. UseFortranLanguage#getTokenizer
anyway.net.sourceforge.pmd.cpd.PerlTokenizer
. Was replaced by anAnyTokenizer
. UsePerlLanguage#getTokenizer
anyway.net.sourceforge.pmd.cpd.RubyTokenizer
. Was replaced by anAnyTokenizer
. UseRubyLanguage#getTokenizer
anyway.RuleReference#getOverriddenLanguage
andRuleReference#setLanguage
- Antlr4 generated lexers:
net.sourceforge.pmd.lang.cs.antlr4.CSharpLexer
will be moved to packagenet.sourceforge.pmd.lang.cs.ast
with PMD 7.net.sourceforge.pmd.lang.dart.antlr4.Dart2Lexer
will be renamed toDartLexer
and moved to packagenet.sourceforge.pmd.lang.dart.ast
with PMD 7. All other classes in the old package will be removed.net.sourceforge.pmd.lang.go.antlr4.GolangLexer
will be moved to packagenet.sourceforge.pmd.lang.go.ast
with PMD 7. All other classes in the old package will be removed.net.sourceforge.pmd.lang.kotlin.antlr4.Kotlin
will be renamed toKotlinLexer
and moved to packagenet.sourceforge.pmd.lang.kotlin.ast
with PMD 7.net.sourceforge.pmd.lang.lua.antlr4.LuaLexer
will be moved to packagenet.sourceforge.pmd.lang.lua.ast
with PMD 7. All other classes in the old package will be removed.
External Contributions
- #2735: [ci] Add github actions for a fast view of pr succeed/not - XenoAmess
- #2747: [java] Don’t trigger FinalFieldCouldBeStatic when field is annotated with lombok @Builder.Default - Ollie Abbey
- #2773: [java] issue-2738: Adding null check to avoid npe when switch case is default - Nimit Patel
- #2789: Add badge for reproducible build - Dan Rollo
- #2791: [apex] Analyze inner classes for sharing violations - Jeff Bartolotta
Stats
- 58 commits
- 24 closed tickets & PRs
- Days since last release: 25
31-August-2020 - 6.27.0
The PMD team is pleased to announce PMD 6.27.0.
This is a minor release.
Table Of Contents
New and noteworthy
Java 15 Support
This release of PMD brings support for Java 15. PMD can parse Text Blocks which have been promoted to be a standard language feature of Java.
PMD also supports Pattern Matching for instanceof, Records, and Sealed Classes.
Note: The Pattern Matching for instanceof, Records, and Sealed Classes are all preview language features of OpenJDK 15
and are not enabled by default. In order to
analyze a project with PMD that uses these language features, you’ll need to enable it via the environment
variable PMD_JAVA_OPTS
and select the new language version 15-preview
:
export PMD_JAVA_OPTS=--enable-preview
./run.sh pmd -language java -version 15-preview ...
Note: Support for Java 13 preview language features have been removed. The version “13-preview” is no longer available.
Changes in how tab characters are handled
In the past, tab characters in source files has been handled differently in different languages by PMD. For instance in Java, tab characters had a width of 8 columns, while C# used only 1 column. Visualforce instead used 4 columns.
This has been unified now so that tab characters are consistently now always 1 column wide.
This however might be a incompatible change, if you’re using the properties “BeginColumn” or “EndColumn” additionally to “BeginLine” and “EndLine” of a Token/AST node in order to highlight where a rule violation occurred in the source file. If you have logic there that deals with tab characters, you most likely can remove this logic now, since tab characters are now just “normal” characters in terms of string processing.
See also [all] Ensure PMD/CPD uses tab width of 1 for tabs consistently #2656.
Updated PMD Designer
This PMD release ships a new version of the pmd-designer. For the changes, see PMD Designer Changelog.
New Rules
- The new Java rule
AvoidReassigningCatchVariables
(java-bestpractices
) finds cases where the variable of the caught exception is reassigned. This practice is surprising and prevents further evolution of the code like multi-catch.
Modified Rules
-
The Java rule
CloseResource
(java-errorprone
) has a new propertycloseNotInFinally
. With this property set totrue
the rule will also find calls to close a resource, which are not in a finally-block of a try-statement. If a resource is not closed within a finally block, it might not be closed at all in case of exceptions.As this new detection would yield many new violations, it is disabled by default. It might be enabled in a later version of PMD.
Deprecated Rules
- The Java rule
DataflowAnomalyAnalysis
(java-errorprone
) is deprecated in favour ofUnusedAssignment
(java-bestpractices
), which was introduced in PMD 6.26.0.
Fixed Issues
- core
- java
- #2646: [java] Support JDK 15
- java-bestpractices
- #2471: [java] New Rule: AvoidReassigningCatchVariables
- #2663: [java] NoClassDefFoundError on upgrade from 6.25.0 to 6.26.0
- #2668: [java] UnusedAssignment false positives
- #2673: [java] UnusedPrivateField and SingularField false positive with lombok annotation EqualsAndHashCode
- #2684: [java] UnusedAssignment FP in try/catch
- #2686: [java] UnusedAssignment must not flag abstract method parameters in interfaces and abstract classes
- java-design
- java-errorprone
- #2264: [java] SuspiciousEqualsMethodName: Improve description about error-prone overloading of equals()
- #2410: [java] ProperCloneImplementation not valid for final class
- #2431: [java] InvalidLogMessageFormatRule throws IndexOutOfBoundsException when only logging exception message
- #2439: [java] AvoidCatchingThrowable can not detect the case: catch (java.lang.Throwable t)
- #2470: [java] CloseResource false positive when resource included in return value
- #2531: [java] UnnecessaryCaseChange can not detect the case like: foo.equals(bar.toLowerCase())
- #2647: [java] Deprecate rule DataFlowAnomalyAnalysis
- java-performance
- dart
- #2750: [dart] [cpd] Cpd Dart escaped dollar
API Changes
- XML rule definition in rulesets: In PMD 7, the
language
attribute will be required on allrule
elements that declare a new rule. Some base rule classes set the language implicitly in their constructor, and so this is not required in all cases for the rule to work. But this behavior will be discontinued in PMD 7, so missinglanguage
attributes are now reported as a forward compatibility warning.
Deprecated API
For removal
Rule#getParserOptions
Parser#getParserOptions
AbstractParser
RuleContext#removeAttribute
RuleContext#getAttribute
RuleContext#setAttribute
ApexParserOptions
ASTThrowStatement#getFirstClassOrInterfaceTypeImage
EcmascriptParserOptions
EcmascriptXPathRule
XmlParserOptions
XmlXPathRule
-
Properties of
AbstractXmlRule
net.sourceforge.pmd.Report.ReadableDuration
-
Many methods of
net.sourceforge.pmd.Report
. They are replaced by accessors that produce a List. For example,iterator()
(and implementing Iterable) andisEmpty()
are both replaced bygetViolations()
. - The dataflow codebase is deprecated for removal in PMD 7. This includes all code in the following packages, and their subpackages:
ASTJspDeclarations
ASTJspDocument
ScalaParserVisitorAdapter#zero
ScalaParserVisitorAdapter#combine
ApexParserVisitorReducedAdapter
TypeHelper
is deprecated in favor ofTypeTestUtil
, which has the same functionality, but a slightly changed API.- Many of the classes in
net.sourceforge.pmd.lang.java.symboltable
are deprecated as internal API.
External Contributions
- #2656: [all] Ensure PMD/CPD uses tab width of 1 for tabs consistently - Maikel Steneker
- #2659: [java] StringToString can not detect the case: getStringMethod().toString() - Mykhailo Palahuta
- #2662: [java] UnnecessaryCaseChange can not detect the case like: foo.equals(bar.toLowerCase()) - Mykhailo Palahuta
- #2671: [java] CloseResource false positive when resource included in return value - Mykhailo Palahuta
- #2674: [java] add lombok.EqualsAndHashCode in AbstractLombokAwareRule - berkam
- #2677: [java] RedundantFieldInitializer can not detect a special case for char initialize:
char foo = '\0';
- Mykhailo Palahuta - #2678: [java] AvoidCatchingThrowable can not detect the case: catch (java.lang.Throwable t) - Mykhailo Palahuta
- #2679: [java] InvalidLogMessageFormatRule throws IndexOutOfBoundsException when only logging exception message - Mykhailo Palahuta
- #2682: [java] New Rule: AvoidReassigningCatchVariables - Mykhailo Palahuta
- #2697: [java] ExcessiveParameterListRule must ignore a private constructor - Mykhailo Palahuta
- #2699: [java] ProperCloneImplementation not valid for final class - Mykhailo Palahuta
- #2700: [java] Fix OnlyOneReturn code example - Jan-Lukas Else
- #2722: [doc] [java] ImmutableField: extend description, fixes #2108 - Mateusz Stefanski
- #2723: [doc] [java] SimplifyStartsWith: update description and example, fixes #1868 - Mateusz Stefanski
- #2724: [doc] [java] SuspiciousEqualsMethodName: update description, fixes #2264 - Mateusz Stefanski
- #2725: Cleanup: change valueOf to parse when we need primitive return value. - XenoAmess
- #2726: Cleanup: replace StringBuffer with StringBuilder - XenoAmess
- #2727: Cleanup: replace indexOf() < 0 with contains - XenoAmess
- #2728: Cleanup: javadoc issues - XenoAmess
- #2729: Cleanup: use print instead of printf if no format exists - XenoAmess
- #2730: Cleanup: StringBuilder issues - XenoAmess
- #2731: Cleanup: avoid compiling Patterns repeatedly - XenoAmess
- #2732: Cleanup: use StandardCharsets instead of Charset.forName - XenoAmess
- #2733: Cleanup: Collection::addAll issues - XenoAmess
- #2734: Cleanup: use try with resources - XenoAmess
- #2744: Cleanup: fix typos - XenoAmess
- #2745: [core] Fix a NPE in buildUsageText - XenoAmess
- #2749: [dart] [cpd] Improvements for Dart interpolated strings - Maikel Steneker
- #2750: [dart] [cpd] Cpd Dart escaped dollar - Maikel Steneker
Stats
- 189 commits
- 68 closed tickets & PRs
- Days since last release: 37
25-July-2020 - 6.26.0
The PMD team is pleased to announce PMD 6.26.0.
This is a minor release.
Table Of Contents
New and noteworthy
New Rules
- The new Java rule
UnusedAssignment
(java-bestpractices
) finds assignments to variables, that are never used and are useless. The new rule is supposed to entirely replaceDataflowAnomalyAnalysis
.
Modified rules
- The Java rule
ArrayIsStoredDirectly
(java-bestpractices
) now ignores by default private methods and constructors. You can restore the old behavior by setting the new propertyallowPrivate
to “false”.
Fixed Issues
- apex
- #2610: [apex] Support top-level enums in rules
- apex-bestpractices
- #2626: [apex] UnusedLocalVariable - false positive on case insensitivity allowed in Apex
- apex-performance
- #2598: [apex] AvoidSoqlInLoops false positive for SOQL with in For-Loop
- apex-security
- #2620: [visualforce] False positive on VfUnescapeEl with new Message Channel feature
- core
- java-bestpractices
- java-codestyle
- #2546: [java] DuplicateImports reported for the same import… and import static…
- java-design
- #2174: [java] LawOfDemeter: False positive with ‘this’ pointer
- #2181: [java] LawOfDemeter: False positive with indexed array access
- #2189: [java] LawOfDemeter: False positive when casting to derived class
- #2580: [java] AvoidThrowingNullPointerException marks all NullPointerException objects as wrong, whether or not thrown
- #2625: [java] NPathComplexity can’t handle switch expressions
- java-errorprone
- java-performance
API Changes
Deprecated API
For removal
RuleChainVisitor
and all implementations in language modulesAbstractRuleChainVisitor
Language#getRuleChainVisitorClass
BaseLanguageModule#<init>
ImportWrapper
External Contributions
- #2558: [java] Fix issue #1736 and issue #2207 - Young Chan
- #2560: [java] Fix false positives of LawOfDemeter: this and cast expressions - xioayuge
- #2590: Update libraries snyk is referring to as
unsafe
- Artem Krosheninnikov - #2597: [dependencies] Fix issue #2594, update exec-maven-plugin everywhere - Artem Krosheninnikov
- #2621: [visualforce] add new safe resource for VfUnescapeEl - Peter Chittum
- #2640: [java] NullPointerException in rule ProperCloneImplementation - Mykhailo Palahuta
- #2641: [java] AvoidThrowingNullPointerException marks all NullPointerException… - Mykhailo Palahuta
- #2643: [java] AvoidCallingFinalize detects some false positives (2578) - Mykhailo Palahuta
- #2651: [java] False negative: LiteralsFirstInComparisons for methods… (2569) - Mykhailo Palahuta
- #2652: [java] UseCollectionIsEmpty can not detect the case this.foo.size() - Mykhailo Palahuta
Stats
- 156 commits
- 43 closed tickets & PRs
- Days since last release: 28
27-June-2020 - 6.25.0
The PMD team is pleased to announce PMD 6.25.0.
This is a minor release.
Table Of Contents
New and noteworthy
Scala cross compilation
Up until now the PMD Scala module has been compiled against scala 2.13 only by default. However, this makes it impossible to use pmd as a library in scala projects, that use scala 2.12, e.g. in sbt plugins. Therefore PMD now provides cross compiled pmd-scala modules for both versions: scala 2.12 and scala 2.13.
The new modules have new maven artifactIds. The old artifactId net.sourceforge.pmd:pmd-scala:6.25.0
is still available, but is deprecated from now on. It has been demoted to be just a delegation to the new
pmd-scala_2.13
module and will be removed eventually.
The coordinates for the new modules are:
<dependency>
<groupId>net.sourceforge.pmd</groupId>
<artifactId>pmd-scala_2.12</artifactId>
<version>6.25.0</version>
</dependency>
<dependency>
<groupId>net.sourceforge.pmd</groupId>
<artifactId>pmd-scala_2.13</artifactId>
<version>6.25.0</version>
</dependency>
The command line version of PMD continues to use scala 2.13.
New Rules
-
The new Java Rule
UnnecessaryCast
(java-codestyle
) finds casts that are unnecessary while accessing collection elements. -
The new Java Rule
AvoidCalendarDateCreation
(java-performance
) finds usages ofjava.util.Calendar
whose purpose is just to get the current date. This can be done in a more lightweight way. -
The new Java Rule
UseIOStreamsWithApacheCommonsFileItem
(java-performance
) finds usage ofFileItem.get()
andFileItem.getString()
. These two methods are problematic since they load the whole uploaded file into memory.
Modified rules
-
The Java rule
UseDiamondOperator
(java-codestyle
) now by default finds unnecessary usages of type parameters, which are nested, involve wildcards and are used within a ternary operator. These usages are usually only unnecessary with Java8 and later, when the type inference in Java has been improved.In order to avoid false positives when checking Java7 only code, the rule has the new property
java7Compatibility
, which is disabled by default. Settings this to “true” retains the old rule behaviour.
Fixed Issues
- apex-bestpractices
- #2554: [apex] Exception applying rule UnusedLocalVariable on trigger
- core
- #971: [apex][plsql][java] Deprecate overly specific base rule classes
- #2451: [core] Deprecate support for List attributes with XPath 2.0
- #2599: [core] Fix XPath 2.0 Rule Chain Analyzer with Unions
- #2483: [lang-test] Support cpd tests based on text comparison. For details see Testing your implementation in the developer documentation.
- c#
- #2551: [c#] CPD suppression with comments doesn’t work
- cpp
- #1757: [cpp] Support unicode characters
- java
- #2549: [java] Auxclasspath in PMD CLI does not support relative file path
- java-codestyle
- java-design
- java-errorprone
- #2544: [java] UseProperClassLoader can not detect the case with method call on intermediate variable
- java-performance
- scala
- #2547: [scala] Add cross compilation for scala 2.12 and 2.13
API Changes
-
The maven module
net.sourceforge.pmd:pmd-scala
is deprecated. Usenet.sourceforge.pmd:pmd-scala_2.13
ornet.sourceforge.pmd:pmd-scala_2.12
instead. -
Rule implementation classes are internal API and should not be used by clients directly. The rules should only be referenced via their entry in the corresponding category ruleset (e.g.
<rule ref="category/java/bestpractices.xml/AbstractClassWithoutAbstractMethod" />
).While we definitely won’t move or rename the rule classes in PMD 6.x, we might consider changes in PMD 7.0.0 and onwards.
Deprecated APIs
Internal API
Those APIs are not intended to be used by clients, and will be hidden or removed with PMD 7.0.0.
You can identify them with the @InternalApi
annotation. You’ll also get a deprecation warning.
AbstractIgnoredAnnotationRule
(Java)AbstractInefficientZeroCheck
(Java)AbstractJUnitRule
(Java)AbstractJavaMetricsRule
(Java)AbstractLombokAwareRule
(Java)AbstractPoorMethodCall
(Java)AbstractSunSecureRule
(Java)AbstractNcssCountRule
(Java)AbstractCommentRule
(Java)AbstractOptimizationRule
(Java)RegexHelper
(Java)AbstractApexUnitTestRule
(Apex)AbstractNcssCountRule
(Apex)AbstractNcssCountRule
(PLSQL)ApexParser
ApexHandler
RuleChain
RuleSets
RulesetsFactoryUtils#getRuleSets
For removal
TokenEntry#TokenEntry
AbstractTokenizerTest
. Use CpdTextComparisonTest in module pmd-lang-test instead. For details see Testing your implementation in the developer documentation.ASTAnnotation#suppresses
(Apex)ApexXPathRule
(Apex)SymbolTableTestRule
(Java)InefficientStringBufferingRule#isInStringBufferOperation
External Contributions
- #1932: [java] Added 4 performance rules originating from PMD-jPinpoint-rules - Jeroen Borgers
- #2349: [java] Optimize UnusedPrivateMethodRule - shilko2013
- #2547: [scala] Add cross compilation for scala 2.12 and 2.13 - João Ferreira
- #2567: [c#] Fix CPD suppression with comments doesn’t work - Lixon Lookose
- #2573: [java] DefaultPackage: Allow package default JUnit 5 Test methods - Craig Andrews
- #2593: [java] NPathComplexity should mention the expected NPath complexity - Artem Krosheninnikov
Stats
- 135 commits
- 31 closed tickets & PRs
- Days since last release: 33
24-May-2020 - 6.24.0
The PMD team is pleased to announce PMD 6.24.0.
This is a minor release.
Table Of Contents
New and noteworthy
CPD now supports XML as well
Thanks to Fernando Cosso CPD can now find duplicates in XML files as well. This is useful to find duplicated sections in XML files.
Updated PMD Designer
This PMD release ships a new version of the pmd-designer. For the changes, see PMD Designer Changelog.
New Rules
-
The new Java Rule
LiteralsFirstInComparisons
(java-bestpractices
) find String literals, that are used in comparisons and are not positioned first. Using the String literal as the receiver of e.g.equals
helps to avoid NullPointerExceptions.This rule is replacing the two old rules
PositionLiteralsFirstInComparisons
andPositionLiteralsFirstInCaseInsensitiveComparisons
and extends the check for the methodscompareTo
,compareToIgnoreCase
andcontentEquals
in addition toequals
andequalsIgnoreCase
.Note: This rule also replaces the two mentioned rules in Java’s quickstart ruleset.
Deprecated Rules
- The two Java rules
PositionLiteralsFirstInComparisons
andPositionLiteralsFirstInCaseInsensitiveComparisons
have been deprecated in favor of the new ruleLiteralsFirstInComparisons
.
Fixed Issues
- apex-bestpractices
- #2468: [apex] Unused Local Variable fails on blocks
- core
- c#
- #2495: [c#] Support for interpolated verbatim strings
- java
- #2472: [java] JavaCharStream throws an Error on invalid escape
- java-bestpractices
- #2145: [java] Deprecate rules PositionLiteralsFirstIn(CaseInsensitive)Comparisons in favor of LiteralsFirstInComparisons
- #2288: [java] JUnitTestsShouldIncludeAssert: Add support for Hamcrest MatcherAssert.assertThat
- #2437: [java] AvoidPrintStackTrace can’t detect the case e.getCause().printStackTrace()
- java-codestyle
- #2476: [java] MethodNamingConventions - Add support for JUnit 5 method naming
- java-errorprone
- #2477: [java] JUnitSpelling false-positive for JUnit5/4 tests
- swift
- #2473: [swift] Swift 5 (up to 5.2) support for CPD
API Changes
Deprecated APIs
BaseLanguageModule#addVersion(String, LanguageVersionHandler, boolean)
- Some members of
TokenMgrError
, in particular, a new constructor is available that should be preferred to the old ones AntlrTokenManager.ANTLRSyntaxError
Experimental APIs
Note: Experimental APIs are identified with the annotation Experimental
,
see its javadoc for details
- The experimental methods in
BaseLanguageModule
have been replaced by a definitive API.
External Contributions
- #2446: [core] Update maven-compiler-plugin to 3.8.1 - Artem Krosheninnikov
- #2448: [java] Operator Wrap check - Harsh Kukreja
- #2449: [plsql] Additional info in SqlStatement, FormalParameter and FetchStatement - Grzegorz Sudolski
- #2452: [doc] Fix “Making Rulesets” doc sample code indentation - Artur Dryomov
- #2457: [xml] Adding XML to CPD supported languages - Fernando Cosso
- #2465: [dependencies] Upgrade hamcrest, mockito and JUnit - Artem Krosheninnikov
- #2469: [apex] fix false positive unused variable if only a method is called - Gwilym Kuiper
- #2475: [swift] Swift 4.2-5.2 support - kenji21
- #2476: [java] MethodNamingConventions - Add support for JUnit 5 method naming - Bruno Ritz
- #2478: [java] New rule: LiteralsFirstInComparisons - John-Teng
- #2479: [java] False positive with Hamcrest’s assertThat - andreoss
- #2481: [java] Fix JUnitSpellingRule false positive - Artem Krosheninnikov
- #2493: [java] Deprecate redundant String Comparison rules - John-Teng
- #2495: [c#] Support for interpolated verbatim strings - Maikel Steneker
Stats
- 114 commits
- 29 closed tickets & PRs
- Days since last release: 30
24-April-2020 - 6.23.0
The PMD team is pleased to announce PMD 6.23.0.
This is a minor release.
Table Of Contents
New and noteworthy
PMD adopts Contributor Code of Conduct
To facilitate healthy and constructive community behavior PMD adopts Contributor Convenant as its code of conduct.
Please note that this project is released with a Contributor Code of Conduct. By participating in this project you agree to abide by its terms.
You can find the code of conduct in the file code_of_conduct.md in our repository.
Performance improvements for XPath 2.0 rules
XPath rules written with XPath 2.0 now support conversion to a rulechain rule, which
improves their performance. The rulechain is a mechanism that allows several rules
to be executed in a single tree traversal. Conversion to the rulechain is possible if
your XPath expression looks like //someNode/... | //someOtherNode/... | ...
, that
is, a union of one or more path expressions that start with //
. Instead of traversing
the whole tree once per path expression (and per rule), a single traversal executes all
rules in your ruleset as needed.
This conversion is performed automatically and cannot be disabled. The conversion should not change the result of your rules, if it does, please report a bug at https://github.com/pmd/pmd/issues
Note that XPath 1.0 support, the default XPath version, is deprecated since PMD 6.22.0. We highly recommend that you upgrade your rules to XPath 2.0. Please refer to the migration guide.
Javascript improvements for ES6
PMD uses the Rhino library to parse Javascript.
The default version has been set to ES6
, so that some ECMAScript 2015 features are
supported. E.g. let
statements and for-of
loops are now parsed. However Rhino does
not support all features.
New JSON renderer
PMD now supports a JSON renderer (use it with -f json
on the CLI).
See the documentation and example
New Rules
-
The new Apex rule
FieldDeclarationsShouldBeAtStart
(apex-codestyle
) helps to ensure that field declarations are always at the beginning of a class. -
The new Apex rule
UnusedLocalVariable
(apex-bestpractices
) detects unused local variables.
Fixed Issues
- apex-design
- #2358: [apex] Invalid Apex in Cognitive Complexity tests
- apex-security
- core
- doc
- java
- #2378: [java] AbstractJUnitRule has bad performance on large code bases
- java-bestpractices
- #2398: [java] AbstractClassWithoutAbstractMethod false negative with inner abstract classes
- java-codestyle
- java-design
- #2390: [java] AbstractClassWithoutAnyMethod: missing violation for nested classes
- java-errorprone
- #2402: [java] CloseResource possible false positive with Primitive Streams
- java-multithreading
- #2313: [java] Documentation for DoNotUseThreads is outdated
- javascript
- javascript-errorprone
- #384: [javascript] Trailing commas not detected on French default locale
API Changes
Deprecated APIs
Internal API
Those APIs are not intended to be used by clients, and will be hidden or removed with PMD 7.0.0.
You can identify them with the @InternalApi
annotation. You’ll also get a deprecation warning.
In ASTs
As part of the changes we’d like to do to AST classes for 7.0.0, we would like to hide some methods and constructors that rule writers should not have access to. The following usages are now deprecated in the Apex, Javascript, PL/SQL, Scala and Visualforce ASTs:
- Manual instantiation of nodes. Constructors of node classes are deprecated and
marked
InternalApi
. Nodes should only be obtained from the parser, which for rules, means that they never need to instantiate node themselves. Those constructors will be made package private with 7.0.0. - Subclassing of abstract node classes, or usage of their type. The base classes are internal API and will be hidden in version 7.0.0. You should not couple your code to them.
- Setters found in any node class or interface. Rules should consider the AST immutable. We will make those setters package private with 7.0.0.
- The implementation classes of
Parser
(egVfParser
) are deprecated and should not be used directly. UseLanguageVersionHandler#getParser
instead. - The implementation classes of
TokenManager
(egVfTokenManager
) are deprecated and should not be used outside of our implementation. This also affects CPD-only modules.
These deprecations are added to the following language modules in this release. Please look at the package documentation to find out the full list of deprecations.
- Apex:
net.sourceforge.pmd.lang.apex.ast
- Javascript:
net.sourceforge.pmd.lang.ecmascript.ast
- PL/SQL:
net.sourceforge.pmd.lang.plsql.ast
- Scala:
net.sourceforge.pmd.lang.scala.ast
- Visualforce:
net.sourceforge.pmd.lang.vf.ast
These deprecations have already been rolled out in a previous version for the following languages:
- Java:
net.sourceforge.pmd.lang.java.ast
- Java Server Pages:
net.sourceforge.pmd.lang.jsp.ast
- Velocity Template Language:
net.sourceforge.pmd.lang.vm.ast
Outside of these packages, these changes also concern the following TokenManager implementations, and their corresponding Parser if it exists (in the same package):
CppTokenManager
JavaTokenManager
Ecmascript5TokenManager
JspTokenManager
MatlabTokenManager
ModelicaTokenManager
ObjectiveCTokenManager
PLSQLTokenManager
PythonTokenManager
VfTokenManager
VmTokenManager
In the Java AST the following attributes are deprecated and will issue a warning when used in XPath rules:
ASTAdditiveExpression#getImage
- usegetOperator()
insteadASTVariableDeclaratorId#getImage
- usegetName()
insteadASTVariableDeclaratorId#getVariableName
- usegetName()
instead
For removal
Parser#getTokenManager
TokenManager#setFileName
AbstractTokenManager#setFileName
AbstractTokenManager#getFileName
AntlrToken#getType
- usegetKind()
instead.ImmutableLanguage
MockRule
Node#getFirstParentOfAnyType
Node#getAsDocument
AbstractNode#hasDescendantOfAnyType
ASTRecordDeclaration#getComponentList
- Multiple fields, constructors and methods in
XPathRule
. See javadoc for details.
External Contributions
- #2312: [apex] Update ApexCRUDViolation Rule - Joshua S Arquilevich
- #2314: [doc] maven integration - Add version to plugin - Pham Hai Trung
- #2353: [plsql] xmlforest with optional AS - Piotr Szymanski
- #2383: [apex] Fix invalid apex in documentation - Gwilym Kuiper
- #2395: [apex] New Rule: Unused local variables - Gwilym Kuiper
- #2396: [apex] New rule: field declarations should be at start - Gwilym Kuiper
- #2397: [apex] fixed WITH SECURITY_ENFORCED regex to recognise line break characters - Kieran Black
- #2401: [doc] Update DoNotUseThreads rule documentation - Saikat Sengupta
- #2403: [java] #2402 fix false-positives on Primitive Streams - Bernd Farka
- #2409: [java] ClassNamingConventions suggests to add Util for class containing only static constants, fixes #1164 - Binu R J
- #2411: [java] Fix UseAssertEqualsInsteadOfAssertTrue Example - Moritz Scheve
- #2423: [core] Fix Checkstyle OperatorWrap in AbstractTokenizer - Harsh Kukreja
- #2432: [core] Close ZIP data sources even if a runtime exception or error is thrown - Gonzalo Exequiel Ibars Ingman
Stats
- 237 commits
- 64 closed tickets & PRs
- Days since last release: 42
12-March-2020 - 6.22.0
The PMD team is pleased to announce PMD 6.22.0.
This is a minor release.
Table Of Contents
New and noteworthy
Java 14 Support
This release of PMD brings support for Java 14. PMD can parse Switch Expressions, which have been promoted to be a standard language feature of Java.
PMD also parses Text Blocks as String literals, which is still a preview language feature in Java 14.
The new Pattern Matching for instanceof can be used as well as Records.
Note: The Text Blocks, Pattern Matching for instanceof and Records are all preview language features of OpenJDK 14
and are not enabled by default. In order to
analyze a project with PMD that uses these language features, you’ll need to enable it via the environment
variable PMD_JAVA_OPTS
and select the new language version 14-preview
:
export PMD_JAVA_OPTS=--enable-preview
./run.sh pmd -language java -version 14-preview ...
Note: Support for the extended break statement introduced in Java 12 as a preview language feature has been removed from PMD with this version. The version “12-preview” is no longer available.
Updated PMD Designer
This PMD release ships a new version of the pmd-designer. For the changes, see PMD Designer Changelog.
Apex Suppressions
In addition to suppressing violation with the @SuppressWarnings
annotation, Apex now also supports
the suppressions with a NOPMD
comment. See Suppressing warnings.
Improved CPD support for C#
The C# tokenizer is now based on an antlr grammar instead of a manual written tokenizer. This should give more accurate results and especially fixes the problems with the using statement syntax (see #2139).
XPath Rules
See the new documentation about Writing XPath Rules.
Note: As of PMD version 6.22.0, XPath versions 1.0 and the 1.0 compatibility mode are deprecated. XPath 2.0 is superior in many ways, for example for its support for type checking, sequence values, or quantified expressions. For a detailed but approachable review of the features of XPath 2.0 and above, see the Saxon documentation.
New Rules
-
The Rule
CognitiveComplexity
(apex-design
) finds methods and classes that are highly complex and therefore difficult to read and more costly to maintain. In contrast to cyclomatic complexity, this rule uses “Cognitive Complexity”, which is a measure of how difficult it is for humans to read and understand a method. -
The Rule
TestMethodsMustBeInTestClasses
(apex-errorprone
) finds test methods that are not residing in a test class. The test methods should be moved to a proper test class. Support for tests inside functional classes was removed in Spring-13 (API Version 27.0), making classes that violate this rule fail compile-time. This rule is however useful when dealing with legacy code.
Fixed Issues
- apex
- apex-design
- #2162: [apex] Cognitive Complexity rule
- apex-errorprone
- #639: [apex] Test methods should not be in classes other than test classes
- cs
- #2139: [cs] CPD doesn’t understand alternate using statement syntax with C# 8.0
- doc
- #2274: [doc] Java API documentation for PMD
- java
- java-bestpractices
- #2277: [java] FP in UnusedImports for ambiguous static on-demand imports
- java-design
- #911: [java] UselessOverridingMethod false positive when elevating access modifier
- java-errorprone
- java-performance
- #2275: [java] AppendCharacterWithChar flags literals in an expression
- plsql
- #2325: [plsql] NullPointerException while running parsing test for CREATE TRIGGER
- #2327: [plsql] Parsing of WHERE CURRENT OF
- #2328: [plsql] Support XMLROOT
- #2331: [plsql] Fix in Comment statement
- #2332: [plsql] Fixed Execute Immediate statement parsing
- #2340: [plsql] Fixed parsing / as divide or execute
API Changes
Deprecated APIs
Internal API
Those APIs are not intended to be used by clients, and will be hidden or removed with PMD 7.0.0.
You can identify them with the @InternalApi
annotation. You’ll also get a deprecation warning.
JavaLanguageHandler
JavaLanguageParser
JavaDataFlowHandler
- Implementations of
RuleViolationFactory
in each language module, egJavaRuleViolationFactory
. See javadoc ofRuleViolationFactory
. -
Implementations of
RuleViolation
in each language module, egJavaRuleViolation
. See javadoc ofRuleViolation
. RuleFactory
RuleBuilder
- Constructors of
RuleSetFactory
, use factory methods fromRulesetsFactoryUtils
instead AbstractApexNode
AbstractApexNodeBase
, and the relatedvisit
methods onApexParserVisitor
and its implementations. UseApexNode
instead, now considers comments too.
For removal
- pmd-core
DFAGraphRule
and its implementationsDFAGraphMethod
- Many methods on the
Node
interface andAbstractNode
base class. See their javadoc for details. Node#isFindBoundary
is deprecated for XPath queries.- Many APIs of
net.sourceforge.pmd.lang.metrics
, though most of them were internal and probably not used directly outside of PMD. UseMetricsUtil
as a replacement for the language-specific façades too. QualifiableNode
,QualifiedName
- pmd-java
AbstractJavaParser
AbstractJavaHandler
ASTAnyTypeDeclaration.TypeKind
ASTAnyTypeDeclaration#getKind
JavaQualifiedName
ASTCatchStatement#getBlock
ASTCompilationUnit#declarationsAreInDefaultPackage
JavaQualifiableNode
net.sourceforge.pmd.lang.java.qname
and its contentsMethodLikeNode
- Its methods will also be removed from its implementations,
ASTMethodOrConstructorDeclaration
,ASTLambdaExpression
.
- Its methods will also be removed from its implementations,
ASTAnyTypeDeclaration#getImage
will be removed. Please usegetSimpleName()
instead. This affectsASTAnnotationTypeDeclaration#getImage
,ASTClassOrInterfaceDeclaration#getImage
, andASTEnumDeclaration#getImage
.- Several methods of
ASTTryStatement
, replacements with other names have been added. This includes the XPath attribute@Finally
, replace it with a test forchild::FinallyStatement
. - Several methods named
getGuardExpressionNode
are replaced withgetCondition
. This affects the following nodes: WhileStatement, DoStatement, ForStatement, IfStatement, AssertStatement, ConditionalExpression. ASTYieldStatement
will not implementTypeNode
anymore come 7.0.0. Test the type of the expression nested within it.JavaMetrics
,JavaMetricsComputer
ASTArguments#getArgumentCount
. Usesize
instead.ASTFormalParameters#getParameterCount
. Usesize
instead.
- pmd-apex
In ASTs (JSP)
As part of the changes we’d like to do to AST classes for 7.0.0, we would like to hide some methods and constructors that rule writers should not have access to. The following usages are now deprecated in the JSP AST (with other languages to come):
- Manual instantiation of nodes. Constructors of node classes are deprecated and
marked
InternalApi
. Nodes should only be obtained from the parser, which for rules, means that they never need to instantiate node themselves. Those constructors will be made package private with 7.0.0. - Subclassing of abstract node classes, or usage of their type. The base classes are internal API and will be hidden in version 7.0.0. You should not couple your code to them.
- Setters found in any node class or interface. Rules should consider the AST immutable. We will make those setters package private with 7.0.0.
- The class
JspParser
is deprecated and should not be used directly. UseLanguageVersionHandler#getParser
instead.
Please look at net.sourceforge.pmd.lang.jsp.ast
to find out the full list of deprecations.
In ASTs (Velocity)
As part of the changes we’d like to do to AST classes for 7.0.0, we would like to hide some methods and constructors that rule writers should not have access to. The following usages are now deprecated in the VM AST (with other languages to come):
- Manual instantiation of nodes. Constructors of node classes are deprecated and
marked
InternalApi
. Nodes should only be obtained from the parser, which for rules, means that they never need to instantiate node themselves. Those constructors will be made package private with 7.0.0. - Subclassing of abstract node classes, or usage of their type. The base classes are internal API and will be hidden in version 7.0.0. You should not couple your code to them.
- Setters found in any node class or interface. Rules should consider the AST immutable. We will make those setters package private with 7.0.0.
- The package
net.sourceforge.pmd.lang.vm.directive
as well as the classesDirectiveMapper
andLogUtil
are deprecated for removal. They were only used internally during parsing. - The class
VmParser
is deprecated and should not be used directly. UseLanguageVersionHandler#getParser
instead.
Please look at net.sourceforge.pmd.lang.vm.ast
to find out the full list of deprecations.
PLSQL AST
The production and node ASTCursorBody
was unnecessary, not used and has been removed. Cursors have been already
parsed as ASTCursorSpecification
.
External Contributions
- #2251: [java] FP for InvalidLogMessageFormat when using slf4j-Markers - Kris Scheibe
- #2253: [modelica] Remove duplicated dependencies - Piotrek Żygieło
- #2256: [doc] Corrected XML attributes in release notes - Maikel Steneker
- #2276: [java] AppendCharacterWithCharRule ignore literals in expressions - Kris Scheibe
- #2278: [java] fix UnusedImports rule for ambiguous static on-demand imports - Kris Scheibe
- #2279: [apex] Add support for suppressing violations using the // NOPMD comment - Gwilym Kuiper
- #2280: [cs] CPD: Replace C# tokenizer by an Antlr-based one - Maikel Steneker
- #2297: [apex] Cognitive complexity metrics - Gwilym Kuiper
- #2317: [apex] New Rule - Test Methods Must Be In Test Classes - Brian Nørremark
- #2321: [apex] Support switch statements correctly in Cognitive Complexity - Gwilym Kuiper
- #2326: [plsql] Added XML functions to parser: extract(xml), xml_root and fixed xml_forest - Piotr Szymanski
- #2327: [plsql] Parsing of WHERE CURRENT OF added - Piotr Szymanski
- #2331: [plsql] Fix in Comment statement - Piotr Szymanski
- #2332: [plsql] Fixed Execute Immediate statement parsing - Piotr Szymanski
- #2338: [cs] CPD: fixes in filtering of using directives - Maikel Steneker
- #2339: [cs] CPD: Fixed CPD –ignore-usings option - Maikel Steneker
- #2340: [plsql] fix for parsing / as divide or execute - Piotr Szymanski
- #2342: [xml] Update property used in example - Piotrek Żygieło
- #2344: [doc] Update ruleset examples for ant - Piotrek Żygieło
- #2343: [ci] Disable checking for snapshots in jcenter - Piotrek Żygieło
24-January-2020 - 6.21.0
The PMD team is pleased to announce PMD 6.21.0.
This is a minor release.
Table Of Contents
New and noteworthy
Modelica support
Thanks to Anatoly Trosinenko PMD supports now a new language: Modelica is a language to model complex physical systems. Both PMD and CPD are supported and there are already 3 rules available. The PMD Designer supports syntax highlighting for Modelica.
While the language implementation is quite complete, Modelica support is considered experimental for now. This is to allow us to change the rule API (e.g. the AST classes) slightly and improve the implementation based on your feedback.
Simple XML dump of AST
We added a experimental feature to dump the AST of a source file into XML. The XML format is of course PMD specific and language dependent. That XML file can be used to execute (XPath) queries against without PMD. It can also be used as a textual visualization of the AST if you don’t want to use the Designer.
This feature is experimental and might change or even be removed in the future, if it is not useful. A short description how to use it is available under Creating XML dump of the AST.
Any feedback about it, especially about your use cases, is highly appreciated.
Updated Apex Support
- The Apex language support has been bumped to version 48 (Spring ‘20). All new language features are now properly parsed and processed.
CPD XML format
The CPD XML output format has been enhanced to also report column information for found duplications in addition to the line information. This allows to display the exact tokens, that are considered duplicate.
If a CPD language doesn’t provide these exact information, then these additional attributes are omitted.
Each <file>
element in the XML format now has 3 new attributes:
- attribute
endline
- attribute
column
(if there is column information available) - attribute
endcolumn
(if there is column information available)
Modified Rules
-
The Java rule
AvoidLiteralsInIfCondition
(java-errorprone
) has a new propertyignoreExpressions
. This property is set by default totrue
in order to maintain compatibility. If this property is set to false, then literals in more complex expressions are considered as well. -
The Apex rule
ApexCSRF
(apex-errorprone
) has been moved from category “Security” to “Error Prone”. The Apex runtime already prevents DML statements from being executed, but only at runtime. So, if you try to do this, you’ll get an error at runtime, hence this is error prone. See also the discussion on #2064. -
The Java rule
CommentRequired
(java-documentation
) has a new propertyclassCommentRequirement
. This replaces the now deprecated propertyheaderCommentRequirement
, since the name was misleading. (File) header comments are not checked, but class comments are.
Fixed Issues
- apex
- #2208: [apex] ASTFormalComment should implement ApexNode<T>
- core
- #1984: [java] Cyclomatic complexity is misreported (lack of clearing metrics cache)
- #2006: [core] PMD should warn about multiple instances of the same rule in a ruleset
- #2161: [core] ResourceLoader is deprecated and marked as internal but is exposed
- #2170: [core] DocumentFile doesn’t preserve newlines
- doc
- #2214: [doc] Link broken in pmd documentation for writing Xpath rules
- java
- #2212: [java] JavaRuleViolation reports wrong class name
- java-bestpractices
- #2149: [java] JUnitAssertionsShouldIncludeMessage - False positive with assertEquals and JUnit5
- java-codestyle
- #2167: [java] UnnecessaryLocalBeforeReturn false positive with variable captured by method reference
- java-documentation
- #1683: [java] CommentRequired property names are inconsistent
- java-errorprone
- java-performance
- #2141: [java] StringInstatiation: False negative with String-array access
- plsql
API Changes
Deprecated APIs
Internal API
Those APIs are not intended to be used by clients, and will be hidden or removed with PMD 7.0.0.
You can identify them with the @InternalApi
annotation. You’ll also get a deprecation warning.
JavaLanguageHandler
JavaLanguageParser
JavaDataFlowHandler
- Implementations of
RuleViolationFactory
in each language module, egJavaRuleViolationFactory
. See javadoc ofRuleViolationFactory
. -
Implementations of
RuleViolation
in each language module, egJavaRuleViolation
. See javadoc ofRuleViolation
. RuleFactory
RuleBuilder
- Constructors of
RuleSetFactory
, use factory methods fromRulesetsFactoryUtils
instead AbstractApexNode
-
AbstractApexNodeBase
, and the relatedvisit
methods onApexParserVisitor
and its implementations. UseApexNode
instead, now considers comments too. CharStream
,JavaCharStream
,SimpleCharStream
: these are APIs used by our JavaCC implementations and that will be moved/refactored for PMD 7.0.0. They should not be used, extended or implemented directly.- All classes generated by JavaCC, eg
JJTJavaParserState
. This includes token classes, which will be replaced with a single implementation, and subclasses ofParseException
, whose usages will be replaced by just that superclass.
For removal
- pmd-core
- Many methods on the
Node
interface andAbstractNode
base class. See their javadoc for details. Node#isFindBoundary
is deprecated for XPath queries.
- Many methods on the
- pmd-java
AbstractJavaParser
AbstractJavaHandler
ASTAnyTypeDeclaration.TypeKind
ASTAnyTypeDeclaration#getKind
JavaQualifiedName
ASTCatchStatement#getBlock
ASTCompilationUnit#declarationsAreInDefaultPackage
JavaQualifiableNode
net.sourceforge.pmd.lang.java.qname
and its contentsMethodLikeNode
- Its methods will also be removed from its implementations,
ASTMethodOrConstructorDeclaration
,ASTLambdaExpression
.
- Its methods will also be removed from its implementations,
ASTAnyTypeDeclaration#getImage
will be removed. Please usegetSimpleName()
instead. This affectsASTAnnotationTypeDeclaration#getImage
,ASTClassOrInterfaceDeclaration#getImage
, andASTEnumDeclaration#getImage
.- Several methods of
ASTTryStatement
, replacements with other names have been added. This includes the XPath attribute@Finally
, replace it with a test forchild::FinallyStatement
. - Several methods named
getGuardExpressionNode
are replaced withgetCondition
. This affects the following nodes: WhileStatement, DoStatement, ForStatement, IfStatement, AssertStatement, ConditionalExpression. ASTYieldStatement
will not implementTypeNode
anymore come 7.0.0. Test the type of the expression nested within it.
External Contributions
- #2041: [modelica] Initial implementation for PMD - Anatoly Trosinenko
- #2051: [doc] Update the docs on adding a new language - Anatoly Trosinenko
- #2069: [java] CommentRequired: make property names consistent - snuyanzin
- #2169: [modelica] Follow-up fixes for Modelica language module - Anatoly Trosinenko
- #2193: [core] Fix odd logic in test runner - Egor Bredikhin
- #2194: [java] Fix odd logic in AvoidUsingHardCodedIPRule - Egor Bredikhin
- #2195: [modelica] Normalize invalid node ranges - Anatoly Trosinenko
- #2199: [modelica] Fix Javadoc tags - Anatoly Trosinenko
- #2225: [core] CPD: report endLine / column informations for found duplications - Maikel Steneker
29-November-2019 - 6.20.0
The PMD team is pleased to announce PMD 6.20.0.
This is a minor release.
Table Of Contents
Fixed Issues
- apex
- core
- java
- java-bestpractices
- #2016: [java] UnusedImports: False positive if wildcard is used and only static methods
- java-codestyle
- java-design
- java-errorprone
- #2102: [java] False positive MissingStaticMethodInNonInstantiatableClass when inheritors are instantiable
External Contributions
- #2088: [java] Add more version shortcuts for older java - Henning Schmiedehausen
- #2089: [core] Minor unrelated improvements to code - Gonzalo Exequiel Ibars Ingman
- #2091: [core] Fix pmd warnings (IdenticalCatchCases) - Gonzalo Exequiel Ibars Ingman
- #2106: [java] Wrong name for inner classes - Andi Pabst
- #2121: [java] Predicates treated like booleans - Ozan Gulle
31-October-2019 - 6.19.0
The PMD team is pleased to announce PMD 6.19.0.
This is a minor release.
Table Of Contents
New and noteworthy
Updated PMD Designer
This PMD release ships a new version of the pmd-designer. For the changes, see PMD Designer Changelog.
Java Metrics
- The new metric “Class Fan Out Complexity” has been added. See Java Metrics Documentation for details.
Modified Rules
-
The Java rules
InvalidLogMessageFormat
andMoreThanOneLogger
(java-errorprone
) now both support Log4j2. Note that the rule “InvalidSlf4jMessageFormat” has been renamed to “InvalidLogMessageFormat” to reflect the fact, that it now supports more than slf4j. -
The Java rule
LawOfDemeter
(java-design
) ignores now also Builders, that are not assigned to a local variable, but just directly used within a method call chain. The method, that creates the builder needs to end with “Builder”, e.g.newBuilder()
orinitBuilder()
works. This change fixes a couple of false positives. -
The Java rule
DataflowAnomalyAnalysis
(java-errorprone
) doesn’t check for UR anomalies (undefined and then referenced) anymore. These checks were all false-positives, since actual UR occurrences would lead to compile errors. -
The java rule
DoNotUseThreads
(java-multithreading
) has been changed to not report usages ofjava.lang.Runnable
anymore. Just usingRunnable
does not automatically create a new thread. While the check forRunnable
has been removed, the rule now additionally checks for usages ofExecutors
andExecutorService
. Both create new threads, which are not managed by a J2EE server.
Renamed Rules
- The Java rule
InvalidSlf4jMessageFormat
has been renamed toInvalidLogMessageFormat
since it supports now both slf4j and log4j2 message formats.
Fixed Issues
- core
- #1978: [core] PMD fails on excluding unknown rules
- #2014: [core] Making add(SourceCode sourceCode) public for alternative file systems
- #2020: [core] Wrong deprecation warnings for unused XPath attributes
- #2036: [core] Wrong include/exclude patterns are silently ignored
- #2048: [core] Enable type resolution by default for XPath rules
- #2067: [core] Build issue on Windows
- #2068: [core] Rule loader should use the same resources loader for the ruleset
- #2071: [ci] Add travis build on windows
- #2072: [test][core] Not enough info in “test setup error” when numbers of lines do not match
- #2082: [core] Incorrect logging of deprecated/renamed rules
- java
- #2042: [java] PMD crashes with ClassFormatError: Absent Code attribute…
- java-bestpractices
- java-codestyle
- #2017: [java] UnnecessaryFullyQualifiedName triggered for inner class
- java-design
- #1912: [java] Metrics not computed correctly with annotations
- java-errorprone
- java-multithreading
- #1627: [java] DoNotUseThreads should not warn on Runnable
- doc
- #2058: [doc] CLI reference for
-norulesetcompatibility
shows a boolean default value
- #2058: [doc] CLI reference for
API Changes
Deprecated APIs
For removal
- pmd-core
- All the package
net.sourceforge.pmd.dcd
and its subpackages. SeeDCD
. - In
LanguageRegistry
: RuleSet#getExcludePatterns
. Use the new methodgetFileExclusions
instead.RuleSet#getIncludePatterns
. Use the new methodgetFileInclusions
instead.Parser#canParse
Parser#getSuppressMap
RuleBuilder#RuleBuilder
. Use the new constructor with the correct ResourceLoader instead.RuleFactory#RuleFactory
. Use the new constructor with the correct ResourceLoader instead.
- All the package
- pmd-java
CanSuppressWarnings
and its implementationsisSuppressed
getDeclaringType
.isSupressed
ASTMethodDeclarator
getMethodName
getBlock
getParameterCount
- pmd-apex
CanSuppressWarnings
and its implementationsisSupressed
Internal APIs
- pmd-core
- All the package
net.sourceforge.pmd.util
and its subpackages, exceptnet.sourceforge.pmd.util.datasource
andnet.sourceforge.pmd.util.database
. GridBagHelper
ColumnDescriptor
- All the package
External Contributions
- #2010: [java] LawOfDemeter to support inner builder pattern - Gregor Riegler
- #2012: [java] Fixes 336, slf4j log4j2 support - Mark Hall
- #2032: [core] Allow adding SourceCode directly into CPD - Nathan Braun
- #2047: [java] Fix computation of metrics with annotations - Andi Pabst
- #2065: [java] Stop checking UR anomalies - Carlos Macasaet
- #2068: [core] Rule loader should use the same resources loader for the ruleset - Chen Yang
- #2070: [core] Fix renderer tests for windows builds - Saladoc
- #2073: [test][core] Add expected and actual line of numbers to message wording - snuyanzin
- #2076: [java] Add Metric ClassFanOutComplexity - Andi Pabst
- #2078: [java] DoNotUseThreads should not warn on Runnable #1627 - Michael Clay
15-September-2019 - 6.18.0
The PMD team is pleased to announce PMD 6.18.0.
This is a minor release.
Table Of Contents
New and noteworthy
Java 13 Support
This release of PMD brings support for Java 13. PMD can parse Switch Expressions
with the new yield
statement and resolve the type of such an expression.
PMD also parses Text Blocks as String literals.
Note: The Switch Expressions and Text Blocks are a preview language feature of OpenJDK 13
and are not enabled by default. In order to
analyze a project with PMD that uses these language features, you’ll need to enable it via the environment
variable PMD_JAVA_OPTS
and select the new language version 13-preview
:
export PMD_JAVA_OPTS=--enable-preview
./run.sh pmd -language java -version 13-preview ...
Note: Support for the extended break statement introduced in Java 12 as a preview language feature will be removed with the next PMD version 6.19.0.
Full support for Scala
Thanks to Chris Smith PMD now fully supports Scala. Now rules for analyzing Scala code can be developed in addition to the Copy-Paste-Detection (CPD) functionality. There are no rules yet, so contributions are welcome.
Additionally Scala support has been upgraded from 2.12.4 to 2.13.
New rule designer documentation
The documentation for the rule designer is now available on the main PMD documentation page: Rule Designer Reference. Check it out to learn about the usage and features of the rule designer.
New rules
-
The Java rule
AvoidMessageDigestField
(java-bestpractices
) detects fields of the typejava.security.MessageDigest
. Using a message digest instance as a field would need to be synchronized, as it can easily be used by multiple threads. Without synchronization the calculated hash could be entirely wrong. Instead of declaring this as a field and synchronize access to use it from multiple threads, a new instance should be created when needed. This rule is also active when using java’s quickstart ruleset. -
The Apex rule
DebugsShouldUseLoggingLevel
(apex-bestpractices
) detects usages ofSystem.debug()
method calls that are used without specifying the log level. Having the log level specified provides a cleaner log, and improves readability of it.
Modified Rules
- The Java rule
CloseResource
(java-errorprone
) now ignores by default instances ofjava.util.stream.Stream
. These streams areAutoCloseable
, but most streams are backed by collections, arrays, or generating functions, which require no special resource management. However, there are some exceptions: The stream returned byFiles::lines(Path)
is backed by a actual file and needs to be closed. These instances won’t be found by default by the rule anymore.
Fixed Issues
- all
- #1465: [core] Stylesheet pmd-report.xslt fails to display filepath if ‘java’ in path
- #1923: [core] Incremental analysis does not work with shortnames
- #1983: [core] Avoid crashes with analysis cache when classpath references non-existing directories
- #1990: [core] Incremental analysis mixes XPath rule violations
- apex
- java
- #1930: [java] Add Java 13 support
- java-bestpractices
- java-codestyle
- #1951: [java] UnnecessaryFullyQualifiedName rule triggered when variable name clashes with package name
- java-errorprone
- plsql
- #1933: [plsql] ParseException with cursor declared in anonymous block
- #1935: [plsql] ParseException with SELECT INTO record defined as global variable
- #1936: [plslq] ParseException with cursor inside procedure declaration
- #1946: [plsql] ParseException with using TRIM inside IF statements condition
- #1947: [plsql] ParseError - SELECT with FOR UPDATE OF
- #1948: [plsql] ParseException with INSERT INTO using package global variables
- #1950: [plsql] ParseException with UPDATE and package record variable
- #1953: [plsql] ParseException with WITH in CURSOR
API Changes
Changes to Renderer
-
Each renderer has now a new method
Renderer#setUseShortNames
which is used for implementing the “shortnames” CLI option. The method is automatically called by PMD, if this CLI option is in use. When rendering filenames to the report, the new helper methodAbstractRenderer#determineFileName
should be used. This will change the filename to a short name, if the CLI option “shortnames” is used.Not adjusting custom renderers will make them render always the full file names and not honoring the CLI option “shortnames”.
Deprecated APIs
For removal
- The methods
getImportedNameNode
andgetPackage
have been deprecated and will be removed with PMD 7.0.0. - The method
RuleContext#setSourceCodeFilename
has been deprecated and will be removed. The already existing methodRuleContext#setSourceCodeFile
should be used instead. The methodRuleContext#getSourceCodeFilename
still exists and returns just the filename without the full path. - The method
AbstractPMDProcessor#filenameFrom
has been deprecated. It was used to determine a “short name” of the file being analyzed, so that the report can use short names. However, this logic has been moved to the renderers. - The method
Report#metrics
andReport
have been deprecated. They were leftovers from a previous deprecation round targetingStatisticalRule
.
Internal APIs
Those APIs are not intended to be used by clients, and will be hidden or removed with PMD 7.0.0. You can identify them with the @InternalApi
annotation. You’ll also get a deprecation warning.
- pmd-core
- pmd-java
net.sourceforge.pmd.lang.java.typeresolution
: Everything, including subpackages, exceptTypeHelper
andJavaTypeDefinition
.ASTCompilationUnit#getClassTypeResolver
External Contributions
- #1943: [apex] Adds “debug should use logging level” best practice rule for Apex - Renato Oliveira
- #1965: [scala] Use Scalameta for parsing - Chris Smith
- #1970: [java] DoubleBraceInitialization: Fix example - Tobias Weimer
- #1971: [java] 1862 - Message Digest should not be used as class field - AnthonyKot
- #1972: [plsql] ParseError - SELECT with FOR UPDATE OF - Piotr Szymanski
- #1974: [plsql] Fixes for referencing record type variables - Piotr Szymanski
- #1975: [plsql] TRIM function with record type variables - Piotr Szymanski
- #1976: [plsql] Fix for mistaking / for MultiplicativeExpression - Piotr Szymanski
- #1977: [plsql] fix for skipping sql starting with WITH - Piotr Szymanski
- #1986: [plsql] Fix for cursors in anonymous blocks - Piotr Szymanski
- #1994: [core] Resolve pmd-report failure when java folder in filepath - Amish Shah
- #2015: [java] Update doc for unused formal parameter - Amish Shah
28-July-2019 - 6.17.0
The PMD team is pleased to announce PMD 6.17.0.
This is a minor release.
Table Of Contents
New and noteworthy
Updated PMD Designer
This PMD release ships a new version of the pmd-designer. For the changes, see PMD Designer Changelog. It contains a new feature to edit test cases directly within the designer. Any feedback is highly appreciated.
Lua support
Thanks to the contribution from Maikel Steneker, and built on top of the ongoing efforts to fully support Antlr-based languages, PMD now has CPD support for Lua.
Being based on a proper Antlr grammar, CPD can:
- ignore comments
- honor comment-based suppressions
Modified Rules
-
The Java rule
CloseResource
(java-errorprone
) ignores now by defaultjava.io.ByteArrayInputStream
andjava.io.CharArrayWriter
. Such streams/writers do not need to be closed. -
The Java rule
MissingStaticMethodInNonInstantiatableClass
(java-errorprone
) has now the new propertyannotations
. When one of the private constructors is annotated with one of the annotations, then the class is not considered non-instantiatable anymore and no violation will be reported. By default, Spring’s@Autowired
and Java EE’s@Inject
annotations are recognized.
Fixed Issues
- core
- #1913: [core] “-help” CLI option ends with status code != 0
- doc
- #1896: [doc] Error in changelog 6.16.0 due to not properly closed rule tag
- #1898: [doc] Incorrect code example for DoubleBraceInitialization in documentation on website
- #1906: [doc] Broken link for adding own CPD languages
- #1909: [doc] Sample usage example refers to deprecated ruleset “basic.xml” instead of “quickstart.xml”
- java
- #1910: [java] ATFD calculation problem
- java-errorprone
- java-multithreading
- #1903: [java] UnsynchronizedStaticFormatter doesn’t allow block-level synchronization when using allowMethodLevelSynchronization=true
- plsql
- #1902: [pslql] ParseException when parsing (+)
- xml
- #1666: [xml] wrong cdata rule description and examples
External Contributions
- #1869: [xml] fix #1666 wrong cdata rule description and examples - Artem
- #1892: [lua] [cpd] Added CPD support for Lua - Maikel Steneker
- #1905: [java] DataflowAnomalyAnalysis Rule in right order - YoonhoChoi96
- #1908: [doc] Update ruleset filename from deprecated basic.xml to quickstart.xml - crunsk
- #1916: [java] Exclude Autowired and Inject for MissingStaticMethodInNonInstantiatableClass - AnthonyKot
- #1917: [core] Add ‘no error’ return option, and assign it to the cli when the help command is invoked - Renato Oliveira
30-June-2019 - 6.16.0
The PMD team is pleased to announce PMD 6.16.0.
This is a minor release.
Table Of Contents
New and noteworthy
Updated PMD Designer
This PMD release ships a new version of the pmd-designer. For the changes, see PMD Designer Changelog.
PLSQL Grammar Updates
The grammar has been updated to support inline constraints in CREATE TABLE statements. Additionally, the CREATE TABLE statement may now be followed by physical properties and table properties. However, these properties are skipped over during parsing.
The CREATE VIEW statement now supports subquery views.
The EXTRACT function can now be parsed correctly. It is used to extract values from a specified datetime field. Also date time literals are parsed now correctly.
The CASE expression can now be properly used within SELECT statements.
Table aliases are now supported when specifying columns in INSERT INTO clauses.
New Rules
-
The Java rule
DoubleBraceInitialization
(java-bestpractices
) detects non static initializers in anonymous classes also known as “double brace initialization”. This can be problematic, since a new class file is generated and object holds a strong reference to the surrounding class.Note: This rule is also part of the Java quickstart ruleset (
rulesets/java/quickstart.xml
).
Modified Rules
-
The Java rule
UnusedPrivateField
(java-bestpractices
) now ignores by default fields, that are annotated with the Lombok experimental annotation@Delegate
. This can be customized with the propertyignoredAnnotations
. -
The Java rule
SingularField
(java-design
) now ignores by default fields, that are annotated with the Lombok experimental annotation@Delegate
. This can be customized with the propertyignoredAnnotations
. -
The Java rules
UnsynchronizedStaticFormatter
andUnsynchronizedStaticDateFormatter
(java-multithreading
) now prefer synchronized blocks by default. They will raise a violation, if the synchronization is implemented on the method level. To allow the old behavior, the new propertyallowMethodLevelSynchronization
can be enabled. -
The Java rule
UseUtilityClass
(java-design
) has a new propertyignoredAnnotations
. By default, classes that are annotated with Lombok’s@UtilityClass
are ignored now. -
The Java rule
NonStaticInitializer
(java-errorprone
) does not report non static initializers in anonymous classes anymore. For this use case, there is a new rule now:DoubleBraceInitialization
(java-bestpractices
). -
The Java rule
CommentDefaultAccessModifier
(java-codestyle
) was enhanced in the last version 6.15.0 to check also top-level types by default. This created many new violations. Missing the access modifier for top-level types is not so critical, since it only decreases the visibility of the type.The default behaviour has been restored. If you want to enable the check for top-level types, you can use the new property
checkTopLevelTypes
. -
The Java rule
CloseResource
(java-errorprone
) now by default searches for any unclosedjava.lang.AutoCloseable
resource. This includes now the standardjava.io.*Stream
classes. Previously only SQL-related resources were considered by this rule. The types can still be configured via thetypes
property. Some resources do not need to be closed (e.g.ByteArrayOutputStream
). These exceptions can be configured via the new propertyallowedResourceTypes
. In order to restore the old behaviour, just remove the typejava.lang.AutoCloseable
from thetypes
property and keep the remaining SQL-related classes.
Deprecated Rules
- The Java rule
AvoidFinalLocalVariable
(java-codestyle
) has been deprecated and will be removed with PMD 7.0.0. The rule is controversial and also contradicts other existing rules such asLocalVariableCouldBeFinal
. If the goal is to avoid defining constants in a scope smaller than the class, then the ruleAvoidDuplicateLiterals
should be used instead.
Fixed Issues
- apex
- #1664: [apex] False positive ApexSharingViolationsRule, unsupported Apex feature
- java
- #1848: [java] Local classes should preserve their modifiers
- java-bestpractices
- java-codestyle
- java-design
- #1094: [java] UseUtilityClass should be LombokAware
- java-errorprone
- java-multithreading
- plsql
API Changes
Deprecated APIs
Reminder: Please don’t use members marked with the annotation
InternalApi
, as they will likely be removed, hidden, or otherwise intentionally broken with 7.0.0.
In ASTs
As part of the changes we’d like to do to AST classes for 7.0.0, we would like to hide some methods and constructors that rule writers should not have access to. The following usages are now deprecated in the Java AST (with other languages to come):
- Manual instantiation of nodes. Constructors of node classes are deprecated and marked
InternalApi
. Nodes should only be obtained from the parser, which for rules, means that never need to instantiate node themselves. Those constructors will be made package private with 7.0.0. - Subclassing of abstract node classes, or usage of their type. Version 7.0.0 will bring a new set of abstractions that will be public API, but the base classes are and will stay internal. You should not couple your code to them.
- Setters found in any node class or interface. Rules should consider the AST immutable. We will make those setters package private with 7.0.0.
Please look at net.sourceforge.pmd.lang.java.ast
to find out the full list
of deprecations.
External Contributions
- #1482: [java] Explain the existence of AvoidFinalLocalVariable in it’s description - Karl-Philipp Richter
- #1792: [java] Added lombok.experimental to AbstractLombokAwareRule - jakivey32
- #1808: [plsql] Fix PL/SQL Syntax errors - Hugo Araya Nash
- #1829: [java] Fix false negative in UnsynchronizedStaticFormatter - Srinivasan Venkatachalam
- #1847: [java] Regression in MethodReturnsInternalArray not handling enums - Artem
- #1863: [plsql] Add Table InlineConstraint - Hugo Araya Nash
- #1864: [plsql] Add support for Subquery Views - Hugo Araya Nash
- #1865: [plsql] Add Support for Extract Expression - Hugo Araya Nash
- #1874: [plsql] Add parenthesis equation support for Update - Hugo Araya Nash
- #1876: [plsql] Datetime support for queries - Hugo Araya Nash
- #1883: [plsql] Fix #1873 Expression list not working - Hugo Araya Nash
- #1884: [plsql] fix #1878 Support explicit INNER word for INNER JOIN - Hugo Araya Nash
- #1885: [plsql] Correct case expression - Hugo Araya Nash
- #1886: [plsql] Support table alias for Insert Clause - Hugo Araya Nash
26-May-2019 - 6.15.0
The PMD team is pleased to announce PMD 6.15.0.
This is a minor release.
Table Of Contents
New and noteworthy
Enhanced Matlab support
Thanks to the contributions from Maikel Steneker CPD for Matlab can now parse Matlab programs which use the question mark operator to specify access to class members:
classdef Class1
properties (SetAccess = ?Class2)
CPD also understands now double quoted strings, which are supported since version R2017a of Matlab:
str = "This is a string"
Enhanced C++ support
CPD now supports digit separators in C++ (language module “cpp”). This is a C++14 feature.
Example: auto integer_literal = 1'000'000;
The single quotes can be used to add some structure to large numbers.
CPD also parses raw string literals now correctly (see #1784).
New Rules
-
The new Apex rule
FieldNamingConventions
(apex-codestyle
) checks the naming conventions for field declarations. By default this rule uses the standard Apex naming convention (Camel case), but it can be configured through properties. -
The new Apex rule
FormalParameterNamingConventions
(apex-codestyle
) checks the naming conventions for formal parameters of methods. By default this rule uses the standard Apex naming convention (Camel case), but it can be configured through properties. -
The new Apex rule
LocalVariableNamingConventions
(apex-codestyle
) checks the naming conventions for local variable declarations. By default this rule uses the standard Apex naming convention (Camel case), but it can be configured through properties. -
The new Apex rule
PropertyNamingConventions
(apex-codestyle
) checks the naming conventions for property declarations. By default this rule uses the standard Apex naming convention (Camel case), but it can be configured through properties. -
The new Java rule
UseShortArrayInitializer
(java-codestyle
) searches for array initialization expressions, which can be written shorter.
Modified Rules
-
The Apex rule
ClassNamingConventions
(apex-codestyle
) can now be configured using various properties for the specific kind of type declarations (e.g. class, interface, enum). As before, this rule uses by default the standard Apex naming convention (Pascal case). -
The Apex rule
MethodNamingConventions
(apex-codestyle
) can now be configured using various properties to differenciate e.g. static methods and test methods. As before, this rule uses by default the standard Apex naming convention (Camel case). -
The Java rule
FieldNamingConventions
(java-codestyle
) now by default ignores the fieldserialPersistentFields
. Since this is a field which needs to have this special name, no field naming conventions can be applied here. It is excluded the same way likeserialVersionUID
via the propertyexclusions
. -
The Java rule
CommentRequired
(java-documentation
) has a new propertyserialPersistentFieldsCommentRequired
with the default value “Ignored”. This means that from now on comments for the fieldserialPersistentFields
are not required anymore. You can change the property to restore the old behavior. -
The Java rule
ProperLogger
(java-errorprone
) has two new properties to configure the logger class (e.g. “org.slf4j.Logger”) and the logger name of the special case, when the logger is not static. The name of the static logger variable was already configurable. The new property “loggerClass” allows to use this rule for different logging frameworks. This rule covers all the cases of the now deprecated ruleLoggerIsNotStaticFinal
. -
The Java rule
CommentDefaultAccessModifier
(java-codestyle
) now reports also missing comments for top-level classes and annotations, that are package-private.
Deprecated Rules
-
The Apex rule
VariableNamingConventions
(apex-codestyle
) has been deprecated and will be removed with PMD 7.0.0. The rule is replaced by the more general rulesFieldNamingConventions
,FormalParameterNamingConventions
,LocalVariableNamingConventions
, andPropertyNamingConventions
. -
The Java rule
LoggerIsNotStaticFinal
(java-errorprone
) has been deprecated and will be removed with PMD 7.0.0. The rule is replaced byProperLogger
.
Fixed Issues
- apex
- cpp
- #1784: [cpp] Improve support for raw string literals
- dart
- #1809: [dart] [cpd] Parse error with escape sequences
- java
- #1842: [java] Annotated module declarations cause parse error
- java-bestpractices
- #1738: [java] MethodReturnsInternalArray does not work in inner classes
- java-codestyle
- python
- #1810: [python] [cpd] Parse error when using Python 2 backticks
- matlab
API Changes
Deprecated APIs
For removal
- The
DumpFacades
in all languages, that could be used to transform a AST into a textual representation, will be removed with PMD 7. The rule designer is a better way to inspect nodes.net.sourceforge.pmd.lang.apex.ast.DumpFacade
net.sourceforge.pmd.lang.java.ast.DumpFacade
net.sourceforge.pmd.lang.ecmascript.ast.DumpFacade
net.sourceforge.pmd.lang.jsp.ast.DumpFacade
net.sourceforge.pmd.lang.plsql.ast.DumpFacade
net.sourceforge.pmd.lang.vf.ast.DumpFacade
net.sourceforge.pmd.lang.vm.ast.AbstractVmNode#dump
net.sourceforge.pmd.lang.xml.ast.DumpFacade
- The method
LanguageVersionHandler#getDumpFacade
will be removed as well. It is deprecated, along with all its implementations in the subclasses ofLanguageVersionHandler
.
External Contributions
- #1647: [java] Rule to detect overly verbose array initialization - Victor
- #1762: [java] LoggerIsNotStaticFinal and ProperLogger - make class-name configurable - Ivo Šmíd
- #1798: [java] Make CommentDefaultAccessModifier work for top-level classes - Boris Petrov
- #1799: [java] MethodReturnsInternalArray does not work in inner classes - Fixed #1738 - Srinivasan Venkatachalam
- #1802: [python] [cpd] Add support for Python 2 backticks - Maikel Steneker
- #1803: [dart] [cpd] Dart escape sequences - Maikel Steneker
- #1807: [ci] Fix missing local branch issues when executing pmd-regression-tester - BBG
- #1813: [matlab] [cpd] Matlab comments - Maikel Steneker
- #1816: [apex] Fix ApexDoc handling with inner classes - Jeff Hube
- #1817: [apex] Add configurable naming convention rules - Jeff Hube
- #1819: [cpp] [cpd] Add support for digit separators - Maikel Steneker
- #1820: [cpp] [cpd] Improve support for raw string literals - Maikel Steneker
- #1821: [matlab] [cpd] Matlab question mark token - Maikel Steneker
- #1822: [matlab] [cpd] Double quoted string - Maikel Steneker
- #1837: [core] Minor performance improvements - Michael Hausegger
- #1838: [dart] [cpd] Improved string tokenization - Maikel Steneker
- #1840: [java] Whitelist serialPersistentFields - Marcel Härle
28-April-2019 - 6.14.0
The PMD team is pleased to announce PMD 6.14.0.
This is a minor release.
Table Of Contents
New and noteworthy
Dart support
Thanks to the contribution from Maikel Steneker, and built on top of the ongoing efforts to fully support Antlr-based languages, PMD now has CPD support for Dart.
Being based on a proper Antlr grammar, CPD can:
- ignore comments
- ignore imports / libraries
- honor comment-based suppressions
Updated PMD Designer
This PMD release ships a new version of the pmd-designer. For the changes, see PMD Designer Changelog.
Modified Rules
-
The Java rule
AssignmentToNonFinalStatic
(java-errorprone
) will now report on each assignment made within a constructor rather than on the field declaration. This makes it easier for developers to find the offending statements. -
The Java rule
NoPackage
(java-codestyle
) will now report additionally enums and annotations that do not have a package declaration.
Fixed Issues
- all
- go
- #1751: [go] Parsing errors encountered with escaped backslash
- java
- java-bestpractices
- java-codestyle
- java-design
- #1760: [java] UseObjectForClearerAPI flags private methods
API Changes
No changes.
External Contributions
- #1745: [doc] Fixed some errors in docs - 0xflotus
- #1746: [java] Update rule to prevent UnusedImport when using JavaDoc with array type - itaigilo
- #1752: [java] UseObjectForClearerAPI Only For Public - Björn Kautler
- #1761: [dart] [cpd] Added CPD support for Dart - Maikel Steneker
- #1776: [java] Show more detailed message when can’t resolve field type - Andrey Fomin
- #1781: [java] Location change in AssignmentToNonFinalStatic - Maikel Steneker
- #1789: [cpd] [core] Use current classloader instead of Thread’s classloader - Andreas Schmid
- #1791: [dart] [cpd] Dart escaped string - Maikel Steneker
31-March-2019 - 6.13.0
The PMD team is pleased to announce PMD 6.13.0.
This is a minor release.
Table Of Contents
New and noteworthy
Call For Logo
We are still searching for a new logo for PMD for the next major release.
Learn more about how to participate on github issue 1663.
Java 12 Support
This release of PMD brings support for Java 12. PMD can parse the new Switch Expressions and resolve the type of such an expression.
Note: The Switch Expressions are a preview language feature of OpenJDK 12 and are not enabled by default. In order to
analyze a project with PMD that uses these language features, you’ll need to enable it via the new environment
variable PMD_JAVA_OPTS
:
export PMD_JAVA_OPTS=--enable-preview
./run.sh pmd ...
Quickstart Ruleset for Apex
PMD provides now a quickstart ruleset for Salesforce.com Apex, which you can use as a base ruleset to
get your custom ruleset started. You can reference it with rulesets/apex/quickstart.xml
.
You are strongly encouraged to create your own ruleset
though.
The quickstart ruleset has the intention, to be useful out-of-the-box for many projects. Therefore it references only rules, that are most likely to apply everywhere.
Any feedback would be greatly appreciated.
PMD Designer
The rule designer’s codebase has been moved out of the main repository and will be developed at pmd/pmd-designer from now on. The maven coordinates will stay the same for the time being. The designer will still be shipped with PMD’s binaries.
Improved Apex Support
- Many AST nodes now expose more information which makes it easier to write XPath-based rules for Apex. Here are
some examples:
Annotation[@Resolved = false()]
finds unsupported annotations.AnnotationParameter[@Name='RestResource'][@Value='/myurl']
gives access to annotation parameters.CatchBlockStatement[@ExceptionType='Exception'][@VariableName='e']
finds catch block for specific exception types.Field[@Type='String']
find all String fields,Field[string-length(@Name) < 5]
finds all fields with short names andField[@Value='a']
find alls fields, that are initialized with a specific value.LiteralExpression[@String = true()]
finds all String literals. There are attributes for each type:@Boolean
,@Integer
,@Double
,@Long
,@Decimal
,@Null
.Method[@Constructor = true()]
selects all constructors.Method[@ReturnType = 'String']
selects all methods that return a String.- The
ModifierNode
node has a couple of attributes to check for the existence of specific modifiers:@Test
,@TestOrTestSetup
,@WithSharing
,@WithoutSharing
,@InheritedSharing
,@WebService
,@Global
,@Override
. - Many nodes now expose their type. E.g. with
Parameter[@Type='Integer']
you can find all method parameters of type Integer. The same attributeType
exists as well for:NewObjectExpression
,Property
,VariableDeclaration
. VariableExpression[@Image='i']
finds all variable usages of the variable “i”.
New Rules
-
The new Java rule
AvoidUncheckedExceptionsInSignatures
(java-design
) finds methods or constructors that declare unchecked exceptions in theirthrows
clause. This forces the caller to handle the exception, even though it is a runtime exception. -
The new Java rule
DetachedTestCase
(java-errorprone
) searches for public methods in test classes, which are not annotated with@Test
. These methods might be test cases where the annotation has been forgotten. Because of that those test cases are never executed. -
The new Java rule
WhileLoopWithLiteralBoolean
(java-bestpractices
) finds Do-While-Loops and While-Loops that can be simplified since they use simplytrue
orfalse
as their loop condition. -
The new Apex rule
ApexAssertionsShouldIncludeMessage
(apex-bestpractices
) searches for assertions in unit tests and checks, whether they use a message argument. -
The new Apex rule
ApexUnitTestMethodShouldHaveIsTestAnnotation
(apex-bestpractices
) searches for methods in test classes, which are missing the@IsTest
annotation. -
The new PLSQL rule
AvoidTabCharacter
(plsql-codestyle
) checks, that there are no tab characters (“\t”) in the source file. -
The new PLSQL rule
LineLength
(plsql-codestyle
) helps to enforce a maximum line length.
Fixed Issues
- doc
- #1721: [doc] Documentation provides an invalid property configuration example
- java
- #1537: [java] Java 12 support
- java-bestpractices
- #1701: [java] UseTryWithResources does not handle multiple argument close methods
- java-codestyle
- java-errorprone
- #1570: [java] AvoidDuplicateLiterals warning about deprecated separator property when not used
- plsql
- #1510: [plsql] Support XMLTABLE functions
- #1716: [plsql] Support access to whole plsql code
- #1731: [pslql] ParseException when parsing ELSIF
- #1733: [plsql] % not supported in “TestSearch%notfound”
- #1734: [plsql] TooManyMethods false-negative
- #1735: [plsql] False-negatives for TO_DATE_TO_CHAR, TO_DATEWithoutDateFormat, TO_TIMESTAMPWithoutDateFormat
API Changes
Command Line Interface
The start scripts run.sh
, pmd.bat
and cpd.bat
support the new environment variable PMD_JAVA_OPTS
.
This can be used to set arbitrary JVM options for running PMD, such as memory settings (e.g. PMD_JAVA_OPTS=-Xmx512m
)
or enable preview language features (e.g. PMD_JAVA_OPTS=--enable-preview
).
The previously available variables such as OPTS
or HEAPSIZE
are deprecated and will be removed with PMD 7.0.0.
Deprecated API
-
CodeClimateRule
is deprecated in 7.0.0 because it was unused for 2 years and created an unwanted dependency. Properties “cc_categories”, “cc_remediation_points_multiplier”, “cc_block_highlighting” will also be removed. See #1702 for more. -
The Apex ruleset
rulesets/apex/ruleset.xml
has been deprecated and will be removed in 7.0.0. Please use the new quickstart rulesetrulesets/apex/quickstart.xml
instead.
External Contributions
- #1694: [apex] New rules for test method and assert statements - triandicAnt
- #1697: [doc] Update CPD documentation - Matías Fraga
- #1704: [java] Added AvoidUncheckedExceptionsInSignatures Rule - Bhanu Prakash Pamidi
- #1706: [java] Add DetachedTestCase rule - David Burström
- #1709: [java] Detect while loops with literal booleans conditions - David Burström
- #1717: [java] Fix false positive in useTryWithResources when using a custom close method with multiple arguments - Rishabh Jain
- #1724: [doc] Correct property override example - Felix W. Dekker
- #1737: [java] fix escaping of CommentDefaultAccessModifier documentation - itaigilo
24-February-2019 - 6.12.0
The PMD team is pleased to announce PMD 6.12.0.
This is a minor release.
Table Of Contents
New and noteworthy
Call For Logo
PMD’s logo was great for a long time. But now we want to take the opportunity with the next major release to change our logo in order to use a more “politically correct” one.
Learn more about how to participate on github issue 1663.
CPD Suppression for Antlr-based languages
ITBA students Matías Fraga,
Tomi De Lucca and Lucas Soncini
keep working on bringing full Antlr support to PMD. For this release, they have implemented
token filtering in an equivalent way as we did for JavaCC languages, adding support for CPD
suppressions through CPD-OFF
and CPD-ON
comments for all Antlr-based languages.
This means, you can now ignore arbitrary blocks of code on:
- Go
- Kotlin
- Swift
Simply start the suppression with any comment (single or multiline) containing CPD-OFF
,
and resume again with a comment containing CPD-ON
.
More information is available in the user documentation.
PL/SQL Grammar improvements
- In this release, many more parser bugs in our PL/SQL support have been fixed. This adds more complete support for UPDATE statements and subqueries and hierarchical queries in SELECT statements.
- Support for analytic functions such as LISTAGG has been added.
- Conditions in WHERE clauses support now REGEX_LIKE and multiset conditions.
New Rules
- The new Java rule
UseTryWithResources
(java-bestpractices
) searches for try-blocks, that could be changed to a try-with-resources statement. This statement ensures that each resource is closed at the end of the statement and is available since Java 7.
Modified Rules
- The Apex rule
MethodNamingConventions
(apex-codestyle
) has a new propertyskipTestMethodUnderscores
, which is by default disabled. The new property allows for ignoring all test methods, either using thetestMethod
modifier or simply annotating them@isTest
.
Fixed Issues
- all
- java-bestpractices
- java-codestyle
- java-design
- #1641: [java] False-positive with Lombok and inner classes
- java-errorprone
- #780: [java] BeanMembersShouldSerializeRule does not recognize lombok accessors
- java-multithreading
- #1633: [java] UnsynchronizedStaticFormatter reports commons lang FastDateFormat
- java-performance
- #1632: [java] ConsecutiveLiteralAppends false positive over catch
- plsql
- designer
- #1679: [ui] No default language version selected
API Changes
No changes.
External Contributions
- #1623: [java] Fix lombok.AllArgsConstructor support - Bobby Wertman
- #1625: [java] UnusedImports false positive for method parameter type in @see Javadoc - Shubham
- #1628: [java] LinguisticNaming should ignore overriden methods - Shubham
- #1634: [java] BeanMembersShouldSerializeRule does not recognize lombok accessors - Shubham
- #1635: [java] UnsynchronizedStaticFormatter reports commons lang FastDateFormat - Shubham
- #1637: [java] Compile time constants initialized by literals avoided by AccessorMethodGenerationRule - Shubham
- #1640: [java] Update instead of override classHasLombokAnnotation flag - Phokham Nonava
- #1644: [apex] Add property to allow apex test methods to contain underscores - Tom
- #1645: [java] ConsecutiveLiteralAppends false positive - Shubham
- #1646: [java] UseDiamondOperator doesn’t work with var - Shubham
- #1654: [core] Antlr token filter - Tomi De Lucca
- #1655: [kotlin] Kotlin tokenizer refactor - Lucas Soncini
- #1686: [doc] Replaced wrong escaping with “>” - Himanshu Pandey
27-January-2019 - 6.11.0
The PMD team is pleased to announce PMD 6.11.0.
This is a minor release.
Table Of Contents
New and noteworthy
Updated Apex Support
- The Apex language support has been bumped to version 45 (Spring ‘19). All new language features are now properly parsed and processed.
- Many nodes now expose more informations, such as the operator for BooleanExpressions. This makes these operators
consumable by XPath rules, e.g.
//BooleanExpression[@Operator='&&']
.
PL/SQL Grammar improvements
- In this release, many parser bugs in our PL/SQL support have been fixed. This adds e.g. support for
table collection expressions (
SELECT * FROM TABLE(expr)
). - Support for parsing insert statements has been added.
- More improvements are planned for the next release of PMD.
New Rules
-
The new Java rule
UnsynchronizedStaticFormatter
(java-multithreading
) detects unsynchronized usages of staticjava.text.Format
instances. This rule is a more generic replacement of the ruleUnsynchronizedStaticDateFormatter
which focused just onDateFormat
. -
The new Java rule
ForLoopVariableCount
(java-bestpractices
) checks for the number of control variables in a for-loop. Having a lot of control variables makes it harder to understand what the loop does. The maximum allowed number of variables is by default 1 and can be configured by a property. -
The new Java rule
AvoidReassigningLoopVariables
(java-bestpractices
) searches for loop variables that are reassigned. Changing the loop variables additionally to the loop itself can lead to hard-to-find bugs. -
The new Java rule
UseDiamondOperator
(java-codestyle
) looks for constructor calls with explicit type parameters. Since Java 1.7, these type parameters are not necessary anymore, as they can be inferred now.
Modified Rules
- The Java rule
LocalVariableCouldBeFinal
(java-codestyle
) has a new propertyignoreForEachDecl
, which is by default disabled. The new property allows for ignoring non-final loop variables in a for-each statement.
Deprecated Rules
- The Java rule
UnsynchronizedStaticDateFormatter
has been deprecated and will be removed with PMD 7.0.0. The rule is replaced by the more generalUnsynchronizedStaticFormatter
.
Fixed Issues
- core
- apex
- java
- java-bestpractices
- java-codestyle
- java-errorprone
- java-multithreading
- #1533: [java] New rule: UnsynchronizedStaticFormatter
- plsql
-
#1507: [plsql] Parse Exception when using ‘ ’ operator in where clause - #1508: [plsql] Parse Exception when using SELECT COUNT(*)
- #1509: [plsql] Parse Exception with OUTER/INNER Joins
- #1511: [plsql] Parse Exception with IS NOT NULL
- #1526: [plsql] ParseException when using TableCollectionExpression
- #1583: [plsql] Update Set Clause should allow multiple columns
- #1586: [plsql] Parse Exception when functions are used with LIKE
- #1588: [plsql] Parse Exception with function calls in WHERE clause
-
API Changes
StatisticalRule
and the related helper classes and base rule classes are deprecated for removal in 7.0.0. This includes all ofnet.sourceforge.pmd.stat
andnet.sourceforge.pmd.lang.rule.stat
, and alsoAbstractStatisticalJavaRule
,AbstractStatisticalApexRule
and the like. The methodsReport#addMetric
andmetricAdded
will also be removed.setProperty
is deprecated, becauseMultiValuePropertyDescriptor
is deprecated as well
External Contributions
- #1503: [java] Fix for ReturnFromFinallyBlock false-positives - RishabhDeep Singh
- #1514: [java] LocalVariableCouldBeFinal: allow excluding the variable in a for-each loop - Kris Scheibe
- #1516: [java] OneDeclarationPerLine: Don’t report multiple variables in a for statement. - Kris Scheibe
- #1520: [java] New rule: ForLoopVariableCount: check the number of control variables in a for loop - Kris Scheibe
- #1521: [java] Upgrade to ASM7 for JDK 11 support - Mark Pritchard
- #1530: [java] New rule: AvoidReassigningLoopVariables - Kris Scheibe
- #1534: [java] This is the change regarding the usediamondoperator #1517 - hemanshu070
- #1545: [doc] fixing dead links + tool to check for dead links automatically - Kris Scheibe
- #1551: [java] InvalidSlf4jMessageFormatRule should not throw NPE for enums - Robbie Martinus
- #1552: [core] Upgrading Google Gson from 2.5 to 2.8.5 - Thunderforge
- #1553: [core] Upgrading System Rules dependency from 1.8.0 to 1.19.0 - Thunderforge
- #1554: [plsql] updates should allow for multiple statements - tashiscool
- #1584: [core] Fixes 1196: inconsistencies of clones returned by different CPD executions for the same files - Bruno Ferreira
09-December-2018 - 6.10.0
The PMD team is pleased to announce PMD 6.10.0.
This is a minor release.
Table Of Contents
New and noteworthy
Kotlin support for CPD
Thanks to Maikel Steneker, CPD now supports Kotlin. This means, you can use CPD to find duplicated code in your Kotlin projects.
New Rules
- The new Java rule
UseUnderscoresInNumericLiterals
(java-codestyle
) verifies that numeric literals over a given length (4 chars by default, but configurable) are using underscores every 3 digits for readability. The rule only applies to Java 7+ codebases.
Modified Rules
-
The Java rule
JUnitTestsShouldIncludeAssert
(java-bestpractices
) now also detects Soft Assertions. -
The property
exceptionfile
of the ruleAvoidDuplicateLiterals
(java-errorprone
) has been deprecated and will be removed with 7.0.0. Please useexceptionList
instead.
Fixed Issues
- all
- #1284: [doc] Keep record of every currently deprecated API
- #1318: [test] Kotlin DSL to ease test writing
- #1328: [ci] Building docs for release fails
- #1341: [doc] Documentation Error with Regex Properties
- #1468: [doc] Missing escaping leads to XSS
- #1471: [core] XMLRenderer: ProcessingErrors from exceptions without a message missing
- #1477: [core] Analysis cache fails with wildcard classpath entries
- java
- #1460: [java] Intermittent PMD failure : PMD processing errors while no violations reported
- java-bestpractices
- java-codestyle
- java-design
- java-errorprone
- #1512: [java] InvalidSlf4jMessageFormatRule causes NPE in lambda and static blocks
- plsql
- #1454: [plsql] ParseException for IF/CASE statement with >=, <=, !=
API Changes
Properties framework
The properties framework is about to get a lifting, and for that reason, we need to deprecate a lot of APIs to remove them in 7.0.0. The proposed changes to the API are described on the wiki
Changes to how you define properties
-
Construction of property descriptors has been possible through builders since 6.0.0. The 7.0.0 API will only allow construction through builders. The builder hierarchy, currently found in the package
net.sourceforge.pmd.properties.builders
, is being replaced by the simplerPropertyBuilder
. Their APIs enjoy a high degree of source compatibility. -
Concrete property classes like
IntegerProperty
andStringMultiProperty
will gradually all be deprecated until 7.0.0. Their usages should be replaced by direct usage of thePropertyDescriptor
interface, e.g.PropertyDescriptor<Integer>
orPropertyDescriptor<List<String>>
. -
Instead of spreading properties across countless classes, the utility class
PropertyFactory
will become from 7.0.0 on the only provider for property descriptor builders. Each current property type will be replaced by a corresponding method onPropertyFactory
:IntegerProperty
is replaced byPropertyFactory#intProperty
IntegerMultiProperty
is replaced byPropertyFactory#intListProperty
FloatProperty
andDoubleProperty
are both replaced byPropertyFactory#doubleProperty
. Having a separate property for floats wasn’t that useful.- Similarly,
FloatMultiProperty
andDoubleMultiProperty
are replaced byPropertyFactory#doubleListProperty
.
- Similarly,
StringProperty
is replaced byPropertyFactory#stringProperty
StringMultiProperty
is replaced byPropertyFactory#stringListProperty
-
RegexProperty
is replaced byPropertyFactory#regexProperty
EnumeratedProperty
is replaced byPropertyFactory#enumProperty
EnumeratedProperty
is replaced byPropertyFactory#enumListProperty
BooleanProperty
is replaced byPropertyFactory#booleanProperty
- Its multi-valued counterpart,
BooleanMultiProperty
, is not replaced, because it doesn’t have a use case.
- Its multi-valued counterpart,
CharacterProperty
is replaced byPropertyFactory#charProperty
CharacterMultiProperty
is replaced byPropertyFactory#charListProperty
LongProperty
is replaced byPropertyFactory#longIntProperty
LongMultiProperty
is replaced byPropertyFactory#longIntListProperty
MethodProperty
,FileProperty
,TypeProperty
and their multi-valued counterparts are discontinued for lack of a use-case, and have no planned replacement in 7.0.0 for now.
Here’s an example:
// Before 7.0.0, these are equivalent:
IntegerProperty myProperty = new IntegerProperty("score", "Top score value", 1, 100, 40, 3.0f);
IntegerProperty myProperty = IntegerProperty.named("score").desc("Top score value").range(1, 100).defaultValue(40).uiOrder(3.0f);
// They both map to the following in 7.0.0
PropertyDescriptor<Integer> myProperty = PropertyFactory.intProperty("score").desc("Top score value").require(inRange(1, 100)).defaultValue(40);
You’re highly encouraged to migrate to using this new API as soon as possible, to ease your migration to 7.0.0.
Architectural simplifications
-
EnumeratedPropertyDescriptor
,NumericPropertyDescriptor
,PackagedPropertyDescriptor
, and the related builders (innet.sourceforge.pmd.properties.builders
) will be removed. These specialized interfaces allowed additional constraints to be enforced on the value of a property, but made the property class hierarchy very large and impractical to maintain. Their functionality will be mapped uniformly toPropertyConstraint
s, which will allow virtually any constraint to be defined, and improve documentation and error reporting. The related methodsPropertyTypeId#isPropertyNumeric
andPropertyTypeId#isPropertyPackaged
are also deprecated. -
MultiValuePropertyDescriptor
andSingleValuePropertyDescriptor
are deprecated. 7.0.0 will introduce a new XML syntax which will remove the need for such a divide between single- and multi-valued properties. The methodPropertyDescriptor#isMultiValue
will be removed accordingly.
Changes to the PropertyDescriptor interface
preferredRowCount
is deprecated with no intended replacement. It was never implemented, and does not belong in this interface. The methodsuiOrder
andcompareTo(PropertyDescriptor)
are deprecated for the same reason. These methods mix presentation logic with business logic and are not necessary for PropertyDescriptors to work.PropertyDescriptor
will not extendComparable<PropertyDescriptor>
anymore come 7.0.0.- The method
propertyErrorFor
is deprecated and will be removed with no intended replacement. It’s really just a shortcut forprop.errorFor(rule.getProperty(prop))
. T
valueFrom(String)
andString
asDelimitedString
(T)
are deprecated and will be removed. These were used to serialize and deserialize properties to/from a string, but 7.0.0 will introduce a more flexible XML syntax which will make them obsolete.isMultiValue
andtype
are deprecated and won’t be replaced. The new XML syntax will remove the need for a divide between multi- and single-value properties, and will allow arbitrary types to be represented. Since arbitrary types may be represented,type
will become obsolete as it can’t represent generic types, which will nevertheless be representable with the XML syntax. It was only used for documentation, but a new way to document these properties exhaustively will be added with 7.0.0.errorFor
is deprecated as its return type will be changed toOptional<String>
with the shift to Java 8.
Deprecated APIs
For internalization
-
The implementation of the adapters for the XPath engines Saxon and Jaxen (package
net.sourceforge.pmd.lang.ast.xpath
) are now deprecated. They’ll be moved to an internal package come 7.0.0. OnlyAttribute
remains public API. -
The classes
PropertyDescriptorField
,PropertyDescriptorBuilderConversionWrapper
, and the methodsPropertyDescriptor#attributeValuesById
,PropertyDescriptor#isDefinedExternally
andPropertyTypeId#getFactory
. These were used to read and write properties to and from XML, but were not intended as public API. -
The class
ValueParserConstants
and the interfaceValueParser
. -
All classes from
net.sourceforge.pmd.lang.java.metrics.impl.visitors
are now considered internal API. They’re deprecated and will be moved into an internal package with 7.0.0. To implement your own metrics visitors,JavaParserVisitorAdapter
should be directly subclassed. -
LanguageVersionHandler#getDataFlowHandler()
,LanguageVersionHandler#getDFAGraphRule()
For removal
-
All classes from
net.sourceforge.pmd.properties.modules
will be removed. -
The interface
Dimensionable
has been deprecated. It gets in the way of a grammar change for 7.0.0 and won’t be needed anymore (see #997). -
Several methods from
ASTLocalVariableDeclaration
andASTFieldDeclaration
have also been deprecated:-
ASTFieldDeclaration
won’t be aTypeNode
come 7.0.0, sogetType
andgetTypeDefinition
are deprecated. -
The method
getVariableName
on those two nodes will be removed, too.
All these are deprecated because those nodes may declare several variables at once, possibly with different types (and obviously with different names). They both implement
Iterator<
ASTVariableDeclaratorId
>
though, so you should iterate on each declared variable. See #910. -
-
Visitor decorators are now deprecated and will be removed in PMD 7.0.0. They were originally a way to write composable visitors, used in the metrics framework, but they didn’t prove cost-effective.
- In
net.sourceforge.pmd.lang.java.ast
:JavaParserDecoratedVisitor
,JavaParserControllessVisitor
,JavaParserControllessVisitorAdapter
, andJavaParserVisitorDecorator
are deprecated with no intended replacement.
- In
-
The LanguageModules of several languages, that only support CPD execution, have been deprecated. These languages are not fully supported by PMD, so having a language module does not make sense. The functionality of CPD is not affected by this change. The following classes have been deprecated and will be removed with PMD 7.0.0:
CppHandler
CppLanguageModule
CppParser
CsLanguageModule
FortranLanguageModule
GroovyLanguageModule
MatlabHandler
MatlabLanguageModule
MatlabParser
ObjectiveCHandler
ObjectiveCLanguageModule
ObjectiveCParser
PhpLanguageModule
PythonHandler
PythonLanguageModule
PythonParser
RubyLanguageModule
ScalaLanguageModule
SwiftLanguageModule
-
Optional AST processing stages like symbol table, type resolution or data-flow analysis will be reified in 7.0.0 to factorise common logic and make them extensible. Further explanations about this change can be found on #1426. Consequently, the following APIs are deprecated for removal:
- In
Rule
:isDfa()
,isTypeResolution()
,isMultifile()
and their respective setters. - In
RuleSet
:usesDFA(Language)
,usesTypeResolution(Language)
,usesMultifile(Language)
- In
RuleSets
:usesDFA(Language)
,usesTypeResolution(Language)
,usesMultifile(Language)
- In
LanguageVersionHandler
:getDataFlowFacade()
,getSymbolFacade()
,getSymbolFacade(ClassLoader)
,getTypeResolutionFacade(ClassLoader)
,getQualifiedNameResolutionFacade(ClassLoader)
- In
External Contributions
- #1384: [java] New Rule - UseUnderscoresInNumericLiterals - RajeshR
- #1424: [doc] #1341 Updating Regex Values in default Value Property - avishvat
- #1428: [core] Upgrading JCommander from 1.48 to 1.72 - Thunderforge
- #1430: [doc] Who really knows regex? - Dem Pilafian
- #1434: [java] JUnitTestsShouldIncludeAssert: Recognize AssertJ soft assertions as valid assert statements - Loïc Ledoyen
- #1439: [java] Avoid FileInputStream and FileOutputStream - reudismam
- #1441: [kotlin] [cpd] Added CPD support for Kotlin - Maikel Steneker
- #1447: [fortran] Use diamond operator in impl - reudismam
- #1453: [java] Adding the fix for #1440. Showing correct message for CommentDefaultAccessmodifier. - Rohit Kumar
- #1457: [java] Adding test for Issue #647 - orimarko
- #1464: [doc] Fix XSS on documentation web page - Maxime Robert
- #1469: [core] Configurable max loops in DAAPathFinder - Alberto Fernández
- #1494: [java] 1151: Rephrase ImmutableField documentation in design.xml - Robbie Martinus
- #1504: [java] NPE in InvalidSlf4jMessageFormatRule if a logger call with a variable as parameter is not inside a method or constructor - kris-scheibe
28-October-2018 - 6.9.0
The PMD team is pleased to announce PMD 6.9.0.
This is a minor release.
Table Of Contents
New and noteworthy
Improved Golang CPD Support
Thanks to the work of ITBA students Matías Fraga, Tomi De Lucca and Lucas Soncini, Golang is now backed by a proper Antlr Grammar. This means CPD is now better at detecting duplicates, as comments are recognized as such and ignored.
New Rules
- The new PLSQL rule
CodeFormat
(plsql-codestyle
) verifies that PLSQL code is properly formatted. It checks e.g. for correct indentation in select statements and verifies that each parameter is defined on a separate line.
Fixed Issues
- all
- #649: [core] Exclude specific files from command line
- #1272: [core] Could not find or load main class when using symlinked run.sh
- #1377: [core] LanguageRegistry uses default class loader when invoking ServiceLocator
- #1394: [doc] How to configure “-cache
" - #1412: [doc] Broken link to adding new cpd language documentation
- apex
- #1396: [apex] ClassCastException caused by Javadoc
- java
- #1330: [java] PMD crashes with java.lang.ClassFormatError: Absent Code attribute in method that is not native or abstract in class file javax/xml/ws/Service
- java-bestpractices
- #1202: [java] GuardLogStatement: “There is log block not surrounded by if” doesn’t sound right
- #1209: [java] UnusedImports false positive for static import with package-private method usage
- #1343: [java] Update CommentDefaultAccessModifierRule to extend AbstractIgnoredAnnotationRule
- #1365: [java] JUnitTestsShouldIncludeAssert false positive
- #1404: [java] UnusedImports false positive with static ondemand import with method call
- java-codestyle
- java-design
- #1369: [java] Processing error (ClassCastException) if a TYPE_USE annotation is used on a base class in the “extends” clause
- jsp
- #1402: [jsp] JspTokenManager has a problem about jsp scriptlet
- documentation
- #1349: [doc] Provide some explanation for WHY duplicate code is bad, like mutations
API Changes
- PMD has a new CLI option
-ignorelist
. With that, you can provide a file containing a comma-delimit list of files, that should be excluded during analysis. The ignorelist is applied after the files have been selected via-dir
or-filelist
, which means, if the file is in both lists, then it will be ignored. Note: there is no corresponding option for the Ant task, since the feature is already available via Ant’s FileSet include/exclude filters.
External Contributions
- #1338: [core] [cpd] Generalize ANTLR tokens preparing support for ANTLR token filter - Matías Fraga and Tomi De Lucca
- #1361: [doc] Update cpd.md with information about risks - David M. Karr
- #1366: [java] Static Modifier on Internal Interface pmd #1356 - avishvat
- #1368: [doc] Updated outdated note in the building documentation. - Maikel Steneker
- #1374: [java] Simplify check for ‘Test’ annotation in JUnitTestsShouldIncludeAssertRule. - Will Winder
- #1375: [java] Add missing null check AbstractJavaAnnotatableNode - Will Winder
- #1376: [all] Upgrading Apache Commons IO from 2.4 to 2.6 - Thunderforge
- #1378: [all] Upgrading Apache Commons Lang 3 from 3.7 to 3.8.1 - Thunderforge
- #1382: [all] Replacing deprecated IO methods with ones that specify a charset - Thunderforge
- #1383: [java] Improved message for GuardLogStatement rule - Felix Lampe
- #1386: [go] [cpd] Add CPD support for Antlr based grammar on Golang - Matías Fraga
- #1398: [all] Upgrading SLF4J from 1.7.12 to 1.7.25 - Thunderforge
- #1400: [java] Fix Issue 1343: Update CommentDefaultAccessModifierRule - CrazyUnderdog
- #1401: [all] Replacing IOUtils.closeQuietly(foo) with try-with-resources statements - Thunderforge
- #1406: [jsp] Fix issue 1402: JspTokenManager has a problem about jsp scriptlet - JustPRV
- #1411: [core] Add ignore file path functionality - Jon Moroney
- #1414: [doc] Fix broken link. Fixes #1412 - Johan Hammar
30-September-2018 - 6.8.0
The PMD team is pleased to announce PMD 6.8.0.
This is a minor release.
Table Of Contents
New and noteworthy
Drawing a line between private and public API
Until now, all released public members and types were implicitly considered part of PMD’s public API, including inheritance-specific members (protected members, abstract methods). We have maintained those APIs with the goal to preserve full binary compatibility between minor releases, only breaking those APIs infrequently, for major releases.
In order to allow PMD to move forward at a faster pace, this implicit contract will be invalidated with PMD 7.0.0. We now introduce more fine-grained distinctions between the type of compatibility support we guarantee for our libraries, and ways to make them explicit to clients of PMD.
.internal
packages and @InternalApi
annotation
Internal API is meant for use only by the main PMD codebase. Internal types and methods may be modified in any way, or even removed, at any time.
Any API in a package that contains an .internal
segment is considered internal.
The @InternalApi
annotation will be used for APIs that have to live outside of
these packages, e.g. methods of a public type that shouldn’t be used outside of PMD (again,
these can be removed anytime).
@ReservedSubclassing
Types marked with the @ReservedSubclassing
annotation are only meant to be subclassed
by classes within PMD. As such, we may add new abstract methods, or remove protected methods,
at any time. All published public members remain supported. The annotation is not inherited, which
means a reserved interface doesn’t prevent its implementors to be subclassed.
@Experimental
APIs marked with the @Experimental
annotation at the class or method level are subject to change.
They can be modified in any way, or even removed, at any time. You should not use or rely
on them in any production code. They are purely to allow broad testing and feedback.
@Deprecated
APIs marked with the @Deprecated
annotation at the class or method level will remain supported
until the next major release but it is recommended to stop using them.
The transition
All currently supported APIs will remain so until 7.0.0. All APIs that are to be moved to
.internal
packages or hidden will be tagged @InternalApi
before that major release, and
the breaking API changes will be performed in 7.0.0.
Quickstart Ruleset
PMD 6.8.0 provides a first quickstart ruleset for Java, which you can use as a base ruleset to get your
custom ruleset started. You can reference it with rulesets/java/quickstart.xml
.
You are strongly encouraged to create your own ruleset
though.
The quickstart ruleset has the intention, to be useful out-of-the-box for many projects. Therefore it references only rules, that are most likely to apply everywhere.
Any feedback would be greatly appreciated.
New Rules
- The new Apex rule
ApexDoc
(apex-documentation
) enforces the inclusion of ApexDoc on classes, interfaces, properties and methods; as well as some sanity rules for such docs (no missing parameters, parameters’ order, and return value). By default, method overrides and test classes are allowed to not include ApexDoc.
Modified Rules
- The rule
MissingSerialVersionUID
(java-errorprone
) has been modified in order to recognize also missingserialVersionUID
fields in abstract classes, if they are serializable. Each individual class in the inheritance chain needs an own serialVersionUID field. See also Should an abstract class have a serialVersionUID. This change might lead to additional violations in existing code bases.
PLSQL
The grammar for PLSQL has been revamped in order to fully parse SELECT INTO
, UPDATE
, and DELETE
statements. Previously such statements have been simply skipped ahead, now PMD is parsing them, giving access
to the individual parts of a SELECT-statement, such as the Where-Clause. This might produce new parsing errors
where PMD previously could successfully parse PLSQL code. If this happens, please report a new issue to get this problem fixed.
Fixed Issues
- apex-bestpractices
- #1348: [apex] AvoidGlobalModifierRule gives warning even when its a webservice - false positive
- java-codestyle
- java-errorprone
- java-performance
- #1325: [java] False positive in ConsecutiveLiteralAppends
- plsql
- #1279: [plsql] Support for SELECT INTO
API Changes
-
A couple of methods and fields in
net.sourceforge.pmd.properties.AbstractPropertySource
have been deprecated, as they are replaced by already existing functionality or expose internal implementation details:propertyDescriptors
,propertyValuesByDescriptor
,copyPropertyDescriptors()
,copyPropertyValues()
,ignoredProperties()
,usesDefaultValues()
,useDefaultValueFor()
. -
Some methods in
net.sourceforge.pmd.properties.PropertySource
have been deprecated as well:usesDefaultValues()
,useDefaultValueFor()
,ignoredProperties()
. -
The class
net.sourceforge.pmd.lang.rule.AbstractDelegateRule
has been deprecated and will be removed with PMD 7.0.0. It is internally only in use by RuleReference. -
The default constructor of
net.sourceforge.pmd.lang.rule.RuleReference
has been deprecated and will be removed with PMD 7.0.0. RuleReferences should only be created by providing a Rule and a RuleSetReference. Furthermore the following methods are deprecated:setRuleReference()
,hasOverriddenProperty()
,usesDefaultValues()
,useDefaultValueFor()
.
External Contributions
- #1309: [core] [CPD] Decouple Antlr Tokenizer implementation from any CPD language supported with Antlr - Matías Fraga
- #1314: [apex] Add validation of ApexDoc comments - Jeff Hube
- #1339: [ci] Improve danger message - BBG
- #1340: [java] Derive correct classname for non-public non-classes - kris-scheibe
- #1357: [doc] Improve Codacy description - Daniel Reigada
02-September-2018 - 6.7.0
The PMD team is pleased to announce PMD 6.7.0.
This is a minor release.
Table Of Contents
New and noteworthy
Modified Rules
- The Java rule
OneDeclarationPerLine
(java-bestpractices
) has been revamped to consider not only local variable declarations, but field declarations too.
New Rules
-
The new Java rule
LinguisticNaming
(java-codestyle
) detects cases, when a method name indicates it returns a boolean (such asisSmall()
) but it doesn’t. Besides method names, the rule also checks field and variable names. It also checks, that getters return something but setters won’t. The rule has several properties with which it can be customized. -
The new PL/SQL rule
ForLoopNaming
(plsql-codestyle
) enforces a naming convention for “for loops”. Both “cursor for loops” and “index for loops” are covered. The rule can be customized via patterns. By default, short variable names are reported. -
The new Java rule
FieldNamingConventions
(java-codestyle
) detects field names that don’t comply to a given convention. It defaults to standard Java convention of using camelCase, but can be configured with ease for e.g. constants or static fields. -
The new Apex rule
OneDeclarationPerLine
(apex-codestyle
) enforces declaring a single field / variable per line; or per statement if thestrictMode
property is set. It’s an Apex equivalent of the already existing Java rule of the same name.
Deprecated Rules
- The Java rules
VariableNamingConventions
(java-codestyle),MIsLeadingVariableName
(java-codestyle),SuspiciousConstantFieldName
(java-codestyle), andAvoidPrefixingMethodParameters
(java-codestyle) are now deprecated, and will be removed with version 7.0.0. They are replaced by the more generalFieldNamingConventions
,FormalParameterNamingConventions
, andLocalVariableNamingConventions
.
Fixed Issues
- core
- #1191: [core] Test Framework: Sort violations by line/column
- #1283: [core] Deprecate ReportTree
- #1288: [core] No supported build listeners found with Gradle
- #1300: [core] PMD stops processing file completely, if one rule in a rule chain fails
- #1317: [ci] Coveralls hasn’t built the project since June 25th
- java-bestpractices
- java-codestyle
- java-errorprone
- #1078: [java] MissingSerialVersionUID rule does not seem to catch inherited classes
- java-performance
- jsp
- plsql
- #681: [plsql] Parse error with Cursor For Loop
API Changes
-
All classes in the package
net.sourceforge.pmd.lang.dfa.report
have been deprecated and will be removed with PMD 7.0.0. This includes the classnet.sourceforge.pmd.lang.dfa.report.ReportTree
. The reason is, that this class is very specific to Java and not suitable for other languages. It has only been used forYAHTMLRenderer
, which has been rewritten to work without these classes. -
The nodes RUNSIGNEDSHIFT and RSIGNEDSHIFT are deprecated and will be removed from the AST with PMD 7.0.0. These represented the operator of ShiftExpression in two cases out of three, but they’re not needed and make ShiftExpression inconsistent. The operator of a ShiftExpression is now accessible through ShiftExpression#getOperator.
External Contributions
- #109: [java] Add two linguistics rules under naming - Arda Aslan
- #1254: [ci] [GSoC] Integrating the danger and pmdtester to travis CI - BBG
- #1258: [java] Use typeof in MissingSerialVersionUID - krichter722
- #1264: [cpp] Fix NullPointerException in CPPTokenizer:99 - Rafael Cortês
- #1277: [jsp] #1276 add support for jspf and tag extensions - Jordi Llach
- #1275: [jsp] Issue #1274 - Support EL in tag attributes - Jordi Llach
- #1278: [ci] [GSoC] Use pmdtester 1.0.0.pre.beta3 - BBG
- #1289: [java] UselessParentheses: Fix false positive with assignments - cobratbq
- #1290: [docs] [GSoC] Create the documentation about pmdtester - BBG
- #1256: [java] #940 Avoid JUnit 4 false positives for JUnit 5 tests - Alex Shesterov
- #1315: [apex] Add OneDeclarationPerStatement rule - Jeff Hube
29-July-2018 - 6.6.0
The PMD team is pleased to announce PMD 6.6.0.
This is a minor release.
Table Of Contents
New and noteworthy
Java 11 Support
PMD is now able to parse the local-variable declaration syntax var xxx
, that has been
extended for lambda parameters with Java 11 via
JEP 323: Local-Variable Syntax for Lambda Parameters.
New Rules
-
The new Java rule
LocalVariableNamingConventions
(java-codestyle
) detects local variable names that don’t comply to a given convention. It defaults to standard Java convention of using camelCase, but can be configured. Special cases can be configured for final variables and caught exceptions’ names. -
The new Java rule
FormalParameterNamingConventions
(java-codestyle
) detects formal parameter names that don’t comply to a given convention. It defaults to standard Java convention of using camelCase, but can be configured. Special cases can be configured for final parameters and lambda parameters (considering whether they are explicitly typed or not).
Modified Rules
- The Java rules
AccessorClassGeneration
andAccessorMethodGeneration
(both in categoryjava-bestpractices
) have been modified to be only valid up until Java 10. Java 11 adds support for JEP 181: Nest-Based Access Control which avoids the generation of accessor classes / methods altogether.
Fixed Issues
- core
- doc
- #1215: [doc] TOC links don’t work?
- java-codestyle
- java-design
- plsql
- ui
- #1233: [ui] XPath autocomplete arrows on first and last items
API Changes
- The
findDescendantsOfType
methods innet.sourceforge.pmd.lang.ast.AbstractNode
no longer search for exact type matches, but will match subclasses, too. That means, it’s now possible to look for abstract node types such asAbstractJavaTypeNode
and not only for it’s concrete subtypes.
External Contributions
- #1182: [ui] XPath AutoComplete - Akshat Bahety
- #1231: [doc] Minor typo fix in installation.md - Ashish Rana
- #1250: [ci] [GSoC] Upload baseline of pmdtester automatically - BBG
26-June-2018 - 6.5.0
The PMD team is pleased to announce PMD 6.5.0.
This is a minor release.
Table Of Contents
New and noteworthy
New Rules
- The new Apex rule
AvoidNonExistentAnnotations
(apex-errorprone
) detects usages non-officially supported annotations. Apex supported non existent annotations for legacy reasons. In the future, use of such non-existent annotations could result in broken Apex code that will not compile. A full list of supported annotations can be found here
Modified Rules
- The Java rule UnnecessaryModifier (
java-codestyle
) now detects enum constrcutors with explicitprivate
modifier. The rule now produces better error messages letting you know exactly which modifiers are redundant at each declaration.
Fixed Issues
- all
- ecmascript
- #861: [ecmascript] InnaccurateNumericLiteral false positive with hex literals
- java
- java-bestpractices
- java-codestyle
- java-design
- #1200: [java] New default NcssCount method report level is drastically reduced from values of deprecated NcssMethodCount and NcssTypeCount
- xml
- #715: [xml] ProjectVersionAsDependencyVersion false positive
API Changes
-
The utility class
net.sourceforge.pmd.lang.java.ast.CommentUtil
has been deprecated and will be removed with PMD 7.0.0. Its methods have been intended to parse javadoc tags. A more useful solution will be added around the AST nodeFormalComment
, which contains as childrenJavadocElement
nodes, which in turn provide access to theJavadocTag
.All comment AST nodes (
FormalComment
,MultiLineComment
,SingleLineComment
) have a new methodgetFilteredComment()
which provide access to the comment text without the leading/*
markers. -
The method
AbstractCommentRule.tagsIndicesIn()
has been deprecated and will be removed with PMD 7.0.0. It is not very useful, since it doesn’t extract the information in a useful way. You would still need check, which tags have been found, and with which data they might be accompanied.
External Contributions
- #836: [apex] Add a rule to prevent use of non-existent annotations - anand13s
- #1159: [ui] Allow to setup the auxclasspath in the designer - Akshat Bahety
- #1169: [core] Update stylesheets with a default namespace - Matthew Duggan
- #1183: [java] fixed typos in rule remediation - Jake Hemmerle
- #1206: [java] Recommend StringBuilder next to StringBuffer - krichter722
29-May-2018 - 6.4.0
The PMD team is pleased to announce PMD 6.4.0.
This is a minor release.
Table Of Contents
New and noteworthy
Java 10 Support
PMD is now able to understand local-variable type inference as introduced by Java 10.
Simple type resolution features are available, e.g. the type of the variable s
is inferred
correctly as String
:
var s = "Java 10";
XPath Type Resolution Functions
For some time now PMD has supported Type Resolution, and exposed this functionality to XPath rules for the Java language
with the typeof
function. This function however had a number of shortcomings:
- It would take a first arg with the name to match if types couldn’t be resolved. In all cases this was
@Image
but was still required. - It required 2 separate arguments for the Fully Qualified Class Name and the simple name of the class against which to test.
- If only the Fully Qualified Class Name was provided, no simple name check was performed (not documented, but abused on some rules to “fix” some false positives).
In this release we are deprecating typeof
in favor of a simpler typeIs
function, which behaves exactly as the
old typeof
when given all 3 arguments.
typeIs
receives a single parameter, which is the fully qualified name of the class to test against.
So, calls such as:
//ClassOrInterfaceType[typeof(@Image, 'junit.framework.TestCase', 'TestCase')]
can now we expressed much more concisely as:
//ClassOrInterfaceType[typeIs('junit.framework.TestCase')]
With this change, we also allow to check against array types by just appending []
to the fully qualified class name.
These can be repeated for arrays of arrays (e.g. byte[][]
or java.lang.String[]
).
Additionally, we introduce the companion function typeIsExactly
, that receives the same parameters as typeIs
,
but checks for exact type matches, without considering the type hierarchy. That is, the test
typeIsExactly('junit.framework.TestCase')
will match only if the context node is an instance of TestCase
, but
not if it’s an instance of a subclass of TestCase
. Be aware then, that using that method with abstract types will
never match.
New Rules
-
The new Java rule
HardCodedCryptoKey
(java-security
) detects hard coded keys used for encryption. It is recommended to store keys outside of the source code. -
The new Java rule
IdenticalCatchBranches
(java-codestyle
) finds catch blocks, that catch different exception but perform the same exception handling and thus can be collapsed into a multi-catch try statement.
Modified Rules
-
The Java rule JUnit4TestShouldUseTestAnnotation (
java-bestpractices
) has a new parameter “testClassPattern”. It is used to distinguish test classes from other classes and avoid false positives. By default, any class, that has “Test” in its name, is considered a test class. -
The Java rule CommentDefaultAccessModifier (
java-codestyle
) allows now by default the comment “/* package */
in addition to “/* default */
. This behavior can still be adjusted by setting the propertyregex
.
Fixed Issues
- all
- java
- #672: [java] Support exact type matches for type resolution from XPath
- #743: [java] Prepare for Java 10
- #1077: [java] Analyzing enum with lambda passed in constructor fails with “The enclosing scope must exist.”
- #1115: [java] Simplify xpath typeof syntax
- #1131: [java] java.lang.ClassFormatError: Absent Code attribute in method that is not native or abstract in class file javax/faces/application/FacesMessage$Severity
- java-bestpractices
- java-codestyle
- #720: [java] ShortVariable should whitelist lambdas
- #955: [java] Detect identical catch statements
- #1114: [java] Star import overwritten by explicit import is not correctly handled
- #1064: [java] ClassNamingConventions suggests to add Util suffix for simple exception wrappers
- #1065: [java] ClassNamingConventions shouldn’t prohibit numbers in class names
- #1067: [java] [6.3.0] PrematureDeclaration false-positive
- #1096: [java] ClassNamingConventions is too ambitious on finding utility classes
- java-design
- java-performance
- doc
- vf-security
- #1100: [vf] URLENCODE is ignored as valid escape method
API Changes
- The following classes in package
net.sourceforge.pmd.benchmark
have been deprecated:Benchmark
,Benchmarker
,BenchmarkReport
,BenchmarkResult
,RuleDuration
,StringBuilderCR
andTextReport
. Their API is not supported anymore and is disconnected from the internals of PMD. Use the newer API based aroundTimeTracker
instead, which can be found in the same package. - The class
net.sourceforge.pmd.lang.java.xpath.TypeOfFunction
has been deprecated. Use the newerTypeIsFunction
in the same package. - The
typeof
methdos innet.sourceforge.pmd.lang.java.xpath.JavaFunctions
have been deprecated. Use the newertypeIs
method in the same class instead.. - The methods
isA
,isEither
andisNeither
ofnet.sourceforge.pmd.lang.java.typeresolution.TypeHelper
. Use the newisExactlyAny
andisExactlyNone
methods in the same class instead.
External Contributions
- #966: [java] Issue #955: add new rule to detect identical catch statement - Clément Fournier and BBG
- #1046: [java] New security rule for finding hard-coded keys used for cryptographic operations - Sergey Gorbaty
- #1101: [java] Fixes false positive for
DoNotExtendJavaLangError
- Akshat Bahety - #1106: [vf] URLENCODE is ignored as valid escape method - Robert Sösemann
- #1126: [java] Improve implementation hint in InefficientEmptyStringCheck - krichter722
- #1129: [java] Adjust InefficientEmptyStringCheck documentation - krichter722
- #1137: [ui] Removes the need for RefreshAST - Akshat Bahety
29-April-2018 - 6.3.0
The PMD team is pleased to announce PMD 6.3.0.
This is a minor release.
Table Of Contents
New and noteworthy
Tree Traversal Revision
As described in #904, when searching for child nodes of the AST methods
such as hasDescendantOfType
, getFirstDescendantOfType
and findDescendantsOfType
were found to behave inconsistently,
not all of them honoring find boundaries; that is, nodes that define a self-contained entity which should be considered separately
(think of lambdas, nested classes, anonymous classes, etc.). We have modified these methods to ensure all of them honor
find boundaries.
This change implies several false positives / unexpected results
(ie: ASTBlockStatement
falsely returning true
to isAllocation()
)
have been fixed; and lots of searches are now restricted to smaller search areas, which improves performance
(depending on the project, we have measured up to 10% improvements during Type Resolution, Symbol Table analysis,
and some rules’ application).
Naming Rules Enhancements
-
ClassNamingConventions (
java-codestyle
) has been enhanced to allow granular configuration of naming conventions for different kinds of type declarations (eg enum or abstract class). Each kind of declaration can use its own naming convention using a regex property. See the rule’s documentation for more info about configuration and default conventions. -
MethodNamingConventions (
java-codestyle
) has been enhanced in the same way.
CPD Suppression
Back in PMD 5.6.0 we introduced the ability to suppress CPD warnings in Java using comments, by
including CPD-OFF
(to start ignoring code), or CPD-ON
(to resume analysis) during CPD execution.
This has proved to be much more flexible and versatile than the old annotation-based approach,
and has since been the preferred way to suppress CPD warnings.
On this occasion, we are extending support for comment-based suppressions to many other languages:
- C/C++
- Ecmascript / Javascript
- Matlab
- Objective-C
- PL/SQL
- Python
So for instance, in Python we could now do:
class BaseHandler(object):
def __init__(self):
# some unignored code
# tell cpd to start ignoring code - CPD-OFF
# mission critical code, manually loop unroll
GoDoSomethingAwesome(x + x / 2);
GoDoSomethingAwesome(x + x / 2);
GoDoSomethingAwesome(x + x / 2);
GoDoSomethingAwesome(x + x / 2);
GoDoSomethingAwesome(x + x / 2);
GoDoSomethingAwesome(x + x / 2);
# resume CPD analysis - CPD-ON
# further code will *not* be ignored
Other languages are equivalent.
Swift 4.1 Support
Thanks to major contributions from kenji21 the Swift grammar has been updated to support Swift 4.1. This is a major update, since the old grammar was quite dated, and we are sure all iOS developers will enjoy it.
Unfortunately, this change is not compatible. The grammar elements that have been removed (ie: the keywords __FILE__
,
__LINE__
, __COLUMN__
and __FUNCTION__
) are no longer supported. We don’t usually introduce such
drastic / breaking changes in minor releases, however, given that the whole Swift ecosystem pushes hard towards
always using the latest versions, and that Swift needs all code and libraries to be currently compiling against
the same Swift version, we felt strongly this change was both safe and necessary to be shipped as soon as possible.
We had great feedback from the community during the process but if you have a legitimate use case for older Swift
versions, please let us know on our Issue Tracker.
New Rules
- The new Java rule InsecureCryptoIv (
java-security
) detects hard coded initialization vectors used in cryptographic operations. It is recommended to use a randomly generated IV.
Modified Rules
-
The Java rule UnnecessaryConstructor (
java-codestyle
) has been rewritten as a Java rule (previously it was a XPath-based rule). It supports a new propertyignoredAnnotations
and ignores by default empty constructors, that are annotated withjavax.inject.Inject
. Additionally, it detects now also unnecessary private constructors in enums. -
The property
checkNativeMethods
of the Java rule MethodNamingConventions (java-codestyle
) is now deprecated, as it is now superseded bynativePattern
. Support for that property will be maintained until 7.0.0. -
The Java rule ControlStatementBraces (
java-codestyle
) supports a new boolean propertycheckSingleIfStmt
. When unset, the rule won’t reportif
statements which lack braces, if the statement is not part of anif ... else if
chain. This property defaults to true.
Deprecated Rules
- The Java rule AbstractNaming (
java-codestyle
) is deprecated in favour of ClassNamingConventions. See Naming rules enhancements.
Fixed Issues
- all
- apex-errorprone
- #776: [apex] AvoidHardcodingId false positives
- documentation
- java
- #894: [java] Maven PMD plugin fails to process some files without any explanation
- #899: [java] JavaTypeDefinitionSimple.toString can cause NPEs
- #1020: [java] The CyclomaticComplexity rule runs forever in 6.2.0
- #1030: [java] NoClassDefFoundError when analyzing PMD with PMD
- #1061: [java] Update ASM to handle Java 10 bytecode
- java-bestpractices
- java-codestyle
- java-design
- #1056: [java] Property ignoredAnnotations does not work for SingularField and ImmutableField
- java-errorprone
- java-performance
- #586: [java] AvoidUsingShortType erroneously triggered on overrides of 3rd party methods
- swift
- #678: [swift][cpd] Exception when running for Swift 4 code (KeyPath)
External Contributions
- #778: [swift] Support Swift 4 grammar - kenji21
- #1002: [doc] Delete duplicate page contributing.md on the website - Ishan Srivastava
- #1008: [core] DOC: fix closing tag for <pmdVersion> - stonio
- #1010: [java] UnnecessaryConstructor triggered on required empty constructor (Dagger @Inject) - BBG
- #1012: [java] JUnitAssertionsShouldIncludeMessage - False positive with assertEquals and JUnit5 - BBG
- #1024: [java] Issue 558: Properlogger for enums - Utku Cuhadaroglu
- #1041: [java] Make BasicProjectMemoizer thread safe. - bergander
- #1042: [java] New security rule: report usage of hard coded IV in crypto operations - Sergey Gorbaty
- #1044: [java] Fix for issue #816 - Akshat Bahety
- #1048: [core] Make MultiThreadProcessor more space efficient - Gonzalo Exequiel Ibars Ingman
- #1062: [core] Update ASM to version 6.1.1 - Austin Shalit
26-March-2018 - 6.2.0
The PMD team is pleased to announce PMD 6.2.0.
This is a minor release.
Table Of Contents
New and noteworthy
Ecmascript (JavaScript)
The Rhino Library has been upgraded from version 1.7.7 to version 1.7.7.2.
Detailed changes for changed in Rhino can be found:
Both are bugfixing releases.
Disable Incremental Analysis
Some time ago, we added support for Incremental Analysis. On PMD 6.0.0, we started to add warns when not using it, as we strongly believe it’s a great improvement to our user’s experience as analysis time is greatly reduced; and in the future we plan to have it enabled by default. However, we realize some scenarios don’t benefit from it (ie: CI jobs), and having the warning logged can be noisy and cause confusion.
To this end, we have added a new flag to allow you to explicitly disable incremental analysis. On CLI, this is
the new -no-cache
flag. On Ant, there is a noCache
attribute for the <pmd>
task.
On both scenarios, disabling the cache takes precedence over setting a cache location.
New Rules
-
The new Java rule
MissingOverride
(categorybestpractices
) detects overridden and implemented methods, which are not marked with the@Override
annotation. Annotating overridden methods with@Override
ensures at compile time that the method really overrides one, which helps refactoring and clarifies intent. -
The new Java rule
UnnecessaryAnnotationValueElement
(categorycodestyle
) detects annotations with a single element (value
) that explicitely names it. That is, doing@SuppressWarnings(value = "unchecked")
would be flagged in favor of@SuppressWarnings("unchecked")
. -
The new Java rule
ControlStatementBraces
(categorycodestyle
) enforces the presence of braces on control statements where they are optional. Properties allow to customize which statements are required to have braces. This rule replaces the now deprecated rulesWhileLoopMustUseBraces
,ForLoopMustUseBraces
,IfStmtMustUseBraces
, andIfElseStmtMustUseBraces
. More than covering the use cases of those rules, this rule also supportsdo ... while
statements andcase
labels ofswitch
statements (disabled by default).
Modified Rules
-
The Java rule
CommentContentRule
(java-documentation
) previously had the propertywordsAreRegex
. But this property never had been implemented and is removed now. -
The Java rule
UnusedPrivateField
(java-bestpractices
) now has a newignoredAnnotations
property that allows to configure annotations that imply the field should be ignored. By default@java.lang.Deprecated
and@javafx.fxml.FXML
are ignored. -
The Java rule
UnusedPrivateMethod
(java-bestpractices
) now has a newignoredAnnotations
property that allows to configure annotations that imply the method should be ignored. By default@java.lang.Deprecated
is ignored. -
The Java rule
ImmutableField
(java-design
) now has a newignoredAnnotations
property that allows to configure annotations that imply the method should be ignored. By default severallombok
annotations are ignored -
The Java rule
SingularField
(java-design
) now has a newignoredAnnotations
property that allows to configure annotations that imply the method should be ignored. By default severallombok
annotations are ignored
Deprecated Rules
- The Java rules
WhileLoopMustUseBraces
,ForLoopMustUseBraces
,IfStmtMustUseBraces
, andIfElseStmtMustUseBraces
are deprecated. They will be replaced by the new ruleControlStatementBraces
, in the categorycodestyle
.
Fixed Issues
- all
- #928: [core] PMD build failure on Windows
- java-bestpracrtices
- java-codestyle
- java-design
- #832: [java] AvoidThrowingNullPointerException documentation suggestion
- #837: [java] CFGs of declared but not called lambdas are treated as parts of an enclosing method’s CFG
- #839: [java] SignatureDeclareThrowsException’s IgnoreJUnitCompletely property not honored for constructors
- #968: [java] UseUtilityClassRule reports false positive with lombok NoArgsConstructor
- documentation
API Changes
-
A new CLI switch,
-no-cache
, disables incremental analysis and the related suggestion. This overrides the-cache
option. The corresponding Ant task parameter isnoCache
. -
The static method
PMDParameters.transformParametersIntoConfiguration(PMDParameters)
is now deprecated, for removal in 7.0.0. The new instance methodPMDParameters.toConfiguration()
replaces it. -
The method
ASTConstructorDeclaration.getParameters()
has been deprecated in favor of the new methodgetFormalParameters()
. This method is available for bothASTConstructorDeclaration
andASTMethodDeclaration
.
External Contributions
- #941: [java] Use char notation to represent a character to improve performance - reudismam
- #943: [java] UnusedPrivateField false-positive with @FXML - BBG
- #951: [java] Add ignoredAnnotations property to unusedPrivateMethod rule - BBG
- #952: [java] SignatureDeclareThrowsException’s IgnoreJUnitCompletely property not honored for constructors - BBG
- #958: [java] Refactor how we ignore annotated elements in rules - BBG
- #965: [java] Make Varargs trigger ArrayIsStoredDirectly - Stephen
- #967: [doc] Issue 959: fixed broken link to XPath Rule Tutorial - Andrey Mochalov
- #969: [java] Issue 968 Add logic to handle lombok private constructors with utility classes - Kirk Clemens
- #970: [java] Fixed inefficient use of keySet iterator instead of entrySet iterator - Andrey Mochalov
- #984: [java] issue983 Add new UnnecessaryAnnotationValueElement rule - Kirk Clemens
- #989: [core] Update Contribute.md to close Issue #978 - Bolarinwa Saheed Olayemi
- #990: [java] Updated Doc on AvoidThrowingNullPointerException to close Issue #832 - Bolarinwa Saheed Olayemi
- #993: [core] Update writing_documentation.md to fix Issue #992 - Bolarinwa Saheed Olayemi
25-February-2018 - 6.1.0
The PMD team is pleased to announce PMD 6.1.0.
This is a minor release.
Table Of Contents
- New and noteworthy
- Fixed Issues
- API Changes * Changes to the Node interface * Changes to CPD renderers
- External Contributions
New and noteworthy
Designer UI
The Designer now supports configuring properties for XPath based rule development. The Designer is still under development and any feedback is welcome.
You can start the designer via run.sh designer
or designer.bat
.
Fixed Issues
- all
- doc
- java
- java-bestpractices
- java-design
- #855: [java] ImmutableField false-positive with lambdas
- java-documentation
- #877: [java] CommentRequired valid rule configuration causes PMD error
- java-errorprone
- #885: [java] CompareObjectsWithEqualsRule trigger by enum1 != enum2
- java-performance
- #541: [java] ConsecutiveLiteralAppends with types other than string
- scala
- #853: [scala] Upgrade scala version to support Java 9
- xml
- #739: [xml] IllegalAccessException when accessing attribute using Saxon on JRE 9
API Changes
Changes to the Node interface
The method getXPathNodeName
is added to the Node
interface, which removes the
use of the toString
of a node to get its XPath element name (see #569).
A default implementation is provided in AbstractNode
, to stay compatible
with existing implementors.
The toString
method of a Node is not changed for the time being, and still produces
the name of the XPath node. That behaviour may however change in future major releases,
e.g. to produce a more useful message for debugging.
Changes to CPD renderers
The interface net.sourceforge.pmd.cpd.Renderer
has been deprecated. A new interface net.sourceforge.pmd.cpd.renderer.CPDRenderer
has been introduced to replace it. The main difference is that the new interface is meant to render directly to a java.io.Writer
rather than to a String. This allows to greatly reduce the memory footprint of CPD, as on large projects, with many duplications,
it was causing OutOfMemoryError
s (see #795).
net.sourceforge.pmd.cpd.FileReporter
has also been deprecated as part of this change, as it’s no longer needed.
External Contributions
- #790: [java] Added some comments for JDK 9 - Tobias Weimer
- #803: [doc] Added SpotBugs as successor of FindBugs - Tobias Weimer
- #828: [core] Add operations to manipulate a document - Gonzalo Ibars Ingman
- #830: [java] UseArraysAsList: Description added - Tobias Weimer
- #845: [java] Fix false negative PreserveStackTrace on string concatenation - Alberto Fernández
- #868: [core] Improve XPath documentation && make small refactors - Gonzalo Ibars Ingman
- #875: [core] Support shortnames when using filelist - John Zhang
- #886: [java] Fix #885 - Matias Comercio
- #900: [core] Use the isEmpty method instead of comparing the value of size() to 0 - reudismam
- #914: [doc] Apex @SuppressWarnings documentation updated - Akshat Bahety
- #918: [doc] Add qa-eclipse as new tool - Akshat Bahety
- #927: [java][doc] Fix example of AbstractClassWithoutAnyMethod - Kazuma Watanabe
21-January-2018 - 6.0.1
The PMD team is pleased to announce PMD 6.0.1.
This is a bug fixing release.
Table Of Contents
- Additional information about the new introduced rule categories
- Fixed Issues
- API Changes
- External Contributions
Additional information about the new introduced rule categories
With the release of PMD 6.0.0, all rules have been sorted into one of the following eight categories:
- Best Practices: These are rules which enforce generally accepted best practices.
- Code Style: These rules enforce a specific coding style.
- Design: Rules that help you discover design issues.
- Documentation: These rules are related to code documentation.
- Error Prone: Rules to detect constructs that are either broken, extremely confusing or prone to runtime errors.
- Multithreading: These are rules that flag issues when dealing with multiple threads of execution.
- Performance: Rules that flag suboptimal code.
- Security: Rules that flag potential security flaws.
Please note, that not every category in every language may have a rule. There might be categories with no
rules at all, such as category/java/security.xml
, which has currently no rules.
There are even languages, which only have rules of one category (e.g. category/xml/errorprone.xml
).
You can find the information about available rules in the generated rule documentation, available at https://pmd.github.io/6.0.1/.
In order to help migrate to the new category scheme, the new name for the old, deprecated rule names will be logged as a warning. See PR #865. Please note, that the deprecated rule names will keep working throughout PMD 6. You can upgrade to PMD 6 without the immediate need to migrate your current ruleset. That backwards compatibility will be maintained until PMD 7.0.0 is released.
Fixed Issues
- all
- #842: [core] Use correct java bootclasspath for compiling
- apex-errorprone
- #792: [apex] AvoidDirectAccessTriggerMap incorrectly detects array access in classes
- apex-security
- #788: [apex] Method chaining breaks ApexCRUDViolation
- doc
- java
- java-bestpractices
- java-codestyle
- #817: [java] UnnecessaryModifierRule crashes on valid code
- java-design
- java-performance
- #841: [java] InsufficientStringBufferDeclaration NumberFormatException
- java-typeresolution
- #866: [java] rulesets/java/typeresolution.xml lists non-existent rules
API Changes
- The constant
net.sourceforge.pmd.PMD.VERSION
has been deprecated and will be removed with PMD 7.0.0. Please usenet.sourceforge.pmd.PMDVersion.VERSION
instead.
External Contributions
- #796: [apex] AvoidDirectAccessTriggerMap incorrectly detects array access in classes - Robert Sösemann
- #799: [apex] Method chaining breaks ApexCRUDViolation - Robert Sösemann
15-December-2017 - 6.0.0
The PMD team is pleased to announce PMD 6.0.0.
This is a major release.
Table Of Contents
New and noteworthy
New Rule Designer
Thanks to Clément Fournier, we now have a new rule designer GUI, which is based on JavaFX. It replaces the old designer and can be started via
bin/run.sh designer
(on Unix-like platform such as Linux and Mac OS X)bin\designer.bat
(on Windows)
Note: At least Java8 is required for the designer. The old designer is still available
as designerold
but will be removed with the next major release.
Java 9 support
The Java grammar has been updated to support analyzing Java 9 projects:
- private methods in interfaces are possible
- The underscore “_” is considered an invalid identifier
- Diamond operator for anonymous classes
- The module declarations in
module-info.java
can be parsed - Concise try-with-resources statements are supported
Java 9 support is enabled by default. You can switch back to an older java version
via the command line, e.g. -language java -version 1.8
.
Revamped Apex CPD
We are now using the Apex Jorje Lexer to tokenize Apex code for CPD. This change means:
- All comments are now ignored for CPD. This is consistent with how other languages such as Java and Groovy work.
- Tokenization honors the language specification, which improves accuracy.
CPD will therefore have less false positives and false negatives.
Java Type Resolution
As part of Google Summer of Code 2017, Bendegúz Nagy worked on type resolution for Java. For this release he has extended support for method calls for both instance and static methods.
Method shadowing and overloading are supported, as are varargs. However, the selection of the target method upon the presence of generics and type inference is still work in progress. Expect it in forecoming releases.
As for fields, the basic support was in place for release 5.8.0, but has now been expanded to support static fields.
Metrics Framework
As part of Google Summer of Code 2017, Clément Fournier is worked on the new metrics framework for object-oriented metrics.
There are already a couple of metrics (e.g. ATFD, WMC, Cyclo, LoC) implemented. More metrics are planned. Based on those metrics, rules like “GodClass” detection could be implemented more easily. The following rules benefit from the metrics framework: NcssCount (java), NPathComplexity (java), CyclomaticComplexity (both java and apex).
The Metrics framework has been abstracted and is available in pmd-core
for other languages. With this
PMD release, the metrics framework is supported for both Java and Apex.
Error Reporting
A number of improvements on error reporting have taken place, meaning changes to some of the report formats.
Also of note, the xml report now provides a XML Schema definition, allowing easier parsing and validation.
Processing Errors
Processing errors can now provide not only the message previously included on some reports, but also a full stacktrace. This will allow better error reports when providing feedback to the PMD team and help in debugging issues.
The report formats providing full stacktrace of errors are:
- html
- summaryhtml
- textcolor
- vbhtml
- xml
Configuration Errors
For a long time reports have been notified of configuration errors on rules, but they have remained hidden. On a push to make these more evident to users, and help them get the best results out of PMD, we have started to include them on the reports.
So far, only reports that include processing errors are showing configuration errors. In other words, the report formats providing configuration error reporting are:
- csv
- html
- summaryhtml
- text
- textcolor
- vbhtml
- xml
As we move forward we will be able to detect and report more configuration errors (ie: incomplete auxclasspath
)
and include them to such reports.
Apex Rule Suppression
Apex violations can now be suppressed very similarly to how it’s done in Java, by making use of a
@SuppressWarnings
annotation.
Supported syntax includes:
@SupressWarnings('PMD') // to supress all Apex rules
@SupressWarnings('all') // to supress all Apex rules
@SupressWarnings('PMD.ARuleName') // to supress only the rule named ARuleName
@SupressWarnings('PMD.ARuleName, PMD.AnotherRuleName') // to supress only the rule named ARuleName or AnotherRuleName
Notice this last scenario is slightly different to the Java syntax. This is due to differences in the Apex grammar for annotations.
Rule Categories
All built-in rules have been sorted into one of eight categories:
- Best Practices: These are rules which enforce generally accepted best practices.
- Code Style: These rules enforce a specific coding style.
- Design: Rules that help you discover design issues.
- Documentation: These rules are related to code documentation.
- Error Prone: Rules to detect constructs that are either broken, extremely confusing or prone to runtime errors.
- Multithreading: These are rules that flag issues when dealing with multiple threads of execution.
- Performance: Rules that flag suboptimal code.
- Security: Rules that flag potential security flaws.
These categories help you to find rules and figure out the relevance and impact for your project.
All rules have been moved accordingly, e.g. the rule “JumbledIncrementer”, which was previously defined in the
ruleset “java-basic” has now been moved to the “Error Prone” category. The new rule reference to be used is
<rule ref="category/java/errorprone.xml/JumbledIncrementer"/>
.
The old rulesets like “java-basic” are still kept for backwards-compatibility but will be removed eventually. The rule reference documentation has been updated to reflect these changes.
New Rules
-
The new Java rule
NcssCount
(categorydesign
) replaces the three rules “NcssConstructorCount”, “NcssMethodCount”, and “NcssTypeCount”. The new rule uses the metrics framework to achieve the same. It has two properties, to define the report level for method and class sizes separately. Constructors and methods are considered the same. -
The new Java rule
DoNotExtendJavaLangThrowable
(categoryerrorprone
) is a companion for thejava-strictexception.xml/DoNotExtendJavaLangError
, detecting direct extensions ofjava.lang.Throwable
. -
The new Java rule
ForLoopCanBeForeach
(categoryerrorprone
) helps to identify those for-loops that can be safely refactored into for-each-loops available since java 1.5. -
The new Java rule
AvoidFileStream
(categoryperformance
) helps to identify code relying onFileInputStream
/FileOutputStream
which, by using a finalizer, produces extra / unnecessary overhead to garbage collection, and should be replaced withFiles.newInputStream
/Files.newOutputStream
available since java 1.7. -
The new Java rule
DataClass
(categorydesign
) detects simple data-holders without behaviour. This might indicate that the behaviour is scattered elsewhere and the data class exposes the internal data structure, which breaks encapsulation. -
The new Apex rule
AvoidDirectAccessTriggerMap
(categoryerrorprone
) helps to identify direct array access to triggers, which can produce bugs by either accessing non-existing indexes, or leaving them out. You should use for-each-loops instead. -
The new Apex rule
AvoidHardcodingId
(categoryerrorprone
) detects hardcoded strings that look like identifiers and flags them. Record IDs change between environments, meaning hardcoded ids are bound to fail under a different setup. -
The new Apex rule
CyclomaticComplexity
(categorydesign
) detects overly complex classes and methods. The report threshold can be configured separately for classes and methods. - A whole bunch of new rules has been added to Apex. They all fit into the category
errorprone
. The 5 rules are migrated for Apex from the equivalent Java rules and include:EmptyCatchBlock
to detect catch blocks completely ignoring exceptions.EmptyIfStmt
for if blocks with no content, that can be safely removed.EmptyTryOrFinallyBlock
for empty try / finally blocks that can be safely removed.EmptyWhileStmt
for empty while loops that can be safely removed.EmptyStatementBlock
for empty code blocks that can be safely removed.
- The new Apex rule
AvoidSoslInLoops
(categoryperformance
) is the companion of the oldAvoidSoqlInLoops
rule, flagging SOSL (Salesforce Object Search Language) queries when within loops, to avoid governor issues, and hitting the database too often.
Modified Rules
-
The Java rule
UnnecessaryFinalModifier
(categorycodestyle
, former rulesetjava-unnecessarycode
) has been merged into the ruleUnnecessaryModifier
. As part of this, the rule has been revamped to detect more cases. It will now flag anonymous class’ methods marked as final (can’t be overridden, so it’s pointless), along with final methods overridden / defined within enum instances. It will also flagfinal
modifiers on try-with-resources. -
The Java rule
UnnecessaryParentheses
(categorycodestyle
, former rulesetjava-controversial
) has been merged intoUselessParentheses
(categorycodestyle
, former rulesetjava-unnecessary
). The rule covers all scenarios previously covered by either rule. -
The Java rule
UncommentedEmptyConstructor
(categorydocumentation
, former rulesetjava-design
) will now ignore empty constructors annotated withjavax.inject.Inject
. -
The Java rule
AbstractClassWithoutAnyMethod
(categorybestpractices
, former rulesetjava-design
) will now ignore classes annotated withcom.google.auto.value.AutoValue
. -
The Java rule
GodClass
(categorydesign', former ruleset
java-design`) has been revamped to use the new metrics framework. -
The Java rule
LooseCoupling
(categorybestpractices
, former rulesetjava-coupling
) has been replaced by the typeresolution-based implementation. -
The Java rule
CloneMethodMustImplementCloneable
(categoryerrorprone
, former rulesetjava-clone
) has been replaced by the typeresolution-based implementation and is now able to detect cases if a class implements or extends a Cloneable class/interface. -
The Java rule
UnusedImports
(categorybestpractices
, former rulesetjava-imports
) has been replaced by the typeresolution-based implementation and is now able to detect unused on-demand imports. -
The Java rule
SignatureDeclareThrowsException
(categorydesign
, former ruleset ‘java-strictexception’) has been replaced by the typeresolution-based implementation. It has a new propertyIgnoreJUnitCompletely
, which allows all methods in a JUnit testcase to throw exceptions. -
The Java rule
NPathComplexity
(categorydesign
, former rulesetjava-codesize
) has been revamped to use the new metrics framework. Its report threshold can be configured via the propertyreportLevel
, which replaces the now deprecated propertyminimum
. -
The Java rule
CyclomaticComplexity
(categorydesign
, former rulesetjava-codesize
) has been revamped to use the new metrics framework. Its report threshold can be configured via the propertiesclassReportLevel
andmethodReportLevel
separately. The old propertyreportLevel
, which configured the level for both total class and method complexity, is deprecated. - The Java rule
CommentRequired
(categorydocumentation
, former rulesetjava-comments
) has been revamped to include 2 new properties:accessorCommentRequirement
to specify documentation requirements for getters and setters (default toignored
)methodWithOverrideCommentRequirement
to specify documentation requirements for methods annotated with@Override
(default toignored
)
-
The Java rule
EmptyCatchBlock
(categoryerrorprone
, former rulesetjava-empty
) has been changed to ignore exceptions namedignore
orexpected
by default. You can still override this behaviour by setting theallowExceptionNameRegex
property. - The Java rule
OptimizableToArrayCall
(categoryperformance
, former rulesetdesign
) has been modified to fit for the current JVM implementations: It basically detects now the opposite and suggests to useCollection.toArray(new E[0])
with a zero-sized array. See Arrays of Wisdom of the Ancients.
Deprecated Rules
-
The Java rules
NcssConstructorCount
,NcssMethodCount
, andNcssTypeCount
(rulesetjava-codesize
) have been deprecated. They will be replaced by the new ruleNcssCount
in the categorydesign
. -
The Java rule
LooseCoupling
in rulesetjava-typeresolution
is deprecated. Use the rule with the same name from categorybestpractices
instead. -
The Java rule
CloneMethodMustImplementCloneable
in rulesetjava-typeresolution
is deprecated. Use the rule with the same name from categoryerrorprone
instead. -
The Java rule
UnusedImports
in rulesetjava-typeresolution
is deprecated. Use the rule with the same name from categorybestpractices
instead. -
The Java rule
SignatureDeclareThrowsException
in rulesetjava-typeresolution
is deprecated. Use the rule with the same name from categorydesign
instead. -
The Java rule
EmptyStaticInitializer
in rulesetjava-empty
is deprecated. Use the ruleEmptyInitializer
from the categoryerrorprone
, which covers both static and non-static empty initializers.` -
The Java rules
GuardDebugLogging
(rulesetjava-logging-jakarta-commons
) andGuardLogStatementJavaUtil
(rulesetjava-logging-java
) have been deprecated. Use the ruleGuardLogStatement
from the categorybestpractices
, which covers all cases regardless of the logging framework.
Removed Rules
- The deprecated Java rule
UseSingleton
has been removed from the rulesetjava-design
. The rule has been renamed long time ago toUseUtilityClass
(categorydesign
).
Java Symbol Table
A bug in symbol table prevented
the symbol table analysis to properly match primitive arrays types. The issue affected the java-unsedcode/UnusedPrivateMethod
rule, but other rules may now produce improved results as consequence of this fix.
Apex Parser Update
The Apex parser version was bumped, from 1.0-sfdc-187
to 210-SNAPSHOT
. This update let us take full advantage
of the latest improvements from Salesforce, but introduces some breaking changes:
BlockStatements
are now created for all control structures, even if no brace is used. We have therefore added ahasCurlyBrace
method to differentiate between both scenarios.- New AST node types are available. In particular
CastExpression
,ConstructorPreamble
,IllegalStoreExpression
,MethodBlockStatement
,Modifier
,MultiStatement
,NestedExpression
,NestedStoreExpression
,NewKeyValueObjectExpression
andStatementExecuted
- Some nodes have been removed. Such is the case of
TestNode
,DottedExpression
andNewNameValueObjectExpression
(replaced byNewKeyValueObjectExpression
)
All existing rules have been updated to reflect these changes. If you have custom rules, be sure to update them.
For more info about the included Apex parser, see the new pmd module “pmd-apex-jorje”, which packages and provides the parser as a binary.
Incremental Analysis
The incremental analysis feature first introduced in PMD 5.6.0 has been enhanced. A few minor issues have been fixed, and several improvements have been performed to make it more accurate.
The cache will now detect changes to the JARs referenced in the auxclasspath
instead of simply looking at their paths
and order. This means that if you are referencing a JAR you are overwriting in some way, the incremental analysis can
now detect it and invalidate it’s cache to avoid false reports.
Similarly, any changes to the execution classpath of PMD will invalidate the cache. This means that if you have custom rules packaged in a jar, any changes to it will invalidate the cache automatically.
We have also improved logging on the analysis code, allowing better insight into how the cache is performing, under debug / verbose builds you can even see individual hits / misses to the cache (and the reason for any miss!)
Finally, as this feature keeps maturing, we are gently pushing this forward. If not using incremental analysis, a warning will now be produced suggesting users to adopt it for better performance.
Rule and Report Properties
The implementation around the properties support for rule properties and report properties has been revamped
to be fully typesafe. Along with that change, the support classes have been moved into an own
package net.sourceforge.pmd.properties
. While there is no change necessary in the ruleset XML files,
when using/setting values for rules, there are adjustments necessary when declaring properties in Java-implemented
rules.
Rule properties can be declared both for Java based rules and XPath rules. This is now very well documented in Working with properties.
With PMD 6.0.0, multivalued properties are now also possible with XPath rules.
Fixed Issues
- all
- #394: [core] PMD exclude rules are failing with IllegalArgumentException with non-default minimumPriority
- #532: [core] security concerns on URL-based rulesets
- #538: [core] Provide an XML Schema for XML reports
- #600: [core] Nullpointer while creating cache File
- #604: [core] Incremental analysis should detect changes to jars in classpath
- #608: [core] Add DEBUG log when applying incremental analysis
- #618: [core] Incremental Analysis doesn’t close file correctly on Windows upon a cache hit
- #643: [core] PMD Properties (dev-properties) breaks markup on CodeClimateRenderer
- #680: [core] Isolate classloaders for runtime and auxclasspath
- #762: [core] Remove method and file property from available property descriptors for XPath rules
- #763: [core] Turn property descriptor util into an enum and enrich its interface
- apex
- #265: [apex] Make Rule suppression work
- #488: [apex] Use Apex lexer for CPD
- #489: [apex] Update Apex compiler
- #500: [apex] Running through CLI shows jorje optimization messages
- #605: [apex] java.lang.NoClassDefFoundError in the latest build
- #637: [apex] Avoid SOSL in loops
- #760: [apex] EmptyStatementBlock complains about missing rather than empty block
- #766: [apex] Replace old Jorje parser with new one
- #768: [apex] java.lang.NullPointerException from PMD
- cpp
- #448: [cpp] Write custom CharStream to handle continuation characters
- java
- #1454: [java] OptimizableToArrayCall is outdated and invalid in current JVMs
- #1513: [java] Remove deprecated rule UseSingleton
- #328: [java] java.lang.ClassFormatError: Absent Code attribute in method that is not native or abstract in class file javax/servlet/jsp/PageContext
- #487: [java] Fix typeresolution for anonymous extending object
- #496: [java] processing error on generics inherited from enclosing class
- #510: [java] Typeresolution fails on a simple primary when the source is loaded from a class literal
- #527: [java] Lombok getter annotation on enum is not recognized correctly
- #534: [java] NPE in MethodTypeResolution for static methods
- #603: [core] incremental analysis should invalidate upon Java rule plugin changes
- #650: [java] ProcesingError analyzing code under 5.8.1
- #732: [java] LinkageError with aux classpath
- java-basic
- #565: [java] False negative on DontCallThreadRun when extending Thread
- java-comments
- java-controversial
- java-design
- java-logging * #457: [java] Merge all log guarding rules * #721: [java] NPE in PMD 5.8.1 InvalidSlf4jMessageFormat
- java-sunsecure
- #468: [java] ArrayIsStoredDirectly false positive
- java-unusedcode
- #521: [java] UnusedPrivateMethod returns false positives with primitive data type in map argument
- java-unnecessarycode
API Changes
-
The class
net.sourceforge.pmd.lang.dfa.NodeType
has been converted to an enum. All node types are enum members now instead of int constants. The names for node types are retained. -
The Properties API (rule and report properties) has been revamped to be fully typesafe. This is everything around
net.sourceforge.pmd.properties.PropertyDescriptor
.Note: All classes related to properties have been moved into the package
net.sourceforge.pmd.properties
. -
The rule classes
net.sourceforge.pmd.lang.apex.rule.apexunit.ApexUnitTestClassShouldHaveAsserts
andnet.sourceforge.pmd.lang.apex.rule.apexunit.ApexUnitTestShouldNotUseSeeAllDataTrue
have been renamed toApexUnitTestClassShouldHaveAssertsRule
andApexUnitTestShouldNotUseSeeAllDataTrueRule
, respectively. This is to comply with the naming convention, that each rule class should be suffixed with “Rule”.This change has no impact on custom rulesets, since the rule names themselves didn’t change.
-
The never implemented method
PMD.processFiles(PMDConfiguration, RuleSetFactory, Collection<File>, RuleContext, ProgressMonitor)
along with the interfaceProgressMonitor
has been removed. -
The method
PMD.setupReport(RuleSets, RuleContext, String)
is gone. It was used to report dysfunctional rules. But PMD does this now automatically before processing the files, so there is no need for this method anymore. - All APIs deprecated in older versions are now removed. This includes:
Renderer.getPropertyDefinitions
AbstractRenderer.defineProperty(String, String)
AbstractRenderer.propertyDefinitions
ReportListener
Report.addListener(ReportListener)
SynchronizedReportListener
CPDConfiguration.CPDConfiguration(int, Language, String)
CPDConfiguration.getRendererFromString(String)
StreamUtil
StringUtil.appendXmlEscaped(StringBuilder, String)
StringUtil.htmlEncode(String)
- Several methods in
net.sourceforge.pmd.util.CollectionUtil
have been deprecated and will be removed in PMD 7.0.0. In particular:CollectionUtil.addWithoutDuplicates(T[], T)
CollectionUtil.addWithoutDuplicates(T[], T[])
CollectionUtil.areSemanticEquals(T[], T[])
CollectionUtil.areEqual(Object, Object)
CollectionUtil.arraysAreEqual(Object, Object)
CollectionUtil.valuesAreTransitivelyEqual(Object[], Object[])
- Several methods in
net.sourceforge.pmd.util.StringUtil
have been deprecated and will be removed in PMD 7.0.0. In particular:StringUtil.startsWithAny(String, String[])
StringUtil.isNotEmpty(String)
StringUtil.isEmpty(String)
StringUtil.isMissing(String)
StringUtil.areSemanticEquals(String, String)
StringUtil.replaceString(String, String, String)
StringUtil.replaceString(String, char, String)
StringUtil.substringsOf(String, char)
StringUtil.substringsOf(String, String)
StringUtil.asStringOn(StringBuffer, Iterator, String)
StringUtil.asStringOn(StringBuilder, Object[], String)
StringUtil.lpad(String, int)
-
The class
net.sourceforge.pmd.lang.java.typeresolution.typedefinition.JavaTypeDefinition
is now abstract, and has been enhanced to provide several new methods. -
The constructor of
net.sourceforge.pmd.RuleSetFactory
, which took aClassLoader
is deprecated. Please use the alternative constructor with thenet.sourceforge.pmd.util.ResourceLoader
instead. - The following GUI related classes have been deprecated and will be removed in PMD 7.0.0.
The tool “bgastviewer”, that could be started via the script
bgastviewer.bat
orrun.sh bgastviewer
is deprecated, too, and will be removed in PMD 7.0.0. Both the “old designer” and “bgastviewer” are replaced by the New Rule Designer.net.sourceforge.pmd.util.designer.CodeEditorTextPane
net.sourceforge.pmd.util.designer.CreateXMLRulePanel
net.sourceforge.pmd.util.designer.Designer
net.sourceforge.pmd.util.designer.DFAPanel
net.sourceforge.pmd.util.designer.LineGetter
net.sourceforge.pmd.util.viewer.Viewer
net.sourceforge.pmd.util.viewer.gui.ActionCommands
net.sourceforge.pmd.util.viewer.gui.ASTPanel
net.sourceforge.pmd.util.viewer.gui.EvaluationResultsPanel
net.sourceforge.pmd.util.viewer.gui.MainFrame
net.sourceforge.pmd.util.viewer.gui.ParseExceptionHandler
net.sourceforge.pmd.util.viewer.gui.SourceCodePanel
net.sourceforge.pmd.util.viewer.gui.XPathPanel
net.sourceforge.pmd.util.viewer.gui.menu.ASTNodePopupMenu
net.sourceforge.pmd.util.viewer.gui.menu.AttributesSubMenu
net.sourceforge.pmd.util.viewer.gui.menu.SimpleNodeSubMenu
net.sourceforge.pmd.util.viewer.gui.menu.XPathFragmentAddingItem
net.sourceforge.pmd.util.viewer.model.ASTModel
net.sourceforge.pmd.util.viewer.model.AttributeToolkit
net.sourceforge.pmd.util.viewer.model.SimpleNodeTreeNodeAdapter
net.sourceforge.pmd.util.viewer.model.ViewerModel
net.sourceforge.pmd.util.viewer.model.ViewerModelEvent
net.sourceforge.pmd.util.viewer.model.ViewerModelListener
net.sourceforge.pmd.util.viewer.util.NLS
- The following methods in
net.sourceforge.pmd.Rule
have been deprecated and will be removed in PMD 7.0.0. All methods are replaced by their bean-like counterpartsvoid setUsesDFA()
. Usevoid setDfa(boolean)
instead.boolean usesDFA()
. Useboolean isDfa()
instead.void setUsesTypeResolution()
. Usevoid setTypeResolution(boolean)
instead.boolean usesTypeResolution()
. Useboolean isTypeResolution()
instead.void setUsesMultifile()
. Usevoid setMultifile(boolean)
instead.boolean usesMultifile()
. Useboolean isMultifile()
instead.boolean usesRuleChain()
. Useboolean isRuleChain()
instead.
External Contributions
- #287: [apex] Make Rule suppression work - Robert Sösemann
- #420: [java] Fix UR anomaly in assert statements - Clément Fournier
- #482: [java] Metrics testing framework + improved capabilities for metrics - Clément Fournier
- #484: [core] Changed linux usage to a more unix like path - patriksevallius
- #486: [java] Add basic method typeresolution - Bendegúz Nagy
- #492: [java] Typeresolution for overloaded methods - Bendegúz Nagy
- #495: [core] Custom rule reinitialization code - Clément Fournier
- #479: [core] Typesafe and immutable properties - Clément Fournier
- #499: [java] Metrics memoization tests - Clément Fournier
- #501: [java] Add support for most specific vararg method type resolution - Bendegúz Nagy
- #502: [java] Add support for static field type resolution - Bendegúz Nagy
- #505: [java] Followup on metrics - Clément Fournier
- #506: [java] Add reduction rules to type inference - Bendegúz Nagy
- #511: [core] Prepare abstraction of the metrics framework - Clément Fournier
- #512: [java] Add incorporation to type inference - Bendegúz Nagy
- #513: [java] Fix for maximally specific method selection - Bendegúz Nagy
- #514: [java] Add static method type resolution - Bendegúz Nagy
- #517: [doc] Metrics documentation - Clément Fournier
- #518: [core] Properties refactoring: factorized enumerated property - Clément Fournier
- #523: [java] Npath complexity metric and rule - Clément Fournier
- #524: [java] Add support for explicit type arguments with method invocation - Bendegúz Nagy
- #525: [core] Fix line ending and not ignored files issues - Matias Comercio
- #528: [core] Fix typo - Ayoub Kaanich
- #529: [java] Abstracted the Java metrics framework - Clément Fournier
- #530: [java] Fix issue #527: Lombok getter annotation on enum is not recognized correctly - Clément Fournier
- #533: [core] improve error message - Dennis Kieselhorst
- #535: [apex] Fix broken Apex visitor adapter - Clément Fournier
- #542: [java] Metrics abstraction - Clément Fournier
- #545: [apex] Apex metrics framework - Clément Fournier
- #548: [java] Metrics documentation - Clément Fournier
- #550: [java] Add basic resolution to type inference - Bendegúz Nagy
- #553: [java] Refactored ParserTst into a static utility class + add getSourceFromClass - Clément Fournier
- #554: [java] Fix #537: UnnecessaryParentheses fails to detect obvious scenario - Clément Fournier
- #555: [java] Changed metrics/CyclomaticComplexityRule to use WMC when reporting classes - Clément Fournier
- #556: [java] Fix #357: UncommentedEmptyConstructor consider annotations on Constructor - Clément Fournier
- #557: [java] Fix NPath metric not counting ternaries correctly - Clément Fournier
- #563: [java] Add support for basic method type inference for strict invocation - Bendegúz Nagy
- #566: [java] New rule in migrating ruleset: ForLoopCanBeForeach - Clément Fournier
- #567: [java] Last API change for metrics (metric options) - Clément Fournier
- #570: [java] Model lower, upper and intersection types - Bendegúz Nagy
- #573: [java] Data class rule - Clément Fournier
- #576: [doc][java] Add hint for Guava users in InefficientEmptyStringCheck - mmoehring
- #578: [java] Refactored god class rule - Clément Fournier
- #579: [java] Update parsing to produce upper and lower bounds - Bendegúz Nagy
- #580: [core] Add AbstractMetric to topple the class hierarchy of metrics - Clément Fournier
- #581: [java] Relax AbstractClassWithoutAnyMethod when class is annotated by @AutoValue - Niklas Baudy
- #583: [java] Documentation about writing metrics - Clément Fournier
- #585: [java] Moved NcssCountRule to codesize.xml - Clément Fournier
- #587: [core] Properties refactoring: Move static constants of ValueParser to class ValueParserConstants - Clément Fournier
- #588: [java] XPath function to compute metrics - Clément Fournier
- #598: [java] Fix #388: controversial.AvoidLiteralsInIfCondition 0.0 false positive - Clément Fournier
- #602: [java] [apex] Separate multifile analysis from metrics - Clément Fournier
- #620: [core] Moved properties to n.s.pmd.properties - Clément Fournier
- #625: [apex] empty code ruleset for apex - Jan Aertgeerts
- #632: [apex] Add AvoidDirectAccessTriggerMap rule to the style set - Jan Aertgeerts
- #644: [core] Prevent internal dev-properties from being displayed on CodeClimate renderer - Filipe Esperandio
- #660: [apex] avoid sosl in loops - Jan Aertgeerts
- #661: [apex] avoid hardcoding id’s - Jan Aertgeerts
- #666: [java] Add DoNotExtendJavaLangThrowable rule - Robert Painsi
- #668: [core] Fix javadoc warnings on pmd-core - Clément Fournier
- #669: [core] Builder pattern for properties - Clément Fournier
- #675: [java] Fix in Java grammar: Try with final resource node error - Gonzalo Ibars Ingman
- #679: [core] Token scheme generalization - Gonzalo Ibars Ingman
- #694: [core] Add minor fixes to root pom - Matias Comercio
- #696: [core] Add remove operation over nodes - Matias Comercio
- #711: [ui] New rule designer - Clément Fournier
- #722: [java] Move NPathComplexity from metrics to design - Clément Fournier
- #723: [core] Rule factory refactoring - Clément Fournier
- #726: [java] Fix issue #721 (NPE in InvalidSlf4jMessageFormat) - Clément Fournier
- #727: [core] Fix #725: numeric property descriptors now check their default value - Clément Fournier
- #733: [java] Some improvements to CommentRequired - Clément Fournier
- #734: [java] Move CyclomaticComplexity from metrics to design - Clément Fournier
- #736: [core] Make Saxon support multi valued XPath properties - Clément Fournier
- #737: [doc] Fix NPathComplexity documentation bad rendering - Clément Fournier
- #744: [doc] Added Apex to supported languages - Michał Kuliński
- #746: [doc] Fix typo in incremental analysis log message - Clément Fournier
- #749: [doc] Update the documentation for properties - Clément Fournier
- #758: [core] Expose the full mapping from property type id to property extractor - Clément Fournier
- #764: [core] Prevent method and file property use in XPath rules - Clément Fournier
- #771: [apex] Fix Apex metrics framework failing on triggers, refs #768 - Clément Fournier
- #774: [java] Avoid using FileInput/Output - see JDK-8080225 - Chas Honton
01-July-2017 - 5.8.1
The PMD team is pleased to announce PMD 5.8.1.
This is a bug fixing release.
Fixed Issues
- java
API Changes
- The
getGenericArgs()
method introduced toTypeNode
in 5.8.0 was removed. You can access to generics’ info through theJavaTypeDefinition
object. - The
JavaTypeDefinitionBuilder
class introduced in 5.8.0 is not more. You can use factory methods available onJavaTypeDefinition
External Contributions
- #472: [java] fix error with raw types, bug #471
24-June-2017 - 5.8.0
The PMD team is pleased to announce PMD 5.8.0.
This is a minor release.
New and noteworthy
Java Type Resolution
As part of Google Summer of Code 2017, Bendegúz Nagy has been working on completing type resolution for Java. His progress so far has allowed to properly resolve, in addition to previously supported statements:
- References to
this
andsuper
, even when qualified - References to fields, even when chained (ie:
this.myObject.aField
), and properly handling inheritance / shadowing
Lambda parameter types where these are infered rather than explicit are still not supported. Expect future releases to do so.
Metrics Framework
As part of Google Summer of Code 2017, Clément Fournier has been working on a new metrics framework for object-oriented metrics.
The basic groundwork has been done already and with this release, including a first rule based on the metrics framework as a proof-of-concept: The rule CyclomaticComplexity, currently in the temporary ruleset java-metrics, uses the Cyclomatic Complexity metric to find overly complex code. This rule will eventually replace the existing three CyclomaticComplexity rules that are currently defined in the java-codesize ruleset (see also issue #445).
Since this work is still in progress, the metrics API (package net.sourceforge.pmd.lang.java.oom
)
is not finalized yet and is expected to change.
Modified Rules
-
The Java rule
UnnecessaryFinalModifier
(ruleset java-unnecessary) now also reports on private methods marked asfinal
. Being private, such methods can’t be overriden, and therefore, the final keyword is redundant. -
The Java rule
PreserveStackTrace
(ruleset java-design) has been relaxed to support the builder pattern on thrown exception. This change may introduce some false positives if using the exception in non-orthodox ways for things other than setting the root cause of the exception. Contact us if you find any such scenarios. -
The ruleset java-junit now properly detects JUnit5, and rules are being adapted to the changes on it’s API. This support is, however, still incomplete. Let us know of any uses we are still missing on the issue tracker
-
The Java rule
EmptyTryBlock
(ruleset java-empty) now allows empty blocks when using try-with-resources. -
The Java rule
EmptyCatchBlock
(ruleset java-empty) now exposes a new property calledallowExceptionNameRegex
. This allow to setup a regular expression for names of exceptions you wish to ignore for this rule. For instance, setting it to^(ignored|expected)$
would ignore all empty catch blocks where the catched exception is named eitherignored
orexpected
. The default ignores no exceptions, being backwards compatible.
Deprecated Rules
- The three complexity rules
CyclomaticComplexity
,StdCyclomaticComplexity
,ModifiedCyclomaticComplexity
(ruleset java-codesize) have been deprecated. They will be eventually replaced by a new CyclomaticComplexity rule based on the metrics framework. See also issue #445.
Fixed Issues
- General
- apex
- #427: [apex] CPD error when parsing apex code from release 5.5.3
- cpp
- #431: [cpp] CPD gives wrong duplication blocks for CPP code
- java
- java-design
- java-empty
- java-imports:
- #348: [java] imports/UnusedImport rule not considering static inner classes of imports
- java-junit
- java-logging:
- #365: [java] InvalidSlf4jMessageFormat does not handle inline incrementation of arguments
- java-strictexceptions
- #350: [java] Throwing Exception in method signature is fine if the method is overriding or implementing something
- java-typeresolution
- #350: [java] Throwing Exception in method signature is fine if the method is overriding or implementing something
- java-unnecessary
- #421: [java] UnnecessaryFinalModifier final in private method
- jsp
- #311: [jsp] Parse error on HTML boolean attribute
External Contributions
- #406: [java] False positive with lambda in java-design/ConstructorCallsOverridableMethod
- #409: [java] Groundwork for the upcoming metrics framework
- #416: [java] FIXED: Java 8 parsing problem with annotations for wildcards
- #418: [java] Type resolution: super and this keywords
- #423: [java] Add field access type resolution in non-generic cases
- #425: [java] False positive with builder pattern in java-design/PreserveStackTrace
- #426: [java] UnnecessaryFinalModifier final in private method
- #436: [java] Metrics framework tests and various improvements
- #440: [core] Created ruleset schema 3.0.0 (to use metrics)
- #443: [java] Optimize typeresolution, by skipping package and import declarations in visit(ASTName)
- #444: [java] [typeresolution]: add support for generic fields
- #451: [java] Metrics framework: first metrics + first rule
20-Mai-2017 - 5.7.0
The PMD team is pleased to announce PMD 5.7.0.
This is a minor release.
New and noteworthy
Modified Rules
-
The rule “FieldDeclarationsShouldBeAtStartOfClass” of the java-design ruleset has a new property
ignoreInterfaceDeclarations
. Setting this property totrue
ignores interface declarations, that precede fields. Example usage:
Renderers
- Added the ‘empty’ renderer which will write nothing. Does not affect other behaviors, for example the command line PMD exit status will still indicate whether violations were found.
Fixed Issues
- General
- java
- #378: [java] Parser Error for empty statements
- java-coupling
- #1427: [java] Law of Demeter violations for the Builder pattern
- java-design
- java-junit
- #358: [java] Mockito verify method is not taken into account in JUnitTestsShouldIncludeAssert rule
- java-strings
- #334: [java] [doc] Add suggestion to use StringUtils#isBlank for InefficientEmptyStringCheck
- jsp-basic
- #369: [jsp] Wrong issue “JSP file should use UTF-8 encoding”
API Changes
- The method
net.sourceforge.pmd.util.StringUtil#htmlEncode(String)
is deprecated.org.apache.commons.lang3.StringEscapeUtils#escapeHtml4(String)
should be used instead.
External Contributions
- #368: [vf] Adding proper AST support for negation expressions
- #372: [core] Fix XSS in HTML renderer
- #374: [java] Add property to ignore interfaces in FieldDeclarationsShouldBeAtStartOfClassRule
- #381: [core] Fix broken link in the site’s doc
- #382: [java] Added documentation details on InefficientEmptyStringCheck
- #383: [jsp] Fixed JspEncoding false positive
- #390: [java] Remove trailing whitespaces in design.xml
- #391: [apex] Fix documentation typo
- #392: [java] False positive for Law Of Demeter (Builder pattern)
- #395: [java] Mockito verify method is not taken into account in JUnitTestsShouldIncludeAssert rule
29-April-2017 - 5.6.1
The PMD team is pleased to announce PMD 5.6.1.
This is a bug fixing release.
Fixed Issues
- General
22-April-2017 - 5.6.0
The PMD team is pleased to announce PMD 5.6.0.
The most significant changes are on analysis performance, support for Salesforce’s Visualforce language a whole new Apex Security Rule Set and the new Braces Rule Set for Apex.
We have added initial support for incremental analysis. The experimental feature allows PMD to cache analysis results between executions to speed up the analysis for all languages. New CLI flags and Ant options are available to configure it. Currently the feature is disabled by default, but this may change as it matures.
Multithread performance has been enhanced by reducing thread-contention on a bunch of areas. This is still an area of work, as the speedup of running multithreaded analysis is still relatively small (4 threads produce less than a 50% speedup). Future releases will keep improving on this area.
Once again, Symbol Table has been an area of great performance improvements. This time we were able to further improve it’s performance by roughly 10% on all supported languages. In Java in particular, several more improvements were possible, improving Symbol Table performance by a whooping 80%, that’s over 15X faster than PMD 5.5.1, when we first started working on it.
Java developers will also appreciate the revamp of CloneMethodMustImplementCloneable
,
making it over 500X faster, and PreserveStackTrace
which is now 7X faster.
New and noteworthy
Incremental Analysis
PMD now supports incremental analysis. Analysis results can be cached and reused between runs. This allows PMD to skip files without violations that have remained unchanged. In future releases, we plan to extend this behavior to unchanged files with violations too.
The cache is automatically invalidated if:
- the used PMD version changes
- the
auxclasspath
changed and any rules require type resolution - the configured rule set has changed
This feature is incubating and is disabled by default. It’s only enabled if you specifically configure a cache file.
To configure the cache file from CLI, a new -cache <path/to/file>
flag has been added.
For Ant, a new cacheLocation
attribute has been added. For instance:
<target name="pmd">
<taskdef name="pmd" classname="net.sourceforge.pmd.ant.PMDTask"/>
<pmd cacheLocation="build/pmd/pmd.cache">
<ruleset>rulesets/java/design.xml</ruleset>
<ruleset>java-basic</ruleset>
<formatter type="xml" toFile="c:\pmd_report.xml"/>
<fileset dir="/usr/local/j2sdk1.4.1_01/src/">
<include name="java/lang/*.java"/>
</fileset>
</pmd>
</target>
Visualforce Support
Salesforce developers rejoice. To out growing Apex support we have added full Visualforce support.
Both CPD and PD are available. So far only a security ruleset is available (vf-security
).
Visualforce Security Rule Set
VfUnescapeEl
The rule looks for Expression Language occurances printing unescaped values from the backend. These could lead to XSS attacks.
VfCsrf
The rule looks for <apex:page>
tags performing an action on page load, definish such action
through Expression Language, as doing so is vulnerable to CSRF attacks.
Apex Security Rule Set
A new ruleset focused on security has been added, consisting of a wide range of rules to detect most common security problems.
ApexBadCrypto
The rule makes sure you are using randomly generated IVs and keys for Crypto
calls.
Hard-wiring these values greatly compromises the security of encrypted data.
For instance, it would report violations on code such as:
public class without sharing Foo {
Blob hardCodedIV = Blob.valueOf('Hardcoded IV 123');
Blob hardCodedKey = Blob.valueOf('0000000000000000');
Blob data = Blob.valueOf('Data to be encrypted');
Blob encrypted = Crypto.encrypt('AES128', hardCodedKey, hardCodedIV, data);
}
ApexCRUDViolation
The rule validates you are checking for access permissions before a SOQL/SOSL/DML operation. Since Apex runs in system mode not having proper permissions checks results in escalation of privilege and may produce runtime errors. This check forces you to handle such scenarios.
For example, the following code is considered valid:
public class Foo {
public Contact foo(String status, String ID) {
Contact c = [SELECT Status__c FROM Contact WHERE Id=:ID];
// Make sure we can update the database before even trying
if (!Schema.sObjectType.Contact.fields.Name.isUpdateable()) {
return null;
}
c.Status__c = status;
update c;
return c;
}
}
ApexCSRF
Check to avoid making DML operations in Apex class constructor/init method. This prevents modification of the database just by accessing a page.
For instance, the following code would be invalid:
public class Foo {
public init() {
insert data;
}
public Foo() {
insert data;
}
}
ApexDangerousMethods
Checks against calling dangerous methods.
For the time being, it reports:
- Against
FinancialForce
’sConfiguration.disableTriggerCRUDSecurity()
. Disabling CRUD security opens the door to several attacks and requires manual validation, which is unreliable. - Calling
System.debug
passing sensitive data as parameter, which could lead to exposure of private data.
ApexInsecureEndpoint
Checks against accessing endpoints under plain http. You should always use https for security.
ApexOpenRedirect
Checks against redirects to user-controlled locations. This prevents attackers from redirecting users to phishing sites.
For instance, the following code would be reported:
public class without sharing Foo {
String unsafeLocation = ApexPage.getCurrentPage().getParameters.get('url_param');
PageReference page() {
return new PageReference(unsafeLocation);
}
}
ApexSharingViolations
Detect classes declared without explicit sharing mode if DML methods are used. This forces the developer to take access restrictions into account before modifying objects.
ApexSOQLInjection
Detects the usage of untrusted / unescaped variables in DML queries.
For instance, it would report on:
public class Foo {
public void test1(String t1) {
Database.query('SELECT Id FROM Account' + t1);
}
}
ApexSuggestUsingNamedCred
Detects hardcoded credentials used in requests to an endpoint.
You should refrain from hardcoding credentials:
- They are hard to maintain by being mixed in application code
- Particularly hard to update them when used from different classes
- Granting a developer access to the codebase means granting knowledge of credentials, keeping a two-level access is not possible.
- Using different credentials for different environments is troublesome and error-prone.
Instead, you should use Named Credentials and a callout endpoint.
For more information, you can check this
ApexXSSFromEscapeFalse
Reports on calls to addError
with disabled escaping. The message passed to addError
will be displayed directly to the user in the UI, making it prime ground for XSS
attacks if unescaped.
ApexXSSFromURLParam
Makes sure that all values obtained from URL parameters are properly escaped / sanitized to avoid XSS attacks.
Apex Braces Rule Set
The Braces Rule Set has been added and serves the same purpose as the Braces Rule Set from Java: It checks the use and placement of braces around if-statements, for-loops and so on.
IfStmtsMustUseBraces
Avoid using if statements without using braces to surround the code block. If the code formatting or indentation is lost then it becomes difficult to separate the code being controlled from the rest.
For instance, the following code shows the different. PMD would report on the not recommended approach:
if (foo) // not recommended
x++;
if (foo) { // preferred approach
x++;
}
WhileLoopsMustUseBraces
Avoid using ‘while’ statements without using braces to surround the code block. If the code formatting or indentation is lost then it becomes difficult to separate the code being controlled from the rest.
For instance, the following code shows the different. PMD would report on the not recommended approach:
while (true) // not recommended
x++;
while (true) { // preferred approach
x++;
}
IfElseStmtsMustUseBraces
Avoid using if..else statements without using surrounding braces. If the code formatting or indentation is lost then it becomes difficult to separate the code being controlled from the rest.
For instance, the following code shows the different. PMD would report on the not recommended approach:
// this is not recommended
if (foo)
x = x+1;
else
x = x-1;
// preferred approach
if (foo) {
x = x+1;
} else {
x = x-1;
}
ForLoopsMustUseBraces
Avoid using ‘for’ statements without using surrounding braces. If the code formatting or indentation is lost then it becomes difficult to separate the code being controlled from the rest.
For instance, the following code shows the different. PMD would report on the not recommended approach:
for (int i = 0; i < 42; i++) // not recommended
foo();
for (int i = 0; i < 42; i++) { // preferred approach
foo();
}
New Rules
AccessorMethodGeneration (java-design)
When accessing a private field / method from another class, the Java compiler will generate an accessor method with package-private visibility. This adds overhead, and to the dex method count on Android. This situation can be avoided by changing the visibility of the field / method from private to package-private.
For instance, it would report violations on code such as:
public class OuterClass {
private int counter;
/* package */ int id;
public class InnerClass {
InnerClass() {
OuterClass.this.counter++; // wrong, accessor method will be generated
}
public int getOuterClassId() {
return OuterClass.this.id; // id is package-private, no accessor method needed
}
}
}
This new rule is part of the java-design
ruleset.
Modified Rules
-
The Java rule
UnnecessaryLocalBeforeReturn
(ruleset java-design) now has a new propertystatementOrderMatters
. It is enabled by default to stay backwards compatible. But if this property is set tofalse
, this rule no longer requires the variable declaration and return statement to be on consecutive lines. Any variable that is used solely in a return statement will be reported. -
The Java rule
UseLocaleWithCaseConversions
(ruleset java-design) has been modified, to detect calls totoLowerCase
and totoUpperCase
also within method call chains. This leads to more detected cases and potentially new false positives. See also bugfix #1556. -
The Java rule
AvoidConstantsInterface
(ruleset java-design) has been removed. It is completely replaced by the ruleConstantsInInterface
. - The Java rule
UnusedModifier
(ruleset java-unusedcode) has been moved to the ruleset java-unnecessary and has been renamed toUnnecessaryModifier
. Additionally, it has been expanded to consider more redundant modifiers:- Annotations marked as
abstract
. - Nested annotations marked as
static
. - Nested annotations within another interface or annotation marked as
public
. - Classes, interfaces or annotations nested within an annotation marked as
public
orstatic
. - Nested enums marked as
static
.
- Annotations marked as
- The Java rule
JUnitTestsShouldIncludeAssert
(ruleset java-junit) now accepts usage of@Rule
ExpectedException
to set expectations on exceptions, and are considered as valid assertions.
CPD Suppression
It is now possible to allow CPD suppression through comments in Java. You tell CPD to ignore
the following code with a comment containin CPD-OFF
and with CPD-ON
you tell CPD to resume
analysis. The old approach via @SuppressWarnings
annotation is still supported, but is considered
deprecated, since it is limited to locations where the SuppressWarnings
annotation is allowed.
See PR #250.
For example:
public Object someMethod(int x) throws Exception {
// some unignored code
// tell cpd to start ignoring code - CPD-OFF
// mission critical code, manually loop unroll
goDoSomethingAwesome(x + x / 2);
goDoSomethingAwesome(x + x / 2);
goDoSomethingAwesome(x + x / 2);
goDoSomethingAwesome(x + x / 2);
goDoSomethingAwesome(x + x / 2);
goDoSomethingAwesome(x + x / 2);
// resume CPD analysis - CPD-ON
// further code will *not* be ignored
}
CPD filelist command line option
CPD now supports the command line option --filelist
. With that, you can specify a file, which
contains the names and paths of the files, that should be analyzed. This is similar to PMD’s filelist option.
You need to use this, if you have a large project with many files, and you hit the command line length limit.
Fixed Issues
- General
- #1511: [core] Inconsistent behavior of Rule.start/Rule.end
- #234: [core] Zip file stream closes spuriously when loading rulesets
- #256: [core] shortnames option is broken with relative paths
- #305: [core] PMD not executing under git bash
- #324: [core] Automated release - github release notes missing
- #337: [core] Version 5.5.4 seems to hold file lock on rules JAR (affects Windows only)
- apex-apexunit
- #1543: [apex] ApexUnitTestClassShouldHaveAsserts assumes APEX is case sensitive
- apex-complexity
- apex-security
- java
- #185: [java] CPD runs into NPE when analyzing Lucene
- #206: [java] Parse error on annotation fields with generics
- #207: [java] Parse error on method reference with generics
- #208: [java] Parse error with local class with 2 or more annotations
- #213: [java] CPD: OutOfMemory when analyzing Lucene
- #309: [java] Parse error on method reference
- #1542: [java] CPD throws an NPE when parsing enums with -ignore-identifiers
- #1545: [java] Symbol Table fails to resolve inner classes
- java-basic
- #232: [java] SimplifiedTernary: Incorrect ternary operation can be simplified.
- java-coupling
- #270: [java] LoD false positive
- java-design
- #933: [java] UnnecessaryLocalBeforeReturn false positive for SuppressWarnings annotation
- #1448: [java] ImmutableField: Private field in inner class gives false positive with lambdas
- #1495: [java] UnnecessaryLocalBeforeReturn with assert
- #1496: [java] New Rule: AccesorMethodGeneration - complements accessor class rule
- #1512: [java] Combine rules AvoidConstantsInInterface and ConstantsInInterface
- #1552: [java] MissingBreakInSwitch - False positive for continue
- #1556: [java] UseLocaleWithCaseConversions does not works with
ResultSet
(false negative) - #177: [java] SingularField with lambdas as final fields
- #216: [java] [doc] NonThreadSafeSingleton: Be more explicit as to why double checked locking is not recommended
- #219: [java] UnnecessaryLocalBeforeReturn: ClassCastException in switch case with local variable returned
- #240: [java] UnnecessaryLocalBeforeReturn: Enhance by checking usages
- #274: [java] AccessorMethodGeneration: Method inside static inner class incorrectly reported
- #275: [java] FinalFieldCouldBeStatic: Constant in @interface incorrectly reported as “could be made static”
- #282: [java] UnnecessaryLocalBeforeReturn false positive when cloning Maps
- #291: [java] Improve quality of AccessorClassGeneration
- #310: [java] UnnecessaryLocalBeforeReturn enhancement is overly restrictive – method order matters
- #352: [java] AccessorClassGeneration throws ClassCastException when seeing array construction
- java-imports
- #338: [java] False positive on DontImportJavaLang when importing java.lang.ProcessBuilder
- #339: [java] False positive on DontImportJavaLang when importing Java 7’s java.lang.invoke.MethodHandles
- #1546: [java] UnnecessaryFullyQualifiedNameRule doesn’t take into consideration conflict resolution
- #1547: [java] UnusedImportRule - False Positive for only usage in Javadoc - {@link ClassName#CONSTANT}
- #1555: [java] UnnecessaryFullyQualifiedName: Really necessary fully qualified name
- java-junit
- java-logging-java
- java-optimizations
- java-strings
- java-unnecessary
- #199: [java] UselessParentheses: Parentheses in return statement are incorrectly reported as useless
- java-unusedcode
- XML
- #1518: [xml] Error while processing xml file with “.webapp” in the file or directory name
- psql
- #1549: [plsql] Parse error for IS [NOT] NULL construct
- javascript
- #201: [javascript] template strings are not correctly parsed
API Changes
net.sourceforge.pmd.RuleSetFactory
is now immutable and its behavior cannot be changed anymore. It provides constructors to create new adjusted instances. This allows to avoid synchronization in RuleSetFactory. See PR #131.net.sourceforge.pmd.RuleSet
is now immutable, too, and can only be created viaRuleSetFactory
. See PR #145.net.sourceforge.pmd.cli.XPathCLI
has been removed. It’s functionality is fully covered by the Designer.net.sourceforge.pmd.Report
now works withThreadSafeReportListener
s. BothReportListener
andSynchronizedReportListener
are deprecated in favor ofnet.sourceforge.pmd.ThreadSafeReportListener
. Therefore, the methodsgetSynchronizedListeners()
andaddSynchronizedListeners(...)
have been replaced bygetListeners()
andaddListeners(...)
. See PR #193.
External Contributions
- #123: [apex] Changing method names to lowercase so casing doesn’t matter
- #129: [plsql] Added correct parse of IS [NOT] NULL and multiline DML
- #137: [apex] Adjusted remediation points
- #146: [apex] Detection of missing Apex CRUD checks for SOQL/DML operations
- #147: [apex] Adding XSS detection to return statements
- #148: [apex] Improving detection of SOQL injection
- #149: [apex] Whitelisting String.isEmpty and casting
- #152: [java] fixes #1552 continue does not require break
- #154: [java] Fix #1547: UnusedImports: Adjust regex to support underscores
- #158: [apex] Reducing FPs in SOQL with VF getter methods
- #160: [apex] Flagging of dangerous method call
- #163: [apex] Flagging of System.debug
- #165: [apex] Improving open redirect rule to avoid test classes/methods
- #167: [apex] GC and thread safety changes
- #169: [apex] Improving detection for DML with inline new object
- #170: [core] Ant Task Formatter encoding issue with XMLRenderer
- #172: [apex] Bug fix, detects both Apex fields and class members
- #175: [apex] ApexXSSFromURLParam: Adding missing casting methods
- #176: [apex] Bug fix for FP: open redirect for strings prefixed with / is safe
- #179: [apex] Legacy test class declaration support
- #181: [apex] Control flow based CRUD rule checking
- #184: [apex] Improving open redirect detection for static fields & assignment operations
- #189: [apex] Bug fix of SOQL concatenated vars detection
- #191: [apex] Detection of sharing violation when Database. methods are used
- #192: [apex] Dead code removal
- #200: [javascript] Templatestring grammar fix
- #204: [apex] Sharing violation SOQL detection bug fix
- #214: [apex] Sharing violation improving reporting of the correct node, de-duping
- #217: [core] Make it build on Windows
- #227: [apex] Improving detection of getters
- #228: [apex] Excluding count from CRUD/FLS checks
- #229: [apex] Dynamic SOQL is safe against Integer, Boolean, Double
- #231: [apex] CRUD/FLS rule - add support for fields
- #266: [java] corrected invalid reporting of LoD violation
- #268: [apex] Support safe escaping via String method
- #273: [apex] Shade jackson on apex
- #279: [vf] New Salesforce VisualForce language support
- #280: [apex] Support for Aggregate Result in CRUD rules
- #281: [apex] Add Braces Rule Set
- #283: [vf] CSRF in VF controller pages
- #284: [vf] Adding support for parsing EL in script tags
- #288: [vf] Setting the tab size to 4 for VF
- #289: [apex] Complex SOQL Crud check bug fixes
- #296: [apex] Adding String.IsNotBlank to the whitelist to prevent False positives
- #297: [core] CPD: Adding the –filelist option from pmd to cpd
- #303: [java] InefficientEmptyStringCheckRule now reports String.trim().isEmpty()
- #307: [java] Fix false positive with UseStringBufferForStringAppendsRule
- #308: [java] JUnitTestsShouldIncludeAssertRule supports @Rule annotated ExpectedExceptions
- #313: [vf] Apex:iFrame not being detected - bug fix
- #314: [vf] Bug fixes for incorrect Id detection and escaping
- #316: [apex] Ignoring certain rules in Batch classes, Queueable, and install scripts
- #317: [apex] Add support for safe ID assignment from URL param
- #326: [vf] Quote detection improvement and method argument detection
- #327: [apex] Fixed SOQL injection detection for escaped vars
- #331: [java] JunitTestsShouldIncludeAssertRule now handles AllocationExpression correctly
- #332: [java] Future-proof DontImportJavaLangRule
- #340: [vf] Multiple parser bug fixes
- #341: [vf] JSON.parse(..) and NOT(..) are safely evaluated
- #343: [apex] int,id,boolean,ternary operator condition are not injection in Soql
- #344: [apex] ApexCRUDViolationRule: Bug fix for ClassCastException
- #351: [vf] Fixing regression introduced by #341
29-April-2017 - 5.5.7
The PMD team is pleased to announce PMD 5.5.7.
This is a bug fixing release.
Fixed Issues
- General
- #364: [core] Stream closed exception when running through maven
19-April-2017 - 5.5.6
The PMD team is pleased to announce PMD 5.5.6.
This is a bug fixing release.
Fixed Issues
- General
27-March-2017 - 5.5.5
The PMD team is pleased to announce PMD 5.5.5.
Fixed Issues
- general:
- #305: [core] PMD not executing under git bash
- java:
- #309: [java] Parse error on method reference
- java-design
- #274: [java] AccessorMethodGeneration: Method inside static inner class incorrectly reported
- #275: [java] FinalFieldCouldBeStatic: Constant in @interface incorrectly reported as “could be made static”
- #282: [java] UnnecessaryLocalBeforeReturn false positive when cloning Maps
- #291: [java] Improve quality of AccessorClassGeneration
- java-junit:
- #285: [java] JUnitTestsShouldIncludeAssertRule should support @Rule as well as @Test(expected = …)
- java-optimizations:
- #222: [java] UseStringBufferForStringAppends: False Positive with ternary operator
- java-strings:
- #290: [java] InefficientEmptyStringCheck misses String.trim().isEmpty()
External Contributions
- #280: [apex] Support for Aggregate Result in CRUD rules
- #289: [apex] Complex SOQL Crud check bug fixes
- #296: [apex] Adding String.IsNotBlank to the whitelist to prevent False positives
- #303: [java] InefficientEmptyStringCheckRule now reports String.trim().isEmpty()
- #307: [java] Fix false positive with UseStringBufferForStringAppendsRule
- #308: [java] JUnitTestsShouldIncludeAssertRule supports @Rule annotated ExpectedExceptions
25-Februar-2017 - 5.5.4
The PMD team is pleased to announce PMD 5.5.4
New and noteworthy
New Rules
AccessorMethodGeneration (java-design)
When accessing a private field / method from another class, the Java compiler will generate a accessor methods with package-private visibility. This adds overhead, and to the dex method count on Android. This situation can be avoided by changing the visibility of the field / method from private to package-private.
For instance, it would report violations on code such as:
public class OuterClass {
private int counter;
/* package */ int id;
public class InnerClass {
InnerClass() {
OuterClass.this.counter++; // wrong, accessor method will be generated
}
public int getOuterClassId() {
return OuterClass.this.id; // id is package-private, no accessor method needed
}
}
}
This new rule is part of the java-design
ruleset.
Modified Rules
- The Java rule
UnusedModifier
(ruleset java-unusedcode) has been expanded to consider more redundant modifiers.- Annotations marked as
abstract
. - Nested annotations marked as
static
. - Nested annotations within another interface or annotation marked as
public
. - Classes, interfaces or annotations nested within an annotation marked as
public
orstatic
. - Nested enums marked as
static
.
- Annotations marked as
- The Java rule
UnnecessaryLocalBeforeReturn
(ruleset java-design) no longer requires the variable declaration and return statement to be on consecutive lines. Any variable that is used solely in a return statement will be reported.
Fixed Issues
- General
- apex-complexity
- #251: [apex] NCSS Type length is incorrect when using method chaining
- apex-security
- #264: [apex] ApexXSSFromURLParamRule shouldn’t enforce ESAPI usage. String.escapeHtml4 is sufficient.
- java-basic
- #232: [java] SimplifiedTernary: Incorrect ternary operation can be simplified.
- java-coupling
- #270: [java] LoD false positive
- java-design
- #933: [java] UnnecessaryLocalBeforeReturn false positive for SuppressWarnings annotation
- #1496: [java] New Rule: AccesorMethodGeneration - complements accessor class rule
- #216: [java] [doc] NonThreadSafeSingleton: Be more explicit as to why double checked locking is not recommended
- #219: [java] UnnecessaryLocalBeforeReturn: ClassCastException in switch case with local variable returned
- #240: [java] UnnecessaryLocalBeforeReturn: Enhance by checking usages
- java-optimizations
- #215: [java] RedundantFieldInitializer report for annotation field not explicitly marked as final
- java-unusedcode
External Contributions
- #227: [apex] Improving detection of getters
- #228: [apex] Excluding count from CRUD/FLS checks
- #229: [apex] Dynamic SOQL is safe against Integer, Boolean, Double
- #231: [apex] CRUD/FLS rule - add support for fields
- #266: [java] corrected invalid reporting of LoD violation
- #268: [apex] Support safe escaping via String method
- #273: [apex] Shade jackson on apex
28-January-2017 - 5.5.3
The PMD team is pleased to announce PMD 5.5.3
The most significant changes are on analysis performance and a whole new Apex Security Rule Set.
Multithread performance has been enhanced by reducing thread-contention on a bunch of areas. This is still an area of work, as the speedup of running multithreaded analysis is still relatively small (4 threads produce less than a 50% speedup). Future releases will keep improving on this area.
Once again, Symbol Table has been an area of great performance improvements. This time we were able to further improve it’s performance by roughly 10% on all supported languages. In Java in particular, several more improvements were possible, improving Symbol Table performance by a whooping 30%, that’s over 5X faster than PMD 5.5.1, when we first started working on it.
Java developers will also appreciate the revamp of CloneMethodMustImplementCloneable
,
making it over 500X faster, and PreserveStackTrace
which is now 7X faster.
New and noteworthy
Apex Security Rule Set
A new ruleset focused on security has been added, consisting of a wide range of rules to detect most common security problems.
ApexBadCrypto
The rule makes sure you are using randomly generated IVs and keys for Crypto
calls.
Hard-wiring these values greatly compromises the security of encrypted data.
For instance, it would report violations on code such as:
public class without sharing Foo {
Blob hardCodedIV = Blob.valueOf('Hardcoded IV 123');
Blob hardCodedKey = Blob.valueOf('0000000000000000');
Blob data = Blob.valueOf('Data to be encrypted');
Blob encrypted = Crypto.encrypt('AES128', hardCodedKey, hardCodedIV, data);
}
ApexCRUDViolation
The rule validates you are checking for access permissions before a SOQL/SOSL/DML operation. Since Apex runs in system mode not having proper permissions checks results in escalation of privilege and may produce runtime errors. This check forces you to handle such scenarios.
For example, the following code is considered valid:
public class Foo {
public Contact foo(String status, String ID) {
Contact c = [SELECT Status__c FROM Contact WHERE Id=:ID];
// Make sure we can update the database before even trying
if (!Schema.sObjectType.Contact.fields.Name.isUpdateable()) {
return null;
}
c.Status__c = status;
update c;
return c;
}
}
ApexCSRF
Check to avoid making DML operations in Apex class constructor/init method. This prevents modification of the database just by accessing a page.
For instance, the following code would be invalid:
public class Foo {
public init() {
insert data;
}
public Foo() {
insert data;
}
}
ApexDangerousMethods
Checks against calling dangerous methods.
For the time being, it reports:
- Against
FinancialForce
’sConfiguration.disableTriggerCRUDSecurity()
. Disabling CRUD security opens the door to several attacks and requires manual validation, which is unreliable. - Calling
System.debug
passing sensitive data as parameter, which could lead to exposure of private data.
ApexInsecureEndpoint
Checks against accessing endpoints under plain http. You should always use https for security.
ApexOpenRedirect
Checks against redirects to user-controlled locations. This prevents attackers from redirecting users to phishing sites.
For instance, the following code would be reported:
public class without sharing Foo {
String unsafeLocation = ApexPage.getCurrentPage().getParameters.get('url_param');
PageReference page() {
return new PageReference(unsafeLocation);
}
}
ApexSharingViolations
Detect classes declared without explicit sharing mode if DML methods are used. This forces the developer to take access restrictions into account before modifying objects.
ApexSOQLInjection
Detects the usage of untrusted / unescaped variables in DML queries.
For instance, it would report on:
public class Foo {
public void test1(String t1) {
Database.query('SELECT Id FROM Account' + t1);
}
}
ApexSuggestUsingNamedCred
Detects hardcoded credentials used in requests to an endpoint.
You should refrain from hardcoding credentials:
- They are hard to mantain by being mixed in application code
- Particularly hard to update them when used from different classes
- Granting a developer access to the codebase means granting knowledge of credentials, keeping a two-level access is not possible.
- Using different credentials for different environments is troublesome and error-prone.
Instead, you should use Named Credentials and a callout endpoint.
For more information, you can check this
ApexXSSFromEscapeFalse
Reports on calls to addError
with disabled escaping. The message passed to addError
will be displayed directly to the user in the UI, making it prime ground for XSS
attacks if unescaped.
ApexXSSFromURLParam
Makes sure that all values obtained from URL parameters are properly escaped / sanitized to avoid XSS attacks.
Modified Rules
The Java rule “UseLocaleWithCaseConversions” (ruleset java-design) has been modified, to detect calls
to toLowerCase
and to toUpperCase
also within method call chains. This leads to more detected cases
and potentially new false positives.
See also bugfix #1556.
Fixed Issues
- General
- #1511: [core] Inconsistent behavior of Rule.start/Rule.end
- apex-apexunit
- #1543: [apex] ApexUnitTestClassShouldHaveAsserts assumes APEX is case sensitive
- apex-complexity
- #183: [apex] NCSS Method length is incorrect when using method chaining
- java
- #185: [java] CPD runs into NPE when analyzing Lucene
- #206: [java] Parse error on annotation fields with generics
- #207: [java] Parse error on method reference with generics
- #208: [java] Parse error with local class with 2 or more annotations
- #213: [java] CPD: OutOfMemory when analyzing Lucene
- #1542: [java] CPD throws an NPE when parsing enums with -ignore-identifiers
- #1545: [java] Symbol Table fails to resolve inner classes
- java-design
- #1448: [java] ImmutableField: Private field in inner class gives false positive with lambdas
- #1495: [java] UnnecessaryLocalBeforeReturn with assert
- #1552: [java] MissingBreakInSwitch - False positive for continue
- #1556: [java] UseLocaleWithCaseConversions does not works with
ResultSet
(false negative) - #177: [java] SingularField with lambdas as final fields
- java-imports
- java-logging-java
- java-unnecessary
- #199: [java] UselessParentheses: Parentheses in return statement are incorrectly reported as useless
- java-strings
- #202: [java] [doc] ConsecutiveAppendsShouldReuse is not really an optimization
- XML
- #1518: [xml] Error while processing xml file with “.webapp” in the file or directory name
- psql
- #1549: [plsql] Parse error for IS [NOT] NULL construct
- javascript
- #201: [javascript] template strings are not correctly parsed
API Changes
net.sourceforge.pmd.RuleSetFactory
is now immutable and its behavior cannot be changed anymore. It provides constructors to create new adjusted instances. This allows to avoid synchronization in RuleSetFactory. See PR #131.
External Contributions
- #123: [apex] Changing method names to lowercase so casing doesn’t matter
- #129: [plsql] Added correct parse of IS [NOT] NULL and multiline DML
- #137: [apex] Adjusted remediation points
- #146: [apex] Detection of missing Apex CRUD checks for SOQL/DML operations
- #147: [apex] Adding XSS detection to return statements
- #148: [apex] Improving detection of SOQL injection
- #149: [apex] Whitelisting String.isEmpty and casting
- #152: [java] fixes #1552 continue does not require break
- #154: [java] Fix #1547: UnusedImports: Adjust regex to support underscores
- #158: [apex] Reducing FPs in SOQL with VF getter methods
- #160: [apex] Flagging of dangerous method call
- #163: [apex] Flagging of System.debug
- #165: [apex] Improving open redirect rule to avoid test classes/methods
- #167: [apex] GC and thread safety changes
- #169: [apex] Improving detection for DML with inline new object
- #170: [core] Ant Task Formatter encoding issue with XMLRenderer
- #172: [apex] Bug fix, detects both Apex fields and class members
- #175: [apex] ApexXSSFromURLParam: Adding missing casting methods
- #176: [apex] Bug fix for FP: open redirect for strings prefixed with / is safe
- #179: [apex] Legacy test class declaration support
- #181: [apex] Control flow based CRUD rule checking
- #184: [apex] Improving open redirect detection for static fields & assignment operations
- #189: [apex] Bug fix of SOQL concatenated vars detection
- #191: [apex] Detection of sharing violation when Database. methods are used
- #192: [apex] Dead code removal
- #200: [javascript] Templatestring grammar fix
- #204: [apex] Sharing violation SOQL detection bug fix
- #214: [apex] Sharing violation improving reporting of the correct node, de-duping
05-November-2016 - 5.5.2
Summary:
- 1 new language for CPD: Groovy
- 1 new rule: plsql-strictsyntax/MisplacedPragma
- 12 pull requests
- 17 bug fixes
New Supported Languages:
- CPD now supports Groovy. See PR#107.
Feature Requests and Improvements:
- plsql
- #1539: [plsql] Create new rule for strict syntax checking: MisplacedPragma
New Rules:
- New Rules for plsql
- plsql-strictsyntax: MisplacedPragma
Pull Requests:
- #106: [java] CPD: Keep constructor names under ignoreIdentifiers
- #107: [groovy] Initial support for CPD Groovy
- #110: [java] Fix parser error (issue 1530)
- #111: [java] Fix BooleanInstantiationRule for Java 8
- #112: [java] Fix ClassCastException on CloneMethodMustImplementCloneable
- #113: [java] Fix ClassCastException on SignatureDeclareThrowsException
- #114: [core] Remove multihreading workaround for JRE5, as no PMD version supports running on JRE5 anymore
- #115: [java] Simplify lambda parsing
- #116: [core] [java] Improve collection usage
- #117: [java] Improve symboltable performance
- #118: [java] Simplify VariableDeclaratorId parsing
- #119: [plsql] Fix PMD issue 1531- endless loop followed by OOM while parsing (PL)SQL
Bugfixes:
- apex-apexunit
- #1521: [apex] ApexUnitTestClassShouldHaveAsserts: Parsing error on APEX class: expected one element but was: <BlockStatement, BlockStatement>
- Java
- java-basic/BooleanInstantiation
- #1533: [java] BooleanInstantiation: ClassCastException with Annotation
- java-comments
- #1522: [java] CommentRequired: false positive
- java-design/SingularField
- #1494: [java] SingularField: lombok.Data false positive
- java-imports/UnusedImports
- #1529: [java] UnusedImports: The created rule violation has no class name
- java-logging-java
- java-typeresolution/CloneMethodMustImplementCloneable
- java-typeresolution/SignatureDeclareThrowsException
- #1535: [java] SignatureDeclareThrowsException: ClassCastException with Annotation
- PLSQL
- General
27-July-2016 - 5.5.1
New Rules:
- New rules for Salesforce.com Apex:
- apex-apexunit: ApexUnitTestClassShouldHaveAsserts, ApexUnitTestShouldNotUseSeeAllDataTrue
Pull Requests:
- #101: [java] Improve multithreading performance: do not lock on classloader
- #102: [apex] Restrict AvoidLogicInTrigger rule to max. 1 violation per file
- #103: [java] [apex] Fix for 1501: CyclomaticComplexity rule causes OOM when class reporting is disabled
- #104: [core] [java] Close opened file handles
- apex #43: [apex] Basic apex unit test rules
Bugfixes:
- Apex
- #1501: [java] [apex] CyclomaticComplexity rule causes OOM when class reporting is disabled
- Java
- #1501: [java] [apex] CyclomaticComplexity rule causes OOM when class reporting is disabled
- General
25-June-2016 - 5.5.0
System requirements:
PMD and CPD need at least a java7 runtime environment. For analyzing Salesforce.com Apex source code, you’ll need a java8 runtime environment.
New Supported Languages:
- Salesforce.com Apex is now supported by PMD and CPD. See PR#86.
- CPD now supports Perl. See PR#82.
- CPD now supports Swift. See PR#33.
New and modified Rules:
- New rules in Java:
- java-logging-java/InvalidSlf4jMessageFormat: Check for invalid message format in slf4j loggers. See PR#73.
- java-design/ConstantsInInterface: Avoid constants in interfaces. Interfaces should define types, constants are implementation details better placed in classes or enums. See Effective Java, item 19. See PR#93.
- Modified rules in Java:
- java-comments/CommentRequired: New property
serialVersionUIDCommentRequired
which controls the comment requirements for serialVersionUID fields. By default, no comment is required for this field. - java-design/UseVargs: public static void main method is ignored now and so are methods, that are annotated with Override. See PR#79.
- java-comments/CommentRequired: New property
- New rules for Salesforce.com Apex:
- apex-complexity: AvoidDeeplyNestedIfStmts, ExcessiveParameterList, ExcessiveClassLength, NcssMethodCount, NcssTypeCount, NcssConstructorCount, StdCyclomaticComplexity, TooManyFields, ExcessivePublicCount
- apex-performance: AvoidDmlStatementsInLoops, AvoidSoqlInLoops
- apex-style: VariableNamingConventions, MethodNamingConventions, ClassNamingConventions, MethodWithSameNameAsEnclosingClass, AvoidLogicInTrigger, AvoidGlobalModifier
- Javascript
- New Rule: ecmascript-unnecessary/NoElseReturn: The else block in a if-else-construct is
unnecessary if the
if
block contains a return. Then the content of the else block can be put outside. See #1486.
- New Rule: ecmascript-unnecessary/NoElseReturn: The else block in a if-else-construct is
unnecessary if the
Improvements and CLI changes:
- A JSON-renderer for PMD which is compatible with CodeClimate. See PR#83.
- #1360: [core] [java] Provide backwards compatibility for PMD configuration file
- CPD: If a complete filename is specified, the language dependent filename filter is not applied. This allows to scan files, that are not using the standard file extension. If a directory is specified, the filename filter is still applied and only those files with the correct file extension of the language are scanned.
- CPD: If no problems found, an empty report will be output instead of nothing. See also #1481
- CPD: New command line parameter
--ignore-usings
: Ignore using directives in C# when comparing text. - PMD: New command line parameter:
-norulesetcompatibility
- this disables the ruleset factory compatibility filter and fails, if e.g. an old rule name is used in the ruleset. See also #1360. This option is also available for the ant task:<noRuleSetCompatibility>true</noRuleSetCompatibility>
. - PMD: New command line parameter:
-filelist
- this provides an alternative way to define, which files should be process by PMD. With this option, you can provide the path to a single file containing a comma delimited list of files to analyze. If this is given, then you don’t need to provide-dir
. See PR#98.
Pull Requests:
- #25: [cs] Added option to exclude C# using directives from CPD analysis
- #27: [cpp] Added support for Raw String Literals (C++11).
- [#29)(https://github.com/adangel/pmd/pull/29): [jsp] Added support for files with UTF-8 BOM to JSP tokenizer.
- #30: [core] CPD: Removed file filter for files that are explicitly specified on the CPD command line using the ‘–files’ command line option.
- #31: [core] CPD: Added file encoding detection to CPD.
- #32: [objectivec] Extended Objective-C grammar to accept UTF-8 escapes (\uXXXX) in string literals.
- #33: [swift] Added support for Swift to CPD.
- #34: multiple code improvements: squid:S1192, squid:S1118, squid:S1066, squid:S1854, squid:S2864
- #35: [javascript] Javascript tokenizer now ignores comment tokens.
- #72: [java] [jsp] Added capability in Java and JSP parser for tracking tokens.
- #73: [java] InvalidSlf4jMessageFormat: Add rule to look for invalid message format in slf4j loggers
- #74: [java] CommentDefaultAccessModifier: Fix rendering CommentDefaultAccessModifier description as code
- #75: [core] RuleSetFactory Performance Enhancement
- #76: [java] DoNotCallGarbageCollectionExplicitly: fix formatting typos in an example
- #77: [java] [plsql] Fix various typos
- #78: [java] MissingStaticMethodInNonInstantiatableClass: Add Builder pattern check
- #79: [java] UseVarargs: do not flag public static void main(String[]), ignore @Override
- #80: [site] Update mvn-plugin.md
- #82: [perl] Add Perl support to CPD.
- #83: [core] CodeClimateRenderer: Adds new Code Climate-compliant JSON renderer
- #84: [java] EmptyMethodInAbstractClassShouldBeAbstract: Change rule’s description.
- #85: [java] UseStringBufferForStringAppends: False Positive with Ternary Operator (#1340)
- #86: [apex] Added language module for Salesforce.com Apex incl. rules ported from Java and new ones.
- #87: [core] [apex] Customize Code Climate Json “categories” + “remediation_points” as PMD rule properties
- #88: [core] [apex] Fixed typo in ruleset.xml and problems with the CodeClimate renderer
- #89: [core] Some code enhancements
- #90: [core] Refactored two test to stop using the deprecated ant class BuildFileTest
- #91: [core] [java] [jsp] [plsql] [test] [vm] Small code enhancements, basically reordering variable declarations, constructors and variable modifiers
- #92: [core] [apex] Improved Code Climate Renderer Output and a Bugfix for Apex StdCyclomaticComplexityRule on triggers
- #93: [java] ConstantsInInterface: Add ConstantsInInterface rule. Effective Java, 19
- #94: [core] [apex] Added property, fixed code climate renderer output and deleted unused rulessets
- #95: [apex] AvoidDmlStatementsInLoops: New apex rule AvoidDmlStatementsInLoops
- #96: [core] CodeClimateRenderer: Clean up Code Climate renderer
- #97: [java] BooleanGetMethodName: Don’t report bad method names on @Override
- #98: [core] PMD: Input filelist parameter
- #99: [apex] Fixed Trigger name is reported incorrectly
- #100: [core] CSVRenderer: escape filenames with commas in csvrenderer
Bugfixes:
- java-basic
- java-codesize
- #1457: [java] TooManyMethods: counts inner class methods
- java-comments
- java-controversial
- #1449: [java] AvoidUsingShortType: false positive when casting a variable to short
- java-design
- java-finalizers
- #1440: [java] AvoidCallingFinalize: NPE
- java-imports
- java-junit
- java-migrating
- #1446: [java] JUnit4TestShouldUseBeforeAnnotation: False positive when TestNG is used
- java-naming
- #1431: [java] SuspiciousEqualsMethodName: false positive
- java-optimizations
- java-sunsecure
- java-unnecessary
- java-unusedcode
- #1456: [java] UnusedFormalParameter: should ignore overriding methods
- #1484: [java] UnusedLocalVariable: false positive - parenthesis
- #1480: [java] UnusedModifier: false positive on public modifier used with inner interface in enum
- #1428: [java] UnusedPrivateField: False positive when local variable hides member variable hides member variable
- General
- #1425: [core] XMLRenderer: Invalid XML Characters in Output
- #1429: [java] Parser Error: Cast in return expression
- #1441: [site] PMD: Update documentation how to compile after modularization
- #1442: [java] PDMASMClassLoader: Java 9 Jigsaw readiness
- #1455: [java] Parser: PMD doesn’t handle Java 8 explicit receiver parameters
- #1458: [xml] Performance degradation scanning large XML files with XPath custom rules
- #1461: [core] RuleSetFactory: Possible threading issue due to PR#75
- #1470: [java] Parser: Error with type-bound lambda
- #1478: [core] PMD CLI: Use first language as default if Java is not available
- #1481: [core] CPD: no problems found results in blank file instead of empty xml
- #1485: [apex] Analysis of some apex classes cause a stackoverflow error
- #1488: [apex] Windows line endings falsify the location of issues
- #1491: [core] CodeClimateRenderer: corrupt JSON output with real line breaks
- #1492: [core] PMD CLI: IncompatibleClassChangeError when running PMD
27-March-2017 - 5.4.6
The PMD team is pleased to announce PMD 5.4.6.
This is a bug fixing release.
Table Of Contents
Fixed Issues
- general:
- #305: [core] PMD not executing under git bash
- java:
- #309: [java] Parse error on method reference
- java-design:
- #275: [java] FinalFieldCouldBeStatic: Constant in @interface incorrectly reported as “could be made static”
- java-junit:
- #285: [java] JUnitTestsShouldIncludeAssertRule should support @Rule as well as @Test(expected = …)
- java-optimizations:
- #222: [java] UseStringBufferForStringAppends: False Positive with ternary operator
- java-strings:
- #290: [java] InefficientEmptyStringCheck misses String.trim().isEmpty()
External Contributions
- #303: [java] InefficientEmptyStringCheckRule now reports String.trim().isEmpty()
- #307: [java] Fix false positive with UseStringBufferForStringAppendsRule
- #308: [java] JUnitTestsShouldIncludeAssertRule supports @Rule annotated ExpectedExceptions
25-Februar-2017 - 5.4.5
The PMD team is pleased to announce PMD 5.4.5
This is a bug fixing release.
Table Of Contents
New and noteworthy
Modified Rules
- The Java rule
UnusedModifier
(ruleset java-unusedcode) has been expanded to consider more redundant modifiers.- Annotations marked as
abstract
. - Nested annotations marked as
static
. - Nested annotations within another interface or annotation marked as
public
. - Classes, interfaces or annotations nested within an annotation marked as
public
orstatic
. - Nested enums marked as
static
.
- Annotations marked as
Fixed Issues
- general
- java-basic
- #232: [java] SimplifiedTernary: Incorrect ternary operation can be simplified.
- java-coupling
- #270: [java] LoD false positive
- java-design
- java-optimizations
- #215: [java] RedundantFieldInitializer report for annotation field not explicitly marked as final
- java-unusedcode
External Contributions
- #266: [java] corrected invalid reporting of LoD violation
28-January-2017 - 5.4.4
The PMD team is pleased to announce PMD 5.4.4
This is a bug fixing release. The most significant changes are on analysis performance.
Multithread performance has been enhanced by reducing thread-contention on a bunch of areas. This is still an area of work, as the speedup of running multithreaded analysis is still relatively small (4 threads produce less than a 50% speedup). Future releases will keep improving on this area.
Once again, Symbol Table has been an area of great performance improvements. This time we were able to further improve it’s performance by roughly 10% on all supported languages. In Java in particular, several more improvements were possible, improving Symbol Table performance by a whooping 30%, that’s over 5X faster than PMD 5.4.2, when we first started working on it.
Java developers will also appreciate the revamp of CloneMethodMustImplementCloneable
,
making it over 500X faster, and PreserveStackTrace
which is now 7X faster.
New and noteworthy
This is a bug fixing release, no major changes were introduced.
Modified Rules
The Java rule “UseLocaleWithCaseConversions” (ruleset java-design) has been modified, to detect calls
to toLowerCase
and to toUpperCase
also within method call chains. This leads to more detected cases
and potentially new false positives.
See also bugfix #1556.
Fixed Issues
- java
- java-design
- #1448: [java] ImmutableField: Private field in inner class gives false positive with lambdas
- #1495: [java] UnnecessaryLocalBeforeReturn with assert
- #1552: [java] MissingBreakInSwitch - False positive for continue
- #1556: [java] UseLocaleWithCaseConversions does not works with
ResultSet
(false negative) - #177: [java] SingularField with lambdas as final fields
- java-imports
- java-unnecessary
- #199: [java] UselessParentheses: Parentheses in return statement are incorrectly reported as useless
- java-strings
- #202: [java] [doc] ConsecutiveAppendsShouldReuse is not really an optimization
- XML
- #1518: [xml] Error while processing xml file with “.webapp” in the file or directory name
- psql
- #1549: [plsql] Parse error for IS [NOT] NULL construct
- javascript
- #201: [javascript] template strings are not correctly parsed
- General
- #1511: [core] Inconsistent behavior of Rule.start/Rule.end
External Contributions
- #129: [plsql] Added correct parse of IS [NOT] NULL and multiline DML
- #152: [java] fixes #1552 continue does not require break
- #154: [java] Fix #1547: UnusedImports: Adjust regex to support underscores
- #170: [core] Ant Task Formatter encoding issue with XMLRenderer
- #200: [javascript] Templatestring grammar fix
04-November-2016 - 5.4.3
Summary:
- 7 pull requests
- 16 bug fixes
Pull Requests:
- #35: [javascript] Javascript tokenizer now ignores comment tokens.
- #103: [java] Fix for 1501: CyclomaticComplexity rule causes OOM when class reporting is disabled
- #110: [java] Fix parser error (issue 1530)
- #111: [java] Fix BooleanInstantiationRule for Java 8
- #112: [java] Fix ClassCastException on CloneMethodMustImplementCloneable
- #113: [java] Fix ClassCastException on SignatureDeclareThrowsException
- #119: [plsql] Fix PMD issue 1531- endless loop followed by OOM while parsing (PL)SQL
Bugfixes:
- Java
- java-basic/BooleanInstantiation
- #1533: [java] BooleanInstantiation: ClassCastException with Annotation
- java-comments
- #1522: [java] CommentRequired: false positive
- java-design/SingularField
- #1494: [java] SingularField: lombok.Data false positive
- java-imports/UnusedImports
- #1529: [java] UnusedImports: The created rule violation has no class name
- java-typeresolution/CloneMethodMustImplementCloneable
- java-typeresolution/SignatureDeclareThrowsException
- #1535: [java] SignatureDeclareThrowsException: ClassCastException with Annotation
- PLSQL
- General
29-May-2016 - 5.4.2
New Supported Languages:
- CPD supports now Swift (see PR#33).
Feature Request and Improvements:
- A JSON-renderer for PMD which is compatible with CodeClimate. See PR#83.
- #1360: Provide backwards compatibility for PMD configuration file
Modified Rules:
- java-design/UseVargs: public static void main method is ignored now and so are methods, that are annotated with Override. See PR#79.
Pull Requests:
- #27: Added support for Raw String Literals (C++11).
- #29: Added support for files with UTF-8 BOM to JSP tokenizer.
- #30: Removed file filter for files that are explicitly specified on the CPD command line using the ‘–files’ command line option.
- #31: Added file encoding detection to CPD.
- #32: Extended Objective-C grammar to accept UTF-8 escapes (\uXXXX) in string literals.
- #33: Added support for Swift to CPD.
- #79: do not flag public static void main(String[]) as UseVarargs; ignore @Override for UseVarargs
- #80: Update mvn-plugin.md
- #83: Adds new Code Climate-compliant JSON renderer
- #85: #1340 UseStringBufferForStringAppends False Positive with Ternary Operator
Bugfixes:
- java-basic/DoubleCheckedLocking:
- #1471: False positives for DoubleCheckedLocking
- java-basic/SimplifiedTernary:
- #1424: False positive with ternary operator
- java-codesize/TooManyMethods:
- #1457: TooManyMethods counts inner class methods
- java-controversial/AvoidUsingShortType:
- #1449: false positive when casting a variable to short
- java-design/AccessorClassGeneration:
- #1452: ArrayIndexOutOfBoundsException with Annotations for AccessorClassGenerationRule
- java-design/CloseResource
- #1479: CloseResource false positive on Statement
- java-design/UseUtilityClass:
- #1467: UseUtilityClass can’t correctly check functions with multiple annotations
- java-imports/UnusedImports:
- #1465: False Positve UnusedImports with javadoc @link
- java-junit/TestClassWithoutTestCases:
- #1453: Test Class Without Test Cases gives false positive
- java-optimizations/UseStringBufferForStringAppends:
- #1340: UseStringBufferForStringAppends False Positive with ternary operator
- java-sunsecure/ArrayIsStoredDirectly:
- java-unnecessary/UnnecessaryFinalModifier:
- #1464: UnnecessaryFinalModifier false positive on a @SafeVarargs method
- java-unusedcode/UnusedFormalParameter:
- #1456: UnusedFormalParameter should ignore overriding methods
- java-unusedcode/UnusedLocalVariable
- #1484: UnusedLocalVariable - false positive - parenthesis
- java-unusedcode/UnusedModifier
- #1480: false positive on public modifier used with inner interface in enum
- General
CLI Changes:
- CPD: If a complete filename is specified, the language dependent filename filter is not applied. This allows to scan files, that are not using the standard file extension. If a directory is specified, the filename filter is still applied and only those files with the correct file extension of the language are scanned.
- CPD: If no problems found, an empty report will be output instead of nothing. See also #1481
- New command line parameter for PMD:
-norulesetcompatibility
- this disables the ruleset factory compatibility filter and fails, if e.g. an old rule name is used in the ruleset. See also #1360. This option is also available for the ant task:<noRuleSetCompatibility>true</noRuleSetCompatibility>
.
04-December-2015 - 5.4.1
Feature Request and Improvements:
- CPD: New command line parameter
--ignore-usings
: Ignore using directives in C# when comparing text.
Modified Rules:
- java-comments/CommentRequired: New property
serialVersionUIDCommentRequired
which controls the comment requirements for serialVersionUID fields. By default, no comment is required for this field.
Pull Requests:
- #25: Added option to exclude C# using directives from CPD analysis
- #72: Added capability in Java and JSP parser for tracking tokens.
- #74: Fix rendering CommentDefaultAccessModifier description as code
- #75: RuleSetFactory Performance Enhancement
Bugfixes:
- java-comments/CommentDefaultAccessModifier
- #1430: CommentDefaultAccessModifier triggers on field annotated with @VisibleForTesting
- java-comments/CommentRequired
- #1434: CommentRequired raises violation on serialVersionUID field
- java-design/UseNotifyAllInsteadOfNotify
- #1438: UseNotifyAllInsteadOfNotify gives false positive
- java-finalizers/AvoidCallingFinalize
- #1440: NPE in AvoidCallingFinalize
- java-imports/UnnecessaryFullyQualifiedName
- #1436: UnnecessaryFullyQualifiedName false positive on clashing static imports with enums
- java-junit/JUnitAssertionsShouldIncludeMessage
- #1373: JUnitAssertionsShouldIncludeMessage is no longer compatible with TestNG
- java-migrating/JUnit4TestShouldUseBeforeAnnotation
- #1446: False positive with JUnit4TestShouldUseBeforeAnnotation when TestNG is used
- java-naming/SuspiciousEqualsMethodName
- #1431: SuspiciousEqualsMethodName false positive
- java-optimizations/RedundantFieldInitializer
- #1443: RedundantFieldInitializer: False positive for small floats
- java-unnecessary/UselessQualifiedThis
- #1422: UselessQualifiedThis: False positive with Java 8 Function
- java-unusedcode/UnusedPrivateField
- #1428: False positive in UnusedPrivateField when local variable hides member variable
- General
04-October-2015 - 5.4.0
Summary:
- 9 new rules
- 4 features requests
- 18 pull requests
Feature Request and Improvements:
- #1344: AbstractNaming should check reverse
- #1361: ShortVariable and ShortMethodName configuration
- #1414: Command line parameter to disable “failOnViolation” behavior
PMD and CPD Command Line Interfaces have a new optional parameter:
failOnViolation
. Executing PMD with the option-failOnViolation false
will perform the PMD checks but won’t fail the build and still exit with status 0. This is useful if you only want to generate the report with violations but don’t want to fail your build. - #1420: UnusedPrivateField: Ignore fields if using lombok
New Rules:
-
Java:
-
Basic: SimplifiedTernary (rulesets/java/basic.xml/SimplifiedTernary)
Ternary operator with a boolean literal can be simplified with a boolean expression. -
Clone: CloneMethodMustBePublic (rulesets/java/clone.xml/CloneMethodMustBePublic)
The java manual says “By convention, classes that implement theCloneable
interface should overrideObject.clone
(which is protected) with a public method.” -
Clone: CloneMethodReturnTypeMustMatchClassName (rulesets/java/clone.xml/CloneMethodReturnTypeMustMatchClassName)
If a class implementsCloneable
the return type of the methodclone()
must be the class name. -
Comments: CommentDefaultAccessModifier (rulesets/java/comments.xml/CommentDefaultAccessModifier)
In order to avoid mistakes with forgotten access modifiers for methods, this rule ensures, that you explicitly mark the usage of the default access modifier by placing a comment. -
Design: SingletonClassReturningNewInstance (rulesets/java/design.xml/SingletonClassReturningNewInstance)
Verifies that the method calledgetInstance
returns a cached instance and not always a fresh, new instance. -
Design: SingleMethodRule (rulesets/java/design.xml/SingleMethodSingletonRule)
Verifies that there is only one method calledgetInstance
. If there are more methods that return the singleton, then it can easily happen, that these are not the same instances - and thus no singleton. -
Unnecessary: UselessQualifiedThis (rulesets/java/unnecessary.xml/UselessQualifiedThis)
Flags unnecessary qualified usages of this, whenthis
alone would be unique. E.g. use justthis
instead ofFoo.this
.
-
-
Maven POM: (The rules can be found in the pmd-xml module)
-
Basic: ProjectVersionAsDependencyVersion (rulesets/pom/basic.xml/ProjectVersionAsDependencyVersion)
Checks the usage of${project.version}
in Maven POM files. -
Basic: InvalidDependencyTypes (rulesets/pom/basic.xml/InvalidDependencyTypes)
Verifies that only the default types (jar, war, …) for dependencies are used.
-
Ruleset snippet to activate the new rules:
<rule ref="rulesets/java/basic.xml/SimplifiedTernary"/>
<rule ref="rulesets/java/clone.xml/CloneMethodReturnTypeMustMatchClassName"/>
<rule ref="rulesets/java/clone.xml/CloneMethodMustBePublic"/>
<rule ref="rulesets/java/comments.xml/CommentDefaultAccessModifier"/>
<rule ref="rulesets/java/design.xml/SingleMethodSingleton"/>
<rule ref="rulesets/java/design.xml/SingletonClassReturningNewInstance"/>
<rule ref="rulesets/java/unnecessary.xml/UselessQualifiedThis"/>
<rule ref="rulesets/pom/basic.xml/ProjectVersionAsDependencyVersion"/>
<rule ref="rulesets/pom/basic.xml/InvalidDependencyTypes"/>
Modified Rules:
-
Java
-
Basic: CheckResultSet (rulesets/java/basic.xml/CheckResultSet)
Do not require to check the result of a navigation method, if it is returned. -
JUnit: UseAssertTrueInsteadOfAssertEquals (rulesets/java/junit.xml/UseAssertTrueInsteadOfAssertEquals)
This rule also flags assertEquals, that use Boolean.TRUE/FALSE constants. -
Naming: AbstractNaming (rulesets/java/naming.xml/AbstractNaming)
By default, this rule flags now classes, that are named “Abstract” but are not abstract. This behavior can be disabled by setting the new propertystrict
to false. -
Naming: ShortMethodName (rulesets/java/naming.xml/ShortMethodName)
Additional propertyminimum
to configure the minimum required length of a method name. -
Naming: ShortVariable (rulesets/java/naming.xml/ShortVariable)
Additional propertyminimum
to configure the minimum required length of a variable name. -
UnusedCode: UnusedPrivateField (rulesets/java/unusedcode.xml/UnusedPrivateField)
This rule won’t trigger anymore if Lombok is in use. See #1420.
-
Renamed Rules:
- Java
Removed Rules:
- Java
-
Basic: The following rules of ruleset “Basic” were marked as deprecated and are removed with this release now:
EmptyCatchBlock, EmptyIfStatement, EmptyWhileStmt, EmptyTryBlock, EmptyFinallyBlock, EmptySwitchStatements, EmptySynchronizedBlock, EmptyStatementNotInLoop, EmptyInitializer, EmptyStatementBlock, EmptyStaticInitializer
UnnecessaryConversionTemporary, UnnecessaryReturn, UnnecessaryFinalModifier, UselessOverridingMethod, UselessOperationOnImmutable, UnusedNullCheckInEquals, UselessParentheses
These rules are still available in the rulesets “Empty” (rulesets/java/empty.xml) and “Unnecessary” (rulesets/java/unnecessary.xml) respectively. -
Design: The rule “UncommentedEmptyMethod” has been renamed last release to “UncommentedEmptyMethodBody”. The old rule name reference has been removed with this release now.
-
Controversial: The rule “BooleanInversion” has been deprecated last release and has been removed with this release completely.
-
Pull Requests:
- #21: Added PMD Rules for Singleton pattern violations.
- #23: Extended Objective-C grammar to accept Unicode characters in identifiers
- #54: Add a new rulesets for Maven’s POM rules
- #55: Fix run.sh for paths with spaces
- #56: Adding support for WSDL rules
- #57: Add default access modifier as comment rule
- #58: Add rule for unnecessary literal boolean in ternary operators
- #59: Add check to Boxed booleans in UseAssertTrueInsteadOfAssertEquals rule
- #60: Add UselessQualifiedThisRule
- #61: Add CloneMethodReturnTypeMustMatchClassName rule
- #62: Add CloneMethodMustBePublic rule
- #63: Change CheckResultSet to allow for the result of the navigation methods to be returned
- #65: Fix ClassCastException in UselessOverridingMethodRule.
- #66: #1370 ConsecutiveAppendsShouldReuse not detected properly on StringBuffer
- #67: Use Path instead of string to check file exclusions to fix windows-only bug
- #68: #1370 ConsecutiveAppendsShouldReuse not detected properly on StringBuffer
- #69: #1371 InsufficientStringBufferDeclaration not detected properly on StringBuffer
- #70: Fix code example
Bugfixes:
- java-unusedcode/UnusedPrivateMethod:
- #1412: UnusedPrivateMethod false positive: Issue #1403 not completely solved
API Changes:
-
pmd requires now JDK 1.7 or above.
-
pmd-core:
net.sourceforge.pmd.lang.symboltable.Scope
:The method
addNameOccurrence
returns now a Set of NameDeclarations to which the given occurrence has been added. This is useful in case there are ambiguous declarations of methods. -
pmd-core:
net.sourceforge.pmd.lang.symboltable.AbstractScope
:The method
findVariableHere
returns now a Set of NameDeclarations which match the given occurrence. This is useful in case there are ambiguous declarations of methods.
04-November-2016 - 5.3.8
Summary
- 1 feature requests
- 6 pull requests
- 17 bug fixes
Feature Requests and Improvements:
- #1360: [core] [java] Provide backwards compatibility for PMD configuration file
Pull Requests:
- #35: [javascript] Javascript tokenizer now ignores comment tokens.
- #103: [java] Fix for 1501: CyclomaticComplexity rule causes OOM when class reporting is disabled
- #111: [java] Fix BooleanInstantiationRule for Java 8
- #112: [java] Fix ClassCastException on CloneMethodMustImplementCloneable
- #113: [java] Fix ClassCastException on SignatureDeclareThrowsException
- #119: [plsql] Fix PMD issue 1531- endless loop followed by OOM while parsing (PL)SQL
Bugfixes:
- java
- #1501: [java] [apex] CyclomaticComplexity rule causes OOM when class reporting is disabled
- java-basic/BooleanInstantiation
- #1533: [java] BooleanInstantiation: ClassCastException with Annotation
- java-comments
- #1522: [java] CommentRequired: false positive
- java-design/CloseResource
- #1479: [java] CloseResource: false positive on Statement
- java-imports/UnusedImports
- #1529: [java] UnusedImports: The created rule violation has no class name
- java-typeresolution/CloneMethodMustImplementCloneable
- java-typeresolution/SignatureDeclareThrowsException
- #1535: [java] SignatureDeclareThrowsException: ClassCastException with Annotation
- java-unusedcode/UnusedLocalVariable
- #1484: [java] UnusedLocalVariable: false positive - parenthesis
- java-unusedcode/UnusedModifier
- #1480: [java] UnusedModifier: false positive on public modifier used with inner interface in enum
- plsql
- General
API Changes:
- New command line parameter for PMD:
-norulesetcompatibility
- this disables the ruleset factory compatibility filter and fails, if e.g. an old rule name is used in the ruleset. See also #1360. This option is also available for the ant task:<noRuleSetCompatibility>true</noRuleSetCompatibility>
. - CPD: If no problems found, an empty report will be output instead of nothing. See also #1481
30-April-2016 - 5.3.7
New Supported Languages:
- CPD supports now Swift (see PR#33).
Feature Request and Improvements:
- A JSON-renderer for PMD which is compatible with CodeClimate. See PR#83.
Modified Rules:
- java-design/UseVargs: public static void main method is ignored now and so are methods, that are annotated with Override. See PR#79.
Pull Requests:
- #27: Added support for Raw String Literals (C++11).
- #29: Added support for files with UTF-8 BOM to JSP tokenizer.
- #30: Removed file filter for files that are explicitly specified on the CPD command line using the ‘–files’ command line option.
- #31: Added file encoding detection to CPD.
- #32: Extended Objective-C grammar to accept UTF-8 escapes (\uXXXX) in string literals.
- #33: Added support for Swift to CPD.
- #79: do not flag public static void main(String[]) as UseVarargs; ignore @Override for UseVarargs
- #80: Update mvn-plugin.md
- #83: Adds new Code Climate-compliant JSON renderer
- #85: #1340 UseStringBufferForStringAppends False Positive with Ternary Operator
Bugfixes:
- java-basic/DoubleCheckedLocking:
- #1471: False positives for DoubleCheckedLocking
- java-codesize/TooManyMethods:
- #1457: TooManyMethods counts inner class methods
- java-controversial/AvoidUsingShortType:
- #1449: false positive when casting a variable to short
- java-design/AccessorClassGeneration:
- #1452: ArrayIndexOutOfBoundsException with Annotations for AccessorClassGenerationRule
- java-design/UseUtilityClass:
- #1467: UseUtilityClass can’t correctly check functions with multiple annotations
- java-imports/UnusedImports:
- #1465: False Positve UnusedImports with javadoc @link
- java-junit/TestClassWithoutTestCases:
- #1453: Test Class Without Test Cases gives false positive
- java-optimizations/UseStringBufferForStringAppends:
- #1340: UseStringBufferForStringAppends False Positive with ternary operator
- java-sunsecure/ArrayIsStoredDirectly:
- java-unnecessary/UnnecessaryFinalModifier:
- #1464: UnnecessaryFinalModifier false positive on a @SafeVarargs method
- java-unusedcode/UnusedFormalParameter:
- #1456: UnusedFormalParameter should ignore overriding methods
- General
CLI Changes:
- CPD: If a complete filename is specified, the language dependent filename filter is not applied. This allows to scan files, that are not using the standard file extension. If a directory is specified, the filename filter is still applied and only those files with the correct file extension of the language are scanned.
04-December-2015 - 5.3.6
Feature Request and Improvements:
- CPD: New command line parameter
--ignore-usings
: Ignore using directives in C# when comparing text.
Modified Rules:
- java-comments/CommentRequired: New property
serialVersionUIDCommentRequired
which controls the comment requirements for serialVersionUID fields. By default, no comment is required for this field.
Pull Requests:
- #25: Added option to exclude C# using directives from CPD analysis
- Note: This also contains the fix from #23
- #72: Added capability in Java and JSP parser for tracking tokens.
- #75: RuleSetFactory Performance Enhancement
Bugfixes:
- java-comments/CommentRequired
- #1434: CommentRequired raises violation on serialVersionUID field
- java-design/UseNotifyAllInsteadOfNotify
- #1438: UseNotifyAllInsteadOfNotify gives false positive
- java-finalizers/AvoidCallingFinalize
- #1440: NPE in AvoidCallingFinalize
- java-imports/UnnecessaryFullyQualifiedName
- #1436: UnnecessaryFullyQualifiedName false positive on clashing static imports with enums
- java-junit/JUnitAssertionsShouldIncludeMessage
- #1373: JUnitAssertionsShouldIncludeMessage is no longer compatible with TestNG
- java-migrating/JUnit4TestShouldUseBeforeAnnotation
- #1446: False positive with JUnit4TestShouldUseBeforeAnnotation when TestNG is used
- java-naming/SuspiciousEqualsMethodName
- #1431: SuspiciousEqualsMethodName false positive
- java-optimizations/RedundantFieldInitializer
- #1443: RedundantFieldInitializer: False positive for small floats
- java-unusedcode/UnusedPrivateField
- #1428: False positive in UnusedPrivateField when local variable hides member variable
- General
04-October-2015 - 5.3.5
Modified Rules:
- java-design/CloseResource: New Property closeAsDefaultTarget which is true by default to stay
backwards compatible. If this property is true, the rule will make sure, that
close
itself is always considered as a closeTarget - no matter whether it is configured with the closeTargets property or not.
Pull Requests:
- #71: #1410 Improve description of DefaultPackage rule
Bugfixes:
- java-controversial/DefaultPackage:
- #1410: DefaultPackage triggers on field annotated with @VisibleForTesting
- java-design/CloseResource:
- #1387: CloseResource has false positive for ResultSet
- java-optimizations/RedundantFieldInitializer
- #1418: RedundantFieldInitializer false positive with large long value
- java-strings/InsufficientStringBufferDeclaration:
- java-unnecessary/UselessParentheses:
- #1407: UselessParentheses “&” and “+” operator precedence
18-September-2015 - 5.3.4
Bugfixes:
- #1370: ConsecutiveAppendsShouldReuse not detected properly on StringBuffer
- #1371: InsufficientStringBufferDeclaration not detected properly on StringBuffer
- #1380: InsufficientStringBufferDeclaration false positive when literal string passed to a lookup service
- #1384: NullPointerException in ConsecutiveLiteralAppendsRule
- #1388: ConstructorCallsOverridableMethodRule doesn’t work with params?
- #1392: SimplifyStartsWith false-negative
- #1393: PMD hanging during DataflowAnomalyAnalysis
- #1394: dogfood.xml - Unable to exclude rules [UncommentedEmptyMethod]
- #1395: UnusedPrivateMethod false positive for array element method call
- #1396: PrematureDeclaration lambda false positive
- #1397: StringToString should ignore method references
- #1398: False positive for GuardLogStatementJavaUtil with Log4j
- #1399: False positive for VariableNamingConventions with annotation @interface
- #1400: False positive with JUnit4TestShouldUseBeforeAnnotation
- #1401: False positive for StringBuilder.append called with constructor
- #1402: Windows-Only: File exclusions are not case insensitive
- #1403: False positive UnusedPrivateMethod with JAVA8
- #1404: Java8 ‘Unnecessary use of fully qualified name’ in Streams Collector
- #1405: UnusedPrivateMethod false positive?
25-July-2015 - 5.3.3
Pull Requests:
- #55: Fix run.sh for paths with spaces
Bugfixes:
- #1364: FieldDeclarationsShouldBeAtStartOfClass false positive using multiple annotations
- #1365: Aggregated javadoc report is missing
- #1366: UselessParentheses false positive on multiple equality operators
- #1369: ConsecutiveLiteralAppends not detected properly on StringBuffer
- #1372: False Negative for CloseResource rule.
- #1375: CloseResource not detected properly
- #1376: CompareObjectsWithEquals fails for type annotated method parameter
- #1379: PMD CLI: Cannot specify multiple properties
- #1381: CPD Cannot use CSV/VS Renderers because they don’t support encoding property
22-May-2015 - 5.3.2
Bugfixes:
- #1330: AvoidReassigningParameters does not work with varargs
- #1335: GuardLogStatementJavaUtil should not apply to SLF4J Logger
- #1342: UseConcurrentHashMap false positive (with documentation example)
- #1343: MethodNamingConventions for overrided methods
- #1345: UseCollectionIsEmpty throws NullPointerException
- #1353: False positive “Only One Return” with lambda
- #1354: Complex FieldDeclarationsShouldBeAtStartOfClass false positive with Spring annotations
- #1355: NullPointerException in a java file having a single comment line
20-April-2015 - 5.3.1
New/Modified/Deprecated Rules:
- Language Java, ruleset design.xml: The rule “UseSingleton” has been renamed to “UseUtilityClass”. See also bugs #1059 and #1339.
Pull Requests:
- #53: Fix some NullPointerExceptions
Bugfixes:
- #1332: False Positive: UnusedPrivateMethod
- #1333: Error while processing Java file with Lambda expressions
- #1337: False positive “Avoid throwing raw exception types” when exception is not thrown
- #1338: The pmd-java8 POM bears the wrong parent module version
April 1, 2015 - 5.3.0
New Supported Languages:
- Matlab (CPD)
- Objective-C (CPD)
- Python (CPD)
- Scala (CPD)
Feature Requests and Improvements:
- XML: Line numbers for XML documents are more accurate. This is a further improvement of #1054.
- CPD: New output format ‘csv_with_linecount_per_file’
- #1320: Enhance SimplifyBooleanReturns checks
- PMD exits with status
4
if any violations have been found. This behavior has been introduced to ease PMD integration into scripts or hooks, such as SVN hooks.
New/Modified/Deprecated Rules:
The following rules have been enhanced :
- Language Java, ruleset design.xml: The rule “SimplifyBooleanReturns” now also marks methods where the else case is omitted and just a return. See also feature #1320.
The following rules are marked as deprecated and will be removed with the next release of PMD.
-
Language Java, ruleset basic.xml: The following rules have been moved into the
empty.xml
ruleset. You’ll need to enable the “empty” ruleset explicitly from now on, if you want to have these rules executed:EmptyCatchBlock, EmptyIfStatement, EmptyWhileStmt, EmptyTryBlock, EmptyFinallyBlock, EmptySwitchStatements, EmptySynchronizedBlock, EmptyStatementNotInLoop, EmptyInitializer, EmptyStatementBlock, EmptyStaticInitializer.
-
Language Java, ruleset basic.xml: The following rules have been moved into the
unnecessary.xml
ruleset. You’ll need to enable the “unnecessary” ruleset explicitly from now on, if you want to have these rules executed:UnnecessaryConversionTemporary, UnnecessaryReturn, UnnecessaryFinalModifier, UselessOverridingMethod, UselessOperationOnImmutable, UnusedNullCheckInEquals, UselessParentheses.
-
Language Java, ruleset design.xml: The rule “UncommentedEmptyMethod” has been renamed to “UncommentedEmptyMethodBody”. See also bug #1283.
-
Language Java, ruleset controversial.xml: The rule “BooleanInversion” is deprecated and will be removed with the next release. See #1277 for more details.
Pull Requests:
- #11: Added support for Python to CPD.
- #12: Added support for Matlab to CPD.
- #13: Added support for Objective-C to CPD.
- #14: Added support for Scala to CPD.
- #15: (pmd-cs) Fixed incorrect line numbers after mutiline comments and verbatim strings.
- #16: Fixed several C++ lexical / tokenize errors.
- #17: Fixed ‘–files’ command line option of CPD, so it also works for files and not only for directories.
- #18: Created extra CSV output format
csv_with_linecount_per_file
which outputs the correct line count per file. - #19: Fixed exit status of PMD when error occurs
- #48: Handle NoClassDefFoundError along ClassNotFoundException
- #49: Fix some false positives in UnusedPrivateField
- #50: Add missing assertions in JUnitAssertionsShouldIncludeMessage test
- #51: [JUnit] Check assertion message present in assertEquals with delta
- #52: Improves JDK8 support for default methods and static methods in interfaces
Bugfixes:
- #914: False +ve from UnusedImports with wildcard static imports
- #1197: JUnit4TestShouldUseTestAnnotation for private method
- #1277: Delete BooleanInversion as it makes no sense
- #1283: Rename UncommentedEmptyMethod to UncommentedEmptyMethodBody
- #1296: PMD UnusedPrivateMethod invalid detection of ‘private void method(int,boolean,Integer…)’
- #1298: Member variable int type with value 0xff000000 causes processing error
- #1299: MethodReturnsInternalArray false positive
- #1302: False Positive: UnusedPrivateField when accessed by inner class
- #1303: OverrideBothEqualsAndHashcodeRule does not work on class implements resolvable interfaces
- #1304: UseCollectionIsEmpty false positive comparing to 1
- #1305: variable declaration inside switch causes ClassCastException
- #1306: False positive on duplicate when using static imports
- #1307: False positive: SingularField and lambda-expression
- #1308: PMD runs endlessly on some generated files
- #1312: Rule reference must not override rule name of referenced rule
- #1313: Missing assertion message in assertEquals with delta not detected
- #1316: Multi Rule Properties with delimiter not possible
- #1317: RuntimeException when parsing class with multiple lambdas
- #1319: PMD stops with NoClassDefFoundError (typeresolution)
- #1321: CPD format XML fails with NullPointer
- #1322: MethodReturnsInternalArray on private methods
- #1323: False positive case of UseAssertTrueInsteadOfAssertEquals
- #1324: MethodReturnsInternalArray false positive with clone()
- #1325: Inner class declared within a method fails to parse (ClassCastException)
- #1326: PMD 5.3.0-SNAPSHOT doesn’t compile under Windows
API Changes:
-
net.sourceforge.pmd.cpd.Match.iterator()
now returns an iterator of the new typenet.sourceforge.pmd.cpd.Mark
instead of TokenEntry. AMark
contains all the informations about each single duplication, including the TokenEntry viaMark.getToken()
. This Mark is useful for reporting the correct line count for each duplication. Previously only one line count was available. As for some languages CPD can be instructed to ignore comments, the line count could be different in the different files for the same duplication. -
pmd-test: The utility class
StreamUtil
is deprecated. Just use Apache Commons IO Utils instead.
December 21, 2014 - 5.2.3:
Feature Requests and Improvements:
- #1288: MethodNamingConventions for native should be deactivated
- #1293: Disable VariableNamingConventions for native methods
Modified Rules:
- Java / Design / UseVarargs: if
byte[]
is used as the last argument, it is ignored and no violation will be reported. - Java / Naming / MethodNamingConventions: New property
checkNativeMethods
- Java / Naming / VariableNamingConventions: New property
checkNativeMethodParameters
Pull requests:
- #45: #1290 RuleSetReferenceId does not process HTTP(S) correctly.
- #46: Allow byte[] as no-vargars last argument
- #47: Allow byte[] data and byte data[] as no-varargs last argument
Bugfixes:
- #1252: net.sourceforge.pmd.lang.ast.TokenMgrError: Lexical error in file xxx.cpp
- #1289: CommentRequired not ignored if javadoc {@inheritDoc} anon inner classes
- #1290: RuleSetReferenceId does not process HTTP(S) correctly.
- #1294: False positive UnusedPrivateMethod with public inner enum from another class
December 3, 2014 - 5.2.2:
New Parameters for CPD:
For the language cpp, the following new parameters are supported:
--no-skip-blocks
: Disables skipping of code blocks like a pre-processor. This is by default enabled.--skip-blocks-pattern
: Pattern to find the blocks to skip. Start and End pattern separated by “|
”. Default value is “#if 0|#endif
”.
Bugfixes:
- #1090: cpp parser exception with inline asm
- #1128: CompareObjectsWithEquals False Positive comparing boolean (primitive) values
- #1254: CPD run that worked in 5.1.2 fails in 5.1.3 with OOM
- #1276: False positive in UnusedPrivateMethod with inner enum
- #1280: False Positive in UnusedImports when import used in javadoc
- #1281: UnusedPrivateMethod incorrectly flagged for methods nested private classes
- #1282: False Positive with implicit String.valuesOf() (Java)
- #1285: Prevent to modify the System environment
- #1286: UnusedPrivateMethod returns false positives for varags and enums
November 3, 2014 - 5.2.1:
Bugfixes:
- #550: False +: MissingBreakInSwitch
- #1252: net.sourceforge.pmd.lang.ast.TokenMgrError: Lexical error in file xxx.cpp
- #1253: Document default behaviour when CPD command line arguments “encoding” and “ignoreAnnotations” are not specified
- #1255: UseUtilityClass false positive with Exceptions
- #1256: PositionLiteralsFirstInComparisons false positive with Characters
- #1258: Java 8 Lambda parse error on direct field access
- #1259: CloseResource rule ignores conditionnals within finally blocks
- #1261: False positive “Avoid unused private methods” with Generics
- #1262: False positive for MissingBreakInSwitch
- #1263: PMD reports CheckResultSet violation in completely unrelated source files.
- #1272: varargs in methods are causing IndexOutOfBoundException when trying to process files
- #1273: CheckResultSet false positive in try-with-resources nested in if
- #1274: ant integration broken with pmd-5.2.0
- #1275: False positive: UnusedModifier rule for static inner class in enum
October 17, 2014 - 5.2.0:
Modularization of the source code:
The source code of pmd was undergoing a major restructuring. Each language is separated out into its own module. This reduces the size of the artifacts significantly, if only one language is needed. It also makes it easier, to add new languages as extensions.
Therefore, the maven coordinates needed to change. In order to just use pmd with java support, you’ll need the following two dependencies:
<dependency>
<groupId>net.sourceforge.pmd</groupId>
<artifactId>pmd-core</artifactId>
<version>5.2.0</version>
</dependency>
<dependency>
<groupId>net.sourceforge.pmd</groupId>
<artifactId>pmd-java</artifactId>
<version>5.2.0</version>
</dependency>
The binary package still contains all languages and can be used as usual. Have a look at the central repository for available modules.
New Languages
- CPD supports now Go.
Pull requests:
New/Modified Rules:
- JSP - Basic ruleset:
- NoUnsanitizedJSPExpression: Using unsanitized JSP expression can lead to Cross Site Scripting (XSS) attacks
August 31, 2014 - 5.1.3:
Bugfixes:
- #1156: False failure with “Avoid unused private methods”
- #1187: double variable with AvoidDecimalLiteralsInBigDecimalConstructor
- #1228: UnusedPrivateMethod returns false positives
- #1230: UseCollectionIsEmpty gets false positives
- #1231: No Error Message on Missing Rule
- #1233: UnusedPrivateMethod: False positive : method called on returned object.
- #1234: Unused private methods still giving false positives in 5.1.3 snapshot
- #1235: scope dependencies in POM file
- #1239: StackOverflowError in AbstractTokenizer.parseString running CPD on >1MB JS file
- #1241: False+ AvoidProtectedMethodInFinalClassNotExtending
- #1243: Useless Parentheses False Positive
- #1245: False Positive for Law of Demeter
- #1246: False positive from MissingBreakInSwitch
- #1247: Not able to recognize JDK 8 Static Method References
- #1249: Regression: UnusedPrivateMethod from 5.0.5 to 5.1.2
- #1250: Method attribute missing for some violations
- #1251: UnusedPrivateMethod false positives for boxing & unboxing arguments
Feature Requests and Improvements:
- #1232: Make ShortClassName configurable
- #1244: FieldDeclarationsShouldBeAtStartOfClass and anonymous classes
New/Modified Rules:
- FieldDeclarationsShouldBeAtStartOfClass (ruleset java-design) has a new property called
ignoreAnonymousClassDeclarations
: Ignore Field Declarations, that are initialized with anonymous class declarations. This property is enabled by default. See feature #1244. - ShortClassName (ruleset java-naming) has a new property called
minimum
: Number of characters that are required as a minimum for a class name. By default, 5 characters are required - if the class name is shorter, a violation will be reported. See feature #1232.
July 20, 2014 - 5.1.2:
Bugfixes:
- Fixed bug #1181: unused import false positive if used as parameter in javadoc only.
- Fixed bug #1192: Ecmascript fails to parse this operator “ ^= “
- Fixed bug #1198: ConfusingTernary does not ignore else if blocks even when property is set
- Fixed bug #1200: setRuleSets method javadoc mistype commands instead commas
- Fixed bug #1201: Error “Can’t find resource null” when ruleset contains spaces after comma
- Fixed bug #1202: StackOverflowError in RuleSetReferenceId
- Fixed bug #1205: Parse error on lambda with if
- Fixed bug #1206: SummaryHTMLRenderer always shows suppressed warnings/violations
- Fixed bug #1208: yahtml’s outputDir property does not work
- Fixed bug #1209: XPath 2.0 following-sibling incorrectly includes context node
- Fixed bug #1211: PMD is failing with NPE for rule UseIndexOfChar while analyzing Jdk 8 Lambda expression
- Fixed bug #1214: UseCollectionIsEmpty misses some usage
- Fixed bug #1215: AvoidInstantiatingObjectsInLoops matches the right side of a list iteration loop
- Fixed bug #1216: AtLeastOneConstructor ignores classes with any methods
- Fixed bug #1218: TooFewBranchesForASwitchStatement misprioritized
- Fixed bug #1219: PrimarySuffix/@Image does not work in some cases in xpath 2.0
- Fixed bug #1223: UnusedPrivateMethod: Java 8 method reference causing false positives
- Fixed bug #1224: GuardDebugLogging broken in 5.1.1 - missing additive statement check in log statement
- Fixed bug #1226: False Positive: UnusedPrivateMethod overloading with varargs
- Fixed bug #1227: GuardLogStatementJavaUtil doesn’t catch log(Level.FINE, “msg” + “ msg”) calls
Feature Requests and Improvements:
Pull requests:
- #41: Update to use asm 5.0.2
- #42: Add SLF4j Logger type to MoreThanOneLogger rule
- #43: Standard and modified cyclomatic complexity
New Rules:
- Java - codesize ruleset:
- StdCyclomaticComplexity: Like CyclomaticComplexityRule, but not including boolean operators
- ModifiedCyclomaticComplexity: Like StdCyclomaticComplexity, but switch statement plus all cases count as 1
- Thanks to Alan Hohn
April 27, 2014 - 5.1.1:
Bugfixes:
- Fixed bug 1165: SimplifyConditional false positive
- Fixed bug 1166: PLSQL XPath Rules Fail for XPath 1.0
- Fixed bug 1167: Error while processing PLSQL file with BOM
- Fixed bug 1168: Designer errors when trying to copy xml to clipboard
- Fixed bug 1170: false positive with switch in loop
- Fixed bug 1171: Specifying minimum priority from command line gives NPE
- Fixed bug 1173: Java 8 support: method references
- Fixed bug 1175: false positive for StringBuilder.append called 2 consecutive times
- Fixed bug 1176: ShortVariable false positive with for-each loops
- Fixed bug 1177: Incorrect StringBuffer warning when that class is not used
- Fixed bug 1178: LexicalError while parsing Java code aborts CPD run
- Fixed bug 1180: False Positive for ConsecutiveAppendsShouldReuse on different variable names
- Fixed bug 1185: UnusedModifier throws NPE when parsing enum with a nested static interface
- Fixed bug 1188: False positive in UnusedPrivateField
- Fixed bug 1191: Ecmascript fails to parse “void(0)”
- Document that PMD requires Java 1.6, see discussion.
CPD Changes:
- Command Line
- Added option “–skip-lexical-errors” to skip files, which can’t be tokenized due to invalid characters instead of aborting CPD. See also bug 1178.
- Ant
- New optional parameter “skipDuplicateFiles”: Ignore multiple copies of files of the same name and length in comparison; defaults to “false”. This was already a command line option, but now also available in in CPD’s ant task.
- New optional parameter “skipLexicalErros”: Skip files which can’t be tokenized due to invalid characters instead of aborting CPD; defaults to “false”.
February 11, 2014 - 5.1.0:
New/Updated Languages:
- Java 1.8 support added.
- PLSQL support added; thanks to Stuart Turton. See also http://pldoc.sourceforge.net/
- Apache Velocity support added; thanks to Andrey Utis. See also http://velocity.apache.org
New/Updated Rulesets and Rules:
- EcmaScript
- Controversial ruleset, featuring AvoidWithStatement
- UseBaseWithParseInt
- Java
- GuardLogStatement
- replace xpath implementation of GuardDebugLogging by GuardLogStatement (better perf)
- CommentRequired
- basic rule to check for existence for formal (javadoc) comments.
- AvoidProtectedMethodInFinalClassNotExtending
- rule to avoid protected methods in final classes that don’t extend anything other than Object.
- ConsecutiveAppendsShouldReuse
- rule to encourage to reuse StringBuilder.append returned object for consecutive calls.
- PositionLiteralsFirstInCaseInsensitiveComparisons
- rule similar to PositionLiteralsFirstInComparisons, but for case insensitive comparisons (equalsIgnoreCase). Thanks to Larry Diamond
- ConfusingTernary
- new property “ignoreElseIf” to suppress this rule in case of if-else-if-else usage. See feature 1161: Confusing Ternary should skip else if statements (or have a property to do so)
- FieldDeclarationsShouldBeAtStartOfClass
- new property “ignoreEnumDeclarations” which is enabled by default. This relaxes the rule, so that enums can be declared before fields and the rule is not triggered.
- GuardLogStatement
Bugfixes:
http://sourceforge.net/p/pmd/bugs/milestone/PMD-5.1.0/
- Fixed bug 881: private final without setter is flagged
- Fixed bug 1059: Change rule name “Use Singleton” should be “Use Utility class”
- Fixed bug 1106: PMD 5.0.4 fails with NPE on parsing java enum with inner class instance creation
- Fixed bug 1045: //NOPMD not working (or not implemented) with ECMAscript
- Fixed bug 1054: XML Rules ever report a line -1 and not the line/column where the error occurs
- Fixed bug 1115: commentRequiredRule in pmd 5.1 is not working properly
- Fixed bug 1120: equalsnull false positive
- Fixed bug 1121: NullPointerException when invoking XPathCLI
- Fixed bug 1123: failure in help examples
- Fixed bug 1124: PMD.run() multithreading issue
- Fixed bug 1125: Missing Static Method In Non Instantiatable Class
- Fixed bug 1126: False positive with FieldDeclarationsShouldBeAtStartOfClass for static enums
- Fixed bug 1130: CloseResource doesn’t recognize custom close method
- Fixed bug 1131: CloseResource should complain if code between declaration of resource and try
- Fixed bug 1134: UseStringBufferLength: false positives
- Fixed bug 1135: CheckResultSet ignores results set declared outside of try/catch
- Fixed bug 1136: ECMAScript: NullPointerException in getLeft() and getRight()
- Fixed bug 1140: public EcmascriptNode getBody(int index)
- Fixed bug 1141: ECMAScript: getFinallyBlock() is buggy.
- Fixed bug 1142: ECMAScript: getCatchClause() is buggy.
- Fixed bug 1144: CPD encoding argument has no effect
- Fixed bug 1146: UseArrayListInsteadOfVector false positive when using own Vector class
- Fixed bug 1147: EmptyMethodInAbstractClassShouldBeAbstract false positives
- Fixed bug 1150: “EmptyExpression” for valid statements!
- Fixed bug 1154: Call super onPause when there is no super
- Fixed bug 1155: maven pmd plugin does not like empty rule sets
- Fixed bug 1159: false positive UnusedFormalParameter readObject(ObjectInputStream) if not used
- Fixed bug 1164: Violations are not suppressed with @java.lang.SuppressWarnings(“all”)
CPD Changes:
- Command Line
- Added non-recursive option “–non-recursive” to not scan sub-directories
- Added option “–exclude” to exclude specific files from being scanned (thanks to Delmas for patch #272)
- CPD is now thread-safe, so that multiple instances of CPD can run concurrently without stepping on each other (eg: multi-module Maven projects.). Thanks to David Golpira.
Miscellaneous:
- Upgrade to javacc 5.0 (see patch #1109 Patch to build with Javacc 5.0)
- DBURI as DataSource possible - directly scan plsql code stored within the database
API Changes
- Deprecated APIs:
- net.sourceforge.pmd.lang.ecmascript.ast.ASTFunctionNode: getBody(int index) deprecated, use getBody() instead
- net.sourceforge.pmd.lang.ecmascript.ast.ASTTryStatement: isCatch() and isFinally() deprecated, use hasCatch() and hasBody() instead
- Generalize Symbol Table treatement
- Added net.sourceforge.pmd.lang.symboltable.ScopedNode
- Added net.sourceforge.pmd.lang.symboltable.Scope
- Added net.sourceforge.pmd.lang.symboltable.NameDeclaration
- Added net.sourceforge.pmd.lang.symboltable.NameOccurrence
- Added net.sourceforge.pmd.lang.symboltable.AbstractScope
- Added net.sourceforge.pmd.lang.symboltable.AbstractNameDeclaration
August 11, 2013 - 5.0.5:
Fixed bug 991: AvoidSynchronizedAtMethodLevel for static methods
Fixed bug 1084: NPE at UselessStringValueOfRule.java:36
Fixed bug 1091: file extension for fortran seems to be wrong in cpdgui tools
Fixed bug 1092: Wrong Attribute "excludemarker" in Ant Task Documentation
Fixed bug 1095: AvoidFinalLocalVariable false positive
Fixed bug 1099: UseArraysAsList false positives
Fixed bug 1102: False positive: shift operator parenthesis
Fixed bug 1104: IdempotentOperation false positive
Fixed bug 1107: PMD 5.0.4 couldn't parse call of parent outer java class method from inner class
Fixed bug 1069: Eclipse plugin does not accept project-local config
Fixed bug 1111: False positive: Useless parentheses
Fixed bug 1114: CPD - Tokenizer not initialized with requested properties
Fixed bug 1118: ClassCastException in pmd.lang.ecmascript.ast.ASTElementGet
May 1, 2013 - 5.0.4:
Fixed bug 254: False+ : UnusedImport with Javadoc @throws
Fixed bug 794: False positive on PreserveStackTrace with anonymous inner
Fixed bug 1063: False+: ArrayIsStoredDirectly
Fixed bug 1080: net.sourceforge.pmd.cpd.CPDTest test failing
Fixed bug 1081: Regression: CPD skipping all files when using relative paths
Fixed bug 1082: CPD performance issue on larger projects
Fixed bug 1085: NullPointerException by at net.sourceforge.pmd.lang.java.rule.design.GodClassRule.visit(GodClassRule.java:313)
Fixed bug 1086: Unsupported Element and Attribute in Ant Task Example
Fixed bug 1087: PreserveStackTrace (still) ignores initCause()
Fixed bug 1089: When changing priority in a custom ruleset, violations reported twice
April 5, 2013 - 5.0.3:
Fixed bug 938: False positive on LooseCoupling for overriding methods
Fixed bug 940: False positive on UnsynchronizedStaticDateFormatter
Fixed bug 942: CheckResultSet False Positive and Negative
Fixed bug 943: PreserveStackTrace false positive if a StringBuffer exists
Fixed bug 945: PMD generates RuleSets it cannot read.
Fixed bug 958: Intermittent NullPointerException while loading XPath node attributes
Fixed bug 968: Issues with JUnit4 @Test annotation with expected exception (Thanks to Yiannis Paschalidis)
Fixed bug 975: false positive in ClassCastExceptionWithToArray
Fixed bug 976: UselessStringValueOf wrong when appending character arrays
Fixed bug 977: MisplacedNullCheck makes false positives
Fixed bug 984: Cyclomatic complexity should treat constructors like methods
Fixed bug 985: Suppressed methods shouldn't affect avg CyclomaticComplexity
Fixed bug 992: Class java.beans.Statement triggered in CloseResource rule
Fixed bug 997: Rule NonThreadSafeSingleton gives analysis problem
Fixed bug 999: Law of Demeter: False positives and negatives
Fixed bug 1002: False +: FinalFieldCouldBeStatic on inner class
Fixed bug 1005: False + for ConstructorCallsOverridableMethod - overloaded methods
Fixed bug 1027: PMD Ant: java.lang.ClassCastException
Fixed bug 1032: ImmutableField Rule: Private field in inner class gives false positive
Fixed bug 1064: Exception running PrematureDeclaration
Fixed bug 1068: CPD fails on broken symbolic links
Fixed bug 1073: Hard coded violation messages CommentSize
Fixed bug 1074: rule priority doesn't work on group definitions
Fixed bug 1076: Report.treeIterator() does not return all violations
Fixed bug 1077: Missing JavaDocs for Xref-Test Files
Fixed bug 1078: Package statement introduces false positive UnnecessaryFullyQualifiedName violation
Merged pull request #14: fix Nullpointer Exception when using -l jsp
February 3, 2013 - 5.0.2:
Fixed bug 878: False positive: UnusedFormalParameter for abstract methods
Fixed bug 913: SignatureDeclareThrowsException is raised twice
Fixed bug 947: CloseResource rule fails if field is marked with annotation
Fixed bug 1004: targetjdk isn't attribute of PMD task
Fixed bug 1007: Parse Exception with annotation
Fixed bug 1011: CloseResource Rule ignores Constructors
Fixed bug 1012: False positive: Useless parentheses.
Fixed bug 1020: Parsing Error
Fixed bug 1026: PMD doesn't handle 'value =' in SuppressWarnings annotation
Fixed bug 1028: False-positive: Compare objects with equals for Enums
Fixed bug 1030: CPD Java.lang.IndexOutOfBoundsException: Index:
Fixed bug 1037: Facing a showstopper issue in PMD Report Class (report listeners)
Fixed bug 1039: pmd-nicerhtml.xsl is packaged in wrong location
Fixed bug 1043: node.getEndLine() always returns 0 (ECMAscript)
Fixed bug 1044: Unknown option: -excludemarker
Fixed bug 1046: ant task CPDTask doesn't accept ecmascript
Fixed bug 1047: False Positive in 'for' loops for LocalVariableCouldBeFinal in 5.0.1
Fixed bug 1048: CommentContent Rule, String Index out of range Exception
Fixed bug 1049: Errors in "How to write a rule"
Fixed bug 1055: Please add a colon in the ant output after line,column for Oracle JDeveloper IDE usage
Fixed bug 1056: "Error while processing" while running on xml file with DOCTYPE reference
Fixed bug 1060: GodClassRule >>> wrong method
November 28, 2012 - 5.0.1:
Fixed bug 820: False+ AvoidReassigningParameters
Fixed bug 1008: pmd-5.0.0: ImmutableField false positive on self-inc/dec
Fixed bug 1009: pmd-5.0.0: False + UselessParentheses
Fixed bug 1003: newline characters stripped from CPD data in PMD 5.0.0
Fixed bug 1001: InsufficientStringBufferDeclaration fails to parse hex
Fixed bug 522: InefficientStringBuffering bug false +
Fixed bug 953: String.InefficientStringBuffering false +
Fixed bug 981: Unable to parse
Fixed bug 1010: pmd: parsing of generic method call with super fails
Fixed bug 996: pmd-4.2.6: MissingBreakInSwitch fails to report violation
Fixed bug 993: Invalid NPath calculation in return statement. Thanks to Prabhjot Singh for the patch.
Fixed bug 1023: c/c++ \ as a continuation character not supported
Fixed bug 1033: False+ : SingularField
Fixed bug 1025: Regression of Crash in PMDTask due to multithreading (Eclipse and Java 1.5)
Fixed bug 1017: Type resolution very slow for big project. Thanks to Roman for the patch.
Fixed bug 1036: Documentation: default threshold values removed from v5.0
Fixed bug 1035: UseObjectForClearerAPI has misspelled message
Fixed bug 1031: false DontImportJavaLang
Fixed bug 1034: UseConcurrentHashMap flags calls to methods that return Map
Fixed bug 1006: Problem with implementation of getPackageNameImage method
Fixed bug 1014: AvoidLiteralsInIfCondition must NOT consider null
Fixed bug 1013: jnlp link for CPD is wrong
PMD Command Line Changes:
Improved command line interface (CLI) parsing using JCommander.
Note: this breaks compatibility, but should be easy to fix.
With "-d" you specify nowtThe source files / source directory to be scanned.
With "-f" you select the report format (like text, html, ...)
With "-R" you select the rulesets to be used.
Example: pmd -d c:\data\pmd\pmd\test-data\Unused1.java -f xml -R rulesets/java/unusedcode.xml
Improved JSP parser to be less strict with not valid XML documents (like HTML). Thanks to Victor Bucutea.
Fixed bgastviewer not working. Thanks to Victor Bucutea.
Improved CPD: Support in CPD for IgnoreAnnotations and SuppressWarnings("CPD-START"). Thanks to Matthew Short.
Fixed C# support for CPD - thanks to TIOBE Software.
New Ecmascript rules:
Basic ruleset: AvoidTrailingComma
May, 1, 2012 - 5.0.0:
Fixed bug 3515487: Inconsistent reference to ruleset file in documentation
Fixed bug 3470274: Using Label for lines in XMLRenderer
Fixed bug 3175710: NPE in InsufficientStringBufferDeclaration
CPD:
- Exit with status code 4 when CPD detects code duplication (Patch ID: 3497021)
January 31, 2012 - 5.0-alpha:
This version of PMD breaks API compatibility with prior versions of PMD, as well
as RuleSet XML compatibility. Also the maven coordinates (groupId) have been changed.
The decision to break compatibility, allows PMD
internals and code organization to be improved to better handle additional
languages. This opportunity was used to remove depreciated APIs, and beat up
any code which has thumbed its nose at the developers over the years. ;)
The following is relatively complete list of the major changes (this may not be
100% accurate, see actual source code when in doubt):
Fixed bug (no number) - Fixed UseStringBufferLengthRule only worked once per class
All StringBuffer-related rules now also catch StringBuilder-related issues in the same way
API Change - Unification of treatment of languages within PMD core:
Added - net.sourceforge.pmd.lang.Language (now an 'enum')
Added - net.sourceforge.pmd.lang.LanguageVersion
Added - net.sourceforge.pmd.lang.LanguageVersionDiscoverer
Added - net.sourceforge.pmd.lang.LanguageVersionHandler
Added - net.sourceforge.pmd.lang.rule.xpath.XPathHandler
Added - net.sourceforge.pmd.lang.ast.xpath.AbstractASTXPathHandler
Added - net.sourceforge.pmd.lang.xpath.Initializer
Added - net.sourceforge.pmd.lang.ast.AbstractTokenManager
Added - net.sourceforge.pmd.lang.ast.CharStream
Added - net.sourceforge.pmd.lang.ast.JavaCharStream
Added - net.sourceforge.pmd.lang.ast.SimpleCharStream
Added - net.sourceforge.pmd.lang.ast.TokenMgrError
Added - net.sourceforge.pmd.lang.rule.stat.StatisticalRule
Added - net.sourceforge.pmd.lang.rule.stat.StatisticalRuleHelper
Added - net.sourceforge.pmd.lang.java.rule.AbstractStatisticalJavaRule
Added - net.sourceforge.pmd.lang.rule.AbstractRuleViolationFactory
Added - net.sourceforge.pmd.lang.rule.RuleViolationFactory
Added - net.sourceforge.pmd.lang.java.rule.JavaRuleViolationFactory
Added - net.sourceforge.pmd.lang.jsp.rule.JspRuleViolationFactory
Renamed - net.sourceforge.pmd.AbstractRule to net.sourceforge.pmd.lang.rule.AbstractRule
Renamed - net.sourceforge.pmd.AbstractJavaRule to net.sourceforge.pmd.lang.java.rule.AbstractJavaRule
Renamed - net.sourceforge.pmd.AbstractRuleChainVisitor to net.sourceforge.pmd.lang.rule.AbstractRuleChainVisitor
Renamed - net.sourceforge.pmd.RuleChainVisitor to net.sourceforge.pmd.lang.rule.RuleChainVisitor
Renamed - net.sourceforge.pmd.SourceFileSelector to net.sourceforge.pmd.lang.rule.LanguageFilenameFilter
Renamed - net.sourceforge.pmd.rule.XPathRule to net.sourceforge.pmd.lang.rule.XPathRule
Renamed - net.sourceforge.pmd.jsp.rule.AbstractJspRule to net.sourceforge.pmd.lang.jsp.rule.AbstractJspRule
Renamed - net.sourceforge.pmd.ast.CompilationUnit to net.sourceforge.pmd.lang.ast.RootNode
Renamed - net.sourceforge.pmd.ast.JavaRuleChainVisitor to net.sourceforge.pmd.lang.java.rule.JavaRuleChainVisitor
Renamed - net.sourceforge.pmd.jsp.ast.JspRuleChainVisitor to net.sourceforge.pmd.lang.jsp.rule.JspRuleChainVisitor
Renamed - net.sourceforge.pmd.parser.Parser to net.sourceforge.pmd.lang.Parser
Renamed - net.sourceforge.pmd.parser.TokenManager to net.sourceforge.pmd.lang.TokenManager
Renamed - net.sourceforge.pmd.parser.* into net.sourceforge.pmd.lang.{Language}
Renamed - net.sourceforge.pmd.sourcetypehandlers.SourceTypeHandler to net.sourceforge.pmd.lang.LanguageVersionHandler
Renamed - net.sourceforge.pmd.sourcetypehandlers.VisitorStarter to net.sourceforge.pmd.lang.VisitorStarter
Renamed - net.sourceforge.pmd.sourcetypehandlers.* into net.sourceforge.pmd.lang.{Language}
Renamed - net.sourceforge.pmd.stat.StatisticalRule to net.sourceforge.pmd.lang.rule.StatisticalRuleHelper
Renamed - net.sourceforge.pmd.jaxen.TypeOfFunction to net.sourceforge.pmd.lang.java.xpath.TypeOfFunction
Renamed - net.sourceforge.pmd.jaxen.MatchesFunction to net.sourceforge.pmd.lang.xpath.MatchesFunction
Renamed - net.sourceforge.pmd.jaxen.Attribute to net.sourceforge.pmd.lang.rule.xpath.Attribute
Renamed - net.sourceforge.pmd.jaxen.AttributeAxisIterator to net.sourceforge.pmd.lang.ast.xpath.AttributeAxisIterator
Renamed - net.sourceforge.pmd.jaxen.DocumentNavigator to net.sourceforge.pmd.lang.ast.xpath.DocumentNavigator
Renamed - net.sourceforge.pmd.jaxen.NodeIterator to net.sourceforge.pmd.lang.ast.xpath.NodeIterator
Renamed - net.sourceforge.pmd.ast.* into net.sourceforge.pmd.lang.java.ast.*
Renamed - net.sourceforge.pmd.rules.* into net.sourceforge.pmd.lang.java.rule.* and updated to follow conventions
Renamed - net.sourceforge.pmd.jsp.ast.* into net.sourceforge.pmd.lang.jsp.ast.*
Renamed - net.sourceforge.pmd.jsp.rules.* into net.sourceforge.pmd.lang.jsp.ast.rule.* and updated to follow conventions
Deleted - net.sourceforge.pmd.cpd.cppast.* into net.sourceforge.pmd.lang.cpp.ast.*
Deleted - net.sourceforge.pmd.CommonAbstractRule
Deleted - net.sourceforge.pmd.SourceFileConstants
Deleted - net.sourceforge.pmd.SourceType
Deleted - net.sourceforge.pmd.SourceTypeDiscoverer
Deleted - net.sourceforge.pmd.SourceTypeToRuleLanguageMapper
Deleted - net.sourceforge.pmd.TargetJDK1_3
Deleted - net.sourceforge.pmd.TargetJDK1_4
Deleted - net.sourceforge.pmd.TargetJDK1_5
Deleted - net.sourceforge.pmd.TargetJDK1_6
Deleted - net.sourceforge.pmd.TargetJDK1_7
Deleted - net.sourceforge.pmd.TargetJDKVersion
Deleted - net.sourceforge.pmd.cpd.SourceFileOrDirectoryFilter
Deleted - net.sourceforge.pmd.sourcetypehandlers.SourceTypeHandlerBroker
Deleted - net.sourceforge.pmd.ast.JavaCharStream
Deleted - net.sourceforge.pmd.ast.CharStream
Deleted - net.sourceforge.pmd.ast.TokenMgrError
Deleted - net.sourceforge.pmd.jsp.ast.JspCharStream
Deleted - net.sourceforge.pmd.jsp.ast.TokenMgrError
API Change - Generalize RuleViolation treatment
Renamed - net.sourceforge.pmd.IRuleViolation to net.sourceforge.pmd.RuleViolation
Renamed - net.sourceforge.pmd.RuleViolation to net.sourceforge.pmd.lang.rule.AbstractRuleViolation
Added - net.sourceforge.pmd.RuleViolationComparator
Added - net.sourceforge.pmd.lang.java.rule.JavaRuleViolation
Added - net.sourceforge.pmd.lang.jsp.rule.JspRuleViolation
API Change - Generalize DFA treatment
Renamed - net.sourceforge.pmd.dfa.IDataFlowNode to net.sourceforge.pmd.lang.dfa.DataFlowNode
Renamed - net.sourceforge.pmd.dfa.DataFlowNode to net.sourceforge.pmd.lang.dfa.AbstractDataFlowNode
Renamed - net.sourceforge.pmd.dfa.Linker to net.sourceforge.pmd.lang.dfa.Linker
Renamed - net.sourceforge.pmd.dfa.LinkerException to net.sourceforge.pmd.lang.dfa.LinkerException
Renamed - net.sourceforge.pmd.dfa.NodeType to net.sourceforge.pmd.lang.dfa.NodeType
Renamed - net.sourceforge.pmd.dfa.StackObject to net.sourceforge.pmd.lang.dfa.StackObject
Renamed - net.sourceforge.pmd.dfa.SequenceChecker to net.sourceforge.pmd.lang.dfa.SequenceChecker
Renamed - net.sourceforge.pmd.dfa.SequenceException to net.sourceforge.pmd.lang.dfa.SequenceException
Renamed - net.sourceforge.pmd.dfa.StartOrEndDataFlowNode to net.sourceforge.pmd.lang.dfa.StartOrEndDataFlowNode
Renamed - net.sourceforge.pmd.dfa.Structure to net.sourceforge.pmd.lang.dfa.Structure
Renamed - net.sourceforge.pmd.dfa.variableaccess.VariableAccess to net.sourceforge.pmd.lang.dfa.VariableAccess
Renamed - net.sourceforge.pmd.dfa.variableaccess.VariableAccessException to net.sourceforge.pmd.lang.dfa.VariableAccessException
Renamed - net.sourceforge.pmd.dfa.pathfinder.* to net.sourceforge.pmd.lang.dfa.pathfinder.*
Renamed - net.sourceforge.pmd.dfa.report.* to net.sourceforge.pmd.lang.dfa.report.*
Renamed - net.sourceforge.pmd.dfa.DaaRuleViolation to net.sourceforge.pmd.lang.java.dfa.DaaRuleViolation
Renamed - net.sourceforge.pmd.dfa.DataFlowFacade to net.sourceforge.pmd.lang.java.dfa.DataFlowFacade
Renamed - net.sourceforge.pmd.dfa.StatementAndBraceFinder to net.sourceforge.pmd.lang.java.dfa.StatementAndBraceFinder
Renamed - net.sourceforge.pmd.dfa.variableaccess.VariableAccessVisitor to net.sourceforge.pmd.lang.java.dfa.VariableAccessVisitor
Added - net.sourceforge.pmd.lang.java.dfa.JavaDataFlowNode
Added - net.sourceforge.pmd.lang.DataFlowHandler
API Change - Generalize Symbol Table treatement
Deleted - net.sourceforge.pmd.symboltable.JspSymbolFacade
Deleted - net.sourceforge.pmd.symboltable.JspScopeAndDeclarationFinder
Renamed - net.sourceforge.pmd.symboltable.* to net.sourceforge.pmd.lang.java.symboltable.*
API Change - Generalize Type Resolution treatment
Renamed - net.sourceforge.pmd.typeresolution.* to net.sourceforge.pmd.lang.java.typeresolution.*
API Change - Generalize Property Descriptor treatment
Renamed - net.sourceforge.pmd.properties.* to net.sourceforge.pmd.lang.rule.properties.*
Renamed - net.sourceforge.pmd.properties.AbstractPMDProperty to net.sourceforge.pmd.lang.rule.properties.AbstractProperty
Changed - net.sourceforge.pmd.properties.PropertyDescriptor to use Generics, and other changes
Added - net.sourceforge.pmd.lang.rule.properties.* new types and other API changes
API Change - Generalize AST treatment
Added - net.sourceforge.pmd.lang.ast.Node (interface extracted from old Node/SimpleNode)
Added - net.sourceforge.pmd.lang.ast.AbstractNode
Added - net.sourceforge.pmd.ast.DummyJavaNode
Added - net.sourceforge.pmd.jsp.ast.AbstractJspNode
Added - net.sourceforge.pmd.jsp.ast.JspNode
Renamed - net.sourceforge.pmd.ast.SimpleJavaNode to net.sourceforge.pmd.ast.AbstractJavaNode
Renamed - net.sourceforge.pmd.ast.SimpleJavaTypeNode to net.sourceforge.pmd.ast.AbstractJavaTypeNode
Renamed - net.sourceforge.pmd.ast.SimpleJavaAccessNode to net.sourceforge.pmd.ast.AbstractJavaAccessNode
Renamed - net.sourceforge.pmd.ast.SimpleJavaAccessTypeNode to net.sourceforge.pmd.ast.AbstractJavaAccessTypeNode
Deleted - net.sourceforge.pmd.ast.Node
Deleted - net.sourceforge.pmd.ast.SimpleNode
Deleted - net.sourceforge.pmd.ast.AccessNodeInterface
Deleted - net.sourceforge.pmd.jsp.ast.Node
Deleted - net.sourceforge.pmd.jsp.ast.SimpleNode
API Change - General code reorganization/cleanup
Renamed - net.sourceforge.pmd.AbstractDelegateRule to net.sourceforge.pmd.lang.rule.AbstractDelegateRule
Renamed - net.sourceforge.pmd.MockRule to net.sourceforge.pmd.lang.rule.MockRule
Renamed - net.sourceforge.pmd.RuleReference to net.sourceforge.pmd.lang.rule.RuleReference
Renamed - net.sourceforge.pmd.ScopedLogHandlersManager to net.sourceforge.pmd.util.log.ScopedLogHandlersManager
Renamed - net.sourceforge.pmd.util.AntLogHandler to net.sourceforge.pmd.util.log.AntLogHandler
Renamed - net.sourceforge.pmd.util.ConsoleLogHandler to net.sourceforge.pmd.util.log.ConsoleLogHandler
Renamed - net.sourceforge.pmd.util.PmdLogFormatter to net.sourceforge.pmd.util.log.PmdLogFormatter
API Change - Changes to Rule/RuleSet/RuleSets
Removed - boolean Rule.include()
Removed - void Rule.setInclude(boolean)
Removed - String Rule.getRulePriorityName()
Removed - String Rule.getExample()
Removed - Rule.LOWEST_PRIORITY
Removed - Rule.PRIORITIES
Removed - Properties Rule.getProperties()
Removed - Rule.addProperties(Properties)
Removed - boolean Rule.hasProperty(String)
Removed - RuleSet.applies(Language,Language)
Removed - RuleSet.getLanguage()
Removed - RuleSet.setLanguage(Language)
Removed - RuleSets.applies(Language,Language)
Changed - void Rule.setPriority(int) to void Rule.setPriority(RulePriority)
Changed - int Rule.getPriority() to void RulePriority Rule.getPriority()
Changed - XXX Rule.getXXXProperty(String) to <T> Rule.getProperty(PropertyDescriptor<T>)
Changed - XXX Rule.getXXXProperty(PropertyDescriptor) to <T> Rule.getProperty(PropertyDescriptor<T>)
Changed - Rule.addProperty(String, String) to Rule.setProperty(PropertyDescriptor<T>, T)
Changed - Rule.setProperty(PropertyDescriptor, Object) to Rule.setProperty(PropertyDescriptor<T>, T)
Changed - Rule.setProperty(PropertyDescriptor, Object[]) to Rule.setProperty(PropertyDescriptor<T>, T)
Changed - Rule.propertyValuesByDescriptor() to Rule.getPropertiesByPropertyDescriptor()
Changed - PropertyDescriptor Rule.propertyDescriptorFor(String) to PropertyDescriptor Rule.getPropertyDescriptor(String)
Changed - boolean RuleSet.usesDFA() to boolean RuleSet.usesDFA(Language)
Changed - boolean RuleSet.usesTypeResolution() to boolean RuleSet.usesTypeResolution(Language)
Added - Rule.setLanguage(Language)
Added - Language Rule.getLanguage()
Added - Rule.setMinimumLanguageVersion(LanguageVersion)
Added - LanguageVersion Rule.getMinimumLanguageVersion()
Added - Rule.setMaximumLanguageVersion(LanguageVersion)
Added - LanguageVersion Rule.getMaximumLanguageVersion()
Added - Rule.setDeprecated(boolean)
Added - boolean Rule.isDeprecated()
Added - String Rule.dysfunctionReason();
Added - Rule.definePropertyDescriptor(PropertyDescriptor)
Added - List<PropertyDescriptor> Rule.getPropertyDescriptors()
Added - RuleSet.applies(Rule,LanguageVersion)
API Change - Changes to PMD class
Renamed - PMD.EXCLUDE_MARKER to PMD.SUPPRESS_MARKER
Removed - PMD.processFile(InputStream, RuleSet, RuleContext)
Removed - PMD.processFile(InputStream, String, RuleSet, RuleContext)
Removed - PMD.processFile(Reader, RuleSet, RuleContext)
Removed - PMD.processFile(Reader, RuleSets, RuleContext, LanguageVersion)
Moved - PMD.getExcludeMarker() to Configuration.getSuppressMarker()
Moved - PMD.setExcludeMarker(String) to Configuration.getSuppressMarker(String)
Moved - PMD.getClassLoader() to Configuration.getClassLoader()
Moved - PMD.setClassLoader(ClassLoader) to Configuration.getClassLoader(ClassLoader)
Moved - PMD.setDefaultLanguageVersion(LanguageVersion) to Configuration.setDefaultLanguageVersion(LanguageVersion)
Moved - PMD.setDefaultLanguageVersions(List<LanguageVersion>) to Configuration.setDefaultLanguageVersions(List<LanguageVersion>)
Moved - PMD.createClasspathClassLoader(String) to Configuration.createClasspathClassLoader(String)
API Change - Changes to Node interface
Renamed - Node.findChildrenOfType(Class) as Node.findDescendantsOfType(Class)
Renamed - Node.getFirstChildOfType(Class) as Node.getFirstDescendantOfType(Class)
Renamed - Node.containsChildOfType(Class) as Node.hasDescendantOfType(Class)
Renamed - Node.getAsXml() as Node.getAsDocument()
Added - Node.findChildrenOfType(Class), non recursive version
Added - Node.getFirstChildOfType(Class), non recursive version
API Change - Remove deprecated APIs
Removed - AccessNode.setXXX() methods, use AccessNode.setXXX(boolean) instead.
Removed - PMDException.getReason()
Removed - RuleSetFactory.createRuleSet(String,ClassLoader), use RuleSetFactory.setClassLoader(ClassLoader) and RuleSetFactory.createRuleSets(String) instead.
Removed - net.sourceforge.pmd.cpd.FileFinder use net.sourceforge.pmd.util.FileFinder instead.
API Change - RuleSetFactory
Added - RuleSetFactory.setClassLoader(ClassLoader)
Added - RuleSetFactory.createRuleSets(List<RuleSetReferenceId>)
Added - RuleSetFactory.createRuleSet(RuleSetReferenceId)
Added - RuleSetFactory.setClassLoader(ClassLoader)
Added - RuleSetReferenceId class to handle parsing of RuleSet strings, see RuleSetReferenceId.parse(String)
Renamed - RuleSetFactory.createSingleRuleSet(String) to RuleSetFactory.createRuleSet(String);
Removed - RuleSetFactory.createRuleSets(String, ClassLoader), use RuleSetFactory.createRuleSets(String) instead.
Removed - RuleSetFactory.createSingleRuleSet(String, ClassLoader), use RuleSetFactory.createSingleRuleSet(String) instead.
Removed - RuleSetFactory.createRuleSet(InputStream, ClassLoader), use RuleSetFactory.createRuleSet(RuleSetReferenceId) instead.
Removed - ExternalRuleID, use RuleSetReferenceId instead
Removed - SimpleRuleSetNameMapper, use RuleSetReferenceId instead
API Change - Changes to Renderer class, and Renderer implementations
Added - Renderer.getName()
Added - Renderer.setName(String)
Added - Renderer.getDescription()
Added - Renderer.setDescription(String)
Added - Renderer.getPropertyDefinitions()
Added - Renderer.isShowSuppressedViolations()
Added - AbstractAccumulatingRenderer
Removed - Renderer.render(Report)
Removed - Renderer.render(Report, Writer)
Renamed - Renderer.showSuppressedViolations(boolean) to Renderer.setShowSuppressedViolations(boolean)
Renamed - PapariTextRenderer to TextColorRenderer
Renamed - OntheFlyRenderer to AbstractIncrementingRenderer
PMD command line changes:
Removed -lineprefix use -property linePrefix {value} instead
Removed -linkprefix use -property linkPrefix {value} instead
Removed -xslt use -property xsltFilename {value} instead
Removed -nojsp now obsolete
Removed -targetjdk use -version {name} {version} instead
Added -version {name} {version} to set language version to use for a given language
Added -property {name} {value} as generic way to pass properties to Renderers
Added -showsuppressed as a means to show suppressed rule violations (consistent with Ant task behavior)
Renamed 'nicehtml' report to 'xslt'
Renamed 'papari' report to 'textcolor'
Renamed -excludemarker option to -suppressmarker
Renamed -cpus option to -threads
Ant changes:
Removed - <formatter> 'linkPrefix' attribute, use <param name="linkPrefix"> instead
Removed - <formatter> 'linePrefix' attribute, use <param name="linePrefix"> instead
Changed - <formatter> is optional - if not specified, falls back to "text" and console output.
Removed - <pmd> 'targetJDK' attribute to <version>lang version</version> instead
Added - <param name="name" value="value"/> as generic way to pass properties to Renderers on <formatter>
Renamed - <pmd> 'excludeMarker' attribute to 'suppressMarker'
Renamed - <pmd> 'cpus' attribute to 'threads'
Maven changes:
The new maven coordinates are: net.sourceforge.pmd:pmd, e.g.
<dependency>
<groupId>net.sourceforge.pmd</groupId>
<artifactId>pmd</artifactId>
<version>5.0</version>
</dependency>
New features:
New Language 'ecmascript' added, for writing XPathRule and Java Rules against ECMAScript/JavaScript documents (must be standalone, not embedded in HTML). Many thanks to Rhino!
New Language 'xml' added, for writing XPathRules against XML documents
New Language 'xsl' added, as a derivative from XML.
Rules can now define a 'violationSuppressRegex' property to universally suppress violations with messages matching the given regular expression
Rules can now define a 'violationSuppressXPath' property to universally suppress violations on nodes which match the given relative XPath expression
Rules are now directly associated with a corresponding Language, and a can also be associated with a specific Language Version range if desired.
Rules can now be flagged with deprecated='true' in the RuleSet XML to allow the PMD Project to indicate a Rule (1) is scheduled for removal, (2) has been removed, or (3) has been renamed/moved.
XPathRules can now query using XPath 2.0 with 'version=2.0"', or XPath 2.0 in XPath 1.0 compatibility mode using 'version="1.0 compatibility"'. Many thanks to Saxon!
Rules can now use property values in messages, for example ${propertyName} will expand to the value of the 'propertyName' property on the Rule.
Rules can now use violation specific values in messages, specifically ${variableName}, ${methodName}, ${className}, ${packageName}.
New XPath function 'getCommentOn' can be used to search for strings in comments - Thanks to Andy Throgmorton
CPD:
Add .hxx and .hpp as valid file extension for CPD - Thanks to Ryan Pavlik
Add options to to the CPD command line task - Thanks to Cd-Man
Add C# support for CPD - thanks to Florian Bauer
Fix small bug in Rule Designer UI
Performance enhacement when parsing Javadoc (Patch ID: 3217201), thanks to Cd-Man
Rework the XMLRenderer to use proper XML API and strictly uses the system value for encoding (Fix bug: 1435751)
Other changes:
Rule property API upgrades:
All numeric property descriptors can specify upper & lower limits
Newly functional Method & Type descriptors allow rule developers to incorporate/watch for individual methods or types
Better initialization error detection
Deprecated old string-keyed property API, will leave some methods behind for XPath rules however
'41' and '42' shortcuts for rulesets added
The default Java version processed by PMD is now uniformly Java 1.5.
RuleViolations in Reports now uses List internally, and RuleViolationComparator is no longer broken
TokenManager errors now include a file name whenever possible for every AST in PMD
Added file encoding option to CPD GUI, which already existed for the command line and Ant
AssignmentInOperand enhanced to catch assignment in 'for' condition, as well as use of increment/decrement operators. Customization properties added to allow assignment in if/while/for, or use of increment/decrement.
Fix false positive on CastExpressions for UselessParentheses
Fix false positive where StringBuffer.setLength(0) was using default constructor size of 16, instead of actual constructor size.
Fix false negative for non-primitive types for VariableNamingConventions, also expanded scope to local and method/constructors, and enhanced customization options to choose between members/locals/parameters (all checked by default)
Fix false negative for UseArraysAsList when the array was passed as method parameter - thanks to Andy Throgmorton
Improve TooManyMethods rule - thanks to a patch from Riku Nykanen
Improve DoNotCallSystemExit - thanks to a patch from Steven Christou
Correct -benchmark reporting of Rule visits via the RuleChain
Creating an Empty Code Ruleset and moved the following rules from Basic ruleset:
* Empty Code Rules
* EmptyCatchBlock
* EmptyIfStmt
* EmptyWhileStmt
* EmptyTryBlock
* EmptyFinallyBlock
* EmptySwitchStatements
* EmptySynchronizedBlock
* EmptyStatementNotInLoop
* EmptyInitializer
* EmptyStatementBlock
* EmptyStaticInitializer
Basic rulesets still includes a reference to those rules.
Creating a unnecessary Code Ruleset and moved the following rules from Basic ruleset:
* UnnecessaryConversionTemporary
* UnnecessaryReturn
* UnnecessaryFinalModifier
* UselessOverridingMethod
* UselessOperationOnImmutable
* UnusedNullCheckInEquals
* UselessParentheses
Basic rulesets still includes a reference to those rules.
Fixed bug 2920057 - Fixed False + on CloseResource
Fixed bug 1808110 - Fixed performance issues on PreserveStackTrace
Fixed bug 2832322 - cpd.xml file tag path attribute should be entity-encoded
Fixed bug 2826119 - False +: DoubleCheckedLocking warning with volatile field
Fixed bug 2835074 - False -: DoubleCheckedLocking with reversed null check
Fixed bug 1932242 - EmptyMethodInAbstractClassShouldBeAbstract false +
Fixed bug 1928009 - Error using migration ruleset in PMD 4.2
Fixed bug 1808110 - PreserveStackTrace
Fixed bug 1988829 - Violation reported without source file name (actually a fix to ConsecutiveLiteralAppends)
Fixed bug 1989814 - false +: ConsecutiveLiteralAppends
Fixed bug 1977230 - false positive: UselessOverridingMethod
Fixed bug 1998185 - BeanMembersShouldSerialize vs @SuppressWarnings("serial")
Fixed bug 2002722 - false + in UseStringBufferForStringAppends
Fixed bug 2056318 - False positive for AvoidInstantiatingObjectsInLoops
Fixed bug 1977438 - False positive for UselessStringValueOf
Fixed bug 2050064 - False + SuspiciousOctalEscape with backslash literal
Fixed bug 1556594 - Wonky detection of NullAssignment
Fixed bug 1481051 - false + UnusedNullCheckInEquals (and other false positives too)
Fixed bug 1943204 - Ant task: <ruleset> path should be relative to Ant basedir
Fixed patch 2075906 - Add toString() to the rule UnnecessaryWrapperObjectCreation
Fixed bug 2315623 - @SuppressWarnings("PMD.UseSingleton") has no effect
Fixed bug 2230809 - False +: ClassWithOnlyPrivateConstructorsShouldBeFinal
Fixed bug 2338341 - ArrayIndexOutOfBoundsException in CPD (on Ruby)
Fixed bug 2315599 - False +: UseSingleton with class containing constructor
Fixed bug 1955852 - false positives for UnusedPrivateMethod & UnusedLocalVariable
Fixed bug 2404700 - UseSingleton should not act on enums
Fixed bug - JUnitTestsShouldIncludeAssert now detects Junit 4 Assert.assert... constructs
Fixed bug 1609038 - Xslt report generators break if path contains "java"
Fixed bug 2142986 - UselessOverridingMethod doesn't consider annotations
Fixed bug 2027626 - False + : AvoidFinalLocalVariable
Fixed bug 2606609 - False "UnusedImports" positive in package-info.java
Fixed bug 2645268 - ClassCastException in UselessOperationOnImmutable.getDeclaration
Fixed bug 2724653 - AvoidThreadGroup reports false positives
Fixed bug 2904832 - Type resolution not working for ASTType when using an inner class
Fixed bug 1435751 - XML format does not support UTF-8
Fixed bug 3303811 - Deadlink on "Similar projects" page
Fixed bug 3017616 - Updated documentation regarding Netbeans plugin - thanks to Jesse Glick
Fixed bug 3427563 - Deprecated class (android.util.config) - thanks to Lukas Reschke for the patch
ruleset.dtd and ruleset_xml_schema.xsd added to jar file in rulesets directory
bin and java14/bin scripts:
retroweaver version was not correct in java14/bin scripts
support for extra languages in cpd.sh
standard unix scripts can be used with cygwin
Upgrading UselessOperationOnImmutable to detect more use cases, especially on String and fix false positives
AvoidDuplicateLiteralRule now has 'skipAnnotations' boolean property
Fixed false positive in UnusedImports: javadoc comments are parsed to check @see and other tags
Fixed parsing bug: constant fields in annotation classes
Bug fix: NPE in MoreThanOneLogger
UnnecessaryParentheses now checks all expressions, not just return statements
UnusedFormalParameter now reports violations on the parameter node, not the method/constructor node
Updates to RuleChain to honor RuleSet exclude-pattern
Optimizations and false positive fixes in PreserveStackTrace
@SuppressWarnings("all") disables all warnings
SingularField now checks for multiple fields in the same declaration
Java grammar enhanced to include AnnotationMethodDeclaration as parent node of method related children of AnnotationTypeMemberDeclaration
JavaCC generated artifacts updated to JavaCC 4.1.
Dependencies updates: asm updated to 3.2
Ant requirement is now 1.7.0 or higher for compilation
JUnit testing jar is packaged on 1.7.0+ only in ant binary distributions
Note that the ant task still works with 1.6.0 and higher
All comment types are now stored in ASTCompilationUnit, not just formal ones
Fixed false negative in UselessOverridingMethod
Fixed handling of escape characters in UseIndexOfChar and AppendCharacterWithChar
Fixed ClassCastException on generic method in BeanMembersShouldSerialize
Fixed ClassCastException in symbol table code
Support for Java 1.4 runtime dropped, PMD now requires Java 5 or higher. PMD can still process Java 1.4 source files.
Support for Java 1.7
Text renderer is now silent if there's no violation instead of displaying "No problems found!"
RuleSet short names now require a language prefix, 'basic' is now 'java-basic', and 'rulesets/basic.xml' is now 'rulesets/java/basic.xml'
The JSP RuleSets are now in the 'jsp' language, and are 'jsp-basic', 'jsp-basic-jsf', 'rulesets/jsp/basic.xml' and 'rulesets/jsp/basic-jsp.xml'
Enhanced logging in the ClassTypeResolver to provide more detailed messaging.
AvoidUsingHardCodedIP modified to not use InetAddress.getByName(String), instead does better pattern analysis.
The JSP/JSF parser can now parse Unicode input.
The JSP/JSP parser can now handle <script>...</script> tags. The AST HtmlScript node contains the content.
Added Ecmascript as a supported language for CPD.
The RuleSet XML Schema namespace is now: http://pmd.sourceforge.net/ruleset/2.0.0
The RuleSet XML Schema is located in the source at: etc/ruleset_2_0_0.xsd
The RuleSet DTD is located in the source at: etc/ruleset_2_0_0.dtd
Improved include/exclude pattern matching performance for ends-with type patterns.
Modify (and hopefully fixed) CPD algorithm thanks to a patch from Juan Jesús García de Soria.
Fixed character reference in xml report - thanks to Seko
Enhanced SuspiciousEqualsMethodName rule - thanks to Andy Throgmorton
Add a script to launch CPDGUI on Unix system - thanks to Tom Wheeler
New Java rules:
Basic ruleset: ExtendsObject,CheckSkipResult,AvoidBranchingStatementAsLastInLoop,DontCallThreadRun,DontUseFloatTypeForLoopIndices
Controversial ruleset: AvoidLiteralsInIfCondition, AvoidPrefixingMethodParameters, OneDeclarationPerLine, UseConcurrentHashMap
Coupling ruleset: LoosePackageCoupling,LawofDemeter
Design ruleset: LogicInversion,UseVarargs,FieldDeclarationsShouldBeAtStartOfClass,GodClass
Empty ruleset: EmptyInitializer,EmptyStatementBlock
Import ruleset: UnnecessaryFullyQualifiedName
Optimization ruleset: RedundantFieldInitializer
Naming ruleset: ShortClassName, GenericsNaming
StrictException ruleset: AvoidThrowingNewInstanceOfSameException, AvoidCatchingGenericException, AvoidLosingExceptionInformation
Unnecessary ruleset: UselessParentheses
JUnit ruleset: JUnitTestContainsTooManyAsserts, UseAssertTrueInsteadOfAssertEquals
Logging with Jakarta Commons ruleset: GuardDebugLogging
New Java ruleset:
android.xml: new rules specific to the Android platform
New JSP rules:
Basic ruleset: NoInlineScript
New ECMAScript rules:
Basic ruleset: AssignmentInOperand,ConsistentReturn,InnaccurateNumericLiteral,ScopeForInVariable,UnreachableCode,EqualComparison,GlobalVariable
Braces ruleset: ForLoopsMustUseBraces,IfStmtsMustUseBraces,IfElseStmtsMustUseBraces,WhileLoopsMustUseBraces
Unnecessary ruleset: UnnecessaryParentheses,UnnecessaryBlock
New XML rules:
Basic ruleset: MistypedCDATASection
November 4, 2011 - 4.3:
Add support for Java 7 grammer - thanks to Dinesh Bolkensteyn and SonarSource
Add options --ignore-literals and --ignore-identifiers to the CPD command line task, thanks to Cd-Man
Fixed character reference in xml report - thanks to Seko
Add C# support for CPD - thanks to Florian Bauer
Fix small bug in Rule Designer UI
Improve TooManyMethods rule - thanks to a patch from Riku Nykanen
Improve DoNotCallSystemExit - thanks to a patch from Steven Christou
Fix false negative for UseArraysAsList when the array was passed as method parameter - thanks to Andy Throgmorton
Enhanced SuspiciousEqualsMethodName rule - thanks to Andy Throgmorton
Add a script to launch CPDGUI on Unix system - thanks to Tom Wheeler
New Rule:
Basic ruleset: DontCallThreadRun - thanks to Andy Throgmorton
Logging with Jakarta Commons ruleset: GuardDebugLogging
September 14, 2011 - 4.2.6:
Fixed bug 2920057 - False + : CloseRessource whith an external getter
Fixed bug 1808110 - Fixed performance issue on PreserveStackTrace
Fixed bug 2832322 - cpd.xml file tag path attribute should be entity-encoded
Fixed bug 2590258 - NPE with nicerhtml output
Fixed bug 2317099 - False + in SimplifyCondition
Fixed bug 2606609 - False "UnusedImports" positive in package-info.java
Fixed bug 2645268 - ClassCastException in UselessOperationOnImmutable.getDeclaration
Fixed bug 2724653 - AvoidThreadGroup reports false positives
Fixed bug 2835074 - False -: DoubleCheckedLocking with reversed null check
Fixed bug 2826119 - False +: DoubleCheckedLocking warning with volatile field
Fixed bug 2904832 - Type resolution not working for ASTType when using an inner class
Modify (and hopefully fixed) CPD algorithm thanks to a patch from Juan Jesús García de Soria.
Correct -benchmark reporting of Rule visits via the RuleChain
Fix issue with Type Resolution incorrectly handling of Classes with same name as a java.lang Class.
The JSP/JSF parser can now parse Unicode input.
The JSP/JSP parser can now handle <script>...</script> tags. The AST HtmlScript node contains the content.
Added Ecmascript as a supported language for CPD.
Improved include/exclude pattern matching performance for ends-with type patterns.
Dependencies updates: asm updated to 3.2
Android ruleset: CallSuperLast rule now also checks for finish() redefinitions
New rule:
Android: DoNotHardCodeSDCard
Controversial : AvoidLiteralsInIfCondition (patch 2591627), UseConcurrentHashMap
StrictExceptions : AvoidCatchingGenericException, AvoidLosingExceptionInformation
Naming : GenericsNaming
JSP: NoInlineScript
February 08, 2009 - 4.2.5:
Enhanced logging in the ClassTypeResolver to provide more detailed messaging.
Fixed bug 2315623 - @SuppressWarnings("PMD.UseSingleton") has no effect
Fixed bug 2230809 - False +: ClassWithOnlyPrivateConstructorsShouldBeFinal
Fixed bug 2338341 - ArrayIndexOutOfBoundsException in CPD (on Ruby)
Fixed bug 2315599 - False +: UseSingleton with class containing constructor
Fixed bug 1955852 - false positives for UnusedPrivateMethod & UnusedLocalVariable
Fixed bug 2404700 - UseSingleton should not act on enums
Fixed bug 2225474 - VariableNamingConventions does not work with nonprimitives
Fixed bug 1609038 - Xslt report generators break if path contains "java"
Fixed bug - JUnitTestsShouldIncludeAssert now detects Junit 4 Assert.assert... constructs
Fixed bug 2142986 - UselessOverridingMethod doesn't consider annotations
Fixed bug 2027626 - False + : AvoidFinalLocalVariable
New rule:
StrictExceptions : AvoidThrowingNewInstanceOfSameException
New ruleset:
android.xml: new rules specific to the Android platform
October 12, 2008 - 4.2.4:
Fixed bug 1481051 - false + UnusedNullCheckInEquals (and other false positives too)
Fixed bug 1943204 - Ant task: <ruleset> path should be relative to Ant basedir
Fixed bug 2139720 - Exception in PMD Rule Designer for inline comments in source
Fixed patch 2075906 - Add toString() to the rule UnnecessaryWrapperObjectCreation
Fixed ClassCastException on generic method in BeanMembersShouldSerialize
Fixed ClassCastException in symbol table code
August 31, 2008 - 4.2.3:
JavaCC generated artifacts updated to JavaCC 4.1d1.
Java grammar enhanced to include AnnotationMethodDeclaration as parent node of method related children of AnnotationTypeMemberDeclaration
Fixes for exclude-pattern
Updates to RuleChain to honor RuleSet exclude-pattern
Upgrading UselessOperationOnImmutable to detect more use cases, especially on String and fix false positives
Fixed bug 1988829 - Violation reported without source file name (actually a fix to ConsecutiveLiteralAppends)
Fixed bug 1989814 - false +: ConsecutiveLiteralAppends
Fixed bug 1977230 - false positive: UselessOverridingMethod
Fixed bug 1998185 - BeanMembersShouldSerialize vs @SuppressWarnings("serial")
Fixed bug 2002722 - false + in UseStringBufferForStringAppends
Fixed bug 2056318 - False positive for AvoidInstantiatingObjectsInLoops
Fixed bug 1977438 - False positive for UselessStringValueOf
Fixed bug 2050064 - False + SuspiciousOctalEscape with backslash literal
Fixed bug 1556594 - Wonky detection of NullAssignment
Optimizations and false positive fixes in PreserveStackTrace
@SuppressWarnings("all") disables all warnings
All comment types are now stored in ASTCompilationUnit, not just formal ones
Fixed false negative in UselessOverridingMethod
Fixed handling of escape characters in UseIndexOfChar and AppendCharacterWithChar
New rule:
Basic ruleset: EmptyInitializer
May 20, 2008 - 4.2.2:
Fixed false positive in UnusedImports: javadoc comments are parsed to check @see and other tags
Fixed parsing bug: constant fields in annotation classes
Bug fix: NPE in MoreThanOneLogger
UnnecessaryParentheses now checks all expressions, not just return statements
April 11, 2008 - 4.2.1:
'41' and '42' shortcuts for rulesets added
Fixed bug 1928009 - Error using migration ruleset in PMD 4.2
Fixed bug 1932242 - EmptyMethodInAbstractClassShouldBeAbstract false +
Fixed bug 1808110 - PreserveStackTrace
AvoidDuplicateLiteralRule now has 'skipAnnotations' boolean property
ruleset.dtd and ruleset_xml_schema.xsd added to jar file in rulesets directory
Update RuleSetWriter to handle non-Apache TRAX implementations, add an option to not use XML Namespaces
Added file encoding option to CPD GUI, which already existed for the command line and Ant
bin and java14/bin scripts:
retroweaver version was not correct in java14/bin scripts
support for extra languages in cpd.sh
standard unix scripts can be used with cygwin
March 25, 2008 - 4.2:
Fixed bug 1920155 - CheckResultSet: Does not pass for loop conditionals
March 21, 2008 - 4.2rc2:
Fixed bug 1912831 - False + UnusedPrivateMethod with varargs
Fixed bug 1913536 - Rule Designer does not recognize JSP(XML)
Add -auxclasspath option for specifying Type Resolution classpath from command line and auxclasspath nested element for ant task.
Fixed formatting problems in loggers.
Ant task upgrade:
Added a new attribute 'maxRuleCount' to indicate whether or not to fail the build if PMD finds that much violations.
March 07, 2008 - 4.2rc1:
Fixed bug 1866198 - PMD should not register global Logger
Fixed bug 1843273 - False - on SimplifyBooleanReturns
Fixed bug 1848888 - Fixed false positive in UseEqualsToCompareStrings
Fixed bug 1874313 - Documentation bugs
Fixed bug 1855409 - False + in EmptyMethodInAbstractClassShouldBeAbstract
Fixed bug 1888967 - Updated xpath query to detect more "empty" methods.
Fixed bug 1891399 - Check for JUnit4 test method fails
Fixed bug 1894821 - False - for Test Class without Test Cases
Fixed bug 1882457 - PositionLiteralsFirstInComparisons rule not working OK
Fixed bug 1842505 - XML output incorrect for inner classes
Fixed bug 1808158 - Constructor args could also be final
Fixed bug 1902351 - AvoidReassigningParameters not identify parent field
Fixed other false positives in EmptyMethodInAbstractClassShouldBeAbstract
Fixed other issues in SimplifyBooleanReturns
Modified AvoidReassigningParameter to also check constructor arguments for reassignement
New rules:
Basic ruleset: AvoidMultipleUnaryOperators
Controversial ruleset: DoNotCallGarbageCollectionExplicitly,UseObjectForClearerAPI
Design ruleset : ReturnEmptyArrayRatherThanNull,TooFewBranchesForASwitchStatement,AbstractClassWithoutAnyMethod
Codesize : TooManyMethods
StrictExceptions : DoNotThrowExceptionInFinally
Strings : AvoidStringBufferField
Rule upgrade:
CyclomaticComplexity now can be configured to display only class average complexity or method complexity, or both.
Designer upgrade:
A new panel for symbols and a tooltips on AST node that displays line, column and access node attributes (private,
static, abstract,...)
1.7 added as a valid option for targetjdk.
New elements under <ruleset>: <exclude-pattern> to match files exclude from processing, with <include-pattern> to override.
Rules can now be written which produce violations based upon aggregate file processing (i.e. cross/multiple file violations).
PMD Rule Designer can now shows Symbol Table contents for the selected AST node.
PMD Rule Designer shows position info in tooltip for AST nodes and highlights matching code for selected AST node in code window.
CPD Ant task will report to System.out when 'outputFile' not given.
RuleSetWriter class can be used to Serialize a RuleSet to XML in a standard fashion. Recommend PMD IDE plugins standardize their behavior.
retroweaver updated to version 2.0.5.
November 17, 2007 - 4.1:
Fixed annotation bug: ClassCastException when a formal parameter had multiple annotations
Added a Visual Studio renderer for CPD; just use "--format vs".
Dependencies updates: asm to 3.1, retroweaver to 2.0.2, junit to 4.4
new ant target ("regress") to test regression bugs only
November 01, 2007 - 4.1rc1:
New rules:
Basic ruleset: AvoidUsingHardCodedIP,CheckResultSet
Controversial ruleset: AvoidFinalLocalVariable,AvoidUsingShortType,AvoidUsingVolatile,AvoidUsingNativeCode,AvoidAccessibilityAlteration
Design ruleset: ClassWithOnlyPrivateConstructorsShouldBeFinal,EmptyMethodInAbstractClassShouldBeAbstract
Imports ruleset: TooManyStaticImports
J2ee ruleset: DoNotCallSystemExit, StaticEJBFieldShouldBeFinal,DoNotUseThreads
Strings ruleset: UseEqualsToCompareStrings
Fixed bug 674394 - fixed false positive in DuplicateImports for disambiguation import
Fixed bug 631681 - fixed false positive in UnusedPrivateField when field is accessed by outer class
Fixed bug 985989 - fixed false negative in ConstructorCallsOverridableMethod for inner static classes
Fixed bug 1409944 - fixed false positive in SingularField for lock objects
Fixed bug 1472195 - fixed false positives in PositionLiteralsFirstInComparisons when the string is used as a parameter
Fixed bug 1522517 - fixed false positive in UselessOverridingMethod for clone method
Fixed bug 1744065 - fixed false positive in BooleanInstantiation when a custom Boolean is used
Fixed bug 1765613 - fixed NullPointerException in CloneMethodMustImplementCloneable when checking enum
Fixed bug 1740480 - fixed false positive in ImmutableField when the assignment is inside an 'if'
Fixed bug 1702782 - fixed false positive in UselessOperationOnImmutable when an Immutable on which an operation is performed is compareTo'd
Fixed bugs 1764288/1744069/1744071 - When using Type Resolution all junit test cases will notice if you're using an extended TestCase
Fixed bug 1793215 - pmd-nicerhtml.xsl does not display line numbers
Fixes bug 1796928 - fixed false positive in AvoidThrowingRawExceptionTypes, when a Type name is the same as a RawException.
Fixed bug 1811506 - False - : UnusedFormalParameter (property "checkall" needs to be set)
Fixed false negative in UnnecessaryCaseChange
The Java 1.5 source code parser is now the default for testcode used in PMD's unit tests.
Added TypeResolution to the XPath rule. Use typeof function to determine if a node is of a particular type
Adding a GenericLiteralChecker, a generic rule that require a regex as property. It will log a violation if a Literal is matched by the regex. See the new rule AvoidUsingHardCodedIP for an example.
Adding support for multiple line span String in CPD's AbstractTokenizer, this may change, for the better, CPD's Ruby parsing.
This release adds 'nicehtml', with the plan for the next major release to make nicehtml->html, and html->oldhtml. This feature uses an XSLT transformation, default stylesheet maybe override with '-xslt filename'.
New CPD command line feature : Using more than one directory for sources. You can now have several '--files' on the command line.
SingularField greatly improved to generate very few false positives (none?). Moved from controversial to design. Two options added to restore old behaviour (mostly).
Jaxen updated to 1.1.1, now Literal[@Image='""'] works in XPath expressions.
July 20, 2007 - 4.0
Fixed bug 1697397 - fixed false positives in ClassCastExceptionWithToArray
Fixed bug 1728789 - removed redundant rule AvoidNonConstructorMethodsWithClassName; MethodWithSameNameAsEnclosingClass is faster and does the same thing.
July 12, 2007 - 4.0rc2:
New rules:
Typeresolution ruleset: SignatureDeclareThrowsException - re-implementation using the new Type Resolution facility (old rule is still available)
Fixed bug 1698550 - CloneMethodMustImplementCloneable now accepts a clone method that throws CloneNotSupportedException in a final class
Fixed bug 1680568 - The new typeresolution SignatureDeclareThrowsException rule now ignores setUp and tearDown in JUnit 4 tests and tests that do not directly extend TestCase
The new typeresolution SignatureDeclareThrowsException rule can now ignore JUnit classes completely by setting the IgnoreJUnitCompletely property
Fixed false positive in UselessOperationOnImmutable
PMD now defaults to using a Java 1.5 source code parser.
June 22, 2007 - 4.0rc1:
New rules:
Strict exception ruleset: DoNotExtendJavaLangError
Basic JSP ruleset: JspEncoding
J2EE ruleset: MDBAndSessionBeanNamingConvention, RemoteSessionInterfaceNamingConvention, LocalInterfaceSessionNamingConvention, LocalHomeNamingConvention, RemoteInterfaceNamingConvention
Optimizations ruleset: AddEmptyString
Naming: BooleanGetMethodName
New rulesets:
Migrating To JUnit4: Rules that help move from JUnit 3 to JUnit 4
Fixed bug 1670717 - 'Copy xml to clipboard' menu command now works again in the Designer
Fixed bug 1618858 - PMD no longer raises an exception on XPath like '//ConditionalExpression//ConditionalExpression'
Fixed bug 1626232 - Commons logging rules (ProperLogger and UseCorrectExceptionLogging) now catch more cases
Fixed bugs 1626201 & 1633683 - BrokenNullCheck now catches more cases
Fixed bug 1626715 - UseAssertSameInsteadOfAssertTrue now correctly checks classes which contain the null constant
Fixed bug 1531216 - ImmutableField. NameOccurrence.isSelfAssignment now recognizes this.x++ as a self assignment
Fixed bug 1634078 - StringToString now recognizes toString on a String Array, rather than an element.
Fixed bug 1631646 - UselessOperationOnImmutable doesn't throw on variable.method().variable.
Fixed bug 1627830 - UseLocaleWithCaseConversions now works with compound string operations
Fixed bug 1613807 - DontImportJavaLang rule allows import to Thread inner classes
Fixed bug 1637573 - The PMD Ant task no longer closes System.out if toConsole is set
Fixed bug 1451251 - A new UnusedImports rule, using typeresolution, finds unused import on demand rules
Fixed bug 1613793 - MissingSerialVersionUID rule now doesn't fire on abstract classes
Fixed bug 1666646 - ImmutableField rule doesn't report against volatile variables
Fixed bug 1693924 - Type resolution now works for implicit imports
Fixed bug 1705716 - Annotation declarations now trigger a new scope level in the symbol table.
Fixed bug 1743938 - False +: InsufficientStringBufferDeclaration with multiply
Fixed bug 1657957 - UseStringBufferForStringAppends now catches self-assignments
Applied patch 1612455 - RFE 1411022 CompareObjectsWithEquals now catches the case where comparison is against new Object
Implemented RFE 1562230 - Added migration rule to check for instantiation of Short/Byte/Long
Implemented RFE 1627581 - SuppressWarnings("unused") now suppresses all warnings in unusedcode.xml
XPath rules are now chained together for an extra speedup in processing
PMD now requires JDK 1.5 to be compiled. Java 1.4 support is provided using Retroweaver
- PMD will still analyze code from earlier JDKs
- to run pmd with 1.4, use the files from the java14 directory (weaved pmd jar and support files)
TypeResolution now looks at some ASTName nodes.
Memory footprint reduced: most renderers now use less memory by generating reports on the fly.
Ant task now takes advantage of multithreading code and on the fly renderers
Ant task now logs more debug info when using -verbose
PMD command line now has -benchmark: output a benchmark report upon completion; default to System.err
December 19, 2006 - 3.9:
New rules:
Basic ruleset: BigIntegerInstantiation, AvoidUsingOctalValues
Codesize ruleset: NPathComplexity, NcssTypeCount, NcssMethodCount, NcssConstructorCount
Design ruleset: UseCollectionIsEmpty
Strings ruleset: StringBufferInstantiationWithChar
Typeresolution ruleset: Loose Coupling - This is a re-implementation using the new Type Resolution facility
Fixed bug 1610730 - MisplacedNullCheck now catches more cases
Fixed bug 1570915 - AvoidRethrowingException no longer reports a false positive for certain nested exceptions.
Fixed bug 1571324 - UselessStringValueOf no longer reports a false positive for additive expressions.
Fixed bug 1573795 - PreserveStackTrace doesn't throw CastClassException on exception with 0 args
Fixed bug 1573591 - NonThreadSafeSingleton doesn't throw NPE when using this keyword
Fixed bug 1371753 - UnnecessaryLocalBeforeReturn is now less aggressive in its reporting.
Fixed bug 1566547 - Annotations with an empty MemberValueArrayInitializer are now parsed properly.
Fixed bugs 1060761 / 1433119 & RFE 1196954 - CloseResource now takes an optional parameter to identify closure methods
Fixed bug 1579615 - OverrideBothEqualsAndHashcode no longer throws an Exception on equals methods that don't have Object as a parameter type.
Fixed bug 1580859 - AvoidDecimalLiteralsInBigDecimalConstructor now catches more cases.
Fixed bug 1581123 - False +: UnnecessaryWrapperObjectCreation.
Fixed bug 1592710 - VariableNamingConventions no longer reports false positives on certain enum declarations.
Fixed bug 1593292 - The CPD GUI now works with the 'by extension' option selected.
Fixed bug 1560944 - CPD now skips symlinks.
Fixed bug 1570824 - HTML reports generated on Windows no longer contain double backslashes. This caused problems when viewing those reports with Apache.
Fixed bug 1031966 - Re-Implemented CloneMethodMustImplementCloneable as a typeresolution rule. This rule can now detect super classes/interfaces which are cloneable
Fixed bug 1571309 - Optional command line options may be used either before or after the mandatory arguments
Applied patch 1551189 - SingularField false + for initialization blocks
Applied patch 1573981 - false + in CloneMethodMustImplementCloneable
Applied patch 1574988 - false + in OverrideBothEqualsAndHashcode
Applied patch 1583167 - Better test code management. Internal JUnits can now be written in XML's
Applied patch 1613674 - Support classpaths with spaces in pmd.bat
Applied patch 1615519 - controversial/DefaultPackage XPath rule is wrong
Applied patch 1615546 - Added option to command line to write directly to a file
Implemented RFE 1566313 - Command Line now takes minimumpriority attribute to filter out rulesets
PMD now requires JDK 1.4 to run
- PMD will still analyze code from earlier JDKs
- PMD now uses the built-in JDK 1.4 regex utils vs Jakarta ORO
- PMD now uses the JDK javax.xml APIs rather than being hardcoded to use Xerces and Xalan
SummaryHTML Report changes from Brent Fisher - now contains linePrefix to support source output from javadoc using "linksource"
Fixed CSVRenderer - had flipped line and priority columns
Fixed bug in Ant task - CSV reports were being output as text.
Fixed false negatives in UseArraysAsList.
Fixed several JDK 1.5 parsing bugs.
Fixed several rules (exceptions on jdk 1.5 and jdk 1.6 source code).
Fixed array handling in AvoidReassigningParameters and UnusedFormalParameter.
Fixed bug in UselessOverridingMethod: false + when adding synchronization.
Fixed false positives in LocalVariableCouldBeFinal.
Fixed false positives in MethodArgumentCouldBeFinal.
Modified annotation suppression to use @SuppressWarning("PMD") to suppress all warnings and @SuppressWarning("PMD.UnusedLocalVariable") to suppress a particular rule's warnings.
Rules can now call RuleContext.getSourceType() if they need to make different checks on JDK 1.4 and 1.5 code.
CloseResource rule now checks code without java.sql import.
ArrayIsStoredDirectly rule now checks Constructors
undo/redo added to text areas in Designer.
Better 'create rule XML' panel in Designer.
use of entrySet to iterate over Maps.
1.6 added as a valid option for targetjdk.
PMD now allows rules to use Type Resolution. This was referenced in patch 1257259.
Renderers use less memory when generating reports.
New DynamicXPathRule class to speed up XPath based rules by providing a base type for the XPath expression.
Multithreaded processing on multi core or multi cpu systems.
Performance Refactoring, XPath rules re-written as Java:
AssignmentInOperand
AvoidDollarSigns
DontImportJavaLang
DontImportSun
MoreThanOneLogger
SuspiciousHashcodeMethodName
UselessStringValueOf
October 4, 2006 - 3.8:
New rules:
Basic ruleset: BrokenNullCheck
Strict exceptions ruleset: AvoidRethrowingException
Optimizations ruleset: UnnecessaryWrapperObjectCreation
Strings ruleset: UselessStringValueOf
Fixed bug 1498910 - AssignmentInOperand no longer has a typo in the message.
Fixed bug 1498960 - DontImportJavaLang no longer reports static imports of java.lang members.
Fixed bug 1417106 - MissingBreakInSwitch no longer flags stmts where every case has either a return or a throw.
Fixed bug 1412529 - UncommentedEmptyConstructor no longer flags private constructors.
Fixed bug 1462189 - InsufficientStringBufferDeclaration now resets when it reaches setLength the same way it does at a Constructor
Fixed bug 1497815 - InsufficientStringBufferDeclaration rule now takes the length of the constructor into account, and adds the length of the initial string to its initial length
Fixed bug 1504842 - ExceptionSignatureDeclaration no longer flags methods starting with 'test'.
Fixed bug 1516728 - UselessOverridingMethod no longer raises an NPE on methods that use generics.
Fixed bug 1522054 - BooleanInstantiation now detects instantiations inside method calls.
Fixed bug 1522056 - UseStringBufferForStringAppends now flags appends which occur in static initializers and constructors
Fixed bug 1526530 - SingularField now finds fields which are hidden at the method or static level
Fixed bug 1529805 - UnusedModifier no longer throws NPEs on JDK 1.5 enums.
Fixed bug 1531593 - UnnecessaryConversionTemporary no longer reports false positives when toString() is invoked inside the call to 'new Long/Integer/etc()'.
Fixed bug 1512871 - Improved C++ tokenizer error messages - now they include the filename.
Fixed bug 1531152 - CloneThrowsCloneNotSupportedException now reports the proper line number.
Fixed bug 1531236 - IdempotentOperations reports fewer false positives.
Fixed bug 1544564 - LooseCoupling rule now checks for ArrayLists
Fixed bug 1544565 - NonThreadSafeSingleton now finds if's with compound statements
Fixed bug 1561784 - AbstractOptimizationRule no longer throws ClassCastExceptions on certain postfix expressions.
Fixed a bug in AvoidProtectedFieldInFinalClass - it no longer reports false positives for protected fields in inner classes.
Fixed a bug in the C++ grammar - the tokenizer now properly recognizes macro definitions which are followed by a multiline comment.
Modified C++ tokenizer to use the JavaCC STATIC option; this results in about a 30% speedup in tokenizing.
Implemented RFE 1501850 - UnusedFormalParameter now catches cases where a parameter is assigned to but not used.
Applied patch 1481024 (implementing RFE 1490181)- NOPMD messages can now be reported with a user specified msg, e.g., //NOPMD - this is expected
Added JSP support to the copy/paste detector.
Placed JSF/JSP ruleset names in rulesets/jsprulesets.properties
Added the image to the ASTEnumConstant nodes.
Added new XSLT stylesheet for CPD XML->HTML from Max Tardiveau.
Refactored UseIndexOfChar to extract common functionality into AbstractPoorMethodCall.
Improved CPD GUI and Designer look/functionality; thanks to Brian Remedios for the changes!
Rewrote the NOPMD mechanism to collect NOPMD markers as the source file is tokenized. This eliminates an entire scan of each source file.
Applied patch from Jason Bennett to enhance CyclomaticComplexity rule to account for conditional or/and nodes, do stmts, and catch blocks.
Applied patch from Xavier Le Vourch to reduce false postives from CloneMethodMustImplementCloneable.
Updated Jaxen library to beta 10.
Performance Refactoring, XPath rules re-written as Java:
BooleanInstantiation
UselessOperationOnImmutable
OverrideBothEqualsAndHashcode
UnnecessaryReturn
UseStringBufferForStringAppends
SingularField
NonThreadSafeSingleton
June 1, 2006 - 3.7:
New rules:
Basic-JSP ruleset: DuplicateJspImport
Design ruleset: PreserveStackTrace
J2EE ruleset: UseProperClassLoader
Implemented RFE 1462019 - Add JSPs to Ant Task
Implemented RFE 1462020 - Add JSPs to Designer
Fixed bug 1461426 InsufficientStringBufferDeclaration does not consider paths
Fixed bug 1462184 False +: InsufficientStringBufferDeclaration - wrong size
Fixed bug 1465574 - UnusedPrivateMethod no longer reports false positives when a private method is called from a method with a parameter of the same name.
Fixed bug 1114003 - UnusedPrivateMethod no longer reports false positives when two methods have the same name and number of arguments but different types. The fix causes PMD to miss a few valid cases, but, c'est la vie.
Fixed bug 1472843 - UnusedPrivateMethod no longer reports false positives when a private method is only called from a method that contains a variable with the same name as that method.
Fixed bug 1461442 - UseAssertSameInsteadOfAssertTrue now ignores comparisons to null; UseAssertNullInsteadOfAssertTrue will report those.
Fixed bug 1474778 - UnnecessaryCaseChange no longer flags usages of toUpperCase(Locale).
Fixed bug 1423429 - ImmutableField no longer reports false positives on variables which can be set via an anonymous inner class that is created in the constructor.
Fixed major bug in CPD; it was not picking up files other than .java or .jsp.
Fixed a bug in CallSuperInConstructor; it now checks inner classes/enums more carefully.
Fixed a bug in VariableNamingConventions; it was not setting the warning message properly.
Fixed bug in C/C++ parser; a '$' is now allowed in an identifier. This is useful in VMS.
Fixed a symbol table bug; PMD no longer crashes on enumeration declarations in the same scope containing the same field name
Fixed a bug in ASTVariableDeclaratorId that triggered a ClassCastException if a annotation was used on a parameter.
Added RuleViolation.getBeginColumn()/getEndColumn()
Added an optional 'showSuppressed' item to the Ant task; this is false by default and toggles whether or not suppressed items are shown in the report.
Added an IRuleViolation interface and modified various code classes (include Renderer implementations and Report) to use it.
Modified JJTree grammar to use conditional node descriptors for various expression nodes and to use node suppression for ASTModifier nodes; this replaces a bunch of DiscardableNodeCleaner hackery. It also fixed bug 1445026.
Modified C/CPP grammar to only build the lexical analyzer; we're not using the parser for CPD, just the token manager. This reduces the PMD jar file size by about 50 KB.
March 29, 2006 - 3.6:
New rules:
Basic ruleset: AvoidThreadGroup
Design ruleset: UnsynchronizedStaticDateFormatter
Strings ruleset: InefficientEmptyStringCheck, InsufficientStringBufferDeclaration
JUnit ruleset: SimplifyBooleanAssertion
Basic-JSF ruleset: DontNestJsfInJstlIteration
Basic-JSP ruleset: NoLongScripts, NoScriptlets, NoInlineStyleInformation, NoClassAttribute, NoJspForward, IframeMissingSrcAttribute, NoHtmlComments
Fixed bug 1414985 - ConsecutiveLiteralAppends now checks for intervening references between appends.
Fixed bug 1418424 - ConsecutiveLiteralAppends no longer flags appends in separate methods.
Fixed bug 1416167 - AppendCharacterWithChar now catches cases involving escaped characters.
Fixed bug 1421409 - Ant task now has setter to allow minimumPriority attribute to be used.
Fixed bug 1416164 - InefficientStringBuffering no longer reports false positives on the three argument version of StringBuffer.append().
Fixed bug 1415326 - JUnitTestsShouldContainAsserts no longer errors out on JDK 1.5 generics.
Fixed bug 1415333 - CyclomaticComplexity no longer errors out on JDK 1.5 enums.
Fixed bug 1415663 - PMD no longer fails to parse abstract classes declared in a method.
Fixed bug 1433439 - UseIndexOfChar no longer reports false positives on case like indexOf('a' + getFoo()).
Fixed bug 1435218 - LoggerIsNotStaticFinal no longer reports false positives for local variables.
Fixed bug 1413745 - ArrayIsStoredDirectly no longer reports false positives for array deferences.
Fixed bug 1435751 - Added encoding type of UTF-8 to the CPD XML file.
Fixed bug 1441539 - ConsecutiveLiteralAppends no longer flags appends() involving method calls.
Fixed bug 1339470 - PMD no longer fails to parse certain non-static initializers.
Fixed bug 1425772 - PMD no longer fails with errors in ASTFieldDeclaration when parsing some JDK 1.5 code.
Fixed bugs 1448123 and 1449175 - AvoidFieldNameMatchingTypeName, SingularField, TooManyFields, and AvoidFieldNameMatchingMethodName no longer error out on enumerations.
Fixed bug 1444654 - migrating_to_14 and migrating_to_15 no longer refer to rule tests.
Fixed bug 1445231 - TestClassWithoutTestCases: no longer flags abstract classes.
Fixed bug 1445765 - PMD no longer uses huge amounts of memory. However, you need to use RuleViolation.getBeginLine(); RuleViolation.getNode() is no more.
Fixed bug 1447295 - UseNotifyAllInsteadOfNotify no longer flags notify() methods that have a parameter.
Fixed bug 1455965 - MethodReturnsInternalArray no longer flags variations on 'return new Object[] {}'.
Implemented RFE 1415487 - Added a rulesets/releases/35.xml ruleset (and similar rulesets for previous releases) contains rules new to PMD v3.5
Wouter Zelle fixed a false positive in NonThreadSafeSingleton.
Wouter Zelle fixed a false positive in InefficientStringBuffering.
The CPD Ant task now supports an optional 'language' attribute.
Removed some ill-advised casts from the parsers.
Fixed bug in CallSuperInConstructor; it no longer flag classes without extends clauses.
Fixed release packaging; now entire xslt/ directory contents are included.
Added more XSLT from Dave Corley - you can use them to filter PMD reports by priority level.
You can now access the name of a MemberValuePair node using getImage().
PositionLiteralsFirstInComparisons was rewritten in XPath.
Added a getVersionString method to the TargetJDKVersion interface.
Added an option '--targetjdk' argument to the Benchmark utility.
Applied a patch from Wouter Zelle to clean up the Ant Formatter class, fix a TextRenderer bug, and make toConsole cleaner.
Rewrote AvoidCallingFinalize in Java; fixed bug and runs much faster, too.
Uploaded ruleset schema to http://pmd.sf.net/ruleset_xml_schema.xsd
UseIndexOfChar now catches cases involving lastIndexOf.
Rules are now run in the order in which they're listed in a ruleset file. Internally, they're now stored in a List vs a Set, and RuleSet.getRules() now returns a Collection.
Upgraded to JUnit version 3.8.2.
Jan 25, 2006 - 3.5:
New rules:
Basic ruleset: UselessOperationOnImmutable, MisplacedNullCheck, UnusedNullCheckInEquals
Migration ruleset: IntegerInstantiation
JUnit ruleset: UseAssertNullInsteadOfAssertTrue
Strings ruleset: AppendCharacterWithChar, ConsecutiveLiteralAppends, UseIndexOfChar
Design ruleset: AvoidConstantsInterface
Optimizations ruleset: UseArraysAsList, AvoidArrayLoops
Controversial ruleset: BooleanInversion
Fixed bug 1371980 - InefficientStringBuffering no longer flags StringBuffer methods other than append().
Fixed bug 1277373 - InefficientStringBuffering now catches more cases.
Fixed bug 1376760 - InefficientStringBuffering no longer throws a NullPointerException when processing certain expressions.
Fixed bug 1371757 - Misleading example in AvoidSynchronizedAtMethodLevel
Fixed bug 1373510 - UseAssertSameInsteadOfAssertTrue no longer has a typo in its message, and its message is more clear.
Fixed bug 1375290 - @SuppressWarnings annotations are now implemented correctly; they accept one blank argument to suppress all warnings.
Fixed bug 1376756 - UselessOverridingMethod no longer throws an exception on overloaded methods.
Fixed bug 1378358 - StringInstantiation no longer throws ClassCastExceptions on certain allocation patterns.
Fixed bug 1371741 - UncommentedEmptyConstructor no longer flags constructors that consist of a this() or a super() invocation.
Fixed bug 1277373 - InefficientStringBuffering no longer flags concatenations that involve a static final String.
Fixed bug 1379701 - CompareObjectsWithEquals no longer flags comparisons of array elements.
Fixed bug 1380969 - UnusedPrivateMethod no longer flags private static methods that are only invoked in a static context from a field declaration.
Fixed bug 1384594 - Added a 'prefix' property for BeanMembersShouldSerializeRule
Fixed bug 1394808 - Fewer missed hits for AppendCharacterWithChar and InefficientStringBuffering, thanks to Allan Caplan for catching these
Fixed bug 1400754 - A NPE is no longer thrown on certain JDK 1.5 enum usages.
Partially fixed bug 1371753 - UnnecessaryLocalBeforeReturn message now reflects the fact that that rule flags all types
Fixed a bug in UseStringBufferLength; it no longers fails with an exception on expressions like StringBuffer.toString.equals(x)
Fixed a bug in CPD's C/C++ parser so that it no longer fails on multi-line literals; thx to Tom Judge for the nice patch.
CPD now recognizes '--language c' and '--language cpp' as both mapping to the C/C++ parser.
Modified renderers to support disabling printing of suppressed warnings. Introduced a new AbstractRenderer class that all Renderers can extends to get the current behavior - that is, suppressed violations are printed.
Implemented RFE 1375435 - you can now embed regular expressions inside XPath rules, i.e., //ClassOrInterfaceDeclaration[matches(@Image, 'F?o')].
Added current CLASSPATH to pmd.bat.
UnusedFormalParameter now catches unused constructor parameters, and its warning message now reflects whether it caught a method or a constructor param.
Rebuilt JavaCC parser with JavaCC 4.0.
Added jakarta-oro-2.0.8.jar as a new dependency to support regular expression in XPath rules.
Ant task now supports a 'minimumPriority' attribute; only rules with this priority or higher will be run.
Renamed Ant task 'printToConsole' attribute to 'toConsole' and it can only be used inside a formatter element.
Added David Corley's Javascript report, more details are here: http://tomcopeland.blogs.com/juniordeveloper/2005/12/demo_of_some_ni.html
November 30, 2005 - 3.4:
New rules:
Basic ruleset: ClassCastExceptionWithToArray, AvoidDecimalLiteralsInBigDecimalConstructor
Design ruleset: NonThreadSafeSingleton, UncommentedEmptyMethod, UncommentedEmptyConstructor
Controversial ruleset: DefaultPackage
Naming ruleset: MisleadingVariableName
Migration ruleset: ReplaceVectorWithList, ReplaceHashtableWithMap, ReplaceEnumerationWithIterator, AvoidEnumAsIdentifier, AvoidAssertAsIdentifier
Strings ruleset: UseStringBufferLength
Fixed bug 1292745 - Removed unused source file ExceptionTypeChecking.java
Fixed bug 1292609 - The JDK 1.3 parser now correctly handles certain 'assert' usages. Also added a 'JDK 1.3' menu item to the Designer.
Fixed bug 1292689 - Corrected description for UnnecessaryLocalBeforeReturn
Fixed bug 1293157 - UnusedPrivateMethod no longer reports false positives for private methods which are only invoked from static initializers.
Fixed bug 1293277 - Messages that used 'pluginname' had duplicated messages.
Fixed bug 1291353 - ASTMethodDeclaration isPublic/isAbstract methods always return true. The syntactical modifier - i.e., whether or not 'public' was used in the source code in the method declaration - is available via 'isSyntacticallyPublic' and 'isSyntacticallyAbstract'
Fixed bug 1296544 - TooManyFields no longer checks the wrong property value.
Fixed bug 1304739 - StringInstantiation no longer crashes on certain String constructor usages.
Fixed bug 1306180 - AvoidConcatenatingNonLiteralsInStringBuffer no longer reports false positives on certain StringBuffer usages.
Fixed bug 1309235 - TooManyFields no longer includes static finals towards its count.
Fixed bug 1312720 - DefaultPackage no longer flags interface fields.
Fixed bug 1312754 - pmd.bat now handles command line arguments better in WinXP.
Fixed bug 1312723 - Added isSyntacticallyPublic() behavior to ASTFieldDeclaration nodes.
Fixed bug 1313216 - Designer was not displaying 'final' attribute for ASTLocalVariableDeclaration nodes.
Fixed bug 1314086 - Added logging-jakarta-commons as a short name for rulesets/logging-jakarta-commons.xml to SimpleRuleSetNameMapper.
Fixed bug 1351498 - Improved UnnecessaryCaseChange warning message.
Fixed bug 1351706 - CompareObjectsWithEquals now catches more cases.
Fixed bug 1277373 (and 1347286) - InefficientStringBuffering now flags fewer false positives.
Fixed bug 1363447 - MissingBreakInSwitch no longer reports false positives for switch statements where each switch label has a return statement.
Fixed bug 1363458 - MissingStaticMethodInNonInstantiatableClass no longer reports cases where there are public static fields.
Fixed bug 1364816 - ImmutableField no longer reports false positives for fields assigned in an anonymous inner class in a constructor.
Implemented RFE 1311309 (and 1119854) - Suppressed RuleViolation counts are now included in the reports.
Implemented RFE 1220371 - Rule violation suppression via annotations. Per the JLS, @SuppressWarnings can be placed before the following nodes: TYPE, FIELD, METHOD, PARAMETER, CONSTRUCTOR, LOCAL_VARIABLE.
Implemented RFE 1275547 - OverrideBothEqualsAndHashcode now skips Comparator implementations.
Applied patch 1306999 - Renamed CloseConnection to CloseResource and added support for checking Statement and ResultSet objects.
Applied patch 1344754 - EmptyCatchBlock now skips catch blocks that contain comments. This is also requested in RFE 1347884.
Renamed AvoidConcatenatingNonLiteralsInStringBuffer to InefficientStringBuffering; new name is a bit more concise.
Modified LongVariable; now it has a property which can be used to override the minimum reporting value.
Improved CPD XML report.
CPD no longer skips header files when checking C/C++ code.
Reworked CPD command line arguments; old-style arguments will still work for one more version, though.
Lots of documentation improvements.
September 15, 2005 - 3.3:
New rules:
Design: PositionLiteralsFirstInComparisons, UnnecessaryLocalBeforeReturn
Logging-jakarta-commons: ProperLogger
Basic: UselessOverridingMethod
Naming: PackageCase, NoPackage
Strings: UnnecessaryCaseChange
Implemented RFE 1220171 - rule definitions can now contain a link to an external URL for more information on that rule - for example, a link to the rule's web page. Thanks to Wouter Zelle for designing and implementing this!
Implemented RFE 1230685 - The text report now includes parsing errors even if no rule violations are reported
Implemented RFE 787860 - UseSingleton now accounts for JUnit test suite declarations.
Implemented RFE 1097090 - The Report object now contains the elapsed time for running PMD. This shows up in the XML report as an elapsedTime attribute in the pmd element in the format '2m 5s' or '1h 5h 35s' or '25s' .
Implemented RFE 1246338 - CPD now handles SCCS directories and NTFS junction points.
Fixed bug 1226858 - JUnitAssertionsShouldIncludeMessage now checks calls to assertFalse.
Fixed bug 1227001 - AvoidCallingFinalize no longer flags calls to finalize() within finalizers.
Fixed bug 1229755 - Fixed typo in ArrayIsStoredDirectly description.
Fixed bug 1229749 - Improved error message when an external rule is not found.
Fixed bug 1224849 - JUnitTestsShouldContainAsserts no longer skips method declarations which include explicit throws clauses.
Fixed bug 1225492 - ConstructorCallsOverridableMethod now reports the correct method name. dvholten's examples in RFE 1235562 also helped with this a great deal.
Fixed bug 1228589 - DoubleCheckedLocking and ExceptionSignatureDeclaration no longer throw ClassCastExceptions on method declarations that declare generic return types.
Fixed bug 1235299 - NullAssignment no longer flags null equality comparisons in ternary expressions.
Fixed bug 1235300 - NullAssignment no longer flags assignments to final fields.
Fixed bug 1240201 - The UnnecessaryParentheses message is no longer restricted to return statements.
Fixed bug 1242290 - The JDK 1.5 parser no longer chokes on nested enumerations with a constructor.
Fixed bug 1242544 - SimplifyConditional no longer flags null checks that precede an instanceof involving an array dereference.
Fixed bug 1242946 - ArrayIsStoredDirectly no longer reports false positives for equality expression comparisons. As a bonus, its message now includes the variable name :-)
Fixed bug 1232648 - MethodReturnsInternalArray no longer reports false positives on return statement expressions that involve method invocations on an internal array.
Fixed bug 1244428 - MissingStaticMethodInNonInstantiatableClass no longer reports warnings for nested classes. Some inner class cases will be missed, but false positives will be eliminated as well.
Fixed bug 1244443 - EqualsNull now catches more cases.
Fixed bug 1250949 - The JDK 1.5 parser no longer chokes on annotated parameters and annotated local variables.
Fixed bug 1245139 - TooManyFields no longer throws a ClassCastException when processing anonymous classes.
Fixed bug 1251256 - ImmutableField no longer skips assignments in try blocks on methods (which led to false positives).
Fixed bug 1250949 - The JDK 1.5 parser no longer chokes on AnnotationTypeMemberDeclaration with a default value.
Fixed bug 1245367 - ImmutableField no longer triggers on assignments in loops in constructors.
Fixed bug 1251269 - AvoidConcatenatingNonLiteralsInStringBuffer no longer triggers on StringBuffer constructors like 'new StringBuffer(1 + getFoo());'
Fixed bug 1244570 - AvoidConcatenatingNonLiteralsInStringBuffer no longer triggers on certain AST patterns involving local variable declarations inside Statement nodes.
Fixed bug 695344 - StringInstantiation no longer triggers on the String(byte[]) constructor.
Fixed bug 1114754 - UnusedPrivateMethod reports fewer false positives.
Fixed bug 1290718 - Command line parameter documentation is now correct for targetjdk options.
Applied patch 1228834 - XPath rules can now use properties to customize rules. Thanks to Wouter Zelle for another great piece of work!
Fixed a bug in RuleSetFactory that missed some override cases; thx to Wouter Zelle for the report and a fix.
Fixed a bug in the grammar that didn't allow constructors to have type parameters, which couldn't parse some JDK 1.5 constructs.
Fixed a bug in ImportFromSamePackage; now it catches the case where a class has an on-demand import for the same package it is in.
Fixed a bug in CompareObjectsWithEquals; now it catches some local variable cases.
Fixed a bug in CouplingBetweenObjects; it no longer triggers an exception (which is a bug in the symbol table layer) by calling getEnclosingClassScope() when the node in question isn't enclosed by one.
Moved AvoidCallingFinalize from the design ruleset to the finalize ruleset and then deleted redundant ExplicitCallToFinalize rule from the finalize ruleset.
Deleted redundant ExceptionTypeChecking rule from the strictexception ruleset; use AvoidInstanceofChecksInCatchClause in the design ruleset instead.
Added some new XSLT scripts that create nifty HTML output; thanks to Wouter Zelle for the code.
Improved UseCorrectExceptionLogging; thx to Wouter Zelle for the new XPath.
Improved warning message from UnusedPrivateMethod.
Improved EmptyIfStmt; now it catches the case where an IfStatement is followed by an EmptyStatement node.
The Ant task now accepts the short names of rulesets (e.g., unusedcode for rulesets/unusedcode.xml).
Removed unnecessary '.html' suffix from displayed filenames when the linkPrefix attribute is used with the HTML renderer.
Added an optional 'description' attribute to the 'property' element in the ruleset XML files.
Added a simplified SimpleNode.addViolation() method to reduce duplicated rule violation creation code.
Moved from jaxen-1.0-fcs.jar/saxpath-1.0-fcs.jar to jaxen-1.1-beta-7.jar. This yielded a 20% speed increase in the basic ruleset!
June 21, 2005 - 3.2:
New rules: UseCorrectExceptionLogging (logging-jakarta-commons ruleset), AvoidPrintStackTrace (logging-java ruleset), CompareObjectsWithEquals (design ruleset)
Fixed bug 1201577 - PMD now correctly parses method declarations that return generic types.
Fixed bug 1205709 - PMD no longer takes a long time to report certain parsing errors.
Fixed bug 1052356 - ImmutableField no longer triggers on fields which are assigned to in a constructor's try statement.
Fixed bug 1215854 - Package/class/method names are now filled in whenever possible, and the XML report includes all three.
Fixed bug 1209719 - MethodArgumentCouldBeFinal no longer triggers on arguments which are modified using postfix or prefix expressions. A bug in AvoidReassigningParameters was also fixed under the same bug id.
Fixed bug 1188386 - MethodReturnsInternalArray no longer flags returning a local array declaration.
Fixed bug 1172137 - PMD no longer locks up when generating a control flow graph for if statements with labelled breaks.
Fixed bug 1221094 - JUnitTestsShouldContainAsserts no longer flags static methods.
Fixed bug 1217028 - pmd.bat now correctly passes parameters to PMD.
Implemented RFE 1188604 - AvoidThrowingCertainExceptionTypes has been split into AvoidThrowingRawExceptionTypes and AvoidThrowingNullPointerException.
Implemented RFE 1188369 - UnnecessaryBooleanAssertion now checks for things like 'assertTrue(!foo)'. These should be changed to 'assertFalse(foo)' for clarity.
Implemented RFE 1199622 - UnusedFormalParameter now defaults to only checking private methods unless a 'checkall' property is set.
Implemented RFE 1220314 - the symbol table now includes some rudimentary type information.
Break and continue statement labels (if present) are placed in the image field.
Fixed bug which caused MissingSerialVersionUID to trigger on all interfaces that implemented other interfaces.
Modified NullAssignmentRule to catch null assignments in ternary expressions.
Added two new node types - ASTCatchStatement and ASTFinallyStatement.
Modified rule XML definition; it no longer includes a symboltable attribute since the symbol table layer is now run for all files analyzed.
Harden equality of AbstractRule and RuleSet objects (needed for the Eclipse plugin features)
Change RuleSet.getRuleByName. Now return null instead of throwing a RuntimeException when the rule is not found
Add .project and .classpath to the module so that it can be checkout as an Eclipse project
May 10, 2005 - 3.1:
New rules: SimplifyStartsWith, UnnecessaryParentheses, CollapsibleIfStatements, UseAssertEqualsInsteadOfAssertTrue, UseAssertSameInsteadOfAssertTrue, UseStringBufferForStringAppends, SimplifyConditional, SingularField
Fixed bug 1170535 - LongVariable now report variables longer than 17 characters, not 12.
Fixed bug 1182755 - SystemPrintln no longer overreports problems.
Fixed bug 1188372 - AtLeastOneConstructor no longer fires on interfaces.
Fixed bug 1190508 - UnnecessaryBooleanAssertion no longer fires on nested boolean literals.
Fixed bug 1190461 - UnusedLocal no longer misses usages which are on the RHS of a right bit shift operator.
Fixed bug 1188371 - AvoidInstantiatingObjectsInLoops no longer fires on instantiations in loops when the 'new' keyword is preceded by a 'return' or a 'throw'.
Fixed bug 1190526 - TooManyFields now accepts a property setting correctly, and default lower bound is 15 vs 10.
Fixed bug 1196238 - UnusedImports no longer reports false positives for various JDK 1.5 java.lang subpackages.
Fixed bug 1169731 - UnusedImports no longer reports false positives on types used inside generics. This bug also resulted in a bug in ForLoopShouldBeWhileLoop being fixed, thanks Wim!
Fixed bug 1187325 - UnusedImports no longer reports a false positive on imports which are used inside an Annotation.
Fixed bug 1189720 - PMD no longer fails to parse generics that use 'member selectors'.
Fixed bug 1170109 - The Ant task now supports an optional 'targetjdk' attribute that accepts values of '1.3', '1.4', or '1.5'.
Fixed bug 1183032 - The XMLRenderer no longer throws a SimpleDateFormat exception when run with JDK 1.3.
Fixed bug 1097256 - The XMLRenderer now supports optional encoding of UTF8 characters using the 'net.sourceforge.pmd.supportUTF8' environment variable.
Fixed bug 1198832 - AbstractClassWithoutAbstractMethod no longer flags classes which implement interfaces since these can partially implement the interface and thus don't need to explicitly declare abstract methods.
Implemented RFE 1193979 - BooleanInstantiation now catches cases like Boolean.valueOf(true)
Implemented RFE 1171095 - LabeledStatement nodes now contain the image of the label.
Implemented RFE 1176401 - UnusedFormalParameter now flags public methods.
Implemented RFE 994338 - The msg produced by ConstructorCallsOverridableMethod now includes the offending method name.
Modified command line parameters; removed -jdk15 and -jdk13 parameters and added a -'targetjdk [1.3|1.4|1.5]' parameter.
Modified CSVRenderer to include more columns.
Optimized rules: FinalFieldCouldBeStatic (115 seconds to 7 seconds), SuspiciousConstantFieldName (48 seconds to 14 seconds), UnusedModifer (49 seconds to 4 seconds)
March 23, 2005 - 3.0:
New rules: MissingSerialVersionUID, UnnecessaryFinalModifier, AbstractClassDoesNotContainAbstractMethod, MissingStaticMethodInNonInstantiatableClass, AvoidSynchronizedAtMethodLevel, AvoidCallingFinalize, UseNotifyAllInsteadOfNotify, MissingBreakInSwitch, AvoidInstanceofChecksInCatchClause, AvoidFieldNameMatchingTypeName, AvoidFieldNameMatchingMethodName, AvoidNonConstructorMethodsWithClassName, TestClassWithoutTestCases, TooManyFields, CallSuperInConstructor, UnnecessaryBooleanAssertion, UseArrayListInsteadOfVector
Implemented RFE 1058039 - PMD's command line interface now accepts abbreviated names for the standard rulesets; for example 'java net.sourceforge.pmd.PMD /my/source/code/ text basic,unusedcode' would run the rulesets/basic.xml and the rulesets/unusedcode.xml rulesets on the source in /my/source/code and produce a text report.
Implemented RFE 1119851 - PMD's Ant task now supports an 'excludeMarker' attribute.
Fixed bug 994400 - False +: ConstructorCallsOverridableMethodRule, thanks to ereissner for reporting it
Fixed bug 1146116 - JUnitTestsShouldIncludeAssert no longer crashes on inner Interface
Fixed bug 1114625 - UnusedPrivateField no longer throws an NPE on standalone postfix expressions which are prefixed with 'this'.
Fixed bug 1114020 - The Ant task now reports a complete stack trace when run with the -verbose flag.
Fixed bug 1117983 - MethodArgumentCouldBeFinal no longer reports false positives on try..catch blocks.
Fixed bug 797742 - PMD now parses JDK 1.5 source code. Note that it's not perfect yet; more testing/bug reports are welcome!
Fixed a bug - the StatisticalRule no longer 'merges' data points when using the 'topscore' property.
Fixed a bug - the PMD Ant task's failOnRuleViolation attribute no longer causes a BuildException in the case when no rule violations occur.
Modified the XSLT to add a summary section.
Added Ruby support to CPD.
Optimized various rules and wrote a benchmarking application; results are here - http://infoether.com/~tom/pmd_timing.txt
February 1, 2005 - 2.3:
Fixed bug 1113927 - ExceptionAsFlowControl no longer throws NPEs on code where a throw statement exists without a try statement wrapping it.
Fixed bug 1113981 - AvoidConcatenatingNonLiteralsInStringBuffer no longer throws NPEs on code where an append appears as a child of an ExplicitConstructorInvocation node.
Fixed bug 1114039 - AvoidInstantiatingObjectsInLoops's message no longer contains a spelling error.
Fixed bug 1114029 - The 'optimization' rules no longer throw NPEs at various points.
Fixed bug 1114251 - The 'sunsecure' rules no longer throw NPEs at various points.
January 31, 2005 - 2.2:
New rules: LocalVariableCouldBeFinal, MethodArgumentCouldBeFinal, AvoidInstantiatingObjectsInLoops, ArrayIsStoredDirectly, MethodReturnsInternalArray, AssignmentToNonFinalStatic, AvoidConcatenatingNonLiteralsInStringBuffer
Fixed bug 1088459 - JUnitTestsShouldContainAsserts no longer throws ClassCastException on interface, native, and abstract method declarations.
Fixed bug 1100059 - The Ant task now generates a small empty-ish report if there are no violations.
Implemented RFE 1086168 - PMD XML reports now contain a version and timestamp attribute in the <pmd> element.
Implemented RFE 1031950 - The PMD Ant task now supports nested ruleset tags
Fixed a bug in the rule override logic; it no longer requires the "class" attribute of a rule be listed in the overrides section.
Added 'ignoreLiterals' and 'ignoreIdentifiers' boolean options to the CPD task.
Cleaned up a good bit of the symbol table code; thanks much to Harald Gurres for the patch.
CPD now contains a generic copy/paste checker for programs in any language
December 15, 2004 - 2.1:
New rules: AvoidProtectedFieldInFinalClass, SystemPrintln
Fixed bug 1050173 - ImmutableFieldRule no longer reports false positives for static fields.
Fixed bug 1050286 - ImmutableFieldRule no longer reports false positives for classes which have multiple constructors only a subset of which set certain fields.
Fixed bug 1055346 - ImmutableFieldRule no longer reports false positive on preinc/predecrement/postfix expressions.
Fixed bug 1041739 - EmptyStatementNotInLoop no longer reports false positives for nested class declarations in methods.
Fixed bug 1039963 - CPD no longer fails to parse C++ files with multi-line macros.
Fixed bug 1053663 - SuspiciousConstantFieldName no longer reports false positives for interface members.
Fixed bug 1055930 - CouplingBetweenObjectsRule no longer throws a NPE on interfaces
Fixed a possible NPE in dfa.report.ReportTree.
Implemented RFE 1058033 - Renamed run.[sh|bat] to pmd.[sh|bat].
Implemented RFE 1058042 - XML output is more readable now.
Applied patch 1051956 - Rulesets that reference rules using "ref" can now override various properties.
Applied patch 1070733 - CPD's Java checker now has an option to ignore both literals and identifiers - this can help find large duplicate code blocks, but can also result in false positives.
YAHTMLRenderer no longer has dependence on Ant packages.
Modified the AST to correctly include PostfixExpression nodes. Previously a statement like "x++;" was embedded in the parent StatementExpression node.
Moved BooleanInstantiation from the design ruleset to the basic ruleset.
Updated Xerces libraries to v2.6.2.
Many rule names had the word "Rule" tacked on to the end. Various folks thought this was a bad idea, so here are the new names of those rules which were renamed:
- basic.xml: UnnecessaryConversionTemporary, OverrideBothEqualsAndHashcode, DoubleCheckedLocking
- braces.xml: WhileLoopsMustUseBraces, IfElseStmtsMustUseBraces, ForLoopsMustUseBraces
- clone.xml: ProperCloneImplementation
- codesize.xml: CyclomaticComplexity, ExcessivePublicCount
- controversial.xml: UnnecessaryConstructor, AssignmentInOperand, DontImportSun, SuspiciousOctalEscape
- coupling.xml: CouplingBetweenObjects, ExcessiveImports, LooseCoupling
- design.xml: UseSingleton, SimplifyBooleanReturns, AvoidReassigningParameters, ConstructorCallsOverridableMethod, AccessorClassGeneration, CloseConnection, OptimizableToArrayCall, IdempotentOperations. ImmutableField
- junit.xml: JUnitAssertionsShouldIncludeMessage, JUnitTestsShouldIncludeAssert
- logging-java.xml: MoreThanOneLogger, LoggerIsNotStaticFinal
- naming.xml: ShortMethodName, VariableNamingConventions, ClassNamingConventions, AbstractNaming
- strictexception.xml: ExceptionAsFlowControl, AvoidCatchingNPE, AvoidThrowingCertainExceptionTypes
Continued working on JDK 1.5 compatibility - added support for static import statements, varargs, and the new for loop syntax
- still TODO: generics and annotations (note that autoboxing shouldn't require a grammar change)
- Good article on features: http://java.sun.com/developer/technicalArticles/releases/j2se15/
October 19, 2004 - 2.0:
New rules: InstantiationToGetClass, IdempotentOperationsRule, SuspiciousEqualsMethodName, SimpleDateFormatNeedsLocale, JUnitTestsShouldContainAssertsRule, SuspiciousConstantFieldName, ImmutableFieldRule, MoreThanOneLoggerRule, LoggerIsNotStaticFinalRule, UseLocaleWithCaseConversions
Applied patch in RFE 992576 - Enhancements to VariableNamingConventionsRule
Implemented RFE 995910 - The HTML report can now include links to HTMLlized source code - for example, the HTML generated by JXR.
Implemented RFE 665824 - PMD now ignores rule violations in lines containing the string 'NOPMD'.
Fixed bug in SimplifyBooleanExpressions - now it catches more cases.
Fixed bugs in AvoidDuplicateLiterals - now it ignores small duplicate literals, its message is more helpful, and it catches more cases.
Fixed bug 997893 - UnusedPrivateField now detects assignments to members of private fields as a usage.
Fixed bug 1020199 - UnusedLocalVariable no longer flags arrays as unused if an assignment is made to an array slot.
Fixed bug 1027133 - Now ExceptionSignatureDeclaration skips certain JUnit framework methods.
Fixed bug 1008548 - The 'favorites' ruleset no longer contains a broken reference.
Fixed bug 1045583 - UnusedModifier now correctly handles anonymous inner classes within interface field declarations.
Partially fixed bug 998122 - CloseConnectionRule now checks for imports of java.sql before reporting a rule violation.
Applied patch 1001694 - Now PMD can process zip/jar files of source code.
Applied patch 1032927 - The XML report now includes the rule priority.
Added data flow analysis facade from Raik Schroeder.
Added two new optional attributes to rule definitions - symboltable and dfa. These allow the symbol table and DFA facades to be configured on a rule-by-rule basis. Note that if your rule needs the symbol table; you'll need to add symboltable="true" to your rule definition. FWIW, this also results in about a 5% speedup for rules that don't need either layer.
Added a "logging" ruleset - thanks to Miguel Griffa for the code!
Enhanced the ASTViewer - and renamed it 'Designer' - to display data flows.
Moved development environment to Maven 1.0.
Moved development environment to Ant 1.6.2. This is nice because using the new JUnit task attribute "forkmode='perBatch'" cuts test runtime from 90 seconds to 7 seconds. Sweet.
MethodWithSameNameAsEnclosingClass now reports a more helpful line number.
July 14, 2004 - 1.9:
New rules: CloneMethodMustImplementCloneable, CloneThrowsCloneNotSupportedException, EqualsNull, ConfusingTernary
Created new "clone" ruleset and moved ProperCloneImplementationRule over from the design ruleset.
Moved LooseCoupling from design.xml to coupling.xml.
Some minor performance optimizations - removed some unnecessary casts from the grammar, simplified some XPath rules.
Postfix expressions (i.e., x++) are now available in the grammar. To access them, search for StatementExpressions with an image of "++" or "--" - i.e., in XPath, //StatementExpression[@Image="++"]. This is an odd hack and hopefully will get cleared up later.
Ant task and CLI now used BufferedInputStreams.
Converted AtLeastOneConstructor rule from Java code to XPath.
Implemented RFE 743460: The XML report now contains the ruleset name.
Implemented RFE 958714: Private field and local variables that are assigned but not used are now flagged as unused.
Fixed bug 962782 - BeanMembersShouldSerializeRule no longer reports set/is as being a violation.
Fixed bug 977022 - UnusedModifier no longer reports false positives for modifiers of nested classes in interfaces
Fixed bug 976643 - IfElseStmtsMustUseBracesRule no longer reports false positives for certain if..else constructs.
Fixed bug 985961 - UseSingletonRule now fires on classes which contain static fields
Fixed bug 977031 - FinalizeDoesNotCallSuperFinalize no longer reports a false positive when a finalizer contains a call to super.finalize in a try {} finally {} block.
May 19, 2004 - 1.8:
New rules: ExceptionAsFlowControlRule, BadComparisonRule, AvoidThrowingCertainExceptionTypesRule, AvoidCatchingNPERule, OptimizableToArrayCallRule
Major grammar changes - lots of new node types added, many superfluous nodes removed from the runtime AST. Bug 786611 - http://sourceforge.net/tracker/index.php?func=detail&aid=786611&group_id=56262&atid=479921 - explains it a bit more.
Fixed bug 786611 - Expressions are no longer over-expanded in the AST
Fixed bug 874284 - The AST now contains tokens for bitwise or expressions - i.e., "|"
April 22, 2004 - 1.7:
Moved development environment to Maven 1.0-RC2.
Fixed bug 925840 - Messages were no longer getting variable names plugged in correctly
Fixed bug 919308 - XMLRenderer was still messed up; 'twas missing a quotation mark.
Fixed bug 923410 - PMD now uses the default platform character set encoding; optionally, you can pass in a character encoding to use.
Implemented RFE 925839 - Added some more detail to the UseSingletonRule.
Added an optional 'failuresPropertyName' attribute to the Ant task.
Refactored away duplicate copies of XPath rule definitions in regress/, yay!
Removed manifest from jar file; it was only there for the Main-class attribute, and it's not very useful now since PMD has several dependencies.
Began working on JDK 1.5 compatibility - added support for EnumDeclaration nodes.
March 15, 2004 - 1.6:
Fixed bug 895661 - XML reports containing error elements no longer have malformed XML.
Fixed a bug in UnconditionalIfStatement - it no longer flags things like "if (x==true)".
Applied Steve Hawkins' improvements to CPD:
- Various optimizations; now it runs about 4 times faster!
- fixed "single match per file" bug
- tweaked source code slicing
- CSV renderer
Added two new renderers - SummaryHTMLRenderer and PapariTextRenderer.
Moved development environment to Ant 1.6 and JavaCC 3.2.
February 2, 2004 - 1.5:
New rules: DontImportSunRule, EmptyFinalizer, EmptyStaticInitializer, AvoidDollarSigns, FinalizeOnlyCallsSuperFinalize, FinalizeOverloaded, FinalizeDoesNotCallSuperFinalize, MethodWithSameNameAsEnclosingClass, ExplicitCallToFinalize, NonStaticInitializer, DefaultLabelNotLastInSwitchStmt, NonCaseLabelInSwitchStatement, SuspiciousHashcodeMethodName, EmptyStatementNotInLoop, SuspiciousOctalEscapeRule
FinalizeShouldBeProtected moved from design.xml to finalizers.xml.
Added isTrue() to ASTBooleanLiteral.
Added UnaryExpression to the AST.
Added isPackagePrivate() to AccessNode.
January 7, 2004 - 1.4:
New rules: AbstractNamingRule, ProperCloneImplementationRule
Fixed bug 840926 - AvoidReassigningParametersRule no longer reports a false positive when assigning a value to an array slot when the array is passed as a parameter to a method
Fixed bug 760520 - RuleSetFactory is less strict about whitespace in ruleset.xml files.
Fixed bug 826805 - JumbledIncrementorRule no longer reports a false positive when a outer loop incrementor is used as an array index
Fixed bug 845343 - AvoidDuplicateLiterals now picks up cases when a duplicate literal appears in field declarations.
Fixed bug 853409 - VariableNamingConventionsRule no longer requires that non-static final fields be capitalized
Fixed a bug in OverrideBothEqualsAndHashcodeRule; it no longer reports a false positive when equals() is passed the fully qualified name of Object.
Implemented RFE 845348 - UnnecessaryReturn yields more useful line numbers now
Added a ruleset DTD and a ruleset XML Schema.
Added 'ExplicitExtends' and 'ExplicitImplements' attributes to UnmodifiedClassDeclaration nodes.
October 23, 2003 - 1.3:
Relicensed under a BSD-style license.
Fixed bug 822245 - VariableNamingConventionsRule now handles interface fields correctly.
Added new rules: EmptySynchronizedBlock, UnnecessaryReturn
ASTType now has an getDimensions() method.
October 06, 2003 - 1.2.2:
Added new rule: CloseConnectionRule
Fixed bug 782246 - FinalFieldCouldBeStatic no longer flags fields in interfaces.
Fixed bug 782235 - "ant -version" now prints more details when a file errors out.
Fixed bug 779874 - LooseCouplingRule no longer triggers on ArrayList
Fixed bug 781393 - VariableNameDeclaration no longer throws ClassCastExpression since ASTLocalVariableDeclaration now subclasses AccessNode
Fixed bug 797243 - CPD XML report can no longer contain ]]> (CDEnd)
Fixed bug 690196 - PMD now handles both JDK 1.3 and 1.4 code - i.e., usage of "assert" as an identifier.
Fixed bug 805092 - VariableNamingConventionsRule no longer flags serialVersionUID as a violation
Fixed bug - Specifying a non-existing rule format on the command line no longer results in a ClassNotFoundException.
XPath rules may now include pluggable parameters. This feature is very limited. For now.
Tweaked CPD time display field
Made CPD text fields uneditable
Added more error checking to CPD GUI input
Added "dialog cancelled" check to CPD "Save" function
Added Boris Gruschko's AST viewer.
Added Jeff Epstein's TextPad integration.
ASTType now has an isArray() method.
August 1, 2003 - 1.2.1:
Fixed bug 781077 - line number "-1" no longer appears for nodes with siblings.
July 30, 2003 - 1.2:
Added new rules: VariableNamingConventionsRule, MethodNamingConventionsRule, ClassNamingConventionsRule, AvoidCatchingThrowable, ExceptionSignatureDeclaration, ExceptionTypeChecking, BooleanInstantiation
Fixed bug 583047 - ASTName column numbers are now correct
Fixed bug 761048 - Symbol table now creates a scope level for anonymous inner classes
Fixed bug 763529 - AccessorClassGenerationRule no longer crashes when given a final inner class
Fixed bug 771943 - AtLeastOneConstructorRule and UnnecessaryConstructorRule no longer reports false positives on inner classes.
Applied patch from Chris Webster to fix another UnnecessaryConstructorRule problem.
Added ability to accept a comma-delimited string of files and directories on the command line.
Added a CSVRenderer.
Added a "-shortfilenames" argument to the PMD command line interface.
Modified grammer to provide information on whether an initializer block is static.
ASTViewer now shows node images and modifiers
ASTViewer now saves last edited text to ~/.pmd_astviewer
Moved the PMD Swing UI into a separate module - pmd-swingui.
Updated license.txt to point to new location.
June 19, 2003 - 1.1:
Added new rules: FinalizeShouldBeProtected, FinalFieldCouldBeStatic, BeanMembersShouldSerializeRule
Removed "verbose" attribute from PMD and CPD Ant tasks; now they use built in logging so you can do a "ant -verbose cpd" or "ant -verbose pmd". Thanks to Philippe T'Seyen for the code.
Added "excludes" feature to rulesets; thanks to Gael Marziou for the suggestion.
Removed "LinkedList" from LooseCouplingRule checks; thx to Randall Schulz for the suggestion.
CPD now processes PHP code.
Added VBHTMLRenderer; thanks to Vladimir Bossicard for the code.
Added "Save" item to CPD GUI; thanks to mcclain looney for the patch.
Fixed bug 732592 - Ant task now accepts a nested classpath element.
Fixed bug 744915 - UseSingletonRule no longer fires on abstract classes, thanks to Pablo Casado for the bug report.
Fixed bugs 735396 and 735399 - false positives from ConstructorCallsOverridableMethodRule
Fixed bug 752809 - UnusedPrivateMethodRule now catches unused private static methods, thanks to Conrad Roche for the bug report.
April 17, 2003 - 1.05:
Added new rules: ReturnFromFinallyBlock, SimplifyBooleanExpressions
Added a new Ant task for CPD; thanks to Andy Glover for the code.
Added ability to specify a class name as a renderer on the command line or in the formatter "type" attribute of the Ant task.
Brian Ewins completely rewrote CPD using a portion of the Burrows-Wheeler Transform - it's much, much, much faster now.
Rebuilt parser with JavaCC 3.0; made several parser optimizations.
The Ant task now accepts a <classpath> element to aid in loading custom rulesets. Thanks to Luke Francl for the suggestion.
Fixed several bugs in UnnecessaryConstructorRule; thanks to Adam Nemeth for the reports and fixes.
All test-data classes have been inlined into their respective JUnit tests.
March 21, 2003 - 1.04
Added new rules: ConstructorCallsOverridableMethodRule, AtLeastOneConstructorRule, JUnitAssertionsShouldIncludeMessageRule, DoubleCheckedLockingRule, ExcessivePublicCountRule, AccessorClassGenerationRule
The Ant task has been updated; if you set "verbose=true" full stacktraces are printed. Thx to Paul Roebuck for the suggestion.
Moved JUnit rules into their own package - "net.sourceforge.pmd.rules.junit".
Incorporated new ResourceLoader; thanks to Dave Fuller
Incorporated new XPath-based rule definitions; thanks to Dan Sheppard for the excellent work.
Fixed bug 697187 - Problem with nested ifs
Fixed bug 699287 - Grammar bug; good catch by David Whitmore
February 11, 2003 - 1.03
Added new rules: CyclomaticComplexityRule, AssignmentInOperandRule
Added numbering to the HTMLRenderer; thx to Luke Francl for the code.
Added an optional Ant task attribute 'failOnRuleViolation'. This stops the build if any rule violations are found.
Added an XSLT script for processing the PMD XML report; thx to Mats for the code.
The Ant task now determines whether the formatter toFile attribute is absolute or relative and routes the report appropriately.
Moved several rules into a new "controversial" ruleset.
Fixed bug 672742 - grammar typo was hosing up ASTConstructorDeclaration which was hosing up UseSingletonRule
Fixed bug 674393 - OnlyOneReturn rule no longer counts returns that are inside anonymous inner classes as being inside the containing method. Thx to C. Lamont Gilbert for the bug report.
Fixed bug 674420 - AvoidReassigningParametersRule no longer counts parameter field reassignment as a violation. Thx to C. Lamont Gilbert for the bug report.
Fixed bug 673662 - The Ant task's "failOnError" attribute works again. Changed the semantics of this attribute, though, so it fails the build if errors occurred. A new attribute 'failOnRuleViolation' serves the purpose of stopping the build if rule violations are found.
Fixed bug 676340 - Symbol table now creates new scope level when it encounters a switch statement. See the bug for code details; generally, this bug would have triggered runtime exceptions on certain blocks of code.
Fixed bug 683465 - JavaCC parser no longer has ability to throw java.lang.Error; now it only throws java.lang.RuntimeExceptions. Thx to Gunnlaugur Thor Briem for a good discussion on this topic.
Fixed bug in OverrideBothEqualsAndHashcodeRule - it no longer bails out with a NullPtrException on interfaces that declare a method signature "equals(Object)". Thx to Don Leckie for catching that.
January 22, 2003 - 1.02:
Added new rules: ImportFromSamePackageRule, SwitchDensityRule, NullAssignmentRule, UnusedModifierRule, ForLoopShouldBeWhileLoopRule
Updated LooseCouplingRule to check for usage of Vector; thx to Vladimir for the good catch.
Updated AvoidDuplicateLiteralsRule to report the line number of the first occurrence of the duplicate String.
Modified Ant task to use a formatter element; this lets you render a report in several formats without having to rerun PMD.
Added a new Ant task attribute - shortFilenames.
Modified Ant task to ignore whitespace in the ruleset attribute
Added rule priority settings.
Added alternate row colorization to HTML renderer.
Fixed bug 650623 - the Ant task now uses relative directories for the report file
Fixed bug 656944 - PMD no longer prints errors to System.out, instead it just rethrows any exceptions
Fixed bug 660069 - this was a symbol table bug; thanks to mcclain looney for the report.
Fixed bug 668119 - OverrideBothEqualsAndHashcodeRule now checks the signature on equals(); thanks to mcclain looney for the report.
November 07 2002 - 1.01:
Fixed bug 633879: EmptyFinallyBlockRule now handles multiple catch blocks followed by a finally block.
Fixed bug 633892: StringToStringRule false positive exposed problem in symbol table usage to declaration code.
Fixed bug 617971: Statistical rules no longer produce tons of false positives due to accumulated results.
Fixed bug 633209: OnlyOneReturn rule no longer requires the return stmt to be the last statement.
Enhanced EmptyCatchBlockRule to flag multiple consecutive empty catch blocks.
Renamed AvoidStringLiteralsRule to AvoidDuplicateLiteralsRule.
Modified Ant task to truncate file paths to make the HTML output neater.
November 04 2002 - 1.0:
Added new rules: StringToStringRule, AvoidReassigningParametersRule, UnnecessaryConstructorRule, AvoidStringLiteralsRule
Fixed bug 631010: AvoidDeeplyNestedIfStmtsRule works correctly with if..else stmts now
Fixed bug 631605: OnlyOneReturn handles line spillover now.
Moved AvoidDeeplyNestedIfStmts from the braces ruleset to the design ruleset.
Moved several rules from the design ruleset to the codesize ruleset.
Added a new "favorites" ruleset.
October 04 2002 - 1.0rc3:
Added new rules: OnlyOneReturnRule, JumbledIncrementerRule, AvoidDeeplyNestedIfStmtsRule
PMD is now built and tested with JUnit 3.8.1 and Ant 1.5.
Added support for IntelliJ's IDEAJ.
Fixed bug 610018 - StringInstantiationRule now allows for String(byte[], int, int) usage.
Fixed bug 610693 - UnusedPrivateInstanceVariable handles parameter shadowing better.
Fixed bug 616535 - Command line interface input checking is better now.
Fixed bug 616615 - Command line interface allows the text renderer to be used now
Fixed a bug - the statistics rules now handle interfaces better.
September 12 2002 - 1.0rc2:
Added new rules: JUnitSpellingRule, JUnitStaticSuiteRule, StringInstantiationRule
Added new rulesets - junit, strings.
Added a printToConsole attribute to the Ant task so that you can see the report right there in the Ant output.
Fixed bug in PMD GUI - rules are now saved correctly.
Fixed bug 597916 - CPD line counts are accurate now.
September 09 2002 - 1.0rc1:
Added new rules: UnusedImportsRule, EmptySwitchStmtRule, SwitchStmtsShouldHaveDefaultRule, IfStmtsMustUseBracesRule
Fixed bug 597813 - Rule properties are now parsed correctly
Fixed bug 597905 - UseSingletonRule now resets its state correctly
Moved several rules into a new ruleset - braces.
Improved CPD by removing import statements and package statements from the token set.
Added Metrics API to the Report.
Updated PMD GUI.
August 16 2002 - 0.9:
Added new rules: LongParameterListRule, SimplifyBooleanReturnsRule
Enhanced statistics rules to support various ways of triggering rule violations
Added rule customization via XML parameters
Enhanced CopyAndPasteDetector; added a GUI
Fixed bug 592060 - UnusedPrivateInstanceVariable handles explicitly referenced statics correctly
Fixed bug 593849 - UnusedPrivateInstanceVariable handles nested classes better
July 30 2002 - 0.8:
Added new rule: UnusedFormalParameterRule
Fixed bug 588083 - ForLoopsNeedBraces rule correctly handles a variety of for statement formats
Added prototype of the copy and paste detector
July 25 2002 - 0.7:
Added new rules: UnusedPrivateMethodRule, WhileLoopsMustUseBracesRule, ForLoopsMustUseBracesRule, LooseCouplingRule
Fixed bug 583482 - EmptyCatchBlock and EmptyFinallyBlock no longer report an incorrect line number.
July 18 2002 - 0.6:
Added new rules: ExcessiveClassLength, ExcessiveMethodLength
DuplicateImportsRule now reports the correct line number.
Fixed bug 582639 - Rule violations are now reported on the proper line
Fixed bug 582509 - Removed unneeded throws clause
Fixed bug 583009 - Now rulesets.properties is in the jar file
July 15 2002 - 0.5:
Added new rules: DontImportJavaLangRule, DuplicateImportsRule
Added new ruleset: rulesets/imports.xml
Changed sorting of RuleViolations to group Files together.
Changed XML Renderer to improved format.
Created DVSL Stylesheet for the new format.
Moved the Cougaar rules out of the PMD core.
Fixed bug 580093 - OverrideBothEqualsAndHashcodeRule reports a more correct line number.
Fixed bug 581853 - UnusedLocalVariableRule now handles anonymous inner classes correctly.
Fixed bug 580278 - this was a side effect of bug 581853.
Fixed bug 580123 - UnusedPrivateInstanceVariable now checks for instance variable usage in inner classes.
July 10 2002 - 0.4:
Added new rules: OverrideBothEqualsAndHashcodeRule, EmptyTryBlock, EmptyFinallyBlock
Reports are now sorted by line number
RuleSets can now reference rules in other RuleSets
Fixed bug 579718 - made 'ruleset not found' error message clearer.
July 03 2002 - 0.3:
Added new rules: UseSingletonRule, ShortVariableRule, LongVariableRule, ShortMethodNameRule
Moved rules into RuleSets which are defined in XML files in the ruleset directory
Ant task:
-Added a 'failonerror' attribute
-Changed 'rulesettype' to 'rulesetfiles'
-Removed 'text' report format; only 'html' and 'xml' are available now
June 27 2002 - 0.2:
Added new rules: IfElseStmtsMustUseBracesRule, EmptyWhileStmtRule
Modified command line interface to accept a rule set
Fixed bug in EmptyCatchBlockRule
Fixed typo in UnnecessaryConversionTemporaryRule
Moved Ant task to the net.sourceforge.pmd.ant package
Added new HTML report format
June 25 2002 - 0.1:
Initial release