AnsweredAssumed Answered

code checks with SemmleCode

Question asked by oege on Dec 15, 2007
I was playing with the Alfresco source from subversion in SemmleCode. SemmleCode is an Eclipse plugin for finding defects, both in Java and in XML configuration files. It can also compute metrics, and display results as graphs, charts, etc. See http://semmle.com for full details.

One of the checks I ran found a potential problem in

repository/source/java/org/alfresco/repo/workflow/jbpm/jpbm.action.types.xml

It says:

<action-type 
    element="create-timer"
    class="org.alfresco.repo.workflow.jbpm.CreateTimerAction"
  />

but there is no such class. Perhaps it should have read

<action-type 
    element="create-timer"
    class="org.alfresco.repo.workflow.jbpm.AlfrescoCreateTimerAction"
/>

Does that make sense or have I misunderstood something? Any feedback would be welcome.

SemmleCode makes it very easy to examine project-specific problems of this kind - one just writes a little query. In this case that query was:

class ClassAttribute extends XMLAttribute {
    ClassAttribute() { this.getName()="class" }
    string getClassName() { this.getValue() = result }
    RefType getType() { result.getQualifiedName()=this.getClassName() }
    predicate noType() { not exists(this.getType()) }
}

from ClassAttribute ca
where ca.noType() and ca.getClassName().matches("org.alfresco%")
select ca,ca.getClassName() + " not found"

Very briefly, that query finds class attributes in XML configuration files that refer to classes that do not exist in the source of Alfresco. It is written in .QL, an object-oriented query language. .QL is itself tightly integrated in Eclipse, with auto-completion and so on.

SemmleCode ships with a large library of checks and metrics. I'm keen to explore the source of Alfresco a bit further. Do the Alfresco developers already use some static checking tools? Are there guidelines for project-specific coding conventions? Are there particular kinds of problems you'd like to check?

DISCLOSURE: I am the CEO of Semmle Ltd, which produces SemmleCode.

Outcomes