开发者

Is There a Java Equivalent to MISRA C?

开发者 https://www.devze.com 2023-03-06 17:02 出处:网络
In some languages, there are rules/best practices/etc. that promote software safety, ensure expected runtime behavior, etc.Two that come to mind are MISRA for C/C++, and the Ravenscar pro开发者_StackO

In some languages, there are rules/best practices/etc. that promote software safety, ensure expected runtime behavior, etc. Two that come to mind are MISRA for C/C++, and the Ravenscar pro开发者_StackOverflowfile for Ada. There is typically a warm fuzzy feeling about your code if it is stamped as following these standards. Is there any such standard for Java?


I don't think there is something like the MISRA C/C++ best practices for Java, and I think it is also less necessary with a language like Java because it doesn't have as many corners of undefined or unspecified behaviour like C and C++ have. Features such as the lack of explicit pointers in Java and the fact that the bounds of array indices are always checked by the runtime make Java a safer language than C or C++.

There is a common coding standard that most Java developers seem to follow: Code Conventions for the Java Programming Language, but that is more a style guide than a best practices guide.

There are a few good and well-known static code analysis tools for Java: FindBugs and PMD for example, which will check your code for possibly dangerous constructions or bad practices.

If you want to learn about the potential pitfalls in Java, then two books are highly recommended: Effective Java and Java Puzzlers.

Additional, similar resources include:

  • JSR-302
  • Coverity Support for SEI CERT C, C++, and Java
  • SEI CERT Oracle Coding Standard for Java


Currently, there is no MISRA Java - nor any immediate plans to create one.

The topic has been discussed briefly a couple of times by the MISRA Technical Board, but in the absence of any demand (and/or volunteers to work on it) it is unlikely to happen.

Update: Six years on...

This question has been asked several times, at Conferences that I have been a speaker at, usually with broad support from the audience. I always reply by asking the audience who'll volunteer to be part of the committee... which silences the room :(

TL;DR: If enough volunteers come forward, we'll do it!

[Posted in a personal capacity, albeit a MISRA Tech Board member]


SEI CERT:

The Java Coding Guidelines includes recommended practices for secure programming in the Java Standard Edition 7 Platform environment. This is a work in progress, and we actively seek your feedback and involvement in making this effort a success. We thank and acknowledge all of the contributors.

https://www.securecoding.cert.org/confluence/display/jg/Java+Coding+Guidelines


For those following this thread, there is a Open Safety Critical JAVA (oSCJ) initiative going-on, which is defining a subset of the JAVA language for Safety-Critical Applications (JSR-302). http://jcp.org/en/jsr/detail?id=302


There is a book called "Code Complete". This is written by a programmer who has worked for Microsoft and also has knowledge in professional software development using 2/3 different high-level languages. I use this book besides MISRA C++. "Code Complete" is a language independent book and helpful to shape your professional software engineering practices.

0

精彩评论

暂无评论...
验证码 换一张
取 消