All geek questions in one place

Is there a Java equivalent for MISRA C?

In some languages ​​there are rules / best practices / etc. which contribute to software security, provide expected behavior during operation, etc. Two that come to mind are MISRA for C / C ++ and the Ravenscar profile for Ada. Typically, you have a fuzzy sense of your code if it is specified in accordance with these standards. Is there such a standard for Java?

+6
source share
5 answers

I don’t think there is something like MISRA C / C ++ best practices for Java, and I think it is also less necessary with a language like Java because it doesn’t have many undefined or unspecified angles like C and C ++. Functions such as the absence of explicit pointers in Java and the fact that the bounds of array indices are always checked by the runtime make Java safer than C or C ++.

There is a common coding standard that most Java developers seem to have: Code conventions for the Java programming language , but this is more a style guide than a best practice guide.

There are several good and well-known tools for analyzing static code in Java: FindBugs and PMD , which checks your code for possible dangerous constructs or bad methods.

If you want to learn about potential traps in Java, it is recommended that you use two books: Effective Java and Java Puzzlers .

+5
source

MISRA Java does not currently exist, and there are no plans to create it.

The topic has been discussed several times by the MISRA Technical Council, but in the absence of any requirement (and / or volunteers to work on it) is unlikely to happen.

[Sent in a personal capacity, albeit a member of the MISRA Technical Council]

+2
source

SEI CERT:

The Java Coding Guide contains recommended methods for secure programming in the Java Standard Edition 7 Platform. This is a work in progress, and we are actively looking for your feedback and participation in the successful implementation of these efforts. We thank and acknowledge all participants.

https://www.securecoding.cert.org/confluence/display/jg/Java+Coding+Guidelines

+1
source

There is a book called "Code Complete". This is written by a programmer who worked at Microsoft and also has knowledge in the field of professional software development using 2/3 different high-level languages. I use this book besides MISRA C ++. Code Complete is a language-independent book and useful for shaping your professional software development practice.

0
source

For those who follow this thread, there is an Open Safety Critical JAVA (oSCJ) initiative that defines a subset of the JAVA language for mission-critical applications (JSR-302). http://jcp.org/en/jsr/detail?id=302

0
source

Source: https://habr.com/ru/post/888469/

More articles:


All Articles