SONARJAVA-6093 Implement S3051 checking the signature of the main method. (#5442)

tomasz-tylenda-sonarsource · web-flow · commit a6873121352b · 2026-02-18T10:17:31.000+01:00
diff --git a/its/autoscan/src/test/resources/autoscan/diffs/diff_S3051.json b/its/autoscan/src/test/resources/autoscan/diffs/diff_S3051.json
@@ -0,0 +1,6 @@
+{
+  "ruleKey": "S3051",
+  "hasTruePositives": true,
+  "falseNegatives": 0,
+  "falsePositives": 0
+}
diff --git a/java-checks-test-sources/default/src/main/java/checks/mainSignature/CompactSource.java b/java-checks-test-sources/default/src/main/java/checks/mainSignature/CompactSource.java
@@ -0,0 +1,7 @@
+void main() {
+  IO.println("compact source");
+}
+
+int main(int i) { // Noncompliant
+  return i * 2;
+}
diff --git a/java-checks-test-sources/default/src/main/java/checks/mainSignature/MainJava21.java b/java-checks-test-sources/default/src/main/java/checks/mainSignature/MainJava21.java
@@ -0,0 +1,12 @@
+package checks.mainSignature;
+
+public class MainJava21 {
+  public static void main(String[] args) { // Compliant
+  }
+
+  void main() { // Noncompliant
+  }
+
+  void main(int args) { // Noncompliant
+  }
+}
diff --git a/java-checks-test-sources/default/src/main/java/checks/mainSignature/NonInstantiable.java b/java-checks-test-sources/default/src/main/java/checks/mainSignature/NonInstantiable.java
@@ -0,0 +1,15 @@
+package checks.mainSignature;
+
+interface NonInstantiable {
+  int multiply(int a, int b);
+
+  default void main() { // Compliant
+    System.out.println("default");
+  }
+
+  int main(int a); // Noncompliant
+
+  static void main(String[] arg) { // Compliant
+    System.out.println("yep, inside an interface");
+  }
+}
diff --git a/java-checks-test-sources/default/src/main/java/checks/mainSignature/PrivateMain.java b/java-checks-test-sources/default/src/main/java/checks/mainSignature/PrivateMain.java
@@ -0,0 +1,9 @@
+package checks.mainSignature;
+
+public class PrivateMain {
+  private static void main(String[] args) { // Noncompliant
+  }
+
+  private void main() { // Noncompliant
+  }
+}
diff --git a/java-checks-test-sources/default/src/main/java/checks/mainSignature/Sample.java b/java-checks-test-sources/default/src/main/java/checks/mainSignature/Sample.java
@@ -0,0 +1,66 @@
+package checks.mainSignature;
+
+public class Sample {
+  public static class Traditional {
+    public static void main(String[] args) { // Compliant
+      System.out.println("traditional");
+    }
+  }
+
+  public static class NoArg {
+    public static void main() { // Compliant
+      System.out.println("no arg");
+    }
+  }
+
+  public static class Instance {
+    void main(String[] args) { // Compliant
+      System.out.println("instance");
+    }
+  }
+
+  public static class Wrong {
+    public static void main(String[] args) {
+      System.out.println(new Wrong().main(42));
+    }
+
+    int main(int x) { // Noncompliant
+//      ^^^^
+      return x * x;
+    }
+
+    String main(String x, String y) { // Noncompliant
+//         ^^^^
+      return "";
+    }
+  }
+
+  public static class WrongReturn {
+    public static int main(String[] args) { // Noncompliant
+//                    ^^^^
+      return 1;
+    }
+  }
+
+  @interface MyAnnotation {
+    String main() default ""; // Noncompliant
+//         ^^^^
+  }
+
+  enum MyEnum {
+    A, B;
+
+    void main(int x) { // Noncompliant
+//       ^^^^
+    }
+  }
+
+  record MyRecord(int value) {
+    void main(int x) { // Noncompliant
+//       ^^^^
+    }
+
+    static void main(String[] args) {
+    }
+  }
+}
diff --git a/java-checks-test-sources/default/src/main/java/checks/mainSignature/Varargs.java b/java-checks-test-sources/default/src/main/java/checks/mainSignature/Varargs.java
@@ -0,0 +1,10 @@
+package checks.mainSignature;
+
+public class Varargs {
+  void main(String... args) {
+  }
+
+  void main(int i, String ... args) { // Noncompliant
+
+  }
+}
diff --git a/java-checks-test-sources/default/src/main/java/checks/mainSignature/main.java b/java-checks-test-sources/default/src/main/java/checks/mainSignature/main.java
@@ -0,0 +1,10 @@
+package checks.mainSignature;
+
+// This one is really weird. Doesn't really matter what we report,
+// as long as nothing crashes.
+
+public class main {
+  public main() {}
+
+  public main(String[] args) {}
+}
diff --git a/java-checks/src/main/java/org/sonar/java/checks/MainMethodSignatureCheck.java b/java-checks/src/main/java/org/sonar/java/checks/MainMethodSignatureCheck.java
@@ -0,0 +1,51 @@
+/*
+ * SonarQube Java
+ * Copyright (C) 2012-2025 SonarSource Sàrl
+ * mailto:info AT sonarsource DOT com
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the Sonar Source-Available License Version 1, as published by SonarSource SA.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+ * See the Sonar Source-Available License for more details.
+ *
+ * You should have received a copy of the Sonar Source-Available License
+ * along with this program; if not, see https://sonarsource.com/license/ssal/
+ */
+package org.sonar.java.checks;
+
+import java.util.List;
+import org.sonar.check.Rule;
+import org.sonar.java.checks.helpers.MethodTreeUtils;
+import org.sonar.plugins.java.api.IssuableSubscriptionVisitor;
+import org.sonar.plugins.java.api.tree.MethodTree;
+import org.sonar.plugins.java.api.tree.Tree;
+
+
+/**
+ * Checks that the "main" method has the correct signature for a program entry point.
+ *
+ * <p>Note, that even with a correct signature, the "main" method may not be valid entry point.
+ * For example, it may be declared in an abstract class or an interface.
+ */
+@Rule(key = "S3051")
+public class MainMethodSignatureCheck extends IssuableSubscriptionVisitor {
+
+  private static final String MESSAGE = "\"main\" method should only be used for the program entry point and should have appropriate signature.";
+
+  @Override
+  public List<Tree.Kind> nodesToVisit() {
+    return List.of(Tree.Kind.METHOD);
+  }
+
+  @Override
+  public void visitNode(Tree tree) {
+    MethodTree methodTree = (MethodTree) tree;
+    if ("main".equals(methodTree.simpleName().name())
+      && !MethodTreeUtils.isMainMethod(methodTree, context.getJavaVersion())) {
+      reportIssue(methodTree.simpleName(), MESSAGE);
+    }
+  }
+}
diff --git a/java-checks/src/test/java/org/sonar/java/checks/MainMethodSignatureCheckTest.java b/java-checks/src/test/java/org/sonar/java/checks/MainMethodSignatureCheckTest.java
@@ -0,0 +1,89 @@
+/*
+ * SonarQube Java
+ * Copyright (C) 2012-2025 SonarSource Sàrl
+ * mailto:info AT sonarsource DOT com
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the Sonar Source-Available License Version 1, as published by SonarSource SA.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+ * See the Sonar Source-Available License for more details.
+ *
+ * You should have received a copy of the Sonar Source-Available License
+ * along with this program; if not, see https://sonarsource.com/license/ssal/
+ */
+package org.sonar.java.checks;
+
+import org.junit.jupiter.api.Test;
+import org.sonar.java.checks.verifier.CheckVerifier;
+
+import static org.sonar.java.checks.verifier.TestUtils.mainCodeSourcesPath;
+
+class MainMethodSignatureCheckTest {
+
+  private static final MainMethodSignatureCheck CHECK = new MainMethodSignatureCheck();
+
+  @Test
+  void test() {
+    CheckVerifier.newVerifier()
+      .onFile(mainCodeSourcesPath("checks/mainSignature/Sample.java"))
+      .withCheck(CHECK)
+      .withJavaVersion(25)
+      .verifyIssues();
+  }
+
+  @Test
+  void test_java21() {
+    CheckVerifier.newVerifier()
+      .onFile(mainCodeSourcesPath("checks/mainSignature/MainJava21.java"))
+      .withCheck(CHECK)
+      .withJavaVersion(21)
+      .verifyIssues();
+  }
+
+  @Test
+  void nonInstantiable() {
+    CheckVerifier.newVerifier()
+      .onFile(mainCodeSourcesPath("checks/mainSignature/NonInstantiable.java"))
+      .withCheck(CHECK)
+      .withJavaVersion(25)
+      .verifyIssues();
+  }
+
+  @Test
+  void privateMain() {
+    CheckVerifier.newVerifier()
+      .onFile(mainCodeSourcesPath("checks/mainSignature/PrivateMain.java"))
+      .withCheck(CHECK)
+      .verifyIssues();
+  }
+
+  @Test
+  void compactSource() {
+    CheckVerifier.newVerifier()
+      .onFile(mainCodeSourcesPath("checks/mainSignature/CompactSource.java"))
+      .withCheck(CHECK)
+      .withJavaVersion(25)
+      .verifyIssues();
+  }
+
+  @Test
+  void varargs() {
+    CheckVerifier.newVerifier()
+      .onFile(mainCodeSourcesPath("checks/mainSignature/Varargs.java"))
+      .withCheck(CHECK)
+      .withJavaVersion(25)
+      .verifyIssues();
+  }
+
+  @Test
+  void constructor() {
+    // The check will not run, because it does not visit constructor nodes.
+    CheckVerifier.newVerifier()
+      .onFile(mainCodeSourcesPath("checks/mainSignature/main.java"))
+      .withCheck(CHECK)
+      .verifyNoIssues();
+  }
+}
diff --git a/sonar-java-plugin/src/main/resources/org/sonar/l10n/java/rules/java/S3051.html b/sonar-java-plugin/src/main/resources/org/sonar/l10n/java/rules/java/S3051.html
@@ -0,0 +1,35 @@
+<h2>Why is this an issue?</h2>
+<p>"A rose by any other name would smell as sweet," but <code>main</code> by any other name would not. Just because a method has the name "main", that
+doesn’t make it the entry point to an application.</p>
+<p>In Java versions prior to Java 25, the main method must have a specific signature to serve as the application entry point: it must be <code>public
+static void</code> and accept a single <code>String []</code> as an argument.</p>
+<p>Starting with Java 25, the requirements for main methods have been relaxed. The main method can now be:</p>
+<ul>
+  <li> An instance method (non-static) </li>
+  <li> Non-public (e.g., package-private or protected) </li>
+  <li> Defined without a <code>String []</code> parameter </li>
+</ul>
+<p>Using <code>main</code> for anything other than an application entry point can be confusing to developers unfamiliar with Java, as the method name
+strongly suggests it is the starting point of execution. To avoid this confusion, methods with different purposes should be given other names.</p>
+<h3>Noncompliant code example</h3>
+<pre>
+public void main(String arg) {  // Noncompliant
+  // ...
+}
+</pre>
+<h3>Compliant solution</h3>
+<pre>
+void main(String [] args) { // Compliant Java 25 instance main
+  run(args[0]);
+}
+
+public void run(String arg) { // Renamed
+  // ...
+}
+</pre>
+<h2>Resources</h2>
+<h3>Documentation</h3>
+<ul>
+  <li> OpenJDK - <a href="https://openjdk.org/jeps/512">JEP 512: Compact Source Files and Instance Main Methods</a> </li>
+</ul>
+
diff --git a/sonar-java-plugin/src/main/resources/org/sonar/l10n/java/rules/java/S3051.json b/sonar-java-plugin/src/main/resources/org/sonar/l10n/java/rules/java/S3051.json
@@ -0,0 +1,24 @@
+{
+  "title": "\"main\" should have the right signature",
+  "type": "CODE_SMELL",
+  "status": "ready",
+  "remediation": {
+    "func": "Constant\/Issue",
+    "constantCost": "15min"
+  },
+  "tags": [
+    "convention",
+    "confusing"
+  ],
+  "defaultSeverity": "Minor",
+  "ruleSpecification": "RSPEC-3051",
+  "sqKey": "S3051",
+  "scope": "Main",
+  "quickfix": "unknown",
+  "code": {
+    "impacts": {
+      "MAINTAINABILITY": "LOW"
+    },
+    "attribute": "CONVENTIONAL"
+  }
+}
diff --git a/sonar-java-plugin/src/main/resources/org/sonar/l10n/java/rules/java/Sonar_way_profile.json b/sonar-java-plugin/src/main/resources/org/sonar/l10n/java/rules/java/Sonar_way_profile.json
@@ -252,6 +252,7 @@
     "S3039",
     "S3042",
     "S3046",
+    "S3051",
     "S3063",
     "S3064",
     "S3066",
