[
https://issues.apache.org/jira/browse/CASSANDRA-18239?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17711264#comment-17711264
]
Jacek Lewandowski commented on CASSANDRA-18239:
-----------------------------------------------
[~e.dimitrova] SpotBugs has something with limited functionality
[here|https://spotbugs.readthedocs.io/en/stable/detectors.html#findopenstream]
- it applies to unclosed IO streams but is not generic enough to detect all
auto-closeable.
My biggest problem with Eclipse-Warnings was a large number of false positives
(inconvenience) and failure to compile the correct code with more extensive use
of generics (blocker) - it couldn't have been suppressed because scanning
wasn't even started.
Sonar is something probably extensive, though a bit difficult to integrate. I
noticed a Docker image for the Sonar server in DockerHub - perhaps it is
possible to script starting it and running analysis as a part of verification
in Ant?
Also, I'd really like to try [ErrorProne|https://errorprone.info], as it has a
bug pattern we are primarily interested in
[here|https://errorprone.info/bugpattern/MustBeClosedChecker].
Concluding, I know you need to move forward with JDK17. If upgrading ECJ is the
easiest way to do that, please do it. If we manage to change Eclipse-Warnings
to something else later, that will be ok and won't be a blocker for you.
If you like, we can make a deal - we can try to verify SpotBugs, ErrorProne,
and Sonar by the end of the week on minimal code examples. If we fail to do
that due to the lack of time, go on with Eclipse-Warnings, WDYT? (maybe
[~mmuzaf] can help there as well). I have ErrorProne configured already on some
other project hence confirming it works or not should not be super hard.
> Replace eclipse warnings based static code analysis with something better
> (Sonar)
> ---------------------------------------------------------------------------------
>
> Key: CASSANDRA-18239
> URL: https://issues.apache.org/jira/browse/CASSANDRA-18239
> Project: Cassandra
> Issue Type: Task
> Components: Build
> Reporter: Jacek Lewandowski
> Priority: Normal
>
> Eclipse warnings is used for static code analysis. However, it does not fit
> well into Cassandra code and practically we end up explicitly adding
> suppressions in many places just to satisfy that tool rather than fix the
> real issues.
> This is an incomplete list of reasons to remove it:
> - not closed resources are detected incorrectly
> - does not recognize custom utility methods used to close the resources,
> which use use heavily in the code, like {{Throwables.close}},
> {{FileUtils.close}}, {{closeQuietly}}...
> - because of the above, we cannot make important things like {{Ref}} to
> implement {{Closeable}} as it would make the tool to explode with tons of
> warnings
> - it complains about correct generics - something like "method X is not
> applicable for ..." when the code compiles successfully is not acceptable
> - it is old and not maintained
> There are better tools like IntelliJ inspections for example, which can also
> be run in headless mode
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
