[
https://issues.apache.org/jira/browse/CASSANDRA-18239?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17711314#comment-17711314
]
Maxim Muzafarov commented on CASSANDRA-18239:
---------------------------------------------
[~e.dimitrova], [~jlewandowski]
I have prepared changes to run Sonar analysis over PRs and branches for the
project here:
https://issues.apache.org/jira/browse/CASSANDRA-18390
It is certainly not a direct replacement for command-line tools as it requires
some interaction with the server-side part of the analysis, but it could
probably help us to get rid of the eclipse-warnings and move forward
iteratively with source code checks. To run sonar lints locally, you can use
the SonarLint plugin, as mentioned by Josh McKenzie there (I have tested the
plugin locally with my token), and again the plugin is not a direct replacement
for the eclipse-warnings.
My biggest concern with SpotBugs is that it has limited support for the jdk
versions it runs on, which could cause us the same problems in the future as we
have now with the eclipse-warnings. These pros and cons should be carefully
investigated, so I just switched to the Sonar task as it has almost no doubts
(I used changes from CASSANDRA-18077 to do checks locally).
For the Spotbugs itself if I'm not missing something:
[FindUnsatisfiedObligation|https://github.com/spotbugs/spotbugs/blob/master/spotbugs/src/main/java/edu/umd/cs/findbugs/detect/FindUnsatisfiedObligation.java#L88]
- rule is triggered when a method acquires a resource (such as a file, stream,
or network connection) but fails to release it properly (such as by closing the
resource) before exiting (throws "OBL_UNSATISFIED_OBLIGATION_EXCEPTION_EDGE" or
"OBL_UNSATISFIED_OBLIGATION").
> Replace eclipse warnings based static code analysis with something better
> (Sonar)
> ---------------------------------------------------------------------------------
>
> Key: CASSANDRA-18239
> URL: https://issues.apache.org/jira/browse/CASSANDRA-18239
> Project: Cassandra
> Issue Type: Task
> Components: Build
> Reporter: Jacek Lewandowski
> Priority: Normal
>
> Eclipse warnings is used for static code analysis. However, it does not fit
> well into Cassandra code and practically we end up explicitly adding
> suppressions in many places just to satisfy that tool rather than fix the
> real issues.
> This is an incomplete list of reasons to remove it:
> - not closed resources are detected incorrectly
> - does not recognize custom utility methods used to close the resources,
> which use use heavily in the code, like {{Throwables.close}},
> {{FileUtils.close}}, {{closeQuietly}}...
> - because of the above, we cannot make important things like {{Ref}} to
> implement {{Closeable}} as it would make the tool to explode with tons of
> warnings
> - it complains about correct generics - something like "method X is not
> applicable for ..." when the code compiles successfully is not acceptable
> - it is old and not maintained
> There are better tools like IntelliJ inspections for example, which can also
> be run in headless mode
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
