Thanks Colm for proposing the mechanism to help code quality in a more efficient way. I have a couple of questions here:
1. after integrate PMD into source code, the compiled jar files' sizes will be increased? if so, did you notice how much gets increased? 2. +1 for sonar upstream, I saw hbase is also included. 3. are you aware of any native apache tools to detect race concurrency and race condition in a static way, such as predict <https://www.runtimeverification.com/predict/>. If so, it will be benefitted to include such a tool; Thanks, Anne On Wed, Dec 9, 2015 at 2:18 AM, Colm O hEigeartaigh <[email protected]> wrote: > Hi Hao, > > Answers below. > > > - What are the potentail bad behaviors we can catch throgh this plugin? > > To quote the PMD page: "It finds common programming flaws like unused > variables, empty catch blocks, unnecessary object creation, and so forth. > ". Essentially it imposes a constraint on how "messy" the source code is > allowed get. For example, currently the Sentry source is littered with > unused imports, etc. > > > - Is it possible to use PMD to detect possible memory leakage? > > No, that is not the purpose of the tool. If the project is interested, I > could ask INFRA to add Sentry to analysis.apache.org, which runs SonarQube > against the source and reports issues. That does detect possible memory > leakage (amongst many many other issues, a lot of them trivial). > > > - Will the PMD plugin introduce some false alarms?And how we can handle > that? > > Not really. Sometimes it will report an error that you would like to keep. > So for example, it errors on unused constructor or method parameters. > Sometimes you might like to keep the parameter for backwards compatibility > reasons. You can add a comment to the line of code to skip the check "// > NOPMD" or else add a Java annotation to skip the check for a method, class, > etc.: > > http://pmd.sourceforge.net/pmd-5.1.1/suppressing.html > > Thanks, > > Colm. > > On Tue, Dec 8, 2015 at 7:43 PM, Hao Hao <[email protected]> wrote: > > > Hi Colm, > > > > Thanks a lot for proposing a new way for managing the code quality. > > Questions: > > > > > > - What are the potentail bad behaviors we can catch throgh this > plugin? > > - Is it possible to use PMD to detect possible memory leakage? > > - Will the PMD plugin introduce some false alarms?And how we can > handle > > that? > > > > > > Thanks! > > > > Best, > > Hao > > > > On Tue, Dec 8, 2015 at 11:13 AM, Colm O hEigeartaigh < > [email protected]> > > wrote: > > > > > Hi all, > > > > > > I would like to get some opinions about applying the PMD maven plugin > to > > > Sentry, aka the Project Mess Detector: > > > > > > https://maven.apache.org/plugins/maven-pmd-plugin/ > > > https://pmd.github.io/ > > > > > > Essentially, PMD is a source code analyzer that checks for some common > > > issues that occur. The maven plugin enforces PMD by throwing a build > > error > > > if a regression is detected. It can be skipped via a maven profile to > > avoid > > > having to run it if you are making local changes. > > > > > > Quite a few of the other Apache projects I'm involved in use PMD as > part > > of > > > the build cycle (CXF, WSS4J, Santuario, Kerby, etc.). > > > > > > I've done a small bit of work with it already in Sentry, and would like > > to > > > get some feedback on whether to proceed with submitting a patch or not. > > > Most of the issues are fairly trivial such as unused imports, > variables, > > > empty catch blocks etc. > > > > > > Thoughts? > > > > > > Colm. > > > > > > > > > -- > > > Colm O hEigeartaigh > > > > > > Talend Community Coder > > > http://coders.talend.com > > > > > > > > > -- > Colm O hEigeartaigh > > Talend Community Coder > http://coders.talend.com > -- Thanks, Anne
