Hi Anne, Answers inline.
1. after integrate PMD into source code, the compiled jar files' sizes will > be increased? if so, did you notice how much gets increased? > There is no increase or impact at all on the compiled jars. The PMD plugin is a source code analyzer, it doesn't look at the compiled code. It just runs as part of the maven build cycle. > > 2. +1 for sonar upstream, I saw hbase is also included. > Ok I can take care of this. > > 3. are you aware of any native apache tools to detect race concurrency and > race condition in a static way, such as predict > <https://www.runtimeverification.com/predict/>. If so, it will be > benefitted to include such a tool; > No I'm not unfortunately. The Sonar run will pick up on this stuff. Colm. > Thanks, > Anne > > On Wed, Dec 9, 2015 at 2:18 AM, Colm O hEigeartaigh <[email protected]> > wrote: > >> Hi Hao, >> >> Answers below. >> >> > - What are the potentail bad behaviors we can catch throgh this plugin? >> >> To quote the PMD page: "It finds common programming flaws like unused >> variables, empty catch blocks, unnecessary object creation, and so forth. >> ". Essentially it imposes a constraint on how "messy" the source code is >> allowed get. For example, currently the Sentry source is littered with >> unused imports, etc. >> >> > - Is it possible to use PMD to detect possible memory leakage? >> >> No, that is not the purpose of the tool. If the project is interested, I >> could ask INFRA to add Sentry to analysis.apache.org, which runs >> SonarQube >> against the source and reports issues. That does detect possible memory >> leakage (amongst many many other issues, a lot of them trivial). >> >> > - Will the PMD plugin introduce some false alarms?And how we can handle >> that? >> >> Not really. Sometimes it will report an error that you would like to keep. >> So for example, it errors on unused constructor or method parameters. >> Sometimes you might like to keep the parameter for backwards compatibility >> reasons. You can add a comment to the line of code to skip the check "// >> NOPMD" or else add a Java annotation to skip the check for a method, >> class, >> etc.: >> >> http://pmd.sourceforge.net/pmd-5.1.1/suppressing.html >> >> Thanks, >> >> Colm. >> >> On Tue, Dec 8, 2015 at 7:43 PM, Hao Hao <[email protected]> wrote: >> >> > Hi Colm, >> > >> > Thanks a lot for proposing a new way for managing the code quality. >> > Questions: >> > >> > >> > - What are the potentail bad behaviors we can catch throgh this >> plugin? >> > - Is it possible to use PMD to detect possible memory leakage? >> > - Will the PMD plugin introduce some false alarms?And how we can >> handle >> > that? >> > >> > >> > Thanks! >> > >> > Best, >> > Hao >> > >> > On Tue, Dec 8, 2015 at 11:13 AM, Colm O hEigeartaigh < >> [email protected]> >> > wrote: >> > >> > > Hi all, >> > > >> > > I would like to get some opinions about applying the PMD maven plugin >> to >> > > Sentry, aka the Project Mess Detector: >> > > >> > > https://maven.apache.org/plugins/maven-pmd-plugin/ >> > > https://pmd.github.io/ >> > > >> > > Essentially, PMD is a source code analyzer that checks for some common >> > > issues that occur. The maven plugin enforces PMD by throwing a build >> > error >> > > if a regression is detected. It can be skipped via a maven profile to >> > avoid >> > > having to run it if you are making local changes. >> > > >> > > Quite a few of the other Apache projects I'm involved in use PMD as >> part >> > of >> > > the build cycle (CXF, WSS4J, Santuario, Kerby, etc.). >> > > >> > > I've done a small bit of work with it already in Sentry, and would >> like >> > to >> > > get some feedback on whether to proceed with submitting a patch or >> not. >> > > Most of the issues are fairly trivial such as unused imports, >> variables, >> > > empty catch blocks etc. >> > > >> > > Thoughts? >> > > >> > > Colm. >> > > >> > > >> > > -- >> > > Colm O hEigeartaigh >> > > >> > > Talend Community Coder >> > > http://coders.talend.com >> > > >> > >> >> >> >> -- >> Colm O hEigeartaigh >> >> Talend Community Coder >> http://coders.talend.com >> > > > > -- > Thanks, > Anne > -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
