Thanks Colm. 1. Looks good to me then. Any objection or concern regarding this plugin. PMD?
2. Filed, https://issues.apache.org/jira/browse/SENTRY-984 to you so we can track the discussion and decision. Best, Anne On Thu, Dec 10, 2015 at 2:08 AM, Colm O hEigeartaigh <[email protected]> wrote: > Hi Anne, > > Answers inline. > > 1. after integrate PMD into source code, the compiled jar files' sizes >> will be increased? if so, did you notice how much gets increased? >> > > There is no increase or impact at all on the compiled jars. The PMD plugin > is a source code analyzer, it doesn't look at the compiled code. It just > runs as part of the maven build cycle. > > >> >> 2. +1 for sonar upstream, I saw hbase is also included. >> > > Ok I can take care of this. > > >> >> 3. are you aware of any native apache tools to detect race concurrency >> and race condition in a static way, such as predict >> <https://www.runtimeverification.com/predict/>. If so, it will be >> benefitted to include such a tool; >> > > No I'm not unfortunately. The Sonar run will pick up on this stuff. > > Colm. > > >> Thanks, >> Anne >> >> On Wed, Dec 9, 2015 at 2:18 AM, Colm O hEigeartaigh <[email protected]> >> wrote: >> >>> Hi Hao, >>> >>> Answers below. >>> >>> > - What are the potentail bad behaviors we can catch throgh this >>> plugin? >>> >>> To quote the PMD page: "It finds common programming flaws like unused >>> variables, empty catch blocks, unnecessary object creation, and so forth. >>> ". Essentially it imposes a constraint on how "messy" the source code is >>> allowed get. For example, currently the Sentry source is littered with >>> unused imports, etc. >>> >>> > - Is it possible to use PMD to detect possible memory leakage? >>> >>> No, that is not the purpose of the tool. If the project is interested, I >>> could ask INFRA to add Sentry to analysis.apache.org, which runs >>> SonarQube >>> against the source and reports issues. That does detect possible memory >>> leakage (amongst many many other issues, a lot of them trivial). >>> >>> > - Will the PMD plugin introduce some false alarms?And how we can >>> handle >>> that? >>> >>> Not really. Sometimes it will report an error that you would like to >>> keep. >>> So for example, it errors on unused constructor or method parameters. >>> Sometimes you might like to keep the parameter for backwards >>> compatibility >>> reasons. You can add a comment to the line of code to skip the check "// >>> NOPMD" or else add a Java annotation to skip the check for a method, >>> class, >>> etc.: >>> >>> http://pmd.sourceforge.net/pmd-5.1.1/suppressing.html >>> >>> Thanks, >>> >>> Colm. >>> >>> On Tue, Dec 8, 2015 at 7:43 PM, Hao Hao <[email protected]> wrote: >>> >>> > Hi Colm, >>> > >>> > Thanks a lot for proposing a new way for managing the code quality. >>> > Questions: >>> > >>> > >>> > - What are the potentail bad behaviors we can catch throgh this >>> plugin? >>> > - Is it possible to use PMD to detect possible memory leakage? >>> > - Will the PMD plugin introduce some false alarms?And how we can >>> handle >>> > that? >>> > >>> > >>> > Thanks! >>> > >>> > Best, >>> > Hao >>> > >>> > On Tue, Dec 8, 2015 at 11:13 AM, Colm O hEigeartaigh < >>> [email protected]> >>> > wrote: >>> > >>> > > Hi all, >>> > > >>> > > I would like to get some opinions about applying the PMD maven >>> plugin to >>> > > Sentry, aka the Project Mess Detector: >>> > > >>> > > https://maven.apache.org/plugins/maven-pmd-plugin/ >>> > > https://pmd.github.io/ >>> > > >>> > > Essentially, PMD is a source code analyzer that checks for some >>> common >>> > > issues that occur. The maven plugin enforces PMD by throwing a build >>> > error >>> > > if a regression is detected. It can be skipped via a maven profile to >>> > avoid >>> > > having to run it if you are making local changes. >>> > > >>> > > Quite a few of the other Apache projects I'm involved in use PMD as >>> part >>> > of >>> > > the build cycle (CXF, WSS4J, Santuario, Kerby, etc.). >>> > > >>> > > I've done a small bit of work with it already in Sentry, and would >>> like >>> > to >>> > > get some feedback on whether to proceed with submitting a patch or >>> not. >>> > > Most of the issues are fairly trivial such as unused imports, >>> variables, >>> > > empty catch blocks etc. >>> > > >>> > > Thoughts? >>> > > >>> > > Colm. >>> > > >>> > > >>> > > -- >>> > > Colm O hEigeartaigh >>> > > >>> > > Talend Community Coder >>> > > http://coders.talend.com >>> > > >>> > >>> >>> >>> >>> -- >>> Colm O hEigeartaigh >>> >>> Talend Community Coder >>> http://coders.talend.com >>> >> >> >> >> -- >> Thanks, >> Anne >> > > > > -- > Colm O hEigeartaigh > > Talend Community Coder > http://coders.talend.com > -- Thanks, Anne
