+1 for adding sonar as well. Thanks Colm! How about findbugs plugin compared to PMD? Any experience on both?
Best, Hao On Thu, Dec 10, 2015 at 11:09 AM, Anne Yu <[email protected]> wrote: > Thanks Colm. > > 1. Looks good to me then. Any objection or concern regarding this plugin. > PMD? > > 2. Filed, https://issues.apache.org/jira/browse/SENTRY-984 to you so we > can > track the discussion and decision. > > Best, > Anne > > On Thu, Dec 10, 2015 at 2:08 AM, Colm O hEigeartaigh <[email protected]> > wrote: > > > Hi Anne, > > > > Answers inline. > > > > 1. after integrate PMD into source code, the compiled jar files' sizes > >> will be increased? if so, did you notice how much gets increased? > >> > > > > There is no increase or impact at all on the compiled jars. The PMD > plugin > > is a source code analyzer, it doesn't look at the compiled code. It just > > runs as part of the maven build cycle. > > > > > >> > >> 2. +1 for sonar upstream, I saw hbase is also included. > >> > > > > Ok I can take care of this. > > > > > >> > >> 3. are you aware of any native apache tools to detect race concurrency > >> and race condition in a static way, such as predict > >> <https://www.runtimeverification.com/predict/>. If so, it will be > >> benefitted to include such a tool; > >> > > > > No I'm not unfortunately. The Sonar run will pick up on this stuff. > > > > Colm. > > > > > >> Thanks, > >> Anne > >> > >> On Wed, Dec 9, 2015 at 2:18 AM, Colm O hEigeartaigh < > [email protected]> > >> wrote: > >> > >>> Hi Hao, > >>> > >>> Answers below. > >>> > >>> > - What are the potentail bad behaviors we can catch throgh this > >>> plugin? > >>> > >>> To quote the PMD page: "It finds common programming flaws like unused > >>> variables, empty catch blocks, unnecessary object creation, and so > forth. > >>> ". Essentially it imposes a constraint on how "messy" the source code > is > >>> allowed get. For example, currently the Sentry source is littered with > >>> unused imports, etc. > >>> > >>> > - Is it possible to use PMD to detect possible memory leakage? > >>> > >>> No, that is not the purpose of the tool. If the project is interested, > I > >>> could ask INFRA to add Sentry to analysis.apache.org, which runs > >>> SonarQube > >>> against the source and reports issues. That does detect possible memory > >>> leakage (amongst many many other issues, a lot of them trivial). > >>> > >>> > - Will the PMD plugin introduce some false alarms?And how we can > >>> handle > >>> that? > >>> > >>> Not really. Sometimes it will report an error that you would like to > >>> keep. > >>> So for example, it errors on unused constructor or method parameters. > >>> Sometimes you might like to keep the parameter for backwards > >>> compatibility > >>> reasons. You can add a comment to the line of code to skip the check > "// > >>> NOPMD" or else add a Java annotation to skip the check for a method, > >>> class, > >>> etc.: > >>> > >>> http://pmd.sourceforge.net/pmd-5.1.1/suppressing.html > >>> > >>> Thanks, > >>> > >>> Colm. > >>> > >>> On Tue, Dec 8, 2015 at 7:43 PM, Hao Hao <[email protected]> wrote: > >>> > >>> > Hi Colm, > >>> > > >>> > Thanks a lot for proposing a new way for managing the code quality. > >>> > Questions: > >>> > > >>> > > >>> > - What are the potentail bad behaviors we can catch throgh this > >>> plugin? > >>> > - Is it possible to use PMD to detect possible memory leakage? > >>> > - Will the PMD plugin introduce some false alarms?And how we can > >>> handle > >>> > that? > >>> > > >>> > > >>> > Thanks! > >>> > > >>> > Best, > >>> > Hao > >>> > > >>> > On Tue, Dec 8, 2015 at 11:13 AM, Colm O hEigeartaigh < > >>> [email protected]> > >>> > wrote: > >>> > > >>> > > Hi all, > >>> > > > >>> > > I would like to get some opinions about applying the PMD maven > >>> plugin to > >>> > > Sentry, aka the Project Mess Detector: > >>> > > > >>> > > https://maven.apache.org/plugins/maven-pmd-plugin/ > >>> > > https://pmd.github.io/ > >>> > > > >>> > > Essentially, PMD is a source code analyzer that checks for some > >>> common > >>> > > issues that occur. The maven plugin enforces PMD by throwing a > build > >>> > error > >>> > > if a regression is detected. It can be skipped via a maven profile > to > >>> > avoid > >>> > > having to run it if you are making local changes. > >>> > > > >>> > > Quite a few of the other Apache projects I'm involved in use PMD as > >>> part > >>> > of > >>> > > the build cycle (CXF, WSS4J, Santuario, Kerby, etc.). > >>> > > > >>> > > I've done a small bit of work with it already in Sentry, and would > >>> like > >>> > to > >>> > > get some feedback on whether to proceed with submitting a patch or > >>> not. > >>> > > Most of the issues are fairly trivial such as unused imports, > >>> variables, > >>> > > empty catch blocks etc. > >>> > > > >>> > > Thoughts? > >>> > > > >>> > > Colm. > >>> > > > >>> > > > >>> > > -- > >>> > > Colm O hEigeartaigh > >>> > > > >>> > > Talend Community Coder > >>> > > http://coders.talend.com > >>> > > > >>> > > >>> > >>> > >>> > >>> -- > >>> Colm O hEigeartaigh > >>> > >>> Talend Community Coder > >>> http://coders.talend.com > >>> > >> > >> > >> > >> -- > >> Thanks, > >> Anne > >> > > > > > > > > -- > > Colm O hEigeartaigh > > > > Talend Community Coder > > http://coders.talend.com > > > > > > -- > Thanks, > Anne >
