> > +1 for adding sonar as well. Thanks Colm! How about findbugs plugin > compared to PMD? Any experience on both? > > I don't have much experience with findbugs, although I can investigate it later. I can also take a look at the checkstyle plugin, which is used in several projects I'm familiar with, which I think will be beneficial for this project, e.g. enforcing indentation standards.
For now, I'm not hearing any objections, so will I go ahead and create a JIRA for adding PMD support? Or would anyone like to discuss it further first? Colm. > Best, > Hao > > On Thu, Dec 10, 2015 at 11:09 AM, Anne Yu <[email protected]> wrote: > >> Thanks Colm. >> >> 1. Looks good to me then. Any objection or concern regarding this plugin. >> PMD? >> >> 2. Filed, https://issues.apache.org/jira/browse/SENTRY-984 to you so we >> can >> track the discussion and decision. >> >> Best, >> Anne >> >> On Thu, Dec 10, 2015 at 2:08 AM, Colm O hEigeartaigh <[email protected] >> > >> wrote: >> >> > Hi Anne, >> > >> > Answers inline. >> > >> > 1. after integrate PMD into source code, the compiled jar files' sizes >> >> will be increased? if so, did you notice how much gets increased? >> >> >> > >> > There is no increase or impact at all on the compiled jars. The PMD >> plugin >> > is a source code analyzer, it doesn't look at the compiled code. It just >> > runs as part of the maven build cycle. >> > >> > >> >> >> >> 2. +1 for sonar upstream, I saw hbase is also included. >> >> >> > >> > Ok I can take care of this. >> > >> > >> >> >> >> 3. are you aware of any native apache tools to detect race concurrency >> >> and race condition in a static way, such as predict >> >> <https://www.runtimeverification.com/predict/>. If so, it will be >> >> >> benefitted to include such a tool; >> >> >> > >> > No I'm not unfortunately. The Sonar run will pick up on this stuff. >> > >> > Colm. >> > >> > >> >> Thanks, >> >> Anne >> >> >> >> On Wed, Dec 9, 2015 at 2:18 AM, Colm O hEigeartaigh < >> [email protected]> >> >> wrote: >> >> >> >>> Hi Hao, >> >>> >> >>> Answers below. >> >>> >> >>> > - What are the potentail bad behaviors we can catch throgh this >> >>> plugin? >> >>> >> >>> To quote the PMD page: "It finds common programming flaws like unused >> >>> variables, empty catch blocks, unnecessary object creation, and so >> forth. >> >>> ". Essentially it imposes a constraint on how "messy" the source code >> is >> >>> allowed get. For example, currently the Sentry source is littered with >> >>> unused imports, etc. >> >>> >> >>> > - Is it possible to use PMD to detect possible memory leakage? >> >>> >> >>> No, that is not the purpose of the tool. If the project is >> interested, I >> >>> could ask INFRA to add Sentry to analysis.apache.org, which runs >> >>> SonarQube >> >>> against the source and reports issues. That does detect possible >> memory >> >>> leakage (amongst many many other issues, a lot of them trivial). >> >>> >> >>> > - Will the PMD plugin introduce some false alarms?And how we can >> >>> handle >> >>> that? >> >>> >> >>> Not really. Sometimes it will report an error that you would like to >> >>> keep. >> >>> So for example, it errors on unused constructor or method parameters. >> >>> Sometimes you might like to keep the parameter for backwards >> >>> compatibility >> >>> reasons. You can add a comment to the line of code to skip the check >> "// >> >>> NOPMD" or else add a Java annotation to skip the check for a method, >> >>> class, >> >>> etc.: >> >>> >> >>> http://pmd.sourceforge.net/pmd-5.1.1/suppressing.html >> >>> >> >>> Thanks, >> >>> >> >>> Colm. >> >>> >> >>> On Tue, Dec 8, 2015 at 7:43 PM, Hao Hao <[email protected]> wrote: >> >>> >> >>> > Hi Colm, >> >>> > >> >>> > Thanks a lot for proposing a new way for managing the code quality. >> >>> > Questions: >> >>> > >> >>> > >> >>> > - What are the potentail bad behaviors we can catch throgh this >> >>> plugin? >> >>> > - Is it possible to use PMD to detect possible memory leakage? >> >>> > - Will the PMD plugin introduce some false alarms?And how we can >> >>> handle >> >>> > that? >> >>> > >> >>> > >> >>> > Thanks! >> >>> > >> >>> > Best, >> >>> > Hao >> >>> > >> >>> > On Tue, Dec 8, 2015 at 11:13 AM, Colm O hEigeartaigh < >> >>> [email protected]> >> >>> > wrote: >> >>> > >> >>> > > Hi all, >> >>> > > >> >>> > > I would like to get some opinions about applying the PMD maven >> >>> plugin to >> >>> > > Sentry, aka the Project Mess Detector: >> >>> > > >> >>> > > https://maven.apache.org/plugins/maven-pmd-plugin/ >> >>> > > https://pmd.github.io/ >> >>> > > >> >>> > > Essentially, PMD is a source code analyzer that checks for some >> >>> common >> >>> > > issues that occur. The maven plugin enforces PMD by throwing a >> build >> >>> > error >> >>> > > if a regression is detected. It can be skipped via a maven >> profile to >> >>> > avoid >> >>> > > having to run it if you are making local changes. >> >>> > > >> >>> > > Quite a few of the other Apache projects I'm involved in use PMD >> as >> >>> part >> >>> > of >> >>> > > the build cycle (CXF, WSS4J, Santuario, Kerby, etc.). >> >>> > > >> >>> > > I've done a small bit of work with it already in Sentry, and would >> >>> like >> >>> > to >> >>> > > get some feedback on whether to proceed with submitting a patch or >> >>> not. >> >>> > > Most of the issues are fairly trivial such as unused imports, >> >>> variables, >> >>> > > empty catch blocks etc. >> >>> > > >> >>> > > Thoughts? >> >>> > > >> >>> > > Colm. >> >>> > > >> >>> > > >> >>> > > -- >> >>> > > Colm O hEigeartaigh >> >>> > > >> >>> > > Talend Community Coder >> >>> > > http://coders.talend.com >> >>> > > >> >>> > >> >>> >> >>> >> >>> >> >>> -- >> >>> Colm O hEigeartaigh >> >>> >> >>> Talend Community Coder >> >>> http://coders.talend.com >> >>> >> >> >> >> >> >> >> >> -- >> >> Thanks, >> >> Anne >> >> >> > >> > >> > >> > -- >> > Colm O hEigeartaigh >> > >> > Talend Community Coder >> > http://coders.talend.com >> > >> >> >> >> -- >> Thanks, >> Anne >> > > -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
