Sounds good to me. From my experience, PMD and FindBugs are complementary and we should consider using both. They find different types of problems in the code (with some overlap). Thanks for taking this on Colm.
Thanks, Lenni On Dec 11, 2015 1:31 AM, "Colm O hEigeartaigh" <[email protected]> wrote: > > > > +1 for adding sonar as well. Thanks Colm! How about findbugs plugin > > compared to PMD? Any experience on both? > > > > > I don't have much experience with findbugs, although I can investigate it > later. I can also take a look at the checkstyle plugin, which is used in > several projects I'm familiar with, which I think will be beneficial for > this project, e.g. enforcing indentation standards. > > For now, I'm not hearing any objections, so will I go ahead and create a > JIRA for adding PMD support? Or would anyone like to discuss it further > first? > > Colm. > > > > Best, > > Hao > > > > On Thu, Dec 10, 2015 at 11:09 AM, Anne Yu <[email protected]> wrote: > > > >> Thanks Colm. > >> > >> 1. Looks good to me then. Any objection or concern regarding this > plugin. > >> PMD? > >> > >> 2. Filed, https://issues.apache.org/jira/browse/SENTRY-984 to you so we > >> can > >> track the discussion and decision. > >> > >> Best, > >> Anne > >> > >> On Thu, Dec 10, 2015 at 2:08 AM, Colm O hEigeartaigh < > [email protected] > >> > > >> wrote: > >> > >> > Hi Anne, > >> > > >> > Answers inline. > >> > > >> > 1. after integrate PMD into source code, the compiled jar files' sizes > >> >> will be increased? if so, did you notice how much gets increased? > >> >> > >> > > >> > There is no increase or impact at all on the compiled jars. The PMD > >> plugin > >> > is a source code analyzer, it doesn't look at the compiled code. It > just > >> > runs as part of the maven build cycle. > >> > > >> > > >> >> > >> >> 2. +1 for sonar upstream, I saw hbase is also included. > >> >> > >> > > >> > Ok I can take care of this. > >> > > >> > > >> >> > >> >> 3. are you aware of any native apache tools to detect race > concurrency > >> >> and race condition in a static way, such as predict > >> >> <https://www.runtimeverification.com/predict/>. If so, it will be > >> > >> >> benefitted to include such a tool; > >> >> > >> > > >> > No I'm not unfortunately. The Sonar run will pick up on this stuff. > >> > > >> > Colm. > >> > > >> > > >> >> Thanks, > >> >> Anne > >> >> > >> >> On Wed, Dec 9, 2015 at 2:18 AM, Colm O hEigeartaigh < > >> [email protected]> > >> >> wrote: > >> >> > >> >>> Hi Hao, > >> >>> > >> >>> Answers below. > >> >>> > >> >>> > - What are the potentail bad behaviors we can catch throgh this > >> >>> plugin? > >> >>> > >> >>> To quote the PMD page: "It finds common programming flaws like > unused > >> >>> variables, empty catch blocks, unnecessary object creation, and so > >> forth. > >> >>> ". Essentially it imposes a constraint on how "messy" the source > code > >> is > >> >>> allowed get. For example, currently the Sentry source is littered > with > >> >>> unused imports, etc. > >> >>> > >> >>> > - Is it possible to use PMD to detect possible memory leakage? > >> >>> > >> >>> No, that is not the purpose of the tool. If the project is > >> interested, I > >> >>> could ask INFRA to add Sentry to analysis.apache.org, which runs > >> >>> SonarQube > >> >>> against the source and reports issues. That does detect possible > >> memory > >> >>> leakage (amongst many many other issues, a lot of them trivial). > >> >>> > >> >>> > - Will the PMD plugin introduce some false alarms?And how we can > >> >>> handle > >> >>> that? > >> >>> > >> >>> Not really. Sometimes it will report an error that you would like to > >> >>> keep. > >> >>> So for example, it errors on unused constructor or method > parameters. > >> >>> Sometimes you might like to keep the parameter for backwards > >> >>> compatibility > >> >>> reasons. You can add a comment to the line of code to skip the check > >> "// > >> >>> NOPMD" or else add a Java annotation to skip the check for a method, > >> >>> class, > >> >>> etc.: > >> >>> > >> >>> http://pmd.sourceforge.net/pmd-5.1.1/suppressing.html > >> >>> > >> >>> Thanks, > >> >>> > >> >>> Colm. > >> >>> > >> >>> On Tue, Dec 8, 2015 at 7:43 PM, Hao Hao <[email protected]> > wrote: > >> >>> > >> >>> > Hi Colm, > >> >>> > > >> >>> > Thanks a lot for proposing a new way for managing the code > quality. > >> >>> > Questions: > >> >>> > > >> >>> > > >> >>> > - What are the potentail bad behaviors we can catch throgh this > >> >>> plugin? > >> >>> > - Is it possible to use PMD to detect possible memory leakage? > >> >>> > - Will the PMD plugin introduce some false alarms?And how we > can > >> >>> handle > >> >>> > that? > >> >>> > > >> >>> > > >> >>> > Thanks! > >> >>> > > >> >>> > Best, > >> >>> > Hao > >> >>> > > >> >>> > On Tue, Dec 8, 2015 at 11:13 AM, Colm O hEigeartaigh < > >> >>> [email protected]> > >> >>> > wrote: > >> >>> > > >> >>> > > Hi all, > >> >>> > > > >> >>> > > I would like to get some opinions about applying the PMD maven > >> >>> plugin to > >> >>> > > Sentry, aka the Project Mess Detector: > >> >>> > > > >> >>> > > https://maven.apache.org/plugins/maven-pmd-plugin/ > >> >>> > > https://pmd.github.io/ > >> >>> > > > >> >>> > > Essentially, PMD is a source code analyzer that checks for some > >> >>> common > >> >>> > > issues that occur. The maven plugin enforces PMD by throwing a > >> build > >> >>> > error > >> >>> > > if a regression is detected. It can be skipped via a maven > >> profile to > >> >>> > avoid > >> >>> > > having to run it if you are making local changes. > >> >>> > > > >> >>> > > Quite a few of the other Apache projects I'm involved in use PMD > >> as > >> >>> part > >> >>> > of > >> >>> > > the build cycle (CXF, WSS4J, Santuario, Kerby, etc.). > >> >>> > > > >> >>> > > I've done a small bit of work with it already in Sentry, and > would > >> >>> like > >> >>> > to > >> >>> > > get some feedback on whether to proceed with submitting a patch > or > >> >>> not. > >> >>> > > Most of the issues are fairly trivial such as unused imports, > >> >>> variables, > >> >>> > > empty catch blocks etc. > >> >>> > > > >> >>> > > Thoughts? > >> >>> > > > >> >>> > > Colm. > >> >>> > > > >> >>> > > > >> >>> > > -- > >> >>> > > Colm O hEigeartaigh > >> >>> > > > >> >>> > > Talend Community Coder > >> >>> > > http://coders.talend.com > >> >>> > > > >> >>> > > >> >>> > >> >>> > >> >>> > >> >>> -- > >> >>> Colm O hEigeartaigh > >> >>> > >> >>> Talend Community Coder > >> >>> http://coders.talend.com > >> >>> > >> >> > >> >> > >> >> > >> >> -- > >> >> Thanks, > >> >> Anne > >> >> > >> > > >> > > >> > > >> > -- > >> > Colm O hEigeartaigh > >> > > >> > Talend Community Coder > >> > http://coders.talend.com > >> > > >> > >> > >> > >> -- > >> Thanks, > >> Anne > >> > > > > > > > -- > Colm O hEigeartaigh > > Talend Community Coder > http://coders.talend.com >
