Sonar analysis of OpenJDK 7 available (original) (raw)
Martijn Verburg martijnverburg at gmail.com
Thu Nov 24 09:41:57 UTC 2011
- Previous message: Sonar analysis of OpenJDK 7 available
- Next message: Sonar analysis of OpenJDK 7 available
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
+1 - this could/should be a ruleset decided upon by the committers, a typical process in OSS projects.
Sonar can combine Checkstyle, PMD and FindBugs + more, I guess the committers could start with one rule at a time. At least that's how I typically introduce these things into an existing code base.
Cheers, Martijn
On 24 November 2011 08:46, Henri Gomez <henri.gomez at gmail.com> wrote:
Why not discuss Sonar rules used and determine together, which should be enabled or disabled ?
2011/11/24 Roman Kennke <roman at kennke.org>: Hi Kelly,
Who gets to decide what the definition of "quality" here, or the configuration of what things to look for? I see 1,285 "violations" for using extra parens, Really? Things like return (true); are "violations"? return (true); is certainly correct code, but it's not good good style. Code quality is not only about correctness, but also (or most importantly) about maintainability. Things that makes difficult to read are violations. It seems like a very nice tool, we just need to be careful what we change and why. I've trusted findbugs to do no harm when fixing what it reports, but I haven't found any other tool I would trust.
The tool PMD would tell you a variable was not used, but fail to detect that it's assignment used a method call that had critical side-effects. This tool seems to suffer from the same problem. So people need to be very very careful here. Critical side effects are bad bad quality IMO. Cheers, Roman -kto On Nov 22, 2011, at 1:24 AM, Evgeny Mandrikov wrote: > Hi, > > As per request of Dalibor Topic [1] I'm announcing that static analysis of > OpenJDK 7 [2] by Sonar [3] available at our public instance called Nemo [4]. > Analysis is scheduled on a periodic basis once in a week. > Dedicated quality profile was not used, so there might be some > false-positive violations (like rule "Dont Import Sun"). However we are > open for collaborations and ready to create a dedicated quality profile and > I suppose that "Code Conventions" [5] might be used as a starting point. > > [1] https://twitter.com/#!/robilad/status/138707382363635712 > [2] http://hg.openjdk.java.net/jdk7u/jdk7u/jdk/ > [3] http://www.sonarsource.org/ > [4] http://nemo.sonarsource.org/dashboard/index/net.java.openjdk:jdk7 > [5] http://openjdk.java.net/guide/codeConventions.html > > -- > Best regards, > Evgeny Mandrikov aka Godin <http://godin.net.ru> | SonarSource > http://twitter.com/godin > http://sonarsource.com
- Previous message: Sonar analysis of OpenJDK 7 available
- Next message: Sonar analysis of OpenJDK 7 available
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]