Project Name: Practice What You Preach
Quality of source code can be examined by many different tools, Checkstyle is one of them, but not the only one. Checkstyle team uses its own tool to check its sources. But there is no limit to perfection and we can make Checkstyle source code even better than it is now. The idea is to reuse and configure some other well-known static code analysers (PMD, Sonar, Eclipse, IntelliJ IDEA Inspection, HuntBugs, SpotBugs, Pitest) to run all rules, checks, inspections, validations, mutations on Checkstyle main and test source code at each pull request to ease and speed-up code-review or patch acceptance process. Usage of such tool allow author receive first feedback on his changes in short period of time (as soon as automated validation finish) and allow maintainers to review code with full focus on design issues that neither of such tools could validate.
Project was splitted to several parts, each of them includes interaction with some specific tool:
- Pitest
- PMD
- HuntBugs and SpotBugs
- IntelliJ IDEA inspections
- Sonar
- Eclipse
- Jacoco
Pitest is all about mutation testing. This tool mutates the code in several different ways (see mutators) and checks if any test fail after this mutations.
The goal of this part of the project was to increase code mutation coverage to 100%, so that every mutation will break some test.
In scope of this part of the project such commits were merged:
add pitest non-checks code profiles
add pitest-checks-annotation profile
increase mutation coverage of pitest-checks-header profile to 94%
increase coverage of pitest-checks-common profile to 85%
increase coverage of pitest-checkstyle-utils profile to 49%
increase coverage of pitest-checkstyle-common profile to 89%
increase coverage of pitest-checkstyle-utils profile to 67%
increase coverage of pitest-checkstyle-tree-walker profile to 89%
united api and filters profiles, increased coverage to 85%
increase coverage of pitest-checkstyle-common profile to 92%
increase coverage of pitest-checkstyle-utils profile to 99%
increase coverage of pitest-checkstyle-common profile to 95%
increase coverage of pitest-checkstyle-common profile to 98%
increase coverage of pitest-checkstyle-api-filters profile to 90%
increase coverage of pitest-checkstyle-common profile to 100%
increase coverage of pitest-checkstyle-utils profile to 100%
increase coverage of pitest-checkstyle-tree-walker profile to 94%
increase coverage of pitest-checkstyle-main profile to 100%
increase coverage of pitest-checkstyle-tree-walker profile to 100%
rearranged pitest-checkstyle-api-filters profile
increase coverage of pitest-checkstyle-api profile to 96%
increase coverage of pitest-checkstyle-api profile to 100%
increase coverage of pitest-checkstyle-filters profile to 100%
increase coverage of pitest-checks-header profile to 100%
increase coverage of pitest-checks-annotation to 100%
increase coverage of pitest-checkstyle main profile to 100%
increase coverage of pitest-checks-misc to 93%
increase coverage of pitest-checkstyle-tree-walker to 100%
increased coverage of pitest-checks-regexp to 100%
increased coverage of pitest-checks-misc to 96%
increased coverage of pitest-checks-whitespace to 98%
increased coverage of pitest-checks-sizes to 100%
In scope of this part of the project such commit was proposed:
increase coverage of pitest-checks-imports to 96%
increase coverage of pitest-checks-design to 100%
Created several issues which should be resolved out of GSoC:
pitest: increase mutation coverage for pitest-checkstyle-gui profile to 100%
PMD scans source code and looks for potential problems like: possible bugs, dead code, suboptimal code, overcomplicated expressions, duplicate code.
The goal of this part of the project was to fix or suppress all PMD violations in tests.
In scope of this part of the project such commits were merged:
bumped version of pmd-mvn-plugin to 3.8 and pmd to 5.7.0
enable test checks for pmd, create separate configs and suppress all violations
suppresed production code violations as they should not be fixed
fix pmd violations for CheckstyleCustomShortVariable
fix pmd violations for CommentDefaultAccessModifier
fix pmd violations for ConfusingTernary
fix pmd violations for JUnit4TestShouldUseTestAnnotation
suppress pmd violations for NcssMethodCount
fix pmd violations for LoggerIsNotStaticFinal
fix pmd violations for UncommentedEmptyMethodBody
fix pmd violations for InsufficientStringBufferDeclaration
fix pmd violations for AppendCharacterWithChar
fix pmd violations for UselessOverridingMethod
suppress pmd violations for it package
fix first bunch of pmd violations for JUnitAssertionsShouldIncludeMessage
fix second bunch of pmd violations for JUnitAssertionsShouldIncludeMessage
fix third bunch of pmd violations for JUnitAssertionsShouldIncludeMessage
fix pmd violations for TestClassWithoutTestCases
fix fourth bunch of pmd violations for JUnitAssertionsShouldIncludeMessage
fix first part of tentative pmd violations
fix pmd dependencies which prevented it from using the latest version
fix second part of JUnitTestsShouldIncludeAssert violations
fix third part of JUnitTestsShouldIncludeAssert violations
fix AccessorClassGeneration and JUnitTestsShouldIncludeAssert violations
fix TreeWalkerTest JUnitTestsShouldIncludeAssert violations
SpotBugs is a program which uses static analysis to look for bugs in Java code.
HuntBugs is a new Java bytecode static analyzer tool based on Procyon Compiler Tools aimed to supersede the FindBugs
In scope of this part of the project such commits were merged:
Huntbugs was investigated and discussed here. Finally, we made a decision to not use it in Checkstyle project as it is not supported and already dead.
IntelliJ IDEA static code analyser detects compiler and runtime errors, different code inefficiencies, unreachable code, unused code, non-localized string, unresolved method, memory leaks and even spelling problems.
The goal of this part of the project was to either fix all uncommented in Checkstyle IntelliJ config violations or suppress them with some meaningful comment.
In scope of this part of the project such commits were merged:
fixed abstraction IDEA violations
fixed code style idea violations
fix easy cases of the fifth part of idea violations
fix easy cases of the seventh part of idea violations
fix SimplifiableIfStatement, suppress MissingPackageInfo violations
fix all violations from the fourth part of idea violations
fix all violations from the third part of idea violations
delete deprecated: AbstractComplexityCheck, AbstractIllegalCheck AbstractIllegalMethodCheck, AbstractNestedDepthCheck
fix CallToSimpleGetterInClass, MismatchedCollectionQueryUpdate NullableProblems idea violations
add inspections passed without violations
fixed remained violations for the nineth part of idea violations
introduce InterfaceMayBeFunctional violation, add annotations
add suppressions on the eleventh part of IDEA violations
fix FieldNotUsedInToString IDEA violations
fix EqualsReplaceableByObjectsCall IDEA violation
fix MethodMayBeStatic idea violations
fix HtmlTagCanBeJavadocTag idea violation
fix all violations from the sixth part of idea violations
fix all violations from the tenth part of idea violations
fix first 200 AssertsWithoutMessages violations
fix InconsistentResourceBundle idea violation
fix some violations from eleventh part of idea violations
fix AlphaUnsortedPropertiesFile idea violation
fix second 200 AssertsWithoutMessages violations
fix 300 more AssertsWithoutMessages violations
fix final 300 AssertsWithoutMessages idea violations
fix EqualsUsesNonFinalVariable, HashCodeUsesNonFinalVariable...
fix all violations of BooleanParameter idea check except...
hot fix for BooleanParameter idea violation
fix avoid boolean parameters for public methods
fix some violations from the eleventh part of idea violations
add suppressions on the twelfth part of idea violations
fix HtmlTagCanBeJavadocTag idea violation for TokenTypes
fix twelfth part idea violations
fix BooleanParameter idea violation for it package
fix MultipleReturnPointsPerMethod idea violation
fix ThisEscapedInConstructor idea violation for ImportControl class
fix HtmlTagCanBeJavadocTag in TokenTypes
In scope of this part of the project such commit was proposed:
add script for checking idea inspections (for windows)
Created several issues which should be resolved out of GSoC:
idea: fix ThisEscapedInConstructor idea violation for AbstractClassCouplingCheck.FileContext class
idea: fix ThisEscapedInConstructor idea violation for AbstractLoader class
idea: fix ThisEscapedInConstructor idea violation for IndentationCheck class
Sonar is one more static analyser which also detects bugs, code smells, security vulnerabilities and some more.
The goal of this part of the project was to activate Sonar for PR validation to prevent bad code leak to the project.
In scope of this part of the project such commit was proposed:
add initial scripts for running sonar in docker
Eclipse compiler also performs a static code analysis, detects compiler errors, bugs and vulnerabilities.
The goal of this part of the project was to introduce eclipse compiler checks to the build flow.
In scope of this part of the project such commit was merged:
add eclipse violation check as a maven plugin
In scope of this part of the project such commit was proposed:
Originally there was plan to start to use jacoco code coverage tool instead of cobertura tool. But jacoco team did not make long awaited release with implemented filters that could allow checkstyle project to use jacoco without any compromise of code quality. Admins of Checkstyle project allowed to skip this sub tasks from GSoC as it does not make sense to do now.
- contribution process in github;
- process of working on several tasks at the same time;
- continuous integration process and automated regression testing process by means of opensource tools and free web services that have integration with github;
- become familiar with all known opensource java static analysis tools;
- understand that not all best practices, rules are good for particular project;
- neither tool cover all best practices and there are a lot of overlaps between tools, but all of them have smth unique, more reliable or configurable implementations;
- it became clear how difficult is it to resolve technical debt in existing project/code and that is not so easy to not allow it appearance during code acceptance without such checkers as static code analysers and more;
- how to gradually (step by step) introduce new static code analysis tools to actively developed project;
- benefits of splitting task to multiple subtasks and deliver results to acceptance to target code base as soon as some part of the work is done;
- big patches or Pull Requests are very difficult for maintainer to review and hard to change, rebasing changes to the latest code to avoid conflicts became also very complicated for an author of a patch. So it is very convenient to split your changes to multiple patches if possible.
I want to thank all who was helping me during this GSoC project, especially @romani and @rnveach. I gained a great experience struggling for the better code quality with Checkstyle! Thank you! 😃