Good questions. Right now we're not actively using it (at least not publicly, as far as I know, individual contributors may be using it or sonar or something else).
For the specific warning (index out of bounds) you point out below, if map.length was odd, then the consumer.consume(map[i],map[i+1]) could reference map.length+1, which is invalid. This can only happen if the length is odd, since we're incrementing i += 2). However, in our case, map is initialized to capacity * 2 * 2, so it'll always be even, so this potential bug can't ever happen. We could be a bit more defensive (which would probably hint to lgtm that it's impossible) by stopping iteration at map.length -1 (which won't change the behavior), or we can just ignore it - so far we've just ignored it. - Jeff On Wed, Nov 1, 2017 at 5:56 AM, Salih Gedik <m...@salih.xyz> wrote: > Hi, > > As an undergrad student I actually question the output of static analysis > tools. Are you guys actively using it or do you find projects like Sonar > efficient in such open source projects? Last time I heard that FindBugs are > no longer maintained because the code was hard to maintain. For instance I > checked one of the “Potential Index Out of bounds” pointed by LGTM. This is > listed as a potential one. What is wrong with the snippet below?( > https://lgtm.com/projects/g/apache/cassandra/alerts/?mode=tree&severity= > error&rule=2049320662 <https://lgtm.com/projects/g/ > apache/cassandra/alerts/?mode=tree&severity=error&rule=2049320662>) > > <E extends Exception> void forEach(HistogramDataConsumer<E> consumer) > throws E > { > for (int i = 0; i < map.length; i += 2) > { > if (map[i] != -1) > { > consumer.consume(map[i], map[i + 1]); > } > } > } > > Thanks a lot! > > > > > > On 1 Nov 2017, at 12:53, Jeff Jirsa <jji...@gmail.com> wrote: > > > > Ah, I remember that now. Blocked by a guava bug? 4.0 seems like a good > time to upgrade guava. > > > > -- > > Jeff Jirsa > > > > > >> On Nov 1, 2017, at 2:49 AM, Stefan Podkowinski <s...@apache.org> wrote: > >> > >> > >>> 2) Static Analysis stuff: > >> > >> I think it's worth mentioning that I also tried to integrate the Error > >> Prone analyzer (http://errorprone.info/) a while ago as part of > >> CASSANDRA-13175. Eventually I dropped the ball there due to some > >> classpath issues, but maybe that can be fix or worked around. > >> > >> Having a service like lgtm.com is nice, but ideally I'd like to have a > >> solution that does integrate with circle CI and clearly indicates new > >> issues for a proposed patch. Or, at least, have a one-click way to check > >> new code that is about to get committed using an external service. > >> Easily recognizing issues for new code seems to be more valuable to me, > >> instead of having a long report for your complete code base that you > >> have to filter manually. > >> > >> --------------------------------------------------------------------- > >> To unsubscribe, e-mail: dev-unsubscr...@cassandra.apache.org > >> For additional commands, e-mail: dev-h...@cassandra.apache.org > >> > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: dev-unsubscr...@cassandra.apache.org > > For additional commands, e-mail: dev-h...@cassandra.apache.org > > > >
