I took a look at some of the blocker defects. e.g. https://sonarcloud.io/project/issues?id=org.apache.flink%3Aflink-parent&open=AWPxETxA3e-qcckj1Sl1&resolved=false&severities=BLOCKER&types=BUG
For ./flink-state-backends/flink-statebackend-rocksdb/src/main/java/org/apache/flink/contrib/streaming/state/PredefinedOptions.java , the closing of DBOptions using try-with-resources is categorized as blocker by the analysis. I don't think that categorization is proper. We can locate the high priority defects, according to consensus, and fix those. Cheers On Tue, Jun 12, 2018 at 2:01 PM, <simeon.arkhi...@gmail.com> wrote: > Hello Flink community. > > I am new in Flink project and probably don't understand it a lot. Could > you please clarify one question to me? > > I download Flink sources and build it from scratch. I found checkstyle > guidelines that every Flink developer should follow which is very useful. > However, I didn't find anything about static analysis tools like Sonarcube. > I have looked through mailing lists archive but without success. That > seemed very strange to me. > > I have setup Sonarcube and run analysis on whole Flink project. After a > while I have got 442 bugs, 511 vulnerabilities and more than 13K Code > Smells issues. You can see them all here: https://sonarcloud.io/ > dashboard?id=org.apache.flink%3Aflink-parent > > I looked through some of bugs and vulnerabilities and there are many > important ones (in my opinions) like these: > - 'other' is dereferenced. A "NullPointerException" could be thrown; > "other" is nullable here. > - Either re-interrupt this method or rethrow the "InterruptedException". > - Move this call to "wait()" into a synchronized block to be sure the > monitor on "Object" is held. > - Refactor this code so that the Iterator supports multiple traversal > - Use try-with-resources or close this "JsonGenerator" in a "finally" > clause. Use try-with-resources or close this "JsonGenerator" in a "finally" > clause. > - Cast one of the operands of this subtraction operation to a "long". > - Make "ZERO_CALENDAR" an instance variable. > - Add a "NoSuchElementException" for iteration beyond the end of the > collection. > - Replace the call to "Thread.sleep(...)" with a call to "wait(...)". > - Call "Optional#isPresent()" before accessing the value. > - Change this condition so that it does not always evaluate to "false". > Expression is always false. > - This class overrides "equals()" and should therefore also override > "hashCode()". > - "equals(Object obj)" should test argument type > - Not enough arguments in LOG.debug function. Not enough arguments. > - Remove this return statement from this finally block. > - "notify" may not wake up the appropriate thread. > - Remove the boxing to "Double". > - Classes should not be compared by name > - "buffers" is a method parameter, and should not be used for > synchronization. > > Are there any plans to work on static analysis support for Flink project > or it was intentionally agreed do not use static analysis as time consuming > and worthless? > > Thank you in advance for you replies. > > Best Regards, > --- > Alex Arkhipov > >
