Automatic Quality Assurance checks

The GeoServer builds on Github Actions and apply PMD and Error Prone checks on the code base and will fail the build in case of rule violation.

In case you want to just run the build with the full checks locally, use the following command:

mvn clean install -Dqa -Dall

Add extra parameters as you see fit, like -T1C -nsu to speed up the build, or -Dfmt.skip=true -DskipTests to avoid running tests and code formatting.

PMD checks

The PMD checks are based on source code analysis for common errors, we have configured PMD to check for common mistakes and bad practices such as accidentally including debug System.out.println() statements in your commit.

Rules are configured in our build build/qa/pmd-ruleset.xml:

  <rule ref="category/java/bestpractices.xml/AvoidUsingHardCodedIP"/>
  <rule ref="category/java/bestpractices.xml/CheckResultSet"/>
  <rule ref="category/java/bestpractices.xml/UnusedLocalVariable"/>
  <rule ref="category/java/bestpractices.xml/UnusedPrivateField"/>
  <rule ref="category/java/bestpractices.xml/UnusedPrivateMethod"/>
  <rule ref="category/java/bestpractices.xml/SystemPrintln"/>
  <rule ref="category/java/bestpractices.xml/ForLoopCanBeForeach" />
  <rule ref="category/java/bestpractices.xml/UseTryWithResources" >
      // The rule reports false positives for closeable arguments that are used
      // closed within the method body. This suppression tries to avoid false positives for
      // this case, until we can switch to Java 9 and just use try(variable) {...} without
      // the need to instatiate the variable in the try
      <property name="violationSuppressXPath" value="./FinallyStatement//Name[substring-after(@Image, '.') = 'close' or substring-after(@Image, '.') = 'closeQuietly'][pmd-java:typeIs('java.lang.AutoCloseable') and fn:substring-before(@Image, '.') = ancestor::MethodDeclaration/MethodDeclarator//VariableDeclaratorId/@Name]"/>
  <rule ref="category/java/bestpractices.xml/ReplaceHashtableWithMap" />
  <rule ref="category/java/bestpractices.xml/ReplaceVectorWithList" />
  <rule ref="category/java/bestpractices.xml/AvoidPrintStackTrace" />
  <rule ref="category/java/bestpractices.xml/MissingOverride" />
  <rule ref="category/java/bestpractices.xml/UseStandardCharsets" />

  <rule ref="category/java/performance.xml/UseArrayListInsteadOfVector" />

  <rule ref="category/java/codestyle.xml/ExtendsObject"/>
  <rule ref="category/java/codestyle.xml/ForLoopShouldBeWhileLoop"/>
  <rule ref="category/java/codestyle.xml/UnnecessaryFullyQualifiedName"/>
  <rule ref="category/java/codestyle.xml/UseDiamondOperator" />
  <rule ref="category/java/codestyle.xml/UnnecessaryReturn"/>
  <rule ref="category/java/codestyle.xml/UselessParentheses"/>
  <rule ref="category/java/codestyle.xml/UselessQualifiedThis"/>
  <rule ref="category/java/codestyle.xml/UnnecessaryCast" />
  <rule ref="category/java/codestyle.xml/IdenticalCatchBranches" />
  <rule ref="category/java/codestyle.xml/UseShortArrayInitializer" />
  <rule ref="category/java/codestyle.xml/UnnecessaryImport" />
  <rule ref="category/java/errorprone.xml/AvoidDecimalLiteralsInBigDecimalConstructor"/>
  <rule ref="category/java/errorprone.xml/AvoidMultipleUnaryOperators"/>
  <rule ref="category/java/errorprone.xml/AvoidUsingOctalValues"/>
  <rule ref="category/java/errorprone.xml/BrokenNullCheck"/>
  <rule ref="category/java/errorprone.xml/CheckSkipResult"/>
  <rule ref="category/java/errorprone.xml/ClassCastExceptionWithToArray"/>
  <rule ref="category/java/errorprone.xml/DontUseFloatTypeForLoopIndices"/>
  <rule ref="category/java/errorprone.xml/EmptyFinallyBlock"/>
  <rule ref="category/java/errorprone.xml/EmptyIfStmt"/>
  <rule ref="category/java/errorprone.xml/EmptyInitializer"/>
  <rule ref="category/java/errorprone.xml/EmptyStatementBlock"/>
  <rule ref="category/java/errorprone.xml/EmptyStatementNotInLoop"/>
  <rule ref="category/java/errorprone.xml/EmptySwitchStatements"/>
  <rule ref="category/java/errorprone.xml/EmptySynchronizedBlock"/>
  <rule ref="category/java/errorprone.xml/EmptyTryBlock"/>
  <rule ref="category/java/errorprone.xml/EmptyWhileStmt"/>
  <rule ref="category/java/errorprone.xml/JumbledIncrementer"/>
  <rule ref="category/java/errorprone.xml/MisplacedNullCheck"/>
  <rule ref="category/java/errorprone.xml/OverrideBothEqualsAndHashcode"/>
  <rule ref="category/java/errorprone.xml/ReturnFromFinallyBlock"/>
  <rule ref="category/java/errorprone.xml/UnconditionalIfStatement"/>
  <rule ref="category/java/errorprone.xml/UnnecessaryConversionTemporary"/>
  <rule ref="category/java/errorprone.xml/UnusedNullCheckInEquals"/>
  <rule ref="category/java/errorprone.xml/UselessOperationOnImmutable"/>
  <rule ref="category/java/errorprone.xml/CloseResource">

      <!-- When calling the store to close, PMD wants the full prefix before the call to the method to match, so let's try to use common var names for store ... -->
        <property name="closeTargets" value="releaseConnection,store.releaseConnection,closeQuietly,closeConnection,closeSafe,store.closeSafe,dataStore.closeSafe,getDataStore().closeSafe,close,closeResultSet,closeStmt,closeFinally,JDBCUtils.close"/>
	<property name="allowedResourceTypes" value="||||||||" />	    
  <rule ref="category/java/multithreading.xml/AvoidThreadGroup"/>
  <rule ref="category/java/multithreading.xml/DontCallThreadRun"/>
  <rule ref="category/java/multithreading.xml/DoubleCheckedLocking"/>
  <rule ref="category/java/performance.xml/BigIntegerInstantiation"/>
  <rule ref="category/java/performance.xml/BooleanInstantiation"/>
  <rule ref="category/java/performance.xml/ByteInstantiation"/>
  <rule ref="category/java/performance.xml/IntegerInstantiation"/>
  <rule ref="category/java/performance.xml/LongInstantiation"/>
  <rule ref="category/java/performance.xml/ShortInstantiation"/>
  <rule ref="category/java/performance.xml/StringInstantiation"/>
  <rule ref="category/java/performance.xml/UnnecessaryWrapperObjectCreation" />
  <rule name="wildcards" language="java" message="No Wildcard Imports" class="net.sourceforge.pmd.lang.rule.XPathRule">
      Don't use wildcard imports
      <property name="version" value="2.0"/>
      <property name="xpath">
  <rule ref="category/java/bestpractices.xml/UseCollectionIsEmpty" />
  <rule ref="category/java/design.xml/CognitiveComplexity">
      <property name="reportLevel" value="130"/>

In order to activate the PMD checks, use the -Ppmd profile.

PMD will fail the build in case of violation, reporting the specific errors before the build error message, and a reference to a XML file with the same information after it (example taken from GeoTools):

7322 [INFO] --- maven-pmd-plugin:3.11.0:check (default) @ gt-main ---
17336 [INFO] PMD Failure: Rule:SystemPrintln Priority:2 System.out.println is used.
17336 [INFO] PMD Failure: Rule:SystemPrintln Priority:2 System.out.println is used.
17337 [INFO] ------------------------------------------------------------------------
17337 [INFO] ------------------------------------------------------------------------
17338 [INFO] Total time:  16.727 s
17338 [INFO] Finished at: 2018-12-29T11:34:33+01:00
17338 [INFO] ------------------------------------------------------------------------
17340 [ERROR] Failed to execute goal org.apache.maven.plugins:maven-pmd-plugin:3.11.0:check (default) on project gt-main: You have 1 PMD violation. For more details see:       /home/yourUser/devel/git-gt/modules/library/main/target/pmd.xml -> [Help 1]
17340 [ERROR]

In case of parallel build, the specific error messages will be in the body of the build output, while the XML file reference will be at the end, search for PMD Failure in the build logs to find the specific code issues.

If you do have a PMD failure it is worth checking the pmd website which offers quite clear suggestions:

PMD false positive suppression

Occasionally PMD will report a false positive failure, for those it’s possible to annotate the method or the class in question with a SuppressWarnings using PMD.<RuleName, e.g. if the above error was actually a legit use of System.out.println it could have been annotated with:

public void methodDoingPrintln(...) {

PMD CloseResource checks

PMD can check for Closeable that are not getting property closed by the code, and report about it. PMD by default only checks for SQL related closeables, like “Connection,ResultSet,Statement”, but it can be instructed to check for more by configuration (do check the PMD configuration in build/qa/pmd-ruleset.xml.

The check is a bit fragile, in that there are multiple ways to close an object between direct calls, utilities and delegate methods. The configuration lists the type of methods, and the eventual prefix, that will be used to perform the close, for example:

<rule ref="category/java/errorprone.xml/CloseResource" >
        <property name="closeTargets" value="releaseConnection,store.releaseConnection,closeQuietly,closeConnection,closeSafe,store.closeSafe,dataStore.closeSafe,getDataStore().closeSafe,close,closeResultSet,closeStmt"/>

For closing delegates that use an instance object instead of a class static method, the variable name is included in the prefix, so some uninformity in variable names is required.

Error Prone

The Error Prone checker runs a compiler plugin, requiring at least a JDK 9 to run (hence the suggestion to use JDK 11, as the supported JDKs are currently only JDK 8 and JDK 11). Mind, running the profile with a JDK8 will result in a generic compile error!

In order to activate the Error Prone checks, use the “-Perrorprone” for JDK 11 builds, or “Perrorprone8” for JDK 8 builds.

Any failure to comply with the “Error Prone” rules will show up as a compile error in the build output, e.g. (example taken from GeoTools):

9476 [ERROR] Failed to execute goal org.apache.maven.plugins:maven-compiler-plugin:3.8.0:compile (default-compile) on project gt-coverage: Compilation failure
9476 [ERROR] /home/user/devel/git-gt/modules/library/coverage/src/main/java/org/geotools/image/[380,39] error: [IdentityBinaryExpression] A binary expression where both operands are the same is usually incorrect; the value of this expression is equivalent to `255`.
9477 [ERROR]     (see
9477 [ERROR]
9477 [ERROR] -> [Help 1]
org.apache.maven.lifecycle.LifecycleExecutionException: Failed to execute goal org.apache.maven.plugins:maven-compiler-plugin:3.8.0:compile (default-compile) on project gt-coverage: Compilation failure
/home/user/devel/git-gt/modules/library/coverage/src/main/java/org/geotools/image/[380,39] error: [IdentityBinaryExpression] A binary expression where both operands are the same is usually incorrect; the value of this expression is equivalent to `255`.

In case Error Prone is reporting an invalid error, the method or class in question can be annotated with SuppressWarnings with the name of the rule, e.g., to get rid of the above the following annotation could be used:



The Spotbugs checker runs as a post-compile bytecode analyzer.

Any failure to comply with the rules will show up as a compile error, e.g.:

33630 [ERROR] page could be null and is guaranteed to be dereferenced in org.geotools.swing.wizard.JWizard.setCurrentPanel(String) [org.geotools.swing.wizard.JWizard, org.geotools.swing.wizard.JWizard, org.geotools.swing.wizard.JWizard, org.geotools.swing.wizard.JWizard] Dereferenced at[line 278]Dereferenced at[line 269]Null value at[line 254]Known null at[line 255] NP_GUARANTEED_DEREF

It is also possible to run the spotbugs:gui goal to have a Swing based issue explorer, e.g.:

mvn spotbugs:gui -Pspotbugs -f wms

In case an invalid report is given, an annotation on the class/method/variable can be added to ignore it:


or if it’s a general one that should be ignored, the build/qa/spotbugs-exclude.xml file can be modified.

<!-- This file specifies a spotbugs filter for excluding reports that
     should not be considered errors.

     The format of this file is documented at:

     When possible, please specify the full names of the bug codes,
     using the pattern attribute, to make it clearer what reports are
     being suppressed.  You can find a listing of codes at:
    <!-- Won't use prepared statements, very bad performance for geospatial use cases -->
    <!-- Returns moslty false positives -->
        <Bug pattern="FE_FLOATING_POINT_EQUALITY"/>
    <!-- Too many cases where we have a semi-legit usage of same name -->
        <Bug pattern="NM_SAME_SIMPLE_NAME_AS_SUPERCLASS"/>
    <!-- False positives, might want to revisit later -->
    <!-- Annoying but not actually a bug per se, might want to revisit later -->
       <Bug pattern="MF_CLASS_MASKS_FIELD"/>
    <!-- False positives -->
      <Bug pattern="UWF_UNWRITTEN_FIELD"/>
    <!-- Too many false positives -->
    <!-- Too many false positives -->
    <!-- Too many false positives -->
      <Bug pattern="NP_BOOLEAN_RETURN_NULL"/>
    <!-- False positives under Java 11, see 
         and -->


Google Format is already in use to keep the code formatted, so Checkstyle is used mainly to verify javadocs errors and presence of copyright headers, which none of the other tools can cover.

Any failure to comply with the rules will show up as a compiler error in the build output, e.g.:

14610 [INFO] --- maven-checkstyle-plugin:3.0.0:check (default) @ gt-jdbc ---
15563 [INFO] There is 1 error reported by Checkstyle 6.18 with /home/aaime/devel/git-gs/build/qa/checkstyle.xml ruleset.
15572 [ERROR] wms/main/java/org/geoserver/wms/map/[325,8] (javadoc) JavadocMethod: Unused @param tag for 'foobar'.