Automatic Quality Assurance checks¶
The GeoServer builds on Github Actions and https://build.geoserver.org/ apply PMD and Error Prone checks on the code base and will fail the build in case of rule violation.
In case you want to just run the build with the full checks locally, use the following command:
mvn clean install -Dqa
Add extra parameters as you see fit, like -T1C -nsu
to speed up the build:
mvn install -Prelease -Dqa -T1C -nsu -fae
Flags documented below can be used to shut off individual QA checks when trouble shooting.
PMD checks¶
The PMD checks are based on source code analysis for common errors, we have configured PMD to check for common mistakes and bad practices such as accidentally including debug System.out.println()
statements in your commit.
<artifactId>maven-pmd-plugin</artifactId>
<version>3.24.0</version>
<executions>
<execution>
<goals>
<goal>check</goal>
</goals>
</execution>
</executions>
<dependencies>
<dependency>
<groupId>net.sourceforge.pmd</groupId>
<artifactId>pmd-core</artifactId>
<version>${pmd.version}</version>
</dependency>
<dependency>
<groupId>net.sourceforge.pmd</groupId>
<artifactId>pmd-java</artifactId>
<version>${pmd.version}</version>
</dependency>
<dependency>
<groupId>net.sourceforge.pmd</groupId>
<artifactId>pmd-javascript</artifactId>
<version>${pmd.version}</version>
</dependency>
<dependency>
<groupId>net.sourceforge.pmd</groupId>
<artifactId>pmd-jsp</artifactId>
<version>${pmd.version}</version>
</dependency>
</dependencies>
<configuration>
<rulesets>
<ruleset>${geoserverBaseDir}/../build/qa/pmd-ruleset.xml</ruleset>
<ruleset>${geoserverBaseDir}/../build/qa/pmd-junit-ruleset.xml</ruleset>
</rulesets>
<failurePriority>3</failurePriority>
<minimumPriority>3</minimumPriority>
<verbose>true</verbose>
<printFailingErrors>true</printFailingErrors>
<includeTests>true</includeTests>
<excludeRoots>
<excludeRoot>target/generated-sources</excludeRoot>
</excludeRoots>
</configuration>
Rules are configured in our build build/qa/pmd-ruleset.xml:
<rule ref="category/java/bestpractices.xml/AvoidUsingHardCodedIP"/>
<rule ref="category/java/bestpractices.xml/CheckResultSet"/>
<rule ref="category/java/bestpractices.xml/UnusedLocalVariable"/>
<rule ref="category/java/bestpractices.xml/UnusedPrivateField"/>
<rule ref="category/java/bestpractices.xml/UnusedPrivateMethod"/>
<rule ref="category/java/bestpractices.xml/SystemPrintln"/>
<rule ref="category/java/bestpractices.xml/ForLoopCanBeForeach" />
<rule ref="category/java/bestpractices.xml/UseTryWithResources" >
<description>
Use try-with-resources to avoid memory / resources leaks.
</description>
<properties>
<!-- The rule reports false positives for closeable arguments that are used -->
<!-- closed within the method body. This suppression tries to avoid false positives for -->
<!-- this case, until we can switch to Java 9 and just use try(variable) {...} without -->
<!-- the need to instantiate the variable in the try -->
<property name="violationSuppressXPath">
<value>
<![CDATA[
./FinallyStatement//Name[
substring-after(@Image, '.') = 'close' or
substring-after(@Image, '.') = 'closeQuietly'
]
[ pmd-java:typeIs('java.lang.AutoCloseable') and
fn:substring-before(@Image, '.') = ancestor::MethodDeclaration/MethodDeclarator//VariableDeclaratorId/@Name
]
]]>
</value>
</property>
</properties>
</rule>
<rule ref="category/java/bestpractices.xml/ReplaceHashtableWithMap" />
<rule ref="category/java/bestpractices.xml/ReplaceVectorWithList" />
<rule ref="category/java/bestpractices.xml/AvoidPrintStackTrace" />
<rule ref="category/java/bestpractices.xml/MissingOverride" />
<rule ref="category/java/bestpractices.xml/UseStandardCharsets" />
<rule ref="category/java/performance.xml/UseArrayListInsteadOfVector" />
<rule ref="category/java/codestyle.xml/ExtendsObject"/>
<rule ref="category/java/codestyle.xml/ForLoopShouldBeWhileLoop"/>
<rule ref="category/java/codestyle.xml/UnnecessaryFullyQualifiedName"/>
<rule ref="category/java/codestyle.xml/UseDiamondOperator" />
<rule ref="category/java/codestyle.xml/UnnecessaryReturn"/>
<rule ref="category/java/codestyle.xml/UselessParentheses"/>
<rule ref="category/java/codestyle.xml/UselessQualifiedThis"/>
<rule ref="category/java/codestyle.xml/UnnecessaryCast" />
<rule ref="category/java/codestyle.xml/IdenticalCatchBranches" />
<rule ref="category/java/codestyle.xml/UseShortArrayInitializer" />
<rule ref="category/java/codestyle.xml/UnnecessaryImport" />
<rule ref="category/java/codestyle.xml/EmptyControlStatement"/>
<rule ref="category/java/codestyle.xml/UnnecessarySemicolon"/>
<rule ref="category/java/errorprone.xml/AvoidDecimalLiteralsInBigDecimalConstructor"/>
<rule ref="category/java/errorprone.xml/AvoidMultipleUnaryOperators"/>
<rule ref="category/java/errorprone.xml/AvoidUsingOctalValues"/>
<rule ref="category/java/errorprone.xml/BrokenNullCheck"/>
<rule ref="category/java/errorprone.xml/CheckSkipResult"/>
<rule ref="category/java/errorprone.xml/ClassCastExceptionWithToArray"/>
<rule ref="category/java/errorprone.xml/DontUseFloatTypeForLoopIndices"/>
<rule ref="category/java/errorprone.xml/JumbledIncrementer"/>
<rule ref="category/java/errorprone.xml/MisplacedNullCheck"/>
<rule ref="category/java/errorprone.xml/OverrideBothEqualsAndHashcode"/>
<rule ref="category/java/errorprone.xml/ReturnFromFinallyBlock"/>
<rule ref="category/java/errorprone.xml/UnconditionalIfStatement"/>
<rule ref="category/java/errorprone.xml/UnnecessaryConversionTemporary"/>
<rule ref="category/java/errorprone.xml/UnusedNullCheckInEquals"/>
<rule ref="category/java/errorprone.xml/UselessOperationOnImmutable"/>
<rule ref="category/java/errorprone.xml/CloseResource">
<properties>
<!-- When calling the store to close, PMD wants the full prefix before the call to -->
<!-- the method to match, so let's try to use common var names for store ... -->
<property name="closeTargets" value="releaseConnection,store.releaseConnection,closeQuietly,closeConnection,closeSafe,store.closeSafe,dataStore.closeSafe,getDataStore().closeSafe,close,closeResultSet,closeStmt,closeFinally,JDBCUtils.close,closeFileSystem"/>
<property name="allowedResourceTypes" value="java.io.ByteArrayOutputStream,java.io.ByteArrayInputStream,java.io.StringWriter,java.io.CharArrayWriter,java.util.stream.Stream,java.util.stream.IntStream,java.util.stream.LongStream,java.util.stream.DoubleStream,java.io.StringReader,org.apache.commons.vfs2.FileSystemManager" />
</properties>
</rule>
<rule ref="category/java/multithreading.xml/AvoidThreadGroup"/>
<rule ref="category/java/multithreading.xml/DontCallThreadRun"/>
<rule ref="category/java/multithreading.xml/DoubleCheckedLocking"/>
<rule ref="category/java/performance.xml/BigIntegerInstantiation"/>
<rule ref="category/java/bestpractices.xml/PrimitiveWrapperInstantiation"/>
<rule ref="category/java/performance.xml/StringInstantiation"/>
<rule name="wildcards" language="java" message="No Wildcard Imports" class="net.sourceforge.pmd.lang.rule.xpath.XPathRule">
<description>
Don't use wildcard imports
</description>
<priority>3</priority>
<properties>
<property name="xpath">
<value><![CDATA[
//ImportDeclaration[@ImportedName=@PackageName]
]]></value>
</property>
</properties>
</rule>
<rule ref="category/java/bestpractices.xml/UseCollectionIsEmpty" />
<rule ref="category/java/design.xml/CognitiveComplexity">
<properties>
<property name="reportLevel" value="130"/>
</properties>
</rule>
In order to activate the PMD checks, use the -Ppmd
profile:
mvn verify -Ppmd
Or run pmd:check (requires use of initialize
to locate geoserverBaseDir/build/qa/pmd-ruleset.xml):
mvn initialize pmd:check -Ppmd
PMD will fail the build in case of violation, reporting the specific errors before the build error message, and a reference to a XML file with the same information after it (example taken from GeoTools):
7322 [INFO] --- maven-pmd-plugin:3.11.0:check (default) @ gt-main ---
17336 [INFO] PMD Failure: org.geotools.data.DataStoreAdaptor:98 Rule:SystemPrintln Priority:2 System.out.println is used.
17336 [INFO] PMD Failure: org.geotools.data.DataStoreAdaptor:98 Rule:SystemPrintln Priority:2 System.out.println is used.
17337 [INFO] ------------------------------------------------------------------------
17337 [INFO] BUILD FAILURE
17337 [INFO] ------------------------------------------------------------------------
17338 [INFO] Total time: 16.727 s
17338 [INFO] Finished at: 2018-12-29T11:34:33+01:00
17338 [INFO] ------------------------------------------------------------------------
17340 [ERROR] Failed to execute goal org.apache.maven.plugins:maven-pmd-plugin:3.11.0:check (default) on project gt-main: You have 1 PMD violation. For more details see: /home/yourUser/devel/git-gt/modules/library/main/target/pmd.xml -> [Help 1]
17340 [ERROR]
In case of parallel build, the specific error messages will be in the body of the build output, while the XML file reference will be at the end, search for PMD Failure
in the build logs to find the specific code issues.
If you do have a PMD failure it is worth checking the pmd website which offers quite clear suggestions:
PMD false positive suppression¶
Occasionally PMD will report a false positive failure, for those it’s possible to annotate the method
or the class in question with a SuppressWarnings using PMD.<RuleName
, e.g. if the above error
was actually a legit use of System.out.println
it could have been annotated with:
@SuppressWarnings("PMD.SystemPrintln")
public void methodDoingPrintln(...) {
PMD CloseResource checks¶
PMD can check for Closeable that are not getting property closed by the code, and report about it.
PMD by default only checks for SQL related closeables, like “Connection,ResultSet,Statement”, but it
can be instructed to check for more by configuration (do check the PMD configuration in
build/qa/pmd-ruleset.xml
.
The check is a bit fragile, in that there are multiple ways to close an object between direct calls, utilities and delegate methods. The configuration lists the type of methods, and the eventual prefix, that will be used to perform the close, for example:
<rule ref="category/java/errorprone.xml/CloseResource" >
<properties>
<property name="closeTargets" value="releaseConnection,store.releaseConnection,closeQuietly,closeConnection,closeSafe,store.closeSafe,dataStore.closeSafe,getDataStore().closeSafe,close,closeResultSet,closeStmt"/>
</properties>
</rule>
For closing delegates that use an instance object instead of a class static method, the variable name is included in the prefix, so some uninformity in variable names is required.
Error Prone¶
The Error Prone checker runs a compiler plugin.
In order to activate the Error Prone checks, use the “-Perrorprone”:
<id>errorprone</id>
<activation>
<property>
<name>qa</name>
</property>
</activation>
<build>
<plugins>
<plugin>
<artifactId>maven-compiler-plugin</artifactId>
<configuration>
<fork>false</fork>
<compilerArgs>
<arg>-XDcompilePolicy=simple</arg>
<arg>-Xplugin:ErrorProne -XepExcludedPaths:\Q${project.build.directory}\E.* ${errorProneFlags}</arg>
<arg>-Xlint:${lint}</arg>
<arg>-Werror</arg>
<arg>-Xmaxwarns</arg>
<arg>1000</arg>
</compilerArgs>
<annotationProcessorPaths>
<path>
<groupId>com.google.errorprone</groupId>
<artifactId>error_prone_core</artifactId>
<version>${errorProne.version}</version>
</path>
</annotationProcessorPaths>
</configuration>
</plugin>
</plugins>
</build>
Any failure to comply with the “Error Prone” rules will show up as a compile error in the build output, e.g. (example taken from GeoTools):
9476 [ERROR] Failed to execute goal org.apache.maven.plugins:maven-compiler-plugin:3.8.0:compile (default-compile) on project gt-coverage: Compilation failure
9476 [ERROR] /home/user/devel/git-gt/modules/library/coverage/src/main/java/org/geotools/image/ImageWorker.java:[380,39] error: [IdentityBinaryExpression] A binary expression where both operands are the same is usually incorrect; the value of this expression is equivalent to `255`.
9477 [ERROR] (see https://errorprone.info/bugpattern/IdentityBinaryExpression)
9477 [ERROR]
9477 [ERROR] -> [Help 1]
org.apache.maven.lifecycle.LifecycleExecutionException: Failed to execute goal org.apache.maven.plugins:maven-compiler-plugin:3.8.0:compile (default-compile) on project gt-coverage: Compilation failure
/home/user/devel/git-gt/modules/library/coverage/src/main/java/org/geotools/image/ImageWorker.java:[380,39] error: [IdentityBinaryExpression] A binary expression where both operands are the same is usually incorrect; the value of this expression is equivalent to `255`.
(see https://errorprone.info/bugpattern/IdentityBinaryExpression)
In case Error Prone is reporting an invalid error, the method or class in question can be annotated with SuppressWarnings with the name of the rule, e.g., to get rid of the above the following annotation could be used:
@SuppressWarnings("IdentityBinaryExpression")
Spotbugs¶
The Spotbugs checker runs as a post-compile bytecode analyzer.
<groupId>com.github.spotbugs</groupId>
<artifactId>spotbugs-maven-plugin</artifactId>
<version>4.7.3.4</version>
<executions>
<execution>
<goals>
<goal>check</goal>
</goals>
</execution>
</executions>
<configuration>
<effort>More</effort>
<!--threshold>High</threshold-->
<xmlOutput>true</xmlOutput>
<maxRank>15</maxRank>
<excludeFilterFile>${geoserverBaseDir}/../build/qa/spotbugs-exclude.xml</excludeFilterFile>
</configuration>
Any failure to comply with the rules will show up as a compile error, e.g.:
33630 [ERROR] page could be null and is guaranteed to be dereferenced in org.geotools.swing.wizard.JWizard.setCurrentPanel(String) [org.geotools.swing.wizard.JWizard, org.geotools.swing.wizard.JWizard, org.geotools.swing.wizard.JWizard, org.geotools.swing.wizard.JWizard] Dereferenced at JWizard.java:[line 278]Dereferenced at JWizard.java:[line 269]Null value at JWizard.java:[line 254]Known null at JWizard.java:[line 255] NP_GUARANTEED_DEREF
It is also possible to run the spotbugs:gui goal to have a Swing based issue explorer, e.g.:
mvn spotbugs:gui -Pspotbugs -f wms
In case an invalid report is given, an annotation on the class/method/variable can be added to ignore it:
@SuppressFBWarnings("NP_GUARANTEED_DEREF")
or if it’s a general one that should be ignored, the build/qa/spotbugs-exclude.xml file can be modified.
<!-- This file specifies a spotbugs filter for excluding reports that
should not be considered errors.
The format of this file is documented at:
https://spotbugs.readthedocs.io/en/latest/filter.html
When possible, please specify the full names of the bug codes,
using the pattern attribute, to make it clearer what reports are
being suppressed. You can find a listing of codes at:
https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html
-->
<FindBugsFilter>
<!-- Won't use prepared statements, very bad performance for geospatial use cases -->
<Match>
<Bug pattern="SQL_NONCONSTANT_STRING_PASSED_TO_EXECUTE"/>
</Match>
<Match>
<Bug pattern="SQL_PREPARED_STATEMENT_GENERATED_FROM_NONCONSTANT_STRING"/>
</Match>
<!-- Returns moslty false positives -->
<Match>
<Bug pattern="FE_FLOATING_POINT_EQUALITY"/>
</Match>
<!-- Too many cases where we have a semi-legit usage of same name -->
<Match>
<Bug pattern="NM_SAME_SIMPLE_NAME_AS_SUPERCLASS"/>
</Match>
<!-- False positives, might want to revisit later -->
<Match>
<Bug pattern="EC_UNRELATED_TYPES_USING_POINTER_EQUALITY"/>
</Match>
<!-- Annoying but not actually a bug per se, might want to revisit later -->
<Match>
<Bug pattern="MF_CLASS_MASKS_FIELD"/>
</Match>
<!-- False positives -->
<Match>
<Bug pattern="UWF_UNWRITTEN_FIELD"/>
</Match>
<!-- Too many false positives -->
<Match>
<Bug pattern="CN_IMPLEMENTS_CLONE_BUT_NOT_CLONEABLE"/>
</Match>
<!-- Too many false positives -->
<Match>
<Bug pattern="NP_NULL_ON_SOME_PATH_MIGHT_BE_INFEASIBLE"/>
</Match>
<!-- Too many false positives -->
<Match>
<Bug pattern="NP_BOOLEAN_RETURN_NULL"/>
</Match>
<!-- False positives under Java 11, see https://github.com/spotbugs/spotbugs/issues/878
and https://github.com/spotbugs/spotbugs/issues/756 -->
<Match>
<Bug pattern="RCN_REDUNDANT_NULLCHECK_WOULD_HAVE_BEEN_A_NPE"/>
</Match>
</FindBugsFilter>
Spotless¶
Spotless is used as a fast way to check that the google-java-format is being applied to the codebase.
<groupId>com.diffplug.spotless</groupId>
<artifactId>spotless-maven-plugin</artifactId>
<version>2.22.1</version>
<executions>
<execution>
<phase>validate</phase>
<goals>
<goal>${spotless.action}</goal>
</goals>
</execution>
</executions>
<configuration>
<java>
<googleJavaFormat>
<version>1.7</version>
<style>AOSP</style>
</googleJavaFormat>
</java>
<upToDateChecking>
<enabled>true</enabled>
<indexFile>${project.basedir}/.spotless-index</indexFile>
</upToDateChecking>
</configuration>
This has been setup for incremental checking, with hidden .spotless-index
files used determine
when files were last checked.
To run the plugin directly:
mvn spotless:apply
When using check
any failure to comply with the rules will show up as a compiler error in the build output.
mvn spotless:check
When verifying spotless.action
is used to choose apply
or check
(defaults to apply
):
mvn verify -Dqa -Dspotless.action=check
Property spotless.apply.skip
is used to skip spotless plugin when running qa
build:
mvn clean install -Dqa -Dspotless.apply.skip=true
Sortpom¶
Sortpom is used to keep the pom.xml
files formatting consistent:
<groupId>com.github.ekryd.sortpom</groupId>
<artifactId>sortpom-maven-plugin</artifactId>
<version>2.15.0</version>
<executions>
<execution>
<phase>verify</phase>
<goals>
<goal>${pom.fmt.action}</goal>
</goals>
</execution>
</executions>
<configuration>
<skip>${pom.fmt.skip}</skip>
<keepBlankLines>true</keepBlankLines>
<spaceBeforeCloseEmptyElement>false</spaceBeforeCloseEmptyElement>
<createBackupFile>false</createBackupFile>
<verifyFail>stop</verifyFail>
<verifyFailOn>strict</verifyFailOn>
</configuration>
The plugin is attached to verification phase to sort pom.xml
files.
To run the plugin directly:
mvn sortpom:sort
Verification checks if (ignoring whitespace changes) is the current pom.xml
in the correct order:
mvn sortpom:verify
Property pom.fmt.action
is used to choose sort
or verify
(defaults to sort
):
mvn verify -Dqa -Dpom.fmt.action=verify
Property pom.fmt.skip
used to skip sortpom plugin when running qa
build (defaults to spotless.apply.skip
setting):
mvn clean install -Dqa -Dpom.fmt.skip=true
Checkstyle¶
Spotless is already in use to keep the code formatted, so maven checkstyle plugin is used mainly to verify javadocs errors and presence of copyright headers, which none of the other tools can cover.
<artifactId>maven-checkstyle-plugin</artifactId>
<version>3.1.1</version>
<executions>
<execution>
<goals>
<goal>check</goal>
</goals>
</execution>
</executions>
<configuration>
<encoding>UTF-8</encoding>
<logViolationsToConsole>true</logViolationsToConsole>
<!-- ignore generated classes, e.g., javacc ones -->
<sourceDirectories>${project.build.sourceDirectory}</sourceDirectories>
<skip>${checkstyle.skip}</skip>
<configLocation>${geoserverBaseDir}/../build/qa/checkstyle.xml</configLocation>
</configuration>
The checkstyle ruleset checks the following:
<module name="Checker">
<property name="severity" value="error"/>
<module name="TreeWalker">
<module name="JavadocMethod">
<property name="allowMissingParamTags" value="true"/>
<property name="allowMissingReturnTag" value="true"/>
</module>
<module name="ArrayTypeStyle"/>
</module>
<module name="RegexpHeader">
<property name="multiLines" value="2,3"/> <!-- Allows to have other copyrights, see line 2 and 3 of the regexp -->
<property name="header" value="^/\* (Copyright\s*)?\(c\) \d{4}(\s*-\s*\d{4})? Open Source Geospatial Foundation - all rights reserved$\n^
\* (Copyright\s*)?\(c\).*$\n^
\*$\n^
\* This code is licensed under the GPL 2.0 license, available at the root$\n^
\* application directory.$\n^
\*"/>
<property name="fileExtensions" value="java"/>
</module>
<module name="RegexpSingleline">
<property name="format" value="^\s{60}"/>
<property name="message" value="Excessive nesting found. Please try to factor out the deeply nested code in a separate method or class"/>
<property name="minimum" value="0"/>
<property name="maximum" value="1"/>
<property name="fileExtensions" value="java"/>
</module>
</module>
To run the plugin directly:
mvn initialize checkstyle:check