I like the idea to have a centralized single solution for static code analysis. I’d like to introduce it to my company department. However, a minimum set of Java rules is required to do so. This is because we are primarily using Eclipse as an IDE and make good use of the static code analysis rules offered by the Java Development Tool (JDT). By default, only some of them are enabled, but more can be activated under Window>Preferences>Java>Compiler>Errors/Warnings. I tested both SonarLint and SonarQube against these rules and was kind of disappointed that quite some important cases are not detected. Some of them are the following (names are the official ones of the rules):
Indirect access to static member
Access to a non-accessible member of an enclosing type (Here I’d rather like to have “Access to a non-accessible member of a NESTED type” only, but the JDT detects both)
Unlikely argument type for collection methods using Object
Incomplete switch cases on enum
Potential resource leak
Usage of raw type
Unchecked generic type operation
Type parameter hides another type
Missing synchronized modifier on inherited method
Unqualified access to instance field
Resource not managed with try-with-resource
Hidden catch block
Unnecessary cast or instanceof operation
Redundant null check
Potential null pointer access
Method can potentially be static
Documentation can be found here http://help.eclipse.org/photon/index.jsp under Java Development User Guide > Reference > Preferences > Java > Compiler > Errors/Warnings.
Are there any plans to pick up more rules from Eclipse? Again, it would be a minimum requirement for our department.
We don’t have a plan in itself to cover the rules already covered by Eclipse mainly because they are already there so normally they are already followed and fixed by developers. We generally re-implement rules when we believe we can provide better results. I believe that’s the case for the NPE detection one for example.
That said, I looked at what you would expect to find in SonarLint / SonarQube and I think we already cover some of them:
So, from your list, I think we need to look at this remaining items and see if there is a high value to implement them in SonarLint/SonarQube:
Indirect access to static member
Access to a non-accessible member of an enclosing type (Here I’d rather like to have “Access to a non-accessible member of a NESTED type” only, but the JDT detects both)
Unlikely argument type for collection methods using Object
In all cases, that should not prevent you to starting using SonarLint/SonarQube and take advantage of the 498 rules provided by SonarJava.
If you want to help us in this effort to re-implement these rules, you are welcome. In that case, we will need for each of them the following information:
a description explaining why this important to catch this problem - what bad can happen if the developer is not fixing it
Thanks for you reply. I have rechecked all the mentioned rules, created a minimal example for each case which is still missing in SonarJava and created new topics for them. This post can now be deleted if wished.