Re: [Codenarc-developer] A M.Sc. thesis on CodeNarc (in progress) - any suggestions?
Brought to you by:
chrismair
Menu
▾
▴
Re: [Codenarc-developer] A M.Sc. thesis on CodeNarc (in progress) - any suggestions?
|
From: Hamlet D. <ham...@ca...> - 2013-03-19 06:03:37
|
What statistic could we collect that would event ually lead us to make Codenarc a better product? -- Hamlet D'Arcy ham...@ca... ----- Original Message ----- > Hamlet, I believe you wanted this on the mailing list as well :) > On 18 March 2013 09:38, Hamlet D'Arcy < ham...@gm... > wrote: > > One of the features of Groovy 2.0 is the static typing option. > > Supposedly, the static types of variables, parameters, and fields > > are now somewhere in the AST. I don't know for sure how reliable > > the > > data is, but my expectation is that if we find a bug or missing > > type > > information that the Groovy team would consider it a defect and fix > > the issue. So it is sort of a safe feature to use. > > > Someone correct me if I am wrong, but I believe that CodeNarc is > > not > > currently using this data during analysis. I recommend working on > > using this new type information to drive rules. > > Thanks for the idea! I guess, however, that this would demand > migrating CodeNarc to groovy 2.0 or later? Will CodeNarc-dependent > libs be ok with that? > > You will have to look through other products' rulesets and just > > pick > > out some rules that require advanced type information. For example, > > there might be a rule named "don't do X on a File object". In the > > past we never knew if a parameter or variable was really a File so > > we could not write the rule. But with Groovy 2.0 we do know. A real > > example, is don't call File.getText() within a loop because it > > would > > read the entire contents of a file into a String on every > > iteration. > > Here are some rulesets from other products: > > > * http://www.hpenterprisesecurity.com/vulncat/en/vulncat/index.html > > > * > > http://www.klocwork.com/products/documentation/current/Java_checker_reference > > > * > > https://www.securecoding.cert.org/confluence/display/java/The+CERT+Oracle+Secure+Coding+Standard+for+Java > > > * http://pmd.sourceforge.net/pmd-5.0.2/rules/index.html > > > * http://findbugs.sourceforge.net/bugDescriptions.html > > > Good luck! > > Thanks! > What do you think about the stats collection idea? Do you have any > info on adoption of new versions of CodeNarc? > Best regards, > Artur Gajowy > ------------------------------------------------------------------------------ > Everyone hates slow websites. So do we. > Make your web apps faster with AppDynamics > Download AppDynamics Lite for free today: > http://p.sf.net/sfu/appdyn_d2d_mar > _______________________________________________ > Codenarc-developer mailing list > Cod...@li... > https://lists.sourceforge.net/lists/listinfo/codenarc-developer |
