Try out error_prone and write about it in the wiki

[jwlibby]

This is part of the #462 epic on plugins for quality.
Note: error_prone is a replacement for the stock JDK javac as a plugin to the JDK compiler

Try out error_prone and see what you think. When evaluating refer to the questions in #462 and upon completion add your pros and cons for this plugin as a comment to the aforementioned story. Plugin link: error-prone.

error_prone should fail many of the problems spotted by CodeQL and security/quality plugins, but fail them during compile. This is part of "security/quality in depth": if one tool doesn't catch concerns, another tool might.

This is a good topic for the "Going Further" section in Use static analysis. That page does not have more (yet) for folks to do in improving the compilation part of their build.

Note, this problem showed up: https://stackoverflow.com/questions/69439506/no-processor-claimed-any-of-these-annotations

Write about it in the wiki
Look for a badge

[jwlibby]

• What is the license? Apache 2.0
• Does the plugin work with both Gradle and Maven? Yes, but complicated: Gradle needs a 3rd-party plugin
• What IDEs have add-ons for the tool? IntelliJ, eclipse
• How does this mesh with Checkstyle? Or can the plugin replace Checkstyle? Identifies different problems
• Can the plugin automatically reformat the code as part of the local build process? no
• If code is reformatted before pushing, how will the programmer be aware of this? n/a
• Does the plugin have good backward/forward compatibility and adaptability to different versions of the language, its dependencies and the runtime environment (jvm)? Doesn’t work out of the box w 21, have to add special jvm compiler directives
• Is the plugin configurable in its rules to meet my team standards?
  • Book tries to be agnostic on most things. An existing example is the checkstyle settings in config/checkstyle/*. Some coarse grained configuration
• Other notes
  • Gradle build fails due to insufficient test coverage, but maven doesn’t, why?