[jboss-dev] FindBugs Reports

David M. Lloyd david.lloyd at redhat.com
Thu Oct 1 12:45:26 EDT 2009 

So that you can have findbugs configured to be quite sensitive, but also be 
able to silence false alarms (with an explanation).

- DML

On 10/01/2009 11:34 AM, Anil Saldhana wrote:
> And why would you decorate your source code with FindBugs specific
> annotations?
>
> Kabir Khan wrote:
>> Sorry, yes I meant maven
>> On 1 Oct 2009, at 17:19, Paul Gier wrote:
>>
>>
>>> You mean in our Maven repo?  Sure, I can add it today.
>>>
>>> Kabir Khan wrote:
>>>
>>>> Paul,
>>>> Can we get the latest findbugs plugin in our svn please?
>>>> On 30 Sep 2009, at 14:50, Anil Saldhana wrote:
>>>>
>>>>> AndyM was saying that before log trace call is finally written to
>>>>> the
>>>>> sink, there is some overhead in creating objects etc which are just
>>>>> thrown away if trace is not enabled.  So rather than figure out
>>>>> whether
>>>>> trace is enabled upfront, log4j does this check at the time of
>>>>> writing
>>>>> after having done some processing.
>>>>>
>>>>> David M. Lloyd wrote:
>>>>>
>>>>>> Sometimes.  But doing:
>>>>>>
>>>>>>   log.trace("foo");
>>>>>>
>>>>>> is faster than:
>>>>>>
>>>>>>   if (log.isTraceEnabled()) log.trace("foo");
>>>>>>
>>>>>> because there's no computation involved in the log parameter, so
>>>>>> it's just
>>>>>> a plain method call, and the internal impl will do the same check
>>>>>> anyway.
>>>>>>
>>>>>> - DML
>>>>>>
>>>>>> On 09/29/2009 10:53 AM, Anil Saldhana wrote:
>>>>>>
>>>>>>
>>>>>>> Additionally, as we discussed, flagging log.trace/debug without
>>>>>>> the
>>>>>>> log.isTraceEnabled/debugEnabled wrappers.  That may be a feature.
>>>>>>>
>>>>>>> Jesper Pedersen wrote:
>>>>>>>
>>>>>>>
>>>>>>>> http://findbugs.sourceforge.net/bugDescriptions.html
>>>>>>>>
>>>>>>>> looks for doPrivileged in the descriptions.
>>>>>>>>
>>>>>>>>
>>>>>>>> On Tuesday 29 September 2009 11:46:36 Anil Saldhana wrote:
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>> I am wondering if FindBugs does flag the lack of privileged
>>>>>>>>> blocks
>>>>>>>>> around sensitive ops such as loadClass, setTCCL etc?  I cannot
>>>>>>>>> find any
>>>>>>>>> reference online.
>>>>>>>>>
>>>>>>>>> David M. Lloyd wrote:
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>> Does FindBugs support using @SuppressWarnings() or similar?
>>>>>>>>>> This is what
>>>>>>>>>> I do with IDEA and it works well.  I use @SuppressWarnings
>>>>>>>>>> (on classes,
>>>>>>>>>> members, or local var declarations) or "//noinspection" for
>>>>>>>>>> other cases,
>>>>>>>>>> and then add a comment beforehand explaining why the problem
>>>>>>>>>> isn't really
>>>>>>>>>> a problem.
>>>>>>>>>>
>>>>>>>>>> - DML
>>>>>>>>>>
>>>>>>>>>> On 09/29/2009 08:38 AM, Jesper Pedersen wrote:
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>> Hi.
>>>>>>>>>>>
>>>>>>>>>>> Please, add a FindBugs filter file to the configuration
>>>>>>>>>>> where we can add
>>>>>>>>>>> exclusions - f.ex. org.jfree (unless someone wants to submit
>>>>>>>>>>> patches
>>>>>>>>>>> upstream).
>>>>>>>>>>>
>>>>>>>>>>> Feel free to rip the JBJCA setup :)
>>>>>>>>>>>
>>>>>>>>>>> Best regards,
>>>>>>>>>>>   Jesper
>>>>>>>>>>>
>>>>>>>>>>> On Monday 28 September 2009 22:33:22 Shelly McGowan wrote:
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>> I've published the FindBugs report set up by the JBoss QA
>>>>>>>>>>>> team run
>>>>>>>>>>>> against JBoss AS. The reports can be viewed here:
>>>>>>>>>>>>
>>>>>>>>>>>> http://hudson.jboss.org/hudson/view/JBoss%20AS/job/JBoss-AS-6.0.x-findb
>>>>>>>>>>>> ugs/ 8/findbugsResult
>>>>>>>>>>>>
>>>>>>>>>>>> This report shows a total of 5675 warnings, 877 of which are
>>>>>>>>>>>> categorized as High Priority.
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>> The report for Branch_5_x can be viewed here:
>>>>>>>>>>>>
>>>>>>>>>>>> http://hudson.jboss.org/hudson/view/JBoss%20AS/job/JBoss-AS-5.x-findbug
>>>>>>>>>>>> s/2/ findbugsResult/
>>>>>>>>>>>>
>>>>>>>>>>>> The Branch_5_x report has 6089 warnings, 977 High Priority.
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>> These issues should be addressed when committing to trunk or
>>>>>>>>>>>> Branch_5_x. Take time out to look at the report data.  Most
>>>>>>>>>>>> of the
>>>>>>>>>>>> warnings can be easily addressed.
>>>>>>>>>>>>
>>>>>>>>>>>> I've started a parent JIRA task for tracking:
>>>>>>>>>>>>
>>>>>>>>>>>> https://jira.jboss.org/jira/browse/JBAS-7295
>>>>>>>>>>>>
>>>>>>>>>>>> and will create subtasks as needed after additional review
>>>>>>>>>>>> of the
>>>>>>>>>>>> report data.
> _______________________________________________
> jboss-development mailing list
> jboss-development at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/jboss-development

More information about the jboss-development mailing list