[jboss-dev] FindBugs Reports

Anil Saldhana Anil.Saldhana at redhat.com
Thu Oct 1 13:30:37 EDT 2009 

I was asking because now the source will have a dependence on FindBugs 
at compile time?  I understand the "suppresswarning" intent.

David M. Lloyd wrote:
> So that you can have findbugs configured to be quite sensitive, but also be 
> able to silence false alarms (with an explanation).
>
> - DML
>
> On 10/01/2009 11:34 AM, Anil Saldhana wrote:
>   
>> And why would you decorate your source code with FindBugs specific
>> annotations?
>>
>> Kabir Khan wrote:
>>     
>>> Sorry, yes I meant maven
>>> On 1 Oct 2009, at 17:19, Paul Gier wrote:
>>>
>>>
>>>       
>>>> You mean in our Maven repo?  Sure, I can add it today.
>>>>
>>>> Kabir Khan wrote:
>>>>
>>>>         
>>>>> Paul,
>>>>> Can we get the latest findbugs plugin in our svn please?
>>>>> On 30 Sep 2009, at 14:50, Anil Saldhana wrote:
>>>>>
>>>>>           
>>>>>> AndyM was saying that before log trace call is finally written to
>>>>>> the
>>>>>> sink, there is some overhead in creating objects etc which are just
>>>>>> thrown away if trace is not enabled.  So rather than figure out
>>>>>> whether
>>>>>> trace is enabled upfront, log4j does this check at the time of
>>>>>> writing
>>>>>> after having done some processing.
>>>>>>
>>>>>> David M. Lloyd wrote:
>>>>>>
>>>>>>             
>>>>>>> Sometimes.  But doing:
>>>>>>>
>>>>>>>   log.trace("foo");
>>>>>>>
>>>>>>> is faster than:
>>>>>>>
>>>>>>>   if (log.isTraceEnabled()) log.trace("foo");
>>>>>>>
>>>>>>> because there's no computation involved in the log parameter, so
>>>>>>> it's just
>>>>>>> a plain method call, and the internal impl will do the same check
>>>>>>> anyway.
>>>>>>>
>>>>>>> - DML
>>>>>>>
>>>>>>> On 09/29/2009 10:53 AM, Anil Saldhana wrote:
>>>>>>>
>>>>>>>
>>>>>>>               
>>>>>>>> Additionally, as we discussed, flagging log.trace/debug without
>>>>>>>> the
>>>>>>>> log.isTraceEnabled/debugEnabled wrappers.  That may be a feature.
>>>>>>>>
>>>>>>>> Jesper Pedersen wrote:
>>>>>>>>
>>>>>>>>
>>>>>>>>                 
>>>>>>>>> http://findbugs.sourceforge.net/bugDescriptions.html
>>>>>>>>>
>>>>>>>>> looks for doPrivileged in the descriptions.
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> On Tuesday 29 September 2009 11:46:36 Anil Saldhana wrote:
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>                   
>>>>>>>>>> I am wondering if FindBugs does flag the lack of privileged
>>>>>>>>>> blocks
>>>>>>>>>> around sensitive ops such as loadClass, setTCCL etc?  I cannot
>>>>>>>>>> find any
>>>>>>>>>> reference online.
>>>>>>>>>>
>>>>>>>>>> David M. Lloyd wrote:
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>                     
>>>>>>>>>>> Does FindBugs support using @SuppressWarnings() or similar?
>>>>>>>>>>> This is what
>>>>>>>>>>> I do with IDEA and it works well.  I use @SuppressWarnings
>>>>>>>>>>> (on classes,
>>>>>>>>>>> members, or local var declarations) or "//noinspection" for
>>>>>>>>>>> other cases,
>>>>>>>>>>> and then add a comment beforehand explaining why the problem
>>>>>>>>>>> isn't really
>>>>>>>>>>> a problem.
>>>>>>>>>>>
>>>>>>>>>>> - DML
>>>>>>>>>>>
>>>>>>>>>>> On 09/29/2009 08:38 AM, Jesper Pedersen wrote:
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>                       
>>>>>>>>>>>> Hi.
>>>>>>>>>>>>
>>>>>>>>>>>> Please, add a FindBugs filter file to the configuration
>>>>>>>>>>>> where we can add
>>>>>>>>>>>> exclusions - f.ex. org.jfree (unless someone wants to submit
>>>>>>>>>>>> patches
>>>>>>>>>>>> upstream).
>>>>>>>>>>>>
>>>>>>>>>>>> Feel free to rip the JBJCA setup :)
>>>>>>>>>>>>
>>>>>>>>>>>> Best regards,
>>>>>>>>>>>>   Jesper
>>>>>>>>>>>>
>>>>>>>>>>>> On Monday 28 September 2009 22:33:22 Shelly McGowan wrote:
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>                         
>>>>>>>>>>>>> I've published the FindBugs report set up by the JBoss QA
>>>>>>>>>>>>> team run
>>>>>>>>>>>>> against JBoss AS. The reports can be viewed here:
>>>>>>>>>>>>>
>>>>>>>>>>>>> http://hudson.jboss.org/hudson/view/JBoss%20AS/job/JBoss-AS-6.0.x-findb
>>>>>>>>>>>>> ugs/ 8/findbugsResult
>>>>>>>>>>>>>
>>>>>>>>>>>>> This report shows a total of 5675 warnings, 877 of which are
>>>>>>>>>>>>> categorized as High Priority.
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>> The report for Branch_5_x can be viewed here:
>>>>>>>>>>>>>
>>>>>>>>>>>>> http://hudson.jboss.org/hudson/view/JBoss%20AS/job/JBoss-AS-5.x-findbug
>>>>>>>>>>>>> s/2/ findbugsResult/
>>>>>>>>>>>>>
>>>>>>>>>>>>> The Branch_5_x report has 6089 warnings, 977 High Priority.
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>> These issues should be addressed when committing to trunk or
>>>>>>>>>>>>> Branch_5_x. Take time out to look at the report data.  Most
>>>>>>>>>>>>> of the
>>>>>>>>>>>>> warnings can be easily addressed.
>>>>>>>>>>>>>
>>>>>>>>>>>>> I've started a parent JIRA task for tracking:
>>>>>>>>>>>>>
>>>>>>>>>>>>> https://jira.jboss.org/jira/browse/JBAS-7295
>>>>>>>>>>>>>
>>>>>>>>>>>>> and will create subtasks as needed after additional review
>>>>>>>>>>>>> of the
>>>>>>>>>>>>> report data.

More information about the jboss-development mailing list