[jboss-dev] FindBugs Reports
David M. Lloyd
david.lloyd at redhat.com
Thu Oct 1 13:51:03 EDT 2009
That's OK. Compile-time deps are not a huge deal for anyone but
developers. And crazy people. As long as the run-time deps are minimal,
it should be OK.
- DML
On 10/01/2009 12:30 PM, Anil Saldhana wrote:
> I was asking because now the source will have a dependence on FindBugs
> at compile time? I understand the "suppresswarning" intent.
>
> David M. Lloyd wrote:
>> So that you can have findbugs configured to be quite sensitive, but also be
>> able to silence false alarms (with an explanation).
>>
>> - DML
>>
>> On 10/01/2009 11:34 AM, Anil Saldhana wrote:
>>
>>> And why would you decorate your source code with FindBugs specific
>>> annotations?
>>>
>>> Kabir Khan wrote:
>>>
>>>> Sorry, yes I meant maven
>>>> On 1 Oct 2009, at 17:19, Paul Gier wrote:
>>>>
>>>>
>>>>
>>>>> You mean in our Maven repo? Sure, I can add it today.
>>>>>
>>>>> Kabir Khan wrote:
>>>>>
>>>>>
>>>>>> Paul,
>>>>>> Can we get the latest findbugs plugin in our svn please?
>>>>>> On 30 Sep 2009, at 14:50, Anil Saldhana wrote:
>>>>>>
>>>>>>
>>>>>>> AndyM was saying that before log trace call is finally written to
>>>>>>> the
>>>>>>> sink, there is some overhead in creating objects etc which are just
>>>>>>> thrown away if trace is not enabled. So rather than figure out
>>>>>>> whether
>>>>>>> trace is enabled upfront, log4j does this check at the time of
>>>>>>> writing
>>>>>>> after having done some processing.
>>>>>>>
>>>>>>> David M. Lloyd wrote:
>>>>>>>
>>>>>>>
>>>>>>>> Sometimes. But doing:
>>>>>>>>
>>>>>>>> log.trace("foo");
>>>>>>>>
>>>>>>>> is faster than:
>>>>>>>>
>>>>>>>> if (log.isTraceEnabled()) log.trace("foo");
>>>>>>>>
>>>>>>>> because there's no computation involved in the log parameter, so
>>>>>>>> it's just
>>>>>>>> a plain method call, and the internal impl will do the same check
>>>>>>>> anyway.
>>>>>>>>
>>>>>>>> - DML
>>>>>>>>
>>>>>>>> On 09/29/2009 10:53 AM, Anil Saldhana wrote:
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>> Additionally, as we discussed, flagging log.trace/debug without
>>>>>>>>> the
>>>>>>>>> log.isTraceEnabled/debugEnabled wrappers. That may be a feature.
>>>>>>>>>
>>>>>>>>> Jesper Pedersen wrote:
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>> http://findbugs.sourceforge.net/bugDescriptions.html
>>>>>>>>>>
>>>>>>>>>> looks for doPrivileged in the descriptions.
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> On Tuesday 29 September 2009 11:46:36 Anil Saldhana wrote:
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>> I am wondering if FindBugs does flag the lack of privileged
>>>>>>>>>>> blocks
>>>>>>>>>>> around sensitive ops such as loadClass, setTCCL etc? I cannot
>>>>>>>>>>> find any
>>>>>>>>>>> reference online.
>>>>>>>>>>>
>>>>>>>>>>> David M. Lloyd wrote:
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>> Does FindBugs support using @SuppressWarnings() or similar?
>>>>>>>>>>>> This is what
>>>>>>>>>>>> I do with IDEA and it works well. I use @SuppressWarnings
>>>>>>>>>>>> (on classes,
>>>>>>>>>>>> members, or local var declarations) or "//noinspection" for
>>>>>>>>>>>> other cases,
>>>>>>>>>>>> and then add a comment beforehand explaining why the problem
>>>>>>>>>>>> isn't really
>>>>>>>>>>>> a problem.
>>>>>>>>>>>>
>>>>>>>>>>>> - DML
>>>>>>>>>>>>
>>>>>>>>>>>> On 09/29/2009 08:38 AM, Jesper Pedersen wrote:
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>> Hi.
>>>>>>>>>>>>>
>>>>>>>>>>>>> Please, add a FindBugs filter file to the configuration
>>>>>>>>>>>>> where we can add
>>>>>>>>>>>>> exclusions - f.ex. org.jfree (unless someone wants to submit
>>>>>>>>>>>>> patches
>>>>>>>>>>>>> upstream).
>>>>>>>>>>>>>
>>>>>>>>>>>>> Feel free to rip the JBJCA setup :)
>>>>>>>>>>>>>
>>>>>>>>>>>>> Best regards,
>>>>>>>>>>>>> Jesper
>>>>>>>>>>>>>
>>>>>>>>>>>>> On Monday 28 September 2009 22:33:22 Shelly McGowan wrote:
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>> I've published the FindBugs report set up by the JBoss QA
>>>>>>>>>>>>>> team run
>>>>>>>>>>>>>> against JBoss AS. The reports can be viewed here:
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> http://hudson.jboss.org/hudson/view/JBoss%20AS/job/JBoss-AS-6.0.x-findb
>>>>>>>>>>>>>> ugs/ 8/findbugsResult
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> This report shows a total of 5675 warnings, 877 of which are
>>>>>>>>>>>>>> categorized as High Priority.
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> The report for Branch_5_x can be viewed here:
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> http://hudson.jboss.org/hudson/view/JBoss%20AS/job/JBoss-AS-5.x-findbug
>>>>>>>>>>>>>> s/2/ findbugsResult/
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> The Branch_5_x report has 6089 warnings, 977 High Priority.
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> These issues should be addressed when committing to trunk or
>>>>>>>>>>>>>> Branch_5_x. Take time out to look at the report data. Most
>>>>>>>>>>>>>> of the
>>>>>>>>>>>>>> warnings can be easily addressed.
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> I've started a parent JIRA task for tracking:
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> https://jira.jboss.org/jira/browse/JBAS-7295
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> and will create subtasks as needed after additional review
>>>>>>>>>>>>>> of the
>>>>>>>>>>>>>> report data.
> _______________________________________________
> jboss-development mailing list
> jboss-development at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/jboss-development
More information about the jboss-development
mailing list