[jboss-dev] Crazy People: Re: FindBugs Reports

Thu Oct 1 14:11:58 EDT 2009

Go ahead. Spell it out, who are these crazy people? ;-)

On 10/01/2009 12:51 PM, David M. Lloyd wrote:
> That's OK.  Compile-time deps are not a huge deal for anyone but
> developers.  And crazy people.  As long as the run-time deps are minimal,
> it should be OK.
>
> - DML
>
> On 10/01/2009 12:30 PM, Anil Saldhana wrote:
>> I was asking because now the source will have a dependence on FindBugs
>> at compile time?  I understand the "suppresswarning" intent.
>>
>> David M. Lloyd wrote:
>>> So that you can have findbugs configured to be quite sensitive, but also be
>>> able to silence false alarms (with an explanation).
>>>
>>> - DML
>>>
>>> On 10/01/2009 11:34 AM, Anil Saldhana wrote:
>>>
>>>> And why would you decorate your source code with FindBugs specific
>>>> annotations?
>>>>
>>>> Kabir Khan wrote:
>>>>
>>>>> Sorry, yes I meant maven
>>>>> On 1 Oct 2009, at 17:19, Paul Gier wrote:
>>>>>
>>>>>
>>>>>
>>>>>> You mean in our Maven repo?  Sure, I can add it today.
>>>>>>
>>>>>> Kabir Khan wrote:
>>>>>>
>>>>>>
>>>>>>> Paul,
>>>>>>> Can we get the latest findbugs plugin in our svn please?
>>>>>>> On 30 Sep 2009, at 14:50, Anil Saldhana wrote:
>>>>>>>
>>>>>>>
>>>>>>>> AndyM was saying that before log trace call is finally written to
>>>>>>>> the
>>>>>>>> sink, there is some overhead in creating objects etc which are just
>>>>>>>> thrown away if trace is not enabled.  So rather than figure out
>>>>>>>> whether
>>>>>>>> trace is enabled upfront, log4j does this check at the time of
>>>>>>>> writing
>>>>>>>> after having done some processing.
>>>>>>>>
>>>>>>>> David M. Lloyd wrote:
>>>>>>>>
>>>>>>>>
>>>>>>>>> Sometimes.  But doing:
>>>>>>>>>
>>>>>>>>>     log.trace("foo");
>>>>>>>>>
>>>>>>>>> is faster than:
>>>>>>>>>
>>>>>>>>>     if (log.isTraceEnabled()) log.trace("foo");
>>>>>>>>>
>>>>>>>>> because there's no computation involved in the log parameter, so
>>>>>>>>> it's just
>>>>>>>>> a plain method call, and the internal impl will do the same check
>>>>>>>>> anyway.
>>>>>>>>>
>>>>>>>>> - DML
>>>>>>>>>
>>>>>>>>> On 09/29/2009 10:53 AM, Anil Saldhana wrote:
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>> Additionally, as we discussed, flagging log.trace/debug without
>>>>>>>>>> the
>>>>>>>>>> log.isTraceEnabled/debugEnabled wrappers.  That may be a feature.
>>>>>>>>>>
>>>>>>>>>> Jesper Pedersen wrote:
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>> http://findbugs.sourceforge.net/bugDescriptions.html
>>>>>>>>>>>
>>>>>>>>>>> looks for doPrivileged in the descriptions.
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> On Tuesday 29 September 2009 11:46:36 Anil Saldhana wrote:
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>> I am wondering if FindBugs does flag the lack of privileged
>>>>>>>>>>>> blocks
>>>>>>>>>>>> around sensitive ops such as loadClass, setTCCL etc?  I cannot
>>>>>>>>>>>> find any
>>>>>>>>>>>> reference online.
>>>>>>>>>>>>
>>>>>>>>>>>> David M. Lloyd wrote:
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>> Does FindBugs support using @SuppressWarnings() or similar?
>>>>>>>>>>>>> This is what
>>>>>>>>>>>>> I do with IDEA and it works well.  I use @SuppressWarnings
>>>>>>>>>>>>> (on classes,
>>>>>>>>>>>>> members, or local var declarations) or "//noinspection" for
>>>>>>>>>>>>> other cases,
>>>>>>>>>>>>> and then add a comment beforehand explaining why the problem
>>>>>>>>>>>>> isn't really
>>>>>>>>>>>>> a problem.
>>>>>>>>>>>>>
>>>>>>>>>>>>> - DML
>>>>>>>>>>>>>
>>>>>>>>>>>>> On 09/29/2009 08:38 AM, Jesper Pedersen wrote:
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>> Hi.
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> Please, add a FindBugs filter file to the configuration
>>>>>>>>>>>>>> where we can add
>>>>>>>>>>>>>> exclusions - f.ex. org.jfree (unless someone wants to submit
>>>>>>>>>>>>>> patches
>>>>>>>>>>>>>> upstream).
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> Feel free to rip the JBJCA setup :)
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> Best regards,
>>>>>>>>>>>>>>     Jesper
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> On Monday 28 September 2009 22:33:22 Shelly McGowan wrote:
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> I've published the FindBugs report set up by the JBoss QA
>>>>>>>>>>>>>>> team run
>>>>>>>>>>>>>>> against JBoss AS. The reports can be viewed here:
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> http://hudson.jboss.org/hudson/view/JBoss%20AS/job/JBoss-AS-6.0.x-findb
>>>>>>>>>>>>>>> ugs/ 8/findbugsResult
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> This report shows a total of 5675 warnings, 877 of which are
>>>>>>>>>>>>>>> categorized as High Priority.
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> The report for Branch_5_x can be viewed here:
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> http://hudson.jboss.org/hudson/view/JBoss%20AS/job/JBoss-AS-5.x-findbug
>>>>>>>>>>>>>>> s/2/ findbugsResult/
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> The Branch_5_x report has 6089 warnings, 977 High Priority.
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> These issues should be addressed when committing to trunk or
>>>>>>>>>>>>>>> Branch_5_x. Take time out to look at the report data.  Most
>>>>>>>>>>>>>>> of the
>>>>>>>>>>>>>>> warnings can be easily addressed.
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> I've started a parent JIRA task for tracking:
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> https://jira.jboss.org/jira/browse/JBAS-7295
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> and will create subtasks as needed after additional review
>>>>>>>>>>>>>>> of the
>>>>>>>>>>>>>>> report data.
>> _______________________________________________
>> jboss-development mailing list
>> jboss-development at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/jboss-development
> _______________________________________________
> jboss-development mailing list
> jboss-development at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/jboss-development

-- 
Brian Stansberry
Lead, AS Clustering
JBoss by Red Hat