findbugs

Checkstyle vs. PMD

爱⌒轻易说出口 提交于 2019-11-28 15:17:19
We are introducing static analysis tools into the build system for our Java product. We are using Maven2 so Checkstyle and PMD integration come for free. However it looks like there is a large overlap in functionality between these two tools, in terms of enforcing basic style rules. Is there a benefit from utilizing both of these? I don't want to maintain 2 tools if one will work. If we choose one, which one should we use and why? We are also planning on using FindBugs. Are there other static analysis tools we should look at? Update: Consensus seems to be that PMD is preferred over CheckStyle.

force maven to fail the build on nonnull violations

僤鯓⒐⒋嵵緔 提交于 2019-11-28 05:14:19
问题 I have the simple code below for testing the findbugs NonNull annotation with maven. I execute "mvn clean install site", and I get a directory target/site/css and target/site/images, but nothing more. I was expecting to get a report, saying that println(null) violates the NonNull condition. What do I need to do to get that report? Also, is there a way to prevent "mvn clean install" to succeed if there are NonNull violations? Note: I am aware that I can get such report with Sonar; However, I

sonar findbugs heap size

流过昼夜 提交于 2019-11-28 04:21:46
问题 i am new to sonar. i am running sonar from Jenkins with sonar pulgin. When i am running from jenkins i am getting out of memory exception at findbugs below is the error: Out of memory Total memory: 1037M free memory: 30M Analyzed: D:\Victor\autocreated\webapp\WEB-INF\classes Aux: C:\DOCUME~1\NADBHA~1\LOCALS~1\Temp\findbugs4165854405681394173.jar Aux: C:\DOCUME~1\NADBHA~1\LOCALS~1\Temp\findbugs4688505485649811865.jar Total time: 2:04:49.155s Final Memory: 358M/989M Exception in thread "main"

Can findbugs detect unused public methods

情到浓时终转凉″ 提交于 2019-11-28 03:48:48
问题 Is it possible to detect unused methods in a source tree using FindBugs? I see some posts on SO where users are claiming to do that, some others asking how to do this in FB and others where they claim FB cannot do this. Does anyone know for sure how this is done? I am only interested in methods that are not explicitly called from elsewhere, I don't care about reflection. 回答1: as a member of the FindBugs team I can tell you that unfortunately FindBugs does not do this. If you search through

FindBugs filter file for ignoring JUnit tests

谁说我不能喝 提交于 2019-11-28 02:39:11
问题 I need to set up a filter file for my findbugs ant script that scans only the src/* files and not the test/* files. What is the syntax for checking all classes while ignoring any filename or package name with 'test' in the name? 回答1: FindBugs is actually scanning the compiled class files, not the sourcePath . If you are compiling your src/* and test/* files to the different directories, you could just use the nested <class...> element. <findbugs home="${findbugs.dir}" output="xml:withMessages

Deprecated annotations in FindBugs 2.0

雨燕双飞 提交于 2019-11-28 00:24:01
问题 Looking at the list of annotations in FindBugs 2.0, I see that a lot of them have been deprecated. Some of these ( @CheckForNull , @NonNull , etc.) have been deprecated because they have equivalent JSR-305 annotations. Good to finally settle the dilemma about which set of annotations to use. But some FindBugs-specific annotations, such as @DefaultAnnotation and @DefaultAnnotationForFields , have also been deprecated and I cannot find any explanation of what to use in their place. I'm trying

How to generate a html report for findbugs with Maven 3.x

空扰寡人 提交于 2019-11-27 20:14:34
Has anybody managed to configure the findbugs Maven 3.x plugin to produce both an xml and html report? (I want the xml one for Jenkins and the html one for checking prior to a commit) I've seen a lot of documentation on the web on setting this up, but most of it appears to be for Maven 2.x, which I know is configured differently (annoyingly the 2.x configuration is silently ignored by 3.x). I'm new to Maven, so I'm not sure if I'm doing something wrong or I'm following old instructions. My pom contains the following: </build> </plugins> <plugin> <groupId>org.codehaus.mojo</groupId> <artifactId

Findbugs warning: Integer shift by 32 — what does it mean?

不羁岁月 提交于 2019-11-27 14:08:39
I was scanning a third party source code using Findbugs (just to be cautious before integrating into it mine), and found the following warning: long a = b << 32 | c Bug: Integer shift by 32 Pattern id: ICAST_BAD_SHIFT_AMOUNT, type: BSHIFT, category: CORRECTNESS The code performs an integer shift by a constant amount outside the range 0..31. The effect of this is to use the lower 5 bits of the integer value to decide how much to shift by. This probably isn't want was expected, and it at least confusing. Could anyone please explain what exactly does the above mean? Thanks! (I am quite a newbie

In what situations could an empty synchronized block achieve correct threading semantics?

折月煮酒 提交于 2019-11-27 13:36:08
问题 I was looking through a Findbugs report on my code base and one of the patterns that was triggered was for an empty synchronzied block (i.e. synchronized (var) {} ). The documentation says: Empty synchronized blocks are far more subtle and hard to use correctly than most people recognize, and empty synchronized blocks are almost never a better solution than less contrived solutions. In my case it occurred because the contents of the block had been commented out, but the synchronized statement

FindBugs引出的Lombok @Data注解使用的问题

我怕爱的太早我们不能终老 提交于 2019-11-27 13:17:06
今天用FindBugs查看代码质量的时候看到如下的提示 @Data注解包含了getter settter equals hashCode方法 上面的英文是:重写equals方法可能会导致equals方法失去它的一致性原则,这个问题会出现a.equals(b)==true,b.equals(a)==false的情况。 补充: 重写equals方法的要点: 1 自反性:对于任意的引用值x,x.equals(x)一定为true 2 对称性:对于任意的引用值x 和 y,当x.equals(y)返回true,y.equals(x)也一定返回true 3 传递性:对于任意的引用值x、y和z,如果x.equals(y)返回true,并且y.equals(z)也返回true,那么x.equals(z)也一定返 回 true 4 一致性:对于任意的引用值x 和 y,如果用于equals比较的对象信息没有被修改, 多次调用x.equals(y)要么一致地返回true,要么一致地返回false 5 非空性:对于任意的非空引用值x,x.equals(null)一定返回false 请注意:重写equals方法后最好重写hashCode方法,否则两个等价对象可能得到不同的hashCode,这在集合框架中使用可能产生严重后果 下面关于使用Lombok的可能踩坑详细描述是转载的 http://www
订阅 findbugs