tag:blogger.com,1999:blog-27225531.post1132028790304693018..comments2022-12-12T03:57:38.196-08:00Comments on Pascal Rapicault: FindBugs reviewPascalhttp://www.blogger.com/profile/05469838363528861975noreply@blogger.comBlogger3125tag:blogger.com,1999:blog-27225531.post-49572204735725223662009-02-26T00:30:00.000-08:002009-02-26T00:30:00.000-08:00Pascal,I have been using findbugs and pmd for year...Pascal,<BR/><BR/>I have been using findbugs and pmd for years now, especially for the development of SAT4J, and I cannot really live without such tools now: I avoided quite a few bugs thanks to them.<BR/><BR/>Moreover, those tools help the programmer to improve it skills in java programming: the first time you see an error reported by the tool, you try to understand why it shows up, and then you learn new things about the Java language. Next time, you will probably just avoid to write buggy code. I experience that every year with my students.<BR/><BR/>It is true that there are still false positive and I admit that I haven't found a nice way to silent FB warnings on my code to have clean reports: you could use FB annotations but them it means a new dependency in your code.Daniel Le Berrehttps://www.blogger.com/profile/15573819148797578157noreply@blogger.comtag:blogger.com,1999:blog-27225531.post-29694883683425471952009-02-25T22:24:00.000-08:002009-02-25T22:24:00.000-08:00A good practice is to run FB (or other static anal...A good practice is to run FB (or other static analysis tool) once and check which bugs patterns are NOT important for current project, and which are MOST important. <BR/><BR/>Do not forget: the tool itself is a "dumb mashine", and it can never be as good as human developer (otherwise no one would need humans). So the human review of findings is the necessary step in the process :-)<BR/><BR/>Then exclude the "noisy" bugs patterns from analysis and try to fix the "high prio" bugs. In most cases not only fixing the bug instance is important, but also the review of the related code. In my experience, the buggy code has more issues *around* the bug as it unveiled by the tool.<BR/><BR/>BTW, one can use FB daily build update site to get latest FB snapshot (without NPE :) <BR/>http://findbugs.cs.umd.edu/eclipse-dailyAnonymousnoreply@blogger.comtag:blogger.com,1999:blog-27225531.post-24045169373935587672009-02-25T19:26:00.000-08:002009-02-25T19:26:00.000-08:00While yes you can get a few false postives. For t...While yes you can get a few false postives. For the most part it does show several areas where you could potentially have problems. Many of them have to do with coding styles that could lead to issues.<BR/><BR/>Cleaning up the warnings and bugs that it finds, is a good thing as it does help reduce the overall affected code later on. I know of several eclipse projects that have used it to clean their code with some good results.<BR/><BR/>I've used it in XSL Tools with good results.David Carverhttps://www.blogger.com/profile/09341170413510029324noreply@blogger.com