Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [dsdp-tm-dev] FindBugs

Hi Martin,

Installing FindBugs in Eclipse is pretty straightforward - you can install it either from the update site [1] using the Update Manager or download the plug-in from the project downloads page. When installed you can scan the existing projects in the workspace by right-click on the project and selecting FindBugs from the context menu. When the scan is complete, the found problems can be browsed using the FindBugs perspective. You can also specify FindBugs options for each project from the project's Properties page. There is support for filter files which can be used for excluding false positives. However, maintaining these filter files will require additional efforts from the committers. I guess for now we can run the tool once and fix what we believe are real bugs. For the long term we should decide whether or not to include FindBugs in our daily work on TM.



Oberhuber, Martin wrote:
Thanks for the pointer, Rado.

I can only agree. We are using FIndBugs successfully
On all our commercial plugins. For RSE, I have always
Wanted to introduce it, but wanted to reduce the number
Of normal Eclipse Javac warnings before doing so.

But now seems the right time. APIs are frozen, so we
Need to focus on the implementations and get our code
Bug free.

There is only one caveat though: Some of the FindBugs
Warnings are false positives. And if somebody has
Analyzed an issue and found that it was not an issue
After all, there must be some common way of excluding
That issue from the warnings in the future, to ensure
That not the next developer invests time in checking
The same issue again.

At Wind River, we have some proprietery means to have
Markup in the code that supports filtering out FindBugs warnings. Rado do you see any such feature
In the Open Source FindBugs tool?

Whoever has a few cycles should download Findbugs
And check their code. Finding the bugs early with
The tool saves LOTS of time compared to having A user report it, look at bugzilla, reproduce it
Etc... I fully recommend that we all go for it.
Installing the plugin is super simple, just
Drop it into your dropins folder.

Rado can you give more instructions how to set up
A project for running findbugs and how to activate

Martin Oberhuber, Senior Member of Technical Staff, Wind River
Target Management Project Lead, DSDP PMC Member
-----Original Message-----
From: dsdp-tm-dev-bounces@xxxxxxxxxxx [mailto:dsdp-tm-dev-bounces@xxxxxxxxxxx] On Behalf Of Radoslav Gerganov
Sent: Donnerstag, 24. April 2008 17:00
To: Target Management developer discussions
Subject: [dsdp-tm-dev] FindBugs

Hi folks,

I would like to draw your attention to a very useful tool for finding bugs in Java programs called FindBugs[1]. It performs static analysis over Java byte code and search for bugs. There is also an Eclipse plug-in which provides integration with the Eclipse platform and can be used for finding bugs in Eclipse projects. You can take a look at [1] for more details about the tool.

So I gave it a try over some of the TM plug-ins and I got some interesting results. Here is a very small excerpt of the results for org.eclipse.rse.core and org.eclipse.rse.ui:

H B ES: Comparison of String parameter using == or != in
IHost, IRSESystemType, String, String,
String, String, int)

H B ES: Comparison of String parameter using == or != in

H B ES: Comparison of String parameter using == or != in

M C NP: Possible null pointer dereference of in

H C EC: Call to equals() comparing unrelated class and interface in
.doDelete(Shell, Object, IProgressMonitor)

onfigurationNode defines
equals and uses Object.hashCode()

M D BC: instanceof will always return true in
since all org.eclipse.rse.core.subsystems.RemoteServerLauncher are instances of

M D BC: instanceof will always return true in
ol), since all
org.eclipse.swt.widgets.TreeItem are instances of org.eclipse.swt.widgets.TreeItem

M B Eq: defines compareTo(Object) and uses

While some of the problems can be classified as "warnings" or "bad practice" there are also such that are real bugs. I think it will be useful for everyone to check his stuff with this tool.


dsdp-tm-dev mailing list

dsdp-tm-dev mailing list

Back to the top