logo       
<prev   next>

Re: Fb-contrib promotion: msg#00049

java.findbugs.general

Subject: Re: Fb-contrib promotion

Many of the detectors in fb-contrib are much more style checkers than bug finders.
They detect questionable coding practices that are routinely violated in production code.

Also, in a few but not most cases, I question the wisdom of the advice generated by
some of the fb-contrib detectors.

Given that we can now find hundreds of high and medium priority correctness warnings
in large software projects, finding even more bugs isn't a priority for the findbugs project.
Rather, my focus is figuring out how to get people to fix bugs that we can find. This involves
figuring out how to make the results even more relevant and removing the various points
of pain in using findbugs.

I tried running findbugs and fb-contrib against jdk1.6.0-b51.

FindBugs core M/H correctness warnings: 529
fb-contrib M/H correctness warnings: 7090
from PCOA alone 765
from LEST alone 2552

So the PCOA generates more M/H correctness warnings on the JDK
than _everything_ in the core plugin. And LEST generates 5 times more
M/H correctness warnings on the JDK than _everything_ in the core plugin.

New detectors can always be proposed for contribution to the core plugin. I try to restrict
the core plugin to high standards, but if you have a detector such that a majority of the warnings
correspond to real defects (as opposed to questionable code), we'll take it.

For example, a detector that looked for calls from a constructor to methods that are
in fact overridden in a subclass might be a good addition.

But PCOA and LEST, as they exist in fb-contrib, aren't going to be added to the core.
People who want those detectors are welcome to use fb-contrib and FindBug's
plugin architecture.

Bill

On Oct 15, 2006, at 1:26 AM, Jason Bennett wrote:


I was wondering if there was any plan or discussion on promoting some tests from fb-contrib to the full Findbugs distribution.

I think fb-contrib is a great testbed for experimental Findbugs tests, but many of them seem basic and solid enough that they should be available as standard features. I'm thinking especially about PCOA (calls to non-final methods from a constructor) and LEST (losing exception stack trace).

jason
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Fb-contrib promotion, Norman Gyhra
Next by Date:  check for unclosed streams, Zohar
Previous by Thread:  Re: Fb-contrib promotion, Norman Gyhra
Next by Thread:  check for unclosed streams, Zohar
Indexes:  [Date] [Thread] [Top] [All Lists]

Google Custom Search
News | FAQ | advertise