Subject: RE: False positives - msg#00001

Robert,

You run FindBugs on your JUnit code? I hadn't considered doing that
and would be interested to hear what kind of bugs that catches?

At the very least I think you will need to run FindBugs twice, using a
different set of checks on your production code than on your test code.
I imagine you will need to exclude quite a few of the checks for test
code.

Take a look at FindBug's exclusions filter functionality:

http://findbugs.sourceforge.net/manual/filter.html

Hope that helps,

Chris.

-----Original Message-----
From: findbugs-discuss-bounces@xxxxxxxxxx
[mailto:findbugs-discuss-bounces@xxxxxxxxxx] On Behalf Of Robert Wenner
Sent: 07 November 2006 21:36
To: findbugs-discuss@xxxxxxxxxxxxxxxxxx
Subject: [FB-Discuss] False positives

Hi all,


I started using Findbugs recently. It has produced some helpful
warnings.
I also got a lot of what I consider false positives like the ones below.


CI: Class Message is final but declares protected field _cal
This is true, but on purpose. Java allows derived classes AND classes in

the same package to access protected members.
I'd like to not see this warning if there is in fact code in the current

scope (project) that does access the protected field.


DE: PMTATransportTest.testGetMsgDataNoData() might ignore
java.io.IOException
This is the code that triggers this warning:
public void testSomething() {
try {
doSomethingBad();
}
catch (IOException expected) { /* Ok. */ }
}
This is a perfectly fine JUnit 3.8 test case and should go without
complaint.


Dm: AccounterTest.testNativeObjectFreed() forces garbage collection;
extremely dubious except in benchmarking code
This is a test that makes sure the JNI native part gets cleaned up on
garbage collection. This code itself is too complex to cite here, but
the
concept is having mock objects on both sides of the JNI layer and the
test will query the mock whether the native code for releasing the
resources was called. I agree this is a little brittle, but in practice
it works fine on Windows, Solaris, and Linux with JDKs 1.4 and 5.


DP: MessageCompatibilityTest.test7BitIsDefaultEncoding() invokes
java.lang.reflect.Field.setAccessible(boolean), which should be invoked
from within a doPrivileged block
This is a test trying to access a private field in the class under test.
I
agree this is not nice, but I cannot change the code under test (it's a
compatibility test to ensure the old code behaves as the new code).
This way is described in the JUnit FAQ.


IJU: TestCase AccounterTest$1 has no tests
I got this one for bringing mock objects in my test code like this:
public void testFoo() {
doSomething(new FooBar() {
public void overrideSomeMethod() {
// ...
}
});
// ...
}
Note that FooBar is not even derived from TestCase.


Se: NativeObject._nativeObject is transient but NativeObject isn't
Serializable
I get this for an abstract class where derived classes may well be
Serializable, however, if they are, I want to be sure this particular
field is not serialized (it holds a pointer to its JNI part).


UrF: Unread field: NativeObject.finalizerGuardian
I get this for a finalizer guardian as described in Effective Java item
6:
class Foo {
public void free() {
// free some JNI native resources
}

private final Object finalizerGuardian = new Object() {
protected void finalize() {
free();
}
};
}
This ensures that even if derived classes override finalize() and don't
call their base's finalize() it will still run when the finalizer
guardian member is garbage collected.


UwF: Field not initialized in constructor: PMTATransportTest.msg
Here Findbugs does not see that this field is in fact initialized in the

setUp() method.


Generally, I think Findbugs should distinguish between production code
and
test code. Many things are fine in tests that are problems in
production.

Is there a way to disable specific checks only in some hand-picked
places?
Like a special comment or an annotation?
A comment probably won't work since Findbugs works on class files,
right?
Any other way for Java 1.4 compatibility?


Robert
_______________________________________________
Findbugs-discuss mailing list
Findbugs-discuss@xxxxxxxxxxxxxxxxxx
http://mailman.cs.umd.edu/mailman/listinfo/findbugs-discuss


CONFIDENTIALITY & PRIVILEGE NOTICE

This e-mail is confidential to its intended recipient. It may also be
privileged. Neither the confidentiality nor any privilege attaching to this
e-mail is waived lost or destroyed by reason that it has been mistakenly
transmitted to a person or entity other than its intended recipient. If you are
not the intended recipient please notify us immediately by telephone or fax at
the numbers provided above or e-mail by Reply To Author and return the printed
e-mail to us by post at our expense. We believe, but do not warrant, that this
e-mail and any attachments are virus-free, but you should check. We may monitor
traffic data of both business and personal e-mails. We are not liable for any
opinions expressed by the sender where this is a non-business e-mail. If you do
not receive all the message, or if you have difficulty with the transmission,
please telephone us immediately.