This is a multi-part message in MIME format.
Hi,
first of all, let me
stress how impressed I am about FindBugs: Together with runtime assertions and
unit tests, this tool definitely helps to deliver high quality software -
congratulations!
I am very
comfortable with runtime assertions and unit tests, but am new to static
analysis, so I tried to find out how I can mix these technologies to
get bullet-proof software. In particular, I run FindBugs over the following
simple test:
import edu.umd.cs.findbugs.annotations.*; abstract class Test implements Runnable {
@CheckForNull
Integer number = 1; private boolean invariants() {
assert number != null;
return true;
} public void run() {
assert invariants();
sideEffect();
System.out.println(number.toString()); // correct report
assert invariants();
System.out.println(number.toString()); // false positive!
invariants();
System.out.println(number.toString()); // false positive!
} abstract void sideEffect();
} This
gets me three NP_NULL_ON_SOME_PATH reports. However, only the first is relevant,
the other are false positives because the test is done in a private
method which can't get overridden.
Are
there any plans to improve null pointer dereference detection to get rid of
these false positives?
BTW:
Looking at the source code I noticed that you are looking to improve the support
for nested JARs. You may find my project helpful: https://truezip.dev.java.net . Version
6.5.1 has been fortified with FindBugs in addition to the already used runtime
assertions and unit tests.
With
best regards,
Christian Schlichtherle
--
Schlichtherle IT
Services
Wittelsbacherstr. 10a
10707 Berlin
smime.p7s
Description: S/MIME cryptographic signature
| 
