You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@sis.apache.org by Martin Desruisseaux <ma...@geomatys.fr> on 2012/10/26 11:50:21 UTC
On FindBugs, PMD, CPD and checkstyle
Hello all
The current project configuration generates 4 forms of code analysis:
* FindBugs - on code analysis.
* PMD report - an other code analysis.
* CPD report - on code duplication.
* Checkstyle - on coding conventions.
FindBugs and PMD overlaps since they have the same goals. However they
use different approaches:
* FindBugs analyses the compiled *.class files.
* PMD analyses the source *.java files.
In my experience, I have found the FindBugs reports to be more valuable.
I found that PMD produces a larger amount of false positives, for
example confusing inner classes called "Double" (as in
java.awt.geom.Point2D.Double) with java.lang.Double. I found that the
PMD reports are more the kind of issues that we can see visually by
looking at the code, while I found FindBugs reports to be "deeper" and
less obvious (for example inconsistent synchronization). PMD also
reports some issues that are more about coding conventions, thus
overlapping with Checkstyle in addition to FindBugs.
CPD is a PMD extension for finding code duplications. Like PMD, it works
more on the basis of what the code "looks like" than what the code
really is once compiled. Indeed, the totality of the issues reported by
CPD in the sis-utility module [1] are false positives; I didn't found
any real code duplication (the code are extending different classes, and
consequently invoking different methods with different parameters).
Checkstyle is only about coding convention. However the current
configuration produces a large amount of errors, most of them because of
lines longer than 80 characters. But there is other style violations
too. However my issue is that Checkstyle seems a bit too "religious" to
me... While I agree that complying to the style rules is good 90% of the
time, I believe that some exceptions have justification. In particular,
I tend to consider the symmetry of nature (as emerging from some
mathematical expressions) as more important. Applications working mostly
on text or metadata may not experience that often, but symmetry are a
bit more common in geometry or referencing modules. Writing the code in
a way that expose such symmetry, when it can be done in a reasonable
way, has truly helped me many time to spot some bugs in my code. A
simple example of what I means is at
https://builds.apache.org/job/sis-jdk7/site/code-format.html but some
cases are more sophisticated.
My usual approach is "comply to the style rule, except for exposing
symmetry", which is quite hard to teach to Checkstyle. Furthermore the
Checkstyle configuration in a Maven multi-modules project seem uneasy
[2]. Consequently,
* Given that Checkstyle, CPD and PMD seem to have a very "noise/signal"
ration to me;
* Given that PMD overlaps with both FindBugs and Checkstyle;
If it was just me, I would be tempted to keep only FindBugs and remove
the other analysis tools for making site generation lighter...
What other peoples think?
Martin
[1] https://builds.apache.org/job/sis-jdk7/site/sis-utility/cpd.html
[2]
http://maven.apache.org/plugins/maven-checkstyle-plugin/examples/multi-module-config.html
Re: On FindBugs, PMD, CPD and checkstyle
Posted by Martin Desruisseaux <ma...@geomatys.fr>.
Thanks Adam and Chris. If there is no other objection in the next hours,
I will apply the change tomorrow.
Regards,
Martin
Le 26/10/12 23:42, Mattmann, Chris A (388J) a écrit :
> +1 to only keep Find Bugs -- I feel the same way.
>
> Cheers,
> Chris
>
> On Oct 26, 2012, at 2:50 AM, Martin Desruisseaux wrote:
>
>> Hello all
>>
>> The current project configuration generates 4 forms of code analysis:
>>
>> * FindBugs - on code analysis.
>> * PMD report - an other code analysis.
>> * CPD report - on code duplication.
>> * Checkstyle - on coding conventions.
>>
>> FindBugs and PMD overlaps since they have the same goals. However they use different approaches:
>>
>> * FindBugs analyses the compiled *.class files.
>> * PMD analyses the source *.java files.
>>
>> In my experience, I have found the FindBugs reports to be more valuable. I found that PMD produces a larger amount of false positives, for example confusing inner classes called "Double" (as in java.awt.geom.Point2D.Double) with java.lang.Double. I found that the PMD reports are more the kind of issues that we can see visually by looking at the code, while I found FindBugs reports to be "deeper" and less obvious (for example inconsistent synchronization). PMD also reports some issues that are more about coding conventions, thus overlapping with Checkstyle in addition to FindBugs.
>>
>> CPD is a PMD extension for finding code duplications. Like PMD, it works more on the basis of what the code "looks like" than what the code really is once compiled. Indeed, the totality of the issues reported by CPD in the sis-utility module [1] are false positives; I didn't found any real code duplication (the code are extending different classes, and consequently invoking different methods with different parameters).
>>
>> Checkstyle is only about coding convention. However the current configuration produces a large amount of errors, most of them because of lines longer than 80 characters. But there is other style violations too. However my issue is that Checkstyle seems a bit too "religious" to me... While I agree that complying to the style rules is good 90% of the time, I believe that some exceptions have justification. In particular, I tend to consider the symmetry of nature (as emerging from some mathematical expressions) as more important. Applications working mostly on text or metadata may not experience that often, but symmetry are a bit more common in geometry or referencing modules. Writing the code in a way that expose such symmetry, when it can be done in a reasonable way, has truly helped me many time to spot some bugs in my code. A simple example of what I means is at https://builds.apache.org/job/sis-jdk7/site/code-format.html but some cases are more sophisticated.
>>
>> My usual approach is "comply to the style rule, except for exposing symmetry", which is quite hard to teach to Checkstyle. Furthermore the Checkstyle configuration in a Maven multi-modules project seem uneasy [2]. Consequently,
>>
>> * Given that Checkstyle, CPD and PMD seem to have a very "noise/signal" ration to me;
>> * Given that PMD overlaps with both FindBugs and Checkstyle;
>>
>> If it was just me, I would be tempted to keep only FindBugs and remove the other analysis tools for making site generation lighter...
>>
>> What other peoples think?
>>
>> Martin
>>
>> [1] https://builds.apache.org/job/sis-jdk7/site/sis-utility/cpd.html
>> [2] http://maven.apache.org/plugins/maven-checkstyle-plugin/examples/multi-module-config.html
>>
Re: On FindBugs, PMD, CPD and checkstyle
Posted by "Mattmann, Chris A (388J)" <ch...@jpl.nasa.gov>.
+1 to only keep Find Bugs -- I feel the same way.
Cheers,
Chris
On Oct 26, 2012, at 2:50 AM, Martin Desruisseaux wrote:
> Hello all
>
> The current project configuration generates 4 forms of code analysis:
>
> * FindBugs - on code analysis.
> * PMD report - an other code analysis.
> * CPD report - on code duplication.
> * Checkstyle - on coding conventions.
>
> FindBugs and PMD overlaps since they have the same goals. However they use different approaches:
>
> * FindBugs analyses the compiled *.class files.
> * PMD analyses the source *.java files.
>
> In my experience, I have found the FindBugs reports to be more valuable. I found that PMD produces a larger amount of false positives, for example confusing inner classes called "Double" (as in java.awt.geom.Point2D.Double) with java.lang.Double. I found that the PMD reports are more the kind of issues that we can see visually by looking at the code, while I found FindBugs reports to be "deeper" and less obvious (for example inconsistent synchronization). PMD also reports some issues that are more about coding conventions, thus overlapping with Checkstyle in addition to FindBugs.
>
> CPD is a PMD extension for finding code duplications. Like PMD, it works more on the basis of what the code "looks like" than what the code really is once compiled. Indeed, the totality of the issues reported by CPD in the sis-utility module [1] are false positives; I didn't found any real code duplication (the code are extending different classes, and consequently invoking different methods with different parameters).
>
> Checkstyle is only about coding convention. However the current configuration produces a large amount of errors, most of them because of lines longer than 80 characters. But there is other style violations too. However my issue is that Checkstyle seems a bit too "religious" to me... While I agree that complying to the style rules is good 90% of the time, I believe that some exceptions have justification. In particular, I tend to consider the symmetry of nature (as emerging from some mathematical expressions) as more important. Applications working mostly on text or metadata may not experience that often, but symmetry are a bit more common in geometry or referencing modules. Writing the code in a way that expose such symmetry, when it can be done in a reasonable way, has truly helped me many time to spot some bugs in my code. A simple example of what I means is at https://builds.apache.org/job/sis-jdk7/site/code-format.html but some cases are more sophisticated.
>
> My usual approach is "comply to the style rule, except for exposing symmetry", which is quite hard to teach to Checkstyle. Furthermore the Checkstyle configuration in a Maven multi-modules project seem uneasy [2]. Consequently,
>
> * Given that Checkstyle, CPD and PMD seem to have a very "noise/signal" ration to me;
> * Given that PMD overlaps with both FindBugs and Checkstyle;
>
> If it was just me, I would be tempted to keep only FindBugs and remove the other analysis tools for making site generation lighter...
>
> What other peoples think?
>
> Martin
>
> [1] https://builds.apache.org/job/sis-jdk7/site/sis-utility/cpd.html
> [2] http://maven.apache.org/plugins/maven-checkstyle-plugin/examples/multi-module-config.html
>
Re: On FindBugs, PMD, CPD and checkstyle
Posted by Adam Estrada <es...@gmail.com>.
Martin,
I have seen FindBugs and like it. Let just stick with that...
Adam
On Oct 26, 2012, at 5:50 AM, Martin Desruisseaux wrote:
> Hello all
>
> The current project configuration generates 4 forms of code analysis:
>
> * FindBugs - on code analysis.
> * PMD report - an other code analysis.
> * CPD report - on code duplication.
> * Checkstyle - on coding conventions.
>
> FindBugs and PMD overlaps since they have the same goals. However they use different approaches:
>
> * FindBugs analyses the compiled *.class files.
> * PMD analyses the source *.java files.
>
> In my experience, I have found the FindBugs reports to be more valuable. I found that PMD produces a larger amount of false positives, for example confusing inner classes called "Double" (as in java.awt.geom.Point2D.Double) with java.lang.Double. I found that the PMD reports are more the kind of issues that we can see visually by looking at the code, while I found FindBugs reports to be "deeper" and less obvious (for example inconsistent synchronization). PMD also reports some issues that are more about coding conventions, thus overlapping with Checkstyle in addition to FindBugs.
>
> CPD is a PMD extension for finding code duplications. Like PMD, it works more on the basis of what the code "looks like" than what the code really is once compiled. Indeed, the totality of the issues reported by CPD in the sis-utility module [1] are false positives; I didn't found any real code duplication (the code are extending different classes, and consequently invoking different methods with different parameters).
>
> Checkstyle is only about coding convention. However the current configuration produces a large amount of errors, most of them because of lines longer than 80 characters. But there is other style violations too. However my issue is that Checkstyle seems a bit too "religious" to me... While I agree that complying to the style rules is good 90% of the time, I believe that some exceptions have justification. In particular, I tend to consider the symmetry of nature (as emerging from some mathematical expressions) as more important. Applications working mostly on text or metadata may not experience that often, but symmetry are a bit more common in geometry or referencing modules. Writing the code in a way that expose such symmetry, when it can be done in a reasonable way, has truly helped me many time to spot some bugs in my code. A simple example of what I means is at https://builds.apache.org/job/sis-jdk7/site/code-format.html but some cases are more sophisticated.
>
> My usual approach is "comply to the style rule, except for exposing symmetry", which is quite hard to teach to Checkstyle. Furthermore the Checkstyle configuration in a Maven multi-modules project seem uneasy [2]. Consequently,
>
> * Given that Checkstyle, CPD and PMD seem to have a very "noise/signal" ration to me;
> * Given that PMD overlaps with both FindBugs and Checkstyle;
>
> If it was just me, I would be tempted to keep only FindBugs and remove the other analysis tools for making site generation lighter...
>
> What other peoples think?
>
> Martin
>
> [1] https://builds.apache.org/job/sis-jdk7/site/sis-utility/cpd.html
> [2] http://maven.apache.org/plugins/maven-checkstyle-plugin/examples/multi-module-config.html
>