On FindBugs, PMD, CPD and checkstyle

[Martin Desruisseaux <ma...@geomatys.fr>]

Hello all

The current project configuration generates 4 forms of code analysis:

* FindBugs - on code analysis.
* PMD report - an other code analysis.
* CPD report - on code duplication.
* Checkstyle - on coding conventions.

FindBugs and PMD overlaps since they have the same goals. However they 
use different approaches:

* FindBugs analyses the compiled *.class files.
* PMD analyses the source *.java files.

In my experience, I have found the FindBugs reports to be more valuable. 
I found that PMD produces a larger amount of false positives, for 
example confusing inner classes called "Double" (as in 
java.awt.geom.Point2D.Double) with java.lang.Double. I found that the 
PMD reports are more the kind of issues that we can see visually by 
looking at the code, while I found FindBugs reports to be "deeper" and 
less obvious (for example inconsistent synchronization). PMD also 
reports some issues that are more about coding conventions, thus 
overlapping with Checkstyle in addition to FindBugs.

CPD is a PMD extension for finding code duplications. Like PMD, it works 
more on the basis of what the code "looks like" than what the code 
really is once compiled. Indeed, the totality of the issues reported by 
CPD in the sis-utility module [1] are false positives; I didn't found 
any real code duplication (the code are extending different classes, and 
consequently invoking different methods with different parameters).

Checkstyle is only about coding convention. However the current 
configuration produces a large amount of errors, most of them because of 
lines longer than 80 characters. But there is other style violations 
too. However my issue is that Checkstyle seems a bit too "religious" to 
me... While I agree that complying to the style rules is good 90% of the 
time, I believe that some exceptions have justification. In particular, 
I tend to consider the symmetry of nature (as emerging from some 
mathematical expressions) as more important. Applications working mostly 
on text or metadata may not experience that often, but symmetry are a 
bit more common in geometry or referencing modules. Writing the code in 
a way that expose such symmetry, when it can be done in a reasonable 
way, has truly helped me many time to spot some bugs in my code. A 
simple example of what I means is at 
https://builds.apache.org/job/sis-jdk7/site/code-format.html but some 
cases are more sophisticated.

My usual approach is "comply to the style rule, except for exposing 
symmetry", which is quite hard to teach to Checkstyle. Furthermore the 
Checkstyle configuration in a Maven multi-modules project seem uneasy 
[2]. Consequently,

* Given that Checkstyle, CPD and PMD seem to have a very "noise/signal" 
ration to me;
* Given that PMD overlaps with both FindBugs and Checkstyle;

If it was just me, I would be tempted to keep only FindBugs and remove 
the other analysis tools for making site generation lighter...

What other peoples think?

     Martin

[1] https://builds.apache.org/job/sis-jdk7/site/sis-utility/cpd.html
[2] 
http://maven.apache.org/plugins/maven-checkstyle-plugin/examples/multi-module-config.html

Re: On FindBugs, PMD, CPD and checkstyle

[Martin Desruisseaux <ma...@geomatys.fr>]

Thanks Adam and Chris. If there is no other objection in the next hours, 
I will apply the change tomorrow.

     Regards,

         Martin

Le 26/10/12 23:42, Mattmann, Chris A (388J) a écrit :
> +1 to only keep Find Bugs -- I feel the same way.
>
> Cheers,
> Chris
>
> On Oct 26, 2012, at 2:50 AM, Martin Desruisseaux wrote:
>
>> Hello all
>>
>> The current project configuration generates 4 forms of code analysis:
>>
>> * FindBugs - on code analysis.
>> * PMD report - an other code analysis.
>> * CPD report - on code duplication.
>> * Checkstyle - on coding conventions.
>>
>> FindBugs and PMD overlaps since they have the same goals. However they use different approaches:
>>
>> * FindBugs analyses the compiled *.class files.
>> * PMD analyses the source *.java files.
>>
>> In my experience, I have found the FindBugs reports to be more valuable. I found that PMD produces a larger amount of false positives, for example confusing inner classes called "Double" (as in java.awt.geom.Point2D.Double) with java.lang.Double. I found that the PMD reports are more the kind of issues that we can see visually by looking at the code, while I found FindBugs reports to be "deeper" and less obvious (for example inconsistent synchronization). PMD also reports some issues that are more about coding conventions, thus overlapping with Checkstyle in addition to FindBugs.
>>
>> CPD is a PMD extension for finding code duplications. Like PMD, it works more on the basis of what the code "looks like" than what the code really is once compiled. Indeed, the totality of the issues reported by CPD in the sis-utility module [1] are false positives; I didn't found any real code duplication (the code are extending different classes, and consequently invoking different methods with different parameters).
>>
>> Checkstyle is only about coding convention. However the current configuration produces a large amount of errors, most of them because of lines longer than 80 characters. But there is other style violations too. However my issue is that Checkstyle seems a bit too "religious" to me... While I agree that complying to the style rules is good 90% of the time, I believe that some exceptions have justification. In particular, I tend to consider the symmetry of nature (as emerging from some mathematical expressions) as more important. Applications working mostly on text or metadata may not experience that often, but symmetry are a bit more common in geometry or referencing modules. Writing the code in a way that expose such symmetry, when it can be done in a reasonable way, has truly helped me many time to spot some bugs in my code. A simple example of what I means is at https://builds.apache.org/job/sis-jdk7/site/code-format.html but some cases are more sophisticated.
>>
>> My usual approach is "comply to the style rule, except for exposing symmetry", which is quite hard to teach to Checkstyle. Furthermore the Checkstyle configuration in a Maven multi-modules project seem uneasy [2]. Consequently,
>>
>> * Given that Checkstyle, CPD and PMD seem to have a very "noise/signal" ration to me;
>> * Given that PMD overlaps with both FindBugs and Checkstyle;
>>
>> If it was just me, I would be tempted to keep only FindBugs and remove the other analysis tools for making site generation lighter...
>>
>> What other peoples think?
>>
>>     Martin
>>
>> [1] https://builds.apache.org/job/sis-jdk7/site/sis-utility/cpd.html
>> [2] http://maven.apache.org/plugins/maven-checkstyle-plugin/examples/multi-module-config.html
>>

Re: On FindBugs, PMD, CPD and checkstyle

["Mattmann, Chris A (388J)" <ch...@jpl.nasa.gov>]

+1 to only keep Find Bugs -- I feel the same way.

Cheers,
Chris

On Oct 26, 2012, at 2:50 AM, Martin Desruisseaux wrote:

> Hello all
> 
> The current project configuration generates 4 forms of code analysis:
> 
> * FindBugs - on code analysis.
> * PMD report - an other code analysis.
> * CPD report - on code duplication.
> * Checkstyle - on coding conventions.
> 
> FindBugs and PMD overlaps since they have the same goals. However they use different approaches:
> 
> * FindBugs analyses the compiled *.class files.
> * PMD analyses the source *.java files.
> 
> In my experience, I have found the FindBugs reports to be more valuable. I found that PMD produces a larger amount of false positives, for example confusing inner classes called "Double" (as in java.awt.geom.Point2D.Double) with java.lang.Double. I found that the PMD reports are more the kind of issues that we can see visually by looking at the code, while I found FindBugs reports to be "deeper" and less obvious (for example inconsistent synchronization). PMD also reports some issues that are more about coding conventions, thus overlapping with Checkstyle in addition to FindBugs.
> 
> CPD is a PMD extension for finding code duplications. Like PMD, it works more on the basis of what the code "looks like" than what the code really is once compiled. Indeed, the totality of the issues reported by CPD in the sis-utility module [1] are false positives; I didn't found any real code duplication (the code are extending different classes, and consequently invoking different methods with different parameters).
> 
> Checkstyle is only about coding convention. However the current configuration produces a large amount of errors, most of them because of lines longer than 80 characters. But there is other style violations too. However my issue is that Checkstyle seems a bit too "religious" to me... While I agree that complying to the style rules is good 90% of the time, I believe that some exceptions have justification. In particular, I tend to consider the symmetry of nature (as emerging from some mathematical expressions) as more important. Applications working mostly on text or metadata may not experience that often, but symmetry are a bit more common in geometry or referencing modules. Writing the code in a way that expose such symmetry, when it can be done in a reasonable way, has truly helped me many time to spot some bugs in my code. A simple example of what I means is at https://builds.apache.org/job/sis-jdk7/site/code-format.html but some cases are more sophisticated.
> 
> My usual approach is "comply to the style rule, except for exposing symmetry", which is quite hard to teach to Checkstyle. Furthermore the Checkstyle configuration in a Maven multi-modules project seem uneasy [2]. Consequently,
> 
> * Given that Checkstyle, CPD and PMD seem to have a very "noise/signal" ration to me;
> * Given that PMD overlaps with both FindBugs and Checkstyle;
> 
> If it was just me, I would be tempted to keep only FindBugs and remove the other analysis tools for making site generation lighter...
> 
> What other peoples think?
> 
>    Martin
> 
> [1] https://builds.apache.org/job/sis-jdk7/site/sis-utility/cpd.html
> [2] http://maven.apache.org/plugins/maven-checkstyle-plugin/examples/multi-module-config.html
> 

Re: On FindBugs, PMD, CPD and checkstyle

[Adam Estrada <es...@gmail.com>]

Martin,

I have seen FindBugs and like it. Let just stick with that...

Adam

On Oct 26, 2012, at 5:50 AM, Martin Desruisseaux wrote:

> Hello all
> 
> The current project configuration generates 4 forms of code analysis:
> 
> * FindBugs - on code analysis.
> * PMD report - an other code analysis.
> * CPD report - on code duplication.
> * Checkstyle - on coding conventions.
> 
> FindBugs and PMD overlaps since they have the same goals. However they use different approaches:
> 
> * FindBugs analyses the compiled *.class files.
> * PMD analyses the source *.java files.
> 
> In my experience, I have found the FindBugs reports to be more valuable. I found that PMD produces a larger amount of false positives, for example confusing inner classes called "Double" (as in java.awt.geom.Point2D.Double) with java.lang.Double. I found that the PMD reports are more the kind of issues that we can see visually by looking at the code, while I found FindBugs reports to be "deeper" and less obvious (for example inconsistent synchronization). PMD also reports some issues that are more about coding conventions, thus overlapping with Checkstyle in addition to FindBugs.
> 
> CPD is a PMD extension for finding code duplications. Like PMD, it works more on the basis of what the code "looks like" than what the code really is once compiled. Indeed, the totality of the issues reported by CPD in the sis-utility module [1] are false positives; I didn't found any real code duplication (the code are extending different classes, and consequently invoking different methods with different parameters).
> 
> Checkstyle is only about coding convention. However the current configuration produces a large amount of errors, most of them because of lines longer than 80 characters. But there is other style violations too. However my issue is that Checkstyle seems a bit too "religious" to me... While I agree that complying to the style rules is good 90% of the time, I believe that some exceptions have justification. In particular, I tend to consider the symmetry of nature (as emerging from some mathematical expressions) as more important. Applications working mostly on text or metadata may not experience that often, but symmetry are a bit more common in geometry or referencing modules. Writing the code in a way that expose such symmetry, when it can be done in a reasonable way, has truly helped me many time to spot some bugs in my code. A simple example of what I means is at https://builds.apache.org/job/sis-jdk7/site/code-format.html but some cases are more sophisticated.
> 
> My usual approach is "comply to the style rule, except for exposing symmetry", which is quite hard to teach to Checkstyle. Furthermore the Checkstyle configuration in a Maven multi-modules project seem uneasy [2]. Consequently,
> 
> * Given that Checkstyle, CPD and PMD seem to have a very "noise/signal" ration to me;
> * Given that PMD overlaps with both FindBugs and Checkstyle;
> 
> If it was just me, I would be tempted to keep only FindBugs and remove the other analysis tools for making site generation lighter...
> 
> What other peoples think?
> 
>    Martin
> 
> [1] https://builds.apache.org/job/sis-jdk7/site/sis-utility/cpd.html
> [2] http://maven.apache.org/plugins/maven-checkstyle-plugin/examples/multi-module-config.html
>