FindBugs

[Michael Gentry <bl...@gmail.com>]

What would the general consensus be here of using FindBugs
(http://findbugs.sourceforge.net/)?  I just used the 1.1.1 version to
analyze Cayenne 3.0 and it is reporting 1720 (potential) bugs (at
least on my current source tree).  I haven't used this tool much yet,
but it seems like it could be useful.  I also believe it has support
to run in the background, like from an ant task.  This could be useful
for nightly builds.  Or even like a weekly report of some kind.

Thoughts?

Thanks!

/dev/mrg

Re: FindBugs

[Mike Kienenberger <mk...@gmail.com>]

Michael,

Maybe you could post it on your people.apache.org account and give us the link.

-Mike


On 2/1/07, Michael Gentry <bl...@gmail.com> wrote:
> There are ways to tell the tool to exclude bugs by a filter list.  I
> haven't looked into the details of that yet, but that could be an
> option to eliminate things we decide are OK and don't want to appear
> again.
>
> I'm attaching an HTML report I produced with this command-line:
>
> ~/Projects/eclipse/workspace/Cayenne30/framework>
> ~/Desktop/findbugs-1.1.1/bin/findbugs -textui -effort:max -onlyAnalyze
> 'org.apache.cayenne.-' -low -html -outputFile modeler-report.html
> cayenne-modeler
>
> It also has a -xdocs option to produce output for Maven.  Obviously, I
> have more work to do.  :-)
>
> Thanks,
>
> /dev/mrg
>
> PS. If the mailing list strips the attachment and you want to see it
> (and don't want to run your own like I did above), shoot me an e-mail
> directly.
>
>
> On 2/1/07, Aristedes Maniatis <ar...@ish.com.au> wrote:
> >
> > On 02/02/2007, at 12:43 AM, Michael Gentry wrote:
> >
> > > What would the general consensus be here of using FindBugs
> > > (http://findbugs.sourceforge.net/)?  I just used the 1.1.1 version to
> > > analyze Cayenne 3.0 and it is reporting 1720 (potential) bugs (at
> > > least on my current source tree).  I haven't used this tool much yet,
> > > but it seems like it could be useful.  I also believe it has support
> > > to run in the background, like from an ant task.  This could be useful
> > > for nightly builds.  Or even like a weekly report of some kind.
> >
> >
> >  From my experience of it, there are lots of 'bugs' it finds which
> > you end up having to ignore. If that was the case, a weekly report
> > may not be that helpful since anything useful would be buried in the
> > noise. But if the FindBug count count be brought to zero, then a
> > weekly script might be more useful. I seem to remember that there are
> > lots of ways to configure the rules it runs to quite a fine degree. I
> > seem to remember that the style and performance reports it created
> > were less useful, but it found some interesting problems in our code
> > base.
> >
> > Ari Maniatis
> >
> >
> > -------------------------->
> > ish
> > http://www.ish.com.au
> > Level 1, 30 Wilson Street Newtown 2042 Australia
> > phone +61 2 9550 5001   fax +61 2 9550 4001
> > GPG fingerprint CBFB 84B4 738D 4E87 5E5C  5EFA EF6A 7D2E 3E49 102A
> >
> >
> >
> >
> >
>

Re: FindBugs

[Robert Zeigler <ro...@puregumption.com>]

Sorry! Missend!

Robert
On Feb 1, 2007, at 10:57 AM, Robert Zeigler wrote:

> Hi,
>
> I'd be interested in seeing the report.
>
> Robert
> On Feb 1, 2007, at 8:56 AM, Michael Gentry wrote:
>
>> There are ways to tell the tool to exclude bugs by a filter list.  I
>> haven't looked into the details of that yet, but that could be an
>> option to eliminate things we decide are OK and don't want to appear
>> again.
>>
>> I'm attaching an HTML report I produced with this command-line:
>>
>> ~/Projects/eclipse/workspace/Cayenne30/framework>
>> ~/Desktop/findbugs-1.1.1/bin/findbugs -textui -effort:max - 
>> onlyAnalyze
>> 'org.apache.cayenne.-' -low -html -outputFile modeler-report.html
>> cayenne-modeler
>>
>> It also has a -xdocs option to produce output for Maven.   
>> Obviously, I
>> have more work to do.  :-)
>>
>> Thanks,
>>
>> /dev/mrg
>>
>> PS. If the mailing list strips the attachment and you want to see it
>> (and don't want to run your own like I did above), shoot me an e-mail
>> directly.
>>
>>
>> On 2/1/07, Aristedes Maniatis <ar...@ish.com.au> wrote:
>>>
>>> On 02/02/2007, at 12:43 AM, Michael Gentry wrote:
>>>
>>> > What would the general consensus be here of using FindBugs
>>> > (http://findbugs.sourceforge.net/)?  I just used the 1.1.1  
>>> version to
>>> > analyze Cayenne 3.0 and it is reporting 1720 (potential) bugs (at
>>> > least on my current source tree).  I haven't used this tool  
>>> much yet,
>>> > but it seems like it could be useful.  I also believe it has  
>>> support
>>> > to run in the background, like from an ant task.  This could be  
>>> useful
>>> > for nightly builds.  Or even like a weekly report of some kind.
>>>
>>>
>>>  From my experience of it, there are lots of 'bugs' it finds which
>>> you end up having to ignore. If that was the case, a weekly report
>>> may not be that helpful since anything useful would be buried in the
>>> noise. But if the FindBug count count be brought to zero, then a
>>> weekly script might be more useful. I seem to remember that there  
>>> are
>>> lots of ways to configure the rules it runs to quite a fine  
>>> degree. I
>>> seem to remember that the style and performance reports it created
>>> were less useful, but it found some interesting problems in our code
>>> base.
>>>
>>> Ari Maniatis
>>>
>>>
>>> -------------------------->
>>> ish
>>> http://www.ish.com.au
>>> Level 1, 30 Wilson Street Newtown 2042 Australia
>>> phone +61 2 9550 5001   fax +61 2 9550 4001
>>> GPG fingerprint CBFB 84B4 738D 4E87 5E5C  5EFA EF6A 7D2E 3E49 102A
>>>
>>>
>>>
>>>
>>>
>

Re: FindBugs

[Robert Zeigler <ro...@puregumption.com>]

Hi,

I'd be interested in seeing the report.

Robert
On Feb 1, 2007, at 8:56 AM, Michael Gentry wrote:

> There are ways to tell the tool to exclude bugs by a filter list.  I
> haven't looked into the details of that yet, but that could be an
> option to eliminate things we decide are OK and don't want to appear
> again.
>
> I'm attaching an HTML report I produced with this command-line:
>
> ~/Projects/eclipse/workspace/Cayenne30/framework>
> ~/Desktop/findbugs-1.1.1/bin/findbugs -textui -effort:max -onlyAnalyze
> 'org.apache.cayenne.-' -low -html -outputFile modeler-report.html
> cayenne-modeler
>
> It also has a -xdocs option to produce output for Maven.  Obviously, I
> have more work to do.  :-)
>
> Thanks,
>
> /dev/mrg
>
> PS. If the mailing list strips the attachment and you want to see it
> (and don't want to run your own like I did above), shoot me an e-mail
> directly.
>
>
> On 2/1/07, Aristedes Maniatis <ar...@ish.com.au> wrote:
>>
>> On 02/02/2007, at 12:43 AM, Michael Gentry wrote:
>>
>> > What would the general consensus be here of using FindBugs
>> > (http://findbugs.sourceforge.net/)?  I just used the 1.1.1  
>> version to
>> > analyze Cayenne 3.0 and it is reporting 1720 (potential) bugs (at
>> > least on my current source tree).  I haven't used this tool much  
>> yet,
>> > but it seems like it could be useful.  I also believe it has  
>> support
>> > to run in the background, like from an ant task.  This could be  
>> useful
>> > for nightly builds.  Or even like a weekly report of some kind.
>>
>>
>>  From my experience of it, there are lots of 'bugs' it finds which
>> you end up having to ignore. If that was the case, a weekly report
>> may not be that helpful since anything useful would be buried in the
>> noise. But if the FindBug count count be brought to zero, then a
>> weekly script might be more useful. I seem to remember that there are
>> lots of ways to configure the rules it runs to quite a fine degree. I
>> seem to remember that the style and performance reports it created
>> were less useful, but it found some interesting problems in our code
>> base.
>>
>> Ari Maniatis
>>
>>
>> -------------------------->
>> ish
>> http://www.ish.com.au
>> Level 1, 30 Wilson Street Newtown 2042 Australia
>> phone +61 2 9550 5001   fax +61 2 9550 4001
>> GPG fingerprint CBFB 84B4 738D 4E87 5E5C  5EFA EF6A 7D2E 3E49 102A
>>
>>
>>
>>
>>

Re: FindBugs

[Michael Gentry <bl...@gmail.com>]

I hadn't gotten to the Eclipse/Maven/etc options yet.  And I actually
can't download that plugin from work (our proxy blocks the downloads
page -- go figure).

Thanks!

/dev/mrg


On 2/2/07, Dirk Olmes <di...@xanthippe.ping.de> wrote:
>
> > Actually looks pretty good. Similar in nature to Eclipse warnings,
> > only better, cause all those minor issues do not pollute the code and
> > distract you during coding.
>
> I like the eclipse plugin even better than the HTML reports: direct
> integration in the IDE :-)
>
> http://findbugs.sourceforge.net/downloads.html
>
> -dirk
>
> --
> Anyway kids, have fun, play nicely, be good. And remember - if it ain't
> broke, hit it again.
>
>

Re: FindBugs

[Mike Kienenberger <mk...@gmail.com>]

Yes, Michael's report inspired me to download and install the Eclipse
FindBugs plugin last night and run it against my current project.
Quite nice!  I even fixed a couple of edge case bugs :-)


On 2/2/07, Dirk Olmes <di...@xanthippe.ping.de> wrote:
>
> > Actually looks pretty good. Similar in nature to Eclipse warnings,
> > only better, cause all those minor issues do not pollute the code and
> > distract you during coding.
>
> I like the eclipse plugin even better than the HTML reports: direct
> integration in the IDE :-)
>
> http://findbugs.sourceforge.net/downloads.html
>
> -dirk
>
> --
> Anyway kids, have fun, play nicely, be good. And remember - if it ain't
> broke, hit it again.
>
>

Re: FindBugs

[Dirk Olmes <di...@xanthippe.ping.de>]

> Actually looks pretty good. Similar in nature to Eclipse warnings,
> only better, cause all those minor issues do not pollute the code and
> distract you during coding.

I like the eclipse plugin even better than the HTML reports: direct
integration in the IDE :-)

http://findbugs.sourceforge.net/downloads.html

-dirk

-- 
Anyway kids, have fun, play nicely, be good. And remember - if it ain't
broke, hit it again.

Re: FindBugs

[Andrus Adamchik <an...@objectstyle.org>]

Actually looks pretty good. Similar in nature to Eclipse warnings,  
only better, cause all those minor issues do not pollute the code and  
distract you during coding.

Andrus


On Feb 2, 2007, at 2:01 AM, Michael Gentry wrote:

> OK, here it is:
>
> http://people.apache.org/~mgentry/modeler-report.html
>
> Thanks,
>
> /dev/mrg
>
>

Re: FindBugs

[Michael Gentry <bl...@gmail.com>]

OK, here it is:

http://people.apache.org/~mgentry/modeler-report.html

Thanks,

/dev/mrg


On 2/1/07, Michael Gentry <bl...@gmail.com> wrote:
> Sadly, SSH is blocked.  I can do it tonight when I get home ...
>
> /dev/mrg
>
>
> On 2/1/07, Andrus Adamchik <an...@objectstyle.org> wrote:
> > Michael,
> >
> > BTW, you can use your apache web space to publish the report (if you
> > can ssh from work that is). Just log in to people.apache.org and put
> > HTML content under ~/public_html. The URL will be:
> >
> > http://people.apache.org/~mgentry/whatever
> >
> > Andrus
> >
> >
> > On Feb 1, 2007, at 4:56 PM, Michael Gentry wrote:
> >
> > > There are ways to tell the tool to exclude bugs by a filter list.  I
> > > haven't looked into the details of that yet, but that could be an
> > > option to eliminate things we decide are OK and don't want to appear
> > > again.
> > >
> > > I'm attaching an HTML report I produced with this command-line:
> > >
> > > ~/Projects/eclipse/workspace/Cayenne30/framework>
> > > ~/Desktop/findbugs-1.1.1/bin/findbugs -textui -effort:max -onlyAnalyze
> > > 'org.apache.cayenne.-' -low -html -outputFile modeler-report.html
> > > cayenne-modeler
> > >
> > > It also has a -xdocs option to produce output for Maven.  Obviously, I
> > > have more work to do.  :-)
> > >
> > > Thanks,
> > >
> > > /dev/mrg
> > >
> > > PS. If the mailing list strips the attachment and you want to see it
> > > (and don't want to run your own like I did above), shoot me an e-mail
> > > directly.
> > >
> > >
> > > On 2/1/07, Aristedes Maniatis <ar...@ish.com.au> wrote:
> > >>
> > >> On 02/02/2007, at 12:43 AM, Michael Gentry wrote:
> > >>
> > >> > What would the general consensus be here of using FindBugs
> > >> > (http://findbugs.sourceforge.net/)?  I just used the 1.1.1
> > >> version to
> > >> > analyze Cayenne 3.0 and it is reporting 1720 (potential) bugs (at
> > >> > least on my current source tree).  I haven't used this tool much
> > >> yet,
> > >> > but it seems like it could be useful.  I also believe it has
> > >> support
> > >> > to run in the background, like from an ant task.  This could be
> > >> useful
> > >> > for nightly builds.  Or even like a weekly report of some kind.
> > >>
> > >>
> > >>  From my experience of it, there are lots of 'bugs' it finds which
> > >> you end up having to ignore. If that was the case, a weekly report
> > >> may not be that helpful since anything useful would be buried in the
> > >> noise. But if the FindBug count count be brought to zero, then a
> > >> weekly script might be more useful. I seem to remember that there are
> > >> lots of ways to configure the rules it runs to quite a fine degree. I
> > >> seem to remember that the style and performance reports it created
> > >> were less useful, but it found some interesting problems in our code
> > >> base.
> > >>
> > >> Ari Maniatis
> > >>
> > >>
> > >> -------------------------->
> > >> ish
> > >> http://www.ish.com.au
> > >> Level 1, 30 Wilson Street Newtown 2042 Australia
> > >> phone +61 2 9550 5001   fax +61 2 9550 4001
> > >> GPG fingerprint CBFB 84B4 738D 4E87 5E5C  5EFA EF6A 7D2E 3E49 102A
> > >>
> > >>
> > >>
> > >>
> > >>
> >
> >
>

Re: FindBugs

[Michael Gentry <bl...@gmail.com>]

There are ways to tell the tool to exclude bugs by a filter list.  I
haven't looked into the details of that yet, but that could be an
option to eliminate things we decide are OK and don't want to appear
again.

I'm attaching an HTML report I produced with this command-line:

~/Projects/eclipse/workspace/Cayenne30/framework>
~/Desktop/findbugs-1.1.1/bin/findbugs -textui -effort:max -onlyAnalyze
'org.apache.cayenne.-' -low -html -outputFile modeler-report.html
cayenne-modeler

It also has a -xdocs option to produce output for Maven.  Obviously, I
have more work to do.  :-)

Thanks,

/dev/mrg

PS. If the mailing list strips the attachment and you want to see it
(and don't want to run your own like I did above), shoot me an e-mail
directly.


On 2/1/07, Aristedes Maniatis <ar...@ish.com.au> wrote:
>
> On 02/02/2007, at 12:43 AM, Michael Gentry wrote:
>
> > What would the general consensus be here of using FindBugs
> > (http://findbugs.sourceforge.net/)?  I just used the 1.1.1 version to
> > analyze Cayenne 3.0 and it is reporting 1720 (potential) bugs (at
> > least on my current source tree).  I haven't used this tool much yet,
> > but it seems like it could be useful.  I also believe it has support
> > to run in the background, like from an ant task.  This could be useful
> > for nightly builds.  Or even like a weekly report of some kind.
>
>
>  From my experience of it, there are lots of 'bugs' it finds which
> you end up having to ignore. If that was the case, a weekly report
> may not be that helpful since anything useful would be buried in the
> noise. But if the FindBug count count be brought to zero, then a
> weekly script might be more useful. I seem to remember that there are
> lots of ways to configure the rules it runs to quite a fine degree. I
> seem to remember that the style and performance reports it created
> were less useful, but it found some interesting problems in our code
> base.
>
> Ari Maniatis
>
>
> -------------------------->
> ish
> http://www.ish.com.au
> Level 1, 30 Wilson Street Newtown 2042 Australia
> phone +61 2 9550 5001   fax +61 2 9550 4001
> GPG fingerprint CBFB 84B4 738D 4E87 5E5C  5EFA EF6A 7D2E 3E49 102A
>
>
>
>
>

Re: FindBugs

[Aristedes Maniatis <ar...@ish.com.au>]

On 02/02/2007, at 12:43 AM, Michael Gentry wrote:

> What would the general consensus be here of using FindBugs
> (http://findbugs.sourceforge.net/)?  I just used the 1.1.1 version to
> analyze Cayenne 3.0 and it is reporting 1720 (potential) bugs (at
> least on my current source tree).  I haven't used this tool much yet,
> but it seems like it could be useful.  I also believe it has support
> to run in the background, like from an ant task.  This could be useful
> for nightly builds.  Or even like a weekly report of some kind.


 From my experience of it, there are lots of 'bugs' it finds which  
you end up having to ignore. If that was the case, a weekly report  
may not be that helpful since anything useful would be buried in the  
noise. But if the FindBug count count be brought to zero, then a  
weekly script might be more useful. I seem to remember that there are  
lots of ways to configure the rules it runs to quite a fine degree. I  
seem to remember that the style and performance reports it created  
were less useful, but it found some interesting problems in our code  
base.

Ari Maniatis


-------------------------->
ish
http://www.ish.com.au
Level 1, 30 Wilson Street Newtown 2042 Australia
phone +61 2 9550 5001   fax +61 2 9550 4001
GPG fingerprint CBFB 84B4 738D 4E87 5E5C  5EFA EF6A 7D2E 3E49 102A

Re: FindBugs

[Michael Gentry <bl...@gmail.com>]

Well, it has GUI and command-line (which can be automated) support.
I'm kind of in the mood to play with it today, so I'll try to put
together something.  I've been running it (GUI-mode) against some of
the Java stuff around here and it is finding "interesting" things.
:-)

Thanks,

/dev/mrg


On 2/1/07, Andrus Adamchik <an...@objectstyle.org> wrote:
> "FindBugs" names seems to imply too much for an automated tool :-)
>
> Can you post a report somewhere showing what kind of "bugs" it finds?
>
> Andrus
>
> On Feb 1, 2007, at 3:43 PM, Michael Gentry wrote:
>
> > What would the general consensus be here of using FindBugs
> > (http://findbugs.sourceforge.net/)?  I just used the 1.1.1 version to
> > analyze Cayenne 3.0 and it is reporting 1720 (potential) bugs (at
> > least on my current source tree).  I haven't used this tool much yet,
> > but it seems like it could be useful.  I also believe it has support
> > to run in the background, like from an ant task.  This could be useful
> > for nightly builds.  Or even like a weekly report of some kind.
> >
> > Thoughts?
> >
> > Thanks!
> >
> > /dev/mrg
> >
>
>

Re: FindBugs

[Andrus Adamchik <an...@objectstyle.org>]

"FindBugs" names seems to imply too much for an automated tool :-)

Can you post a report somewhere showing what kind of "bugs" it finds?

Andrus

On Feb 1, 2007, at 3:43 PM, Michael Gentry wrote:

> What would the general consensus be here of using FindBugs
> (http://findbugs.sourceforge.net/)?  I just used the 1.1.1 version to
> analyze Cayenne 3.0 and it is reporting 1720 (potential) bugs (at
> least on my current source tree).  I haven't used this tool much yet,
> but it seems like it could be useful.  I also believe it has support
> to run in the background, like from an ant task.  This could be useful
> for nightly builds.  Or even like a weekly report of some kind.
>
> Thoughts?
>
> Thanks!
>
> /dev/mrg
>