From Arnout Engelen

See also: Java Annotations

Contents 1 Maven plugin 1.1 classes needed for analysis missing 1.2 Generating findbugs xml 1.3 Generating the html report 1.4 Building the plugin from source 2 Contributions 2.1 Eclipse plugin usability 3 Docs 4 Custom detectors 4.1 Spec files 4.2 Detector Archives 5 Detector wishlist 5.1 Database 5.1.1 Hibernate criteria antipattern 5.2 Wicket 5.3 Interfaces 5.4 collections 6 Hacking 6.1 Eclipse plugin

[edit] Maven plugin

[edit] classes needed for analysis missing

Then, I got the error discussed here:

• http://www.nabble.com/why-so-many-missing-class-errors--t3218479.html
• http://www.mail-archive.com/users@maven.apache.org/msg60308.html

This was solved by upgrading to maven 2.0.7 and findbugs-maven-plugin 1.1.1 and adding some more dependencies to the pom.

I had to add the lib/ext/sunpkcs11.jar to the dependencies - this seems akward, but adding the 'provided' scope I guess it's okay.

[edit] Generating findbugs xml

The XML version of the report can be generated with

  mvn findbugs:findbugs

[edit] Generating the html report

It seems the html report is only generated upon

  mvn site

This generates the entire site.

Not sure if/how I can generate the HTML for findbugs only - from the code it looks like mvn findbugs:findbugs should do that, but doesn't

[edit] Building the plugin from source

Downloaded source from svn, 'mvn eclipse:eclipse', interesting: it's groovy code. should be fun to play with :).

Adding the 'org.codehaus.groovy.eclipse.groovyNature' nature might be an additional option to the maven eclipse plugin run.

[edit] Contributions

[edit] Eclipse plugin usability

I think a very useful way to use FindBugs is to integrate it with Eclipse, and have it analyse whatever piece of code you're currently working with. The 'Run automatically' feature of the FindBugs Eclipse plugin makes this easy - but also introduces a huge performance hit when doing full builds of projects.

As a compromise, I added a configuration option that will make FindBugs run automatically for incremental builds (i.e., when saving a single source file), but not for full builds.

[edit] Docs

• http://video.google.com/videoplay?docid=-8150751070230264609

[edit] Custom detectors

http://www-128.ibm.com/developerworks/library/j-findbug2/

[eclipse bytecode outliner]

[edit] Spec files

It'd be nice to be able to provide annotations for libraries you might use in seperate files, like ESC/Java Spec files. See the 'dumper tool' section of Java Annotations

[edit] Detector Archives

It'd be nice if projects, such as Wicket or Hibernate, could distribute a Detector Archive (DAR) containing domain-specific detectors and extra annotations (for projects that need to be otherwise 1.4-conformant).

Such a DAR could be a ZIP with a given directory structure, which should be unpacked in some directory, analogous to WARs, Eclipse plugins and (somewhat) JAR's.

Contents:

• 'spec file' with extra analysis annotations, see Java Annotations
• custom detectors
• XML file describing the custom detectors (for enabling/disabling them etc)

[edit] Detector wishlist

• comparing classes with equals instead of 'instanceof': Praktijk.class.getName().equals(patientportaalSync.getContextClass())
• a 'never call this method'-annotation - i.e. for default constructors that are there for Hibernate

[edit] Database

• All columns that are foreign keys should have an index.
• not-null should be on the joincolumn, not on the many-to-one

[edit] Hibernate criteria antipattern

crit.add(Restrictions.eq("instantie.id", medewerker.getInstantie().getId()));

Should be:

crit.add(Restrictions.eq("instantie", medewerker.getInstantie()));

This gives an exception rather than a query that (almost) always returns null if the types don't match :)

[edit] Wicket

• Do not construct other pages in a constructor directly
• Do not call info(), error() etc in methods reachable from a constructor

[edit] Interfaces

I think findbugs should warn if a method implements an abstract method or interface, and its parameter is annotated with NonNull, even though in the interface/parent class it isn't.

[edit] collections

If 'String[] bcc' is nullable, this is not caught:

for (String s : bcc) { sendSingleMail(tekst, subject, null, null, s, replyTo); }

[edit] Hacking

Hacking findbugs itself:

[edit] Eclipse plugin

• Get a Java5 JRE, and configure eclipse to use java5. the findbugs core should remain java1.4-compatible though.
• Check out 'findbugs' and 'eclipsePlugin' from SVN at Google.
• The plugin needs findbugs, but contains an old version by default, so..
  • Build a new findbugs.jar
    • there's a 'jars' ant task - I had to skip the 'validate' step, it gave me an StackOverflowError )
    • define eclipsePlugin.dir as the 'plugins' directory of your eclipse in local.properties
    • The 'version' phase crashes with something like this, set failonerror=false.
  • put it in the root dir of eclipsePlugin
• re-download the asm-jars for the eclipsePlugin project also (should be fixed now)