Peter Williams wrote:
> IMO, far too much human interpretation is currently required of the
> results to eliminate false positives to allow any of these options to be
> practical at this time. This goes for FindBugs and PMD as I've used
> those two. Not sure about any others, but I would expect there as well.
Amen to that.
The best place to do such static analysis is when you are typing code.
IOW, static code analysis should be a part of the IDE. Then you have
natural incentive to fix those, and it also makes you productive as it
catches common data-flow related errors, too.
The problem with having a separate report later, especially with a large
project like Glassfish, is that for any one developer the S/N ratio is
way too low. Remember, for one developer, everybody else's problems
count as noise. So in practice nothing gets done.
That said, running it once and fixing obvious problems sound like a
reasonable thing to do.
--
Kohsuke Kawaguchi
Sun Microsystems kohsuke.kawaguchi_at_sun.com