Aditya.
I checked the report named Sep112006fb.html and toplink-essentials.jar is
missing from the list of jars. Do you know the reason for that?
thanks,
-marina
Aditya Dada wrote On 09/14/06 16:51,:
> I'm sure everyone must have seen the daily FindBugs reports that Terena
> produces on the nightly glassfish builds.
>
> While working with Jerome, Tony and Geoff, we too came to the conclusion
> that there were way too many warnings for people to go through.
> So while I had personally filed laundry-list bugs in the last release
> for each component that were reported to have bugs by the tool, I'm am
> currently working with Terena to implement the 'delta' feature i.e. the
> daily email will contain a small list of bugs that were introduced last
> night (as found by FindBugs of course).
>
> the list would be much more readable, and hence, the bugs much easier to
> identify and fix.
>
> till then, if you're interested in knowing the bugs in your area, click
> on any HTML file at:
> http://javaweb.sfbay/java/re/glassfish/9.1/nightly/findbugs/snapshot/
> ...and grep for the package that you work on.
>
> Also, like Bill just mentioned, FindBugs has the ability to use filters
> i.e. you can choose to filter out some warnings that are false
> positives. If there are any such warnings that you'd like filtered out,
> please let me know and I can work with Terena to incorporate that in the
> daily FindBugs run.
>
> -Aditya
>
>
> Kohsuke Kawaguchi changed the world a bit at a time, and said on
> 9/14/2006 6:57 PM:
>
>
>>Peter Williams wrote:
>>
>>
>>>IMO, far too much human interpretation is currently required of the
>>>results to eliminate false positives to allow any of these options to
>>>be practical at this time. This goes for FindBugs and PMD as I've
>>>used those two. Not sure about any others, but I would expect there
>>>as well.
>>
>>
>>Amen to that.
>>
>>The best place to do such static analysis is when you are typing code.
>>IOW, static code analysis should be a part of the IDE. Then you have
>>natural incentive to fix those, and it also makes you productive as it
>>catches common data-flow related errors, too.
>>
>>The problem with having a separate report later, especially with a
>>large project like Glassfish, is that for any one developer the S/N
>>ratio is way too low. Remember, for one developer, everybody else's
>>problems count as noise. So in practice nothing gets done.
>>
>>That said, running it once and fixing obvious problems sound like a
>>reasonable thing to do.
>>
>
>