Uploaded image for project: 'BVal'
  1. BVal
  2. BVAL-68

Use FindBugs to reduce coding errors

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 0.1-incubating
    • Fix Version/s: 0.4
    • Component/s: build, jsr303
    • Labels:
      None

      Description

      Use FindBugs http://findbugs.sourceforge.net/ and the maven plugin for it to reduce coding errors.

        Activity

        Hide
        drwoods Donald Woods added a comment -

        r954573 setup the findbugs-maven-plugin in the parent pom.xml for manual usage.
        http://mojo.codehaus.org/findbugs-maven-plugin/2.3.1/plugin-info.html
        mvn findbugs:check
        mvn findbugs:gui
        then select one of the target/findbugsXml.xml to view

        Show
        drwoods Donald Woods added a comment - r954573 setup the findbugs-maven-plugin in the parent pom.xml for manual usage. http://mojo.codehaus.org/findbugs-maven-plugin/2.3.1/plugin-info.html mvn findbugs:check mvn findbugs:gui then select one of the target/findbugsXml.xml to view
        Hide
        bobbywarner Bobby Warner added a comment -

        Could add the checkstyle and dashboard plugins too:.

        <plugin>
        <groupId>org.apache.maven.plugins</groupId>
        <artifactId>maven-checkstyle-plugin</artifactId>
        <version>2.5</version>
        </plugin>

        <plugin>
        <groupId>org.codehaus.mojo</groupId>
        <artifactId>dashboard-maven-plugin</artifactId>
        </plugin>

        Show
        bobbywarner Bobby Warner added a comment - Could add the checkstyle and dashboard plugins too:. <plugin> <groupId>org.apache.maven.plugins</groupId> <artifactId>maven-checkstyle-plugin</artifactId> <version>2.5</version> </plugin> <plugin> <groupId>org.codehaus.mojo</groupId> <artifactId>dashboard-maven-plugin</artifactId> </plugin>
        Hide
        mbenson Matt Benson added a comment -

        Committed revision 1209816.

        Show
        mbenson Matt Benson added a comment - Committed revision 1209816.
        Hide
        romanstumm Roman Stumm added a comment -

        Hi Matt, thanks for the changes, seems that some "real" bugs have been fixed (in ValidateMethodInterceptor).

        But don't you think, that the overhead for cloning the arrays in methods that are called VERY often is worth the security, like:
        FeaturesCapable.getValidations()
        MetaBeanBuilder.getFactories()
        and
        MetaBean.getProperties()

        I once implemented these methods as arrays instead of lists for performance and garbage reasons. Did these changes affect our benchmarks?

        Show
        romanstumm Roman Stumm added a comment - Hi Matt, thanks for the changes, seems that some "real" bugs have been fixed (in ValidateMethodInterceptor). But don't you think, that the overhead for cloning the arrays in methods that are called VERY often is worth the security, like: FeaturesCapable.getValidations() MetaBeanBuilder.getFactories() and MetaBean.getProperties() I once implemented these methods as arrays instead of lists for performance and garbage reasons. Did these changes affect our benchmarks?

          People

          • Assignee:
            Unassigned
            Reporter:
            drwoods Donald Woods
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development