[Geoserver-devel] Static analysis

Hi all,

We’ve been talking a bit within OpenGeo about starting to use Findbugs1 to help identify and eventually prevent some bugs in GeoServer. This tool automatically detects potential bugs by analyzing Java bytecode and flagging common error patterns. For example, SecuredFeatureCollection.addAll calls itself in an infinite recursive loop when the write query is not Filter.EXCLUDE2. If you want to see some other flagged code I have generated a sample HTML report for the main module3.

You can run reports yourself with maven: “mvn findbugs:findbugs findbugs:gui” will generate an HTML report and fire up a graphical browser.
There’s also an eclipse plugin[4].

What I’d like to do is set up the Hudson server to run with a constrained set of rules, and notify the developer list when new violations are detected. We can configure Findbugs to filter its output dramatically at first, and relax the filters as more violations are eliminated. For example, there are only three violations of the “infinite recursion” pattern in the GeoServer codebase, so we could correct those and then set Hudson up to watch for new violations. There’s already a nice plugin for Hudson [5] to watch Findbugs output and help you compare it across builds.

Thoughts?


David Winslow
OpenGeo - http://opengeo.org/

[4]: http://findbugs.sourceforge.net/manual/eclipse.html . See http://dev.opengeo.org/~dwinslow/fb/findbugs-eclipse.png for a screencapture.
[5]: http://wiki.hudson-ci.org/display/HUDSON/FindBugs+Plugin

On Fri, Mar 9, 2012 at 11:27 PM, David Winslow <dwinslow@anonymised.com> wrote:

Hi all,

We've been talking a bit within OpenGeo about starting to use Findbugs[1] to
help identify and eventually prevent some bugs in GeoServer. This tool
automatically detects potential bugs by analyzing Java bytecode and flagging
common error patterns. For example, SecuredFeatureCollection.addAll calls
itself in an infinite recursive loop when the write query is not
Filter.EXCLUDE[2]. If you want to see some other flagged code I have
generated a sample HTML report for the main module[3].

You can run reports yourself with maven: "mvn findbugs:findbugs
findbugs:gui" will generate an HTML report and fire up a graphical browser.
There's also an eclipse plugin[4].

What I'd like to do is set up the Hudson server to run with a constrained
set of rules, and notify the developer list when new violations are
detected. We can configure Findbugs to filter its output dramatically at
first, and relax the filters as more violations are eliminated. For
example, there are only three violations of the "infinite recursion" pattern
in the GeoServer codebase, so we could correct those and then set Hudson up
to watch for new violations. There's already a nice plugin for Hudson [5]
to watch Findbugs output and help you compare it across builds.

Thoughts?

I like it

Cheers
Andrea

--
-------------------------------------------------------
Ing. Andrea Aime
GeoSolutions S.A.S.
Tech lead

Via Poggio alle Viti 1187
55054 Massarosa (LU)
Italy

phone: +39 0584 962313
fax: +39 0584 962313
mob: +39 339 8844549

http://www.geo-solutions.it
http://geo-solutions.blogspot.com/
http://www.youtube.com/user/GeoSolutionsIT
http://www.linkedin.com/in/andreaaime
http://twitter.com/geowolf

-------------------------------------------------------

+1. Thanks for taking the time to set this up.

On Fri, Mar 9, 2012 at 7:27 PM, David Winslow <dwinslow@anonymised.com> wrote:

Hi all,

We’ve been talking a bit within OpenGeo about starting to use Findbugs1 to help identify and eventually prevent some bugs in GeoServer. This tool automatically detects potential bugs by analyzing Java bytecode and flagging common error patterns. For example, SecuredFeatureCollection.addAll calls itself in an infinite recursive loop when the write query is not Filter.EXCLUDE2. If you want to see some other flagged code I have generated a sample HTML report for the main module3.

You can run reports yourself with maven: “mvn findbugs:findbugs findbugs:gui” will generate an HTML report and fire up a graphical browser.
There’s also an eclipse plugin[4].

What I’d like to do is set up the Hudson server to run with a constrained set of rules, and notify the developer list when new violations are detected. We can configure Findbugs to filter its output dramatically at first, and relax the filters as more violations are eliminated. For example, there are only three violations of the “infinite recursion” pattern in the GeoServer codebase, so we could correct those and then set Hudson up to watch for new violations. There’s already a nice plugin for Hudson [5] to watch Findbugs output and help you compare it across builds.

Thoughts?


David Winslow
OpenGeo - http://opengeo.org/

[4]: http://findbugs.sourceforge.net/manual/eclipse.html . See http://dev.opengeo.org/~dwinslow/fb/findbugs-eclipse.png for a screencapture.
[5]: http://wiki.hudson-ci.org/display/HUDSON/FindBugs+Plugin


Virtualization & Cloud Management Using Capacity Planning
Cloud computing makes use of virtualization - but cloud computing
also focuses on allowing computing to be delivered as a service.
http://www.accelacomm.com/jaw/sfnl/114/51521223/


Geoserver-devel mailing list
Geoserver-devel@anonymised.comsts.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-devel


Gabriel Roldan
OpenGeo - http://opengeo.org
Expert service straight from the developers.