The Problem
The following code will return NPE, when the instance Integer field - integerFlag is null, but it's difficult to capture the error when review the code.
The fix is to change the == to: Objects.equals(integerFlag, 0)
-- Use Objects.equals to compare equals as it's null safe.
-- Use common util libraries such as CollectionUtils.isEmpty etc.
But how can we utilize code analysis tool to capture this kind of errors for us?
In Java, we can integrate findbugs, pmd, Sonar in maven, then run mvn site:site site:stage, the developers have to scan changed code and fix reported problem if needed before send it out for review.
This will make developers and reviewers life easier.
Tools to help detect bugs
Github link: https://github.com/jefferyyuan/code-quality-mvn
FindBugs
findbugs:gui, findbugs:gui, findbugs:check
Extensions
fb-contrib
PMD
pmd:pmd, pmd:cpd
http://pmd.sourceforge.net/pmd-4.3.0/rules/basic.html
@SuppressWarnings("PMD.AvoidUsingHardCodedIP")
mvn site:site site:stage
Integrate findbugs, pmd into mvn.
Facebook Infer
brew upgrade opam
brew update && brew upgrade opam
./build-infer.sh java
-- If it fails due to missing packages, uses opam install.
Infer on maven project
mvn clean && infer --debug -- mvn compile -o
too many open files on osx
sudo sysctl -w kern.maxfiles=20480
sudo sysctl -w kern.maxfilesperproc=22480
sudo ulimit -S -n 2048
Google Error Prone
https://github.com/google/error-prone/issues/376
Sonar
Code Analysis with SonarQube Plugin
Install and run Sonar server
mvn clean verify sonar:sonar
mvn verify -Pcoverage,jenkins -Dsonar.host.url=http://localhost:9000 sonar:sonar
Install plugins
http://localhost:9000/updatecenter/installed
https://wiki.jenkins-ci.org/display/JENKINS/Static+Code+Analysis+Plug-ins
Checker Framework
Run Maven example first.
Install checker eclipse plugin.
Use annotation in comments
/*>>>
import org.checkerframework.checker.nullness.qual.*;
import org.checkerframework.checker.regex.qual.*;
*/
Configure Eclipse Compiler Warnings
Enable null analysis, unbox conversion, missing default in switch etc
Leveraging JSR-305 null annotations to prevent NullPointerExceptions
Use @CheckForNull, @Nonnulls
Misc && Issues
Use -X to print more log and check the log
maven-compiler-plugin Unsupported major.minor version 52.0
Some plugins may only work with jdk8 or jdk7, use export to change JAVA_HOME to JDK8/7 and rerun.
The following code will return NPE, when the instance Integer field - integerFlag is null, but it's difficult to capture the error when review the code.
public int method() {
if (integerFlag == 0) { //or BoolanFlag == true
return;
}
//...
}
The fix is to change the == to: Objects.equals(integerFlag, 0)
-- Use Objects.equals to compare equals as it's null safe.
-- Use common util libraries such as CollectionUtils.isEmpty etc.
But how can we utilize code analysis tool to capture this kind of errors for us?
In Java, we can integrate findbugs, pmd, Sonar in maven, then run mvn site:site site:stage, the developers have to scan changed code and fix reported problem if needed before send it out for review.
This will make developers and reviewers life easier.
Tools to help detect bugs
Github link: https://github.com/jefferyyuan/code-quality-mvn
FindBugs
findbugs:gui, findbugs:gui, findbugs:check
Extensions
fb-contrib
PMD
pmd:pmd, pmd:cpd
http://pmd.sourceforge.net/pmd-4.3.0/rules/basic.html
@SuppressWarnings("PMD.AvoidUsingHardCodedIP")
mvn site:site site:stage
Integrate findbugs, pmd into mvn.
Facebook Infer
brew upgrade opam
brew update && brew upgrade opam
./build-infer.sh java
-- If it fails due to missing packages, uses opam install.
Infer on maven project
mvn clean && infer --debug -- mvn compile -o
sudo sysctl -w kern.maxfiles=20480
sudo sysctl -w kern.maxfilesperproc=22480
sudo ulimit -S -n 2048
https://github.com/google/error-prone/issues/376
Sonar
Code Analysis with SonarQube Plugin
Install and run Sonar server
mvn clean verify sonar:sonar
mvn verify -Pcoverage,jenkins -Dsonar.host.url=http://localhost:9000 sonar:sonar
Install plugins
http://localhost:9000/updatecenter/installed
https://wiki.jenkins-ci.org/display/JENKINS/Static+Code+Analysis+Plug-ins
Checker Framework
Run Maven example first.
Install checker eclipse plugin.
Use annotation in comments
/*>>>
import org.checkerframework.checker.nullness.qual.*;
import org.checkerframework.checker.regex.qual.*;
*/
Configure Eclipse Compiler Warnings
Enable null analysis, unbox conversion, missing default in switch etc
Leveraging JSR-305 null annotations to prevent NullPointerExceptions
Use @CheckForNull, @Nonnulls
Misc && Issues
Use -X to print more log and check the log
maven-compiler-plugin Unsupported major.minor version 52.0
Some plugins may only work with jdk8 or jdk7, use export to change JAVA_HOME to JDK8/7 and rerun.
