FindBugs and PMD applied on Java EE 5
After few months of a fun learning curve - coding WSDL-first Web Services based on EJB 3 and JPA - I found some time to include automated quality tasks in my project with Ant scripts of FindBugs and PMD. As expected, the first round of quality assurance returned me a long list of bugs, most of them trivial mistakes like non public fields or unused methods. After the first cleanup, some bugs remained in the report, and after a few quality review cycles I got a set of tricky bugs - the ones you can't imagine the solution and the ones that definitely don't seem a bug. In the next sections I will unveil these tricky bugs and the workarounds I adopted to eliminate them. I hope you agree with my strategy, and I would appreciate feedback in case you disagree.
Why using PMD and FindBugs?
A good starting point of software quality assurance is to check if the code is working as designed, which can be done through software testing. Despite the usefulness of the tests, they only offer you a good indicator that the code will do the job, but tests miss the point about the fine grain code inspection (show me the code). Are you using the correct syntax and data structures? Is there redundancy in the code?
A soundness analysis of the code requires a person to remember all details about the Java language while keeping an eye on the performance tuning - an impossible mission if tried manually. Fortunately, tools like PMD and FindBugs come to help in finding code problems and also offering good hints on code optimization - the tools unveil the most commons code problems, saving your time to more important tasks. If you never used those tools before, or if you never paid the proper attention to them, you can assume a simple goal: the goal is to minimize the number of reported errors about your code. The closer you get to the zero errors report, the more sound is your code. Yes, it is linear, with some interpretation due to the different levels and types of bugs covered by the automated tools (keep in mind that the tools don't think, they are unnamed robots). The installation and configuration of PMD and FindBugs are fully exploited on the Internet and, instead of publishing one more blog about that, I will briefly comment about the recent experiments we have done in the Cejug-Classifieds Project.
Applying PMD and FindBugs against the Cejug-Classifieds Project
Cejug-Classifieds is an open source J2EE application based on
WSDL-first Web Services, EJB 3 and JPA, what means a project full of wsimport
generated code, annotations
The combination of those modern Java features and technologies
generated controversial bugs on the reports, but first let's checkout
the code and run the quality tools. An important detail on our ant
task is about its Glassfish
dependency. Since our project depends on J2EE types and annotations,
the environment variable
Caption: Phantom Blot prefers the mind games of FindBugs
The steps to checkout the code and run the quality tasks are:
The ant tasks will generate two reports you can find in the
/build/quality - those are standard PMD and FindBugs
reports. Other important detail: FindBugs will fail in case of any
error, so a successful task execution means a clean code regarding
FindBugs. PMD is not 100% clean yet, because there are pending issues on
the report - those ones I will discuss below.
Special tips for IDE users: the project is pre-configured to Eclipse and NetBeans IDE, but it can also be compiled and tested from line commands if you prefer that way.
(Note: Opinions expressed in this article and its replies are the opinions of their respective authors and not those of DZone, Inc.)