Felipe Gaúcho works as senior software engineer at Netcetera AG in Switzerland. He is a well known Brazilian JUG leader and open-source evangelist. Felipe works with Java since its early versions and has plans to keep that Java tradition as it is. When he is not coding, he prefers to listen reggae and travel around with his lovely wife Alena and his son Rodrigo. Felipe is a DZone MVB and is not an employee of DZone and has posted 29 posts at DZone. View Full User Profile

FindBugs and PMD applied on Java EE 5

  • submit to reddit

After few months of a fun learning curve - coding WSDL-first Web Services based on EJB 3 and JPA - I found some time to include automated quality tasks in my project with Ant scripts of FindBugs and PMD. As expected, the first round of quality assurance returned me a long list of bugs, most of them trivial mistakes like non public fields or unused methods. After the first cleanup, some bugs remained in the report, and after a few quality review cycles I got a set of tricky bugs - the ones you can't imagine the solution and the ones that definitely don't seem a bug. In the next sections I will unveil these tricky bugs and the workarounds I adopted to eliminate them. I hope you agree with my strategy, and I would appreciate feedback in case you disagree.

Why using PMD and FindBugs?

A good starting point of software quality assurance is to check if the code is working as designed, which can be done through software testing. Despite the usefulness of the tests, they only offer you a good indicator that the code will do the job, but tests miss the point about the fine grain code inspection (show me the code). Are you using the correct syntax and data structures? Is there redundancy in the code?

A soundness analysis of the code requires a person to remember all details about the Java language while keeping an eye on the performance tuning - an impossible mission if tried manually. Fortunately, tools like PMD and FindBugs come to help in finding code problems and also offering good hints on code optimization - the tools unveil the most commons code problems, saving your time to more important tasks. If you never used those tools before, or if you never paid the proper attention to them, you can assume a simple goal: the goal is to minimize the number of reported errors about your code. The closer you get to the zero errors report, the more sound is your code. Yes, it is linear, with some interpretation due to the different levels and types of bugs covered by the automated tools (keep in mind that the tools don't think, they are unnamed robots). The installation and configuration of PMD and FindBugs are fully exploited on the Internet and, instead of publishing one more blog about that, I will briefly comment about the recent experiments we have done in the Cejug-Classifieds Project.

Applying PMD and FindBugs against the Cejug-Classifieds Project

Cejug-Classifieds is an open source J2EE application based on WSDL-first Web Services, EJB 3 and JPA, what means a project full of wsimport generated code, annotations and generics. The combination of those modern Java features and technologies generated controversial bugs on the reports, but first let's checkout the code and run the quality tools. An important detail on our ant task is about its Glassfish dependency. Since our project depends on J2EE types and annotations, the environment variable AS_HOME should be present in your operational system in order to allow you to execute the code compilation task.








Caption: Phantom Blot prefers the mind games of FindBugs


The steps to checkout the code and run the quality tasks are:

  1. Install Glassfish and configure the environment variable AS_HOME
  2. Checkout the code from SVN repository:
    svn checkout https://cejug-classifieds.dev.java.net/svn/cejug-classifieds/trunk cejug-classifieds --username your.java.net.login
  3. After connecting the repository, please checkout the cejug-classifieds-server module, the one I will use as example.
  4. Run the ant quality tasks:
    ant server,pmd,FindBugs

The ant tasks will generate two reports you can find in the folder /build/quality - those are standard PMD and FindBugs reports. Other important detail: FindBugs will fail in case of any error, so a successful task execution means a clean code regarding FindBugs. PMD is not 100% clean yet, because there are pending issues on the report - those ones I will discuss below.

Special tips for IDE users: the project is pre-configured to Eclipse and NetBeans IDE, but it can also be compiled and tested from line commands if you prefer that way.

Published at DZone with permission of Felipe Gaúcho, author and DZone MVB.

(Note: Opinions expressed in this article and its replies are the opinions of their respective authors and not those of DZone, Inc.)