+0.02173913 I'm happy to replace FindBugs with ErrorProne, but we need to first upgrade ErrorProne analyzer warnings to errors. Currently the codebase is full of warning spam, and there's no enforcement preventing future violations from being added.
I've done the work for enforcing ErrorProne analysis on java-sdk-core , and I've sharded out the rest of the Java components in JIRA issues  (45 total). Fixing the issues is relatively straightforward, and I've tried to provide enough guidance to make them as starter tasks (example: ). Teng Peng has already started on Spark  (thanks!)  https://github.com/apache/beam/pull/5319  https://issues.apache.org/jira/issues/?jql=project%20%3D%20BEAM%20AND%20status%20%3D%20Open%20AND%20labels%20%3D%20errorprone  https://issues.apache.org/jira/browse/BEAM-4347  https://issues.apache.org/jira/browse/BEAM-4318 On Thu, May 17, 2018 at 2:00 PM Ismaël Mejía <ieme...@gmail.com> wrote: > +0.7 also. Findbugs support for more recent versions of Java is lacking and > the maintenance seems frozen in time. > > As a possible plan b can we identify the missing important validations to > identify how much we lose and if it is considerable, maybe we can create a > minimal configuration for those, and eventually migrate from findbugs to > spotbugs (https://github.com/spotbugs/spotbugs/) that seems at least to be > maintained and the most active findbugs fork. > > > On Thu, May 17, 2018 at 9:31 PM Kenneth Knowles <k...@google.com> wrote: > > > +0.7 I think we should work to remove findbugs. Errorprone covers most of > the same stuff but better and faster. > > > The one thing I'm not sure about is nullness analysis. Findbugs has some > serious limitations there but it really improves code quality and prevents > blunders. I'm not sure errorprone covers that. I know the Checker analyzer > has a full solution that makes NPE impossible as in most modern languages. > Maybe that is easy to plug in. The core Java SDK is a good candidate for > the first place to do it since it is affects everything else. > > > On Thu, May 17, 2018 at 12:02 PM Tim Robertson < > timrobertson...@gmail.com> > wrote: > > >> Hi all, > >> [bringing a side thread discussion from slack to here] > > >> We're tackling error-prone warnings now and we aim to fail the build on > warnings raised . > > >> Enabling failOnWarning also fails the build on findbugs warnings. > Currently I see places where these arise from missing a dependency on > findbugs_annotations and I asked on slack the best way to introduce this > globally in gradle. > > >> In that discussion the idea was floated to consider removing findbugs > completely given it is older, has licensing considerations and is not > released regularly. > > >> What do people think about this idea please? > > >> Thanks, > >> Tim > >>  > > https://lists.apache.org/thread.html/95aae2785c3cd728c2d3378cbdff2a7ba19caffcd4faa2049d2e2f46@%3Cdev.beam.apache.org%3E >