I would expect the role of SpotBugs to be advisory at first. After running it on the code and evaluating the number and type of violations we can decide which make sense to address and whether we would like it break the builds if it detects violations.
> > On Nov 7, 2022, at 4:45 PM, Derek Chen-Becker <de...@chen-becker.org> wrote: > > I'm always in favor of having the compiler/runtime do more work for > us, but I guess in the interest of gauging impact to dev productivity, > does this add much overhead? I guess we'll need to discuss what it > finds after it runs, as well. > > Cheers, > > Derek > > >> On Mon, Nov 7, 2022 at 4:10 PM David Capwell <dcapw...@apple.com> wrote: >> >> I was thinking that it would be good to add SpotBugs >> (https://spotbugs.github.io) into our build to help find bugs earlier in the >> life cycle. SpotBugs is LGPL but as it is used only in the build and not to >> within this project, then this should be fine with Apache. >> >> The motivation for adding this was from CASSANDRA-17178; the Simulator has >> issues with Serializable classes missing serialVersionUID (as we deal with >> ClassLoaders; this field is strongly recommend in general for all >> Serializable classes), but this project can add more value as there are a >> large collection of potential bugs to look out for; below are a few examples >> found. >> >> * Number.valueOf vs Number.parse<size>. In many parts of the code we do >> valueOf which returns a boxed value; we then unbox for the usage; this adds >> more garbage that isn’t needed >> * Using Number.compareTo rather than primitive compare functions (causing >> boxing) >> * Ignoring return value for functions that don’t have a side effect. This >> happens in a few cases where we are building a StringBuilder where we call >> .toString but ignore the string… then call it later on >> * use of putIfAbsent without looking at the return. This was found in >> CacheService where we add the SSTable reader to the cache and assume we win >> the race and start using it… rather than using the object that won the race > > > > -- > +---------------------------------------------------------------+ > | Derek Chen-Becker | > | GPG Key available at https://keybase.io/dchenbecker and | > | https://pgp.mit.edu/pks/lookup?search=derek%40chen-becker.org | > | Fngrprnt: EB8A 6480 F0A3 C8EB C1E7 7F42 AFC5 AFEE 96E4 6ACC | > +---------------------------------------------------------------+
