Fix for the heuristics that recognizes immutable classes #1603
Conversation
There was a problem hiding this comment.
Please resolve a conflict in the CHANGELOG.md file.
And I personally feel that it's not good to use class/package name to verify its immutability.
The target classes could be implemented by coder who has less knowledge about immutability, and they may use .*immutable.* as a magic word to remove "noisy" warning made by SpotBugs... :\
spotbugs/src/test/java/edu/umd/cs/findbugs/util/MutableClassesTest.java
Outdated
Show resolved
Hide resolved
baloghadamsoftware
force-pushed
the
ImmutableFix
branch
from
33545e2 to
f90d90a
Compare
I agree with you, coders may misuse this heuristic. I do not know how often that happens, actually I never thought that someone would intentionally silence a true positive just because of laziness. Now I changed it to only look for the word "immutable" in the class name but not in the package name. Is it OK? If not, then I can simply put the signatures of the Guava immutable classes into the list of know immutables. (However, this does not protect against false positives coming from other APIs.) |
Not sure. I personally think it's not enough and better to use the signatures of Guava immutable classes, but let's wait opinions from other community members. |
OK, I will put the Guava signatures into the list for now. However, it came to my mind that it is much easier for a developer to use a @immutable annotation than change the name of the class or the package. And we must support this annotation to avoid false positives reported by the users. Thus I do not think that many would rename their classes or packages to forcefully silence false positives. |
baloghadamsoftware
force-pushed
the
ImmutableFix
branch
from
f90d90a to
e71e551
Compare
|
I think there's too much scope for false positives. Just within the past few months, I overrode an |
|
Should immutable classes from |
Sure. I will update this PR to include them. |
|
Just checking in, what is the status of this request? There's other reporters with the same issue, with some additional suggestions for checking for immutability |
Class names containting the substring "immutable" are considered now immutable. Fixing issue spotbugs#1601.
…ckage name. Also added a check for an annotation ending with "Immutable".
baloghadamsoftware
force-pushed
the
ImmutableFix
branch
from
e71e551 to
a199bc8
Compare
Sure. I will update this PR to include them.
What about Detecting *.Immutable*? I think there is hardly anyone who calls a class ImmutableLikeXXX. |
…Test.java Co-authored-by: Kengo TODA <skypencil+github@gmail.com>
…eClassesTest.java" This reverts commit efaed90.
|
@KengoTODA & @ThrawnCA For now I only added the Guava immutable classes, the java.date package and the @immutable annotation. |
Where are they? I searched in the issues and discussions, but I could not find any. It would be good to read them and include all the classes they claims immutable into the list of known immutable classes. |
I'm looking at the other comments in my issue: It's mostly |
|
Is it possible to include an additional whitelist that is set as a plugin configuration option? It would let users specify immutable classes that they have defined in their project without asking them to be added to the spotbugs whitelist |
…upportedOperationException.
|
With the last modification it seems that we finally got rid of all false positives. Now all the findings are true positives. However, there are quite many of them so I would propose changing the priority of all the findings of the |
|
|
||
| private static final List<String> SETTER_LIKE_NAMES = Arrays.asList( | ||
| "set", "put", "add", "insert", "delete", "remove", "erase", "clear", "push", "pop", | ||
| "enqueue", "dequeue", "write", "append", "replace"); | ||
| "enqueue", "dequeue", "append", "replace"); |
There was a problem hiding this comment.
This change is backward compatible and will affect many users.
So personally I don't want to merge this change to SpotBugs.
There was a problem hiding this comment.
Do you mean the omission of "write" from the list? Actually, I found that methods called write...() are usually no setters but they write to a stream.
| return false; | ||
| } | ||
|
|
||
| // Non-public setters cannot be used from outside the package so disregard them. |
There was a problem hiding this comment.
I think this change is not so natural. The package affect nothing to the immutability of class architecture.
There was a problem hiding this comment.
Yes, this can be disputed. If you whish, I can change this part to only omit methods which are private or protected.
|
Thank you, for your review @KengoTODA!
Which part, do you mean? Actually, this PR is quite complex and contains different fixes. Originally, I implemented a heuristics to replace the placeholder (which was just a list of 4 mutable classes and all the rest were considered as immutable) in PR #1533. However, my heuristics was incomplete and contained some bugs. It caused tons of findings, especially in the In this patch I tried to fix these issues and also made a long and tiring manual research to find all the possible false positives and fix the heuristics to not to report them. The fixes in this PR:
The result is that maybe we have some additional false negatives but all the false positives disappeared. |
|
Here's a (simple) PR that fixes some incorrect class names in |
|
This PR fixes #1634 |
Class names containting the substring "immutable" are considered now immutable.
Fixing issue #1601.
Make sure these boxes are checked before submitting your PR -- thank you!
CHANGELOG.mdif you have changed SpotBugs code