When to stop following the advice of static code analysis?
Posted
by bananeweizen
on Stack Overflow
See other posts from Stack Overflow
or by bananeweizen
Published on 2010-05-23T12:44:47Z
Indexed on
2010/05/23
12:50 UTC
Read the original article
Hit count: 231
I do use static code analysis on a project with more than 100.000 lines of Java code for quite a while now. I started with Findbugs, which gave me around 1500 issues at the beginning. I fixed the most severe over time and started using additional tools like PMD, Lint4J, JNorm and now Enerjy.
With the more severe issues being fixed, there is a huge number of low severity issues. How do you handle these low priority issues?
- Do you try fixing all of them?
- Or only in newly written code?
- Do you regularly disable certain rules? (I found that I do on nearly any of the available tools).
And if you ignore or disable rules, do you document those? What do your managers say about "leaving some thousand low priority issues not fixed"? Do you use (multiple) tool specific comments in the code or is there any better way?
© Stack Overflow or respective owner