I am using Findbugs and other plugins to analyze Java files.
An Issue has been generated for a specific Findbugs rule, even though the source code has not been modified.
In addition, there were cases where the status was set to close on its own, even though no operation was performed on the screen.
I would like to know if the same thing happens with Findbugs rules or other plugin rules.
I would also like to know the conditions under which such cases occur, if you know them.
The specific rules are as follows
NP_GUARANTEED_DEREF_ON_EXCEPTION_PATH
Correctness - Value is null and guaranteed to be dereferenced on exception path
I am using the PMD and checstyle plugins, but I have not experienced the above events.
Version information
SonarQube 8.4.1
Sonar-FindBugs 4.0.2
First, I need to point out that your version is past EOL. You should upgrade to either the latest version or the current LTS at your earliest convenience.
Your upgrade path is:
8.4.1 → 8.9.1 → 9.0 (last step optional)
Regarding your FindBugs issue, I translate the rule key to “Guaranteed Null Pointer dereference on exception path”. Since this rule looks at more than just the location where the issue is raised, it’s likely that a change in the code leading up to the issue location caused a new issue to suddenly appear.
Regarding issues being closed, that’s a normal part of the issue lifecycle.
I will consider upgrading sonarqube.
I have also checked the issue life cycle.
Since this rule looks at more than just the location where the issue is raised, it’s likely that a change in the code leading up to the issue location caused a new issue to suddenly appear.
After this answer, I have three new questions.
For example, if an Issue is generated in aaa.java, does it mean to check multiple locations in aaa.java?
Or do you mean to check not only aaa.java but also the other bbb.java to detect the issue in aaa.java?
I think I understand the former, am I right?
This time, the Issue occurred even though I did not modify the source code in the package at all.
Is it possible for a new Issue to be generated in such a case?
The newly generated Issue is OPEN, then CLOSE, then repeat several times.
Have you ever encountered such an event?
I cannot tell the difference between this being normal behavior or not.
That’s a question about the FindBugs internals, which no one at SonarSource is qualified to answer. I can only say “probably” to this.
At this point I have to wonder if all your compiled classes and libraries are available to analysis every time. For SonarQube’s native Java analysis, I can tell you that when binaries are missing, analysis is less precise. I would guess it’s the same thing for FindBugs too.
I think the thing to do would be to look at your build/analysis log to see what - if anything - is changing from run to run and whether you get warnings some times but not others.
I assume that you have probably never encountered an event similar to mine.
I don’t have the log of when it happened, so I can’t check it now, but if it happens again, I’ll check the log again and see if there are any differences.
As pointed out in the previous answer, the problem may have been caused by an older version, so I will upgrade the version and observe the progress.