Community
Participate
Working Groups
Spotbugs produces way too many spurious reports about EI_EXPOSE_REP and EI_EXPOSE_REP2 since version 4.3.0.[1] They are not helpful at all; I'd even say a report like [2] is a plain false positive. With the bump to BREE Java 11 we also upgraded the spotbugs version to the newest. Apparently that was a bit over-eager. An upgrade is needed, the formerly used spotbugs 3.1.2 uses a groovy version that performs illegal reflective accesses that are forbidden in later Java versions. I see two possible ways to rectify this: 1. suppress reporting for EI_EXPOSE_REP and EI_EXPOSE_REP2 completely. 2. downgrade to spotbugs 4.2.3. (Last version before 4.3.0.) (1) has the disadvantage that it'll also suppress valid reports, but the ones we had about arrays have never been dealt with in years, and don't need to be dealt with since the usages are maybe not good style, but are perfectly fine otherwise in the EGit/JGit context. (2) has the disadvantage that we can't upgrade beyond 4.2.3 until issue 1601 is really fixed, and if we have to upgrade all the same for whatever reason, we'll run into the same problem again. [1] https://github.com/spotbugs/spotbugs/issues/1601 [2] https://ci.eclipse.org/egit/job/egit.gerrit/2323/spotbugs/type.-543698987/moduleName.-1810974105/packageName.-2092940729/fileName.-2074298336/source.cc4a0111-a1eb-41d2-9adf-749bf9acecc7/#56
I've commented on the spotbugs issue, but I wasn't heard, so I would now simply disable this detector, it is useless because of many false positives. https://github.com/spotbugs/spotbugs/pull/1551#issuecomment-857001232
New Gerrit change created: https://git.eclipse.org/r/c/egit/egit/+/185884
Gerrit change https://git.eclipse.org/r/c/egit/egit/+/185884 was merged to [master]. Commit: http://git.eclipse.org/c/egit/egit.git/commit/?id=3541be9f6fa3985b242c0e6ea26366c46f15bca0
