We recently fixed a crash caused by simply forgetting a "break" in a switch statement. That's something most (static) code analyzers warn about. Right now we do not run such a tool in automation and therefore miss such problems if the reviewer doesn't see it. There are gradle plugins for findbugs or PMD. Integration should be easy and more or less the same as our "checkstyle" task. Running findbugs locally reports 650 warnings (77 high priority / 573 medium priority). If we fix the high priority warnings then we could run those checks in automation.
I don't really have a preference for one of the tools. FindBugs seems to be very easy to integrate and widely used.
I filed bugs for all the "high priority" warnings from find bugs. After fixing those bugs we can run those checks in automation. They are all marked as "good first bugs".
Oops, wrong bug number in that commit message.
Backout by email@example.com: https://hg.mozilla.org/integration/mozilla-inbound/rev/563c2a63a5e6 Backed out changeset 6c70f14a433e for landing with the wrong bug number
Re-triaging per https://bugzilla.mozilla.org/show_bug.cgi?id=1473195 Needinfo :susheel if you think this bug should be re-triaged.
Priority: P3 → P5
You need to log in before you can comment on or make changes to this bug.