Static Analysis for FRC Code

Brian_Maher · January 9, 2024, 12:28am

Does anyone have any experience with using static analysis on FRC code (especially in Java)? It seems like it’d be pretty straightforward to add spotbugs or pmd to a build.gradle file, but I’m curious if there are any other challenges (technical or human) to worry about? Do students have an easy time getting comfortable with these tools? Is the higher quality code worth the extra upfront cost of writing it? Has anyone had any success with any particular tools?

I rely heavily on clang-tidy in my professional C++ development and would love to reap similar benefits in FRC.

Peter_Johnson · January 9, 2024, 12:34am

We use both spotbugs and pmd (and spotless) in the main WPILib build (albeit with a decent number of suppressions). They are powerful tools for keeping code clean, but I think the concern in team robot code would be having them slow down code updates, particularly at an event–the last thing you want to worry about when making a last-minute fix before a match is having PMD fail your build because you had one too many functions in a class, or you tripped a complexity threshold on a particular function, or have spotless fail because your indentation is wrong or a line was 4 characters too long. If you use them, make sure they’re set up to not fail the build, only emit warnings.

Brian_Maher · January 9, 2024, 12:41am

Thanks for responding, that makes sense. Is it possible to set it up so that these steps would emit warnings during local builds and errors/failures in a GitHub Action CI build?

Peter_Johnson · January 9, 2024, 12:43am

Sure. The way we do that in WPILib is by passing a parameter to Gradle in the CI workflow (e.g. -PciBuild) and checking it in the Gradle script to set other options.

Starlight220 · January 9, 2024, 10:34am

iirc there’s an frc-docs article about setting up a CI with spotless. I guess the article could be expanded to show linting and not just formatting.

Oblarg · January 9, 2024, 1:27pm

Please don’t force PMD on your team…

KJaget · January 9, 2024, 3:37pm

Not a java team, but I’ve played with the VS code sonarlint plugin for C++ and python code and have found it useful. Since this is just informative in VS code rather than being a build time potential blocker it works around the various scenarios in Peter’s post while still flagging stuff that should be fixed.

Config was straightforward for us since we were already generating compile_commands for our code, not sure how that maps to other teams though because our build env is weird.

gartaud · January 9, 2024, 6:24pm

If your code is in a public GitHub repo you can scan it for free using Coverity Scan - Static Analysis

See an example of batch file to generate binaries to upload to Coverity at FRC2495-2022/coverity_scan.bat at main · FRC2495/FRC2495-2022 · GitHub
and associated report at Coverity Scan - Static Analysis

shivshah · October 29, 2024, 5:48am

Hey Peter,

How did you set up spotless to only emit warnings. Per their documentation it seems that you would use

ignoreErrorForPath(‘path/to/file.java’)

But i’m not sure how to set that up for the whole wpilib folder?

Thank you for your help

Peter_Johnson · October 29, 2024, 7:07am

You can set up spotless in Gradle to exclude entire directory trees. See allwpilib/shared/java/javastyle.gradle at main · wpilibsuite/allwpilib · GitHub for example.

Ryan_Blue · October 29, 2024, 7:46am

Unfortunately spotless doesn’t allow for this behavior. You can either ignore a directory tree entirely as Peter mentioned (so those files aren’t formatted at all) or suppress errors on a specific file using ignoreErrorForPath (though I can’t seem to get that to work), but spotless does not have an option to warn instead of erroring for a directory.