A brief summary of FindBugs learning __java

Today's code quality again to the Java code to submit SVN before the FindBugs check, although according to the menu I will have findbugs plug-ins, but in order to more comprehensive learning, more efficient use, I search to learn the use of findbugs. Inspection Principle

FindBugs is a static analysis tool that examines a class or jar file and compares bytecode with a set of bug patterns to identify possible problems. FindBugs Self-band detectors, of which more than 60 kinds of bad practice,80 more than correctness,1 species internationalization,12 malicious Code vulnerability, 27 Kinds of multithreaded correctness,23 performance,43 species dodgy. We can also configure our own check rules (what to do, what not to do), or we can implement our own unique validation rules (user-defined bug patterns need to inherit their interfaces, write their own validation classes, which are advanced techniques).

　 The static check in the White box test is generally to check the coding standard specification, Error List. Code specifications often the team will be based on their own experience and style to set some specifications. Now many IDE tools will be real-time reminders of the code style when editing the code. A list of errors, typically a potential bug in code, because some code is written without a syntax error, but there may be an error, such as a thread deadlock. These are the list of errors that should be checked. How static checks can be manipulated:

1, code go check:

Programmers can take a certain amount of time to extract code to check.

Check the time according to the summary report, these experiences into a list, as the next step of the code to check the basis.

This method is characterized by manual, multiplayer discussion, simple operation, but the efficiency will be relatively low.

2, Code scanning

Use software to scan our code to find out potential problems. There are many commercial tools that can be scanned, such as Parasoft JTest, Software Analyzer, and pclint tools, often with different tools for different languages. There are, of course, many open source tools. Here the Java aspect mainly recommends findbugs. FindBugs can be run in the Ant/gui/eclipse three environment, but also can write their own detectors, the function is relatively perfect. We can usually collect their own or someone else's development experience, make it into a detector to improve the findbugs detection system. Software scanning is characterized by machine scanning, high efficiency, but not inflexible, extended more responsible. java Static Check tool contrast

Reference: http://blog.csdn.net/ml5271169588/article/details/6975701

Http://www.cnblogs.com/hyddd/archive/2008/12/16/1356310.html

Tools	Purpose	Check
FindBugs check. Class	Based on the concept of bug patterns, find potential bugs in Javabytecode (. class files)	Primarily check for bug patterns in bytecode, such as Nullpoint null pointer checking, No reasonable shutdown resources, string same error (= =, not equals), etc.
PMD Check source file	Check for potential problems in Java source files	Mainly includes: Empty try/catch/finally/switch statement block Unused local variables, parameters, and Priva Te method Empty if/while statement Overly complex expressions, such as unnecessary if statements Complex classes
Checkstyle Check source main concern format	Check if Java source file matches code specification	The mainly includes: Javadoc comments Naming conventions Unused Imports Size metric, such as a method that is too long Missing necessary space whitespace Repeat code

Use and Configuration

Excerpt from: http://developer.51cto.com/art/200906/127165.htm

This article mainly describes what is used in eclipse

FindBugs is a program that can find bugs in Java programs. It is designed to look for code that is in the "Bug Patterns" list. Bug patterns refers to an instance of a code that is likely to be wrong.

Open the Bug Details view Windows => Show View => ... => FindBugs => bugdetails

In Package Explorer or Navigator view, select your Java project, right-click, and see the Find Bugs menu item with "Find Bugs" and "clear Bug markers" in the submenu, as shown in the following illustration:

We build a simple test file Test.java content as follows:

public class Test { Private string[] name; Public string[] GetName () { return name; } public void SetName (string[] name) { THIS.name = name; } }

We dot "Find Bugs", the runtime will appear as the following progress box:

After the run is over, you can see in problems the following warning message content added

FindBugs The post-run warning message content is displayed not only in the problems view, but also in the Source Code tag box, in the source editor we can see the warning ID, as shown in the following figure:

When the cursor points to the code of your warning message, there is a corresponding error message, similar to the error or warning message hint for eclipse itself.

Select the corresponding problem in the problems view, you will be in the code Editor to switch to the appropriate code to facilitate the corresponding information to the appropriate code changes.

In the problems view, select the appropriate question entry, right button, in the pop-up menu, you can see "Show Bug Details", as shown in the following figure:

Point, it will switch to the bug details view to display more detailed hints.

Of course, in the Code editing window, when you click on an icon with a warning message, you automatically switch to the Bud Details window to see the detailed warning, as shown in the following figure.

According to the detailed information here, you can get the findbugs why the warning message to your code, and the corresponding processing methods, according to its prompt, you can quickly and easily modify the code.

According to the prompts, we will modify the code as follows, and then run will not be reported a warning message.

public class Test { Private string[] name; Public string[] GetName () { string[] temp = name; return temp; } public void SetName (string[] name) { string[] temp = name; THIS.name = temp; } }

Configure FindBugs

Select your project, right key => Properties => FindBugs =>

The information that can be configured includes the relevant settings for the four options shown in the previous illustration:

1. Run FindBugs automatically switch

When this item is selected, FindBugs will automatically run when you modify the Java class, such as when you set up the Eclipse automatic compiler switch, and when you have finished modifying the Java file Save, FindBugs will run and display the corresponding information.

When this item is not selected, you can only run findbugs to check your code each time you need it.

2. Minimum priority to the Select item

The option is to choose which level of information you want to display, with low, Medium, and high three options to choose from, much like the log4j level setting. Like what:

You select the High Select item, then only the high level of the cue message will be displayed.

You select the Medium option, then only the medium and high level prompts will be displayed.

If you select the low selection, all levels of the prompts will be displayed.

3. Enable Bug Categories Selection

Here are some options for displaying bug classifications:

Correctness relevant aspects of code correctness

Performance about code performance related Aspects of

Internationalization about code internationalization related aspects of

Multithreaded correctness related Aspects of code multithreading correctness

Style about code style related aspects of

Malicious code vulnerability Related aspects of malicious vandalism

For example, if you remove the Style check box from the selection, the warning message associated with the style category will not be displayed. Others are similar.

4. Select bug patterns to check for selection

Here you can select the related bug pattern entry you want to check

You can see from the bug codes, detector name, detector description which aspects of the content you want to check, you can select or remove the appropriate check conditions as needed.

Third, detailed description

FindBugs is a static analysis tool that examines a class or jar file and compares bytecode with a set of bug patterns to identify possible problems. FindBugs Self-band detectors, of which more than 60 kinds of bad practice,80 more than correctness,1 species internationalization,12 malicious Code vulnerability, 27 Kinds of multithreaded correctness,23 performance,43 species dodgy.

Bad Practice Practice

Some bad practice, the following list several:

The He : class defines equals (), but no hashcode (), or the class defines equals (), but uses the

Object.hashcode (); The class defines hashcode () without Equals (), or the class defines hashcode (), but uses Object.Equals (), and the class inherits equals (). But use Object.hashcode ().

SQL: The Statement execute method invokes a very literal string, or prepared Statement is generated by a very literal string.

DE: method terminates or does not handle an exception, in general, the exception should be processed or reported, or thrown by method.

correctness The general correctness problem

Code that may cause errors, here are a few:

NP: null pointers are referenced; In the exception path of the method, null pointers are referenced; methods do not check whether the parameters are null;null and referenced; Null values are generated and referenced in the method's exception path; Pass method a null argument declared as @nonnull The return value of the method is declared to @nonnull is actually null.

Nm: The class defines the Hashcode () method, but does not actually overwrite the hashcode () of the parent object, and the class defines the ToString () method, but does not actually overwrite the parent object's ToString () ; The obvious method is confused with the constructor, and the method name is easily confused.

SQL: method attempts to access a 0 index of a prepared statement; method attempts to access the 0 index of a resultset.

UWF: All write puts the attribute to null so that all reads are null, so that the attribute is necessary, or the property is never write.

Internationalization Internationalization

When using the upper or lowercase method on a string, if it is an international string, it may be improperly converted.

malicious code vulnerability A possible malicious attack

If the code is exposed, code that could be maliciously attacked, here are a few:

FI: the Finalize () of a class should be protected, not public.

MS: properties are mutable arrays; properties are variable hashtable; properties should be package protected.

multithreaded Correctness The correctness of multiple threads

When multithreaded programming, it can lead to wrong code, and here are a few:

esync: empty sync blocks that are hard to use correctly.

mwn: error using Notify (), may cause illegalmonitorstateexception exception, or wrong

Use Wait ().

No: using Notify () instead of Notifyall (), just wakes up a thread instead of all the waiting threads.

SC: The constructor invokes Thread.Start (), which can cause an error if the class is inherited.

Performance Performance Problems

Code that may cause poor performance, here are a few:

DM: The method invokes the inefficient Boolean constructor instead of the boolean.valueof (...) ; with a similar

Integer.tostring (1) replaces the new Integer (1). ToString (); The method invokes the inefficient float constructor, and the static valueof method should be used.

SIC: If an inner class wants to be referenced in a wider area, it should be declared static.

SS: If an instance property is not read, consider declaring static.

UrF: If a property has never been read, consider removing it from the class.

Uuf: If a property is never used, consider removing it from the class.

<