Code inspection Tool Series--findbugs

Preface

As projects become more complex, engineering is becoming larger, it is unrealistic to rely solely on human beings to check for potential problems in code, and unit tests are not completely covered, so it is necessary to do some code checking with automated tools, so this series of articles will mainly cover several common code-checking tools. 

FindBugs

FindBugs is a static analysis tool that examines a class or JAR file to compare bytecode with a set of defect patterns to identify possible problems.
  FindBugs doesn't pay attention to style or format, it tries to find only real flaws or potential performance problems.

Installation

FindBugs can be integrated into eclipse in two ways: 

online installation

eclipse–> help–> Install Newsoftware
Pop-Up dialog box, click Add.

Http://findbugs.cs.umd.edu/eclipse
Then click OK, the installation will be OK. 

Offline Installation

Download the FindBugs installation package, unzip it, copy the files in the features and plugins directories to the corresponding directory under Eclipse, and restart Eclipse.
After completing the above steps, click Windows–> showviews–> Others
  
Indicates that the installation was successful.

  Use

FindBugs is very simple to use, just right-click on the project –>find bugs–>findbugs
The tool runs and can then be windows–>showviews–>others–>findbugs–>bugs Explore
You can see the potential bugs that exist.
  
Depending on the appropriate message, you can view the possible issues. 

findbugs rule Settings

Right-click Project –>properties–>findbugs.

You can enable custom rules by checking the position of the arrows in the diagram.

The information that can be configured includes the relevant settings for the four options shown in the figure above:. Run Automatically switch

When this item is selected, FindBugs will run automatically when you modify the Java class, as soon as you set the Eclipse auto-compile switch, and when you finish modifying the Java file Save, FindBugs will run and display the appropriate information. When this is unchecked, you can only run findbugs to check your code every time you need it. Reporter Configuration page

Set the bug level, category, and report for different bugs in the FindBugs report, which can be made as errors, warnings, etc. Filter Files Page

Manually developed bug filtering rules, the import file format is an XML file, specifically no format has not been carefully studied.
-Plugins and Misc Settings page

It doesn't work.
-Detector Configuration page

Need to detect bug,findbugs self-contained detectors, of which there are more than 60 kinds of bad practice,80 correctness,1 species internationalization,12 species malicious Code Vulnerability , 27 kinds of multithreaded correctness,23 species of performance,43 dodgy.

  simple description of the FindBugs self-test

Bad Practice

Some bad practices, listed below are several:
He: the class defines equals (), but no hashcode (), or the class defines equals (), but uses Object.hashcode (), or the class defines hashcode (), but does not have equals (), or the class defines hashcode (), The Object.Equals () is used, and the class inherits equals (), but uses Object.hashcode ().
Sql:statement's Execute method invokes a very literal string, or prepared Statement is generated by a very literal string.
DE: The method terminates or does not handle the exception, in general, the exception should be handled or reported, or thrown by the method. Correctness

The code that could lead to the error is listed below:
NP: null pointer is referenced; the null pointer is referenced in the method's exception path, the method does not check whether the parameter Null;null value is generated and referenced, the null value is generated and is referenced in the method's exception path, and a null parameter declared as @nonnull is passed to the method. The return value of the method declared as @nonnull is actually null.
Nm: The class defines the Hashcode () method, but does not actually overwrite the hashcode () of the parent class object, the class defines the ToString () method, but does not actually overwrite the ToString () of the parent object, and the obvious method is confused with the constructor ; method names are easily confused.
The SQL: Method attempts to access a prepared statement 0 index, and the method attempts to access a ResultSet 0 index.
UwF: All write attributes are set to NULL, so that all reads are null, so that the property is necessary to exist, or the property is never write.
-Internationalization

When using the upper or lowercase method on a string, if it is an international string, it may not be appropriate to convert.
-Malicious Code vulnerability

If the code is exposed, potentially malicious code, here are a few:
FI: The Finalize () of a class should be protected, not public.
MS: The property is a mutable array; The property is a variable hashtable; The property should be package protected. Multithreaded correctness

When multithreaded programming, the code that can cause errors is listed below:
Esync: An empty synchronization block that is difficult to use correctly.
MWN: Error using Notify (), may cause illegalmonitorstateexception exception, or incorrect use of wait ().
No: Use Notify () instead of Notifyall (), just wake up one thread instead of all waiting threads.
SC: The constructor called Thread.Start (), which may cause an error when the class is inherited. Performance

Code that could lead to poor performance, here are a few examples:
DM: The method calls the inefficient Boolean constructor, but should use Boolean.valueof (...). Using a similar integer.tostring (1) Instead of the new Integer (1). ToString (); The method calls the constructor of the inefficient float and should use the static ValueOf method.
SIC: If an inner class wants to be referenced in a wider area, it should be declared as static.
SS: If an instance property is not read, consider declaring it static.
UrF: If an attribute is never read, consider removing it from the class.
UuF: If an attribute is never used, consider removing it from the class.

Dodgy

Potentially dangerous code, which may cause errors during run-time, is listed below:
CI: Class declared as final but declared protected property.
DLS: Assigns a value to a local variable, but does not read the local variable; The local variable is assigned null, but the local variable is not read.
ICAST: integer number multiplication result is converted to long integer number, the integer type should be converted to long integer number and then multiplied.
INT: No necessary integer number comparison, such as X <= integer.max_value.
NP: A direct reference to ReadLine () without determining whether it is null, a direct reference to a method invocation, and a method that may return null.
REC: Captures exception directly, but may actually be runtimeexception.
ST: Modify the class variable directly from the instance method, that is, the static property.

  Summary

FindBugs is just contact, it is a tool for code detection, very powerful, very easy to use, of course, it has a lot of rules, after the change to learn, for a while to understand so much.