FindBugs is a program that finds bugs in Java programs that look for instances of bug patterns, which are examples of possible errors, and note that findbugs is checking Java bytecode, or *.class files. In fact, it is to look for code defects, many of the bad we write, can optimize the place, it can be checked out. For example, a database connection that is not closed, a lack of necessary null check, redundant null check, redundant if post condition, same conditional branch, duplicate code block, incorrect use of "= =", the recommended use of StringBuffer instead of string concatenation, and so on. And we can also configure our own check rules (what to do, what not to check), or we can implement unique validation rules (user-defined bug patterns need to inherit its interface, write their own validation classes, which are advanced techniques).
FindBugs is a static analysis tool that examines a class or jar file and compares bytecode with a set of bug patterns to identify possible problems. FindBugs Self-band detectors, of which more than 60 kinds of bad practice,80 more than correctness,1 species internationalization,12 malicious Code vulnerability, 27 Kinds of multithreaded correctness,23 performance,43 species dodgy.
Bad Practice Practice
Some bad practice, the following list several:
The He : class defines equals (), but no hashcode (), or the class defines equals (), but uses the
Object.hashcode (); The class defines hashcode () without Equals (), or the class defines hashcode (), but uses Object.Equals (), and the class inherits equals (). But use Object.hashcode ().
SQL: The Statement execute method invokes a very literal string, or prepared Statement is generated by a very literal string.
DE: method terminates or does not handle an exception, in general, the exception should be processed or reported, or thrown by method.
correctness The general correctness problem
Code that may cause errors, here are a few:
NP: null pointers are referenced; In the exception path of the method, null pointers are referenced; methods do not check whether the parameters are null;null and referenced; Null values are generated and referenced in the method's exception path; Pass method a null argument declared as @nonnull The return value of the method is declared to @nonnull is actually null.
Nm: The class defines the Hashcode () method, but does not actually overwrite the hashcode () of the parent object, and the class defines the ToString () method, but does not actually overwrite the parent object's ToString () ; The obvious method is confused with the constructor, and the method name is easily confused.
SQL: method attempts to access a 0 index of a prepared statement; method attempts to access the 0 index of a resultset.
UWF: All write puts the attribute to null so that all reads are null, so that the attribute is necessary, or the property is never write.
Internationalization Internationalization
When using the upper or lowercase method on a string, if it is an international string, it may be improperly converted.
Malicious Code Vulnerability a possible malicious attack
If the code is exposed, code that could be maliciously attacked, here are a few:
FI: the Finalize () of a class should be protected, not public.
MS: properties are mutable arrays; properties are variable hashtable; properties should be package protected.
multithreaded Correctness The correctness of multiple threads
When multithreaded programming, it can lead to wrong code, and here are a few:
esync: empty sync blocks that are hard to use correctly.
mwn: error using Notify (), may cause illegalmonitorstateexception exception, or wrong
Use Wait ().
No: using Notify () instead of Notifyall (), just wakes up a thread instead of all the waiting threads.
SC: The constructor invokes Thread.Start (), which can cause an error if the class is inherited.
Performance Performance Issues
Code that may cause poor performance, here are a few:
DM: The method invokes the inefficient Boolean constructor instead of the boolean.valueof (...) ; with a similar
Integer.tostring (1) replaces the new Integer (1). ToString (); The method invokes the inefficient float constructor, and the static valueof method should be used.
SIC: If an inner class wants to be referenced in a wider area, it should be declared static.
SS: If an instance property is not read, consider declaring static.
UrF: If a property has never been read, consider removing it from the class.
Uuf: If a property is never used, consider removing it from the class.
dodgy dangerous.
Potentially dangerous code that may run for an error, here are a few examples:
CI: class declared as final but declared protected property.
DLS: assigns a value to a local variable, but does not read the local variable, the local variable is assigned null, but the local variable is not read.
icast: integer numeric multiplication results into long integer numbers, the integral type should be converted to long integer numbers and then multiplied.
INT: no need for integer numeric comparisons, such as X <= integer.max_value.
NP: a direct reference to ReadLine () without determining whether null, a direct reference to a method call, and the method may return null.
REC: Direct capture of exception, which may actually be runtimeexception.
ST: Modify the class variable directly from the instance method, that is, the static property.
In your ant script, you first define the location of the FindBugs decompression directory:
<fileset dir = "${lib.home}/findbugs-1.3.0" >
Then declare the FINDBUGS task:
Classname= "Edu.umd.cs.findbugs.anttask.FindBugsTask"
Classpathref = "Findbugs.path"/>
Then set up the FindBugs task:
<property name = "Findbugs.home" value = "${lib.home}/findbugs-1.3.0"/>
<!--define FindBugs home,findbugs task to use-->
<findbugs home = "${findbugs.home}" includefilter= "${findbugs_include_filter}"
Excludefilter= "${findbugs_exclude_filter}"
jvmargs= "-xmx384m" output = "html"
<class location = "${build.home}/web-inf/classes/"/>
<!--the class path for FindBugs lookup is defined above-->
<auxclasspath path= "${lib.home}/findbugs-1.3.0/lib/findbugs-ant.jar"/>
<fileset dir= "${build.home}/web-inf/lib" includes= "**/*.jar"/>
<!--above defines the class path that the above class relies on-->
<sourcepath path = "${src.home}"/>
<!--above defines the source code path-->
A. Open the menu separately in Eclipse Help->software Updates->find and Install
B. Select Search for new features to install option and click Next
C. Create a new Remote Site ...
Select your project, right-click Properties, and choose FindBugs to configure findbugs options.
<!--all classes use Bugcode as he detector-->
<!--This class uses all bug detectors-->
<match class = "Com.foobar.AClass"/>
<!--This class uses Bugcode as he's detector-->
<match class = "Com.foobar.BClass" >
<!--the Amethod and Bmethod methods of this class use Bugcode as he detector-->
<match class = "Com.foobar.CClass" >
4, FindBugs filter elements to explain:
<!--This class uses all bug detectors-->
<class name= "Com.foobar.MyClass"/>
<!--This class uses Bugcode as he's detector-->
<match class = "Com.foobar.BClass" >
<!--This class uses some bug detectors by specifying abbreviated names-->
<class name= "Com.foobar.MyClass"/>
<!--all classes use Bugcode as he detector-->
<!--all classes use Bugcode as De,urf,sic detectors-->
<!--All classes use certain detectors by specifying the type of detector-->
<bug category= "Performance"/>
<!--The specified method of this class uses Bugcode as a DC detector-->
<class name= "Com.foobar.MyClass"/>
<method name= "Frob" params= "int,java.lang.string" returns= "void"/>
<method name= "Blat" params= "returns=" boolean "/>
<!--the Amethod and Bmethod methods of this class use Bugcode for De,urf,sic detectors-->
<class name= "Com.foobar.MyClass"/>
<bugcode name = "De,urf,sic"/>
<!-The specified method of this class uses the bug pattern as the Os_open_stream detector-->
<class name= "Com.foobar.MyClass"/>
<method name= "Writedatatofile"/>
<bug pattern= "Os_open_stream"/>
<!-a method of this class uses a bug pattern with a priority of 2 Dls_dead_local_store detector-->
<class name= "Com.foobar.MyClass"/>
<bug pattern= "Dls_dead_local_store"/>
The specified portion of the <!-code uses a detector that specifies the Bugcode or bug pattern-->
<!-the information class of all packages uses Bugcode for UUF detectors-->
<class name= "~.*/. Messages "/>
<!-all internal packages use Bugcode as a MS detector-->
<package name= "~.*/.internal"/>
<!-ui package layer uses bug mode as Sic_inner_should_be_static_anon detector-->
<package name= "~com/.foobar/.fooproject/.ui.*"/>
<bug pattern= "Sic_inner_should_be_static_anon"/>
<!-the void Main (string[]) method in all classes uses the bug pattern as the dm_exit detector-->
<method returns= "void" name= "main" params= "java.lang.string["/>
<!-Com.foobar.DebugInfo domains in all classes use Bugcode as Uuf detectors-->
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
