When building a Java Web project using Jenkins, there is a static code check that uses the built-in FindBugs plug-in to check the program source code to analyze the program's behavior, apply it to program correctness checks,
Security flaw detection, program optimization, etc., is characterized by non-execution procedures. It helps to find the following issues early in the project: variables declared but not used, variable type mismatch, variables not defined before use, unreachable code, Dead loops, array out of bounds, memory leaks, etc. It is divided into the following types:
First, bad practice (poor wording)
Second, correctness (not quite)
Three, experimental (experiment)
Iv. Internationalization (internationalization)
V. Malicious code Vulnerability (the vulnerable codes)
Vi. multithreaded Correctness (multithreading issues)
Vii. Performance (Implementation)
Viii. Security (Safety)
IX, dodgy code (suspicious codes)
Specific description, you can attend the following address: List of issues and description
Common examples are:
Sbsc:method concatenates strings using + in a loop (sbsc_use_stringbuffer_concatenation)
The problem description is already clear, try not to use String in the loop, instead of using StringBuffer:
The method seems to is building a String using concatenation in a loop. In each iteration, the string was converted to a stringbuffer/stringbuilder, appended to, and converted back to a String. This can leads to a cost quadratic in the number of iterations, as the growing string was recopied in each iteration.
Better performance can be obtained by using a stringbuffer (or StringBuilder in Java 1.5) explicitly.
For example:
This is the bad String s = ""; for (int i = 0; i < field.length; ++i) { s = s + field[i]; } This is better stringbuffer buf = new StringBuffer (); for (int i = 0; i < field.length; ++i) { buf.append (field[i]); } String s = buf.tostring ();
Write segment code comparison below:
1Long Presecond =System.currenttimemillis ();2String str = "";3 intLength = 10000;4 for(inti = 0; i < length; i++) {5str + =i;6 }7System.out.println ("Cost" + (System.currenttimemillis ()-Presecond) + "seconds.");8Long Possecond =System.currenttimemillis ();9StringBuffer buffer =NewStringBuffer ();Ten for(inti = 0; i < length; i++) { One buffer.append (i); A } -System.out.println ("Cost" + (System.currenttimemillis ()-Possecond) + "seconds.");
The output is:
Cost 363 seconds.
Cost 3 seconds.
In a good Java Ide--intellijidea, you can also install the corresponding plug-ins, to kill these problems before the project on-line, to avoid unnecessary trouble.
After installation, right-click the Java file you want to analyze, select analyzed files to
After analysis, if there is bugs, it will be displayed and then corrected according to the prompts.
Findbugs--java Static code checking