Findbugs使用说明
1 用途
FindBugs 是一个java bytecode静态分析工具,它可以帮助java工程师提高代码质量以及排除隐含的缺陷。
FindBugs检查类或者 JAR 文件,将字节码与一组缺陷模式进行对比以发现可能的问题。
有了静态分析工具,就可以在不实际运行程序的情况对软件进行分析。FindBugs不是通过分析类文件的形式或结构来确定程序的意图,而是通常使用 Visitor 模式进行分析(Visitor 模式的更多信息)。
2 安装
目前findbugs最新的版本是1.3.9,
2.1 Eclipse插件的安装
环境要求,Findbugs要求Eclipse 3.4 以上的版本,JRE/JDK 1.5.0以上的版本。
步骤,将edu.umd.cs.findbugs.plugin.eclipse_1.3.9.20090821.zip解压到Eclipse的 "plugins"子目录下,这样就可以在 <eclipse_install_dir>/plugins/edu.umd.cs.findbugs.plugin.eclipse_1.3.9.20090821/下看到FindBugs logo图片findbugs.png。
启动Eclipse 然后选择 Help → About Eclipse Platform → Plug-in Details,你应该找到 "FindBugs Plug-in"。
3 使用
启动
选中java工程,点击鼠标右键,选择名为“Find Bugs”的菜单,FindBugs开始运行,问题指示器将指向根据bug模式识别出来的潜在问题代码位置。
可选项定制
你还可以通过java工程的属性对话框来定制findbugs的运行方式,可选项包括:
控制"Run FindBugs Automatically" 开关的checkbox。 选中时, FindBugs 将在每次修改java类后启动运行。
选择最小告警优先级和Bug类别。这些选项将选择哪些警告被显示。例如,如果你选择"Medium",只有Medium 和 High priority 警告将被显示。近似地,如果你未选中 "Style" checkbox,Style类的警告信息将不会被显示。
选择探测器。这个列表允许你选择你想在工程中使用的探测器。
4 配套的Bug模式解释
为了有针对性的使用这个工具,减少bug的误报,提高使用效率,我们选择了10个左右的bug模式,下面就是对这10个模式的解释。
这些bug可能会引起程序的性能或逻辑问题.
需要说明的是,findbugs能检测的bug pattern远不仅于此,甚至可以定制自己的探测器,因此,这个文档会不断扩充,同时,也欢迎大家不断探索和分享使用实践.
4.1 ES_COMPARING_PARAMETER_STRING_WITH_EQ
ES: Comparison of String parameter using == or != (ES_COMPARING_PARAMETER_STRING_WITH_EQ)
This code compares a java.lang.String parameter for reference equality using the == or != operators. Requiring callers to pass only String constants or interned strings to a method is unnecessarily fragile, and rarely leads to measurable performance gains. Consider using the equals(Object) method instead.
使用 == 或者 != 来比较字符串或interned字符串,不会获得显著的性能提升,同时并不可靠,请考虑使用equals()方法。
4.2 HE_EQUALS_NO_HASHCODE
HE: Class defines equals() but not hashCode() (HE_EQUALS_NO_HASHCODE)
This class overrides equals(Object), but does not override hashCode(). Therefore, the class may violate the invariant that equal objects must have equal hashcodes.
类定义了equals()方法但没有重写hashCode()方法,这样违背了相同对象必须具有相同的hashcodes的原则
4.3 IT_NO_SUCH_ELEMENT
It: Iterator next() method can't throw NoSuchElement exception (IT_NO_SUCH_ELEMENT)
This class implements the java.util.Iterator interface. However, its next() method is not capable of throwing java.util.NoSuchElementException. The next() method should be changed so it throws NoSuchElementException if is called when there are no more elements to return.
迭代器Iterator无法抛出NoSuchElement异常,类实现了java.util.Iterator接口,但是next()方法无法抛出java.util.NoSuchElementException异常,因此,next()方法应该做如此修改,当被调用时,如果没有element返回,则抛出NoSuchElementException异常
4.4 J2EE_STORE_OF_NON_SERIALIZABLE_OBJECT_INTO_SESSION
J2EE: Store of non serializable object into HttpSession (J2EE_STORE_OF_NON_SERIALIZABLE_OBJECT_INTO_SESSION)
This code seems to be storing a non-serializable object into an HttpSession. If this session is passivated or migrated, an error will result.
将没有实现serializable的对象放到HttpSession中,当这个session被钝化和迁移时,将会产生错误,建议放到HttpSession中的对象都实现serializable接口。
4.5 ODR_OPEN_DATABASE_RESOURCE
ODR: Method may fail to close database resource (ODR_OPEN_DATABASE_RESOURCE)
The method creates a database resource (such as a database connection or row set), does not assign it to any fields, pass it to other methods, or return it, and does not appear to close the object on all paths out of the method. Failure to close database resources on all paths out of a method may result in poor performance, and could cause the application to have problems communicating with the database.
方法可能未关闭数据库资源,未关闭数据库资源将会导致性能变差,还可能引起应用与服务器间的通讯问题。
4.6 OS_OPEN_STREAM
OS: Method may fail to close stream (OS_OPEN_STREAM)
The method creates an IO stream object, does not assign it to any fields, pass it to other methods that might close it, or return it, and does not appear to close the stream on all paths out of the method. This may result in a file descriptor leak. It is generally a good idea to use a finally block to ensure that streams are closed.
方法可能未关闭stream,方法产生了一个IO流,却未关闭,将会导致文件描绘符的泄漏,建议使用finally block来确保io stream被关闭。
4.7 DMI_CALLING_NEXT_FROM_HASNEXT
DMI: hasNext method invokes next (DMI_CALLING_NEXT_FROM_HASNEXT)
The hasNext() method invokes the next() method. This is almost certainly wrong, since the hasNext() method is not supposed to change the state of the iterator, and the next method is supposed to change the state of the iterator.
4.8 IL_INFINITE_LOOP
IL: An apparent infinite loop (IL_INFINITE_LOOP)
This loop doesn't seem to have a way to terminate (other than by perhaps throwing an exception).
明显的无限循环.
4.9 IL_INFINITE_RECURSIVE_LOOP
IL: An apparent infinite recursive loop (IL_INFINITE_RECURSIVE_LOOP)
This method unconditionally invokes itself. This would seem to indicate an infinite recursive loop that will result in a stack overflow.
明显的无限迭代循环,将导致堆栈溢出.
4.10 WMI_WRONG_MAP_ITERATOR
WMI: Inefficient use of keySet iterator instead of entrySet iterator (WMI_WRONG_MAP_ITERATOR)
This method accesses the value of a Map entry, using a key that was retrieved from a keySet iterator. It is more efficient to use an iterator on the entrySet of the map, to avoid the Map.get(key) lookup.
使用了keySet iterator和Map.get(key)来获取Map值,这种方式效率低,建议使用entrySet的iterator效率更高.
4.11 IM_BAD_CHECK_FOR_ODD
IM: Check for oddness that won't work for negative numbers (IM_BAD_CHECK_FOR_ODD)
The code uses x % 2 == 1 to check to see if a value is odd, but this won't work for negative numbers (e.g., (-5) % 2 == -1). If this code is intending to check for oddness, consider using x & 1 == 1, or x % 2 != 0.
奇偶检测逻辑,未考虑负数情况.
欢迎分享,转载请注明来源:内存溢出
评论列表(0条)