Java News from Wednesday, March 31, 2004

David Hovemeyer has posted FindBugs 0.7.2, an automated open source tool for finding potential bugs in Java code. I ran this across the current XOM code base, and it found a couple of minor issues such as two streams that weren't closed on all paths through a method. However, this isn't really a fair test since I've used this tool repeatedly on XOM in the past, and most of the bugs it could find were found by earlier versions and thus have since been fixed. Version 0.7.2 can now check Java 1.5 class files. A few random bugs are fixed as well. Java 1.4 or later is required. FindBugs is published under the LGPL.

Tom Copeland has released PMD 1.6, an open source tool for automatically checking Java code for various classes of bugs. PMD scans Java source code and looks for potential problems including:

This version focuses on performance optimizations and bug fixes. PMD 1.6 found one real problem in the XOM code base, which surprised me because the last few runs hadn't turned up anything significant. A number of constructors were calling overridable (non-final, non-private) methods. This was indeed a change in my code base since I had last run earlier versions of PMD. I had definalized a number of setter methods to make XOM more extensible.

It wasn't immediately obvious to me why this was a problem, but I eventually found it in Item 15 of Bloch's Effective Java, "Design and document for inheritance or else prohibit it." The problem is that the constructor may call overridden versions of these methods before the object has been fully initialized. The subclass methods may, however, assume the object has been initialized This is something that had changed in XOM since the last time I ran PMD. I've spent some time thinking about whether this is a real problem or not. In context, I don't think it's a huge problem; but it's easy enough to fix without changing the API or hurting performance or anything else detrimental so I think I'm going to go ahead and fix it anyway.

R. Rawson-Tetley has posted SwingWT 0.81, an open source, "100% pure Java library which very closely resembles the interface of Swing. The difference is that instead of using the Swing library, it drives native peer widgets for your platform from SWT" (the Eclipse GUI toolkit). With this library, Java/Swing applications can be compiled natively under Linux using gcj. It also allows Swing apps to use native widgets. Version 0.81 is now compatible with the open source Kaffe virtual machine. It also fixes various bugs. SwingWT is dual licensed under the Common Public License and the LGPL.

Version 2.1.3 of EJBCA , an open source, Java 2 Enterprise Edition (J2EE) Certificate Authority, has been released. EJBCA can be used standalone or integrated into other J2EE application. It supports multiple levels of certificate authorities, individual enrollment and batch production of certificates, PKCS12 and PEM export, configurable certificate contents. revocation and certificate revocation lists, and more. Version 2.1.3 is a bug fix release to improve interoperability with Internet Explorer. EJBCA is published under the LGPL.

YourKit, LLC has released YourKit Java Profiler 2.0.2, a 295€ payware tool for detecting memory leaks and memory consumption bottlenecks. It features Automation of memory leak detection, an object heap browser, JUnit integration, IntelliJ IDEA Borland JBuilder integration. Version 2.0.2 is a bug fix release. The tool runs on Windows or Linux.