Java News from Saturday, April 16, 2005

David Hovemeyer and Bill Pugh have posted FindBugs 0.8.7, an automated open source tool for finding potential bugs in Java code. This release includes several new detectors including:

• Equality comparisons on floating point numbers
• Suspicious uses of BufferedReader.readLine() and String.indexOf()
• Classes that are named XXXException but that are not Exceptions
• Classes that expose semaphores in the public implementation through the 'this' reference.
• Struts Action/Servlet derived classes that reference instance member variable not in synchronized blocks.
• Classes that declare implementation of interfaces that are already implemented by superclasses
• Circular dependencies between classes
• Unnecessary math on constants
• Infinite recursive loops
• for loops with an incorrect increment
• Suspicious integer to double casts
• Invalid regular expression patterns
• Bloch/Gafter Java puzzlers

I tested this release on the latest Jaxen code base. It found a few issues, including two possible genuine bugs. (Using == to compare Boolean objects. In context this was probably OK, but I wasn't absolutely sure of that so I went ahead and fixed them.) It also found a few places where the code was less than optimal: unnecessary object creation, inner classes that could be static, and the like. False positives were few, mostly involving circular dependencies between classes that don't really bother me.

Next I tried it out on the latest Jester code base. Here it found a few more serious problems. The worst of them were problems I already new about (excessive reliance on the classpath; too many calls to System.exit). However, FindBugs did show me exactly where in the code these bugs were arising. I hadn't bothered to track down yet so that was useful information.

Finally I ran it on XOM. Here it found a few performance issues in a part of the code I have been working on optimizing inlcuding one thing I didn't know I should be looking for: when iterating through a Map you can get an EntrySet that contains all mappings rather then grabbing the keys and looking up the value of each key individually. This can save a lot fo lookup time. I probably should have learned that five years ago, but better late than never.

Bottom line: the better your code is, and the better a programmer you are, the less FindBugs will find. The searches it performs are relatively shallow and obvious. They tend to be things experienced Java developers already know not to do. Nonetheless, FindBugs is free and reasonably easy to use, despite a few GUI glitches. It's worth running across your code base every so often. Sometimes even if FindBugs doesn't find anything, inspecting it's output will cause you to notice things you'd missed before. FindBugs requires Java 1.4 or later and is published under the LGPL.