David Hovemeyer and Bill Pugh have posted FindBugs 0.9.0, an automated open source tool for finding potential bugs in Java code. This release includes several new detectors including:
Furthermore, FindBugs can now be launched from Java Web Start. This release now requires Java 1.5.
As usual I tested this
release on XOM. It found one problem that definitely looked like a bug:
a next() method in a non-public Iterator that didn't throw NoSuchElementException when iterated too far.
I'm not sure this could be triggered from the public interface, but
I fixed it anyway. It also indicated what I'm pretty sure are some bugs in the Unicode canonicalization code. That really needs some more test cases.
Then I ran it across Jaxen. Jaxen doesn't have as long a history of being used as a test case for static code analysis tools, so this found a few more issues including some overbroad catch blocks. However, one of the big advantages of using these sorts of tools is that it helps you see the code in a new light. Even if the tool itself doesn't find the bugs, you may discover them on your own while looking at the issues it does find. Sometimes these are the most important problems. This time I found several of those including:
Finally I tested it on unreleased project that I haven't previously used static code analysis on. Here it found some real bugs, including a couple of particularly nasty ones. Bottom line: if you haven't ever used FindBugs before, it will find bugs in your code. And if you haven't used it lately, it's time to use it again.