Bill Pugh of the University of Maryland has released FindBugs 1.1.2, an automated open source tool for finding potential bugs in Java code. New checks in this release include:
Set<String> contains a StringBuffer).
I tested this out on XOM.
It found one serious bug in some sample code that had gone unnoticed for several years. I was casting an Element to an Attribute. Here's another less obvious bug it found. (Arguably it's not a bug, just redundant.) Can you spot it?
public void testEquals() {
Attribute c1 = new Attribute("test", "limit");
Attribute c2 = new Attribute("test", "limit");
Attribute c3 = new Attribute("retina", "retina test");
assertEquals(c1, c1);
assertEquals(c1.hashCode(), c1.hashCode());
assertFalse(c1.equals(c2));
assertFalse(c1.equals(c3));
assertFalse(c1.equals(null));
assertFalse(c1.equals("limit"));
assertFalse(c1.equals(new Element("test")));
}
Very importantly, FindBugs reminded me that the "equals and hashCode method of URL perform domain name resolution." I know I used to know this. I even wrote about it in Java Network Programming, though perhaps I didn't emphasize it as much as I should.
However I'd managed to forget it when writing XOM. This is is why static code analyzers are so useful.
There are still definitely more false positives than true positives, though that will depend on the code base. The GUI is also quite flaky, at least on the mac, and needs some work. I was not able to view all the error messages it generated because I'd click on one category and a different category would open up. Also, the Ant task is broken in this release, so if you use it through Ant you should wait for 1.1.3 next year or try the 1.1.3 release candidate now.