Java News from Friday, September 15, 2006

Bill Pugh of the University of Maryland has released FindBugs 1.1, an automated open source tool for finding potential bugs in Java code. This release attempts to reduce the number of false positives and increase the number of null pointer dereferences it can detect. This release also adds several new bug detectors including one "for computing the absolute value of a random 32 bit integer or of a hashcode. This is broken because Math.abs(Integer.MIN_VALUE) == Integer.MIN_VALUE, and thus result of calling Math.abs, which is expected to be nonnegative, will in fact be negative one time out of 2 32, which will invariably be the time your boss is demoing the software to your customers."

I tested this out on XOM (which bundles jaxen). There are definitely more false positives than true positives. However there are also several new reports, mostly in jaxen, that I need to check out. It definitely found one class that needed an SUID and one redundant null check I could eliminate. Otherwise everything looks like a false positive.