FindBugs plug-in for Eclipse plug-in development

FindBugs plug-in developed by Eclipse plug-in

http://developer.51cto.com/art/200906/127165.htm
Findbugs is a program for finding bugs in java programs. It finds instances of bug patterns, that is, code instances that may go wrong. Note that Findbugs checks the java bytecode, which is the *.class file.

In fact, to be precise, it is looking for code defects, and it can check out many places that we have written poorly and can be optimized. For example: not closed database connection, missing necessary null check, redundant null check, redundant if postcondition, same conditional branch, duplicate code block, wrong use of "==", it is recommended to use StringBuffer instead of character Concatenate plus and so on. And we can also configure the inspection rules by ourselves (which checks to do, which ones to not do), or we can implement our own unique verification rules (user-defined specific bug modes need to inherit its interface and write their own verification classes) , which is an advanced technique).

1. Installation method For details,

see : http://findbugs.cs.umd.edu/eclipse

If you have previously installed a version of the FindBugs plugin prior to mid-May, 2006, then you should remove it first. Simply remove the de .tobject.findbugs_0.0.n directory from Eclipse's plugins directory.

To install the FindBugs plugin:

1. In Eclipse, click on Help -> Software Update -> Find and Install...

2. Choose the Search for new features to install option, and click Next.

3. Click New Remote Site.

4. Enter the following:

* Name: FindBugs update site

* URL: one of the following (note: no final slash on the url)

o http://findbugs.cs.umd.edu/eclipse for official releases

o http://findbugs.cs.umd.edu/eclipse-candidate for candidate releases and official releases

o http://findbugs.cs.umd.edu/eclipse-daily for all releases, inculding developmental ones and click OK.

5. "FindBugs update site" should appear under Sites to include in search.

Click the checkbox next to it to select it, and click Finish.

6. You should see FindBugs Feature under Select features to install.

(You may have to click on one or two triangles to make it visible in the tree.)

Select the checkbox next to it and click next.

7. Select the I accept option to accept the license and click Next.

8. Make sure the location is correct where you're installing it. The default (your workspace) should be fine. Click Finish.

9. The plugin is not digitally signed. Go ahead and install it Anyway.

Second, the method of use

This article mainly introduces the situation used in Eclipse

FindBugs is a program that can find Bugs in Java programs.

It is specifically used to find code that is in the "Bug Patterns" list.

Bug Patterns refer to instances of code that are likely to be buggy.

Open Bug Details view

Windows => Show View => Other... => FindBugs => BugDetails

Bug Details View

In the Package Explorer or Navigator view, select your Java project, right click, you can see the "Find Bugs" menu item, there are "Find Bugs" and "Clear Bug Markers" in the submenu item, as shown below As shown:

We create a simple test file Test.java with the following content:

public class Test

{

private String[] name;

public String[] getName()

{

return name;

}

public void setName(String[] name)

{

this. name = name;

}

}

We click on "Find Bugs", and the following progress box will appear when

running: After the running, you can see the following warning information added in Problems The warning information content

after FindBugs is running is not only in the Problems view Display, and will mark it in the source code mark box, we can see the warning mark in the source code editor, as shown below:

Warning mark

When the cursor points to the code of your warning message, there will be a corresponding error message , similar to the error or warning message in Eclipse itself.

Selecting the corresponding problem in the Problems view will switch to the corresponding code in the code editor, which is convenient to modify the code according to the corresponding prompt information.

Code Editor

In the Problems view, select the corresponding problem entry, right-click, and in the pop-up menu, you can see "Show Bug Details", as shown in the following figure: Click

it in the Problems view, and it will switch to the Bug Details view.

to display more detailed prompt information.

Of course, in the code editing window, when you click the icon with the warning message, it will automatically switch to the Bud Details window to view the detailed warning information, as shown in the following figure.

Warning information

According to the detailed information here, you can get why FindBugs reports warning information to your code, and the corresponding handling method. According to its prompts, you can quickly and easily modify the code.

Detailed information

According to prompt, we modify the code as follows, and then run it again, and no warning message will be reported.

public class Test

{

private String[] name;

public String[] getName()

{

String[] temp = name;

return temp;

}

public void setName(String[] name)

{

String[] temp = name;

this.name = temp;

}

}

Configure FindBugs

Select your project, right-click => Properties => FindBugs =>

View more wonderful pictures The information that

can be configured includes the related settings of the four options as shown above:

1. Run FindBugs Automatically switch

When this option is selected, FindBugs will It will run automatically when you modify the Java class. For example, after you set the Eclipse automatic compilation switch, when you modify the Java file and save it, FindBugs will run and display the corresponding information.

When this option is not checked, you can only run FindBugs yourself every time you need to check your code.

2. Minimum priority to report option

This option is to let you choose which level of information to display. There are three options of Low, Medium, and High to choose from, which is very similar to the level setting of Log4J. For example:

if you select the High option, then only the prompt information of the High level will be displayed.

If you select the Medium option, only the Medium and High level prompts will be displayed.

You select the Low option, then all levels of prompt information will be displayed.

3. Enable bug categories

options Here are some options for displaying bug categories:

CorrectnessPerformance on code correctness related aspects Internationalization on

code performance related aspects Multithreaded correctness on code multithreaded correctness related aspects of





Style

Malicious code vulnerability on code style related aspects For

example : If you uncheck Style's check box and uncheck it, then the warning message related to Style category will not be displayed. Others are similar.

4. Select bug patterns to check for

option Here you can select the relevant Bug Pattern entry to be checked.

You can see from the Bug codes, Detector name, and Detector description that the corresponding content is to be checked. You can check according to The corresponding check conditions need to be selected or removed.

3. Detailed Description

Findbugs is a static analysis tool that examines a class or JAR file and compares the bytecode with a set of defect patterns to find possible problems. Findbugs comes with its own detectors, including more than 60 kinds of Bad practice, more than 80 kinds of Correctness, 1 kind of Internationalization, 12 kinds of Malicious code vulnerability, 27 kinds of Multithreaded correctness, 23 kinds of Performance, and 43 kinds of Dodgy.

Bad practice

Some bad practices are listed below:

HE: The class defines equals() but does not have hashCode(); or the class defines equals(), but uses

Object.hashCode(); or the class defines hashCode(), but does not have equals(); or the class defines hashCode(), but uses Object.equals(); the class inherits equals(), but uses Object.hashCode() .

SQL: The execute method of Statement calls a non-constant string; or Prepared Statement is generated by a non-constant string.

DE: The method terminates or does not handle the exception. In general, the exception should be handled or reported, or thrown by the method.

Correctness General correctness problems Codes that

may cause errors are listed below:

NP: Null pointer is referenced; in the exception path of the method, the null pointer is referenced; the method does not check whether the parameter is null; the null value is generated and referenced; A null value is generated and referenced in the method's exception path; a null parameter declared as @NonNull is passed to the method; the return value of the method declared as @NonNull is actually null.

Nm: The class defines the hashcode() method, but does not actually override the hashCode() of the parent class Object; the class defines the tostring() method, but does not actually override the toString() of the parent class Object; the obvious method Confused with constructors; method names are easily confused.

SQL: Method attempts to access index 0 of a Prepared Statement; method attempts to access index 0 of a ResultSet.

UwF: All writes set the property to null, so all reads are null, so this property is necessary to exist; or the property is never written.

Internationalization Internationalization

When using the upper or lowercase method on a string, it may not convert properly if it is an international string.

Malicious code vulnerability Possible malicious attacks

If code is public, the code that may be maliciously attacked is listed below:

FI: The finalize() of a class should be protected, not public.

MS: Properties are mutable arrays; properties are mutable Hashtables; properties should be package protected.

Multithreaded correctness Multithreaded

correctness Multithreaded programming, may lead to wrong code, the following lists a few:

ESync: Empty synchronization block, it is difficult to be used correctly.

MWN: wrong use of notify() may result in IllegalMonitorStateException; or wrong

use wait().

No: Use notify() instead of notifyAll(), just wake up one thread instead of all waiting threads.

SC: The constructor calls Thread.start(), which may cause an error when the class is inherited.

Performance performance issues The code that

may lead to poor performance is listed below:

DM: The method calls the inefficient Boolean constructor, and should use Boolean.valueOf(…); use something like

Integer.toString(1) instead of new Integer (1).toString(); The method calls the inefficient float constructor, and the static valueOf method should be used.

SIC: If an inner class wants to be referenced in wider places, it should be declared static.

SS: If an instance property is not to be read, consider declaring it static.

UrF: If an attribute is never read, consider removing it from the class.

UuF: If an attribute is never used, consider removing it from the class.

Dodgy

Dangerous Potentially dangerous code that may generate errors at runtime, here are a few:

CI: The class is declared final but declared protected properties.

DLS: Assign a value to a local variable, but not read the local variable; assign a local variable to null, but not read the local variable.

ICAST: The result of multiplying integer numbers is converted into a long integer number, and the integer type should be converted into a long integer number first and then multiplied.

INT: unnecessary integer-number comparison, such as X <= Integer.MAX_VALUE.

NP: A direct reference to readline() without judging whether it is null; a direct reference to a method call, which may return null.

REC: Catch Exception directly, when it might actually be a RuntimeException.

ST: Modify the class variable directly from the instance method, that is, the static property.

Summary The function of

this plug-in is very good, which can help us improve the ability to write Java code and write more secure and reliable code. It is recommended to use or add it to Ant for continuous build.

Now, you can immediately take out a project you've developed and check your code for problems.