283 lines
19 KiB
HTML
283 lines
19 KiB
HTML
<html>
|
|
<head>
|
|
<title>FindBugs 2™ - Find Bugs in Java Programs</title>
|
|
<link rel="stylesheet" type="text/css" href="findbugs.css" />
|
|
|
|
</head>
|
|
|
|
<body>
|
|
|
|
<table width="100%">
|
|
<tr>
|
|
|
|
|
|
<td bgcolor="#b9b9fe" valign="top" align="left" width="20%">
|
|
<table width="100%" cellspacing="0" border="0">
|
|
<tr><td><a class="sidebar" href="index.html"><img src="umdFindbugs.png" alt="FindBugs"></a></td></tr>
|
|
|
|
<tr><td> </td></tr>
|
|
|
|
<tr><td><b>Docs and Info</b></td></tr>
|
|
<tr><td><font size="-1"><a class="sidebar" href="findbugs2.html">FindBugs 2.0</a></font></td></tr>
|
|
<tr><td><font size="-1"><a class="sidebar" href="demo.html">Demo and data</a></font></td></tr>
|
|
<tr><td><font size="-1"><a class="sidebar" href="users.html">Users and supporters</a></font></td></tr>
|
|
<tr><td><font size="-1"><a class="sidebar" href="http://findbugs.blogspot.com/">FindBugs blog</a></font></td></tr>
|
|
<tr><td><font size="-1"><a class="sidebar" href="factSheet.html">Fact sheet</a></font></td></tr>
|
|
<tr><td><font size="-1"><a class="sidebar" href="manual/index.html">Manual</a></font></td></tr>
|
|
<tr><td><font size="-1"><a class="sidebar" href="ja/manual/index.html">Manual(ja/日本語)</a></font></td></tr>
|
|
<tr><td><font size="-1"><a class="sidebar" href="FAQ.html">FAQ</a></font></td></tr>
|
|
<tr><td><font size="-1"><a class="sidebar" href="bugDescriptions.html">Bug descriptions</a></font></td></tr>
|
|
<tr><td><font size="-1"><a class="sidebar" href="mailingLists.html">Mailing lists</a></font></td></tr>
|
|
<tr><td><font size="-1"><a class="sidebar" href="publications.html">Documents and Publications</a></font></td></tr>
|
|
<tr><td><font size="-1"><a class="sidebar" href="links.html">Links</a></font></td></tr>
|
|
|
|
<tr><td> </td></tr>
|
|
|
|
<tr><td><a class="sidebar" href="downloads.html"><b>Downloads</b></a></td></tr>
|
|
|
|
<tr><td> </td></tr>
|
|
|
|
<tr><td><a class="sidebar" href="http://www.cafeshops.com/findbugs"><b>FindBugs Swag</b></a></td></tr>
|
|
|
|
<tr><td> </td></tr>
|
|
|
|
<tr><td><b>Development</b></td></tr>
|
|
<tr><td><font size="-1"><a class="sidebar" href="http://sourceforge.net/tracker/?group_id=96405">Open bugs</a></font></td></tr>
|
|
<tr><td><font size="-1"><a class="sidebar" href="reportingBugs.html">Reporting bugs</a></font></td></tr>
|
|
<tr><td><font size="-1"><a class="sidebar" href="contributing.html">Contributing</a></font></td></tr>
|
|
<tr><td><font size="-1"><a class="sidebar" href="team.html">Dev team</a></font></td></tr>
|
|
<tr><td><font size="-1"><a class="sidebar" href="api/index.html">API</a> <a class="sidebar" href="api/overview-summary.html">[no frames]</a></font></td></tr>
|
|
<tr><td><font size="-1"><a class="sidebar" href="Changes.html">Change log</a></font></td></tr>
|
|
<tr><td><font size="-1"><a class="sidebar" href="http://sourceforge.net/projects/findbugs">SF project page</a></font></td></tr>
|
|
<tr><td><font size="-1"><a class="sidebar" href="http://code.google.com/p/findbugs/source/browse/">Browse source</a></font></td></tr>
|
|
<tr><td><font size="-1"><a class="sidebar" href="http://code.google.com/p/findbugs/source/list">Latest code changes</a></font></td></tr>
|
|
</table>
|
|
</td>
|
|
|
|
<td align="left" valign="top">
|
|
|
|
<p></p>
|
|
<table>
|
|
<tr>
|
|
<td valign="center"><a href="http://findbugs.sourceforge.net/"><img src="buggy-sm.png" alt="FindBugs logo"
|
|
border="0" /> </a></td>
|
|
<td valign="center"><a href="http://www.umd.edu/"><img src="informal.png"
|
|
alt="UMD logo" border="0" /> </a></td>
|
|
</tr>
|
|
</table>
|
|
|
|
<h1>FindBugs 2</h1>
|
|
|
|
<p>This page describes the major changes in FindBugs 2. We are well aware that the documentation on
|
|
the new features in FindBugs 2.0 have not kept up with the implementation. We will be working to
|
|
improve the documentation, but don't want to hold up the release any longer to improve the
|
|
documentation.</p>
|
|
<p>Anyone currently using FindBugs 1.3.9 should find FindBugs 2.0 to largely be a drop-in
|
|
replacement that offers better accuracy and performance.</p>
|
|
|
|
|
|
<p>
|
|
Also check out <a href="http://code.google.com/p/findbugs/w/list">http://code.google.com/p/findbugs/w/list</a>
|
|
for more information about some recent features/changes in FindBugs.
|
|
</p>
|
|
|
|
<p>The major new features in FindBugs 2 are as follows:</p>
|
|
<ul>
|
|
<li>Bug Rank - bugs are given a rank 1-20, and grouped into the categories scariest (rank 1-4),
|
|
scary (rank 5-9), troubling (rank 10-14), and of concern (rank 15-20).
|
|
<ul>
|
|
<li>priority renamed confidence - many people were confused by the priority reported by
|
|
FindBugs, and considered all HIGH priority issues to be important. To reflect the
|
|
actually meaning of this attribute of issues, it has been renamed confidence. Issues of
|
|
different bug patterns should be compared by there rank, not their confidence.</li>
|
|
</ul>
|
|
|
|
</li>
|
|
<li><a href="#cloud">Cloud storage</a> - having a convent way for developers to share
|
|
information about when an issue was first seen, and whether it is believed to be a serious
|
|
problem, is important to successful and cost-effective deployment of static analysis in a large
|
|
software project.</li>
|
|
<li><a href="#updateChecks">update checks</a> - FindBugs will check for releases of new
|
|
versions of FindBugs. Note: we leverage this capability to count the number of FindBugs users.
|
|
These update checks can easily be disabled.</li>
|
|
<li><a href="#plugins">Plugins</a> - FindBugs 2.0 makes it much easier to define plugins that
|
|
provide various capabilities, and install these plugins either on a per user or per installation
|
|
basis.</li>
|
|
<li><code>fb</code> command - rather than using the rather haphazard collection of command line
|
|
scripts developed over the years for running various FindBugs commands, you can now use just
|
|
one: <code>fb</code>.
|
|
<ul>
|
|
<li><code>fb analyze</code> - invokes the FindBugs analysis</li>
|
|
<li><code>fb gui</code> - launches the FindBugs GUI
|
|
<li><code>fb list</code> - lists the issues from a FindBugs analysis file</li>
|
|
<li><code>fb help</code> - lists the command available.</li>
|
|
</ul>
|
|
<p>
|
|
Plugins can be used to extend the commands that can be invoked via
|
|
<code>fb</code>.
|
|
</p>
|
|
</li>
|
|
<li><a href="#newBugPatterns">New bug patterns and detectors</a>,
|
|
and improved accuracy
|
|
</li>
|
|
<li><a href="#performance">Improved performance</a>: overall, we've seen an average 10%
|
|
performance improvement over a large range of benchmarks, although a few users have experienced
|
|
performance regressions we are still trying to understand.</li>
|
|
<li id="guava">Guava support - working with Kevin Bourrillion, we have provided additional support for the
|
|
<a href="http://code.google.com/p/guava-libraries/">Guava library</a>, recognizing many common
|
|
misuse patterns.
|
|
</li>
|
|
<li id="jsr305">JSR-305 support - improved detection of problems identified by JSR-305 annotations. In
|
|
particular, we've significantly improved both the accuracy and performance of the analysis of
|
|
type qualifiers.</li>
|
|
</ul>
|
|
|
|
<h2 id="cloud">Cloud storage of issue evaluations</h2>
|
|
<p>For many years, you could store evaluations of FindBugs issues within the XML containing the
|
|
analysis results. However, this approach did not work well for a team of distributed developers.
|
|
Instead, we now provide a cloud based mechanism for storing this information. We are providing a
|
|
free communal cloud (hostied by Google appengine) for storing evaluations of FindBugs issues. You
|
|
can set up your own private cloud for storing issues, but at the moment this checking out a copy of
|
|
FindBugs, making some modifications and building the cloud storage plugin from source. We hope to
|
|
make it easier to have your own private cloud in FindBugs 2.0.1.</p>
|
|
<p>We have analyzed several large open source projects, and provide Java web start links to allow
|
|
you to view the results. We'd be happy to work with projects to make the results available from a
|
|
continuous build:</p>
|
|
<ul>
|
|
<li><a href="http://findbugs.cs.umd.edu/cloud/jdk.jnlp">Sun's JDK 8</a></li>
|
|
<li><a href="http://findbugs.cs.umd.edu/cloud/eclipse.jnlp">Eclipse 3.8</a></li>
|
|
<li><a href="http://findbugs.cs.umd.edu/cloud/tomcat.jnlp">Apache Tomcat 7.0</a></li>
|
|
<li><a href="http://findbugs.cs.umd.edu/cloud/intellij.jnlp">IntelliJ IDEA</a></li>
|
|
<li><a href="http://findbugs.cs.umd.edu/cloud/jboss.jnlp">JBoss</a></li>
|
|
</ul>
|
|
|
|
<h2 id="updateChecks">FindBugs update checks</h2>
|
|
<p>
|
|
FindBugs now checks to see if a new version of FindBugs or a plugin has been released. We make use
|
|
of this check to collect statistics on the operating system, java version, locale and FindBugs entry
|
|
point (e.g., ant, command line, GUI). <a href="updateChecking.html">More information is
|
|
available</a>, including information about how to disable update checks if your organization has a
|
|
policy against allowing the collection of such information. No information about the code being
|
|
analyzed is reported.
|
|
|
|
</p>
|
|
|
|
<h2 id="plugins">Plugins</h2>
|
|
<p>FindBugs 2.0 makes it much easier to customize FindBugs with plugins.</p>
|
|
<p>FindBugs looks for plugins in two places: your personal home directory, and in FindBugs home
|
|
(plugins installed in your home directory take precedence). In both places, it looks in two places:
|
|
the plugin directory, which contains plugins that are enabled by default, and the optionalPlugin
|
|
directory, which contains plugins that are disabled by default but can be enabled for a particular
|
|
project.</p>
|
|
<p>The FindBugs project includes several plugins:</p>
|
|
<ul>
|
|
<li><i>Cloud plugins</i>: These plugins provide ways to persist and share information about
|
|
issues seen in an analysis (e.g., when was this issue first seen, and any evaluations as to
|
|
whether this is harmless or a must fix issue, as well as comments about the issue from
|
|
developers)
|
|
<ul>
|
|
<li><code>bugCollectionCloud</code> - stores issue evaluations in the XML. The way
|
|
issue evaluations were always stored before FindBugs 2.0. Distributed in the
|
|
optionalPlugin directory.</li>
|
|
<li><code>findbugsCommunalCloud</code> Stores issue evaluations in the communal cloud
|
|
hosted at findbugs.appspot.com. Distributed in the plugin directory.</li>
|
|
<li><code>jdbcCloudClient</code> an older, deprecated cloud that stored information in
|
|
an SQL database. Not distributed, most be built from source.</li>
|
|
</ul></li>
|
|
<li><code>noUpdateChecks</code> - Disables checks for updated versions and usage counting.
|
|
Distributed in the optionalPlugin directory.</li>
|
|
<li><code>poweruser</code> - provides a number of additional commands for the <code>fb</code>
|
|
command. It is believed most of these commands are used by few people outside of the FindBugs
|
|
development team. Distributed in the optionalPlugin directory.</li>
|
|
<li><i>Bug filing plugins</i>: these plugins assist in the filing of FindBugs issues in built
|
|
trackers. The bug filing framework is designed to be extensible to other bug filing systems. At
|
|
the moment, these plugins are not supported, and must be built from source.
|
|
<ul>
|
|
<li><code>jira</code></li>
|
|
<li><code>google code</code></li>
|
|
</ul></li>
|
|
</ul>
|
|
<h2 id="performance">Performance Improvements/regressions</h2>
|
|
<p>
|
|
In our own testing, <a href="performance.html">we've seen an overall improvement of 9% in
|
|
FindBugs performance from 1.3.9 to 2.0.0, with the majority of benchmarks seeing improvements</a>. A
|
|
few users have reported significant performance regressions and we are <a href="performance.html">asking
|
|
for more information from anyone seeing significant performance regressions</a>.
|
|
|
|
</p>
|
|
<h2 id="newBugPatterns">New Bug patterns</h2>
|
|
<ul>
|
|
<li><a
|
|
href="http://findbugs.sourceforge.net/bugDescriptions.html#AT_OPERATION_SEQUENCE_ON_CONCURRENT_ABSTRACTION">AT_OPERATION_SEQUENCE_ON_CONCURRENT_ABSTRACTION</a>
|
|
</li>
|
|
<li><a
|
|
href="http://findbugs.sourceforge.net/bugDescriptions.html#BX_UNBOXING_IMMEDIATELY_REBOXED">BX_UNBOXING_IMMEDIATELY_REBOXED</a>
|
|
</li>
|
|
<li><a
|
|
href="http://findbugs.sourceforge.net/bugDescriptions.html#CO_COMPARETO_RESULTS_MIN_VALUE">CO_COMPARETO_RESULTS_MIN_VALUE</a>
|
|
</li>
|
|
<li><a
|
|
href="http://findbugs.sourceforge.net/bugDescriptions.html#DLS_DEAD_LOCAL_STORE_SHADOWS_FIELD">DLS_DEAD_LOCAL_STORE_SHADOWS_FIELD</a>
|
|
</li>
|
|
<li><a href="http://findbugs.sourceforge.net/bugDescriptions.html#DMI_ARGUMENTS_WRONG_ORDER">DMI_ARGUMENTS_WRONG_ORDER</a>
|
|
</li>
|
|
<li><a
|
|
href="http://findbugs.sourceforge.net/bugDescriptions.html#DMI_BIGDECIMAL_CONSTRUCTED_FROM_DOUBLE">DMI_BIGDECIMAL_CONSTRUCTED_FROM_DOUBLE</a>
|
|
</li>
|
|
<li><a href="http://findbugs.sourceforge.net/bugDescriptions.html#DMI_DOH">DMI_DOH</a></li>
|
|
<li><a
|
|
href="http://findbugs.sourceforge.net/bugDescriptions.html#DMI_ENTRY_SETS_MAY_REUSE_ENTRY_OBJECTS">DMI_ENTRY_SETS_MAY_REUSE_ENTRY_OBJECTS</a>
|
|
</li>
|
|
<li><a href="http://findbugs.sourceforge.net/bugDescriptions.html#DM_DEFAULT_ENCODING">DM_DEFAULT_ENCODING</a>
|
|
</li>
|
|
<li><a href="http://findbugs.sourceforge.net/bugDescriptions.html#ICAST_INT_2_LONG_AS_INSTANT">ICAST_INT_2_LONG_AS_INSTANT</a>
|
|
</li>
|
|
<li><a
|
|
href="http://findbugs.sourceforge.net/bugDescriptions.html#INT_BAD_COMPARISON_WITH_INT_VALUE">INT_BAD_COMPARISON_WITH_INT_VALUE</a>
|
|
</li>
|
|
<li><a
|
|
href="http://findbugs.sourceforge.net/bugDescriptions.html#JML_JSR166_CALLING_WAIT_RATHER_THAN_AWAIT">JML_JSR166_CALLING_WAIT_RATHER_THAN_AWAIT</a>
|
|
</li>
|
|
<li><a
|
|
href="http://findbugs.sourceforge.net/bugDescriptions.html#NP_UNWRITTEN_PUBLIC_OR_PROTECTED_FIELD">NP_UNWRITTEN_PUBLIC_OR_PROTECTED_FIELD</a>
|
|
</li>
|
|
<li><a
|
|
href="http://findbugs.sourceforge.net/bugDescriptions.html#OBL_UNSATISFIED_OBLIGATION_EXCEPTION_EDGE">OBL_UNSATISFIED_OBLIGATION_EXCEPTION_EDGE</a>
|
|
</li>
|
|
<li><a
|
|
href="http://findbugs.sourceforge.net/bugDescriptions.html#PZ_DONT_REUSE_ENTRY_OBJECTS_IN_ITERATORS">PZ_DONT_REUSE_ENTRY_OBJECTS_IN_ITERATORS</a>
|
|
</li>
|
|
<li><a
|
|
href="http://findbugs.sourceforge.net/bugDescriptions.html#RV_CHECK_COMPARETO_FOR_SPECIFIC_RETURN_VALUE">RV_CHECK_COMPARETO_FOR_SPECIFIC_RETURN_VALUE</a>
|
|
</li>
|
|
<li><a
|
|
href="http://findbugs.sourceforge.net/bugDescriptions.html#RV_NEGATING_RESULT_OF_COMPARETO">RV_NEGATING_RESULT_OF_COMPARETO</a>
|
|
</li>
|
|
<li><a
|
|
href="http://findbugs.sourceforge.net/bugDescriptions.html#RV_RETURN_VALUE_IGNORED_INFERRED">RV_RETURN_VALUE_IGNORED_INFERRED</a>
|
|
</li>
|
|
<li><a
|
|
href="http://findbugs.sourceforge.net/bugDescriptions.html#SA_LOCAL_SELF_ASSIGNMENT_INSTEAD_OF_FIELD">SA_LOCAL_SELF_ASSIGNMENT_INSTEAD_OF_FIELD</a>
|
|
</li>
|
|
<li><a
|
|
href="http://findbugs.sourceforge.net/bugDescriptions.html#URF_UNREAD_PUBLIC_OR_PROTECTED_FIELD">URF_UNREAD_PUBLIC_OR_PROTECTED_FIELD</a>
|
|
</li>
|
|
<li><a
|
|
href="http://findbugs.sourceforge.net/bugDescriptions.html#UUF_UNUSED_PUBLIC_OR_PROTECTED_FIELD">UUF_UNUSED_PUBLIC_OR_PROTECTED_FIELD</a>
|
|
</li>
|
|
<li><a
|
|
href="http://findbugs.sourceforge.net/bugDescriptions.html#UWF_UNWRITTEN_PUBLIC_OR_PROTECTED_FIELD">UWF_UNWRITTEN_PUBLIC_OR_PROTECTED_FIELD</a>
|
|
</li>
|
|
<li><a
|
|
href="http://findbugs.sourceforge.net/bugDescriptions.html#VA_FORMAT_STRING_USES_NEWLINE">VA_FORMAT_STRING_USES_NEWLINE</a>
|
|
</li>
|
|
<li><a href="http://findbugs.sourceforge.net/bugDescriptions.html#VO_VOLATILE_INCREMENT">VO_VOLATILE_INCREMENT</a>
|
|
</li>
|
|
</ul>
|
|
|
|
</td>
|
|
</tr>
|
|
</table>
|
|
|
|
</body>
|
|
</html>
|