FindBugs
 
Docs and Info
Fact sheet
Manual (en)
Manual (ja)
FAQ
Bug descriptions
Mailing lists
Documents and Publications
Links
 
Downloads
 
FindBugs Swag
 
Development
Reporting bugs
Contributing
Dev team
Change log
SF project page
Browse source

FindBugs Change Log

Changes since version 0.8.7:

  • New detector to find duplicate code in if/else statements (Dave Brosius)
  • Look for calls to wait() on Condition objects (David Hovemeyer)
  • Look for java.util.concurrent.Lock objects not released on every path out of method (David Hovemeyer)
  • Look for calls to Thread.sleep() with a lock held (David Hovemeyer)
  • More accurate detection of impossible casts (Bill Pugh, David Hovemeyer)
  • Saved XML now contains project statistics (Jay Dunning)
  • Filter files can select by bug pattern type and warning priority (David Hovemeyer)
  • Restored some files inadvertently omitted from previous release (Rohan Lloyd, David Hovemeyer)
  • Make sure detectors requiring JDK 1.5 runtime classes are only executed if those classes are available (David Hovemeyer)
  • Don't display analysis error dialog unless there is really an error (David Hovemeyer)
  • Updated and expanded French translations of bug patterns and Swing GUI (Olivier Parent)
  • Fixed invalid character encoding in German Swing GUI translation (Olivier Parent)
  • Fix locale used for date format in project stats (K. Hashimoto)
  • Fixed LongDescription elements in xml:withMessages output format (K. Hashimoto)

Changes since version 0.8.6:

  • Extend Naming detector to look for classes that are named XXXException but that are not Exceptions (Dave Brosius)
  • New detector to find classes that expose semaphores in the public implementation through the 'this' reference. (Dave Brosius)
  • New Style detector to find Struts Action/Servlet derived classes that reference instance member variable not in synchronized blocks. (Dave Brosius)
  • New Style detector to find classes that declare implementation of interfaces that are already implemented by super classes (Dave Brosius)
  • New Style detector to find circular dependencies between classes (Dave Brosius)
  • New Style detector to find unnecessary math on constants (Dave Brosius)
  • New detector to find equality comparisons using floating point math (Jay Dunning)
  • New faster detector to find local self assignments (Bill Pugh)
  • New detector to find infinite recursive loops (Bill Pugh)
  • New detector to find for loops with an incorrect increment (Bill Pugh)
  • New detector to find suspicious uses of BufferedReader.readLine() and String.indexOf() (Bill Pugh)
  • New detector to find suspicious integer to double casts (David Hovemeyer, Bill Pugh)
  • New detector to find invalid regular expression patterns (Bill Pugh)
  • New detector to find Bloch/Gafter Java puzzlers (Bill Pugh)
  • New system property to suppress reporting of DLS based on local variable name (Glenn Boysko)
  • Enhancements to configuration dialog in Eclipse plugin, allow for saving enabled detectors in Eclipse projects (Phil Crosby)
  • Sortable columns in detector dialog (Dave Brosius)
  • New tab in gui for showing bugs grouped by category (Dave Brosius)
  • Improved German translation of Swing GUI (Thomas Kuehne)
  • Improved source file reporting in Emacs output format (Len Trigg)
  • Improvements to redundant null comparison detector (Bill Pugh)
  • Localization of run analysis and analysis error dialogs in Swing GUI (K. Hashimoto)
  • Don't scan equals methods in FindHEMismatch if code is native (Greg Bentz)
  • French translation fixes (David Cotton)
  • Internationalization report fixes (K. Hashimoto)
  • Japanese translations updates (SHISEI Hanai)

Changes since version 0.8.5:

  • New detector to find catch blocks that may inadvertently catch runtime exceptions (Brian Goetz)
  • New detector to find objects that are instantiated based on classes that only have static methods and fields, using the synthesized constructor (Dave Brosius)
  • New detector to find calls to Thread.interrupted() in a non static context, and especially with non currentThread() threads (Dave Brosius)
  • New detector to find calls to equals() methods that use Object's version. (Dave Brosius)
  • New detector to find Applets that call methods in the constructor refering to the AppletStub (Dave Brosius)
  • New detector to find some cases of infinite recursion (Bill Pugh)
  • New detector to find dead stores to local variables (David Hovemeyer, Bill Pugh)
  • Extend Dumb Method detector for toUpperCase(), toLowerCase() without a locale, new Integer(1).toString(), new XXX().getClass(), and new Thread() without a run implementation (Dave Brosius)
  • Ant task supports "errorProperty" attribute, which sets an Ant property to "true" if an error occurs running FindBugs (Michael Tamm)
  • Eclipse plugin allows filtering of warnings by bug category, priority (David Hovemeyer)
  • Swing GUI allows filtering of warnings by bug category (David Hovemeyer)
  • Ability to annotate methods using Java 1.5 annotations that suppress FindBugs warnings (Bill Pugh)
  • New -adjustExperimental for lowering priority of BugPatterns that are experimental (Dave Brosius)
  • Allow for command line options 'files' using the @ symbol (David Hovemeyer)
  • New -adjustPriority command line option to for adjusting bug priorites (David Hovemeyer)
  • Added an Edit menu (cut/copy/paste) to Swing GUI (Dave Brosius)
  • French translation supplied (David Cotton)

Changes since version 0.8.4:

  • New detector for violatile references to arrays (Bill Pugh)
  • New detector to find instanceof usage where inheritance can be determined statically (Dave Brosius)
  • New detector to find ResultSet.getXXX updateXXX calls using index 0 (Dave Brosius)
  • New detector to find empty zip or jar entries (Bill Pugh)
  • HTML output generation using built-in XSLT stylesheet or user-defined stylesheet (David Hovemeyer)
  • Allow URLs to be specified to analyze zip/jar files, local directories, and single classfiles (David Hovemeyer)
  • New command line option -onlyAnalyze restricts analysis to selected classes and packages without reducing accuracy (David Hovemeyer)
  • Allow Swing GUI to show source code in jar files on Windows systems (Dave Brosius)
  • Fix the Switch Fall Thru detector (Dave Brosius, David Hovemeyer, Bill Pugh)
  • MacOS GUI fixes (Rohan Lloyd)
  • Fix false positive in BOA in case where method is correctly and 'incorrectly' overridden (Dave Brosius)
  • Fixed memory blowup when analyzing methods which access a large number of fields (David Hovemeyer)

Changes since version 0.8.3:

  • Initial and preliminary localization of the Swing GUI.  Translations by:
    • German - Peter D. Stout, Holger Stenzhorn
    • Finnish - Juha Knuutila
    • Estonian - Tanel Lebedev
    • Japanese - Hanai Shisei
  • Eliminated debug print statements inadvertently left enabled
  • Reverted some changes in the open stream detector: this should fix some false positives that were introduced in the previous release
  • Fixed a couple missing class reports

Changes since version 0.8.2:

  • New detector to find improperly overridden GUI Adapter classes (Dave Brosius)
  • New detector to find improperly setup JUnit TestCases (Dave Brosius)
  • New detector to find variables that mask class level fields (Dave Brosius)
  • New detector to find comparisions of values computed with bitwise operators that always yield the same result (Tom Truscott)
  • New detector to find unsafe getClass().getResource() calls (Bill Pugh)
  • New detector to find GUI changes not in GUI thread but in static main (Bill Pugh)
  • New detector to find calls to Collection.toArray() with zero-length array argument; it is more efficient to pass an array the size of the collection, which can be populated and returned as the result (Dave Brosius)
  • Better suppression of false warnings in various detectors (Bill Pugh, David Hovemeyer)
  • Enhancement to ReadReturnShouldBeChecked detector for skip() (Dave Brosius)
  • Enhancement to DumbMethods detector (Dave Brosius)
  • Open stream detector does not report wrappers of streams passed as method parameters (David Hovemeyer)
  • Cancel confirmation dialog in Swing GUI (Pete Angstadt)
  • Better relative path saving in Project file (Dave Brosius)
  • Detector Priority in GUI is now saved in prefs file (Dave Brosius)
  • Controls in GUI to reorder source and classpath entries, and ability to flip between Project details and bugs pages (Dave Brosius)
  • In Swing GUI, analysis error dialog supports "Select All" and "Copy" operations for easy generation of error reports (Dave Brosius)
  • Complete translation of bug descriptions and messages into Japanese (Hanai Shisei)
  • Fixed bug in DroppedException detector (Dave Brosius)
  • The source distribution defaults to using JDK 1.5 javac to compile, but support for compiling with JSR-14 prototype is still supported

Changes since version 0.8.1:

  • Fixed a critical ClassCastException bug (triggered if the -workHard option was used, and an exception type was merged with an array type during type inference)

Changes since version 0.8.0:

  • Disabled SwitchFallthrough detector to work around NullPointerExceptions
  • Added some additional false positive suppression heuristics

Also, two contributors to the 0.8.0 release were inadvertently left out of the credits:

  • Pete Angstadt fixed several problems in the Swing GUI
  • Francis Lalonde provided a task resource file for the FindBugs Ant task

Changes since version 0.7.4:

  • New detector to look for uses of "+" operator to concatenate String objects in a loop (Dave Brosius)
  • Reference comparision detector looks for places where the argument passed to the equals(Object) method isn't the same type as the receiver object
  • Better suppression of false warnings in many detectors
  • Many improvements to Eclipse plugin (Andrei Loskutov, Peter Friese)
  • Fixed problem with building Eclipse plugin on Windows (Thomas Klaeger)
  • Open stream detector looks for unclosed PreparedStatement objects (Thomas Klaeger, Rohan Lloyd)
  • Fix for open stream detector: it wasn't detecting close() methods called through an invokeinterface instruction (Thomas Klaeger)
  • Refactoring of visitor classes to enforce use of accessors for visited class features (Brian Goetz)

Changes since version 0.7.3:

  • Experimental modification of open stream detector to look for non-escaping JDBC resources (connections and statements) that aren't closed on all paths out of method
  • Eclipse plugin fixed so it compiles and runs on Eclipse 2.1.x (Peter Friese)
  • Option to Swing GUI and command line to generate project file using relative paths for archives, source directories, and aux classpath entries (Dave Brosius)
  • Improvements to findbugs.bat script for launching FindBugs on Windows (Dave Brosius)
  • Updated Japanese message translations (Hiroshi Okugawa)
  • Uncalled private methods are now reported as low priority, unless they have the same name as another method in the class (which is more likely to indicate an actual bug)
  • Added some missing data in the bug messages XML files
  • Fixed some problems building from source on Windows systems
  • Various minor bug fixes

Changes since version 0.7.2:

  • Enhanced Eclipse plugin, which displays the detailed bug description in a view (Phil Crosby)
  • Various tweaks to existing detectors to reduce false warnings
  • New command line option -workHard enables pruning of infeasible or unlikely exception edges, which results in better accuracy in the open stream detector, at the expense of a 30%-100% slowdown
  • New website and HTML documentation design
  • Documentation includes an HTML document with descriptions of all bug patterns reported by FindBugs
  • Web page has a link to a Japanese translation of the FindBugs manual, contributed by Hiroshi Okugawa
  • Changed the Inconsistent Synchronization detector so that fields synchronized 50% of the time (or more) are reported as medium priority bugs (previously they were reported as low)
  • New detector to find code that catches IllegalMonitorStateException
  • New detector to find private methods that are never called
  • New detector to find suspicious uses of non-short-circuiting boolean operators (& and |, rather than && and ||)

Changes since version 0.7.1:

  • Incorporated patched version of BCEL, which allows classes compiled with JDK 1.5.0 beta to be analyzed
  • Fixed some bugs related to lookups of array classes
  • Fixed bug that prevented GUI from loading XML result files when running under JDK 1.5.0 beta
  • Added new experimental bug detector, LazyInit, which looks for potentially buggy lazy initializations of static fields
  • Because of long filenames, switched to distributing the source archive as a zip file rather than a tar file
  • The 0.7.1 source tarfile was botched - 0.7.2 has a valid source archive
  • Fixed some problems in the Ant build script
  • Fixed NullPointerException when checking Class-Path attribute for Jar files without manifests
  • Generate version numbers for the core and UI Eclipse plugins using the Version class; all version numbers are now in a common location

Changes since version 0.7.0:

  • Eclipse plugin (contributed by Peter Friese)
  • Source package structure rearranged: all source (other than Eclipse plugin UI) is in the edu.umd.cs.findbugs package, or a subpackage
  • Class-Path attributes of manifests of analyzed jar files are used to set the aux classpath automatically (Peter D. Stout)
  • GUI starts in directory specified by user.home property (Peter D. Stout)
  • Added -project option to GUI (Mikko T.)
  • Added -look:{plastic,gtk,native} option to GUI, for setting look and feel (Mikko T.)
  • Fixed DataflowAnalysisException in inconsistent synchronization detector
  • Ant task supports failOnError parameter (Rohan Lloyd)
  • Serializable class warnings are downgraded to low priority for GUI classes
  • MWN detector will only report calls to wait(), notify(), and notifyAll() methods that have the correct signature
  • FindBugs works with latest CVS version of BCEL
  • Zip and Jar files may be added to the source path
  • The GUI will automatically find source files residing in analyzed Zip or Jar files

Note that the version number jumped from 0.6.6 to 0.6.9; there were no 0.6.7 or 0.6.8 releases.

Changes since version 0.6.9:

  • Added -conserveSpace option to reduce memory use at the expense of analysis precision
  • Bug fixes in findbugs.bat script: JAVA_HOME handling, autodetection of FINDBUGS_HOME, missing output with -textui
  • Fixed NullPointerException when a missing class is encountered

Changes since version 0.6.6:

  • The null pointer dereference detector is more powerful
  • Significantly improved heuristics and bug fixes in inconsistent synchronization detector
  • Improved heuristics in open stream and dropped exception detectors; fewer false positives should be reported
  • Save HTML summary in XML results files, rather than recomputing; this makes loading results in GUI much faster
  • Report at most one String comparison using == or != per method
  • The findbugs.bat script on Windows autodetects FINDBUGS_HOME, and doesn't open a DOS window when launching the GUI (contributed by TJSB)
  • Emacs reporting format (contributed by David Li)
  • Various bug fixes

Changes since 0.6.5:

  • Rewritten inconsistent synchronization detector; accuracy is significantly improved, and bug reports are prioritized
  • New detector to find self assignment (x=x) of local variables (suggested by Jeff Martin)
  • New detector to find calls to wait(), notify(), and notifyAll() on an object which is not obviously locked
  • Open stream detector now reports Readers and Writers
  • Fixed bug in finalizer idioms detector which caused spurious warnings about failure to call super.finalize() (reported by Jim Menard)
  • Fixed bug where output stream was not closed using non-XML output (reported by Sigiswald Madou)
  • Fixed corrupted HTML bug detail message (reported by Trevor Harmon)

Changes since version 0.6.4:

  • For redundant comparison of reference values, fixed false positives resulting from duplication of code in finally blocks
  • Fixed false positives resulting from wrapped byte array streams left open
  • Fixed bug in Ant task preventing output file from working properly if a relative path was used

Changes since version 0.6.3:

  • Fixed bug in Ant task where output would be corrupted, and added a timeout attribute
  • Added -outputFile option to text UI, for explicitly specifying an output file
  • GUI has a summary window, for statistics about overall bug densities (contributed by Mike Fagan)
  • Find redundant comparisons of reference values
  • More accurate detection of Strings compared with == and != operators
  • Detection of other reference types which should generally not be compared with == and != operators; Boolean, Integer, etc.
  • Find non-transient non-serializable instance fields in Serializable classes
  • Source code may be compiled with latest early access generics-enabled javac (version 2.2)

Changes since version 0.6.2:

  • GUI supports filtering bugs by priority
  • Ant task rewritten; supports all functionality offered by Text UI (contributed by Mike Fagan)
  • Ant task is fully documented in the manual
  • Classes in nested archives are analyzed; this allows full support for analyzing .ear and .war files (contributed by Mike Fagan)
  • DepthFirstSearch changed to use non-recursive implementation; this should fix the StackOverflowErrors that several users reported
  • Various minor bugfixes and improvements

Changes since version 0.6.1:

  • New detector to look for useless control flow (suggested by Richard P. King and Mike Fagan)
  • Look for places where return value of java.io.File.createNewFile() is ignored (suggested by Richard P. King)
  • Fixed bug in resolution of source files (only the first source directory was searched)
  • Fixed a NullPointerException in the bytecode pattern matching code
  • Ant task supports project files (contributed by Mike Fagan)
  • Unix findbugs script honors the JAVA_HOME environment variable (contributed by Pedro Morais)
  • Allow .war and .ear files to be analyzed

Changes since version 0.6.0:

  • New bug pattern detector which looks for places where a null pointer might be dereferenced
  • New bug pattern detector which looks for IO streams that are opened, do not escape the method, and are not closed on all paths out of the method
  • New bug pattern detector to find methods that can return null instead of a zero-length array
  • New bug pattern detector to find places where the == or != operators are used to compare String objects
  • Command line interface can save bugs as XML
  • GUI can save bugs to and load bugs from XML
  • An "Annotations" window in the GUI allows the user to add textual annotations to bug reports; these annotations are preserved when bugs are saved as XML
  • In this release, the Japanese bug summary translations by Germano Leichsenring are really included (they were inadvertently omitted in the previous release)
  • Completely rewrote the control flow graph builder, hopefully for the last time
  • Simplified implementation of control flow graphs, which should reduce memory use and possibly improve performance
  • Improvements to command line interface (list bug priorities, filter by priority, specify aux classpath, specify project to analyze)
  • Various bug fixes and enhancements

Changes since version 0.5.4

  • Added an Ant task for FindBugs, contributed by Mike Fagan.
  • Added a GUI dialog which allows individual bug pattern detectors to be enabled or disabled.  Disabling certain slow detectors can greatly speed up analysis of large programs, at the expense of reducing the number of potential bugs found.
  • Added a new detector for finding improperly ignored return values for methods such as String.trim().  Suggested by Andreas Mandel.
  • Japanese translations of the bug summaries, contributed by Germano Leichsenring.
  • Filtering of results is supported in command line interface. See the FindBugs manual for details.
  • Added "byte code patterns", a general pattern matching infrastructure for bytecode instructions.  This feature significantly reduces the complexity of implementing new bug pattern detectors.
  • Enabled a new general dataflow analysis to track values in methods.
  • Switched to new control-flow graph builder implementation.

Changes since version 0.5.3

  • Fixed a bug in the script used to launch FindBugs on Windows platforms.
  • Fixed crashes when analyzing class files without source line information.
  • All major errors are reported using an error dialog; file not found errors are more informative.
  • Minor GUI improvements.

Changes since version 0.5.2

  • All of the source code and related files are in a single directory tree.
  • Updated some of the detectors to produce source line information.
  • Ant build script and several GUI enhancements and fixes contributed by Mike Fagan.
  • Converted to use a plugin architecture for loading bug detectors.
  • Eliminated generics-related compiler warnings.
  • More complete documentation has been added.

Changes since version 0.5.1:

  • Fixed a large number of bugs in the BCEL Repository and FindBugs's use of the Repository.  With these changes, FindBugs should never crash or otherwise misbehave because of Repository lookup failures.  Because of these changes, you must use a modified version of bcel.jar with FindBugs.  This jar file is included in the FindBugs 0.5.2 binary release.  A complete patch containing the modifications against the BCEL CVS main branch as of April 30, 2003 is also available.
  • Implemented the "auxiliary classpath entry list".  Aux classpath entries can be added to a project to provide classes that are referenced by the analyzed application, but should not themselves be analyzed.  Having all referenced classes available allows FindBugs to produce more accurate results.

Changes since version 0.5.0:

  • Many user interface bugs have been fixed.
  • Upgraded to a recent CVS version of BCEL, with some bug fixes.  This should prevent FindBugs from crashing when there is a failure to find a class on the classpath.
  • Added support for Plastic look and feel from jgoodies.com.
  • Major overhaul of infrastructure for doing dataflow analysis.

Send comments to daveho@cs.umd.edu

SourceForge.net Logo