|
|
Docs and Info |
|
|
|
|
|
|
|
|
|
|
|
|
|
Development |
|
|
|
|
|
|
|
FindBugs Change Log
Changes since version 0.8.7:
- New detector to find duplicate code in if/else statements (Dave Brosius)
- Look for calls to wait() on Condition objects (David Hovemeyer)
- Look for java.util.concurrent.Lock objects not released on every path
out of method (David Hovemeyer)
- Look for calls to Thread.sleep() with a lock held (David Hovemeyer)
- More accurate detection of impossible casts (Bill Pugh, David Hovemeyer)
- Saved XML now contains project statistics (Jay Dunning)
- Filter files can select by bug pattern type and warning priority (David Hovemeyer)
- Restored some files inadvertently omitted from previous release (Rohan Lloyd, David Hovemeyer)
- Make sure detectors requiring JDK 1.5 runtime classes are only executed
if those classes are available (David Hovemeyer)
- Don't display analysis error dialog unless there is really an error (David Hovemeyer)
- Updated and expanded French translations of bug patterns and Swing GUI (Olivier Parent)
- Fixed invalid character encoding in German Swing GUI translation (Olivier Parent)
- Fix locale used for date format in project stats (K. Hashimoto)
- Fixed LongDescription elements in xml:withMessages output format (K. Hashimoto)
Changes since version 0.8.6:
- Extend Naming detector to look for classes that are named XXXException but that are
not Exceptions (Dave Brosius)
- New detector to find classes that expose semaphores in the public implementation through
the 'this' reference. (Dave Brosius)
- New Style detector to find Struts Action/Servlet derived classes that reference instance
member variable not in synchronized blocks. (Dave Brosius)
- New Style detector to find classes that declare implementation of interfaces
that are already implemented by super classes (Dave Brosius)
- New Style detector to find circular dependencies between classes (Dave Brosius)
- New Style detector to find unnecessary math on constants (Dave Brosius)
- New detector to find equality comparisons using floating point math (Jay Dunning)
- New faster detector to find local self assignments (Bill Pugh)
- New detector to find infinite recursive loops (Bill Pugh)
- New detector to find for loops with an incorrect increment (Bill Pugh)
-
New detector to find suspicious uses of BufferedReader.readLine()
and String.indexOf() (Bill Pugh)
-
New detector to find suspicious integer to double casts
(David Hovemeyer, Bill Pugh)
- New detector to find invalid regular expression patterns (Bill Pugh)
- New detector to find Bloch/Gafter Java puzzlers (Bill Pugh)
- New system property to suppress reporting of DLS based
on local variable name (Glenn Boysko)
- Enhancements to configuration dialog in Eclipse plugin,
allow for saving enabled detectors in Eclipse projects (Phil Crosby)
- Sortable columns in detector dialog (Dave Brosius)
- New tab in gui for showing bugs grouped by category (Dave Brosius)
- Improved German translation of Swing GUI (Thomas Kuehne)
- Improved source file reporting in Emacs output format (Len Trigg)
- Improvements to redundant null comparison detector (Bill Pugh)
- Localization of run analysis and analysis error dialogs in Swing GUI (K. Hashimoto)
- Don't scan equals methods in FindHEMismatch if code is native (Greg Bentz)
- French translation fixes (David Cotton)
- Internationalization report fixes (K. Hashimoto)
- Japanese translations updates (SHISEI Hanai)
Changes since version 0.8.5:
- New detector to find catch blocks that may inadvertently catch
runtime exceptions (Brian Goetz)
- New detector to find objects that are instantiated based on classes that only have
static methods and fields, using the synthesized constructor (Dave Brosius)
- New detector to find calls to Thread.interrupted() in a non static context, and especially
with non currentThread() threads (Dave Brosius)
- New detector to find calls to equals() methods that use Object's version. (Dave Brosius)
- New detector to find Applets that call methods in the constructor
refering to the AppletStub (Dave Brosius)
- New detector to find some cases of infinite recursion (Bill Pugh)
- New detector to find dead stores to local variables (David Hovemeyer, Bill Pugh)
- Extend Dumb Method detector for toUpperCase(), toLowerCase() without a locale,
new Integer(1).toString(), new XXX().getClass(), and new Thread()
without a run implementation (Dave Brosius)
- Ant task supports "errorProperty" attribute, which sets an
Ant property to "true" if an error occurs running FindBugs (Michael Tamm)
- Eclipse plugin allows filtering of warnings by bug category, priority
(David Hovemeyer)
- Swing GUI allows filtering of warnings by bug category (David Hovemeyer)
- Ability to annotate methods using Java 1.5 annotations that suppress FindBugs warnings (Bill Pugh)
- New -adjustExperimental for lowering priority of BugPatterns that are experimental (Dave Brosius)
- Allow for command line options 'files' using the @ symbol (David Hovemeyer)
- New -adjustPriority command line option to for adjusting bug priorites (David Hovemeyer)
- Added an Edit menu (cut/copy/paste) to Swing GUI (Dave Brosius)
- French translation supplied (David Cotton)
Changes since version 0.8.4:
- New detector for violatile references to arrays (Bill Pugh)
- New detector to find instanceof usage where inheritance can be determined statically (Dave Brosius)
- New detector to find ResultSet.getXXX updateXXX calls using index 0 (Dave Brosius)
- New detector to find empty zip or jar entries (Bill Pugh)
- HTML output generation using built-in XSLT stylesheet or
user-defined stylesheet (David Hovemeyer)
- Allow URLs to be specified to analyze zip/jar files,
local directories, and single classfiles (David Hovemeyer)
- New command line option -onlyAnalyze restricts analysis to selected
classes and packages without reducing accuracy (David Hovemeyer)
- Allow Swing GUI to show source code in jar files on Windows systems (Dave Brosius)
- Fix the Switch Fall Thru detector (Dave Brosius, David Hovemeyer, Bill Pugh)
- MacOS GUI fixes (Rohan Lloyd)
- Fix false positive in BOA in case where method is correctly and 'incorrectly' overridden (Dave Brosius)
- Fixed memory blowup when analyzing methods which access
a large number of fields (David Hovemeyer)
Changes since version 0.8.3:
- Initial and preliminary localization of the Swing GUI. Translations by:
- German - Peter D. Stout, Holger Stenzhorn
- Finnish - Juha Knuutila
- Estonian - Tanel Lebedev
- Japanese - Hanai Shisei
- Eliminated debug print statements inadvertently left enabled
- Reverted some changes in the open stream detector:
this should fix some false positives that were introduced in
the previous release
- Fixed a couple missing class reports
Changes since version 0.8.2:
- New detector to find improperly overridden GUI Adapter classes (Dave Brosius)
- New detector to find improperly setup JUnit TestCases (Dave Brosius)
- New detector to find variables that mask class level fields (Dave Brosius)
- New detector to find comparisions of values computed
with bitwise operators that always yield the same result
(Tom Truscott)
- New detector to find unsafe getClass().getResource() calls (Bill Pugh)
- New detector to find GUI changes not in GUI thread but in static main (Bill Pugh)
- New detector to find calls to Collection.toArray() with zero-length
array argument; it is more efficient to pass an array the size
of the collection, which can be populated and returned as the result (Dave Brosius)
- Better suppression of false warnings in various detectors (Bill Pugh, David Hovemeyer)
- Enhancement to ReadReturnShouldBeChecked detector for skip() (Dave Brosius)
- Enhancement to DumbMethods detector (Dave Brosius)
- Open stream detector does not report wrappers of
streams passed as method parameters (David Hovemeyer)
- Cancel confirmation dialog in Swing GUI (Pete Angstadt)
- Better relative path saving in Project file (Dave Brosius)
- Detector Priority in GUI is now saved in prefs file (Dave Brosius)
- Controls in GUI to reorder source and classpath entries, and
ability to flip between Project details and bugs pages (Dave Brosius)
- In Swing GUI, analysis error dialog supports "Select All"
and "Copy" operations for easy generation of error reports
(Dave Brosius)
- Complete translation of bug descriptions and messages
into Japanese (Hanai Shisei)
- Fixed bug in DroppedException detector (Dave Brosius)
- The source distribution defaults to using JDK 1.5 javac
to compile, but support for compiling with JSR-14 prototype
is still supported
Changes since version 0.8.1:
- Fixed a critical ClassCastException bug (triggered if the -workHard
option was used, and an exception type was merged with an
array type during type inference)
Changes since version 0.8.0:
- Disabled SwitchFallthrough detector to work around NullPointerExceptions
- Added some additional false positive suppression heuristics
Also, two contributors to the 0.8.0 release were inadvertently
left out of the credits:
- Pete Angstadt fixed several problems in the Swing GUI
- Francis Lalonde provided a task resource file for the
FindBugs Ant task
Changes since version 0.7.4:
- New detector to look for uses of "+" operator to
concatenate String objects in a loop (Dave Brosius)
- Reference comparision detector looks for places where the
argument passed to the equals(Object) method isn't the
same type as the receiver object
- Better suppression of false warnings in many detectors
- Many improvements to Eclipse plugin (Andrei Loskutov,
Peter Friese)
- Fixed problem with building Eclipse plugin on Windows
(Thomas Klaeger)
- Open stream detector looks for unclosed PreparedStatement
objects (Thomas Klaeger, Rohan Lloyd)
- Fix for open stream detector: it wasn't detecting close() methods
called through an invokeinterface instruction (Thomas Klaeger)
- Refactoring of visitor classes to enforce
use of accessors for visited class features (Brian Goetz)
Changes since version 0.7.3:
- Experimental modification of open stream detector
to look for non-escaping JDBC resources
(connections and statements) that aren't
closed on all paths out of method
- Eclipse plugin fixed so it compiles and runs on Eclipse 2.1.x
(Peter Friese)
- Option to Swing GUI and command line to generate project file
using relative paths for archives, source directories,
and aux classpath entries (Dave Brosius)
- Improvements to findbugs.bat script for launching FindBugs
on Windows (Dave Brosius)
- Updated Japanese message translations (Hiroshi Okugawa)
- Uncalled private methods are now reported as low priority,
unless they have the same name as another method in the class
(which is more likely to indicate an actual bug)
- Added some missing data in the bug messages XML files
- Fixed some problems building from source on Windows systems
- Various minor bug fixes
Changes since version 0.7.2:
- Enhanced Eclipse plugin, which displays the detailed bug
description in a view (Phil Crosby)
- Various tweaks to existing detectors to reduce false warnings
- New command line option
-workHard enables pruning
of infeasible or unlikely exception edges, which results in
better accuracy in the open stream detector, at the expense
of a 30%-100% slowdown
- New website and HTML documentation design
- Documentation includes an HTML document with descriptions of
all bug patterns reported by FindBugs
- Web page has a link to a
Japanese translation
of the FindBugs manual, contributed by Hiroshi Okugawa
- Changed the Inconsistent Synchronization detector so that fields
synchronized 50% of the time (or more) are reported as
medium priority bugs (previously they were reported as low)
- New detector to find code that catches IllegalMonitorStateException
- New detector to find private methods that are never called
- New detector to find suspicious uses of non-short-circuiting boolean
operators (
& and | , rather than
&& and || )
Changes since version 0.7.1:
- Incorporated patched version of BCEL, which allows classes compiled
with JDK 1.5.0 beta to be analyzed
- Fixed some bugs related to lookups of array classes
- Fixed bug that prevented GUI from loading XML result files
when running under JDK 1.5.0 beta
- Added new experimental bug detector, LazyInit, which looks for potentially buggy
lazy initializations of static fields
- Because of long filenames, switched to distributing the source archive
as a zip file rather than a tar file
- The 0.7.1 source tarfile was botched - 0.7.2 has a valid
source archive
- Fixed some problems in the Ant build script
- Fixed NullPointerException when checking Class-Path attribute for
Jar files without manifests
- Generate version numbers for the core and UI Eclipse plugins
using the Version class; all version numbers are now in a common
location
Changes since version 0.7.0:
- Eclipse plugin (contributed by Peter Friese)
- Source package structure rearranged: all source
(other than Eclipse plugin UI) is in
the edu.umd.cs.findbugs package, or a subpackage
- Class-Path attributes of manifests of analyzed jar files are
used to set the aux classpath automatically (Peter D. Stout)
- GUI starts in directory specified by user.home property (Peter D. Stout)
- Added -project option to GUI (Mikko T.)
- Added -look:{plastic,gtk,native} option to GUI, for setting
look and feel (Mikko T.)
- Fixed DataflowAnalysisException in inconsistent synchronization detector
- Ant task supports failOnError parameter (Rohan Lloyd)
- Serializable class warnings are downgraded to low priority for
GUI classes
- MWN detector will only report calls to wait(), notify(),
and notifyAll() methods that have the correct signature
- FindBugs works with latest CVS version of BCEL
- Zip and Jar files may be added to the source path
- The GUI will automatically find source files residing in
analyzed Zip or Jar files
Note that the version number jumped from 0.6.6 to 0.6.9;
there were no 0.6.7 or 0.6.8 releases.
Changes since version 0.6.9:
- Added -conserveSpace option to reduce memory use
at the expense of analysis precision
- Bug fixes in findbugs.bat script: JAVA_HOME handling,
autodetection of FINDBUGS_HOME, missing output with -textui
- Fixed NullPointerException when a missing class is encountered
Changes since version 0.6.6:
- The null pointer dereference detector is more powerful
- Significantly improved heuristics and bug fixes in
inconsistent synchronization detector
- Improved heuristics in open stream and dropped exception detectors;
fewer false positives should be reported
- Save HTML summary in XML results files, rather than recomputing;
this makes loading results in GUI much faster
- Report at most one String comparison using == or != per method
- The findbugs.bat script on Windows autodetects FINDBUGS_HOME,
and doesn't open a DOS window when launching the GUI
(contributed by TJSB)
- Emacs reporting format (contributed by David Li)
- Various bug fixes
Changes since 0.6.5:
- Rewritten inconsistent synchronization detector;
accuracy is significantly improved, and bug reports are
prioritized
- New detector to find self assignment (x=x) of local variables
(suggested by Jeff Martin)
- New detector to find calls to wait(), notify(), and notifyAll()
on an object which is not obviously locked
- Open stream detector now reports Readers and Writers
- Fixed bug in finalizer idioms detector which caused spurious warnings about
failure to call super.finalize() (reported by Jim Menard)
- Fixed bug where output stream was not closed using non-XML output
(reported by Sigiswald Madou)
- Fixed corrupted HTML bug detail message (reported by Trevor Harmon)
Changes since version 0.6.4:
- For redundant comparison of reference values, fixed false positives
resulting from duplication of code in finally blocks
- Fixed false positives resulting from wrapped byte array streams left open
- Fixed bug in Ant task preventing output file from working properly
if a relative path was used
Changes since version 0.6.3:
- Fixed bug in Ant task where output would be corrupted, and
added a
timeout attribute
- Added -outputFile option to text UI, for explicitly specifying an output file
- GUI has a summary window, for statistics about overall bug densities
(contributed by Mike Fagan)
- Find redundant comparisons of reference values
- More accurate detection of Strings compared with == and != operators
- Detection of other reference types which should generally not be compared
with == and != operators; Boolean, Integer, etc.
- Find non-transient non-serializable instance fields in Serializable classes
- Source code may be compiled with latest early access generics-enabled javac (version 2.2)
Changes since version 0.6.2:
- GUI supports filtering bugs by priority
- Ant task rewritten; supports all functionality offered by Text UI
(contributed by Mike Fagan)
- Ant task is fully documented in the manual
- Classes in nested archives are analyzed; this allows full support for
analyzing .ear and .war files (contributed by Mike Fagan)
- DepthFirstSearch changed to use non-recursive implementation;
this should fix the StackOverflowErrors that several users
reported
- Various minor bugfixes and improvements
Changes since version 0.6.1:
- New detector to look for useless control flow (suggested by
Richard P. King and Mike Fagan)
- Look for places where return value of java.io.File.createNewFile()
is ignored (suggested by Richard P. King)
- Fixed bug in resolution of source files (only the first
source directory was searched)
- Fixed a NullPointerException in the bytecode pattern matching code
- Ant task supports project files (contributed by Mike Fagan)
- Unix findbugs script honors the
JAVA_HOME
environment variable (contributed by Pedro Morais)
- Allow .war and .ear files to be analyzed
Changes since version 0.6.0:
- New bug pattern detector which looks for places where a
null pointer might be dereferenced
- New bug pattern detector which looks for IO streams that are opened,
do not escape the method, and are not closed on all paths out of the method
- New bug pattern detector to find methods that can return null instead
of a zero-length array
- New bug pattern detector to find places where the == or != operators
are used to compare String objects
- Command line interface can save bugs as XML
- GUI can save bugs to and load bugs from XML
- An "Annotations" window in the GUI allows the user to add
textual annotations to bug reports; these annotations are preserved
when bugs are saved as XML
- In this release, the Japanese bug summary translations by
Germano Leichsenring are really included (they were inadvertently
omitted in the previous release)
- Completely rewrote the control flow graph builder, hopefully
for the last time
- Simplified implementation of control flow graphs, which should reduce
memory use and possibly improve performance
- Improvements to command line interface (list bug priorities, filter by priority,
specify aux classpath, specify project to analyze)
- Various bug fixes and enhancements
Changes since version 0.5.4
- Added an Ant task for FindBugs,
contributed by Mike Fagan.
- Added a GUI dialog which allows individual bug pattern detectors
to be enabled or disabled. Disabling certain slow detectors
can greatly speed up analysis of large programs, at the expense of
reducing the number of potential bugs found.
- Added a new detector for finding improperly ignored return values for
methods such as
String.trim() . Suggested
by Andreas Mandel.
- Japanese translations of the bug summaries, contributed by Germano Leichsenring.
- Filtering of results is supported in command line interface.
See the FindBugs manual for details.
- Added "byte code patterns", a general pattern matching infrastructure
for bytecode instructions. This feature significantly reduces
the complexity of implementing new bug pattern detectors.
- Enabled a new general dataflow analysis to track values in methods.
- Switched to new control-flow graph builder implementation.
Changes since version 0.5.3
- Fixed a bug in the script used to launch FindBugs on Windows platforms.
- Fixed crashes when analyzing class files without source line information.
- All major errors are reported using an error dialog; file not found errors
are more informative.
- Minor GUI improvements.
Changes since version 0.5.2
- All of the source code and related files are in a single directory tree.
- Updated some of the detectors to produce source line information.
- Ant build script and several
GUI enhancements and fixes contributed by Mike Fagan.
- Converted to use a plugin architecture for
loading bug detectors.
- Eliminated generics-related compiler warnings.
- More complete documentation has been added.
Changes since version 0.5.1:
- Fixed a large number of bugs in the BCEL Repository and FindBugs's use
of the Repository. With these changes, FindBugs should never
crash or otherwise misbehave because of Repository lookup failures.
Because of these changes, you must use a modified version of
bcel.jar
with FindBugs. This jar file is included in the FindBugs 0.5.2
binary release. A complete patch containing the
modifications against the BCEL CVS main branch as of April 30, 2003
is also available.
- Implemented the "auxiliary classpath entry list". Aux classpath entries
can be added to a project to provide classes that are referenced by the
analyzed application, but should not themselves be analyzed. Having
all referenced classes available allows FindBugs to produce more
accurate results.
Changes since version 0.5.0:
- Many user interface bugs have been fixed.
- Upgraded to a recent CVS version of BCEL, with some bug fixes.
This should prevent FindBugs from crashing when there is a failure to find
a class on the classpath.
- Added support for Plastic look and feel from jgoodies.com.
- Major overhaul of infrastructure for doing dataflow analysis.
Send comments to
|