OLD | NEW |
| 1 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.or
g/TR/html4/loose.dtd"> |
1 <html> | 2 <html> |
2 » <head> | 3 <head> |
3 » » <title>FindBugs Change Log</title> | 4 <title>FindBugs Change Log</title> |
4 » » <link rel="stylesheet" type="text/css" href="findbugs.css"> | 5 <link rel="stylesheet" type="text/css" href="findbugs.css"> |
5 » » | |
6 » </head> | |
7 | 6 |
8 » <body> | 7 </head> |
9 | 8 |
10 » » <table width="100%"> | 9 <body> |
11 » » » <tr> | |
12 | 10 |
13 » » » » | 11 » <table width="100%"> |
| 12 » » <tr> |
| 13 |
| 14 » » » |
14 <td bgcolor="#b9b9fe" valign="top" align="left" width="20%"> | 15 <td bgcolor="#b9b9fe" valign="top" align="left" width="20%"> |
15 <table width="100%" cellspacing="0" border="0"> | 16 <table width="100%" cellspacing="0" border="0"> |
16 <tr><td><a class="sidebar" href="index.html"><img src="umdFindbugs.png" alt="Fin
dBugs"></a></td></tr> | 17 <tr><td><a class="sidebar" href="index.html"><img src="umdFindbugs.png" alt="Fin
dBugs"></a></td></tr> |
17 | 18 |
18 <tr><td> </td></tr> | 19 <tr><td> </td></tr> |
19 | 20 |
20 <tr><td><b>Docs and Info</b></td></tr> | 21 <tr><td><b>Docs and Info</b></td></tr> |
21 <tr><td><font size="-1"><a class="sidebar" href="findbugs2.html">FindBugs 2.0</a
></font></td></tr> | 22 <tr><td><font size="-1"><a class="sidebar" href="findbugs2.html">FindBugs 2.0</a
></font></td></tr> |
22 <tr><td><font size="-1"><a class="sidebar" href="demo.html">Demo and data</a></f
ont></td></tr> | 23 <tr><td><font size="-1"><a class="sidebar" href="demo.html">Demo and data</a></f
ont></td></tr> |
23 <tr><td><font size="-1"><a class="sidebar" href="users.html">Users and supporter
s</a></font></td></tr> | 24 <tr><td><font size="-1"><a class="sidebar" href="users.html">Users and supporter
s</a></font></td></tr> |
(...skipping 23 matching lines...) Expand all Loading... |
47 <tr><td><font size="-1"><a class="sidebar" href="contributing.html">Contributing
</a></font></td></tr> | 48 <tr><td><font size="-1"><a class="sidebar" href="contributing.html">Contributing
</a></font></td></tr> |
48 <tr><td><font size="-1"><a class="sidebar" href="team.html">Dev team</a></font><
/td></tr> | 49 <tr><td><font size="-1"><a class="sidebar" href="team.html">Dev team</a></font><
/td></tr> |
49 <tr><td><font size="-1"><a class="sidebar" href="api/index.html">API</a> <a clas
s="sidebar" href="api/overview-summary.html">[no frames]</a></font></td></tr> | 50 <tr><td><font size="-1"><a class="sidebar" href="api/index.html">API</a> <a clas
s="sidebar" href="api/overview-summary.html">[no frames]</a></font></td></tr> |
50 <tr><td><font size="-1"><a class="sidebar" href="Changes.html">Change log</a></f
ont></td></tr> | 51 <tr><td><font size="-1"><a class="sidebar" href="Changes.html">Change log</a></f
ont></td></tr> |
51 <tr><td><font size="-1"><a class="sidebar" href="http://sourceforge.net/projects
/findbugs">SF project page</a></font></td></tr> | 52 <tr><td><font size="-1"><a class="sidebar" href="http://sourceforge.net/projects
/findbugs">SF project page</a></font></td></tr> |
52 <tr><td><font size="-1"><a class="sidebar" href="http://code.google.com/p/findbu
gs/source/browse/">Browse source</a></font></td></tr> | 53 <tr><td><font size="-1"><a class="sidebar" href="http://code.google.com/p/findbu
gs/source/browse/">Browse source</a></font></td></tr> |
53 <tr><td><font size="-1"><a class="sidebar" href="http://code.google.com/p/findbu
gs/source/list">Latest code changes</a></font></td></tr> | 54 <tr><td><font size="-1"><a class="sidebar" href="http://code.google.com/p/findbu
gs/source/list">Latest code changes</a></font></td></tr> |
54 </table> | 55 </table> |
55 </td> | 56 </td> |
56 | 57 |
57 <td align="left" valign="top"> | 58 <td align="left" valign="top"> |
58 | 59 |
59 | 60 |
60 <h1>FindBugs Change Log, Version 2.0.1</
h1> | 61 <h1>FindBugs Change Log, Version 2.0.3</h1> |
61 | 62 <ul> |
62 <ul> | 63 <li>New Bug patterns: <a |
63 <li>New bug patterns; in some cases, bugs previous reported
as other bug patterns are reported | 64 href="http://findbugs.sourceforg
e.net/bugDescriptions.html#DM_BOXED_PRIMITIVE_FOR_PARSING">DM_BOXED_PRIMITIVE_FO
R_PARSING</a>, |
64 as instances of these new bug patterns in order to make
it easier for developers to understand | 65 <a |
65 the bug reports</li> | 66 href="http://findbugs.sourceforg
e.net/bugDescriptions.html#NP_METHOD_RETURN_RELAXING_ANNOTATION">NP_METHOD_RETUR
N_RELAXING_ANNOTATION</a>, |
66 <ul> | 67 and |
67 <li><a | 68 <a |
68 href="http://findbugs.sourceforge.net/bugDescription
s.html#PT_ABSOLUTE_PATH_TRAVERSAL">PT_ABSOLUTE_PATH_TRAVERSAL | 69 href="http://findbugs.sourceforg
e.net/bugDescriptions.html#NP_METHOD_PARAMETER_TIGHTENS_ANNOTATION">NP_METHOD_PA
RAMETER_TIGHTENS_ANNOTATION</a> |
69 </a> | 70 </li> |
70 <li><a | 71 <li>Add the ability in the GUI to save t
he currently viewable/filtered bugs to HTML output. |
71 href="http://findbugs.sourceforge.net/bugDescription
s.html#PT_RELATIVE_PATH_TRAVERSAL">PT_RELATIVE_PATH_TRAVERSAL | 72 <li>When dataflow does't terminate, make
sure we continue with |
72 </a> | 73 analysis. |
73 <li><a | 74 |
74 href="http://findbugs.sourceforge.net/bugDescription
s.html#NP_NONNULL_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR">NP_NONNULL_FIELD_NOT_INI
TIALIZED_IN_CONSTRUCTOR | 75 <li>Fix some problems that resulting in
dataflow analysis not |
75 </a> | 76 terminating |
76 <li><a | 77 |
77 href="http://findbugs.sourceforge.net/bugDescription
s.html#MS_SHOULD_BE_REFACTORED_TO_BE_FINAL">MS_SHOULD_BE_REFACTORED_TO_BE_FINAL | 78 <li>Get parameter annotations from defau
lt parameters |
78 </a> | 79 annotations applied to the metho
d. |
79 <li><a | 80 <li>Add subversion change number to ecli
pse plugin qualifier. |
80 href="http://findbugs.sourceforge.net/bugDescription
s.html#BC_UNCONFIRMED_CAST_OF_RETURN_VALUE">BC_UNCONFIRMED_CAST_OF_RETURN_VALUE | 81 |
81 </a> | 82 <li>Disabled detector for <a |
82 <li><a | 83 href="http://findbugs.sourceforg
e.net/bugDescriptions.html#AM_CREATES_EMPTY_JAR_FILE_ENTRY">AM_CREATES_EMPTY_JAR
_FILE_ENTRY</a>; |
83 href="http://findbugs.sourceforge.net/bugDescription
s.html#PT_ABSOLUTE_PATH_TRAVERSAL">PT_ABSOLUTE_PATH_TRAVERSAL | 84 it complaints inappropriately ab
out code that creates directory |
84 </a> | 85 entries. |
85 <li><a | 86 |
86 href="http://findbugs.sourceforge.net/bugDescription
s.html#TQ_COMPARING_VALUES_WITH_INCOMPATIBLE_TYPE_QUALIFIERS">TQ_COMPARING_VALUE
S_WITH_INCOMPATIBLE_TYPE_QUALIFIERS | 87 <li>Add warnings about incompatible type
s passed to |
87 </a> | 88 org.testng.Assert.assertEquals</
li> |
88 </ul> | 89 <li>Add logic that understands more of t
he Google Guava APIs. |
89 <li>Changes to fix false negatives for the following bug pat
terns: <a | 90 <li>Disable type qualifier validator exe
cution within Eclipse plugin; |
90 href="http://findbugs.sourceforge.net/bugDescriptions.ht
ml#BC_UNCONFIRMED_CAST">BC_UNCONFIRMED_CAST</a>, | 91 too many problems with class loa
ding and security manager (see #1154 Random obscure Eclipse failures) |
91 <a href="http://findbugs.sourceforge.net/bugDescriptions
.html#EC_BAD_ARRAY_COMPARE">EC_BAD_ARRAY_COMPARE</a>, | 92 <li>Consistently check both access flags
and attributes to see if something is synthetic. Compiler is |
92 <a href="http://findbugs.sourceforge.net/bugDescriptions
.html#EQ_UNUSUAL">EQ_UNUSUAL</a>, <a | 93 inconsistent about where synthetic eleme
nts are marked. |
93 href="http://findbugs.sourceforge.net/bugDescriptions.ht
ml#GC_UNRELATED_TYPES">GC_UNRELATED_TYPES</a>, | 94 |
94 and <a | 95 <li>Fixed false positives for the following bug
patterns (17 |
95 href="http://findbugs.sourceforge.net/bugDescriptions.ht
ml#NP_PARAMETER_MUST_BE_NONNULL_BUT_MARKED_AS_NULLABLE">NP_PARAMETER_MUST_BE_NON
NULL_BUT_MARKED_AS_NULLABLE</a>. | 96 occurrences in findbugsTestCases
): |
96 | 97 <ul> |
| 98 <li><a |
| 99 href="http://fin
dbugs.sourceforge.net/bugDescriptions.html#BC">BC</a> |
| 100 <li><a |
| 101 href="http://fin
dbugs.sourceforge.net/bugDescriptions.html#BC_IMPOSSIBLE_INSTANCEOF">BC_IMPOSSIB
LE_INSTANCEOF</a> |
| 102 <li><a |
| 103 href="http://fin
dbugs.sourceforge.net/bugDescriptions.html#BC_UNCONFIRMED_CAST">BC_UNCONFIRMED_C
AST</a> |
| 104 <li><a |
| 105 href="http://fin
dbugs.sourceforge.net/bugDescriptions.html#EC_UNRELATED_TYPES">EC_UNRELATED_TYPE
S</a> |
| 106 <li><a |
| 107 href="http://fin
dbugs.sourceforge.net/bugDescriptions.html#INT_BAD_COMPARISON_WITH_NONNEGATIVE_V
ALUE">INT_BAD_COMPARISON_WITH_NONNEGATIVE_VALUE</a> |
| 108 <li><a |
| 109 href="http://fin
dbugs.sourceforge.net/bugDescriptions.html#IS2_INCONSISTENT_SYNC">IS2_INCONSISTE
NT_SYNC</a> |
| 110 <li><a |
| 111 href="http://fin
dbugs.sourceforge.net/bugDescriptions.html#NP_NULL_PARAM_DEREF_ALL_TARGETS_DANGE
ROUS">NP_NULL_PARAM_DEREF_ALL_TARGETS_DANGEROUS</a> |
| 112 <li><a |
| 113 href="http://fin
dbugs.sourceforge.net/bugDescriptions.html#OBL_UNSATISFIED_OBLIGATION">OBL_UNSAT
ISFIED_OBLIGATION</a> |
| 114 <li><a |
| 115 href="http://fin
dbugs.sourceforge.net/bugDescriptions.html#RCN_REDUNDANT_NULLCHECK_OF_NULL_VALUE
">RCN_REDUNDANT_NULLCHECK_OF_NULL_VALUE</a> |
| 116 <li><a |
| 117 href="http://fin
dbugs.sourceforge.net/bugDescriptions.html#SA_FIELD_SELF_COMPARISON">SA_FIELD_SE
LF_COMPARISON</a> |
| 118 <li><a |
| 119 href="http://fin
dbugs.sourceforge.net/bugDescriptions.html#TQ_UNKNOWN_VALUE_USED_WHERE_ALWAYS_ST
RICTLY_REQUIRED">TQ_UNKNOWN_VALUE_USED_WHERE_ALWAYS_STRICTLY_REQUIRED</a> |
| 120 </li> |
| 121 </ul> |
| 122 <li>Fixed false negatives for the follow
ing bug patterns (45 |
| 123 occurrences in findbugsTestCases
): |
| 124 <ul> |
| 125 <li><a |
| 126 href="http://fin
dbugs.sourceforge.net/bugDescriptions.html#BC_UNCONFIRMED_CAST">BC_UNCONFIRMED_C
AST</a> |
| 127 <li><a |
| 128 href="http://fin
dbugs.sourceforge.net/bugDescriptions.html#DM_NUMBER_CTOR">DM_NUMBER_CTOR</a> |
| 129 <li><a |
| 130 href="http://fin
dbugs.sourceforge.net/bugDescriptions.html#EC_ARRAY_AND_NONARRAY">EC_ARRAY_AND_N
ONARRAY</a> |
| 131 <li><a |
| 132 href="http://fin
dbugs.sourceforge.net/bugDescriptions.html#EC_INCOMPATIBLE_ARRAY_COMPARE">EC_INC
OMPATIBLE_ARRAY_COMPARE</a> |
| 133 <li><a |
| 134 href="http://fin
dbugs.sourceforge.net/bugDescriptions.html#EC_UNRELATED_TYPES">EC_UNRELATED_TYPE
S</a> |
| 135 <li><a |
| 136 href="http://fin
dbugs.sourceforge.net/bugDescriptions.html#GC_UNRELATED_TYPES">GC_UNRELATED_TYPE
S</a> |
| 137 <li><a |
| 138 href="http://fin
dbugs.sourceforge.net/bugDescriptions.html#IS_FIELD_NOT_GUARDED">IS_FIELD_NOT_GU
ARDED</a> |
| 139 <li><a |
| 140 href="http://fin
dbugs.sourceforge.net/bugDescriptions.html#IT_NO_SUCH_ELEMENT">IT_NO_SUCH_ELEMEN
T</a> |
| 141 <li><a |
| 142 href="http://fin
dbugs.sourceforge.net/bugDescriptions.html#JCIP_FIELD_ISNT_FINAL_IN_IMMUTABLE_CL
ASS">JCIP_FIELD_ISNT_FINAL_IN_IMMUTABLE_CLASS</a> |
| 143 <li><a |
| 144 href="http://fin
dbugs.sourceforge.net/bugDescriptions.html#NP_NULL_ON_SOME_PATH">NP_NULL_ON_SOME
_PATH</a> |
| 145 <li><a |
| 146 href="http://fin
dbugs.sourceforge.net/bugDescriptions.html#NP_NONNULL_PARAM_VIOLATION">NP_NONNUL
L_PARAM_VIOLATION</a> |
| 147 <li><a |
| 148 href="http://fin
dbugs.sourceforge.net/bugDescriptions.html#NP_NULL_ON_SOME_PATH_FROM_RETURN_VALU
E">NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE</a> |
| 149 <li><a |
| 150 href="http://fin
dbugs.sourceforge.net/bugDescriptions.html#NP_PARAMETER_MUST_BE_NONNULL_BUT_MARK
ED_AS_NULLABLE">NP_PARAMETER_MUST_BE_NONNULL_BUT_MARKED_AS_NULLABLE</a> |
| 151 <li><a |
| 152 href="http://fin
dbugs.sourceforge.net/bugDescriptions.html#NP_STORE_INTO_NONNULL_FIELD">NP_STORE
_INTO_NONNULL_FIELD</a> |
| 153 <li><a |
| 154 href="http://fin
dbugs.sourceforge.net/bugDescriptions.html#RE_POSSIBLE_UNINTENDED_PATTERN">RE_PO
SSIBLE_UNINTENDED_PATTERN</a> |
| 155 <li><a |
| 156 href="http://fin
dbugs.sourceforge.net/bugDescriptions.html#SA_FIELD_SELF_COMPARISON">SA_FIELD_SE
LF_COMPARISON</a> |
| 157 </ul> |
| 158 </ul> |
| 159 <h1>FindBugs Change Log, Version 2.0.2</h1> |
| 160 |
| 161 <ul> |
| 162 <li>Fix false positions for <a |
| 163 href="http://findbugs.sourceforg
e.net/bugDescriptions.html#NP_NONNULL_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR">NP_N
ONNULL_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR</a> |
| 164 - fixing <a |
| 165 href="https://sourceforge.net/tr
acker/?func=detail&aid=3547559&group_id=96405&atid=614693">Bug3547559</a>, |
| 166 <a |
| 167 href="https://sourceforge.net/tr
acker/?func=detail&aid=3555408&group_id=96405&atid=614693">Bug3555408</a>, |
| 168 <a |
| 169 href="https://sourceforge.net/tr
acker/?func=detail&aid=3580266&group_id=96405&atid=614693">Bug3580266</a> |
| 170 and <a |
| 171 href="https://sourceforge.net/tr
acker/?func=detail&aid=3587164&group_id=96405&atid=614693">Bug3587164</a>. |
| 172 |
| 173 |
| 174 </li> |
| 175 <li>Fix false positives for <a |
| 176 href="http://findbugs.sourceforg
e.net/bugDescriptions.html#SF_SWITCH_NO_DEFAULT">SF_SWITCH_NO_DEFAULT</a> |
| 177 <li>Inline access methods for private fi
elds, |
| 178 fixing false positive in <a |
| 179 href="https://sourceforge.net/tracker/?func=detail&aid=3
484713&group_id=96405&atid=614693">Bug3484713</a>. |
| 180 |
| 181 <li>Type qualifier annotations, including nullness |
| 182 annotations, are now ignored on
vararg parameters (including |
| 183 default and inherited annotation
s), awaiting JSR308. |
| 184 <li>Defined new bug pattern to give bett
er explanations of |
| 185 issues involving strict type qua
lifiers <a |
| 186 href="http://findbugs.sourceforg
e.net/bugDescriptions.html#TQ_UNKNOWN_VALUE_USED_WHERE_ALWAYS_STRICTLY_REQUIRED"
>TQ_UNKNOWN_VALUE_USED_WHERE_ALWAYS_STRICTLY_REQUIRED</a> |
| 187 <li>Adjusted analysis of type qualifiers
, now giving warnings |
| 188 where a computed value is used i
n a place where a value with a |
| 189 strict type qualifier is require
d. |
| 190 <li>Complain about missing classes only
if they are |
| 191 encountered while analyzing appl
ication classes; ignore missing |
| 192 classes that are encounted while
analyzing classes loaded from the |
| 193 auxclasspath. Fix for <a |
| 194 href="https://sourceforge.net/tr
acker/?func=detail&aid=3588379&group_id=96405&atid=614693">Bug3588379</a> |
| 195 <li>Fixed false positive null pointer wa
rning coming from |
| 196 synthetic bridge methods, fixing
<a |
| 197 href="https://sourceforge.net/tr
acker/?func=detail&aid=3589328&group_id=96405&atid=614693">Bug3589328</a> |
| 198 <li>In general, suppress warnings in syn
thetic methods. |
| 199 <li>Fix some false positives involving <
a |
| 200 href="http://findbugs.sourceforg
e.net/bugDescriptions.html#GC_UNRELATED_TYPES">GC_UNRELATED_TYPES</a> |
| 201 on classes that extend generic c
ollection classes. |
| 202 |
| 203 </li> |
| 204 <li>Combine multiple identical warnings about |
| 205 <a |
| 206 href="http://findbugs.sourceforge.net/bugDescriptions.ht
ml#DM_DEFAULT_ENCODING">DM_DEFAULT_ENCODING</a> |
| 207 that occur in the same method, |
| 208 simplifying issue triage. |
97 | 209 |
98 <li>Changes to fix false positions for the following bug pat
terns: <a | 210 <li>Changes by Andrey Loskutov |
99 href="http://findbugs.sourceforge.net/bugDescriptions.ht
ml#DMI_DOH">DMI_DOH</a>, <a | 211 <ul> |
100 href="http://findbugs.sourceforge.net/bugDescriptions.ht
ml#EC_UNRELATED_TYPES">EC_UNRELATED_TYPES</a>, | 212 <li>fixed job scheduling
errors in 3.8/4.2 Eclipse <a |
101 and <a href="http://findbugs.sourceforge.net/bugDescript
ions.html#SE_BAD_FIELD">SE_BAD_FIELD</a>. | 213 href="https://bu
gs.eclipse.org/bugs/show_bug.cgi?id=393748">bug |
102 | 214 report</
a> |
103 </ul> | 215 <li>more realistic progr
ess bar updates for jobs |
104 | 216 <li>added nullness annot
ations for some common Eclipse API |
105 <h1> | 217 methods known to
usually return null values |
106 FindBugs Change Log, Version 2.0.0 | 218 <li>Added support for or
g.eclipse.jdt.annotation.Nullable, |
107 </h1> | 219 NonNull and NonN
ullByDefault annotations (introduced with |
108 | 220 Eclipse 3.8/4.2)
</li> |
109 <h2> Changes since version 1.3.8</h2> | 221 </ul> |
110 <ul> | 222 <li>Documentation improvements |
111 <li>New bug patterns; in some cases, bugs previous repo
rted as other bug patterns are reported as instances | 223 <li><a href="http://code.google.com/p/fi
ndbugs/source/list">lots |
112 of these new bug patterns in order to
make it easier for developers to understand the bug reports</li> | 224 of other small changes</
a> |
113 <ul> | 225 </ul> |
114 <li><a href="http://findbugs.sourceforge.net/bug
Descriptions.html#BC_IMPOSSIBLE_DOWNCAST ">BC_IMPOSSIBLE_DOWNCAST </a> | 226 <h1>FindBugs Change Log, Version 2.0.1</h1> |
115 <li><a href="http://findbugs.sourceforge.net/bug
Descriptions.html#BC_IMPOSSIBLE_DOWNCAST_OF_TOARRAY ">BC_IMPOSSIBLE_DOWNCAST_OF_
TOARRAY </a> | 227 |
116 <li><a href="http://findbugs.sourceforge.net/bug
Descriptions.html#EC_INCOMPATIBLE_ARRAY_COMPARE ">EC_INCOMPATIBLE_ARRAY_COMPARE
</a> | 228 <ul> |
117 <li><a href="http://findbugs.sourceforge.net/bug
Descriptions.html#JLM_JSR166_UTILCONCURRENT_MONITORENTER ">JLM_JSR166_UTILCONCUR
RENT_MONITORENTER </a> | 229 <li>New bug patterns; in some cases, bug
s previous reported as |
118 <li><a href="http://findbugs.sourceforge.net/bug
Descriptions.html#LG_LOST_LOGGER_DUE_TO_WEAK_REFERENCE ">LG_LOST_LOGGER_DUE_TO_W
EAK_REFERENCE </a> | 230 other bug patterns are reported
as instances of these new bug |
119 <li><a href="http://findbugs.sourceforge.net/bug
Descriptions.html#NP_CLOSING_NULL ">NP_CLOSING_NULL </a>
| 231 patterns in order to make it eas
ier for developers to understand |
120 <li><a href="http://findbugs.sourceforge.net/b
ugDescriptions.html#RC_REF_COMPARISON_BAD_PRACTICE ">RC_REF_COMPARISON_BAD_PRACT
ICE </a> <li><a href="http://findbugs.sourceforge
.net/bugDescriptions.html#RC_REF_COMPARISON_BAD_PRACTICE_BOOLEAN ">RC_REF_COMPAR
ISON_BAD_PRACTICE_BOOLEAN </a> <li><a href="http:
//findbugs.sourceforge.net/bugDescriptions.html#RV_RETURN_VALUE_OF_PUTIFABSENT_I
GNORED ">RV_RETURN_VALUE_OF_PUTIFABSENT_IGNORED </a>
<li><a href="http://findbugs.sourceforge.net/bugDescriptions.html#SIC_THREAD
LOCAL_DEADLY_EMBRACE ">SIC_THREADLOCAL_DEADLY_EMBRACE </a>
<li><a href="http://findbugs.sourceforge.net/bugDescriptions.html#UR_U
NINIT_READ_CALLED_FROM_SUPER_CONSTRUCTOR ">UR_UNINIT_READ_CALLED_FROM_SUPER_CONS
TRUCTOR </a> <li><a href="http://findbugs.sourcef
orge.net/bugDescriptions.html#VA_FORMAT_STRING_EXPECTED_MESSAGE_FORMAT_SUPPLIED
">VA_FORMAT_STRING_EXPECTED_MESSAGE_FORMAT_SUPPLIED </a> | 232 the bug reports |
121 </ul> | 233 <ul> |
122 <li>Providing a bug rank (1-20), and t
he ability to filter by bug rank. Eventually, | 234 <li><a |
123 it will be possible to specify you
r own rules for ranking bugs, but the procedure for doing so hasn't been specifi
ed yet. | 235 href="http://fin
dbugs.sourceforge.net/bugDescriptions.html#PT_ABSOLUTE_PATH_TRAVERSAL">PT_ABSOLU
TE_PATH_TRAVERSAL</a></li> |
124 <li>Fixed about <a href="https://sourc
eforge.net/search/index.php?group_id=96405&search_summary=1&search_details=1&typ
e_of_search=artifact&group_artifact_id%5B%5D=614693&open_date_start=2009-03-16&o
pen_date_end=2009-08-20&form_submit=Search">45 bugs filed</a> through SourceForg
e | 236 <li><a |
125 <li>Various reclassifications and prio
rity tweaks | 237 href="http://fin
dbugs.sourceforge.net/bugDescriptions.html#PT_RELATIVE_PATH_TRAVERSAL">PT_RELATI
VE_PATH_TRAVERSAL</a></li> |
126 <li>Added more bug annotations to a va
riety of bug reports. | 238 <li><a |
127 This provides more context for under
standing bug reports | 239 href="http://fin
dbugs.sourceforge.net/bugDescriptions.html#NP_NONNULL_FIELD_NOT_INITIALIZED_IN_C
ONSTRUCTOR">NP_NONNULL_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR</a></li> |
128 (e.g., if the value in question was
is the return value | 240 <li><a |
129 of a method, the method is described
as the source of | 241 href="http://fin
dbugs.sourceforge.net/bugDescriptions.html#MS_SHOULD_BE_REFACTORED_TO_BE_FINAL">
MS_SHOULD_BE_REFACTORED_TO_BE_FINAL</a></li> |
130 the value in a bug annotation). This
also provide more | 242 <li><a |
131 accurate tracking of issues across v
ersions of the code | 243 href="http://fin
dbugs.sourceforge.net/bugDescriptions.html#BC_UNCONFIRMED_CAST_OF_RETURN_VALUE">
BC_UNCONFIRMED_CAST_OF_RETURN_VALUE</a></li> |
132 being analyzed, but has the downside
that when comparing | 244 <li><a |
133 results from FindBugs 1.3.8 and Find
Bugs 1.3.9 on the | 245 href="http://fin
dbugs.sourceforge.net/bugDescriptions.html#PT_ABSOLUTE_PATH_TRAVERSAL">PT_ABSOLU
TE_PATH_TRAVERSAL</a></li> |
134 same version of code being analyzed,
| 246 <li><a |
135 FindBugs may think that mistakenly b
elieve that the | 247 href="http://fin
dbugs.sourceforge.net/bugDescriptions.html#TQ_COMPARING_VALUES_WITH_INCOMPATIBLE
_TYPE_QUALIFIERS">TQ_COMPARING_VALUES_WITH_INCOMPATIBLE_TYPE_QUALIFIERS</a></li> |
136 issue reported by 1.3.8 was fixed an
d a new issue was | 248 </ul> |
137 introduced that was reported by Find
Bugs 1.3.9. While | 249 </li> |
138 annoying, it would be unusual for mo
re than a dozen | 250 |
139 issues per million | 251 <li>Changes to fix false negatives for t
he following bug |
140 lines of codes to be mistracked. | 252 patterns: <a |
141 <li> Lots of internal changes moving
towards FindBugs 2.0, but these | 253 href="http://findbugs.sourceforg
e.net/bugDescriptions.html#BC_UNCONFIRMED_CAST">BC_UNCONFIRMED_CAST</a>, |
142 features are undocumented, not yet of
ficially supported, and subject to | 254 <a |
143 radical changes before FindBugs 2.0 i
s released. | 255 href="http://findbugs.sourceforg
e.net/bugDescriptions.html#EC_BAD_ARRAY_COMPARE">EC_BAD_ARRAY_COMPARE</a>, |
144 | 256 <a |
145 | 257 href="http://findbugs.sourceforg
e.net/bugDescriptions.html#EQ_UNUSUAL">EQ_UNUSUAL</a>, |
146 </ul> | 258 <a |
147 | 259 href="http://findbugs.sourceforg
e.net/bugDescriptions.html#GC_UNRELATED_TYPES">GC_UNRELATED_TYPES</a>, |
148 | 260 and <a |
149 | 261 href="http://findbugs.sourceforg
e.net/bugDescriptions.html#NP_PARAMETER_MUST_BE_NONNULL_BUT_MARKED_AS_NULLABLE">
NP_PARAMETER_MUST_BE_NONNULL_BUT_MARKED_AS_NULLABLE</a>. |
150 <p> Changes since version 1.3.8</p> | 262 </li> |
151 <ul> | 263 |
152 <li>New bug patterns; in some cases, b
ugs previous reported as other bug patterns are reported as instances | 264 <li>Changes to fix false positions for t
he following bug |
153 of these new bug patterns in order to
make it easier for developers to understand the bug reports</li> | 265 patterns: <a |
154 <ul> | 266 href="http://findbugs.sourceforg
e.net/bugDescriptions.html#DMI_DOH">DMI_DOH</a>, |
155 <li><a href="http://findbugs.sourcefor
ge.net/bugDescriptions.html#BC_IMPOSSIBLE_DOWNCAST ">BC_IMPOSSIBLE_DOWNCAST </a> | 267 <a |
156 <li><a href="http://findbugs.sourceforge.net/bug
Descriptions.html#BC_IMPOSSIBLE_DOWNCAST_OF_TOARRAY ">BC_IMPOSSIBLE_DOWNCAST_OF_
TOARRAY </a> | 268 href="http://findbugs.sourceforg
e.net/bugDescriptions.html#EC_UNRELATED_TYPES">EC_UNRELATED_TYPES</a>, |
157 <li><a href="http://findbugs.sourceforge.net/bug
Descriptions.html#EC_INCOMPATIBLE_ARRAY_COMPARE ">EC_INCOMPATIBLE_ARRAY_COMPARE
</a> | 269 and <a |
158 <li><a href="http://findbugs.sourceforge.net/bug
Descriptions.html#JLM_JSR166_UTILCONCURRENT_MONITORENTER ">JLM_JSR166_UTILCONCUR
RENT_MONITORENTER </a> | 270 href="http://findbugs.sourceforg
e.net/bugDescriptions.html#SE_BAD_FIELD">SE_BAD_FIELD</a>. |
159 <li><a href="http://findbugs.sourceforge.net/bug
Descriptions.html#LG_LOST_LOGGER_DUE_TO_WEAK_REFERENCE ">LG_LOST_LOGGER_DUE_TO_W
EAK_REFERENCE </a> | 271 </li> |
160 <li><a href="http://findbugs.sourceforge.net/bug
Descriptions.html#NP_CLOSING_NULL ">NP_CLOSING_NULL </a>
| 272 </ul> |
161 <li><a href="http://findbugs.sourceforge.net/b
ugDescriptions.html#RC_REF_COMPARISON_BAD_PRACTICE ">RC_REF_COMPARISON_BAD_PRACT
ICE </a> <li><a href="http://findbugs.sourceforge
.net/bugDescriptions.html#RC_REF_COMPARISON_BAD_PRACTICE_BOOLEAN ">RC_REF_COMPAR
ISON_BAD_PRACTICE_BOOLEAN </a> <li><a href="http:
//findbugs.sourceforge.net/bugDescriptions.html#RV_RETURN_VALUE_OF_PUTIFABSENT_I
GNORED ">RV_RETURN_VALUE_OF_PUTIFABSENT_IGNORED </a>
<li><a href="http://findbugs.sourceforge.net/bugDescriptions.html#SIC_THREAD
LOCAL_DEADLY_EMBRACE ">SIC_THREADLOCAL_DEADLY_EMBRACE </a>
<li><a href="http://findbugs.sourceforge.net/bugDescriptions.html#UR_U
NINIT_READ_CALLED_FROM_SUPER_CONSTRUCTOR ">UR_UNINIT_READ_CALLED_FROM_SUPER_CONS
TRUCTOR </a> <li><a href="http://findbugs.sourcef
orge.net/bugDescriptions.html#VA_FORMAT_STRING_EXPECTED_MESSAGE_FORMAT_SUPPLIED
">VA_FORMAT_STRING_EXPECTED_MESSAGE_FORMAT_SUPPLIED </a> | 273 |
162 </ul> | 274 <h1>FindBugs Change Log, Version 2.0.0</h1> |
163 <li>Providing a bug rank (1-20), and t
he ability to filter by bug rank. Eventually, | 275 |
164 it will be possible to specify you
r own rules for ranking bugs, but the procedure for doing so hasn't been specifi
ed yet. | 276 <h2>Changes since version 1.3.8</h2> |
165 <li>Fixed about <a href="https://sourc
eforge.net/search/index.php?group_id=96405&search_summary=1&search_details=1&typ
e_of_search=artifact&group_artifact_id%5B%5D=614693&open_date_start=2009-03-16&o
pen_date_end=2009-08-20&form_submit=Search">45 bugs filed</a> through SourceForg
e | 277 <ul> |
166 <li>Various reclassifications and prio
rity tweaks | 278 <li>New bug patterns; in some cases, bug
s previous reported as |
167 <li>Added more bug annotations to a va
riety of bug reports. | 279 other bug patterns are reported
as instances of these new bug |
168 This provides more context for under
standing bug reports | 280 patterns in order to make it eas
ier for developers to understand |
169 (e.g., if the value in question was
is the return value | 281 the bug reports |
170 of a method, the method is described
as the source of | 282 <ul> |
171 the value in a bug annotation). This
also provide more | 283 <li><a |
172 accurate tracking of issues across v
ersions of the code | 284 href="http://fin
dbugs.sourceforge.net/bugDescriptions.html#BC_IMPOSSIBLE_DOWNCAST ">BC_IMPOSSIBL
E_DOWNCAST |
173 being analyzed, but has the downside
that when comparing | 285 </a></li> |
174 results from FindBugs 1.3.8 and Find
Bugs 1.3.9 on the | 286 <li><a |
175 same version of code being analyzed,
| 287 href="http://fin
dbugs.sourceforge.net/bugDescriptions.html#BC_IMPOSSIBLE_DOWNCAST_OF_TOARRAY ">B
C_IMPOSSIBLE_DOWNCAST_OF_TOARRAY |
176 FindBugs may think that mistakenly b
elieve that the | 288 </a></li> |
177 issue reported by 1.3.8 was fixed an
d a new issue was | 289 <li><a |
178 introduced that was reported by Find
Bugs 1.3.9. While | 290 href="http://fin
dbugs.sourceforge.net/bugDescriptions.html#EC_INCOMPATIBLE_ARRAY_COMPARE ">EC_IN
COMPATIBLE_ARRAY_COMPARE |
179 annoying, it would be unusual for mo
re than a dozen | 291 </a></li> |
180 issues per million | 292 <li><a |
181 lines of codes to be mistracked. | 293 href="http://fin
dbugs.sourceforge.net/bugDescriptions.html#JLM_JSR166_UTILCONCURRENT_MONITORENTE
R ">JLM_JSR166_UTILCONCURRENT_MONITORENTER |
182 <li> Lots of internal changes moving
towards FindBugs 2.0, but these | 294 </a></li> |
183 features are undocumented, not yet of
ficially supported, and subject to | 295 <li><a |
184 radical changes before FindBugs 2.0 i
s released. | 296 href="http://fin
dbugs.sourceforge.net/bugDescriptions.html#LG_LOST_LOGGER_DUE_TO_WEAK_REFERENCE
">LG_LOST_LOGGER_DUE_TO_WEAK_REFERENCE |
185 | 297 </a></li> |
186 | 298 <li><a |
187 </ul> | 299 href="http://fin
dbugs.sourceforge.net/bugDescriptions.html#NP_CLOSING_NULL ">NP_CLOSING_NULL |
188 <p> Changes since version 1.3.7</p> | 300 </a></li> |
189 <ul> | 301 <li><a |
190 <li>Primarily another small bugfix rel
ease.</li> | 302 href="http://fin
dbugs.sourceforge.net/bugDescriptions.html#RC_REF_COMPARISON_BAD_PRACTICE ">RC_R
EF_COMPARISON_BAD_PRACTICE |
191 <li>FindBugs base:</li> | 303 </a></li> |
192 <ul> | 304 <li><a |
193 <li>New Reports:</li> | 305 href="http://fin
dbugs.sourceforge.net/bugDescriptions.html#RC_REF_COMPARISON_BAD_PRACTICE_BOOLEA
N ">RC_REF_COMPARISON_BAD_PRACTICE_BOOLEAN |
194 <ul> | 306 </a></li> |
195 <li>SF_SWITCH_NO_DEFAULT: missin
g default case in switch statement.</li> | 307 <li><a |
196 <li>SF_DEAD_STORE_DUE_TO_SWITCH_
FALLTHROUGH_TO_THROW: value ignored when switch fallthrough leads to | 308 href="http://fin
dbugs.sourceforge.net/bugDescriptions.html#RV_RETURN_VALUE_OF_PUTIFABSENT_IGNORE
D ">RV_RETURN_VALUE_OF_PUTIFABSENT_IGNORED |
197 thrown exception.</li> | 309 </a></li> |
198 <li>INT_VACUOUS_BIT_OPERATION: b
it operations that don't do any meaningful work.</li> | 310 <li><a |
199 <li>FB_UNEXPECTED_WARNING: warni
ng generated that conflicts with @NoWarning FindBugs annotation.</li> | 311 href="http://fin
dbugs.sourceforge.net/bugDescriptions.html#SIC_THREADLOCAL_DEADLY_EMBRACE ">SIC_
THREADLOCAL_DEADLY_EMBRACE |
200 <li>FB_MISSING_EXPECTED_WARNING:
warning not generated despite presence of @ExpectedWarning FindBugs annotation.
</li> | 312 </a></li> |
201 <li>NOISE category: intended for
use in data mining experiments.</li> | 313 <li><a |
202 <ul> | 314 href="http://fin
dbugs.sourceforge.net/bugDescriptions.html#UR_UNINIT_READ_CALLED_FROM_SUPER_CONS
TRUCTOR ">UR_UNINIT_READ_CALLED_FROM_SUPER_CONSTRUCTOR |
203 <li>NOISE_NULL_DEREFERENCE: fa
ke null point dereference warning.</li> | 315 </a></li> |
204 <li>NOISE_METHOD_CALL: fake m
ethod call warning.</li> | 316 <li><a |
205 <li>NOISE_FIELD_REFERENCE: fa
ke field dereference warning.</li> | 317 href="http://fin
dbugs.sourceforge.net/bugDescriptions.html#VA_FORMAT_STRING_EXPECTED_MESSAGE_FOR
MAT_SUPPLIED ">VA_FORMAT_STRING_EXPECTED_MESSAGE_FORMAT_SUPPLIED |
206 <li>NOISE_OPERATION: fake ope
ration warning.</li> | 318 </a></li> |
207 </ul> | 319 </ul> |
208 </ul> | 320 </li> |
209 <li>Other:</li> | 321 <li>Providing a bug rank (1-20), and the
ability to filter by |
210 <ul> | 322 bug rank. Eventually, it will be
possible to specify your own |
211 <li>Garvin Leclaire has created
a new Apache Maven repository for FindBugs at | 323 rules for ranking bugs, but the
procedure for doing so hasn't been |
212 <a href="http://code.google.com/
p/findbugs/">the Google Code FindBugs SVN repository</a>. (Thanks Garvin!)</li> | 324 specified yet.</li> |
213 </ul> | 325 <li>Fixed about <a |
214 <li>Fixes:</li> | 326 href="https://sourceforge.net/se
arch/index.php?group_id=96405&search_summary=1&search_details=1&type_of_search=a
rtifact&group_artifact_id%5B%5D=614693&open_date_start=2009-03-16&open_date_end=
2009-08-20&form_submit=Search">45 |
215 <ul> | 327 bugs filed</a> through S
ourceForge |
216 <li>[ 2317842 ] Highlighting bro
ken in Windows</li> | 328 </li> |
217 <li>[ 2515908 ] check for oddnes
s should track sign of argument</li> | 329 <li>Various reclassifications and priori
ty tweaks</li> |
218 <li>[ 2487936 ] "L B GC&quo
t; false pos cast from Map.Entry.getKey() to Map.get()</li> | 330 <li>Added more bug annotations to a vari
ety of bug reports. |
219 <li>[ 2528264 ] Ant tasks not co
mpatible with Ant 1.7.1</li> | 331 This provides more context for u
nderstanding bug reports (e.g., if |
220 <li>[ 2539590 ] SF_SWITCH_FALLTH
ROUGH wrong message reported </li> | 332 the value in question was is the
return value of a method, the |
221 <li>[ 2020066 ] Bug history disp
layed in fancy-hist.xsl is incorrect</li> | 333 method is described as the sourc
e of the value in a bug |
222 <li>[ 2545098 ] Invalid characte
r in analysis results file</li> | 334 annotation). This also provide m
ore accurate tracking of issues |
223 <li>[ 2492673 ] Plugin sites sho
uld specify 'requires Eclipse 3.3 or newer'</li> | 335 across versions of the code bein
g analyzed, but has the downside |
224 <li>[ 2588044 ] a tiny typing er
ror</li> | 336 that when comparing results from
FindBugs 1.3.8 and FindBugs 1.3.9 |
225 <li>[ 2589048 ] Documentation fo
r convertXmlToText insufficient</li> | 337 on the same version of code bein
g analyzed, FindBugs may think |
226 <li>[ 2638739 ] NullPointerExcep
tion when building</li> | 338 that mistakenly believe that the
issue reported by 1.3.8 was fixed |
227 </ul> | 339 and a new issue was introduced t
hat was reported by FindBugs |
228 <li>Patches:</li> | 340 1.3.9. While annoying, it would
be unusual for more than a dozen |
229 <ul> | 341 issues per million lines of code
s to be mistracked.</li> |
230 <li>[ 2538184 ] Make BugCollecti
on implement Iterable<BugInstance> (thanks to Tomas Pollak)</li> | 342 <li>Lots of internal changes moving towa
rds FindBugs 2.0, but |
231 <li>[ 2249771 ] Add Maven2 Findb
ugs plugin link to the Links page (thanks to Garvin Leclaire)</li> | 343 these features are undocumented,
not yet officially supported, and |
232 <li>[ 2609526 ] Japanese manual
update (thanks to K. Hashimoto)</li> | 344 subject to radical changes befor
e FindBugs 2.0 is released.</li> |
233 <li>[ 2119482 ] CheckBcel checks
for nonexistent classes (thanks to Jerry James)</li> | 345 </ul> |
234 </ul> | 346 |
235 </ul> | 347 <p>Changes since version 1.3.8</p> |
236 <li>FindBugs Eclipse plugin:</li> | 348 <ul> |
237 <ul> | 349 <li>New bug patterns; in some cases, bug
s previous reported as |
238 <li>Major feature enhancements (th
anks to Andrey Loskutov). | 350 other bug patterns are reported
as instances of these new bug |
239 See <a href="http://andrei.gmxhome
.de/findbugs/index.html">this overview</a> for more information.</li> | 351 patterns in order to make it eas
ier for developers to understand |
240 <li>Major test improvements (thank
s to Tomas Pollak).</li> | 352 the bug reports |
241 <li>Fixes:</li> | 353 <ul> |
242 <ul> | 354 <li><a |
243 <li>[ 2532365 ] Compiler warning
</li> | 355 href="http://fin
dbugs.sourceforge.net/bugDescriptions.html#BC_IMPOSSIBLE_DOWNCAST ">BC_IMPOSSIBL
E_DOWNCAST |
244 <li>[ 2522989 ] Fix filter files
selection</li> | 356 </a> |
245 <li>[ 2504068 ] NullPointerExcep
tion</li> | 357 <li><a |
246 <li>[ 2640849 ] NPE in Eclipse p
lugin 1.3.7 and Eclipse 3.5 M5</li> | 358 href="http://fin
dbugs.sourceforge.net/bugDescriptions.html#BC_IMPOSSIBLE_DOWNCAST_OF_TOARRAY ">B
C_IMPOSSIBLE_DOWNCAST_OF_TOARRAY |
247 </ul> | 359 </a> |
248 <li>Patches:</li> | 360 <li><a |
249 <ul> | 361 href="http://fin
dbugs.sourceforge.net/bugDescriptions.html#EC_INCOMPATIBLE_ARRAY_COMPARE ">EC_IN
COMPATIBLE_ARRAY_COMPARE |
250 <li>[ 2143140 ] Unchecked conver
sion fixes for Eclipse plugin (thanks to Jerry James) | 362 </a> |
251 </ul> | 363 <li><a |
252 </ul> | 364 href="http://fin
dbugs.sourceforge.net/bugDescriptions.html#JLM_JSR166_UTILCONCURRENT_MONITORENTE
R ">JLM_JSR166_UTILCONCURRENT_MONITORENTER |
253 </ul> | 365 </a> |
254 </ul> | 366 <li><a |
255 | 367 href="http://fin
dbugs.sourceforge.net/bugDescriptions.html#LG_LOST_LOGGER_DUE_TO_WEAK_REFERENCE
">LG_LOST_LOGGER_DUE_TO_WEAK_REFERENCE |
256 <p> Changes since version 1.3.6</p> | 368 </a> |
257 <ul> | 369 <li><a |
258 <li>Overall, a small bugfix release. | 370 href="http://fin
dbugs.sourceforge.net/bugDescriptions.html#NP_CLOSING_NULL ">NP_CLOSING_NULL |
259 <li>New detection of accidental vacuous/
useless calls to EasyMock methods, | 371 </a> |
260 and of generic signatures that proclaim
the use of unhashable classes | 372 <li><a |
261 in ways that require that they be hashed
. | 373 href="http://fin
dbugs.sourceforge.net/bugDescriptions.html#RC_REF_COMPARISON_BAD_PRACTICE ">RC_R
EF_COMPARISON_BAD_PRACTICE |
262 <li>Eliminate some false positives where
we were warning about | 374 </a> |
263 a useless call (e.g., comparing two
incompatible types for equality), | 375 <li><a |
264 but the only thing the code was doin
g with the result was | 376 href="http://fin
dbugs.sourceforge.net/bugDescriptions.html#RC_REF_COMPARISON_BAD_PRACTICE_BOOLEA
N ">RC_REF_COMPARISON_BAD_PRACTICE_BOOLEAN |
265 passing it to assertFalse. | 377 </a> |
| 378 <li><a |
| 379 href="http://fin
dbugs.sourceforge.net/bugDescriptions.html#RV_RETURN_VALUE_OF_PUTIFABSENT_IGNORE
D ">RV_RETURN_VALUE_OF_PUTIFABSENT_IGNORED |
| 380 </a> |
| 381 <li><a |
| 382 href="http://fin
dbugs.sourceforge.net/bugDescriptions.html#SIC_THREADLOCAL_DEADLY_EMBRACE ">SIC_
THREADLOCAL_DEADLY_EMBRACE |
| 383 </a> |
| 384 <li><a |
| 385 href="http://fin
dbugs.sourceforge.net/bugDescriptions.html#UR_UNINIT_READ_CALLED_FROM_SUPER_CONS
TRUCTOR ">UR_UNINIT_READ_CALLED_FROM_SUPER_CONSTRUCTOR |
| 386 </a> |
| 387 <li><a |
| 388 href="http://fin
dbugs.sourceforge.net/bugDescriptions.html#VA_FORMAT_STRING_EXPECTED_MESSAGE_FOR
MAT_SUPPLIED ">VA_FORMAT_STRING_EXPECTED_MESSAGE_FORMAT_SUPPLIED |
| 389 </a> |
| 390 </ul> |
| 391 </li> |
| 392 <li>Providing a bug rank (1-20), and the
ability to filter by |
| 393 bug rank. Eventually, it will be
possible to specify your own |
| 394 rules for ranking bugs, but the
procedure for doing so hasn't been |
| 395 specified yet.</li> |
| 396 <li>Fixed about <a |
| 397 href="https://sourceforge.net/se
arch/index.php?group_id=96405&search_summary=1&search_details=1&type_of_search=a
rtifact&group_artifact_id%5B%5D=614693&open_date_start=2009-03-16&open_date_end=
2009-08-20&form_submit=Search">45 |
| 398 bugs filed</a> through S
ourceForge |
| 399 </li> |
| 400 <li>Various reclassifications and priori
ty tweaks</li> |
| 401 <li>Added more bug annotations to a vari
ety of bug reports. |
| 402 This provides more context for u
nderstanding bug reports (e.g., if |
| 403 the value in question was is the
return value of a method, the |
| 404 method is described as the sourc
e of the value in a bug |
| 405 annotation). This also provide m
ore accurate tracking of issues |
| 406 across versions of the code bein
g analyzed, but has the downside |
| 407 that when comparing results from
FindBugs 1.3.8 and FindBugs 1.3.9 |
| 408 on the same version of code bein
g analyzed, FindBugs may think |
| 409 that mistakenly believe that the
issue reported by 1.3.8 was fixed |
| 410 and a new issue was introduced t
hat was reported by FindBugs |
| 411 1.3.9. While annoying, it would
be unusual for more than a dozen |
| 412 issues per million lines of code
s to be mistracked.</li> |
| 413 <li>Lots of internal changes moving towa
rds FindBugs 2.0, but |
| 414 these features are undocumented,
not yet officially supported, and |
| 415 subject to radical changes befor
e FindBugs 2.0 is released.</li> |
| 416 </ul> |
| 417 |
| 418 <p>Changes since version 1.3.7</p> |
| 419 <ul> |
| 420 <li>Primarily another small bugfix relea
se.</li> |
| 421 <li>FindBugs base: |
| 422 <ul> |
| 423 <li>New Reports: |
| 424 <ul> |
| 425 <li>SF_S
WITCH_NO_DEFAULT: missing default case in switch |
| 426
statement.</li> |
| 427 <li>SF_D
EAD_STORE_DUE_TO_SWITCH_FALLTHROUGH_TO_THROW: |
| 428
value ignored when switch fallthrough leads to thrown |
| 429
exception.</li> |
| 430 <li>INT_
VACUOUS_BIT_OPERATION: bit operations that don't |
| 431
do any meaningful work.</li> |
| 432 <li>FB_U
NEXPECTED_WARNING: warning generated that |
| 433
conflicts with @NoWarning FindBugs annotation.</li> |
| 434 <li>FB_M
ISSING_EXPECTED_WARNING: warning not generated |
| 435
despite presence of @ExpectedWarning FindBugs annotation.</li> |
| 436 <li>NOIS
E category: intended for use in data mining |
| 437
experiments. |
| 438
<ul> |
| 439
<li>NOISE_NULL_DEREFERENCE: fake null point dereference |
| 440
warning.</li> |
| 441
<li>NOISE_METHOD_CALL: fake method call warning.</li> |
| 442
<li>NOISE_FIELD_REFERENCE: fake field dereference |
| 443
warning.</li> |
| 444
<li>NOISE_OPERATION: fake operation warning.</li> |
| 445
</ul> |
| 446 </li> |
| 447 </ul> |
| 448 </li> |
| 449 <li>Other: |
| 450 <ul> |
| 451 <li>Garv
in Leclaire has created a new Apache Maven |
| 452
repository for FindBugs at <a |
| 453
href="http://code.google.com/p/findbugs/">the Google Code |
| 454
FindBugs SVN repository</a>. (Thanks Garvin!) |
| 455 </li> |
| 456 </ul> |
| 457 </li> |
| 458 <li>Fixes: |
| 459 <ul> |
| 460 <li>[ 23
17842 ] Highlighting broken in Windows</li> |
| 461 <li>[ 25
15908 ] check for oddness should track sign of |
| 462
argument</li> |
| 463 <li>[ 24
87936 ] "L B GC" false pos cast from |
| 464
Map.Entry.getKey() to Map.get()</li> |
| 465 <li>[ 25
28264 ] Ant tasks not compatible with Ant 1.7.1</li> |
| 466 <li>[ 25
39590 ] SF_SWITCH_FALLTHROUGH wrong message |
| 467
reported</li> |
| 468 <li>[ 20
20066 ] Bug history displayed in fancy-hist.xsl is |
| 469
incorrect</li> |
| 470 <li>[ 25
45098 ] Invalid character in analysis results file</li> |
| 471 <li>[ 24
92673 ] Plugin sites should specify "requires |
| 472
Eclipse 3.3 or newer"</li> |
| 473 <li>[ 25
88044 ] a tiny typing error</li> |
| 474 <li>[ 25
89048 ] Documentation for convertXmlToText |
| 475
insufficient</li> |
| 476 <li>[ 26
38739 ] NullPointerException when building</li> |
| 477 </ul> |
| 478 </li> |
| 479 <li>Patches: |
| 480 <ul> |
| 481 <li>[ 25
38184 ] Make BugCollection implement |
| 482
Iterable<BugInstance> (thanks to Tomas Pollak)</li> |
| 483 <li>[ 22
49771 ] Add Maven2 Findbugs plugin link to the |
| 484
Links page (thanks to Garvin Leclaire)</li> |
| 485 <li>[ 26
09526 ] Japanese manual update (thanks to K. |
| 486
Hashimoto)</li> |
| 487 <li>[ 21
19482 ] CheckBcel checks for nonexistent classes |
| 488
(thanks to Jerry James)</li> |
| 489 </ul> |
| 490 </li> |
| 491 </ul> |
| 492 </li> |
| 493 <li>FindBugs Eclipse plugin: |
| 494 <ul> |
| 495 <li>Major feature enhanc
ements (thanks to Andrey Loskutov). |
| 496 See <a href="htt
p://andrei.gmxhome.de/findbugs/index.html">this |
| 497 overview
</a> for more information. |
| 498 </li> |
| 499 <li>Major test improveme
nts (thanks to Tomas Pollak).</li> |
| 500 <li>Fixes: |
| 501 <ul> |
| 502 <li>[ 25
32365 ] Compiler warning</li> |
| 503 <li>[ 25
22989 ] Fix filter files selection</li> |
| 504 <li>[ 25
04068 ] NullPointerException</li> |
| 505 <li>[ 26
40849 ] NPE in Eclipse plugin 1.3.7 and Eclipse |
| 506
3.5 M5</li> |
| 507 </ul> |
| 508 </li> |
| 509 <li>Patches: |
| 510 <ul> |
| 511 <li>[ 21
43140 ] Unchecked conversion fixes for Eclipse |
| 512
plugin (thanks to Jerry James) |
| 513 </ul> |
| 514 </li> |
| 515 </ul> |
| 516 </li> |
| 517 </ul> |
| 518 |
| 519 <p>Changes since version 1.3.6</p> |
| 520 <ul> |
| 521 <li>Overall, a small bugfix release. |
| 522 <li>New detection of accidental vacuous/
useless calls to |
| 523 EasyMock methods, and of generic
signatures that proclaim the use |
| 524 of unhashable classes in ways th
at require that they be hashed. |
| 525 <li>Eliminate some false positives where
we were warning about |
| 526 a useless call (e.g., comparing
two incompatible types for |
| 527 equality), but the only thing th
e code was doing with the result |
| 528 was passing it to assertFalse. |
266 <li>Japanese localization and manual by
K.Hashimoto. (Thanks!) | 529 <li>Japanese localization and manual by
K.Hashimoto. (Thanks!) |
267 <li>Added -exclude and -outputDir comman
d line options to rejarForAnalysis | |
268 <li>Extended -adjustPriorities option to
FindBugs analysis textui so that you | |
269 can modify the priorities of ind
ividual bug patterns as well as visitors, | |
270 and also completely suppress ind
ividual bug patterns or visitors. | |
271 <ul> | |
272 <li> e.g., -adjustPriority MS_SH
OULD_BE_FINAL=suppress,MS_PKGPROTECT=suppress,EI_EXPOSE_REP=suppress,EI_EXPOSE_R
EP2=suppress,PZLA_PREFER_ZERO_LENGTH_ARRAYS=raise | |
273 </ul> | |
274 </ul> | |
275 | 530 |
276 | 531 » » » » » <li>Added -exclude and -outputDir comman
d line options to |
277 » » » » » <p> Changes since version 1.3.5</p> | 532 » » » » » » rejarForAnalysis |
278 » » » » » <ul> | 533 » » » » » <li>Extended -adjustPriorities option to
FindBugs analysis |
279 » » » » » <li>Added fairly exhaustive static analy
sis | 534 » » » » » » textui so that you can modify th
e priorities of individual bug |
280 » » » » » of uses of format strings, checking for
missing or | 535 » » » » » » patterns as well as visitors, an
d also completely suppress |
281 » » » » » extra arguements, invalid format specifi
ers, | 536 » » » » » » individual bug patterns or visit
ors. |
282 » » » » » or mismatched format specifiers and argu
ments (e.g, | 537 » » » » » » <ul> |
283 » » » » » passing a String value for a %d format s
pecifier). | 538 » » » » » » » <li>e.g., -adjustPriorit
y |
284 » » » » » The logic for doing so is derived from S
un's java.util.Formatter class, | 539 » » » » » » » » MS_SHOULD_BE_FIN
AL=suppress,MS_PKGPROTECT=suppress,EI_EXPOSE_REP=suppress,EI_EXPOSE_REP2=suppres
s,PZLA_PREFER_ZERO_LENGTH_ARRAYS=raise |
285 » » » » » and available separately from FindBugs a
s part of the | 540 » » » » » » » |
286 » » » » » <a href="https://jformatstring.dev.java.
net/">jFormatString</a> project. | 541 » » » » » » </ul> |
| 542 » » » » </ul> |
| 543 |
| 544 |
| 545 » » » » <p>Changes since version 1.3.5</p> |
| 546 » » » » <ul> |
| 547 » » » » » <li>Added fairly exhaustive static analy
sis of uses of format |
| 548 » » » » » » strings, checking for missing or
extra arguements, invalid format |
| 549 » » » » » » specifiers, or mismatched format
specifiers and arguments (e.g, |
| 550 » » » » » » passing a String value for a %d
format specifier). The logic for |
| 551 » » » » » » doing so is derived from Sun's j
ava.util.Formatter class, and |
| 552 » » » » » » available separately from FindBu
gs as part of the <a |
| 553 » » » » » » href="https://jformatstring.dev.
java.net/">jFormatString</a> |
| 554 » » » » » » project. |
| 555 » » » » » <li>More tuning of the unsatisfied oblig
ation detector. Since |
| 556 » » » » » » this detector is still rather no
isy and an unfinished research |
| 557 » » » » » » project, I've moved the generate
d issues to a new category: |
| 558 » » » » » » EXPERIMENTAL. |
| 559 » » » » » <li>Added check for <a |
| 560 » » » » » » href="http://findbugs.sourceforg
e.net/bugDescriptions.html#BIT_ADD_OF_SIGNED_BYTE">BIT_ADD_OF_SIGNED_BYTE</a>; |
| 561 » » » » » » similar to <a |
| 562 » » » » » » href="http://findbugs.sourceforg
e.net/bugDescriptions.html#BIT_IOR_OF_SIGNED_BYTE">BIT_IOR_OF_SIGNED_BYTE</a>, |
| 563 » » » » » » except that addition is being us
ed to combine shifted signed |
| 564 » » » » » » bytes. |
| 565 » » » » » <li>Changed detection of EI_EXPOSE_REP2,
so we only report it |
| 566 » » » » » » if the value stored is guarantee
d to be the same value that was |
| 567 » » » » » » passed in as a parameter. |
| 568 » » » » » <li>Added <a |
| 569 » » » » » » href="http://findbugs.sourceforg
e.net/bugDescriptions.html#EQ_CHECK_FOR_OPERAND_NOT_COMPATIBLE_WITH_THIS">EQ_CHE
CK_FOR_OPERAND_NOT_COMPATIBLE_WITH_THIS</a>, |
| 570 » » » » » » a warning when an equals method
checks to see if an operand is an |
| 571 » » » » » » instance of a class not compatib
le with itself. For example, if |
| 572 » » » » » » the Foo class checks to see if t
he argument is an instance of |
| 573 » » » » » » String. This is either a questio
nable design decision or a coding |
| 574 » » » » » » mistake. |
| 575 » » » » » <li>Added <a |
| 576 » » » » » » href="http://findbugs.sourceforg
e.net/bugDescriptions.html#DMI_INVOKING_HASHCODE_ON_ARRAY">DMI_INVOKING_HASHCODE
_ON_ARRAY</a>, |
| 577 » » » » » » which checks for invoking <code>
hashCode()</code> on an array, |
| 578 » » » » » » which returns a hash code that i
gnores the contents of the array. |
287 | 579 |
288 » » » » » <li>More tuning of the unsatisfied oblig
ation detector. Since this | 580 » » » » » <li>Added checks for using <code>x.remov
eAll(x)</code> to |
289 » » » » » detector is still rather noisy and an un
finished research project, | 581 » » » » » » rather than <code>x.clear()</cod
e> to clear an array. |
290 » » » » » I've moved the generated issues to a new
category: EXPERIMENTAL. | 582 » » » » » <li>Add checks for calls such as <code>x
.contains(x)</code>, <code>x.remove(x)</code> |
291 » » » » » | 583 » » » » » » and <code>x.containsAll(x)</code
>. |
292 » » » » » <li>Added check for <a href="http://find
bugs.sourceforge.net/bugDescriptions.html#BIT_ADD_OF_SIGNED_BYTE">BIT_ADD_OF_SIG
NED_BYTE</a>; similar to <a href="http://findbugs.sourceforge.net/bugDescription
s.html#BIT_IOR_OF_SIGNED_BYTE">BIT_IOR_OF_SIGNED_BYTE</a>, except that | 584 » » » » » <li>Improvements to Eclipse plugin (than
ks to Andrey |
293 » » » » » addition is being used to combine shifte
d signed bytes. | 585 » » » » » » Loskutov): |
294 » » » » » | 586 » » » » » » <ul> |
295 » » » » » <li>Changed detection of EI_EXPOSE_REP2,
so we only report it if the value stored | 587 » » » » » » » <li>Report separate mark
ers for each occurrence of an issue |
296 » » » » » is guaranteed to be the same value that
was passed in as a parameter. | 588 » » » » » » » » that appears mul
tiple times in a method |
297 » » » » » | 589 » » » » » » » <li>fine tuning for repo
rted markers: add only one marker |
298 » » » » » <li>Added <a href="http://findbugs.sourc
eforge.net/bugDescriptions.html#EQ_CHECK_FOR_OPERAND_NOT_COMPATIBLE_WITH_THIS">E
Q_CHECK_FOR_OPERAND_NOT_COMPATIBLE_WITH_THIS</a>, a warning when | 590 » » » » » » » » for fields, add
marker on right position |
299 » » » » » » an equals method checks to see i
f an operand is an instance of a class not | 591 » » » » » » » <li>link bugs selected i
n bug explorer view to the opened |
300 » » » » » » » compatible with itself.
For example, if the Foo class checks to see if the argument | 592 » » » » » » » » editor and vice
versa |
301 » » » » » » » is an instance of String
. This is either a questionable design decision or a coding mistake. | 593 » » » » » » » <li>select bugs selected
in editor ruler in the opened bug |
302 » » » » » <li>Added <a href="http://findbugs.sourc
eforge.net/bugDescriptions.html#DMI_INVOKING_HASHCODE_ON_ARRAY">DMI_INVOKING_HAS
HCODE_ON_ARRAY</a>, | 594 » » » » » » » » explorer view |
303 » » » » » » which checks for invoking <code>
hashCode()</code> on an array, which returns a hash code that ignores the conten
ts of the array. | 595 » » » » » » » <li>consistent abbreviat
ions used in both bug explorer and |
304 » » » » » <li>Added checks for using <code>x.remov
eAll(x)</code> to rather than <code>x.clear()</code> | 596 » » » » » » » » bug details view |
305 » » » » » to clear an array. | 597 » » » » » » » <li>added "Expand All" b
utton to the bug explorer view |
306 » » » » » <li>Add checks for calls such as <code>x
.contains(x)</code>, <code>x.remove(x)</code> and <code>x.containsAll(x)</code>. | 598 » » » » » » » <li>added "Go Into/Go Up
" buttons to the bug explorer view |
307 » » » » » <li>Improvements to Eclipse plugin (than
ks to Andrey Loskutov): | 599 » » » » » » » <li>added "Copy to clipb
oard" menu/functionality to the |
308 » » » » » <ul> | 600 » » » » » » » » details view lis
t widget |
309 » » » » » <li>Report separate markers for each occ
urrence of an issue that appears multiple times in a method | 601 » » » » » » » <li>fix for CNF exceptio
n if loading the backup solution for |
310 » » » » » <li> fine tuning for reported markers: a
dd only one marker for fields, add marker on right position | 602 » » » » » » » » broken browser w
idget |
311 » » » » » <li> link bugs selected in bug explorer
view to the opened editor and vice versa | 603 » » » » » » </ul> |
312 » » » » » <li> select bugs selected in editor rule
r in the opened bug explorer view | 604 » » » » </ul> |
313 » » » » » <li> consistent abbreviations used in b
oth bug explorer and bug details view | 605 |
314 » » » » » <li> added "Expand All" button to the bu
g explorer view | 606 |
315 » » » » » <li> added "Go Into/Go Up" buttons to t
he bug explorer view | 607 |
316 » » » » » <li> added "Copy to clipboard" menu/fun
ctionality to the details view list widget | 608 » » » » <p>Changes since version 1.3.4</p> |
317 » » » » » <li> fix for CNF exception if loading th
e backup solution for broken browser widget | 609 » » » » <ul> |
318 » » » » » | |
319 » » » » » </ul></ul> | |
320 » » » » » | |
321 » » » » » | |
322 | |
323 » » » » » <p> Changes since version 1.3.4</p> | |
324 » » » » » <ul> | |
325 <li>Analysis about 15% faster | 610 <li>Analysis about 15% faster |
326 » » » » » <li><a href="http://sourceforge.net/trac
ker/?atid=614693&group_id=96405&func=browse&status=closed">38 bugs closed</a></l
i> | 611 » » » » » <li><a |
| 612 » » » » » » href="http://sourceforge.net/tra
cker/?atid=614693&group_id=96405&func=browse&status=closed">38 |
| 613 » » » » » » » bugs closed</a></li> |
327 <li>New defect warnings: | 614 <li>New defect warnings: |
328 » » » » » <ul> | 615 » » » » » » <ul> |
329 » » » » » <li>calls to methods that always throw | 616 » » » » » » » <li>calls to methods tha
t always throw |
330 » » » » » » UnsupportedOperationException»
(DMI_UNSUPPORTED_METHOD) | 617 » » » » » » » » UnsupportedOpera
tionException (DMI_UNSUPPORTED_METHOD) |
331 » » » » » <li>repeated conditional tests (e.g., | 618 » » » » » » » <li>repeated conditional
tests (e.g., <code>if (x |
332 » » » » » » » <code>if (x < 0 || x
< 0) ...</code>) | 619 » » » » » » » » » < 0 |
| x < 0) ...</code>) (RpC_REPEATED_CONDITIONAL_TEST) |
333 » » » » » » (RpC_REPEATED_CONDITIONAL_TEST) | 620 » » » » » » » <li>Complete rewrite of
detector for format string problems. |
334 » » » » » <li>Complete rewrite of detector for for
mat string problems. | 621 » » » » » » » » More accurate, f
inds more problems, generates more descriptive |
335 » » » » » » More accurate, finds more proble
ms, generates | 622 » » » » » » » » reports, several
different bug pattern |
336 » » » » » » » more descriptive reports
, several different | 623 » » » » » » » » (VA_FORMAT_STRIN
G_EXTRA_ARGUMENTS_PASSED, |
337 » » » » » » » » bug pattern | 624 » » » » » » » » VA_FORMAT_STRING
_ILLEGAL, VA_FORMAT_STRING_MISSING_ARGUMENT, |
338 » » » » » » (VA_FORMAT_STRING_EXTRA_ARGUM
ENTS_PASSED, | 625 » » » » » » » » VA_FORMAT_STRING
_BAD_ARGUMENT, |
339 » » » » » » VA_FORMAT_STRING_ILLEGAL, | 626 » » » » » » » » VA_FORMAT_STRING
_NO_PREVIOUS_ARGUMENT) |
340 » » » » » » VA_FORMAT_STRING_MISSING_ARGU
MENT, | 627 » » » » » » » <li>Fairly complete impl
ementation of JSR-305 custom type |
341 » » » » » » VA_FORMAT_STRING_BAD_ARGUMENT
, | 628 » » » » » » » » qualifier analys
is (no support for custom validators yet). |
342 » » » » » » VA_FORMAT_STRING_NO_PREVIOUS_A
RGUMENT) | 629 » » » » » » » » (TQ_MAYBE_SOURCE
_VALUE_REACHES_NEVER_SINK |
343 | 630 » » » » » » » » TQ_EXPLICIT_UNKN
OWN_SOURCE_VALUE_REACHES_ALWAYS_SINK |
344 » » » » » <li>Fairly complete implementation of JS
R-305 custom type qualifier | 631 » » » » » » » » TQ_EXPLICIT_UNKN
OWN_SOURCE_VALUE_REACHES_NEVER_SINK) |
345 » » » » » » analysis (no support for custom
validators yet). | 632 » » » » » » » <li>New detector for uns
atisfied obligations such forgetting |
346 » » » » » » (TQ_MAYBE_SOURCE_VALUE_REACHE
S_NEVER_SINK | 633 » » » » » » » » to close a file
(OBL_UNSATISFIED_OBLIGATION). |
347 » » » » » » TQ_EXPLICIT_UNKNOWN_SOURCE_VA
LUE_REACHES_ALWAYS_SINK | 634 » » » » » » » <li>Warning when a param
eter is marked as nullable, but is |
348 » » » » » » TQ_EXPLICIT_UNKNOWN_SOURCE_VA
LUE_REACHES_NEVER_SINK) | 635 » » » » » » » » always dereferen
ced. |
349 » » » » » <li>New detector for unsatisfied obligat
ions such forgetting to | 636 » » » » » » » » (NP_PARAMETER_MU
ST_BE_NONNULL_BUT_MARKED_AS_NULLABLE) |
350 » » » » » » close a file (OBL_UNSATISFIED_OB
LIGATION). | 637 » » » » » » » <lI>Separate warning for
dereference the result of readLine |
351 » » » » » <li>Warning when a parameter is marked a
s nullable, but is | 638 » » » » » » » » (NP_DEREFERENCE_
OF_READLINE_VALUE) |
352 » » » » » » always dereferenced. | 639 » » » » » » </ul> |
353 » » » » » » (NP_PARAMETER_MUST_BE_NONNULL_BU
T_MARKED_AS_NULLABLE) | 640 » » » » » <li>When XML is generated with messages,
the project stats now |
354 » » » » » <lI>Separate warning for dereference the
result of readLine (NP_DEREFERENCE_OF_READLINE_VALUE) | 641 » » » » » » include <FileStat> element
s. For each source file, this |
355 » » » » » </ul> | 642 » » » » » » gives the path for the file, the
total number of warnings for that |
356 » » » » » <li>When XML is generated with messages,
the project stats now | 643 » » » » » » file, and a bugHash for the file
. While the instanceHash for a bug |
357 » » » » » include <FileStat> elements. | 644 » » » » » » is intended to be version invari
ant (ignoring line numbers, etc), |
358 » » » » » For each source file, this gives the pat
h for the file, | 645 » » » » » » the bugHash for a file is intend
ed to reflect all the information |
359 » » » » » the total number of warnings for that fi
le, and a bugHash | 646 » » » » » » about the warnings in that file.
The intended use case is that if |
360 » » » » » for the file. While the instanceHash for
a bug is intended | 647 » » » » » » the bugHash for a file is the sa
me in two analysis runs, then <em>nothing</em> |
361 » » » » » to be version invariant (ignoring line n
umbers, etc), the | 648 » » » » » » has changed about any of the war
nings reported for that file |
362 » » » » » bugHash for a file is intended to reflec
t all the information | 649 » » » » » » between the two analysis runs. |
363 » » » » » about the warnings in that file. The int
ended use case is that | 650 » » » » » <li>More merging of similar issues withi
n a method. For |
364 » » » » » if the bugHash for a file is the same in
two analysis runs, | 651 » » » » » » example, if the result of readLi
ne() is dereferences multiple |
365 » » » » » then <em>nothing</em> has changed about
any of the warnings | 652 » » » » » » times within a method, it will b
e reported as a single warning |
366 » » » » » reported for that file between the two a
nalysis runs. | |
367 » » » » » <li>More merging of similar issues withi
n a method. For example, | |
368 » » » » » » if the result of readLine() is d
ereferences multiple times | |
369 » » » » » » within a method, it will be repo
rted as a single warning | |
370 with occurrences at multiple sou
rce lines. | 653 with occurrences at multiple sou
rce lines. |
371 </ul> | 654 </ul> |
372 <p> Changes since version 1.3.3</p> | 655 <p>Changes since version 1.3.3</p> |
373 | 656 |
374 <ul> | 657 <ul> |
375 <li>FindBugs base | 658 <li>FindBugs base |
376 <ul> | 659 <ul> |
377 <li>New Reports:</li> | 660 <li>New Reports: |
378 <ul> | 661 <ul> |
379 <li>EQ_OVERRIDING_EQUALS_NOT_SYMME
TRIC: | 662 <li>EQ_O
VERRIDING_EQUALS_NOT_SYMMETRIC: equals method |
380 equals method overrides equals in
superclass and may not be symmetric</li> | 663
overrides equals in superclass and may not be symmetric</li> |
381 <li>EQ_ALWAYS_TRUE: | 664 <li>EQ_A
LWAYS_TRUE: equals method always returns true</li> |
382 equals method always returns true<
/li> | 665 <li>EQ_A
LWAYS_FALSE: equals method always returns false</li> |
383 <li>EQ_ALWAYS_FALSE: | 666 <li>EQ_C
OMPARING_CLASS_NAMES: equals method compares class |
384 equals method always returns false
</li> | 667
names rather than class objects</li> |
385 <li>EQ_COMPARING_CLASS_NAMES: | 668 <li>EQ_U
NUSUAL: Unusual equals method</li> |
386 equals method compares class names
rather than class objects</li> | 669 <li>EQ_G
ETCLASS_AND_CLASS_CONSTANT: equals method fails |
387 <li>EQ_UNUSUAL: Unusual equals met
hod</li> | 670
for subtypes</li> |
388 <li>EQ_GETCLASS_AND_CLASS_CONSTANT
: | 671 <li>SE_R
EAD_RESOLVE_IS_STATIC: The readResolve method must |
389 equals method fails for subtypes</
li> | 672
not be declared as a static method.</li> |
390 <li>SE_READ_RESOLVE_IS_STATIC: | 673 <li>SE_P
RIVATE_READ_RESOLVE_NOT_INHERITED: private |
391 The readResolve method must not be
declared as a static method.</li> | 674
readResolve method not inherited by subclasses</li> |
392 <li>SE_PRIVATE_READ_RESOLVE_NOT_IN
HERITED: | 675 <li>MSF_
MUTABLE_SERVLET_FIELD: Mutable servlet field</li> |
393 private readResolve method not inh
erited by subclasses</li> | 676 <li>XSS_
REQUEST_PARAMETER_TO_SEND_ERROR: Servlet reflected |
394 <li>MSF_MUTABLE_SERVLET_FIELD: Mut
able servlet field</li> | 677
cross site scripting vulnerability</li> |
395 <li>XSS_REQUEST_PARAMETER_TO_SEND_
ERROR: | 678 <li>SKIP
PED_CLASS_TOO_BIG: Class too big for analysis</li> |
396 Servlet reflected cross site scrip
ting vulnerability</li> | 679 </ul> |
397 <li>SKIPPED_CLASS_TOO_BIG: Class t
oo big for analysis</li> | 680 </li> |
398 </ul> | 681 <li>Other: |
399 <li>Other:</li> | 682 <ul> |
400 <ul> | 683 <li>Valu
e-number analysis now more space-efficient</li> |
401 <li>Value-number analysis now more
space-efficient</li> | 684 <li>Enha
ncements to reduce memory overhead when analyzing |
402 <li>Enhancements to reduce memory
overhead when | 685
very large classes</li> |
403 analyzing very large classes</
li> | 686 <li>Now
skips very large classes that would otherwise take |
404 <li>Now skips very large classes t
hat would otherwise | 687
too much time and memory to analyze</li> |
405 take too much time and memory
to analyze</li> | 688 <li>Infr
astructure for tracking effectively-constant/ |
406 <li>Infrastructure for tracking ef
fectively-constant/ | 689
effectively-final fields</li> |
407 effectively-final fields</li> | 690 <li>Adde
d more cweids</li> |
408 <li>Added more cweids</li> | 691 <li>Enha
nced taint tracking for taint-based detectors</li> |
409 <li>Enhanced taint tracking for ta
int-based detectors</li> | 692 <li>Igno
re doomed calls to equals if result is used as an |
410 <li>Ignore doomed calls to equals
if result is used | 693
argument to assertFalse</li> |
411 as an argument to assertFalse<
/li> | 694 <li>EQ_O
VERRIDING_EQUALS_NOT_SYMMETRIC handles compareTo</li> |
412 <li>EQ_OVERRIDING_EQUALS_NOT_SYMME
TRIC handles compareTo</li> | 695 <li>Prio
rity tweak for ICAST_INTEGER_MULTIPLY_CAST_TO_LONG |
413 <li>Priority tweak for ICAST_INTEG
ER_MULTIPLY_CAST_TO_LONG | 696
(only low priority if multiplying by 1000)</li> |
414 (only low priority if multiply
ing by 1000)</li> | 697 <li>Impr
oved tracking of fields across method calls</li> |
415 <li>Improved tracking of fields ac
ross method calls</li> | 698 </ul> |
416 </ul> | 699 </li> |
417 <li>Fixes:</li> | 700 <li>Fixes: |
418 <ul> | 701 <ul> |
419 <li>[ 1941450 ] DLS_DEAD_LOCAL_STO
RE not reported</li> | 702 <li>[ 19
41450 ] DLS_DEAD_LOCAL_STORE not reported</li> |
420 <li>[ 1953323 ] Omitted break stat
ement in SynchronizeAndNullCheckField</li> | 703 <li>[ 19
53323 ] Omitted break statement in |
421 <li>[ 1942620 ] Source Directories
selection dialog interface confusion (partial)</li> | 704
SynchronizeAndNullCheckField</li> |
422 <li>[ 1948275 ] Unhelpful "Load of
known null"</li> | 705 <li>[ 19
42620 ] Source Directories selection dialog |
423 <li>[ 1933922 ] MWM error in findb
ugs</li> | 706
interface confusion (partial)</li> |
424 <li>[ 1934772 ] 1.3.3 appears to r
ely on JDK 1.6, JNLP still specifies 1.5</li> | 707 <li>[ 19
48275 ] Unhelpful "Load of known null"</li> |
425 <li>[ 1933945 ] -loadbugs doesn't
work</li> | 708 <li>[ 19
33922 ] MWM error in findbugs</li> |
426 <li>Fixed problems for class names
starting with '$'</li> | 709 <li>[ 19
34772 ] 1.3.3 appears to rely on JDK 1.6, JNLP |
427 <li>Fixed bugs and incomplete hand
ling of annotations in | 710
still specifies 1.5</li> |
428 VersionInsensitiveBugComparato
r</li> | 711 <li>[ 19
33945 ] -loadbugs doesn't work</li> |
429 </ul> | 712 <li>Fixe
d problems for class names starting with '$'</li> |
430 <li>Patches:</li> | 713 <li>Fixe
d bugs and incomplete handling of annotations in |
431 <ul> | 714
VersionInsensitiveBugComparator</li> |
432 <li>[ 1955106 ] Javadoc fixes</li> | 715 </ul> |
433 <li>[ 1951930 ] Superfluous import
statements (thanks to Jerry James)</li> | 716 </li> |
434 <li>[ 1951907 ] Missing @Deprecate
d annotations (thanks to Jerry James)</li> | 717 <li>Patches: |
435 <li>[ 1951876 ] Infonode Docking W
indows compile fix (thanks to Jerry James)</li> | 718 <ul> |
436 <li>[ 1936055 ] bugfix for findbug
s.de.comment not working (thanks to Peter Fokkinga) | 719 <li>[ 19
55106 ] Javadoc fixes</li> |
437 </ul> | 720 <li>[ 19
51930 ] Superfluous import statements (thanks to |
438 </ul> | 721
Jerry James)</li> |
439 <li>FindBugs BlueJ plugin</li> | 722 <li>[ 19
51907 ] Missing @Deprecated annotations (thanks to |
440 <ul> | 723
Jerry James)</li> |
441 <li>Updated to use FindBugs 1.3.4 (f
irst new release since 1.1.3)</li> | 724 <li>[ 19
51876 ] Infonode Docking Windows compile fix |
442 </ul> | 725
(thanks to Jerry James)</li> |
443 </ul> | 726 <li>[ 19
36055 ] bugfix for findbugs.de.comment not working |
444 | 727
(thanks to Peter Fokkinga) |
445 <p> Changes since version 1.3.2</p> | 728 </ul> |
446 | 729 </li> |
447 <ul> | 730 </ul> |
448 <li>FindBugs base</li> | 731 <li>FindBugs BlueJ plugin |
449 <ul> | 732 <ul> |
450 <li>New Detectors:</li> | 733 <li>Updated to use FindB
ugs 1.3.4 (first new release since |
451 <ul> | 734 1.1.3)</li> |
452 <li>FieldItemSummary: Produces sum
mary information | 735 </ul> |
453 for what is stored into fields </li> | 736 </li> |
454 <li>SynchronizeOnClassLiteralNotGe
tClass: Look for | 737 </ul> |
455 code that synchronizes on the results of get
Class | 738 |
456 rather than on class literals</li> | 739 <p>Changes since version 1.3.2</p> |
457 <li>SynchronizingOnContentsOfField
ToProtectField: This | 740 |
458 detector looks for code that s
eems to be | 741 <ul> |
459 synchronizing on a field in or
der to guard updates | 742 <li>FindBugs base |
460 of that field </li> | 743 <ul> |
461 </ul> | 744 <li>New Detectors: |
462 <li>New BugCode:</li> | 745 <ul> |
463 <ul> | 746 <li>Fiel
dItemSummary: Produces summary information for |
464 <li> HRS: HTTP Response splitting
vulnerability </li> | 747
what is stored into fields</li> |
465 <li> WL: Possible locking on wrong
object </li> | 748 <li>Sync
hronizeOnClassLiteralNotGetClass: Look for code |
466 </ul> | 749
that synchronizes on the results of getClass rather than on |
467 <li>New Reports:</li> | 750
class literals</li> |
468 <ul> | 751 <li>Sync
hronizingOnContentsOfFieldToProtectField: This |
469 <li>DMI_CONSTANT_DB_PASSWORD: | 752
detector looks for code that seems to be synchronizing on a |
470 This code creates a database c
onnect using a hard coded, constant password </li> | 753
field in order to guard updates of that field</li> |
471 <li>HRS_REQUEST_PARAMETER_TO_COOKI
E: | 754 </ul> |
472 HTTP cookie formed from untrus
ted input </li> | 755 </li> |
473 <li>HRS_REQUEST_PARAMETER_TO_HTTP_
HEADER: | 756 <li>New BugCode: |
474 HTTP parameter directly writte
n to HTTP header output </li> | 757 <ul> |
475 <li>CN_IMPLEMENTS_CLONE_BUT_NOT_CL
ONEABLE: | 758 <li>HRS:
HTTP Response splitting vulnerability</li> |
476 Class defines clone() but does
n't implement Cloneable </li> | 759 <li>WL:
Possible locking on wrong object</li> |
477 <li>DL_SYNCHRONIZATION_ON_BOXED_PR
IMITIVE: | 760 </ul> |
478 Synchronization on boxed primi
tive could lead to deadlock </li> | 761 </li> |
479 <li> DL_SYNCHRONIZATION_ON_BOOLEAN
: | 762 <li>New Reports: |
480 Synchronization on Boolean cou
ld lead to deadlock </li> | 763 <ul> |
481 <li> ML_SYNC_ON_FIELD_TO_GUARD_CHA
NGING_THAT_FIELD: | 764 <li>DMI_
CONSTANT_DB_PASSWORD: This code creates a database |
482 Synchronization on field in fu
tile attempt to guard that field </li> | 765
connect using a hard coded, constant password</li> |
483 <li> DLS_DEAD_LOCAL_STORE_IN_RETUR
N: | 766 <li>HRS_
REQUEST_PARAMETER_TO_COOKIE: HTTP cookie formed |
484 Useless assignment in return s
tatement </li> | 767
from untrusted input</li> |
485 <li> WL_USING_GETCLASS_RATHER_THAN
_CLASS_LITERAL: | 768 <li>HRS_
REQUEST_PARAMETER_TO_HTTP_HEADER: HTTP parameter |
486 Synchronization on getClass ra
ther than class literal </li> | 769
directly written to HTTP header output</li> |
487 </ul> | 770 <li>CN_I
MPLEMENTS_CLONE_BUT_NOT_CLONEABLE: Class defines |
488 <li>Other:</li> | 771
clone() but doesn't implement Cloneable</li> |
489 <ul> | 772 <li>DL_S
YNCHRONIZATION_ON_BOXED_PRIMITIVE: Synchronization |
490 <li>Many enhancements to cross-sit
e scripting detector and its documentation</li> | 773
on boxed primitive could lead to deadlock</li> |
491 <li> Enhanced switch fall through
handling </li> | 774 <li>DL_S
YNCHRONIZATION_ON_BOOLEAN: Synchronization on |
492 <li> Enhanced unread field handlin
g (look for IF_ACMPEQ and IF_ACMPNE) </li> | 775
Boolean could lead to deadlock</li> |
493 <li> Clarified documentation for @
Nullable in manual </li> | 776 <li>ML_S
YNC_ON_FIELD_TO_GUARD_CHANGING_THAT_FIELD: |
494 <li> Fewer DeadLocalStore false po
sitives </li> | 777
Synchronization on field in futile attempt to guard that field |
495 <li> Fewer UnreadField false posit
ives </li> | 778 </li> |
496 <li> Fewer StaticCalendarDetector
false positives </li> | 779 <li>DLS_
DEAD_LOCAL_STORE_IN_RETURN: Useless assignment in |
497 <li> Performance fix for slow file
system IO e.g. Clearcase repositories (thanks, Andrei!) </li> | 780
return statement</li> |
498 <li> Other, general performance en
hancements (thanks, Andrei!) </li> | 781 <li>WL_U
SING_GETCLASS_RATHER_THAN_CLASS_LITERAL: |
499 <li> Enhancements for using FindBu
gs scripts with MKS on Windows (thanks, Kelly O'Hair!) </li> | 782
Synchronization on getClass rather than class literal</li> |
500 <li> Noted in the manual that jsr3
05.jar must be present for annotations to compile </li> | 783 </ul> |
501 <li> Added and fine-tuned default-
nullness annotations </li> | 784 </li> |
502 <li> More CWE IDs added </li> | 785 <li>Other: |
503 <li> Check and warning for unexpec
ted BCEL version in classpath </li> | 786 <ul> |
504 </ul> | 787 <li>Many
enhancements to cross-site scripting detector and |
505 <li>Fixes:</li> | 788
its documentation</li> |
506 <ul> | 789 <li>Enha
nced switch fall through handling</li> |
507 <li>Bug fix to handling of local v
ariable tables in BCEL</li> | 790 <li>Enha
nced unread field handling (look for IF_ACMPEQ and |
508 <li>Refined documentation for MTIA
_SUSPECT_STRUTS_INSTANCE_FIELD</li> | 791
IF_ACMPNE)</li> |
509 <li>[ 1927295 ] NPE when called on
project root</li> | 792 <li>Clar
ified documentation for @Nullable in manual</li> |
510 <li>[ 1926405 ] Incorrect dead sto
re warning</li> | 793 <li>Fewe
r DeadLocalStore false positives</li> |
511 <li>[ 1926409 ] Incorrect redundan
t nullcheck warning</li> | 794 <li>Fewe
r UnreadField false positives</li> |
512 <li>[ 1926389 ] Wrong line number
printed/highlighted in bug</li> | 795 <li>Fewe
r StaticCalendarDetector false positives</li> |
513 <li>[ 1927040 ] typo in bug descri
ption</li> | 796 <li>Perf
ormance fix for slow file system IO e.g. Clearcase |
514 <li>[ 1926263 ] Minor glitch in HT
ML output</li> | 797
repositories (thanks, Andrei!)</li> |
515 <li>[ 1926240 ] Minor error in sta
ndard options in manual</li> | 798 <li>Othe
r, general performance enhancements (thanks, |
516 <li>[ 1926236 ] Minor bug in insta
llation section of manual</li> | 799
Andrei!)</li> |
517 <li>[ 1925539 ] ZIP is default fil
e system code base</li> | 800 <li>Enha
ncements for using FindBugs scripts with MKS on |
518 <li>[ 1894701 ] Livelock / memory
leak in ObjectTypeFactory (thanks, Andrei!)</li> | 801
Windows (thanks, Kelly O'Hair!)</li> |
519 <li>[ 1867491 ] Doesn't reload ann
otations after code changes in IDE (thanks, Andrei!)</li> | 802 <li>Note
d in the manual that jsr305.jar must be present |
520 <li>[ 1921399 ] -project option no
t supported</li> | 803
for annotations to compile</li> |
521 <li>[ 1913834 ] "Dead" store to va
riable with method call</li> | 804 <li>Adde
d and fine-tuned default-nullness annotations</li> |
522 <li>[ 1917352 ] H B se:...field in
serializable class</li> | 805 <li>More
CWE IDs added</li> |
523 <li>[ 1911617 ] CloneIdiom relies
on getNameConstantOperand for INSTANCEOF</li> | 806 <li>Chec
k and warning for unexpected BCEL version in |
524 <li>[ 1911620 ] False +: DLS prede
crement before return</li> | 807
classpath</li> |
525 <li>[ 1871376 ] False negative: no
n-serializable Map field</li> | 808 </ul> |
526 <li>[ 1871051 ] non standard clone
() method</li> | 809 </li> |
527 <li>[ 1908854 ] Error in TestASM</
li> | 810 <li>Fixes: |
528 <li>[ 1907539 ] 22 minor errors in
bug checker documentation</li> | 811 <ul> |
529 <li>[ 1897323 ] EJB implementation
class false positives</li> | 812 <li>Bug
fix to handling of local variable tables in BCEL</li> |
530 <li>[ 1899648 ] Crash on startup o
n Vista with Java 1.6.0_04</li> | 813 <li>Refi
ned documentation for |
531 </ul> | 814
MTIA_SUSPECT_STRUTS_INSTANCE_FIELD</li> |
532 </ul> | 815 <li>[ 19
27295 ] NPE when called on project root</li> |
533 <li>FindBugs Eclipse plugin (change lo
g by Andrey Loskutov)</li> | 816 <li>[ 19
26405 ] Incorrect dead store warning</li> |
534 <ul> | 817 <li>[ 19
26409 ] Incorrect redundant nullcheck warning</li> |
535 <li> new feature: export basic FindB
ugs numbers for projects via File->Export->Java->BugCounts (Andrey Losk
utov) </li> | 818 <li>[ 19
26389 ] Wrong line number printed/highlighted in |
536 <li> new feature: jobs for different
projects will be run in parallel per default if running on a | 819
bug</li> |
537 multi-core PC ("fb.allowParallelBuild" system prope
rty not used anymore) (Andrey Loskutov) </li> | 820 <li>[ 19
27040 ] typo in bug description</li> |
538 <li> fixed performance slowdown in t
he multi-threaded build, caused by workspace operation locks during | 821 <li>[ 19
26263 ] Minor glitch in HTML output</li> |
539 assigning marker attributes (Andrey Loskutov)</li> | 822 <li>[ 19
26240 ] Minor error in standard options in manual</li> |
540 </ul> | 823 <li>[ 19
26236 ] Minor bug in installation section of |
541 </ul> | 824
manual</li> |
542 | 825 <li>[ 19
25539 ] ZIP is default file system code base</li> |
543 <p> Changes since version 1.3.1</p> | 826 <li>[ 18
94701 ] Livelock / memory leak in |
544 | 827
ObjectTypeFactory (thanks, Andrei!)</li> |
545 <ul> | 828 <li>[ 18
67491 ] Doesn't reload annotations after code |
546 <li>FindBugs base</li> | 829
changes in IDE (thanks, Andrei!)</li> |
547 <ul> | 830 <li>[ 19
21399 ] -project option not supported</li> |
548 <li>New Bug Category:</li> | 831 <li>[ 19
13834 ] "Dead" store to variable with method call</li> |
549 <ul> | 832 <li>[ 19
17352 ] H B se:...field in serializable class</li> |
550 <li>SECURITY (Abbrev: S), A use of
untrusted input in | 833 <li>[ 19
11617 ] CloneIdiom relies on |
551 a way that could create a remo
tely exploitable | 834
getNameConstantOperand for INSTANCEOF</li> |
552 security vulnerability</li> | 835 <li>[ 19
11620 ] False +: DLS predecrement before return</li> |
553 </ul> | 836 <li>[ 18
71376 ] False negative: non-serializable Map field</li> |
554 <li>New Detectors:</li> | 837 <li>[ 18
71051 ] non standard clone() method</li> |
555 <ul> | 838 <li>[ 19
08854 ] Error in TestASM</li> |
556 <li>CrossSiteScripting: This detec
tor looks for | 839 <li>[ 19
07539 ] 22 minor errors in bug checker |
557 obvious/blatant cases of cross
site scripting | 840
documentation</li> |
558 vulnerabilities</li> | 841 <li>[ 18
97323 ] EJB implementation class false positives</li> |
559 </ul> | 842 <li>[ 18
99648 ] Crash on startup on Vista with Java |
560 <li>New BugCode:</li> | 843
1.6.0_04</li> |
561 <ul> | 844 </ul> |
562 <li>XSS: Cross site scripting</li> | 845 </li> |
563 </ul> | 846 </ul> |
564 <li>New Reports:</li> | 847 </li> |
565 <ul> | 848 <li>FindBugs Eclipse plugin (change log
by Andrey Loskutov) |
566 <li>XSS_REQUEST_PARAMETER_TO_SERVL
ET_WRITER: HTTP | 849 <ul> |
567 parameter directly written to
Servlet output, | 850 <li>new feature: export
basic FindBugs numbers for projects |
568 giving XSS vulnerability</li> | 851 via File->Exp
ort->Java->BugCounts (Andrey Loskutov)</li> |
569 <li>XSS_REQUEST_PARAMETER_TO_JSP_W
RITER: HTTP | 852 <li>new feature: jobs fo
r different projects will be run in |
570 parameter directly written to
JSP output, giving | 853 parallel per def
ault if running on a multi-core PC |
571 XSS vulnerability</li> | 854 ("fb.allowParall
elBuild" system property not used anymore) |
572 <li>EQ_OTHER_USE_OBJECT: equals()
method defined that | 855 (Andrey Loskutov
)</li> |
573 doesn't override Object.equals
(Object)</li> | 856 <li>fixed performance sl
owdown in the multi-threaded build, |
574 <li>EQ_OTHER_NO_OBJECT: equals() m
ethod inherits | 857 caused by worksp
ace operation locks during assigning marker |
575 rather than overrides equals(O
bject)</li> | 858 attributes (Andr
ey Loskutov)</li> |
576 <li>NP_NULL_ON_SOME_PATH_MIGHT_BE_
INFEASIBLE: | 859 </ul> |
577 Possible null pointer derefere
nce on path that | 860 </li> |
578 might be infeasible</li> | 861 </ul> |
579 </ul> | 862 |
580 <li>Other:</li> | 863 <p>Changes since version 1.3.1</p> |
581 <ul> | 864 |
582 <li>Added -noClassOk command-line
parameter to | 865 <ul> |
583 command-line and ant interfaces
; when -noClassOk | 866 <li>FindBugs base |
584 is specified and no classfiles
are given, FindBugs | 867 <ul> |
585 will print a warning message an
d output a well- | 868 <li>New Bug Category: |
586 formed file with no warnings</l
i> | 869 <ul> |
587 <li>Fewer false positives for null
pointer bugs</li> | 870 <li>SECU
RITY (Abbrev: S), A use of untrusted input in a |
588 <li>Suppress dead-local-store fals
e positives in .jsp | 871
way that could create a remotely exploitable security |
589 code</li> | 872
vulnerability</li> |
590 <li>Type fixes in warning messages
</li> | 873 </ul> |
591 <li>Better warning message for | 874 </li> |
592 NP_NULL_ON_SOME_PATH</li> | 875 <li>New Detectors: |
593 <li>"WMI" bug code description ren
amed from "Wrong | 876 <ul> |
594 Map Iterator" to "Inefficient
Map Iterator"</li> | 877 <li>Cros
sSiteScripting: This detector looks for |
595 </ul> | 878
obvious/blatant cases of cross site scripting vulnerabilities</li> |
596 <li>Fixes:</li> | 879 </ul> |
597 <ul> | 880 </li> |
598 <li>[ 1893048 ] FindBugs confused
by a findbugs.xml file</li> | 881 <li>New BugCode: |
599 <li>[ 1878528 ] XSL xforms don't s
upport history features</li> | 882 <ul> |
600 <li>[ 1876584 ] two default.xsl fl
aws</li> | 883 <li>XSS:
Cross site scripting</li> |
601 <li>[ 1874856 ] Format string bug
detector doesn't handle special operators</li> | 884 </ul> |
602 <li>[ 1872645 ] computeBugHistory
- java.lang.IllegalArgumentException</li> | 885 </li> |
603 <li>[ 1872237 ] Ant task fails whe
n no .class files</li> | 886 <li>New Reports: |
604 <li>[ 1868670 ] Filters: include A
ND exclude don't allowed</li> | 887 <ul> |
605 <li>[ 1868666 ] check-for-oddness
reported, but array length can never be negative</li> | 888 <li>XSS_
REQUEST_PARAMETER_TO_SERVLET_WRITER: HTTP |
606 <li>[ 1866108 ] SetBugDatabaseInfo
Task strips dir from output filename</li> | 889
parameter directly written to Servlet output, giving XSS |
607 <li>[ 1866021 ] MineBugHistoryTask
strips dir of output filename</li> | 890
vulnerability</li> |
608 <li>[ 1865265 ] code doesn't handl
e StringBuffer.append([CII) right</li> | 891 <li>XSS_
REQUEST_PARAMETER_TO_JSP_WRITER: HTTP parameter |
609 <li>[ 1864793 ] Warning when casti
ng a null reference compared to a String</li> | 892
directly written to JSP output, giving XSS vulnerability</li> |
610 <li>[ 1863376 ] Typo in manual cha
p 8: Filter Files</li> | 893 <li>EQ_O
THER_USE_OBJECT: equals() method defined that |
611 <li>[ 1862705 ] Transient fields t
hat default to null</li> | 894
doesn't override Object.equals(Object)</li> |
612 <li>[ 1842545 ] DLS on catch varia
ble (with priority tweaking)</li> | 895 <li>EQ_O
THER_NO_OBJECT: equals() method inherits rather |
613 <li>[ 1816258 ] false positive BC_
IMPOSSIBLE_CAST</li> | 896
than overrides equals(Object)</li> |
614 <li>[ 1551732 ] Get erroneous DLS
with while loop</li> | 897 <li>NP_N
ULL_ON_SOME_PATH_MIGHT_BE_INFEASIBLE: Possible |
615 </ul> | 898
null pointer dereference on path that might be infeasible</li> |
616 </ul> | 899 </ul> |
617 <li>FindBugs Eclipse plugin (change lo
g by Andrey Loskutov)</li> | 900 </li> |
618 <ul> | 901 <li>Other: |
619 <li>new feature: added Bug explorer
view (replacing Bug tree view), based on Common Navigator framework (Andrey Losk
utov)</li> | 902 <ul> |
620 <li>bug 1873860 fixed: empty project
s are no longer shown in Bug tree view (Andrey Loskutov)</li> | 903 <li>Adde
d -noClassOk command-line parameter to |
621 <li>new feature: bug counts decorato
rs for projects, folders and files (has to be activated | 904
command-line and ant interfaces; when -noClassOk is specified |
622 via Preferences -> general -> appearance ->
label decorations)(Andrey Loskutov)</li> | 905
and no classfiles are given, FindBugs will print a warning |
623 <li>patch 1746499: better icons (Ale
ssandro Nistico)</li> | 906
message and output a well- formed file with no warnings</li> |
624 <li>patch 1893685: Find bug actions
on change sets bug (Alessandro Nistico)</li> | 907 <li>Fewe
r false positives for null pointer bugs</li> |
625 <li>fixed bug 1855384: Bug configura
tion is broken in Eclipse (Andrey Loskutov)</li> | 908 <li>Supp
ress dead-local-store false positives in .jsp code</li> |
626 <li>refactored FindBugs properties p
age (Andrey Loskutov)</li> | 909 <li>Type
fixes in warning messages</li> |
627 <li>refactored FindBugs worker/build
er/run action (Andrey Loskutov)</li> | 910 <li>Bett
er warning message for NP_NULL_ON_SOME_PATH</li> |
628 <li>FB detects now only bugs from cl
asses on project's classpath (no double work on | 911 <li>"WMI
" bug code description renamed from "Wrong Map |
629 duplicated class files) (Andrey Loskutov)</li> | 912
Iterator" to "Inefficient Map Iterator"</li> |
630 <li>fixed bug introduced by the bad
patch for 1867951: FB cannot be executed incrementally | 913 </ul> |
631 on a folder of file (Andrey Loskutov)</li> | 914 </li> |
632 <li>fixed job rule: now jobs for dif
ferent projects may run in parallel if running on a | 915 <li>Fixes: |
633 multi-core PC and "fb.allowParallelBuild" system pro
perty is set to true (Andrey Loskutov)</li> | 916 <ul> |
634 <li>fixed FB auto-build not started
if .fbprefs or .classpath was changed (Andrey Loskutov)</li> | 917 <li>[ 18
93048 ] FindBugs confused by a findbugs.xml file</li> |
635 <li>fixed not reporting bugs on seco
ndary types (classes defined in java files with | 918 <li>[ 18
78528 ] XSL xforms don't support history features</li> |
636 different name) (Andrey Loskutov
) </li> | 919 <li>[ 18
76584 ] two default.xsl flaws</li> |
637 </ul> | 920 <li>[ 18
74856 ] Format string bug detector doesn't handle |
638 </ul> | 921
special operators</li> |
639 | 922 <li>[ 18
72645 ] computeBugHistory - |
640 <p> Changes since version 1.3.0</p> | 923
java.lang.IllegalArgumentException</li> |
641 <ul> | 924 <li>[ 18
72237 ] Ant task fails when no .class files</li> |
642 <li>New Reports</li> | 925 <li>[ 18
68670 ] Filters: include AND exclude don't allowed</li> |
643 <ul> | 926 <li>[ 18
68666 ] check-for-oddness reported, but array |
644 <li>VA_FORMAT_STRING_ARG_MISMATCH: | 927
length can never be negative</li> |
645 A format-string method with a va
riable number of arguments is called, | 928 <li>[ 18
66108 ] SetBugDatabaseInfoTask strips dir from |
646 but the number of arguments passed does not match wi
th the number of | 929
output filename</li> |
647 % placeholders in the format string. This is probab
ly not what the | 930 <li>[ 18
66021 ] MineBugHistoryTask strips dir of output |
648 author intended. | 931
filename</li> |
649 <li>IO_APPENDING_TO_OBJECT_OUTPUT_STREAM: | 932 <li>[ 18
65265 ] code doesn't handle |
650 This code opens a file in append mode and that wraps
the result in an object output stream. | 933
StringBuffer.append([CII) right</li> |
651 This won't allow you to append to an existing object
output stream stored in a file. If you want to be | 934 <li>[ 18
64793 ] Warning when casting a null reference |
652 able to append to an object output stream, you need
to keep the object output stream open. | 935
compared to a String</li> |
653 The only situation in which opening a file in append
mode and the writing an object output stream | 936 <li>[ 18
63376 ] Typo in manual chap 8: Filter Files</li> |
654 could work is if on reading the file you plan to ope
n it in random access mode and seek to the byte offset | 937 <li>[ 18
62705 ] Transient fields that default to null</li> |
655 where the append started. | 938 <li>[ 18
42545 ] DLS on catch variable (with priority |
656 <li>NP_BOOLEAN_RETURN_NULL: | 939
tweaking)</li> |
657 A method that returns either Boolean.TRUE, Boolean.F
ALSE or null is an accident waiting to happen. | 940 <li>[ 18
16258 ] false positive BC_IMPOSSIBLE_CAST</li> |
658 This method can be invoked as though it returned a v
alue of type boolean, and | 941 <li>[ 15
51732 ] Get erroneous DLS with while loop</li> |
659 the compiler will insert automatic unboxing of the B
oolean value. If a null value is returned, | 942 </ul> |
660 this will result in a NullPointerException. | 943 </li> |
661 </ul> | 944 </ul> |
662 <li>Changes to Existing Reports</li> | 945 </li> |
663 <ul> | 946 <li>FindBugs Eclipse plugin (change log
by Andrey Loskutov) |
664 <li>RV_DONT_JUST_NULL_CHECK_READLINE:
CORRECTNESS -> STYLE</li> | 947 <ul> |
665 <li>DMI_INVOKING_TOSTRING_ON_ARRAY: Lo
ng description mentions array name whenever possible</li> | 948 <li>new feature: added B
ug explorer view (replacing Bug tree |
666 </ul> | 949 view), based on
Common Navigator framework (Andrey Loskutov)</li> |
667 <li>Fixes:</li> | 950 <li>bug 1873860 fixed: e
mpty projects are no longer shown in |
668 <ul> | 951 Bug tree view (A
ndrey Loskutov)</li> |
669 <li>Updated manual to mention that Java
1.5 is now a requirement for running FindBugs | 952 <li>new feature: bug cou
nts decorators for projects, folders |
670 <li>Applied patch 1840206 fixing issue "
Ant task does not work when presetdef is used" - thanks to phejl | 953 and files (has t
o be activated via Preferences -> general |
671 <li>Applied patch 1778690 fixing issue "
Ant task: tolerate but complain about invalid auxClasspath" - thanks to David Sc
hmidt | 954 -> appearance
-> label decorations)(Andrey Loskutov)</li> |
672 <li>Applied patch 1852125 adding a Chine
se-language GUI bundle props file - thanks to fifi | 955 <li>patch 1746499: bette
r icons (Alessandro Nistico)</li> |
673 <li>Applied patch 1845903 adding ability
to load XML results with the Eclipse plugin - thanks to Alex Mont | 956 <li>patch 1893685: Find
bug actions on change sets bug |
674 <li>Fixed issue 1844671 - "FP for "rever
sed" null check in catch for stream close" | 957 (Alessandro Nist
ico)</li> |
675 <li>Fixed issue 1836050 - "-onlyAnalyze
broken" | 958 <li>fixed bug 1855384: B
ug configuration is broken in |
676 <li>Fixed issue 1853011 - "Typo: Field n
ames should start with aN lower case letter" | 959 Eclipse (Andrey
Loskutov)</li> |
677 <li>Fixed issue 1844181 - "JNLP file doe
s not contain all necessary JARs" | 960 <li>refactored FindBugs
properties page (Andrey Loskutov)</li> |
678 <li>Fixed issue 1840245 - "xxxException
class does not derive from Exception" | 961 <li>refactored FindBugs
worker/builder/run action (Andrey |
679 <li>Fixed issue 1840277 - "[M D EC] Typo
in bug documentation" | 962 Loskutov)</li> |
680 <li>Fixed issue 1782447 - "OutOfMemoryEr
ror if i activate Findbugs on my project" | 963 <li>FB detects now only
bugs from classes on project's |
681 <li>Fixed issue 1830576 - "[regression]
keySet/entrySet false positive" | 964 classpath (no do
uble work on duplicated class files) (Andrey |
682 </ul> | 965 Loskutov)</li> |
683 <li>Other:</li> | 966 <li>fixed bug introduced
by the bad patch for 1867951: FB |
684 <ul> | 967 cannot be execut
ed incrementally on a folder of file (Andrey |
685 <li>New bug code: "IO" (for IO_APPENDING
_TO_OBJECT_OUTPUT_STREAM)</li> | 968 Loskutov)</li> |
686 <li>Added "-onlyMostRecent" option for c
omputeBugHistory script/ant task | 969 <li>fixed job rule: now
jobs for different projects may run |
687 <li>More explicit language in RV_RETURN_
VALUE_IGNORED_BAD_PRACTICE messages | 970 in parallel if r
unning on a multi-core PC and |
688 <li>Modified ResourceValueAnalysis to co
rrectly identify null == X or null != X as a null check (for issue 1844671) | 971 "fb.allowParalle
lBuild" system property is set to true (Andrey |
689 <li>Modified DMI_HARDCODED_ABSOLUTE_FILE
NAME logic in DumbMethodInvocations to ignore files from /etc or /dev and increa
se priority of files from /home | 972 Loskutov)</li> |
690 <li>Better bug details for infinite loop
warnings | 973 <li>fixed FB auto-build
not started if .fbprefs or |
691 <li>Modified unread-fields detector to r
educe false positives from reflective fields | 974 .classpath was c
hanged (Andrey Loskutov)</li> |
692 <li>build.xml "classes" target now build
s all sources in one step | 975 <li>fixed not reporting
bugs on secondary types (classes |
693 </ul> | 976 defined in java
files with different name) (Andrey Loskutov)</li> |
694 </ul> | 977 </ul> |
695 | 978 </li> |
696 <p> Changes since version 1.2.1</p> | 979 </ul> |
697 <ul> | 980 |
698 <li>New Detectors and Reports</li> | 981 <p>Changes since version 1.3.0</p> |
699 <ul> | 982 <ul> |
700 <li>SynchronizationOnSharedBuiltinCons
tant</li> | 983 <li>New Reports |
701 <ul> | 984 <ul> |
702 <li>DL_SYNCHRONIZATION_ON_SHARED_CON
STANT: | 985 <li>VA_FORMAT_STRING_ARG
_MISMATCH: A format-string method |
703 The code synchronizes on a share
d primitive | 986 with a variable
number of arguments is called, but the number of |
704 constant, such as an interned St
ring. Such | 987 arguments passed
does not match with the number of % |
705 constants are interned and share
d across all other | 988 placeholders in
the format string. This is probably not what the |
706 classes loaded by the JVM. Thus,
this could be | 989 author intended. |
707 locking on something that other
code might also be | 990 <li>IO_APPENDING_TO_OBJE
CT_OUTPUT_STREAM: This code opens a |
708 locking. This could result in ve
ry strange and hard | 991 file in append m
ode and that wraps the result in an object |
709 to diagnose blocking and deadloc
k behavior. See | 992 output stream. T
his won't allow you to append to an existing |
710 <a href="http://www.javalobby.or
g/java/forums/t96352.html">http://www.javalobby.org/java/forums/t96352.html</a> | 993 object output st
ream stored in a file. If you want to be able to |
711 and | 994 append to an obj
ect output stream, you need to keep the object |
712 <a href="http://jira.codehaus.or
g/browse/JETTY-352">http://jira.codehaus.org/browse/JETTY-352</a>. | 995 output stream op
en. The only situation in which opening a file |
713 </ul> | 996 in append mode a
nd the writing an object output stream could |
714 <li>OverridingEqualsNotSymmetrical</li
> | 997 work is if on re
ading the file you plan to open it in random |
715 <ul> | 998 access mode and
seek to the byte offset where the append |
716 <li>EQ_OVERRIDING_EQUALS_NOT_SYMMETR
IC: | 999 started. |
717 Looks for equals methods that overri
de equals | 1000 <li>NP_BOOLEAN_RETURN_NU
LL: A method that returns either |
718 methods in a superclass where the eq
uivalence | 1001 Boolean.TRUE, Bo
olean.FALSE or null is an accident waiting to |
719 relationship might not be symmetrica
l. | 1002 happen. This met
hod can be invoked as though it returned a value |
720 </ul> | 1003 of type boolean,
and the compiler will insert automatic unboxing |
721 <li>CheckTypeQualifiers</li> | 1004 of the Boolean v
alue. If a null value is returned, this will |
722 <ul> | 1005 result in a Null
PointerException. |
723 <li>TQ_ALWAYS_VALUE_USED_WHERE_NEVER
_REQUIRED: | 1006 </ul> |
724 A value specified as carrying a type
qualifier | 1007 </li> |
725 annotation is consumed in a location
or locations | 1008 <li>Changes to Existing Reports |
726 requiring that the value not carry t
hat annotation. | 1009 <ul> |
727 More precisely, a value annotated wi
th a type | 1010 <li>RV_DONT_JUST_NULL_CH
ECK_READLINE: CORRECTNESS -> |
728 qualifier specifying when=ALWAYS is
guaranteed to reach | 1011 STYLE</li> |
729 a use or uses where the same type qu
alifier specifies | 1012 <li>DMI_INVOKING_TOSTRIN
G_ON_ARRAY: Long description |
730 when=NEVER. | 1013 mentions array n
ame whenever possible</li> |
731 </li> | 1014 </ul> |
732 <li>TQ_NEVER_VALUE_USED_WHERE_ALWAYS
_REQUIRED: | 1015 </li> |
733 A value specified as not carrying a
type qualifier | 1016 <li>Fixes: |
734 annotation is guaranteed to be consu
med in a location | 1017 <ul> |
735 or locations requiring that the valu
e does carry that | 1018 <li>Updated manual to me
ntion that Java 1.5 is now a |
736 annotation. More precisely, a value
annotated with a | 1019 requirement for
running FindBugs |
737 type qualifier specifying when=NEVER
is guaranteed to | 1020 <li>Applied patch 184020
6 fixing issue "Ant task does not |
738 reach a use or uses where the same t
ype qualifier | 1021 work when preset
def is used" - thanks to phejl |
739 specifies when=ALWAYS. | 1022 <li>Applied patch 177869
0 fixing issue "Ant task: tolerate |
740 </li> | 1023 but complain abo
ut invalid auxClasspath" - thanks to David |
741 <li>TQ_MAYBE_SOURCE_VALUE_REACHES_AL
WAYS_SINK: | 1024 Schmidt |
742 A value that might not carry a type
qualifier | 1025 <li>Applied patch 185212
5 adding a Chinese-language GUI |
743 annotation reaches a use which requi
res that | 1026 bundle props fil
e - thanks to fifi |
744 annotation. | 1027 <li>Applied patch 184590
3 adding ability to load XML results |
745 </li> | 1028 with the Eclipse
plugin - thanks to Alex Mont |
746 <li>TQ_MAYBE_SOURCE_VALUE_REACHES_NE
VER_SINK: | 1029 <li>Fixed issue 1844671
- "FP for "reversed" null check in |
747 A value which might carry a type qua
lifier annotation | 1030 catch for stream
close" |
748 reaches a use which forbids values c
arrying that | 1031 <li>Fixed issue 1836050
- "-onlyAnalyze broken" |
749 annotation. | 1032 <li>Fixed issue 1853011
- "Typo: Field names should start |
750 </li> | 1033 with aN lower ca
se letter" |
751 </ul> | 1034 <li>Fixed issue 1844181
- "JNLP file does not contain all |
752 </ul> | 1035 necessary JARs" |
753 <li>New Reports (existing detectors)</li
> | 1036 <li>Fixed issue 1840245
- "xxxException class does not |
754 <ul> | 1037 derive from Exce
ption" |
755 <li>FindHEmismatch</li> | 1038 <li>Fixed issue 1840277
- "[M D EC] Typo in bug |
756 <ul> | 1039 documentation" |
757 <li>EQ_DOESNT_OVERRIDE_EQUALS: | 1040 <li>Fixed issue 1782447
- "OutOfMemoryError if i activate |
758 This class extends a class that defi
nes an equals | 1041 Findbugs on my p
roject" |
759 method and adds fields, but doesn't
define an equals | 1042 <li>Fixed issue 1830576
- "[regression] keySet/entrySet |
760 method itself. Thus, equality on ins
tances of this | 1043 false positive" |
761 class will ignore the identity of th
e subclass and the | 1044 </ul> |
762 added fields. Be sure this is what i
s intended, and | 1045 </li> |
763 that you don't need to override the
equals method. Even | 1046 <li>Other: |
764 if you don't need to override the eq
uals method, | 1047 <ul> |
765 consider overriding it anyway to doc
ument the fact that | 1048 <li>New bug code: "IO" (
for |
766 the equals method for the subclass j
ust return the | 1049 IO_APPENDING_TO_
OBJECT_OUTPUT_STREAM)</li> |
767 result of invoking super.equals(o). | 1050 <li>Added "-onlyMostRece
nt" option for computeBugHistory |
768 </li> | 1051 script/ant task |
769 </ul> | 1052 <li>More explicit langua
ge in |
770 <li>Naming | 1053 RV_RETURN_VALUE_
IGNORED_BAD_PRACTICE messages |
771 <ul> | 1054 <li>Modified ResourceVal
ueAnalysis to correctly identify |
772 <li>NM_WRONG_PACKAGE, NM_WRONG_PACKA
GE_INTENTIONAL: | 1055 null == X or nul
l != X as a null check (for issue 1844671) |
773 The method in the subclass doesn't o
verride a similar | 1056 <li>Modified DMI_HARDCOD
ED_ABSOLUTE_FILENAME logic in |
774 method in a superclass because the t
ype of a parameter | 1057 DumbMethodInvoca
tions to ignore files from /etc or /dev and |
775 doesn't exactly match the type of th
e corresponding | 1058 increase priorit
y of files from /home |
776 parameter in the superclass. | 1059 <li>Better bug details f
or infinite loop warnings |
777 </li> | 1060 <li>Modified unread-fiel
ds detector to reduce false |
778 <li>NM_SAME_SIMPLE_NAME_AS_SUPERCLAS
S: | 1061 positives from r
eflective fields |
779 This class has a simple name that is
identical to that | 1062 <li>build.xml "classes"
target now builds all sources in one |
780 of its superclass, except that its s
uperclass is in a | 1063 step |
781 different package (e.g., <code>alpha
.Foo</code> | 1064 </ul> |
782 extends <code>beta.Foo</code>). Thi
s can be | 1065 </li> |
783 exceptionally confusing, create lots
of situations in | 1066 </ul> |
784 which you have to look at import sta
tements to resolve | 1067 |
785 references and creates many opportun
ities to | 1068 <p>Changes since version 1.2.1</p> |
786 accidently define methods that do no
t override methods | 1069 <ul> |
787 in their superclasses. | 1070 <li>New Detectors and Reports |
788 </li> | 1071 <ul> |
789 <li>NM_SAME_SIMPLE_NAME_AS_INTERFACE
: | 1072 <li>SynchronizationOnSha
redBuiltinConstant |
790 This class/interface has a simple na
me that is | 1073 <ul> |
791 identical to that of an implemented/
extended | 1074 <li>DL_S
YNCHRONIZATION_ON_SHARED_CONSTANT: The code |
792 interface, except that the interface
is in a different | 1075
synchronizes on a shared primitive constant, such as an |
793 package (e.g., <code>alpha.Foo</code
> extends | 1076
interned String. Such constants are interned and shared across |
794 <code>beta.Foo</code>). This can be
exceptionally | 1077
all other classes loaded by the JVM. Thus, this could be |
795 confusing, create lots of situations
in which you have | 1078
locking on something that other code might also be locking. |
796 to look at import statements to reso
lve references and | 1079
This could result in very strange and hard to diagnose |
797 creates many opportunities to accide
ntly define methods | 1080
blocking and deadlock behavior. See <a |
798 that do not override methods in thei
r superclasses. | 1081
href="http://www.javalobby.org/java/forums/t96352.html">http://www.javalobby.org
/java/forums/t96352.html</a> |
799 </li> | 1082
and <a href="http://jira.codehaus.org/browse/JETTY-352">http://jira.codehaus.org
/browse/JETTY-352</a>. |
800 </ul> | 1083 |
801 <li>FindRefComparison</li> | 1084 </ul> |
802 <ul> | 1085 </li> |
803 <li>EC_UNRELATED_TYPES_USING_POINTER
_EQUALITY: | 1086 <li>OverridingEqualsNotS
ymmetrical |
804 This method uses using pointer equal
ity to compare two | 1087 <ul> |
805 references that seem to be of differ
ent types. The | 1088 <li>EQ_O
VERRIDING_EQUALS_NOT_SYMMETRIC: Looks for equals |
806 result of this comparison will alway
s be false at | 1089
methods that override equals methods in a superclass where the |
807 runtime. | 1090
equivalence relationship might not be symmetrical. |
808 </li> | 1091 </ul> |
809 </ul> | 1092 </li> |
810 <li>IncompatMask</li> | 1093 <li>CheckTypeQualifiers |
811 <ul> | 1094 <ul> |
812 <li>BIT_SIGNED_CHECK, BIT_SIGNED_CHE
CK_HIGH_BIT: | 1095 <li>TQ_A
LWAYS_VALUE_USED_WHERE_NEVER_REQUIRED: A value |
813 This method compares an expression s
uch as | 1096
specified as carrying a type qualifier annotation is consumed |
814 <tt>((event.detail & SWT.SELECTE
D) > 0)</tt>. Using | 1097
in a location or locations requiring that the value not carry |
815 bit arithmetic and then comparing wi
th the greater than | 1098
that annotation. More precisely, a value annotated with a type |
816 operator can lead to unexpected resu
lts (of course | 1099
qualifier specifying when=ALWAYS is guaranteed to reach a use |
817 depending on the value of SWT.SELECT
ED). If | 1100
or uses where the same type qualifier specifies when=NEVER.</li> |
818 SWT.SELECTED is a negative number, t
his is a candidate | 1101 <li>TQ_N
EVER_VALUE_USED_WHERE_ALWAYS_REQUIRED: A value |
819 for a bug. Even when SWT.SELECTED is
not negative, it | 1102
specified as not carrying a type qualifier annotation is |
820 seems good practice to use '!= 0' in
stead of '> 0'. | 1103
guaranteed to be consumed in a location or locations requiring |
821 </li> | 1104
that the value does carry that annotation. More precisely, a |
822 </ul> | 1105
value annotated with a type qualifier specifying when=NEVER is |
823 <li>LazyInit</li> | 1106
guaranteed to reach a use or uses where the same type |
824 <ul> | 1107
qualifier specifies when=ALWAYS.</li> |
825 <li>LI_LAZY_INIT_UPDATE_STATIC: | 1108 <li>TQ_M
AYBE_SOURCE_VALUE_REACHES_ALWAYS_SINK: A value |
826 This method contains an unsynchroniz
ed lazy | 1109
that might not carry a type qualifier annotation reaches a use |
827 initialization of a static field. A
fter the field is | 1110
which requires that annotation.</li> |
828 set, the object stored into that loc
ation is further | 1111 <li>TQ_M
AYBE_SOURCE_VALUE_REACHES_NEVER_SINK: A value |
829 accessed. The setting of the field
is visible to other | 1112
which might carry a type qualifier annotation reaches a use |
830 threads as soon as it is set. If the
further accesses in | 1113
which forbids values carrying that annotation.</li> |
831 the method that set the field serve
to initialize the | 1114 </ul> |
832 object, then you have a <em>very ser
ious</em> | 1115 </li> |
833 multithreading bug, unless something
else prevents any | 1116 </ul> |
834 other thread from accessing the stor
ed object until it | 1117 </li> |
835 is fully initialized. | 1118 <li>New Reports (existing detectors) |
836 </li> | 1119 <ul> |
837 </ul> | 1120 <li>FindHEmismatch |
838 <li>FindDeadLocalStores</li> | 1121 <ul> |
839 <ul> | 1122 <li>EQ_D
OESNT_OVERRIDE_EQUALS: This class extends a class |
840 <li>DLS_DEAD_STORE_OF_CLASS_LITERAL: | 1123
that defines an equals method and adds fields, but doesn't |
841 This instruction assigns a class lit
eral to a variable | 1124
define an equals method itself. Thus, equality on instances of |
842 and then never uses it. | 1125
this class will ignore the identity of the subclass and the |
843 <a href="//java.sun.com/j2se/1.5.0/c
ompatibility.html#literal">The behavior of this differs in Java 1.4 and in Java
5.</a> | 1126
added fields. Be sure this is what is intended, and that you |
844 In Java 1.4 and earlier, a reference
to | 1127
don't need to override the equals method. Even if you don't |
845 <code>Foo.class</code> would force t
he static | 1128
need to override the equals method, consider overriding it |
846 initializer for <code>Foo</code> to
be executed, if it | 1129
anyway to document the fact that the equals method for the |
847 has not been executed already. In J
ava 5 and later, it | 1130
subclass just return the result of invoking super.equals(o).</li> |
848 does not. See Sun's | 1131 </ul> |
849 <a href="//java.sun.com/j2se/1.5.0/c
ompatibility.html#literal">article on Java SE compatibility</a> | 1132 </li> |
850 for more details and examples, and s
uggestions on how | 1133 <li>Naming |
851 to force class initialization in Jav
a 5. | 1134 <ul> |
852 </li> | 1135 <li>NM_W
RONG_PACKAGE, NM_WRONG_PACKAGE_INTENTIONAL: The |
853 </ul> | 1136
method in the subclass doesn't override a similar method in a |
854 <li>MethodReturnCheck</li> | 1137
superclass because the type of a parameter doesn't exactly |
855 <ul> | 1138
match the type of the corresponding parameter in the |
856 <li>RV_RETURN_VALUE_IGNORED_BAD_PRAC
TICE: | 1139
superclass.</li> |
857 This method returns a value that is
not checked. The | 1140 <li>NM_S
AME_SIMPLE_NAME_AS_SUPERCLASS: This class has a |
858 return value should be checked since
it can indication | 1141
simple name that is identical to that of its superclass, |
859 an unusual or unexpected function ex
ecution. For | 1142
except that its superclass is in a different package (e.g., <code>alpha.Foo</cod
e> |
860 example, the <code>File.delete()</co
de> method returns | 1143
extends <code>beta.Foo</code>). This can be exceptionally |
861 false if the file could not be succe
ssfully deleted | 1144
confusing, create lots of situations in which you have to look |
862 (rather than throwing an Exception).
If you don't | 1145
at import statements to resolve references and creates many |
863 check the result, you won't notice i
f the method | 1146
opportunities to accidently define methods that do not |
864 invocation signals unexpected behavi
or by returning an | 1147
override methods in their superclasses. |
865 atypical return value. | 1148 </li> |
866 </li> | 1149 <li>NM_S
AME_SIMPLE_NAME_AS_INTERFACE: This class/interface |
867 <li>RV_EXCEPTION_NOT_THROWN: | 1150
has a simple name that is identical to that of an |
868 This code creates an exception (or e
rror) object, but | 1151
implemented/extended interface, except that the interface is |
869 doesn't do anything with it. | 1152
in a different package (e.g., <code>alpha.Foo</code> extends <code>beta.Foo</cod
e>). |
870 </li> | 1153
This can be exceptionally confusing, create lots of situations |
871 </ul> | 1154
in which you have to look at import statements to resolve |
872 </ul> | 1155
references and creates many opportunities to accidently define |
873 <li>Changes to Existing Reports</li> | 1156
methods that do not override methods in their superclasses. |
874 <ul> | 1157 </li> |
875 <li>NS_NON_SHORT_CIRCUIT: BAD_PRACTICE
-> STYLE</li> | 1158 </ul> |
876 <li>NS_DANGEROUS_NON_SHORT_CIRCUIT: CO
RRECTNESS -> STYLE</li> | 1159 <li>FindRefComparison |
877 <li>RC_REF_COMPARISON: CORRECTNESS -&g
t; BAD_PRACTICE</li> | 1160 <ul> |
878 </ul> | 1161 <li>EC_U
NRELATED_TYPES_USING_POINTER_EQUALITY: This method |
879 <li>GUI Changes</li> | 1162
uses using pointer equality to compare two references that |
880 <ul> | 1163
seem to be of different types. The result of this comparison |
881 <li>Added importing and exporting of b
ug filters</li> | 1164
will always be false at runtime.</li> |
882 <li>Better handling of failed analysis
runs</li> | 1165 </ul> |
883 <li>Added "-look" parameter for select
ing look-and-feel</li> | 1166 </li> |
884 <li>Fixed incorrect package filtering<
/li> | 1167 <li>IncompatMask |
885 <li>Fixed issue where "synchronized" w
as not syntax-highlighted</li> | 1168 <ul> |
886 </ul> | 1169 <li>BIT_
SIGNED_CHECK, BIT_SIGNED_CHECK_HIGH_BIT: This |
887 <li>Ant-task Changes</li> | 1170
method compares an expression such as <tt>((event.detail |
888 <ul> | 1171
& SWT.SELECTED) > 0)</tt>. Using bit arithmetic and then |
889 <li>Refactored common ant-task code to
AbstractFindBugsTask</li> | 1172
comparing with the greater than operator can lead to |
890 <li>Added tasks for computeBugHistory,
convertXmlToText, filterBugs, mineBugHistory, setBugDatabaseInfo</li> | 1173
unexpected results (of course depending on the value of |
891 </ul> | 1174
SWT.SELECTED). If SWT.SELECTED is a negative number, this is a |
892 <li>Manual</li> | 1175
candidate for a bug. Even when SWT.SELECTED is not negative, |
893 <ul> | 1176
it seems good practice to use '!= 0' instead of '> 0'. |
894 <li>Updates to GUI section, including
new screenshots</li> | 1177 </li> |
895 <li>Added description of rejarForAnaly
sis</li> | 1178 </ul> |
896 <li>Revamp of data-mining section</li> | 1179 </li> |
897 </ul> | 1180 <li>LazyInit |
898 <li>Other Major</li> | 1181 <ul> |
899 <ul> | 1182 <li>LI_L
AZY_INIT_UPDATE_STATIC: This method contains an |
900 <li>Internal restructuring for lower m
emory overhead</li> | 1183
unsynchronized lazy initialization of a static field. After |
901 </ul> | 1184
the field is set, the object stored into that location is |
902 <li>Other Minor</li> | 1185
further accessed. The setting of the field is visible to other |
903 <ul> | 1186
threads as soon as it is set. If the further accesses in the |
904 <li>Fixed typo: was STCAL_STATIC_SIMPL
E_DATA_FORMAT_INSTANCE now STCAL_STATIC_SIMPLE_DATE_FORMAT_INSTANCE</li> | 1187
method that set the field serve to initialize the object, then |
905 <li>-outputFile parameter became -outp
ut</li> | 1188
you have a <em>very serious</em> multithreading bug, unless |
906 <li>More sensitivity and specificity i
nLazyInit detector</li> | 1189
something else prevents any other thread from accessing the |
907 <li>More sensitivity and specificity i
n Naming detector</li> | 1190
stored object until it is fully initialized. |
908 <li>More sensitivity and specificity i
n UnreadFields detector</li> | 1191 </li> |
909 <li>More sensitivity in FindNullDeref
detector</li> | 1192 </ul> |
910 <li>More sensitivity in FindBadCast2 d
etector</li> | 1193 </li> |
911 <li>More specificity in FindReturnRef
detector</li> | 1194 <li>FindDeadLocalStores |
912 <li>Many other tweaks and bug fixes</l
i> | 1195 <ul> |
913 </ul> | 1196 <li>DLS_
DEAD_STORE_OF_CLASS_LITERAL: This instruction |
914 </ul> | 1197
assigns a class literal to a variable and then never uses it. |
915 | 1198
<a href="//java.sun.com/j2se/1.5.0/compatibility.html#literal">The |
916 <p> Changes since version 1.2.0</p> | 1199
behavior of this differs in Java 1.4 and in Java 5.</a> In Java |
917 <ul> | 1200
1.4 and earlier, a reference to <code>Foo.class</code> would |
| 1201
force the static initializer for <code>Foo</code> to be |
| 1202
executed, if it has not been executed already. In Java 5 and |
| 1203
later, it does not. See Sun's <a |
| 1204
href="//java.sun.com/j2se/1.5.0/compatibility.html#literal">article |
| 1205
on Java SE compatibility</a> for more details and examples, and |
| 1206
suggestions on how to force class initialization in Java 5. |
| 1207 </li> |
| 1208 </ul> |
| 1209 </li> |
| 1210 <li>MethodReturnCheck |
| 1211 <ul> |
| 1212 <li>RV_R
ETURN_VALUE_IGNORED_BAD_PRACTICE: This method |
| 1213
returns a value that is not checked. The return value should |
| 1214
be checked since it can indication an unusual or unexpected |
| 1215
function execution. For example, the <code>File.delete()</code> |
| 1216
method returns false if the file could not be successfully |
| 1217
deleted (rather than throwing an Exception). If you don't |
| 1218
check the result, you won't notice if the method invocation |
| 1219
signals unexpected behavior by returning an atypical return |
| 1220
value. |
| 1221 </li> |
| 1222 <li>RV_E
XCEPTION_NOT_THROWN: This code creates an |
| 1223
exception (or error) object, but doesn't do anything with it. |
| 1224 </li> |
| 1225 </ul> |
| 1226 </li> |
| 1227 </ul> |
| 1228 </li> |
| 1229 <li>Changes to Existing Reports |
| 1230 <ul> |
| 1231 <li>NS_NON_SHORT_CIRCUIT
: BAD_PRACTICE -> STYLE</li> |
| 1232 <li>NS_DANGEROUS_NON_SHO
RT_CIRCUIT: CORRECTNESS -> STYLE</li> |
| 1233 <li>RC_REF_COMPARISON: C
ORRECTNESS -> BAD_PRACTICE</li> |
| 1234 </ul> |
| 1235 </li> |
| 1236 <li>GUI Changes |
| 1237 <ul> |
| 1238 <li>Added importing and
exporting of bug filters</li> |
| 1239 <li>Better handling of f
ailed analysis runs</li> |
| 1240 <li>Added "-look" parame
ter for selecting look-and-feel</li> |
| 1241 <li>Fixed incorrect pack
age filtering</li> |
| 1242 <li>Fixed issue where "s
ynchronized" was not |
| 1243 syntax-highlight
ed</li> |
| 1244 </ul> |
| 1245 </li> |
| 1246 <li>Ant-task Changes |
| 1247 <ul> |
| 1248 <li>Refactored common an
t-task code to AbstractFindBugsTask</li> |
| 1249 <li>Added tasks for comp
uteBugHistory, convertXmlToText, |
| 1250 filterBugs, mine
BugHistory, setBugDatabaseInfo</li> |
| 1251 </ul> |
| 1252 </li> |
| 1253 <li>Manual |
| 1254 <ul> |
| 1255 <li>Updates to GUI secti
on, including new screenshots</li> |
| 1256 <li>Added description of
rejarForAnalysis</li> |
| 1257 <li>Revamp of data-minin
g section</li> |
| 1258 </ul> |
| 1259 </li> |
| 1260 <li>Other Major |
| 1261 <ul> |
| 1262 <li>Internal restructuri
ng for lower memory overhead</li> |
| 1263 </ul> |
| 1264 </li> |
| 1265 <li>Other Minor |
| 1266 <ul> |
| 1267 <li>Fixed typo: was STCA
L_STATIC_SIMPLE_DATA_FORMAT_INSTANCE |
| 1268 now STCAL_STATIC
_SIMPLE_DATE_FORMAT_INSTANCE</li> |
| 1269 <li>-outputFile paramete
r became -output</li> |
| 1270 <li>More sensitivity and
specificity inLazyInit detector</li> |
| 1271 <li>More sensitivity and
specificity in Naming detector</li> |
| 1272 <li>More sensitivity and
specificity in UnreadFields |
| 1273 detector</li> |
| 1274 <li>More sensitivity in
FindNullDeref detector</li> |
| 1275 <li>More sensitivity in
FindBadCast2 detector</li> |
| 1276 <li>More specificity in
FindReturnRef detector</li> |
| 1277 <li>Many other tweaks an
d bug fixes</li> |
| 1278 </ul> |
| 1279 </li> |
| 1280 </ul> |
| 1281 |
| 1282 <p>Changes since version 1.2.0</p> |
| 1283 <ul> |
918 <li>Bug fixes: | 1284 <li>Bug fixes: |
919 » » » » » <ul> | 1285 » » » » » » <ul> |
920 » » » » » <li><a href="http://fisheye2.cenqua.com/
changelog/findbugs/?cs=8219">Fix</a> <a href="http://sourceforge.net/tracker/ind
ex.php?func=detail&aid=1726946&group_id=96405&atid=614693">bug</a> with detector
s that were requested to be disabled but were enabled due to requirements of oth
er detectors.</li> | 1286 » » » » » » » <li><a |
921 » » » » » <li>Fix bugs in incremental analysis wit
hin Eclipse plugin</li> | 1287 » » » » » » » » href="http://fis
heye2.cenqua.com/changelog/findbugs/?cs=8219">Fix</a> |
922 » » » » » <li>Fix some analysis errors</li> | 1288 » » » » » » » » <a |
923 » » » » » <li>Fix some threading bugs in GUI2</li> | 1289 » » » » » » » » href="http://sou
rceforge.net/tracker/index.php?func=detail&aid=1726946&group_id=96405&atid=61469
3">bug</a> |
924 » » » » » <li>Report version as version when it wa
s compiled, not when it was run</li> | 1290 » » » » » » » » with detectors t
hat were requested to be disabled but were |
925 » » » » » <li>Copy analysis time stamp when filter
ing or transforming analysis files.</li> | 1291 » » » » » » » » enabled due to r
equirements of other detectors.</li> |
926 » » » » » </ul> | 1292 » » » » » » » <li>Fix bugs in incremen
tal analysis within Eclipse plugin</li> |
927 » » » » » <li>Enabled StaticCalendarDetector | 1293 » » » » » » » <li>Fix some analysis er
rors</li> |
928 » » » » » </li> | 1294 » » » » » » » <li>Fix some threading b
ugs in GUI2</li> |
| 1295 » » » » » » » <li>Report version as ve
rsion when it was compiled, not when |
| 1296 » » » » » » » » it was run</li> |
| 1297 » » » » » » » <li>Copy analysis time s
tamp when filtering or transforming |
| 1298 » » » » » » » » analysis files.<
/li> |
| 1299 » » » » » » </ul> |
| 1300 » » » » » <li>Enabled StaticCalendarDetector</li> |
929 <li>Reworked GUI2 to use standard FindBu
gs filters | 1301 <li>Reworked GUI2 to use standard FindBu
gs filters |
930 » » » » » </li> | 1302 » » » » » » <ul> |
931 » » » » » <ul> | 1303 » » » » » » » <li>Allow a suppression
filter to be stored in a project and |
932 » » » » » <li>Allow a suppression filter to be sto
red in a project and persisted to the XML representation of a project. | 1304 » » » » » » » » persisted to the
XML representation of a project.</li> |
933 » » » » » </li> | 1305 » » » » » » </ul> |
934 » » » » » </ul> | 1306 » » » » » </li> |
935 » » » » » | 1307 |
936 » » » » » <li>Move away from old GUI2 save format
(a directory containing an xml file and another file containing serialized filte
rs). | 1308 » » » » » <li>Move away from old GUI2 save format
(a directory |
937 » » » » » </li> | 1309 » » » » » » containing an xml file and anoth
er file containing serialized |
| 1310 » » » » » » filters).</li> |
938 <li>Support/recommend use of two new fil
e extensions/formats: | 1311 <li>Support/recommend use of two new fil
e extensions/formats: |
939 » » » » » <dl><dt>.fba - FindBugs Analysis File</d
t> | 1312 » » » » » » <dl> |
940 » » » » » <dd>Exactly the same as an existing bug
collection file stored in XML format, but using a distinct file extension | 1313 » » » » » » » <dt>.fba - FindBugs Anal
ysis File</dt> |
941 » » » » » to make it easier to figure out which xm
l files contain FindBugs results.</dd> | 1314 » » » » » » » <dd>Exactly the same as
an existing bug collection file |
942 » » » » » <dt>.fbp - FindBugs Project File</dt><dd
>Contains just the information needed to run FindBugs and display the results (e
.g., the files to be analyzed, the auxiliary class path and the location of sour
ce files)</dl></li> | 1315 » » » » » » » » stored in XML fo
rmat, but using a distinct file extension to |
943 » » » » » </ul> | 1316 » » » » » » » » make it easier t
o figure out which xml files contain FindBugs |
944 » » » » » <p> Changes since version 1.1.3</p> | 1317 » » » » » » » » results.</dd> |
945 » » » » » <ul> | 1318 » » » » » » » <dt>.fbp - FindBugs Proj
ect File</dt> |
946 » » » » » <li>Added -xml:withAbridgedMessages opti
on to generate xml containing shorter messages. | 1319 » » » » » » » <dd>Contains just the in
formation needed to run FindBugs and |
947 » » » » » The messages will be shorted by doin
g things like eliding package names, and leaving off | 1320 » » » » » » » » display the resu
lts (e.g., the files to be analyzed, the |
948 » » » » » the source line from the LongMessage
. | 1321 » » » » » » » » auxiliary class
path and the location of source files) |
949 » » » » » These messages are appropriate if be
ing used in a context where | 1322 » » » » » » </dl> |
950 » » » » » the non-message components of the bu
g annotations will be used to provide more information | 1323 » » » » » </li> |
951 » » » » » (e.g., clicking on the message for a
MethodAnnotation will display the source for the method). | 1324 » » » » </ul> |
952 » » » » » <ul><li>FindBugsDisplayFeatures.setAbrid
gedMessages(true) can be used to generate abridged messages | 1325 » » » » <p>Changes since version 1.1.3</p> |
953 » » » » » when FindBugs is being accessed dire
ctly (not via generated XML) from a GUI or IDE. | 1326 » » » » <ul> |
954 » » » » » </li> | 1327 » » » » » <li>Added -xml:withAbridgedMessages opti
on to generate xml |
955 » » » » » </ul> | 1328 » » » » » » containing shorter messages. The
messages will be shorted by doing |
956 » » » » » <li>In null pointer analysis, try to be
better about always showing two locations: where it is known null and | 1329 » » » » » » things like eliding package name
s, and leaving off the source line |
957 » » » » » where it is dereferenced. | 1330 » » » » » » from the LongMessage. These mess
ages are appropriate if being used |
958 » » » » » <li>Interprocedural analysis of which me
thods return nonnull values | 1331 » » » » » » in a context where the non-messa
ge components of the bug |
959 » » » » » <li>Use method calls to select order in
which classes are analyzed, and order in which methods | 1332 » » » » » » annotations will be used to prov
ide more information (e.g., |
960 » » » » » are analyzed, to improve interprocedural
analysis results. | 1333 » » » » » » clicking on the message for a Me
thodAnnotation will display the |
961 » » » » » <li>Significant improvements in memory f
ootprint, memory allocation and CPU utilization | 1334 » » » » » » source for the method). |
962 » » » » » (20-30% reduction in all three) | 1335 » » » » » » <ul> |
963 » » » » » <li>Added a project name, to provide bet
ter descriptions in the HTML output. | 1336 » » » » » » » <li>FindBugsDisplayFeatu
res.setAbridgedMessages(true) can be |
964 » » » » » <li>Added new bug pattern: Casting to ch
ar, or bit masking with nonnegative value, and then checking to see | 1337 » » » » » » » » used to generate
abridged messages when FindBugs is being |
965 » » » » » » if the result is negative. | 1338 » » » » » » » » accessed directl
y (not via generated XML) from a GUI or IDE.</li> |
966 » » » » » <li>Stopped reporting transient fields | 1339 » » » » » » </ul> |
967 » » » » » of classes not marked as serializable. T
ransient is used by other persistence frameworks. | 1340 » » » » » <li>In null pointer analysis, try to be
better about always |
968 » » » » » <li>Improvements to detector for SQL inj
ection (Thanks to <a href="http://www.clock.org/~matt">Matt Hargett</a> for | 1341 » » » » » » showing two locations: where it
is known null and where it is |
969 » » » » » his contributions | 1342 » » » » » » dereferenced. |
970 » » » » » <li>Changed open/save options in GUI2 to
not distinguish between FindBugs projects | 1343 » » » » » <li>Interprocedural analysis of which me
thods return nonnull |
971 » » » » » and saved FindBugs analysis results. | 1344 » » » » » » values |
972 » » » » » <li>Improvements to detection of serious
non-short-circuit evaluation. | 1345 » » » » » <li>Use method calls to select order in
which classes are |
| 1346 » » » » » » analyzed, and order in which met
hods are analyzed, to improve |
| 1347 » » » » » » interprocedural analysis results
. |
| 1348 » » » » » <li>Significant improvements in memory f
ootprint, memory |
| 1349 » » » » » » allocation and CPU utilization (
20-30% reduction in all three) |
| 1350 » » » » » <li>Added a project name, to provide bet
ter descriptions in |
| 1351 » » » » » » the HTML output. |
| 1352 » » » » » <li>Added new bug pattern: Casting to ch
ar, or bit masking |
| 1353 » » » » » » with nonnegative value, and then
checking to see if the result is |
| 1354 » » » » » » negative. |
| 1355 » » » » » <li>Stopped reporting transient fields o
f classes not marked |
| 1356 » » » » » » as serializable. Transient is us
ed by other persistence |
| 1357 » » » » » » frameworks. |
| 1358 » » » » » <li>Improvements to detector for SQL inj
ection (Thanks to <a |
| 1359 » » » » » » href="http://www.clock.org/~matt
">Matt Hargett</a> for his |
| 1360 » » » » » » contributions |
| 1361 » » » » » <li>Changed open/save options in GUI2 to
not distinguish |
| 1362 » » » » » » between FindBugs projects and sa
ved FindBugs analysis results. |
| 1363 » » » » » <li>Improvements to detection of serious
non-short-circuit |
| 1364 » » » » » » evaluation. |
973 <li>Updated Japanese localization (thank
s to Ruimo Uno) | 1365 <li>Updated Japanese localization (thank
s to Ruimo Uno) |
974 | |
975 <li>Eclipse plugin changes: | 1366 <li>Eclipse plugin changes: |
976 » » » » » <ul> | 1367 » » » » » » <ul> |
977 » » » » » <li>Created Bug User Annotations and Bug
Tree Views | 1368 » » » » » » » <li>Created Bug User Ann
otations and Bug Tree Views |
978 » » » » » <li>Use different icons for different bu
g priorities | 1369 » » » » » » » <li>Use different icons
for different bug priorities |
979 » » » » » <li>Provide more information in Bug Deta
ils view | 1370 » » » » » » » <li>Provide more informa
tion in Bug Details view |
980 » » » » » </ul> | 1371 » » » » » » </ul> |
981 » » » » » </ul> | 1372 » » » » </ul> |
982 » » » » » | 1373 |
983 » » » » » <p> | 1374 » » » » <p>Changes since version 1.1.2:</p> |
984 » » » » » » Changes since version 1.1.2: | 1375 » » » » <ul> |
985 » » » » » </p> | |
986 » » » » » <ul> | |
987 <li>Fixed broken Ant task | 1376 <li>Fixed broken Ant task |
988 <li>Added running ant task to smoke test | 1377 <li>Added running ant task to smoke test |
989 <li>Added validating xml and html output
to smoke test | 1378 <li>Added validating xml and html output
to smoke test |
990 » » » » » <li>Fixed some (but not all) issues wit
h html output validation | 1379 » » » » » <li>Fixed some (but not all) issues with
html output |
| 1380 » » » » » » validation |
991 <li>Added check for x.equals(x) and x.co
mpareTo(x) | 1381 <li>Added check for x.equals(x) and x.co
mpareTo(x) |
992 <li>Various bug fixes | 1382 <li>Various bug fixes |
993 </ul> | 1383 </ul> |
994 <p> | 1384 <p>Changes since version 1.1.1:</p> |
995 Changes since version 1.1.1: | 1385 <ul> |
996 </p> | 1386 <li>Added check for infinite iterative l
oops</li> |
997 <ul> | 1387 <li>Added check for use of incompatible
types in a collection |
998 <li> | 1388 (e.g., checking to see if a Set&
lt;String> contains a |
999 Added check for infinite
iterative loops | 1389 StringBuffer).</li> |
1000 </li> | 1390 <li>Added check for invocations of equal
s or hashCode on a |
1001 <li> | 1391 URL, which, <a |
1002 Added check for use of i
ncompatible types in a collection (e.g., | 1392 href="http://michaelscharf.blogs
pot.com/2006/11/javaneturlequals-and-hashcode-make.html">surprising |
1003 checking to see if a Set
<String> contains a StringBuffer). | 1393 many people</a>, require
s DNS resolution. |
1004 </li> | 1394 </li> |
1005 <li> | 1395 <li>Added check for classes that define
compareTo but not |
1006 Added check for invocati
ons of equals or hashCode on a URL, | 1396 equals; such classes can exhibit
some anomalous behavior (e.g., |
1007 which, | 1397 they are treated differently by
PriorityQueues in Java 5 and Java |
1008 <a | 1398 6).</li> |
1009 href="http://mic
haelscharf.blogspot.com/2006/11/javaneturlequals-and-hashcode-make.html">surpris
ing | 1399 <li>Added a check for useless self opera
tions (e.g., x < x |
1010 many people</a>,
requires DNS resolution. | 1400 or x ^ x).</li> |
1011 </li> | 1401 <li>Fixed a data race that could cause t
he GUI to fail on |
1012 <li> | 1402 startup</li> |
1013 Added check for classes
that define compareTo but not equals; | 1403 <li>Partial internationalization of the
new GUI</li> |
1014 such classes can exhibit
some anomalous behavior (e.g., they are | 1404 <li>Fix bug in "Redo analysis" option of
new GUI</li> |
1015 treated differently by P
riorityQueues in Java 5 and Java 6). | 1405 <li>Tuning to reduce false positives</li
> |
1016 </li> | 1406 <li>Fixed a bug in null pointer analysis
that was generating |
1017 <li> | 1407 false positive null pointer warn
ings on exception paths. Fixing |
1018 Added a check for useles
s self operations (e.g., x < x or x ^ x). | 1408 this bug eliminates about 1/4 of
the warnings on null pointer |
1019 </li> | 1409 exceptions on exception paths.</
li> |
1020 <li> | 1410 <li>Fixed a bug in the processing of phi
nodes for fields in |
1021 Fixed a data race that c
ould cause the GUI to fail on startup | 1411 the null pointer analysis</li> |
1022 </li> | 1412 <li>Applied contributed patch that provi
des more quick fixes |
1023 <li> | 1413 in Eclipse plugin.</li> |
1024 Partial internationaliza
tion of the new GUI | 1414 <li>Fixed a number of bugs in the Eclips
e auto update sites, |
1025 </li> | 1415 and in the way date qualifiers w
ere being used in the Eclipse |
1026 <li> | 1416 plugin. You may need to manually
disable your existing version of |
1027 Fix bug in "Redo analysi
s" option of new GUI | 1417 the plugin and download the 1.1.
2 from the update site to get the |
1028 </li> | 1418 automatic update function workin
g correctly. The Eclipse update |
1029 <li> | 1419 sites are described at <a |
1030 Tuning to reduce false p
ositives | 1420 href="http://findbugs.cs.umd.edu
/eclipse/">http://findbugs.cs.umd.edu/eclipse/</a>. |
1031 </li> | 1421 |
1032 <li> | 1422 </li> |
1033 Fixed a bug in null poin
ter analysis that was generating false | 1423 <li>Fixed progress bar in Eclipse plugin
</li> |
1034 positive null pointer wa
rnings on exception paths. Fixing this | 1424 <li>A number of other bug fixes.</li> |
1035 bug eliminates about 1/4
of the warnings on null pointer | 1425 </ul> |
1036 exceptions on exception
paths. | 1426 |
1037 </li> | 1427 <p>Changes since version 1.1.0:</p> |
1038 <li> | 1428 <ul> |
1039 Fixed a bug in the proce
ssing of phi nodes for fields in the null | 1429 <li>less scanning of classes not on the
analysis path (This |
1040 pointer analysis | 1430 was causing some performance pro
blems.)</li> |
1041 </li> | 1431 <li>no unread field warnings for fields
annotated with |
1042 <li> | 1432 javax.persistent or javax.ejb3</
li> |
1043 Applied contributed patc
h that provides more quick fixes in | 1433 <li>Eclipse plugin |
1044 Eclipse plugin. | 1434 <ul> |
1045 </li> | 1435 <li>bug annotation info
displayed in Bug Details tab</li> |
1046 <li> | 1436 <li>.fbwarnings data fil
e now stored in .metadata (not in |
1047 Fixed a number of bugs in the Ec
lipse auto update sites, and in the way | 1437 the project itse
lf)</li> |
1048 date qualifiers were being used
in the Eclipse plugin. You may need to manually | 1438 </ul> |
1049 disable your existing version of
the plugin and download the 1.1.2 from the update | 1439 </li> |
1050 site to get the automatic update
function working correctly. | 1440 <li>new SE_BAD_FIELD_INNER_CLASS pattern
</li> |
1051 The Eclipse update sites are des
cribed at <a href="http://findbugs.cs.umd.edu/eclipse/">http://findbugs.cs.umd.e
du/eclipse/</a>. | 1441 <li>updates to Japanese translation (rui
mo)</li> |
1052 | 1442 <li>fix some internal slashed/dotted pat
h confusion</li> |
1053 </li> | 1443 <li>other minor improvements</li> |
1054 <li> | 1444 </ul> |
1055 Fixed progress bar in Ec
lipse plugin | 1445 |
1056 </li> | 1446 <p>Changes since version 1.0.0:</p> |
1057 <li> | 1447 |
1058 A number of other bug fi
xes. | 1448 <ul> |
1059 </li> | 1449 <li>Overall, the change from FindBugs 1.
0.0 to FindBugs 1.1.0 |
1060 </ul> | 1450 has been a big change. We've don
e a lot of work in a lot of areas, |
1061 | 1451 and aren't even going to try to
enumerate all the changes.</li> |
1062 <p> | 1452 <li>We spent a lot of time reviewing the
results generated by |
1063 Changes since version 1.1.0: | 1453 FindBugs for open source and com
mercial code bases, and made a |
1064 </p> | 1454 number of changes, small and lar
ge, to minimize the number of |
1065 <ul> | 1455 false positives. Our primary foc
us for this was warnings reported |
1066 <li> | 1456 as high and medium priority corr
ectness warnings. Our internal |
1067 less scanning of classes
not on the analysis path (This was | 1457 evaluation is that we produce ve
ry few high/medium priority |
1068 causing some performance
problems.) | 1458 correctness warnings where the a
nalysis is actually wrong, and |
1069 </li> | 1459 that more than 75% of the high/m
edium priority correctness |
1070 <li> | 1460 warnings correspond to real codi
ng defects that need addressing in |
1071 no unread field warnings
for fields annotated with | 1461 the source code. The remaining 2
5% are largely cases such as a |
1072 javax.persistent or java
x.ejb3 | 1462 branch or statement that if take
n would lead to an error, but in |
1073 </li> | 1463 fact is a dead branch or stateme
nt that can never be taken. Such |
1074 <li> | 1464 coding is confusing and hard to
maintain, so it should arguably be |
1075 Eclipse plugin | 1465 fixed, but it is unlikely to act
ually result in an error during |
1076 <ul> | 1466 execution. Thus, some might clas
sify those warnings as false |
1077 <li> | 1467 positives.</li> |
1078 bug anno
tation info displayed in Bug Details tab | 1468 <li>We've substantially improved the ana
lysis for errors that |
1079 </li> | 1469 could result in null pointer der
eferences. Overall, our experience |
1080 <li> | 1470 has been that these changes have
roughly doubled the number of |
1081 .fbwarni
ngs data file now stored in .metadata (not in the | 1471 null pointer errors we detect, w
ithout increasing the number of |
1082 project
itself) | 1472 false positives (in fact, our fa
lse positive rate has gone down). |
1083 </li> | 1473 The improvements are due to four
factors: |
1084 </ul> | 1474 <ul> |
1085 </li> | 1475 <li>By default, we now d
o some interprocedural analysis to |
1086 <li> | 1476 determine method
s that unconditionally dereference their |
1087 new SE_BAD_FIELD_INNER_C
LASS pattern | 1477 parameters.</li> |
1088 </li> | 1478 <li>FindBugs also comes
with a model of which JDK methods |
1089 <li> | 1479 unconditionally
dereference their parameters.</li> |
1090 updates to Japanese tran
slation (ruimo) | 1480 <li>We do limited tracki
ng of fields, so that we can detect |
1091 </li> | 1481 null values stor
ed in fields that lead to exceptions.</li> |
1092 <li> | 1482 <li>We implemented a new
analysis technique to find |
1093 fix some internal slashe
d/dotted path confusion | 1483 guaranteed deref
erences. Consider the following example: <pre>public int f(Object x, boolean b)
{ |
1094 </li> | |
1095 <li> | |
1096 other minor improvements | |
1097 </li> | |
1098 </ul> | |
1099 | |
1100 <p> | |
1101 Changes since version 1.0.0: | |
1102 </p> | |
1103 | |
1104 <ul> | |
1105 <li> | |
1106 Overall, the change from
FindBugs 1.0.0 to FindBugs 1.1.0 has | |
1107 been a big change. We've
done a lot of work in a lot of areas, | |
1108 and aren't even going to
try to enumerate all the changes. | |
1109 </li> | |
1110 <li> | |
1111 We spent a lot of time r
eviewing the results generated by | |
1112 FindBugs for open source
and commercial code bases, and made a | |
1113 number of changes, small
and large, to minimize the number of | |
1114 false positives. Our pri
mary focus for this was warnings reported | |
1115 as high and medium prior
ity correctness warnings. Our internal | |
1116 evaluation is that we pr
oduce very few high/medium priority | |
1117 correctness warnings whe
re the analysis is actually wrong, and | |
1118 that more than 75% of th
e high/medium priority correctness | |
1119 warnings correspond to r
eal coding defects that need addressing | |
1120 in the source code. The
remaining 25% are largely cases such as a | |
1121 branch or statement that
if taken would lead to an error, but in | |
1122 fact is a dead branch or
statement that can never be taken. Such | |
1123 coding is confusing and
hard to maintain, so it should arguably | |
1124 be fixed, but it is unli
kely to actually result in an error | |
1125 during execution. Thus,
some might classify those warnings as | |
1126 false positives. | |
1127 | |
1128 </li> | |
1129 <li> | |
1130 We've substantially impr
oved the analysis for errors that could | |
1131 result in null pointer d
ereferences. Overall, our experience has | |
1132 been that these changes
have roughly doubled the number of null | |
1133 pointer errors we detect
, without increasing the number of false | |
1134 positives (in fact, our
false positive rate has gone down). The | |
1135 improvements are due to
four factors: | |
1136 <ul> | |
1137 <li> | |
1138 By defau
lt, we now do some interprocedural analysis to | |
1139 determin
e methods that unconditionally dereference their | |
1140 paramete
rs. | |
1141 </li> | |
1142 <li> | |
1143 FindBugs
also comes with a model of which JDK methods | |
1144 uncondit
ionally dereference their parameters. | |
1145 </li> | |
1146 <li> | |
1147 We do li
mited tracking of fields, so that we can detect null | |
1148 values s
tored in fields that lead to exceptions. | |
1149 </li> | |
1150 <li> | |
1151 We imple
mented a new analysis technique to find guaranteed | |
1152 derefere
nces. Consider the following example: | |
1153 | |
1154 <code> | |
1155
<pre>public int f(Object x, boolean b) { | |
1156 int result = 0; | 1484 int result = 0; |
1157 if (x == null) result++; | 1485 if (x == null) result++; |
1158 else result--; | 1486 else result--; |
1159 // at this point, we know x is null on a simple path | 1487 // at this point, we know x is null on a simple path |
1160 if (b) { | 1488 if (b) { |
1161 // at this point, x is only null on a complex path | 1489 // at this point, x is only null on a complex path |
1162 // we don't know if the path in which x is null and b is true is feasible | 1490 // we don't know if the path in which x is null and b is true is feasible |
1163 return result + x.hashCode(); | 1491 return result + x.hashCode(); |
1164 } | 1492 } |
1165 else { | 1493 else { |
1166 // at this point, x is only null on a complex path | 1494 // at this point, x is only null on a complex path |
1167 // we don't know if the path in which x is null and b is false is feasible | 1495 // we don't know if the path in which x is null and b is false is feasible |
1168 return result - x.hashCode(); | 1496 return result - x.hashCode(); |
1169 } | 1497 } |
1170 </pre> | 1498 </pre> |
1171 </code> | 1499 |
1172 | 1500 <p> |
1173 <p> | 1501 FindBugs
1.0 used forward dataflow analysis to determine |
1174
FindBugs 1.0 used forward dataflow analysis to determine | 1502 whether
each value is definitely null, null on a simple path, |
1175
whether each value is definitely null, null on a simple path, | 1503 possible
null on a complex path, or definitely nonnull. Thus, |
1176
possible null on a complex path, or definitely nonnull. Thus, | 1504 at the s
tatement where |
1177
at the statement where | 1505 <code> r
esult </code> |
1178
<code> | 1506 is decre
mented, we know that |
1179
result | 1507 <code> x
</code> |
1180
</code> | 1508 is defin
itely null, and at the point before |
1181
is decremented, we know that | 1509 <code> i
f (b) </code> |
1182
<code> | 1510 , we kno
w that |
1183
x | 1511 <code> x
</code> |
1184
</code> | 1512 is null
on a simple path. If |
1185
is definitely null, and at the point before | 1513 <code> x
</code> |
1186
<code> | 1514 were to
be dereferenced here, we would generate a warning, |
1187
if (b) | 1515 because
if the else branch of the |
1188
</code> | 1516 <code> i
f (x == null) </code> |
1189
, we know that | 1517 were eve
r taken, a null pointer exception would result. |
1190
<code> | 1518 </p> |
1191
x | 1519 |
1192
</code> | 1520 <p> |
1193
is null on a simple path. If | 1521 However,
in both the then and else branches of the |
1194
<code> | 1522 <code> i
f (b) </code> |
1195
x | 1523 statemen
t, |
1196
</code> | 1524 <code> x
</code> |
1197
were to be dereferenced here, we would generate a warning, | 1525 is only
null on a complex path that may be infeasible. It might |
1198
because if the else branch of the | 1526 be that
the program logic is such that if |
1199
<code> | 1527 <code> x
</code> |
1200
if (x == null) | 1528 is null,
then |
1201
</code> | 1529 <code> b
</code> |
1202
were ever taken, a null pointer exception would result. | 1530 is never
true, so generating a warning about the dereference in |
1203 </p> | 1531 the then
clause might be a false positive. We could try to |
1204 | 1532 analyze
the program to determine whether it is possible for |
1205 <p> | 1533 <code> x
</code> |
1206
However, in both the then and else branches of the | 1534 to be nu
ll and |
1207
<code> | 1535 <code> b
</code> |
1208
if (b) | 1536 to be tr
ue, but that can be a hard analysis problem. |
1209
</code> | 1537 </p> |
1210
statement, | 1538 |
1211
<code> | 1539 <p> |
1212
x | 1540 However, |
1213
</code> | 1541 <code> x
</code> |
1214
is only null on a complex path that may be infeasible. It | 1542 is deref
erenced in both the then <em>and</em> else branches of |
1215
might be that the program logic is such that if | 1543 the |
1216
<code> | 1544 <code> i
f (b) </code> |
1217
x | 1545 statemen
t. So at the point immediately before |
1218
</code> | 1546 <code> i
f (b) </code> |
1219
is null, then | 1547 , we kno
w that |
1220
<code> | 1548 <code> x
</code> |
1221
b | 1549 is null
on a simple path <em>and</em> that |
1222
</code> | 1550 <code> x
</code> |
1223
is never true, so generating a warning about the dereference | 1551 is guara
nteed to be dereferenced on all paths from this point |
1224
in the then clause might be a false positive. We could try to | 1552 forward.
FindBugs 1.1 performs a backwards data flow analysis |
1225
analyze the program to determine whether it is possible for | 1553 to deter
mine the values that are guaranteed to be dereferenced, |
1226
<code> | 1554 and will
generate a warning in this case. |
1227
x | 1555 </p> |
1228
</code> | 1556 </li> |
1229
to be null and | 1557 </ul> |
1230
<code> | 1558 <p> |
1231
b | 1559 The following screen sho
t of our new GUI shows an example of this |
1232
</code> | 1560 analysis, as well as sho
wing off our new GUI and points out a |
1233
to be true, but that can be a hard analysis problem. | 1561 limitation of our curren
t plugins for Eclipse and NetBeans. The |
1234 </p> | 1562 screen shot shows a null
pointer bug in HelpDisplay.java. The |
1235 | 1563 test for |
1236 <p> | 1564 <code> href!=null </code
> |
1237
However, | 1565 on line 78 suggests that |
1238
<code> | 1566 <code> href </code> |
1239
x | 1567 could be null. If it is,
then |
1240
</code> | 1568 <code> href </code> |
1241
is dereferenced in both the then | 1569 will be dereferenced on
either line 87 or on line 90, generating |
1242
<em>and</em> else branches of the | 1570 a NPE. Note that our ana
lysis here also understands that passing |
1243
<code> | 1571 <code> href </code> |
1244
if (b) | 1572 to |
1245
</code> | 1573 <code> URLEncoder.encode
</code> |
1246
statement. So at the point immediately before | 1574 will deference it, and t
hus treats line 87 as a dereference, even |
1247
<code> | 1575 though |
1248
if (b) | 1576 <code> href </code> |
1249
</code> | 1577 is not actually derefere
nced at that line. Within our new GUI, |
1250
, we know that | 1578 all of these locations a
re highlighted and listed in the summary |
1251
<code> | 1579 panel. In the original G
UI (and in HTML output) we list all of |
1252
x | 1580 the locations, but only
the primary location is highlighted by |
1253
</code> | 1581 the original GUI. In the
Eclipse and NetBeans plugins, only the |
1254
is null on a simple path | 1582 primary location is disp
layed; fixing this is on our todo list |
1255
<em>and</em> that | 1583 (contributions welcome). |
1256
<code> | 1584 </p> |
1257
x | 1585 <p> |
1258
</code> | 1586 <img src="guaranteedDere
ference.png" alt=""> |
1259
is guaranteed to be dereferenced on all paths from this point | 1587 |
1260
forward. FindBugs 1.1 performs a backwards data flow analysis | 1588 |
1261
to determine the values that are guaranteed to be | 1589 </p> |
1262
dereferenced, and will generate a warning in this case. | 1590 |
1263 </p> | 1591 </li> |
1264 </li> | 1592 <li>Preliminary support for detectors us
ing the frameworks |
1265 </ul> | 1593 other than BCEL, such as the <a
href="http://asm.objectweb.org/">ASM</a> |
1266 <p> | 1594 bytecode framework. You may expe
riment with writing ASM-based |
1267 The following sc
reen shot of our new GUI shows an example of | 1595 detectors, but beware the API ma
y still change (which could |
1268 this analysis, a
s well as showing off our new GUI and points out | 1596 possibly also affect BCEL-based
detectors). In general, we've |
1269 a limitation of
our current plugins for Eclipse and NetBeans. | 1597 started trying to move away from
a deep dependence on BCEL, but |
1270 The screen shot
shows a null pointer bug in HelpDisplay.java. | 1598 that change is only partially co
mplete. Probably best to just |
1271 The test for | 1599 avoid this until we complete mor
e work on this. This change is |
1272 <code> | 1600 only visible to FindBugs plugin
developers, and shouldn't be |
1273 href!=nu
ll | 1601 visible to FindBugs users. |
1274 </code> | 1602 </li> |
1275 on line 78 sugge
sts that | 1603 <li> |
1276 <code> | 1604 <p>Bug categories (CORRECTNESS,
MT_CORRECTNESS, etc.) are no |
1277 href | 1605 longer hard-coded, but r
ather defined in xml files associated |
1278 </code> | 1606 with plugins, including
the core plugin which defines the |
1279 could be null. I
f it is, then | 1607 standard categories. Thi
rd-party plugins can define their own |
1280 <code> | 1608 categories.</p> |
1281 href | 1609 </li> |
1282 </code> | 1610 <li> |
1283 will be derefere
nced on either line 87 or on line 90, generating | 1611 <p>Several bug patterns have bee
n moved from CORRECTNESS and |
1284 a NPE. Note that
our analysis here also understands that passing | 1612 STYLE into a new categor
y, BAD_PRACTICE. The English localization |
1285 <code> | 1613 of STYLE has changed fro
m "Style" to "Dodgy."</p> |
1286 href | 1614 <p>In general, we've worked very
hard to limit CORRECTNESS |
1287 </code> | 1615 bugs to be real programm
ing errors and sins of commission. We |
1288 to | 1616 have reclassified as BAD
_PRACTICE a number of bad design |
1289 <code> | 1617 practices that result in
overly fragile code, such as defining an |
1290 URLEncod
er.encode | 1618 equals method that doesn
't accept null or defining class with a |
1291 </code> | 1619 equals method that inher
its hashCode from class Object.</p> |
1292 will deference i
t, and thus treats line 87 as a dereference, | 1620 <p>In general, our guidelines fo
r deciding whether a bug |
1293 even though | 1621 should be classified as
CORRECTNESS, BAD_PRACTICE or STYLE are:</p> |
1294 <code> | 1622 <dl> |
1295 href | 1623 <dt>CORRECTNESS</dt> |
1296 </code> | 1624 <dd>A problem that we ca
n recognize with high confidence and |
1297 is not actually
dereferenced at that line. Within our new GUI, | 1625 is an issue that
we believe almost all developers would want to |
1298 all of these loc
ations are highlighted and listed in the summary | 1626 examine and addr
ess. We recommend that software teams review all |
1299 panel. In the or
iginal GUI (and in HTML output) we list all of | 1627 high and medium
priority warnings in their entire code base.</dd> |
1300 the locations, b
ut only the primary location is highlighted by | 1628 <dt>BAD_PRACTICE</dt> |
1301 the original GUI
. In the Eclipse and NetBeans plugins, only the | 1629 <dd>A problem that we ca
n recognize with high confidence and |
1302 primary location
is displayed; fixing this is on our todo list | 1630 represents a cle
ar violation of recommended and standard coding |
1303 (contributions w
elcome). | 1631 practice. We bel
ieve each software team should decide which bad |
1304 </p> | 1632 practices identi
fied by FindBugs it wants to prohibit in the |
1305 <p> | 1633 team's coding st
andard, and take action to remedy violations of |
1306 <img src="guaran
teedDereference.png" alt=""> | 1634 those coding sta
ndards.</dd> |
1307 | 1635 <dt>STYLE</dt> |
1308 | 1636 <dd>These are places whe
re something strange or dodgy is |
1309 </p> | 1637 going on, such a
s a dead store to a local variable. Typically, |
1310 | 1638 less than half o
f these represent actionable programming |
1311 </li> | 1639 defects. Reviewi
ng these warnings in any code under active |
1312 <li> | 1640 development is p
robably a good idea, but reviewing all such |
1313 Preliminary support for
detectors using the frameworks other than | 1641 warnings in your
entire code base might be appropriate only in |
1314 BCEL, such as the | 1642 some situations.
Individual or team programming styles can |
1315 <a href="http://asm.obje
ctweb.org/">ASM</a> bytecode framework. | 1643 substantially in
fluence the effectiveness of each of these |
1316 You may experiment with
writing ASM-based detectors, but beware | 1644 warnings (e.g.,
you might have a coding practice or style in |
1317 the API may still change
(which could possibly also affect | 1645 your group that
confuses one of the detectors into generating a |
1318 BCEL-based detectors). I
n general, we've started trying to move | 1646 lot of STYLE war
nings); you will likely want to selectively |
1319 away from a deep depende
nce on BCEL, but that change is only | 1647 suppress or repo
rt the STYLE warnings that are effective for |
1320 partially complete. Prob
ably best to just avoid this until we | 1648 your group.</dd> |
1321 complete more work on th
is. This change is only visible to | 1649 </dl> |
1322 FindBugs plugin develope
rs, and shouldn't be visible to FindBugs | 1650 </li> |
1323 users. | 1651 <li>Released a preliminary version of a
new GUI (known |
1324 </li> | 1652 internally as GUI2 -- not very c
reative, huh?)</li> |
1325 <li> | 1653 <li>Provided standard ways to mark user
designations of bug |
1326 <p> | 1654 warnings (e.g., as NOT_A_BUG or
SHOULD_FIX). The internal logic |
1327 Bug categories (
CORRECTNESS, MT_CORRECTNESS, etc.) are no longer | 1655 now records this, it is represen
ted in the XML file, and GUI2 |
1328 hard-coded, but
rather defined in xml files associated with | 1656 allows the designations to be ap
plied (along with free-form user |
1329 plugins, includi
ng the core plugin which defines the standard | 1657 annotations about each warning).
The user designations and |
1330 categories. Thir
d-party plugins can define their own categories. | 1658 annotations are not yet supporte
d by the Eclipse plugin, but we |
1331 </p> | 1659 clearly want to support it in Ec
lipse shortly.</li> |
1332 </li> | 1660 <li>Added a check for a bad comparison w
ith a signed byte with |
1333 <li> | 1661 a value not in the range -128..1
27. For example: <pre>boolean find200(byte b[]) { |
1334 <p> | |
1335 Several bug patt
erns have been moved from CORRECTNESS and STYLE | |
1336 into a new categ
ory, BAD_PRACTICE. The English localization of | |
1337 STYLE has change
d from "Style" to "Dodgy." | |
1338 </p> | |
1339 <p> | |
1340 In general, we'v
e worked very hard to limit CORRECTNESS bugs to | |
1341 be real programm
ing errors and sins of commission. We have | |
1342 reclassified as
BAD_PRACTICE a number of bad design practices | |
1343 that result in o
verly fragile code, such as defining an equals | |
1344 method that does
n't accept null or defining class with a equals | |
1345 method that inhe
rits hashCode from class Object. | |
1346 </p> | |
1347 <p> | |
1348 In general, our
guidelines for deciding whether a bug should be | |
1349 classified as CO
RRECTNESS, BAD_PRACTICE or STYLE are: | |
1350 </p> | |
1351 <dl> | |
1352 <dt> | |
1353 CORRECTN
ESS | |
1354 </dt> | |
1355 <dd> | |
1356 A proble
m that we can recognize with high confidence and is an | |
1357 issue th
at we believe almost all developers would want to | |
1358 examine
and address. We recommend that software teams review | |
1359 all high
and medium priority warnings in their entire code | |
1360 base. | |
1361 </dd> | |
1362 <dt> | |
1363 BAD_PRAC
TICE | |
1364 </dt> | |
1365 <dd> | |
1366 A proble
m that we can recognize with high confidence and | |
1367 represen
ts a clear violation of recommended and standard coding | |
1368 practice
. We believe each software team should decide which bad | |
1369 practice
s identified by FindBugs it wants to prohibit in the | |
1370 team's c
oding standard, and take action to remedy violations of | |
1371 those co
ding standards. | |
1372 </dd> | |
1373 <dt> | |
1374 STYLE | |
1375 </dt> | |
1376 <dd> | |
1377 These ar
e places where something strange or dodgy is going on, | |
1378 such as
a dead store to a local variable. Typically, less than | |
1379 half of
these represent actionable programming defects. | |
1380 Reviewin
g these warnings in any code under active development | |
1381 is proba
bly a good idea, but reviewing all such warnings in | |
1382 your ent
ire code base might be appropriate only in some | |
1383 situatio
ns. Individual or team programming styles can | |
1384 substant
ially influence the effectiveness of each of these | |
1385 warnings
(e.g., you might have a coding practice or style in | |
1386 your gro
up that confuses one of the detectors into generating a | |
1387 lot of S
TYLE warnings); you will likely want to selectively | |
1388 suppress
or report the STYLE warnings that are effective for | |
1389 your gro
up. | |
1390 </dd> | |
1391 </dl> | |
1392 </li> | |
1393 <li> | |
1394 Released a preliminary v
ersion of a new GUI (known internally as | |
1395 GUI2 -- not very creativ
e, huh?) | |
1396 </li> | |
1397 <li> | |
1398 Provided standard ways t
o mark user designations of bug warnings | |
1399 (e.g., as NOT_A_BUG or S
HOULD_FIX). The internal logic now | |
1400 records this, it is repr
esented in the XML file, and GUI2 allows | |
1401 the designations to be a
pplied (along with free-form user | |
1402 annotations about each w
arning). The user designations and | |
1403 annotations are not yet
supported by the Eclipse plugin, but we | |
1404 clearly want to support
it in Eclipse shortly. | |
1405 </li> | |
1406 <li> | |
1407 Added a check for a bad
comparison with a signed byte with a | |
1408 value not in the range -
128..127. For example: | |
1409 <code> | |
1410 <pre>boolean fin
d200(byte b[]) { | |
1411 for(int i = 0; i < b.length; i++) if (b[i] == 200) return i; | 1662 for(int i = 0; i < b.length; i++) if (b[i] == 200) return i; |
1412 return -1; | 1663 return -1; |
1413 } | 1664 } |
1414 </pre> | 1665 </pre> |
1415 » » » » » » » </code> | 1666 » » » » » </li> |
1416 » » » » » » </li> | 1667 » » » » » <li>Added a checking for testing if a va
lue is equal to |
1417 » » » » » » <li> | 1668 » » » » » » Double.NaN (no value is equal to
NaN, not even NaN).</li> |
1418 » » » » » » » Added a checking for tes
ting if a value is equal to Double.NaN | 1669 » » » » » <li>Added a check for using a class with
an equals method but |
1419 » » » » » » » (no value is equal to Na
N, not even NaN). | 1670 » » » » » » no hashCode method in a hashed d
ata structure.</li> |
1420 » » » » » » </li> | 1671 » » » » » <li>Added check for uncallable method of
an anonymous inner |
1421 » » » » » » <li> | 1672 » » » » » » class. For example, in the follo
wing code, it is impossible to |
1422 » » » » » » » Added a check for using
a class with an equals method but no | 1673 » » » » » » invoke the initalValue method (b
ecause the name is misspelled and |
1423 » » » » » » » hashCode method in a has
hed data structure. | 1674 » » » » » » as a result is doesn't override
a method in ThreadLocal). <pre>private static ThreadLocal serialNum = new Thread
Local() { |
1424 » » » » » » </li> | |
1425 » » » » » » <li> | |
1426 » » » » » » » Added check for uncallab
le method of an anonymous inner class. | |
1427 » » » » » » » For example, in the foll
owing code, it is impossible to invoke | |
1428 » » » » » » » the initalValue method (
because the name is misspelled and as a | |
1429 » » » » » » » result is doesn't overri
de a method in ThreadLocal). | |
1430 » » » » » » » <code> | |
1431 » » » » » » » » <pre>private sta
tic ThreadLocal serialNum = new ThreadLocal() { | |
1432 protected synchronized Object initalValue() { | 1675 protected synchronized Object initalValue() { |
1433 return new Integer(nextSerialNum++); | 1676 return new Integer(nextSerialNum++); |
1434 } | 1677 } |
1435 }; | 1678 }; |
1436 </pre> | 1679 </pre> |
1437 </code> | 1680 </li> |
1438 </li> | 1681 <li>Added check for a dead local store c
aused by a switch |
1439 <li> | 1682 statement fall through</li> |
1440 Added check for a dead l
ocal store caused by a switch statement | 1683 <li>Added check for computing the absolu
te value of a random |
1441 fall through | 1684 32 bit integer or of a hashcode.
This is broken because <code> |
1442 </li> | 1685 Math.abs(Integer.MIN_VAL
UE) == Integer.MIN_VALUE </code> , and thus |
1443 <li> | 1686 result of calling Math.abs, whic
h is expected to be nonnegative, |
1444 Added check for computin
g the absolute value of a random 32 bit | 1687 will in fact be negative one tim
e out of 2 <sup> 32 </sup> , which |
1445 integer or of a hashcode
. This is broken because | 1688 will invariably be the time your
boss is demoing the software to |
1446 <code> | 1689 your customers. |
1447 Math.abs(Integer
.MIN_VALUE) == Integer.MIN_VALUE | 1690 |
1448 </code> | 1691 </li> |
1449 , and thus result of cal
ling Math.abs, which is expected to be | 1692 <li>More careful resolution of inherited
methods and fields. |
1450 nonnegative, will in fac
t be negative one time out of 2 | 1693 Some of the shortcuts we were ta
king in FindBugs 1.0.0 were |
1451 <sup> | 1694 leading to inaccurate results, a
nd it was fairly easy to address |
1452 32 | 1695 this by making the analysis more
accurate.</li> |
1453 </sup> | 1696 <li>Overall, analysis times are about 1.
6 times longer in |
1454 , which will invariably
be the time your boss is demoing the | 1697 FindBugs 1.1.0 than in FindBugs
1.0.0. This is because we have |
1455 software to your custome
rs. | 1698 enabled substantial additional a
nalysis at the default effort |
1456 | 1699 level (the actual analysis engin
e is significantly faster than in |
1457 </li> | 1700 FindBugs 1.0). On a recent AMD A
thlon processor, analyzing |
1458 <li> | 1701 JDK1.6.0 (about 1 million lines
of code) requires about 15 minutes |
1459 More careful resolution
of inherited methods and fields. Some of | 1702 of wall clock time.</li> |
1460 the shortcuts we were ta
king in FindBugs 1.0.0 were leading to | 1703 <li>Provided class and script (printClas
s) to print classfile |
1461 inaccurate results, and
it was fairly easy to address this by | 1704 in the human readable format pro
duced by BCEL</li> |
1462 making the analysis more
accurate. | 1705 <li>Provided -findSource option to setBu
gDatabaseInfo</li> |
1463 </li> | 1706 </ul> |
1464 <li> | 1707 |
1465 Overall, analysis times
are about 1.6 times longer in FindBugs | 1708 |
1466 1.1.0 than in FindBugs 1
.0.0. This is because we have enabled | 1709 <p>Changes since version 0.9.7:</p> |
1467 substantial additional a
nalysis at the default effort level (the | 1710 |
1468 actual analysis engine i
s significantly faster than in FindBugs | 1711 <ul> |
1469 1.0). On a recent AMD At
hlon processor, analyzing JDK1.6.0 (about | 1712 <li>fix ObjectTypeFactory bug that was s
uppressing some bugs</li> |
1470 1 million lines of code)
requires about 15 minutes of wall clock | 1713 <li>opcode stack may determine definite
zeros on some paths</li> |
1471 time. | 1714 <li>opcode stack can track some constant
string concatenations |
1472 </li> | 1715 (dbrosius)</li> |
1473 <li> | 1716 <li>default effort performs iterative op
code analysis (but min |
1474 Provided class and scrip
t (printClass) to print classfile in the | 1717 effort does not)</li> |
1475 human readable format pr
oduced by BCEL | 1718 <li>default heap size upped to 384m</li> |
1476 </li> | 1719 <li>schema for XML output available: bug
collection.xsd</li> |
1477 <li> | 1720 <li>fixed some internal confusion betwee
n dotted and slashed |
1478 Provided -findSource opt
ion to setBugDatabaseInfo | 1721 class names</li> |
1479 </li> | 1722 <li>New detectors |
1480 </ul> | 1723 <ul> |
1481 | 1724 <li>CheckImmutableAnnota
tion.java: checks JCIP annotations</li> |
1482 | 1725 </ul> |
1483 <p> | 1726 </li> |
1484 Changes since version 0.9.7: | 1727 <li>Updated detectors |
1485 </p> | 1728 <ul> |
1486 | 1729 <li>BadRegEx.java: under
stands Pattern.LITERAL, warns about |
1487 <ul> | 1730 "."</li> |
1488 <li> | 1731 <li>FindUnreleasedLock.j
ava: fewer false positives</li> |
1489 fix ObjectTypeFactory bu
g that was suppressing some bugs | 1732 <li>DumbMethods.java: ch
eck for vacuous comparisons to |
1490 </li> | 1733 MAX_INTEGER or M
IN_INTEGER, fix bugs detecting |
1491 <li> | 1734 DM_NEXTINT_VIA_N
EXTDOUBLE</li> |
1492 opcode stack may determi
ne definite zeros on some paths | 1735 <li>FindPuzzlers.java: d
etect <tt>n%2==1</tt>, detect |
1493 </li> | 1736 toString() on ar
ray types |
1494 <li> | 1737 </li> |
1495 opcode stack can track s
ome constant string concatenations | 1738 <li>FindInconsistentSync
2.java: detects IS_FIELD_NOT_GUARDED |
1496 (dbrosius) | 1739 </li> |
1497 </li> | 1740 <li>MethodReturnCheck.ja
va: add check for discarded newly |
1498 <li> | 1741 constructed valu
es, increase priority of some ignored |
1499 default effort performs
iterative opcode analysis (but min effort | 1742 constructed exce
ptions, better handling of bytecode compiled by |
1500 does not) | 1743 Eclipse</li> |
1501 </li> | 1744 <li>FindEmptySynchronize
dBlock.java: better handling of |
1502 <li> | 1745 bytecode compile
d by Eclipse</li> |
1503 default heap size upped
to 384m | 1746 <li>DoInsideDoPrivileged
.java: warn if call to setAccessible |
1504 </li> | 1747 isn't in doPrivi
ledged, don't report private methods</li> |
1505 <li> | 1748 <li>LoadOfKnownNullValue
.java: fix bug that was reporting |
1506 schema for XML output av
ailable: bugcollection.xsd | 1749 false positives
on <code> finally </code> blocks |
1507 </li> | 1750 </li> |
1508 <li> | 1751 <li>CheckReturnAnnotatio
nDatabase.java: better checks for |
1509 fixed some internal conf
usion between dotted and slashed class | 1752 unstarted thread
s</li> |
1510 names | 1753 <li>ConfusionBetweenInhe
ritedAndOuterMethod.java: fewer |
1511 </li> | 1754 false positives,
fixed a package-handling bug</li> |
1512 <li> | 1755 <li>BadResultSetAccess.j
ava: separate bug pattern for |
1513 New detectors | 1756 PreparedStatemen
ts, <code> BRZA </code> category folded into <code> |
1514 <ul> | 1757 SQL </co
de> category |
1515 <li> | 1758 </li> |
1516 CheckImm
utableAnnotation.java: checks JCIP annotations | 1759 <li>FindDeadLocalStores.
java, FindBadCast2.java, |
1517 </li> | 1760 DumbMethods.java
, RuntimeExceptionCapture.java: coalesce similar |
1518 </ul> | 1761 bugs within a me
thod into a single bug instance with multiple |
1519 </li> | 1762 source lines</li
> |
1520 <li> | 1763 </ul> |
1521 Updated detectors | 1764 </li> |
1522 <ul> | 1765 <li>Eclipse plugin |
1523 <li> | 1766 <ul> |
1524 BadRegEx
.java: understands Pattern.LITERAL, warns about "." | 1767 <li>plugin ID changed fr
om <tt>de.tobject.findbugs</tt> to <tt>edu.umd.cs.findbugs.plugin.eclipse</tt> |
1525 </li> | 1768 </li> |
1526 <li> | 1769 <li>support for findbugs
eclipse auto-update site</li> |
1527 FindUnre
leasedLock.java: fewer false positives | 1770 </ul> |
1528 </li> | 1771 </li> |
1529 <li> | 1772 <li>Updated test case files |
1530 DumbMeth
ods.java: check for vacuous comparisons to MAX_INTEGER | 1773 <ul> |
1531 or MIN_I
NTEGER, fix bugs detecting DM_NEXTINT_VIA_NEXTDOUBLE | 1774 <li>BadRegEx.java</li> |
1532 </li> | 1775 <li>JSR166.java</li> |
1533 <li> | 1776 <li>ConcurrentModificati
onBug.java</li> |
1534 FindPuzz
lers.java: detect | 1777 <li>DeadStore.java</li> |
1535 <tt>n%2=
=1</tt>, detect toString() on array types | 1778 <li>InstanceOf.java</li> |
1536 </li> | 1779 <li>LoadKnownNull.java</
li> |
1537 <li> | 1780 <li>NeedsToCheckReturnVa
lue.java</li> |
1538 FindInco
nsistentSync2.java: detects IS_FIELD_NOT_GUARDED | 1781 <li>BadResultSetAccessTe
st.java</li> |
1539 </li> | 1782 <li>DeadStore.java</li> |
1540 <li> | 1783 <li>TestNonNull2.java</l
i> |
1541 MethodRe
turnCheck.java: add check for discarded newly | 1784 <li>TestImmutable.java</
li> |
1542 construc
ted values, increase priority of some ignored | 1785 <li>TestGuardedBy.java</
li> |
1543 construc
ted exceptions, better handling of bytecode compiled by | 1786 <li>BadRandomInt.java</l
i> |
1544 Eclipse | 1787 <li>six test cases added
to new <code> TigerTraps </code> |
1545 </li> | 1788 directory |
1546 <li> | 1789 </li> |
1547 FindEmpt
ySynchronizedBlock.java: better handling of bytecode | 1790 </ul> |
1548 compiled
by Eclipse | 1791 </li> |
1549 </li> | 1792 <li>fix bug that was generating duplicat
e uids</li> |
1550 <li> | 1793 <li>fix bug with <code> -onlyAnalyze som
e.package.* </code> on |
1551 DoInside
DoPrivileged.java: warn if call to setAccessible isn't | 1794 jdk1.4 |
1552 in doPri
viledged, don't report private methods | 1795 </li> |
1553 </li> | 1796 <li>fix regression bug in |
1554 <li> | 1797 DismantleByteCode.getRefConstant
Operand()</li> |
1555 LoadOfKn
ownNullValue.java: fix bug that was reporting false | 1798 <li>fix some minor bugs with the Swing G
UI</li> |
1556 positive
s on | 1799 <li>reordered some bugInstances so that
source line |
1557 <code> | 1800 annotations come last</li> |
1558
finally | 1801 <li>removed references to unused java sy
stem properties</li> |
1559 </code> | 1802 <li>French translation updates (David Co
tton)</li> |
1560 blocks | 1803 <li>Japanese translation updates (Hanai
Shisei)</li> |
1561 </li> | 1804 <li>content cleanup for findbugs.xml and
messages.xml</li> |
1562 <li> | 1805 <li>references to cvs hostname updated t
o |
1563 CheckRet
urnAnnotationDatabase.java: better checks for unstarted | 1806 findbugs.cvs.sourceforge.net</li
> |
1564 threads | 1807 <li>documented xdoc output options, new |
1565 </li> | 1808 mineBugHistory/computeBugHistory
options</li> |
1566 <li> | 1809 </ul> |
1567 Confusio
nBetweenInheritedAndOuterMethod.java: fewer false | 1810 |
1568 positive
s, fixed a package-handling bug | 1811 <p>Changes since version 0.9.6:</p> |
1569 </li> | 1812 |
1570 <li> | 1813 <ul> |
1571 BadResul
tSetAccess.java: separate bug pattern for | 1814 <li>performance improvements</li> |
1572 Prepared
Statements, | 1815 <li>ObjectType instances are cached to r
educe memory footprint |
1573 <code> | 1816 </li> |
1574
BRZA | 1817 <li>for performance and memory reasons s
tateless detectors are |
1575 </code> | 1818 no longer cloned, must clear the
ir own state between .class files |
1576 category
folded into | 1819 </li> |
1577 <code> | 1820 <li>fixed bug in bytecode-set lookup for
methods (was causing |
1578
SQL | 1821 bad results for IS2, perhaps oth
ers)</li> |
1579 </code> | 1822 <li>fix some OpcodeStack bugs with integ
er and long |
1580 category | 1823 operations, perform iterative an
alysis when effort is <tt>max</tt> |
1581 </li> | 1824 </li> |
1582 <li> | 1825 <li>HTML output includes LongMessage tex
t again (regression in |
1583 FindDead
LocalStores.java, FindBadCast2.java, DumbMethods.java, | 1826 0.95 - 0.96)</li> |
1584 RuntimeE
xceptionCapture.java: coalesce similar bugs within a | 1827 <li>New detectors |
1585 method i
nto a single bug instance with multiple source lines | 1828 <ul> |
1586 </li> | 1829 <li>CalledMethods.java:
builds a list of invoked methods for |
1587 </ul> | 1830 other detectors
to consult (non-reporting)</li> |
1588 </li> | 1831 <li>UncallableMethodOfAn
onymousClass.java: detect anonymous |
1589 <li> | 1832 inner classes th
at define methods that are probably intended to |
1590 Eclipse plugin | 1833 but do not overr
ide methods in a superclass.</li> |
1591 <ul> | 1834 </ul> |
1592 <li> | 1835 </li> |
1593 plugin I
D changed from | 1836 <li>Updated detectors |
1594 <tt>de.t
object.findbugs</tt> to | 1837 <ul> |
1595 <tt>edu.
umd.cs.findbugs.plugin.eclipse</tt> | 1838 <li>FindFieldSelfAssignm
ent.java: recognize separate fields |
1596 </li> | 1839 with the same na
me (one from superclass)</li> |
1597 <li> | 1840 <li>FindLocalSelfAssignm
ent2.java: handles backward branches |
1598 support
for findbugs eclipse auto-update site | 1841 better (Dave Bro
sius)</li> |
1599 </li> | 1842 <li>FindBadCast2.java: B
C_NULL_INSTANCEOF changed to |
1600 </ul> | 1843 NP_NULL_INSTANCE
OF</li> |
1601 </li> | 1844 <li>FindPuzzlers.java: e
liminate false positive on setDate() |
1602 <li> | 1845 (Dave Brosius)</
li> |
1603 Updated test case files | 1846 </ul> |
1604 <ul> | 1847 </li> |
1605 <li> | 1848 <li>Eclipse plugin |
1606 BadRegEx
.java | 1849 <ul> |
1607 </li> | 1850 <li>fix serious threadin
g bug</li> |
1608 <li> | 1851 <li>preferences for Filt
ers and effort (Peter Hendriks)</li> |
1609 JSR166.j
ava | 1852 <li>French localization
(David Cotton)</li> |
1610 </li> | 1853 <li>fix bug when reporti
ng inner classes (Peter Friese)</li> |
1611 <li> | 1854 </ul> |
1612 Concurre
ntModificationBug.java | 1855 </li> |
1613 </li> | 1856 <li>Updated test case files |
1614 <li> | 1857 <ul> |
1615 DeadStor
e.java | 1858 <li>Mwn.java (Carl Burke
/Dave Brosius)</li> |
1616 </li> | 1859 <li>DumbMethodInvocation
s.java (Anto paul/Dave Brosius)</li> |
1617 <li> | 1860 <!--sic--> |
1618 Instance
Of.java | 1861 </ul> |
1619 </li> | 1862 </li> |
1620 <li> | 1863 <li>XML output includes garbage collecti
on duration</li> |
1621 LoadKnow
nNull.java | 1864 <li>French messages updated (David Cotto
n)</li> |
1622 </li> | 1865 <li>Swing GUI shows file name after Load
Bugs command</li> |
1623 <li> | 1866 <li>Ant task to launch the findbugs fram
e (Mark McKay)</li> |
1624 NeedsToC
heckReturnValue.java | 1867 <li>miscellaneous code cleanup</li> |
1625 </li> | 1868 </ul> |
1626 <li> | 1869 |
1627 BadResul
tSetAccessTest.java | 1870 <p>Changes since version 0.9.5:</p> |
1628 </li> | 1871 |
1629 <li> | 1872 <ul> |
1630 DeadStor
e.java | 1873 <li>Updated detectors |
1631 </li> | 1874 <ul> |
1632 <li> | 1875 <li>FindNullDeref.java:
respect NonNull and CheckForNull |
1633 TestNonN
ull2.java | 1876 field annotation
s</li> |
1634 </li> | 1877 <li>SerializableIdiom.ja
va: detect non-private readObject |
1635 <li> | 1878 and writeObject
methods</li> |
1636 TestImmu
table.java | 1879 <li>FindRefComparison.ja
va: smarter array comparison |
1637 </li> | 1880 detection</li> |
1638 <li> | 1881 <li>IsNullValueAnalysis.
java: detect <tt>null |
1639 TestGuar
dedBy.java | 1882 instance
of</tt> |
1640 </li> | 1883 </li> |
1641 <li> | 1884 <li>FindLocalSelfAssignm
ent2.java: suppress some false |
1642 BadRando
mInt.java | 1885 positives (Dave
Brosius)</li> |
1643 </li> | 1886 <li>FindUnreleasedLock.j
ava: don't waste time processing |
1644 <li> | 1887 classes that don
't refer to java.util.concurrent.locks</li> |
1645 six test
cases added to new | 1888 <li>MutableStaticFields.
java: report the source line (Dave |
1646 <code> | 1889 Brosius)</li> |
1647
TigerTraps | 1890 <li>SwitchFallthrough.ja
va: better handling of System.exit() |
1648 </code> | 1891 (Dave Brosius)</
li> |
1649 director
y | 1892 <li>MultithreadedInstanc
eAccess.java: better handling of |
1650 </li> | 1893 Servlet.init() (
Dave Brosius)</li> |
1651 </ul> | 1894 <li>ConfusionBetweenInhe
ritedAndOuterMethod.java: now |
1652 </li> | 1895 enabled</li> |
1653 <li> | 1896 </ul> |
1654 fix bug that was generat
ing duplicate uids | 1897 </li> |
1655 </li> | 1898 <li>Eclipse plugin |
1656 <li> | 1899 <ul> |
1657 fix bug with | 1900 <li>background processin
g (Peter Friese)</li> |
1658 <code> | 1901 <li>internationalization
, Japanese localization (Takashi |
1659 -onlyAnalyze som
e.package.* | 1902 Okamoto)</li> |
1660 </code> | 1903 </ul> |
1661 on jdk1.4 | 1904 </li> |
1662 </li> | 1905 <li>findbugs <tt>-onlyAnalyze</tt> optio
n now works on windows |
1663 <li> | 1906 platforms |
1664 fix regression bug in Di
smantleByteCode.getRefConstantOperand() | 1907 </li> |
1665 </li> | 1908 <li>mineBugHistory <tt>-noTabs</tt> opti
on for better |
1666 <li> | 1909 alignment of output columns |
1667 fix some minor bugs with
the Swing GUI | 1910 </li> |
1668 </li> | 1911 <li>filterBugs <tt>-fixed</tt> option (a
lso: will now |
1669 <li> | 1912 recognize the most recent versio
n string) |
1670 reordered some bugInstan
ces so that source line annotations come | 1913 </li> |
1671 last | 1914 <li>XML output includes running time and
memory usage data</li> |
1672 </li> | 1915 <li>miscellaneous minor corrections to t
he manual</li> |
1673 <li> | 1916 <li>better bytecode analysis of the <tt>
iinc</tt> instruction |
1674 removed references to un
used java system properties | 1917 </li> |
1675 </li> | 1918 <li>fix bug in null pointer analysis</li
> |
1676 <li> | 1919 <li>improved catch block heuristics</li> |
1677 French translation updat
es (David Cotton) | 1920 <li>some type analysis tweaks</li> |
1678 </li> | 1921 <li>Bug priority changes |
1679 <li> | 1922 <ul> |
1680 Japanese translation upd
ates (Hanai Shisei) | 1923 <li>DumbMethodInvocation
s.java: decrease priority of |
1681 </li> | 1924 hard-coded <tt>/
tmp</tt> filenames |
1682 <li> | 1925 </li> |
1683 content cleanup for find
bugs.xml and messages.xml | 1926 <li>ComparatorIdiom.java
: decrease priority of |
1684 </li> | 1927 non-serializable
anonymous comparators</li> |
1685 <li> | 1928 <li>FindSqlInjection.jav
a: decrease priority of appending a |
1686 references to cvs hostna
me updated to | 1929 constant or a st
atic</li> |
1687 findbugs.cvs.sourceforge
.net | 1930 </ul> |
1688 </li> | 1931 </li> |
1689 <li> | 1932 <li>Updated bug explanations |
1690 documented xdoc output o
ptions, new | 1933 <ul> |
1691 mineBugHistory/computeBu
gHistory options | 1934 <li>NM_VERY_CONFUSING (D
ave Brosius)</li> |
1692 </li> | 1935 </ul> |
1693 </ul> | 1936 </li> |
1694 | 1937 <li>Updated test case files |
1695 <p> | 1938 <ul> |
1696 Changes since version 0.9.6: | 1939 <li>BadStoreOfNonSeriali
zableObject.java</li> |
1697 </p> | 1940 <li>BadRandomInt.java</l
i> |
1698 | 1941 <li>TestFieldAnnotations
.java</li> |
1699 <ul> | 1942 <li>UseInitCause.java</l
i> |
1700 <li> | 1943 <li>SqlInjection.java</l
i> |
1701 performance improvements | 1944 <li>ArrayEquality.java</
li> |
1702 </li> | 1945 <li>BadIntegerOperations
.java</li> |
1703 <li> | 1946 <li>Pilhuhn.java</li> |
1704 ObjectType instances are
cached to reduce memory footprint | 1947 <li>InstanceOf.java</li> |
1705 </li> | 1948 <li>SwitchFallthrough.ja
va (Dave Brosius)</li> |
1706 <li> | 1949 </ul> |
1707 for performance and memo
ry reasons stateless detectors are no | 1950 </li> |
1708 longer cloned, must clea
r their own state between .class files | 1951 <li>fix URL decoding bug when running un
der Java Web Start |
1709 </li> | 1952 (Dave Brosius)</li> |
1710 <li> | 1953 <li>distribution includes <tt>project.xm
l</tt> file for |
1711 fixed bug in bytecode-se
t lookup for methods (was causing bad | 1954 NetBeans |
1712 results for IS2, perhaps
others) | 1955 </li> |
1713 </li> | 1956 </ul> |
1714 <li> | 1957 |
1715 fix some OpcodeStack bug
s with integer and long operations, | 1958 <p>Changes since version 0.9.4:</p> |
1716 perform iterative analys
is when effort is | 1959 <ul> |
1717 <tt>max</tt> | 1960 <li>New detectors |
1718 </li> | 1961 <ul> |
1719 <li> | 1962 <li>VarArgsProblems.java
</li> |
1720 HTML output includes Lon
gMessage text again (regression in 0.95 - | 1963 <li>FindSqlInjection.jav
a: now enabled</li> |
1721 0.96) | 1964 <li>ComparatorIdiom.java
: comparators usually implement |
1722 </li> | 1965 serializable</li
> |
1723 <li> | 1966 <li>Naming.java: detect
methods not overridden due to |
1724 New detectors | 1967 eponymously type
d args from different packages</li> |
1725 <ul> | 1968 </ul> |
1726 <li> | 1969 </li> |
1727 CalledMe
thods.java: builds a list of invoked methods for other | 1970 <li>Updated detectors |
1728 detector
s to consult (non-reporting) | 1971 <ul> |
1729 </li> | 1972 <li>SwitchFallthrough.ja
va: surpress some false positives</li> |
1730 <li> | 1973 <li>DuplicateBranches.ja
va: surpress some false positives</li> |
1731 Uncallab
leMethodOfAnonymousClass.java: detect anonymous inner | 1974 <li>IteratorIdioms.java:
surpress some false positives</li> |
1732 classes
that define methods that are probably intended to but | 1975 <li>FindHEmismatch.java:
surpress some false positives</li> |
1733 do not o
verride methods in a superclass. | 1976 <li>QuestionableBooleanA
ssignment.java: finds more cases of |
1734 </li> | 1977 <tt>if (b=true)<
/tt> ilk |
1735 </ul> | 1978 </li> |
1736 </li> | 1979 <li>DumbMethods.java: de
tect int remainder by 1, delayed gc |
1737 <li> | 1980 errors</li> |
1738 Updated detectors | 1981 <li>SerializableIdiom.ja
va: detect store of nonserializable |
1739 <ul> | 1982 object into fiel
d of serializable class</li> |
1740 <li> | 1983 <li>FindNullDeref.java:
fix potential exception</li> |
1741 FindFiel
dSelfAssignment.java: recognize separate fields with | 1984 <li>IsNullValue.java: fi
x potential exception</li> |
1742 the same
name (one from superclass) | 1985 <li>MultithreadedInstanc
eAccess.java: fix potential |
1743 </li> | 1986 exception</li> |
1744 <li> | 1987 <li>PreferZeroLengthArra
ys.java: flag the method, not the |
1745 FindLoca
lSelfAssignment2.java: handles backward branches better | 1988 line</li> |
1746 (Dave Br
osius) | 1989 </ul> |
1747 </li> | 1990 </li> |
1748 <li> | 1991 <li>Remove some inadvertent dependencies
on JDK 1.5</li> |
1749 FindBadC
ast2.java: BC_NULL_INSTANCEOF changed to | 1992 <li>Sort order should be more consistent
</li> |
1750 NP_NULL_
INSTANCEOF | 1993 <li>XML output changes |
1751 </li> | 1994 <ul> |
1752 <li> | 1995 <li>Option to sort XML b
ug output</li> |
1753 FindPuzz
lers.java: eliminate false positive on setDate() (Dave | 1996 <li>Now contains instanc
e IDs</li> |
1754 Brosius) | 1997 <li>uid no longer missin
g (was causing problems with fancy |
1755 </li> | 1998 HTML output)</li
> |
1756 </ul> | 1999 <li>Typo fixed</li> |
1757 </li> | 2000 </ul> |
1758 <li> | 2001 </li> |
1759 Eclipse plugin | 2002 <li>Internal changes to track source fil
es, <tt>-sourceInfo</tt> |
1760 <ul> | 2003 option |
1761 <li> | 2004 </li> |
1762 fix seri
ous threading bug | 2005 <li>Bug matching: first try exact bug pa
ttern matching, option |
1763 </li> | 2006 to compare priorities, option to
disable package moves</li> |
1764 <li> | 2007 <li>Architecture documentation in <tt>de
sign/architecture</tt> |
1765 preferen
ces for Filters and effort (Peter Hendriks) | 2008 </li> |
1766 </li> | 2009 <li>Test cases move into their own CVS p
roject</li> |
1767 <li> | 2010 <li>Don't report warnings that occur out
side the analyzed |
1768 French l
ocalization (David Cotton) | 2011 classes</li> |
1769 </li> | 2012 <li>Fixes to the build.xml files</li> |
1770 <li> | 2013 <li>Better handling of @CheckReturnValue
and @CheckForNull |
1771 fix bug
when reporting inner classes (Peter Friese) | 2014 annotations (also, some addition
al methods searched for check |
1772 </li> | 2015 return value and check for null)
</li> |
1773 </ul> | 2016 <li>Fixed some stream-closing bugs (one
by <tt>z-fb-user</tt>/Dave |
1774 </li> | 2017 Brosius) |
1775 <li> | 2018 </li> |
1776 Updated test case files | 2019 <li>Bug priority changes |
1777 <ul> | 2020 <ul> |
1778 <li> | 2021 <li>increase priority of
ignoring return value of |
1779 Mwn.java
(Carl Burke/Dave Brosius) | 2022 java.sql.Connect
ion methods</li> |
1780 </li> | 2023 <li>increase priority of
comparing classes like Integer |
1781 <li> | 2024 using <tt>==</tt
> |
1782 DumbMeth
odInvocations.java (Anto paul/Dave Brosius) | 2025 </li> |
1783 </li> | 2026 <li>decrease priority of
IT_NO_SUCH_ELEMENT if we see any |
1784 <!--sic--> | 2027 call to <tt>next
()</tt> |
1785 </ul> | 2028 </li> |
1786 </li> | 2029 <li>tweak priority of NM
_METHOD_CONSTRUCTOR_CONFUSION</li> |
1787 <li> | 2030 <li>decrease priority of
RV_RETURN_VALUE_IGNORED for an |
1788 XML output includes garb
age collection duration | 2031 inherited annota
tion that doesn't return same type as class</li> |
1789 </li> | 2032 </ul> |
1790 <li> | 2033 </li> |
1791 French messages updated
(David Cotton) | 2034 <li>Updated bug explanations |
1792 </li> | 2035 <ul> |
1793 <li> | 2036 <li>RCN_REDUNDANT_NULLCH
ECK_WOULD_HAVE_BEEN_A_NPE</li> |
1794 Swing GUI shows file nam
e after Load Bugs command | 2037 <li>DP_CREATE_CLASSLOADE
R_INSIDE_DO_PRIVILEGED</li> |
1795 </li> | 2038 <li>IMA_INEFFICIENT_MEMB
ER_ACCESS (Dave Brosius)</li> |
1796 <li> | 2039 <li>some Japanese improv
ements to messages_ja.xml ( <tt>ruimo</tt>) |
1797 Ant task to launch the f
indbugs frame (Mark McKay) | 2040 </li> |
1798 </li> | 2041 <li>some German improvem
ents to findbugs_de.properties (Dave |
1799 <li> | 2042 Brosius, <tt>dvh
olten</tt>) |
1800 miscellaneous code clean
up | 2043 </li> |
1801 </li> | 2044 </ul> |
1802 </ul> | 2045 </li> |
1803 | 2046 <li>Updated test case files |
1804 <p> | 2047 <ul> |
1805 Changes since version 0.9.5: | 2048 <li>BadIntegerOperations
.java</li> |
1806 </p> | 2049 <li>SecondKaboom.java</l
i> |
1807 | 2050 <li>OpenDatabase.java (D
ave Brosius)</li> |
1808 <ul> | 2051 <li>FindOpenStream.java
(Dave Brosius)</li> |
1809 <li> | 2052 <li>BadRandomInt.java</l
i> |
1810 Updated detectors | 2053 </ul> |
1811 <ul> | 2054 </li> |
1812 <li> | 2055 <li>Source-lines info maintained for met
hods (handy for |
1813 FindNull
Deref.java: respect NonNull and CheckForNull field | 2056 abstract and native methods)</li
> |
1814 annotati
ons | 2057 <li>Remove surrounding opcodes from sour
ce line annotations</li> |
1815 </li> | 2058 <li>Better error when can't read file</l
i> |
1816 <li> | 2059 <li>Swing GUI: removed console pane from
FindBugsFrame, fix |
1817 Serializ
ableIdiom.java: detect non-private readObject and | 2060 missing classes bug</li> |
1818 writeObj
ect methods | 2061 <li>Fixes to OpcodeStack.java</li> |
1819 </li> | 2062 <li>Detectors may attach a custom value
to an OpcodeStack.Item |
1820 <li> | 2063 (Dave Brosius)</li> |
1821 FindRefC
omparison.java: smarter array comparison detection | 2064 <li>Filter.java: ability to add text mes
sages to XML output, |
1822 </li> | 2065 fix bug with <tt>-withMessages</
tt> |
1823 <li> | 2066 </li> |
1824 IsNullVa
lueAnalysis.java: detect | 2067 <li>SourceInfoMap supports ranges of sou
rce lines</li> |
1825 <tt>null
instanceof</tt> | 2068 <li>Ant task supports the <tt>timestampN
ow</tt> attribute |
1826 </li> | 2069 </li> |
1827 <li> | 2070 </ul> |
1828 FindLoca
lSelfAssignment2.java: suppress some false positives | 2071 |
1829 (Dave Br
osius) | 2072 <p>Changes since version 0.9.3:</p> |
1830 </li> | 2073 <ul> |
1831 <li> | 2074 <li>Substantial rework of datamining cod
e</li> |
1832 FindUnre
leasedLock.java: don't waste time processing classes | 2075 <li>Removed bogus warnings about await o
n things other than |
1833 that don
't refer to java.util.concurrent.locks | 2076 Condition not being in a loop</l
i> |
1834 </li> | 2077 <li>Fixed bug in OpcodeStack handling of
dup2 of long/double |
1835 <li> | 2078 values</li> |
1836 MutableS
taticFields.java: report the source line (Dave Brosius) | 2079 <li>Don't report array types as missing
classes</li> |
1837 </li> | 2080 <li>Adjustment of some warnings on ignor
ed return values</li> |
1838 <li> | 2081 <li>Added thread safety annotations from
Java Concurrency in |
1839 SwitchFa
llthrough.java: better handling of System.exit() (Dave | 2082 Practice (no detectors written f
or these yet)</li> |
1840 Brosius) | 2083 <li>Added annotation for methods that, i
f overridden, should |
1841 </li> | 2084 be invoked by overriding methods
via a call to super</li> |
1842 <li> | 2085 <li>Updated -html:fancy.xsl (Etienne Gir
audy)</li> |
1843 Multithr
eadedInstanceAccess.java: better handling of | 2086 </ul> |
1844 Servlet.
init() (Dave Brosius) | 2087 |
1845 </li> | 2088 <p>Note: there was no version 0.9.2</p> |
1846 <li> | 2089 |
1847 Confusio
nBetweenInheritedAndOuterMethod.java: now enabled | 2090 <p>Changes since version 0.9.1:</p> |
1848 </li> | 2091 <ul> |
1849 </ul> | 2092 <!-- New detectors --> |
1850 </li> | 2093 <li>Embellish USM to find abstract metho
ds that implement an |
1851 <li> | 2094 interface method (Dave Brosius)<
/li> |
1852 Eclipse plugin | 2095 <li>New detector to find stores of liter
al booleans inside if |
1853 <ul> | 2096 or while expressions (Dave Brosi
us)</li> |
1854 <li> | 2097 <li>New style detector to find final cla
sses that declare |
1855 backgrou
nd processing (Peter Friese) | 2098 protected fields (Dave Brosius)<
/li> |
1856 </li> | 2099 <li>New detector to find subclass method
s that simply forward, |
1857 <li> | 2100 verbatim, to the super class (Da
ve Brosius)</li> |
1858 internat
ionalization, Japanese localization (Takashi Okamoto) | 2101 <li>Detector to find instances where cod
e is attempting to |
1859 </li> | 2102 write an object out via an imple
mentation of DataOutput, but the |
1860 </ul> | 2103 object is not guaranteed to be S
erializable (Jon Christiansen, |
1861 </li> | 2104 Bill Pugh)</li> |
1862 <li> | 2105 |
1863 findbugs | 2106 <!-- Feature enhancements --> |
1864 <tt>-onlyAnalyze</tt> op
tion now works on windows platforms | 2107 <li>Large (35%) analysis speedup (Bill P
ugh)</li> |
1865 </li> | 2108 <li>Add line numbers to Swing GUI code p
anel (Dave Brosius)</li> |
1866 <li> | 2109 <li>Added effort options to Swing GUI (D
ave Brosius)</li> |
1867 mineBugHistory | 2110 <li>Add ability to specify bugs file to
open from command line |
1868 <tt>-noTabs</tt> option
for better alignment of output columns | 2111 for GUI version, through -loadbu
gs (Phillip Martin)</li> |
1869 </li> | 2112 <li>New stylesheet for generating HTML:
use option <tt>-html:plain.xsl</tt> |
1870 <li> | 2113 (Chris Nappin) |
1871 filterBugs | 2114 </li> |
1872 <tt>-fixed</tt> option (
also: will now recognize the most recent | 2115 <li>New stylesheet for generating HTML:
use option <tt>-html:fancy.xsl</tt> |
1873 version string) | 2116 (Etienne Giraudy) |
1874 </li> | 2117 </li> |
1875 <li> | 2118 <li>Updated Japanese bug message transla
tions (Shisei Hanai)</li> |
1876 XML output includes runn
ing time and memory usage data | 2119 |
1877 </li> | 2120 <!-- Bug fixes --> |
1878 <li> | 2121 <li>XHTML compliance fixes for bug detai
ls (Etienne Giraudy)</li> |
1879 miscellaneous minor corr
ections to the manual | 2122 <li>Various detector fixes (Shisei Hanai
)</li> |
1880 </li> | 2123 <li>Fixed bugs in the project preference
s dialog int the |
1881 <li> | 2124 Eclipse plugin (Takashi Okamoto,
Thomas Einwaller)</li> |
1882 better bytecode analysis
of the | 2125 <li>Lowered priority of analysis thread
in Swing GUI (David |
1883 <tt>iinc</tt> instructio
n | 2126 Hovemeyer, suggested by Shisei H
anai and Jeffrey W. Badorek)</li> |
1884 </li> | 2127 <li>Fixed EclipsePlugin to correctly pic
k up auxclasspath |
1885 <li> | 2128 entries (Jon Christiansen)</li> |
1886 fix bug in null pointer
analysis | 2129 </ul> |
1887 </li> | 2130 |
1888 <li> | 2131 <p>Changes since version 0.9.0:</p> |
1889 improved catch block heu
ristics | 2132 <ul> |
1890 </li> | 2133 <li>Fixed dependence on JRE 1.5: all fea
tures should work on |
1891 <li> | 2134 JRE 1.4 again</li> |
1892 some type analysis tweak
s | 2135 <li>Fixed -effort command line option ha
ndling for Swing GUI</li> |
1893 </li> | 2136 <li>Fixed conserveSpace and workHard att
ributes int Ant task</li> |
1894 <li> | 2137 <li>Added support for effort attribute i
n Ant task</li> |
1895 Bug priority changes | 2138 </ul> |
1896 <ul> | 2139 |
1897 <li> | 2140 <p>Changes since version 0.8.8:</p> |
1898 DumbMeth
odInvocations.java: decrease priority of hard-coded | 2141 <ul> |
1899 <tt>/tmp
</tt> filenames | 2142 <!-- New detectors and bug patterns --> |
1900 </li> | 2143 <li>XMLFactoryBypass detector to find di
rect allocation of xml |
1901 <li> | 2144 class implementations (Dave Bros
ius)</li> |
1902 Comparat
orIdiom.java: decrease priority of non-serializable | 2145 <li>InefficientMemberAccess detector to
find accesses to |
1903 anonymou
s comparators | 2146 owning class private members (Da
ve Brosius)</li> |
1904 </li> | 2147 <li>DuplicateBranches detector checks sw
itch statements too |
1905 <li> | 2148 (Dave Brosius)</li> |
1906 FindSqlI
njection.java: decrease priority of appending a | 2149 |
1907 constant
or a static | 2150 <!-- Feature enhancements --> |
1908 </li> | 2151 <li>FindBugs available from findbugs.sou
rceforge.net as Java |
1909 </ul> | 2152 Web Start application (Dave Bros
ius)</li> |
1910 </li> | 2153 <li>Updated Japanese bug message transla
tions (Shisei Hanai)</li> |
1911 <li> | 2154 <li>Improved bug detail message for cova
riant equals() (Shisei |
1912 Updated bug explanations | 2155 Hanai)</li> |
1913 <ul> | 2156 <li>Modeling of instanceof checks is now
enabled by default, |
1914 <li> | 2157 making the bad cast detector muc
h more useful (Bill Pugh, David |
1915 NM_VERY_
CONFUSING (Dave Brosius) | 2158 Hovemeyer)</li> |
1916 </li> | 2159 <li>Support for detector ordering constr
aints in plugin |
1917 </ul> | 2160 descriptor (David Hovemeyer)</li
> |
1918 </li> | 2161 <li>Simpler option to control analysis e
ffort: -effort: <i>value</i>, |
1919 <li> | 2162 where <i>value</i> is one of <co
de> min </code> , <code> |
1920 Updated test case files | 2163 default </code> , or <co
de> max </code> (David Hovemeyer) |
1921 <ul> | 2164 </li> |
1922 <li> | 2165 <li>Using -effort:max, FindNullDeref che
cks for null arguments |
1923 BadStore
OfNonSerializableObject.java | 2166 passed to methods which derefere
nce them unconditionally (David |
1924 </li> | 2167 Hovemeyer)</li> |
1925 <li> | 2168 <li>FindNullDeref checks @Null and @NonN
ull annotations for |
1926 BadRando
mInt.java | 2169 parameters and return values (Da
vid Hovemeyer)</li> |
1927 </li> | 2170 |
1928 <li> | 2171 <!-- Bug fixes --> |
1929 TestFiel
dAnnotations.java | 2172 </ul> |
1930 </li> | 2173 |
1931 <li> | 2174 <p>Changes since version 0.8.7:</p> |
1932 UseInitC
ause.java | 2175 |
1933 </li> | 2176 <ul> |
1934 <li> | 2177 <!-- New detectors and bug patterns --> |
1935 SqlInjec
tion.java | 2178 <li>New detector to find duplicate code
in if/else statements |
1936 </li> | 2179 (Dave Brosius)</li> |
1937 <li> | 2180 <li>Look for calls to wait() on Conditio
n objects (David |
1938 ArrayEqu
ality.java | 2181 Hovemeyer)</li> |
1939 </li> | 2182 <li>Look for java.util.concurrent.Lock o
bjects not released on |
1940 <li> | 2183 every path out of method (David
Hovemeyer)</li> |
1941 BadInteg
erOperations.java | 2184 <li>Look for calls to Thread.sleep() wit
h a lock held (David |
1942 </li> | 2185 Hovemeyer)</li> |
1943 <li> | 2186 <li>More accurate detection of impossibl
e casts (Bill Pugh, |
1944 Pilhuhn.
java | 2187 David Hovemeyer)</li> |
1945 </li> | 2188 |
1946 <li> | 2189 <!-- Feature enhancements --> |
1947 Instance
Of.java | 2190 <li>Saved XML now contains project stati
stics (Jay Dunning)</li> |
1948 </li> | 2191 <li>Filter files can select by bug patte
rn type and warning |
1949 <li> | 2192 priority (David Hovemeyer)</li> |
1950 SwitchFa
llthrough.java (Dave Brosius) | 2193 |
1951 </li> | 2194 <!-- Bug fixes --> |
1952 </ul> | 2195 <li>Restored some files inadvertently om
itted from previous |
1953 </li> | 2196 release (Rohan Lloyd, David Hove
meyer)</li> |
1954 <li> | 2197 <li>Make sure detectors requiring JDK 1.
5 runtime classes are |
1955 fix URL decoding bug whe
n running under Java Web Start (Dave | 2198 only executed if those classes a
re available (David Hovemeyer)</li> |
1956 Brosius) | 2199 <li>Don't display analysis error dialog
unless there is really |
1957 </li> | 2200 an error (David Hovemeyer)</li> |
1958 <li> | 2201 <li>Updated and expanded French translat
ions of bug patterns |
1959 distribution includes | 2202 and Swing GUI (Olivier Parent)</
li> |
1960 <tt>project.xml</tt> fil
e for NetBeans | 2203 <li>Fixed invalid character encoding in
German Swing GUI |
1961 </li> | 2204 translation (Olivier Parent)</li
> |
1962 </ul> | 2205 <li>Fix locale used for date format in p
roject stats (K. |
1963 | 2206 Hashimoto)</li> |
1964 <p> | 2207 <li>Fixed LongDescription elements in xm
l:withMessages output |
1965 Changes since version 0.9.4: | 2208 format (K. Hashimoto)</li> |
1966 </p> | 2209 </ul> |
1967 <ul> | 2210 |
1968 <li> | 2211 <p>Changes since version 0.8.6:</p> |
1969 New detectors | 2212 |
1970 <ul> | 2213 <ul> |
1971 <li> | 2214 <!-- new detectors --> |
1972 VarArgsP
roblems.java | 2215 <li>Extend Naming detector to look for c
lasses that are named |
1973 </li> | 2216 XXXException but that are not Ex
ceptions (Dave Brosius)</li> |
1974 <li> | 2217 <li>New detector to find classes that ex
pose semaphores in the |
1975 FindSqlI
njection.java: now enabled | 2218 public implementation through th
e 'this' reference. (Dave Brosius) |
1976 </li> | 2219 </li> |
1977 <li> | 2220 <li>New Style detector to find Struts Ac
tion/Servlet derived |
1978 Comparat
orIdiom.java: comparators usually implement | 2221 classes that reference instance
member variable not in |
1979 serializ
able | 2222 synchronized blocks. (Dave Brosi
us)</li> |
1980 </li> | 2223 <li>New Style detector to find classes t
hat declare |
1981 <li> | 2224 implementation of interfaces tha
t are already implemented by super |
1982 Naming.j
ava: detect methods not overridden due to eponymously | 2225 classes (Dave Brosius)</li> |
1983 typed ar
gs from different packages | 2226 <li>New Style detector to find circular
dependencies between |
1984 </li> | 2227 classes (Dave Brosius)</li> |
1985 </ul> | 2228 <li>New Style detector to find unnecessa
ry math on constants |
1986 </li> | 2229 (Dave Brosius)</li> |
1987 <li> | 2230 <li>New detector to find equality compar
isons using floating |
1988 Updated detectors | 2231 point math (Jay Dunning)</li> |
1989 <ul> | 2232 <li>New faster detector to find local se
lf assignments (Bill |
1990 <li> | 2233 Pugh)</li> |
1991 SwitchFa
llthrough.java: surpress some false positives | 2234 <li>New detector to find infinite recurs
ive loops (Bill Pugh) |
1992 </li> | 2235 </li> |
1993 <li> | 2236 <li>New detector to find for loops with
an incorrect increment |
1994 Duplicat
eBranches.java: surpress some false positives | 2237 (Bill Pugh)</li> |
1995 </li> | 2238 <li>New detector to find suspicious uses
of |
1996 <li> | 2239 BufferedReader.readLine() and St
ring.indexOf() (Bill Pugh)</li> |
1997 Iterator
Idioms.java: surpress some false positives | 2240 <li>New detector to find suspicious inte
ger to double casts |
1998 </li> | 2241 (David Hovemeyer, Bill Pugh)</li
> |
1999 <li> | 2242 <li>New detector to find invalid regular
expression patterns |
2000 FindHEmi
smatch.java: surpress some false positives | 2243 (Bill Pugh)</li> |
2001 </li> | 2244 <li>New detector to find Bloch/Gafter Ja
va puzzlers (Bill |
2002 <li> | 2245 Pugh)</li> |
2003 Question
ableBooleanAssignment.java: finds more cases of | 2246 |
2004 <tt>if (
b=true)</tt> ilk | 2247 <!-- feature enhancements --> |
2005 </li> | 2248 <li>New system property to suppress repo
rting of DLS based on |
2006 <li> | 2249 local variable name (Glenn Boysk
o)</li> |
2007 DumbMeth
ods.java: detect int remainder by 1, delayed gc errors | 2250 <li>Enhancements to configuration dialog
in Eclipse plugin, |
2008 </li> | 2251 allow for saving enabled detecto
rs in Eclipse projects (Phil |
2009 <li> | 2252 Crosby)</li> |
2010 Serializ
ableIdiom.java: detect store of nonserializable object | 2253 <li>Sortable columns in detector dialog
(Dave Brosius)</li> |
2011 into fie
ld of serializable class | 2254 <li>New tab in gui for showing bugs grou
ped by category (Dave |
2012 </li> | 2255 Brosius)</li> |
2013 <li> | 2256 <li>Improved German translation of Swing
GUI (Thomas Kuehne)</li> |
2014 FindNull
Deref.java: fix potential exception | 2257 <li>Improved source file reporting in Em
acs output format (Len |
2015 </li> | 2258 Trigg)</li> |
2016 <li> | 2259 <li>Improvements to redundant null compa
rison detector (Bill |
2017 IsNullVa
lue.java: fix potential exception | 2260 Pugh)</li> |
2018 </li> | 2261 <li>Localization of run analysis and ana
lysis error dialogs in |
2019 <li> | 2262 Swing GUI (K. Hashimoto)</li> |
2020 Multithr
eadedInstanceAccess.java: fix potential exception | 2263 |
2021 </li> | 2264 <!-- Bug fixes --> |
2022 <li> | 2265 <li>Don't scan equals methods in FindHEM
ismatch if code is |
2023 PreferZe
roLengthArrays.java: flag the method, not the line | 2266 native (Greg Bentz)</li> |
2024 </li> | 2267 <li>French translation fixes (David Cott
on)</li> |
2025 </ul> | 2268 <li>Internationalization report fixes (K
. Hashimoto)</li> |
2026 </li> | 2269 <li>Japanese translations updates (SHISE
I Hanai)</li> |
2027 <li> | 2270 </ul> |
2028 Remove some inadvertent
dependencies on JDK 1.5 | 2271 |
2029 </li> | 2272 <p>Changes since version 0.8.5:</p> |
2030 <li> | 2273 <ul> |
2031 Sort order should be mor
e consistent | 2274 <!-- new detectors --> |
2032 </li> | 2275 <li>New detector to find catch blocks th
at may inadvertently |
2033 <li> | 2276 catch runtime exceptions (Brian
Goetz)</li> |
2034 XML output changes | 2277 <li>New detector to find objects that ar
e instantiated based |
2035 <ul> | 2278 on classes that only have static
methods and fields, using the |
2036 <li> | 2279 synthesized constructor (Dave Br
osius)</li> |
2037 Option t
o sort XML bug output | 2280 <li>New detector to find calls to Thread
.interrupted() in a |
2038 </li> | 2281 non static context, and especial
ly with non currentThread() |
2039 <li> | 2282 threads (Dave Brosius)</li> |
2040 Now cont
ains instance IDs | 2283 <li>New detector to find calls to equals
() methods that use |
2041 </li> | 2284 Object's version. (Dave Brosius)
</li> |
2042 <li> | 2285 <li>New detector to find Applets that ca
ll methods in the |
2043 uid no l
onger missing (was causing problems with fancy HTML | 2286 constructor refering to the Appl
etStub (Dave Brosius)</li> |
2044 output) | 2287 <li>New detector to find some cases of i
nfinite recursion |
2045 </li> | 2288 (Bill Pugh)</li> |
2046 <li> | 2289 <li>New detector to find dead stores to
local variables (David |
2047 Typo fix
ed | 2290 Hovemeyer, Bill Pugh)</li> |
2048 </li> | 2291 <li>Extend Dumb Method detector for toUp
perCase(), |
2049 </ul> | 2292 toLowerCase() without a locale,
new Integer(1).toString(), new |
2050 </li> | 2293 XXX().getClass(), and new Thread
() without a run implementation |
2051 <li> | 2294 (Dave Brosius) <!-- feature enha
ncements --> |
2052 Internal changes to trac
k source files, | 2295 </li> |
2053 <tt>-sourceInfo</tt> opt
ion | 2296 <li>Ant task supports "errorProperty" at
tribute, which sets an |
2054 </li> | 2297 Ant property to "true" if an err
or occurs running FindBugs |
2055 <li> | 2298 (Michael Tamm)</li> |
2056 Bug matching: first try
exact bug pattern matching, option to | 2299 <li>Eclipse plugin allows filtering of w
arnings by bug |
2057 compare priorities, opti
on to disable package moves | 2300 category, priority (David Hoveme
yer)</li> |
2058 </li> | 2301 <li>Swing GUI allows filtering of warnin
gs by bug category |
2059 <li> | 2302 (David Hovemeyer)</li> |
2060 Architecture documentati
on in | 2303 <li>Ability to annotate methods using Ja
va 1.5 annotations |
2061 <tt>design/architecture<
/tt> | 2304 that suppress FindBugs warnings
(Bill Pugh)</li> |
2062 </li> | 2305 <li>New -adjustExperimental for lowering
priority of |
2063 <li> | 2306 BugPatterns that are experimenta
l (Dave Brosius)</li> |
2064 Test cases move into the
ir own CVS project | 2307 <li>Allow for command line options 'file
s' using the @ symbol |
2065 </li> | 2308 (David Hovemeyer)</li> |
2066 <li> | 2309 <li>New -adjustPriority command line opt
ion to for adjusting |
2067 Don't report warnings th
at occur outside the analyzed classes | 2310 bug priorites (David Hovemeyer)<
/li> |
2068 </li> | 2311 <li>Added an Edit menu (cut/copy/paste)
to Swing GUI (Dave |
2069 <li> | 2312 Brosius)</li> |
2070 Fixes to the build.xml f
iles | 2313 <li>French translation supplied (David C
otton) <!-- Bug fixes --> |
2071 </li> | 2314 </li> |
2072 <li> | 2315 </ul> |
2073 Better handling of @Chec
kReturnValue and @CheckForNull | 2316 |
2074 annotations (also, some
additional methods searched for check | 2317 <p>Changes since version 0.8.4:</p> |
2075 return value and check f
or null) | 2318 <ul> |
2076 </li> | 2319 <!-- new detectors --> |
2077 <li> | 2320 <li>New detector for volatile references
to arrays (Bill Pugh) |
2078 Fixed some stream-closin
g bugs (one by | 2321 </li> |
2079 <tt>z-fb-user</tt>/Dave
Brosius) | 2322 <li>New detector to find instanceof usag
e where inheritance |
2080 </li> | 2323 can be determined statically (Da
ve Brosius)</li> |
2081 <li> | 2324 <li>New detector to find ResultSet.getXX
X updateXXX calls |
2082 Bug priority changes | 2325 using index 0 (Dave Brosius)</li
> |
2083 <ul> | 2326 <li>New detector to find empty zip or ja
r entries (Bill Pugh) |
2084 <li> | |
2085 increase
priority of ignoring return value of | |
2086 java.sql
.Connection methods | |
2087 </li> | |
2088 <li> | |
2089 increase
priority of comparing classes like Integer using | |
2090 <tt>==</
tt> | |
2091 </li> | |
2092 <li> | |
2093 decrease
priority of IT_NO_SUCH_ELEMENT if we see any call to | |
2094 <tt>next
()</tt> | |
2095 </li> | |
2096 <li> | |
2097 tweak pr
iority of NM_METHOD_CONSTRUCTOR_CONFUSION | |
2098 </li> | |
2099 <li> | |
2100 decrease
priority of RV_RETURN_VALUE_IGNORED for an inherited | |
2101 annotati
on that doesn't return same type as class | |
2102 </li> | |
2103 </ul> | |
2104 </li> | |
2105 <li> | |
2106 Updated bug explanations | |
2107 <ul> | |
2108 <li> | |
2109 RCN_REDU
NDANT_NULLCHECK_WOULD_HAVE_BEEN_A_NPE | |
2110 </li> | |
2111 <li> | |
2112 DP_CREAT
E_CLASSLOADER_INSIDE_DO_PRIVILEGED | |
2113 </li> | |
2114 <li> | |
2115 IMA_INEF
FICIENT_MEMBER_ACCESS (Dave Brosius) | |
2116 </li> | |
2117 <li> | |
2118 some Jap
anese improvements to messages_ja.xml ( | |
2119 <tt>ruim
o</tt>) | |
2120 </li> | |
2121 <li> | |
2122 some Ger
man improvements to findbugs_de.properties (Dave | |
2123 Brosius, | |
2124 <tt>dvho
lten</tt>) | |
2125 </li> | |
2126 </ul> | |
2127 </li> | |
2128 <li> | |
2129 Updated test case files | |
2130 <ul> | |
2131 <li> | |
2132 BadInteg
erOperations.java | |
2133 </li> | |
2134 <li> | |
2135 SecondKa
boom.java | |
2136 </li> | |
2137 <li> | |
2138 OpenData
base.java (Dave Brosius) | |
2139 </li> | |
2140 <li> | |
2141 FindOpen
Stream.java (Dave Brosius) | |
2142 </li> | |
2143 <li> | |
2144 BadRando
mInt.java | |
2145 </li> | |
2146 </ul> | |
2147 </li> | |
2148 <li> | |
2149 Source-lines info mainta
ined for methods (handy for abstract and | |
2150 native methods) | |
2151 </li> | |
2152 <li> | |
2153 Remove surrounding opcod
es from source line annotations | |
2154 </li> | |
2155 <li> | |
2156 Better error when can't
read file | |
2157 </li> | |
2158 <li> | |
2159 Swing GUI: removed conso
le pane from FindBugsFrame, fix missing | |
2160 classes bug | |
2161 </li> | |
2162 <li> | |
2163 Fixes to OpcodeStack.jav
a | |
2164 </li> | |
2165 <li> | |
2166 Detectors may attach a c
ustom value to an OpcodeStack.Item (Dave | |
2167 Brosius) | |
2168 </li> | |
2169 <li> | |
2170 Filter.java: ability to
add text messages to XML output, fix bug | |
2171 with | |
2172 <tt>-withMessages</tt> | |
2173 </li> | |
2174 <li> | |
2175 SourceInfoMap supports r
anges of source lines | |
2176 </li> | |
2177 <li> | |
2178 Ant task supports the | |
2179 <tt>timestampNow</tt> at
tribute | |
2180 </li> | |
2181 </ul> | |
2182 | |
2183 <p> | |
2184 Changes since version 0.9.3: | |
2185 </p> | |
2186 <ul> | |
2187 <li> | |
2188 Substantial rework of da
tamining code | |
2189 </li> | |
2190 <li> | |
2191 Removed bogus warnings a
bout await on things other than Condition | |
2192 not being in a loop | |
2193 </li> | |
2194 <li> | |
2195 Fixed bug in OpcodeStack
handling of dup2 of long/double values | |
2196 </li> | |
2197 <li> | |
2198 Don't report array types
as missing classes | |
2199 </li> | |
2200 <li> | |
2201 Adjustment of some warni
ngs on ignored return values | |
2202 </li> | |
2203 <li> | |
2204 Added thread safety anno
tations from Java Concurrency in Practice | |
2205 (no detectors written fo
r these yet) | |
2206 </li> | |
2207 <li> | |
2208 Added annotation for met
hods that, if overridden, should be | |
2209 invoked by overriding me
thods via a call to super | |
2210 </li> | |
2211 <li> | |
2212 Updated -html:fancy.xsl
(Etienne Giraudy) | |
2213 </li> | |
2214 </ul> | |
2215 | |
2216 <p> | |
2217 Note: there was no version 0.9.2 | |
2218 </p> | |
2219 | |
2220 <p> | |
2221 Changes since version 0.9.1: | |
2222 </p> | |
2223 <ul> | |
2224 <!-- New detectors --> | |
2225 <li> | |
2226 Embellish USM to find ab
stract methods that implement an | |
2227 interface method (Dave B
rosius) | |
2228 </li> | |
2229 <li> | |
2230 New detector to find sto
res of literal booleans inside if or | |
2231 while expressions (Dave
Brosius) | |
2232 </li> | |
2233 <li> | |
2234 New style detector to fi
nd final classes that declare protected | |
2235 fields (Dave Brosius) | |
2236 </li> | |
2237 <li> | |
2238 New detector to find sub
class methods that simply forward, | |
2239 verbatim, to the super c
lass (Dave Brosius) | |
2240 </li> | |
2241 <li> | |
2242 Detector to find instanc
es where code is attempting to write an | |
2243 object out via an implem
entation of DataOutput, but the object is | |
2244 not guaranteed to be Ser
ializable (Jon Christiansen, Bill Pugh) | |
2245 </li> | |
2246 | |
2247 <!-- Feature enhancements --> | |
2248 <li> | |
2249 Large (35%) analysis spe
edup (Bill Pugh) | |
2250 </li> | |
2251 <li> | |
2252 Add line numbers to Swin
g GUI code panel (Dave Brosius) | |
2253 </li> | |
2254 <li> | |
2255 Added effort options to
Swing GUI (Dave Brosius) | |
2256 </li> | |
2257 <li> | |
2258 Add ability to specify b
ugs file to open from command line for | |
2259 GUI version, through -lo
adbugs (Phillip Martin) | |
2260 </li> | |
2261 <li> | |
2262 New stylesheet for gener
ating HTML: use option | |
2263 <tt>-html:plain.xsl</tt>
(Chris Nappin) | |
2264 </li> | |
2265 <li> | |
2266 New stylesheet for gener
ating HTML: use option | |
2267 <tt>-html:fancy.xsl</tt>
(Etienne Giraudy) | |
2268 </li> | |
2269 <li> | |
2270 Updated Japanese bug mes
sage translations (Shisei Hanai) | |
2271 </li> | |
2272 | |
2273 <!-- Bug fixes --> | |
2274 <li> | |
2275 XHTML compliance fixes f
or bug details (Etienne Giraudy) | |
2276 </li> | |
2277 <li> | |
2278 Various detector fixes (
Shisei Hanai) | |
2279 </li> | |
2280 <li> | |
2281 Fixed bugs in the projec
t preferences dialog int the Eclipse | |
2282 plugin (Takashi Okamoto,
Thomas Einwaller) | |
2283 </li> | |
2284 <li> | |
2285 Lowered priority of anal
ysis thread in Swing GUI (David | |
2286 Hovemeyer, suggested by
Shisei Hanai and Jeffrey W. Badorek) | |
2287 </li> | |
2288 <li> | |
2289 Fixed EclipsePlugin to c
orrectly pick up auxclasspath entries | |
2290 (Jon Christiansen) | |
2291 </li> | |
2292 </ul> | |
2293 | |
2294 <p> | |
2295 Changes since version 0.9.0: | |
2296 </p> | |
2297 <ul> | |
2298 <li> | |
2299 Fixed dependence on JRE
1.5: all features should work on JRE 1.4 | |
2300 again | |
2301 </li> | |
2302 <li> | |
2303 Fixed -effort command li
ne option handling for Swing GUI | |
2304 </li> | |
2305 <li> | |
2306 Fixed conserveSpace and
workHard attributes int Ant task | |
2307 </li> | |
2308 <li> | |
2309 Added support for effort
attribute in Ant task | |
2310 </li> | |
2311 </ul> | |
2312 | |
2313 <p> | |
2314 Changes since version 0.8.8: | |
2315 </p> | |
2316 <ul> | |
2317 <!-- New detectors and bug patte
rns --> | |
2318 <li> | |
2319 XMLFactoryBypass detecto
r to find direct allocation of xml class | |
2320 implementations (Dave Br
osius) | |
2321 </li> | |
2322 <li> | |
2323 InefficientMemberAccess
detector to find accesses to owning class | |
2324 private members (Dave Br
osius) | |
2325 </li> | |
2326 <li> | |
2327 DuplicateBranches detect
or checks switch statements too (Dave | |
2328 Brosius) | |
2329 </li> | |
2330 | |
2331 <!-- Feature enhancements --> | |
2332 <li> | |
2333 FindBugs available from
findbugs.sourceforge.net as Java Web | |
2334 Start application (Dave
Brosius) | |
2335 </li> | |
2336 <li> | |
2337 Updated Japanese bug mes
sage translations (Shisei Hanai) | |
2338 </li> | |
2339 <li> | |
2340 Improved bug detail mess
age for covariant equals() (Shisei Hanai) | |
2341 </li> | |
2342 <li> | |
2343 Modeling of instanceof c
hecks is now enabled by default, making | |
2344 the bad cast detector mu
ch more useful (Bill Pugh, David | |
2345 Hovemeyer) | |
2346 </li> | |
2347 <li> | |
2348 Support for detector ord
ering constraints in plugin descriptor | |
2349 (David Hovemeyer) | |
2350 </li> | |
2351 <li> | |
2352 Simpler option to contro
l analysis effort: -effort: | |
2353 <i>value</i>, where | |
2354 <i>value</i> is one of | |
2355 <code> | |
2356 min | |
2357 </code> | |
2358 , | |
2359 <code> | |
2360 default | |
2361 </code> | |
2362 , or | |
2363 <code> | |
2364 max | |
2365 </code> | |
2366 (David Hovemeyer) | |
2367 </li> | |
2368 <li> | |
2369 Using -effort:max, FindN
ullDeref checks for null arguments passed | |
2370 to methods which derefer
ence them unconditionally (David | |
2371 Hovemeyer) | |
2372 </li> | |
2373 <li> | |
2374 FindNullDeref checks @Nu
ll and @NonNull annotations for | |
2375 parameters and return va
lues (David Hovemeyer) | |
2376 </li> | |
2377 | |
2378 <!-- Bug fixes --> | |
2379 </ul> | |
2380 | |
2381 <p> | |
2382 Changes since version 0.8.7: | |
2383 </p> | |
2384 | |
2385 <ul> | |
2386 <!-- New detectors and bug patte
rns --> | |
2387 <li> | |
2388 New detector to find dup
licate code in if/else statements (Dave | |
2389 Brosius) | |
2390 </li> | |
2391 <li> | |
2392 Look for calls to wait()
on Condition objects (David Hovemeyer) | |
2393 </li> | |
2394 <li> | |
2395 Look for java.util.concu
rrent.Lock objects not released on every | |
2396 path out of method (Davi
d Hovemeyer) | |
2397 </li> | |
2398 <li> | |
2399 Look for calls to Thread
.sleep() with a lock held (David | |
2400 Hovemeyer) | |
2401 </li> | |
2402 <li> | |
2403 More accurate detection
of impossible casts (Bill Pugh, David | |
2404 Hovemeyer) | |
2405 </li> | |
2406 | |
2407 <!-- Feature enhancements --> | |
2408 <li> | |
2409 Saved XML now contains p
roject statistics (Jay Dunning) | |
2410 </li> | |
2411 <li> | |
2412 Filter files can select
by bug pattern type and warning priority | |
2413 (David Hovemeyer) | |
2414 </li> | |
2415 | |
2416 <!-- Bug fixes --> | |
2417 <li> | |
2418 Restored some files inad
vertently omitted from previous release | |
2419 (Rohan Lloyd, David Hove
meyer) | |
2420 </li> | |
2421 <li> | |
2422 Make sure detectors requ
iring JDK 1.5 runtime classes are only | |
2423 executed if those classe
s are available (David Hovemeyer) | |
2424 </li> | |
2425 <li> | |
2426 Don't display analysis e
rror dialog unless there is really an | |
2427 error (David Hovemeyer) | |
2428 </li> | |
2429 <li> | |
2430 Updated and expanded Fre
nch translations of bug patterns and | |
2431 Swing GUI (Olivier Paren
t) | |
2432 </li> | |
2433 <li> | |
2434 Fixed invalid character
encoding in German Swing GUI translation | |
2435 (Olivier Parent) | |
2436 </li> | |
2437 <li> | |
2438 Fix locale used for date
format in project stats (K. Hashimoto) | |
2439 </li> | |
2440 <li> | |
2441 Fixed LongDescription el
ements in xml:withMessages output format | |
2442 (K. Hashimoto) | |
2443 </li> | |
2444 </ul> | |
2445 | |
2446 <p> | |
2447 Changes since version 0.8.6: | |
2448 </p> | |
2449 | |
2450 <ul> | |
2451 <!-- new detectors --> | |
2452 <li> | |
2453 Extend Naming detector t
o look for classes that are named | |
2454 XXXException but that ar
e not Exceptions (Dave Brosius) | |
2455 </li> | |
2456 <li> | |
2457 New detector to find cla
sses that expose semaphores in the public | |
2458 implementation through t
he 'this' reference. (Dave Brosius) | |
2459 </li> | |
2460 <li> | |
2461 New Style detector to fi
nd Struts Action/Servlet derived classes | |
2462 that reference instance
member variable not in synchronized | |
2463 blocks. (Dave Brosius) | |
2464 </li> | |
2465 <li> | |
2466 New Style detector to fi
nd classes that declare implementation of | |
2467 interfaces that are alre
ady implemented by super classes (Dave | |
2468 Brosius) | |
2469 </li> | |
2470 <li> | |
2471 New Style detector to fi
nd circular dependencies between classes | |
2472 (Dave Brosius) | |
2473 </li> | |
2474 <li> | |
2475 New Style detector to fi
nd unnecessary math on constants (Dave | |
2476 Brosius) | |
2477 </li> | |
2478 <li> | |
2479 New detector to find equ
ality comparisons using floating point | |
2480 math (Jay Dunning) | |
2481 </li> | |
2482 <li> | |
2483 New faster detector to f
ind local self assignments (Bill Pugh) | |
2484 </li> | |
2485 <li> | |
2486 New detector to find inf
inite recursive loops (Bill Pugh) | |
2487 </li> | |
2488 <li> | |
2489 New detector to find for
loops with an incorrect increment (Bill | |
2490 Pugh) | |
2491 </li> | |
2492 <li> | |
2493 New detector to find sus
picious uses of BufferedReader.readLine() | |
2494 and String.indexOf() (Bi
ll Pugh) | |
2495 </li> | |
2496 <li> | |
2497 New detector to find sus
picious integer to double casts (David | |
2498 Hovemeyer, Bill Pugh) | |
2499 </li> | |
2500 <li> | |
2501 New detector to find inv
alid regular expression patterns (Bill | |
2502 Pugh) | |
2503 </li> | |
2504 <li> | |
2505 New detector to find Blo
ch/Gafter Java puzzlers (Bill Pugh) | |
2506 </li> | |
2507 | 2327 |
2508 <!-- feature enhancements --> | 2328 <!-- feature enhancements --> |
2509 <li> | 2329 </li> |
2510 New system property to s
uppress reporting of DLS based on local | 2330 <li>HTML output generation using built-i
n XSLT stylesheet or |
2511 variable name (Glenn Boy
sko) | 2331 user-defined stylesheet (David H
ovemeyer)</li> |
2512 </li> | 2332 <li>Allow URLs to be specified to analyz
e zip/jar files, local |
2513 <li> | 2333 directories, and single classfil
es (David Hovemeyer)</li> |
2514 Enhancements to configur
ation dialog in Eclipse plugin, allow for | 2334 <li>New command line option -onlyAnalyze
restricts analysis to |
2515 saving enabled detectors
in Eclipse projects (Phil Crosby) | 2335 selected classes and packages wi
thout reducing accuracy (David |
2516 </li> | 2336 Hovemeyer)</li> |
2517 <li> | 2337 <li>Allow Swing GUI to show source code
in jar files on |
2518 Sortable columns in dete
ctor dialog (Dave Brosius) | 2338 Windows systems (Dave Brosius) <
!-- Bug fixes --> |
2519 </li> | 2339 </li> |
2520 <li> | 2340 <li>Fix the Switch Fall Thru detector (D
ave Brosius, David |
2521 New tab in gui for showi
ng bugs grouped by category (Dave | 2341 Hovemeyer, Bill Pugh)</li> |
2522 Brosius) | 2342 <li>MacOS GUI fixes (Rohan Lloyd)</li> |
2523 </li> | 2343 <li>Fix false positive in BOA in case wh
ere method is |
2524 <li> | 2344 correctly and 'incorrectly' over
ridden (Dave Brosius)</li> |
2525 Improved German translat
ion of Swing GUI (Thomas Kuehne) | 2345 <li>Fixed memory blowup when analyzing m
ethods which access a |
2526 </li> | 2346 large number of fields (David Ho
vemeyer)</li> |
2527 <li> | 2347 </ul> |
2528 Improved source file rep
orting in Emacs output format (Len Trigg) | 2348 |
2529 </li> | 2349 <p>Changes since version 0.8.3:</p> |
2530 <li> | 2350 <ul> |
2531 Improvements to redundan
t null comparison detector (Bill Pugh) | 2351 <li>Initial and preliminary localization
of the Swing |
2532 </li> | 2352 GUI. Translations by: |
2533 <li> | 2353 <ul> |
2534 Localization of run anal
ysis and analysis error dialogs in Swing | 2354 <li>German - Peter D. St
out, Holger Stenzhorn</li> |
2535 GUI (K. Hashimoto) | 2355 <li>Finnish - Juha Knuut
ila</li> |
2536 </li> | 2356 <li>Estonian - Tanel Leb
edev</li> |
2537 | 2357 <li>Japanese - Hanai Shi
sei</li> |
2538 <!-- Bug fixes --> | 2358 </ul> |
2539 <li> | 2359 </li> |
2540 Don't scan equals method
s in FindHEMismatch if code is native | 2360 <li>Eliminated debug print statements in
advertently left |
2541 (Greg Bentz) | 2361 enabled</li> |
2542 </li> | 2362 <li>Reverted some changes in the open st
ream detector: this |
2543 <li> | 2363 should fix some false positives
that were introduced in the |
2544 French translation fixes
(David Cotton) | 2364 previous release</li> |
2545 </li> | 2365 <li>Fixed a couple missing class reports
</li> |
2546 <li> | 2366 </ul> |
2547 Internationalization rep
ort fixes (K. Hashimoto) | 2367 |
2548 </li> | 2368 <p>Changes since version 0.8.2:</p> |
2549 <li> | 2369 <ul> |
2550 Japanese translations up
dates (SHISEI Hanai) | 2370 |
2551 </li> | 2371 <!-- New detectors --> |
2552 </ul> | 2372 <li>New detector to find improperly over
ridden GUI Adapter |
2553 | 2373 classes (Dave Brosius)</li> |
2554 <p> | 2374 <li>New detector to find improperly setu
p JUnit TestCases |
2555 Changes since version 0.8.5: | 2375 (Dave Brosius)</li> |
2556 | 2376 <li>New detector to find variables that
mask class level |
2557 </p> | 2377 fields (Dave Brosius)</li> |
2558 <ul> | 2378 <li>New detector to find comparisons of
values computed with |
2559 <!-- new detectors --> | 2379 bitwise operators that always yi
eld the same result (Tom Truscott) |
2560 <li> | 2380 </li> |
2561 New detector to find cat
ch blocks that may inadvertently catch | 2381 <li>New detector to find unsafe getClass
().getResource() calls |
2562 runtime exceptions (Bria
n Goetz) | 2382 (Bill Pugh)</li> |
2563 </li> | 2383 <li>New detector to find GUI changes not
in GUI thread but in |
2564 <li> | 2384 static main (Bill Pugh)</li> |
2565 New detector to find obj
ects that are instantiated based on | 2385 <li>New detector to find calls to Collec
tion.toArray() with |
2566 classes that only have s
tatic methods and fields, using the | 2386 zero-length array argument; it i
s more efficient to pass an array |
2567 synthesized constructor
(Dave Brosius) | 2387 the size of the collection, whic
h can be populated and returned as |
2568 </li> | 2388 the result (Dave Brosius) <!-- A
nalysis improvements --> |
2569 <li> | 2389 </li> |
2570 New detector to find cal
ls to Thread.interrupted() in a non | 2390 <li>Better suppression of false warnings
in various detectors |
2571 static context, and espe
cially with non currentThread() threads | 2391 (Bill Pugh, David Hovemeyer)</li
> |
2572 (Dave Brosius) | 2392 <li>Enhancement to ReadReturnShouldBeChe
cked detector for |
2573 </li> | 2393 skip() (Dave Brosius)</li> |
2574 <li> | 2394 <li>Enhancement to DumbMethods detector
(Dave Brosius)</li> |
2575 New detector to find cal
ls to equals() methods that use Object's | 2395 <li>Open stream detector does not report
wrappers of streams |
2576 version. (Dave Brosius) | 2396 passed as method parameters (Dav
id Hovemeyer) <!-- Feature enhancements --> |
2577 </li> | 2397 </li> |
2578 <li> | 2398 <li>Cancel confirmation dialog in Swing
GUI (Pete Angstadt)</li> |
2579 New detector to find App
lets that call methods in the constructor | 2399 <li>Better relative path saving in Proje
ct file (Dave Brosius) |
2580 refering to the AppletSt
ub (Dave Brosius) | 2400 </li> |
2581 </li> | 2401 <li>Detector Priority in GUI is now save
d in prefs file (Dave |
2582 <li> | 2402 Brosius)</li> |
2583 New detector to find som
e cases of infinite recursion (Bill Pugh) | 2403 <li>Controls in GUI to reorder source an
d classpath entries, |
2584 </li> | 2404 and ability to flip between Proj
ect details and bugs pages (Dave |
2585 <li> | 2405 Brosius)</li> |
2586 New detector to find dea
d stores to local variables (David | 2406 <li>In Swing GUI, analysis error dialog
supports "Select All" |
2587 Hovemeyer, Bill Pugh) | 2407 and "Copy" operations for easy g
eneration of error reports (Dave |
2588 </li> | 2408 Brosius)</li> |
2589 <li> | 2409 <li>Complete translation of bug descript
ions and messages into |
2590 Extend Dumb Method detec
tor for toUpperCase(), toLowerCase() | 2410 Japanese (Hanai Shisei) <!-- Bug
fixes --> |
2591 without a locale, new In
teger(1).toString(), new | 2411 </li> |
2592 XXX().getClass(), and ne
w Thread() without a run implementation | 2412 <li>Fixed bug in DroppedException detect
or (Dave Brosius) <!-- Development stuff --> |
2593 (Dave Brosius) | 2413 </li> |
2594 <!-- feature enhancement
s --> | 2414 <li>The source distribution defaults to
using JDK 1.5 javac to |
2595 </li> | 2415 compile, but support for compili
ng with JSR-14 prototype is still |
2596 <li> | 2416 supported</li> |
2597 Ant task supports "error
Property" attribute, which sets an Ant | 2417 </ul> |
2598 property to "true" if an
error occurs running FindBugs (Michael | 2418 |
2599 Tamm) | 2419 <p>Changes since version 0.8.1:</p> |
2600 </li> | 2420 <ul> |
2601 <li> | 2421 <li>Fixed a critical ClassCastException
bug (triggered if the |
2602 Eclipse plugin allows fi
ltering of warnings by bug category, | 2422 -workHard option was used, and a
n exception type was merged with |
2603 priority (David Hovemeye
r) | 2423 an array type during type infere
nce)</li> |
2604 </li> | 2424 </ul> |
2605 <li> | 2425 |
2606 Swing GUI allows filteri
ng of warnings by bug category (David | 2426 <p>Changes since version 0.8.0:</p> |
2607 Hovemeyer) | 2427 <ul> |
2608 </li> | 2428 <li>Disabled SwitchFallthrough detector
to work around |
2609 <li> | 2429 NullPointerExceptions</li> |
2610 Ability to annotate meth
ods using Java 1.5 annotations that | 2430 <li>Added some additional false positive
suppression |
2611 suppress FindBugs warnin
gs (Bill Pugh) | 2431 heuristics</li> |
2612 </li> | 2432 </ul> |
2613 <li> | 2433 |
2614 New -adjustExperimental
for lowering priority of BugPatterns that | 2434 <p>Also, two contributors to the 0.8.0 release w
ere |
2615 are experimental (Dave B
rosius) | 2435 inadvertently left out of the credits:</
p> |
2616 </li> | 2436 <ul> |
2617 <li> | 2437 <li>Pete Angstadt fixed several problems
in the Swing GUI</li> |
2618 Allow for command line o
ptions 'files' using the @ symbol (David | 2438 <li>Francis Lalonde provided a task reso
urce file for the |
2619 Hovemeyer) | 2439 FindBugs Ant task</li> |
2620 </li> | 2440 </ul> |
2621 <li> | 2441 |
2622 New -adjustPriority comm
and line option to for adjusting bug | 2442 <p>Changes since version 0.7.4:</p> |
2623 priorites (David Hovemey
er) | 2443 <ul> |
2624 </li> | 2444 <li>New detector to look for uses of "+"
operator to |
2625 <li> | 2445 concatenate String objects in a
loop (Dave Brosius)</li> |
2626 Added an Edit menu (cut/
copy/paste) to Swing GUI (Dave Brosius) | 2446 <li>Reference comparison detector looks
for places where the |
2627 </li> | 2447 argument passed to the equals(Ob
ject) method isn't the same type |
2628 <li> | 2448 as the receiver object</li> |
2629 French translation suppl
ied (David Cotton) | 2449 <li>Better suppression of false warnings
in many detectors</li> |
2630 <!-- Bug fixes --> | 2450 <li>Many improvements to Eclipse plugin
(Andrey Loskutov, |
2631 </li> | 2451 Peter Friese)</li> |
2632 </ul> | 2452 <li>Fixed problem with building Eclipse
plugin on Windows |
2633 | 2453 (Thomas Klaeger)</li> |
2634 <p> | 2454 <li>Open stream detector looks for unclo
sed PreparedStatement |
2635 Changes since version 0.8.4: | 2455 objects (Thomas Klaeger, Rohan L
loyd)</li> |
2636 | 2456 <li>Fix for open stream detector: it was
n't detecting close() |
2637 </p> | 2457 methods called through an invoke
interface instruction (Thomas |
2638 <ul> | 2458 Klaeger)</li> |
2639 <!-- new detectors --> | 2459 <li>Refactoring of visitor classes to en
force use of accessors |
2640 <li> | 2460 for visited class features (Bria
n Goetz)</li> |
2641 New detector for volatil
e references to arrays (Bill Pugh) | 2461 </ul> |
2642 </li> | 2462 |
2643 <li> | 2463 <p>Changes since version 0.7.3:</p> |
2644 New detector to find ins
tanceof usage where inheritance can be | 2464 <ul> |
2645 determined statically (D
ave Brosius) | 2465 <li>Experimental modification of open st
ream detector to look |
2646 </li> | 2466 for non-escaping JDBC resources
(connections and statements) that |
2647 <li> | 2467 aren't closed on all paths out o
f method</li> |
2648 New detector to find Res
ultSet.getXXX updateXXX calls using index | 2468 <li>Eclipse plugin fixed so it compiles
and runs on Eclipse |
2649 0 (Dave Brosius) | 2469 2.1.x (Peter Friese)</li> |
2650 </li> | 2470 <li>Option to Swing GUI and command line
to generate project |
2651 <li> | 2471 file using relative paths for ar
chives, source directories, and |
2652 New detector to find emp
ty zip or jar entries (Bill Pugh) | 2472 aux classpath entries (Dave Bros
ius)</li> |
2653 | 2473 <li>Improvements to findbugs.bat script
for launching FindBugs |
2654 <!-- feature enhancement
s --> | 2474 on Windows (Dave Brosius)</li> |
2655 </li> | 2475 <li>Updated Japanese message translation
s (Hiroshi Okugawa)</li> |
2656 <li> | 2476 <li>Uncalled private methods are now rep
orted as low priority, |
2657 HTML output generation u
sing built-in XSLT stylesheet or | 2477 unless they have the same name a
s another method in the class |
2658 user-defined stylesheet
(David Hovemeyer) | 2478 (which is more likely to indicat
e an actual bug)</li> |
2659 </li> | 2479 <li>Added some missing data in the bug m
essages XML files</li> |
2660 <li> | 2480 <li>Fixed some problems building from so
urce on Windows |
2661 Allow URLs to be specifi
ed to analyze zip/jar files, local | 2481 systems</li> |
2662 directories, and single
classfiles (David Hovemeyer) | 2482 <li>Various minor bug fixes</li> |
2663 </li> | 2483 </ul> |
2664 <li> | 2484 |
2665 New command line option
-onlyAnalyze restricts analysis to | 2485 <p>Changes since version 0.7.2:</p> |
2666 selected classes and pac
kages without reducing accuracy (David | 2486 <ul> |
2667 Hovemeyer) | 2487 <li>Enhanced Eclipse plugin, which displ
ays the detailed bug |
2668 </li> | 2488 description in a view (Phil Cros
by)</li> |
2669 <li> | 2489 <li>Various tweaks to existing detectors
to reduce false |
2670 Allow Swing GUI to show
source code in jar files on Windows | 2490 warnings</li> |
2671 systems (Dave Brosius) | 2491 <li>New command line option <code> -work
Hard </code> enables |
2672 | 2492 pruning of infeasible or unlikel
y exception edges, which results |
2673 <!-- Bug fixes --> | 2493 in better accuracy in the open s
tream detector, at the expense of |
2674 </li> | 2494 a 30%-100% slowdown |
2675 <li> | 2495 </li> |
2676 Fix the Switch Fall Thru
detector (Dave Brosius, David Hovemeyer, | 2496 <li>New website and HTML documentation d
esign</li> |
2677 Bill Pugh) | 2497 <li>Documentation includes an HTML docum
ent with descriptions |
2678 </li> | 2498 of all bug patterns reported by
FindBugs</li> |
2679 <li> | 2499 <li>Web page has a link to a <a |
2680 MacOS GUI fixes (Rohan L
loyd) | 2500 href="http://www.simeji.com/find
bugs/doc/manual_ja/index.html">Japanese |
2681 </li> | 2501 translation</a> of the F
indBugs manual, contributed by Hiroshi |
2682 <li> | 2502 Okugawa |
2683 Fix false positive in BO
A in case where method is correctly and | 2503 </li> |
2684 'incorrectly' overridden
(Dave Brosius) | 2504 <li>Changed the Inconsistent Synchroniza
tion detector so that |
2685 </li> | 2505 fields synchronized 50% of the t
ime (or more) are reported as |
2686 <li> | 2506 medium priority bugs (previously
they were reported as low)</li> |
2687 Fixed memory blowup when
analyzing methods which access a large | 2507 <li>New detector to find code that catch
es |
2688 number of fields (David
Hovemeyer) | 2508 IllegalMonitorStateException</li
> |
2689 </li> | 2509 <li>New detector to find private methods
that are never called |
2690 </ul> | 2510 </li> |
2691 | 2511 <li>New detector to find suspicious uses
of |
2692 <p> | 2512 non-short-circuiting boolean ope
rators ( <code> & </code> and |
2693 Changes since version 0.8.3: | 2513 <code> | </code> , rather than <
code> && </code> and <code> |
2694 </p> | 2514 || </code> ) |
2695 <ul> | 2515 </li> |
2696 <li> | 2516 </ul> |
2697 Initial and preliminary
localization of the Swing GUI. | 2517 |
2698 Translations by: | 2518 <p>Changes since version 0.7.1:</p> |
2699 <ul> | 2519 <ul> |
2700 <li> | 2520 <li>Incorporated patched version of BCEL
, which allows classes |
2701 German -
Peter D. Stout, Holger Stenzhorn | 2521 compiled with JDK 1.5.0 beta to
be analyzed</li> |
2702 </li> | 2522 <li>Fixed some bugs related to lookups o
f array classes</li> |
2703 <li> | 2523 <li>Fixed bug that prevented GUI from lo
ading XML result files |
2704 Finnish
- Juha Knuutila | 2524 when running under JDK 1.5.0 bet
a</li> |
2705 </li> | 2525 <li>Added new experimental bug detector,
LazyInit, which looks |
2706 <li> | 2526 for potentially buggy lazy initi
alizations of static fields</li> |
2707 Estonian
- Tanel Lebedev | 2527 <li>Because of long filenames, switched
to distributing the |
2708 </li> | 2528 source archive as a zip file rat
her than a tar file</li> |
2709 <li> | 2529 <li>The 0.7.1 source tarfile was botched
- 0.7.2 has a valid |
2710 Japanese
- Hanai Shisei | 2530 source archive</li> |
2711 </li> | 2531 <li>Fixed some problems in the Ant build
script</li> |
2712 </ul> | 2532 <li>Fixed NullPointerException when chec
king Class-Path |
2713 </li> | 2533 attribute for Jar files without
manifests</li> |
2714 <li> | 2534 <li>Generate version numbers for the cor
e and UI Eclipse |
2715 Eliminated debug print s
tatements inadvertently left enabled | 2535 plugins using the Version class;
all version numbers are now in a |
2716 </li> | 2536 common location</li> |
2717 <li> | 2537 </ul> |
2718 Reverted some changes in
the open stream detector: this should | 2538 |
2719 fix some false positives
that were introduced in the previous | 2539 <p>Changes since version 0.7.0:</p> |
2720 release | 2540 <ul> |
2721 </li> | 2541 <li>Eclipse plugin (contributed by Peter
Friese)</li> |
2722 <li> | 2542 <li>Source package structure rearranged:
all source (other |
2723 Fixed a couple missing c
lass reports | 2543 than Eclipse plugin UI) is in th
e edu.umd.cs.findbugs package, or |
2724 </li> | 2544 a subpackage</li> |
2725 </ul> | 2545 <li>Class-Path attributes of manifests o
f analyzed jar files |
2726 | 2546 are used to set the aux classpat
h automatically (Peter D. Stout)</li> |
2727 <p> | 2547 <li>GUI starts in directory specified by
user.home property |
2728 Changes since version 0.8.2: | 2548 (Peter D. Stout)</li> |
2729 </p> | 2549 <li>Added -project option to GUI (Mikko
T.)</li> |
2730 <ul> | 2550 <li>Added -look:{plastic,gtk,native} opt
ion to GUI, for |
2731 | 2551 setting look and feel (Mikko T.)
</li> |
2732 <!-- New detectors --> | 2552 <li>Fixed DataflowAnalysisException in i
nconsistent |
2733 <li> | 2553 synchronization detector</li> |
2734 New detector to find imp
roperly overridden GUI Adapter classes | 2554 <li>Ant task supports failOnError parame
ter (Rohan Lloyd)</li> |
2735 (Dave Brosius) | 2555 <li>Serializable class warnings are down
graded to low priority |
2736 </li> | 2556 for GUI classes</li> |
2737 <li> | 2557 <li>MWN detector will only report calls
to wait(), notify(), |
2738 New detector to find imp
roperly setup JUnit TestCases (Dave | 2558 and notifyAll() methods that hav
e the correct signature</li> |
2739 Brosius) | 2559 <li>FindBugs works with latest CVS versi
on of BCEL</li> |
2740 </li> | 2560 <li>Zip and Jar files may be added to th
e source path</li> |
2741 <li> | 2561 <li>The GUI will automatically find sour
ce files residing in |
2742 New detector to find var
iables that mask class level fields (Dave | 2562 analyzed Zip or Jar files</li> |
2743 Brosius) | 2563 </ul> |
2744 </li> | 2564 |
2745 <li> | 2565 <p>Note that the version number jumped from 0.6.
6 to 0.6.9; |
2746 New detector to find com
parisons of values computed with bitwise | 2566 there were no 0.6.7 or 0.6.8 releases.</
p> |
2747 operators that always yi
eld the same result (Tom Truscott) | 2567 <p>Changes since version 0.6.9:</p> |
2748 </li> | 2568 <ul> |
2749 <li> | 2569 <li>Added -conserveSpace option to reduc
e memory use at the |
2750 New detector to find uns
afe getClass().getResource() calls (Bill | 2570 expense of analysis precision</l
i> |
2751 Pugh) | 2571 <li>Bug fixes in findbugs.bat script: JA
VA_HOME handling, |
2752 </li> | 2572 autodetection of FINDBUGS_HOME,
missing output with -textui</li> |
2753 <li> | 2573 <li>Fixed NullPointerException when a mi
ssing class is |
2754 New detector to find GUI
changes not in GUI thread but in static | 2574 encountered</li> |
2755 main (Bill Pugh) | 2575 </ul> |
2756 </li> | 2576 |
2757 <li> | 2577 <p>Changes since version 0.6.6:</p> |
2758 New detector to find cal
ls to Collection.toArray() with | 2578 <ul> |
2759 zero-length array argume
nt; it is more efficient to pass an array | 2579 <li>The null pointer dereference detecto
r is more powerful</li> |
2760 the size of the collecti
on, which can be populated and returned | 2580 <li>Significantly improved heuristics an
d bug fixes in |
2761 as the result (Dave Bros
ius) | 2581 inconsistent synchronization det
ector</li> |
2762 | 2582 <li>Improved heuristics in open stream a
nd dropped exception |
2763 <!-- Analysis improvemen
ts --> | 2583 detectors; fewer false positives
should be reported</li> |
2764 </li> | 2584 <li>Save HTML summary in XML results fil
es, rather than |
2765 <li> | 2585 recomputing; this makes loading
results in GUI much faster</li> |
2766 Better suppression of fa
lse warnings in various detectors (Bill | 2586 <li>Report at most one String comparison
using == or != per |
2767 Pugh, David Hovemeyer) | 2587 method</li> |
2768 </li> | 2588 <li>The findbugs.bat script on Windows a
utodetects |
2769 <li> | 2589 FINDBUGS_HOME, and doesn't open
a DOS window when launching the |
2770 Enhancement to ReadRetur
nShouldBeChecked detector for skip() | 2590 GUI (contributed by TJSB)</li> |
2771 (Dave Brosius) | 2591 <li>Emacs reporting format (contributed
by David Li)</li> |
2772 </li> | 2592 <li>Various bug fixes</li> |
2773 <li> | 2593 </ul> |
2774 Enhancement to DumbMetho
ds detector (Dave Brosius) | 2594 |
2775 </li> | 2595 <p>Changes since 0.6.5:</p> |
2776 <li> | 2596 <ul> |
2777 Open stream detector doe
s not report wrappers of streams passed | 2597 <li>Rewritten inconsistent synchronizati
on detector; accuracy |
2778 as method parameters (Da
vid Hovemeyer) | 2598 is significantly improved, and b
ug reports are prioritized</li> |
2779 | 2599 <li>New detector to find self assignment
(x=x) of local |
2780 <!-- Feature enhancement
s --> | 2600 variables (suggested by Jeff Mar
tin)</li> |
2781 </li> | 2601 <li>New detector to find calls to wait()
, notify(), and |
2782 <li> | 2602 notifyAll() on an object which i
s not obviously locked</li> |
2783 Cancel confirmation dial
og in Swing GUI (Pete Angstadt) | 2603 <li>Open stream detector now reports Rea
ders and Writers</li> |
2784 </li> | 2604 <li>Fixed bug in finalizer idioms detect
or which caused |
2785 <li> | 2605 spurious warnings about failure
to call super.finalize() (reported |
2786 Better relative path sav
ing in Project file (Dave Brosius) | 2606 by Jim Menard)</li> |
2787 </li> | 2607 <li>Fixed bug where output stream was no
t closed using non-XML |
2788 <li> | 2608 output (reported by Sigiswald Ma
dou)</li> |
2789 Detector Priority in GUI
is now saved in prefs file (Dave | 2609 <li>Fixed corrupted HTML bug detail mess
age (reported by |
2790 Brosius) | 2610 Trevor Harmon)</li> |
2791 </li> | 2611 </ul> |
2792 <li> | 2612 |
2793 Controls in GUI to reord
er source and classpath entries, and | 2613 <p>Changes since version 0.6.4:</p> |
2794 ability to flip between
Project details and bugs pages (Dave | 2614 <ul> |
2795 Brosius) | 2615 <li>For redundant comparison of referenc
e values, fixed false |
2796 </li> | 2616 positives resulting from duplica
tion of code in finally blocks</li> |
2797 <li> | 2617 <li>Fixed false positives resulting from
wrapped byte array |
2798 In Swing GUI, analysis e
rror dialog supports "Select All" and | 2618 streams left open</li> |
2799 "Copy" operations for ea
sy generation of error reports (Dave | 2619 <li>Fixed bug in Ant task preventing out
put file from working |
2800 Brosius) | 2620 properly if a relative path was
used</li> |
2801 </li> | 2621 </ul> |
2802 <li> | 2622 |
2803 Complete translation of
bug descriptions and messages into | 2623 <p>Changes since version 0.6.3:</p> |
2804 Japanese (Hanai Shisei) | 2624 <ul> |
2805 | 2625 <li>Fixed bug in Ant task where output w
ould be corrupted, and |
2806 <!-- Bug fixes --> | 2626 added a <code> timeout </code> a
ttribute |
2807 </li> | 2627 </li> |
2808 <li> | 2628 <li>Added -outputFile option to text UI,
for explicitly |
2809 Fixed bug in DroppedExce
ption detector (Dave Brosius) | 2629 specifying an output file</li> |
2810 | 2630 <li>GUI has a summary window, for statis
tics about overall bug |
2811 <!-- Development stuff -
-> | 2631 densities (contributed by Mike F
agan)</li> |
2812 </li> | 2632 <li>Find redundant comparisons of refere
nce values</li> |
2813 <li> | 2633 <li>More accurate detection of Strings c
ompared with == and != |
2814 The source distribution
defaults to using JDK 1.5 javac to | 2634 operators</li> |
2815 compile, but support for
compiling with JSR-14 prototype is still | 2635 <li>Detection of other reference types w
hich should generally |
2816 supported | 2636 not be compared with == and != o
perators; Boolean, Integer, etc.</li> |
2817 </li> | 2637 <li>Find non-transient non-serializable
instance fields in |
2818 </ul> | 2638 Serializable classes</li> |
2819 | 2639 <li>Source code may be compiled with lat
est early access |
2820 <p> | 2640 generics-enabled javac (version
2.2)</li> |
2821 Changes since version 0.8.1: | 2641 </ul> |
2822 </p> | 2642 |
2823 <ul> | 2643 <p>Changes since version 0.6.2:</p> |
2824 <li> | 2644 <ul> |
2825 Fixed a critical ClassCa
stException bug (triggered if the | 2645 <li>GUI supports filtering bugs by prior
ity</li> |
2826 -workHard option was use
d, and an exception type was merged with | 2646 <li>Ant task rewritten; supports all fun
ctionality offered by |
2827 an array type during typ
e inference) | 2647 Text UI (contributed by Mike Fag
an)</li> |
2828 </li> | 2648 <li>Ant task is fully documented in the
manual</li> |
2829 </ul> | 2649 <li>Classes in nested archives are analy
zed; this allows full |
2830 | 2650 support for analyzing .ear and .
war files (contributed by Mike |
2831 <p> | 2651 Fagan)</li> |
2832 Changes since version 0.8.0: | 2652 <li>DepthFirstSearch changed to use non-
recursive |
2833 | 2653 implementation; this should fix
the StackOverflowErrors that |
2834 </p> | 2654 several users reported</li> |
2835 <ul> | 2655 <li>Various minor bugfixes and improveme
nts</li> |
2836 <li> | 2656 </ul> |
2837 Disabled SwitchFallthrou
gh detector to work around | 2657 |
2838 NullPointerExceptions | 2658 <p>Changes since version 0.6.1:</p> |
2839 </li> | 2659 <ul> |
2840 <li> | 2660 <li>New detector to look for useless con
trol flow (suggested |
2841 Added some additional fa
lse positive suppression heuristics | 2661 by Richard P. King and Mike Faga
n)</li> |
2842 </li> | 2662 <li>Look for places where return value o
f |
2843 </ul> | 2663 java.io.File.createNewFile() is
ignored (suggested by Richard P. |
2844 | 2664 King)</li> |
2845 <p> | 2665 <li>Fixed bug in resolution of source fi
les (only the first |
2846 Also, two contributors to the 0.
8.0 release were inadvertently | 2666 source directory was searched)</
li> |
2847 left out of the credits: | 2667 <li>Fixed a NullPointerException in the
bytecode pattern |
2848 | 2668 matching code</li> |
2849 </p> | 2669 <li>Ant task supports project files (con
tributed by Mike |
2850 <ul> | 2670 Fagan)</li> |
2851 <li> | 2671 <li>Unix findbugs script honors the <cod
e> JAVA_HOME </code> |
2852 Pete Angstadt fixed seve
ral problems in the Swing GUI | 2672 environment variable (contribute
d by Pedro Morais) |
2853 </li> | 2673 </li> |
2854 <li> | 2674 <li>Allow .war and .ear files to be anal
yzed</li> |
2855 Francis Lalonde provided
a task resource file for the FindBugs | 2675 </ul> |
2856 Ant task | 2676 |
2857 </li> | 2677 <p>Changes since version 0.6.0:</p> |
2858 </ul> | 2678 <ul> |
2859 | 2679 <li>New bug pattern detector which looks
for places where a |
2860 <p> | 2680 null pointer might be dereferenc
ed</li> |
2861 Changes since version 0.7.4: | 2681 <li>New bug pattern detector which looks
for IO streams that |
2862 | 2682 are opened, do not escape the me
thod, and are not closed on all |
2863 </p> | 2683 paths out of the method</li> |
2864 <ul> | 2684 <li>New bug pattern detector to find met
hods that can return |
2865 <li> | 2685 null instead of a zero-length ar
ray</li> |
2866 New detector to look for
uses of "+" operator to concatenate | 2686 <li>New bug pattern detector to find pla
ces where the == or != |
2867 String objects in a loop
(Dave Brosius) | 2687 operators are used to compare St
ring objects</li> |
2868 </li> | 2688 <li>Command line interface can save bugs
as XML</li> |
2869 <li> | 2689 <li>GUI can save bugs to and load bugs f
rom XML</li> |
2870 Reference comparison det
ector looks for places where the argument | 2690 <li>An "Annotations" window in the GUI a
llows the user to add |
2871 passed to the equals(Obj
ect) method isn't the same type as the | 2691 textual annotations to bug repor
ts; these annotations are |
2872 receiver object | 2692 preserved when bugs are saved as
XML</li> |
2873 </li> | 2693 <li>In this release, the Japanese bug su
mmary translations by |
2874 <li> | 2694 Germano Leichsenring are really
included (they were inadvertently |
2875 Better suppression of fa
lse warnings in many detectors | 2695 omitted in the previous release)
</li> |
2876 </li> | 2696 <li>Completely rewrote the control flow
graph builder, |
2877 <li> | 2697 hopefully for the last time</li> |
2878 Many improvements to Ecl
ipse plugin (Andrey Loskutov, Peter | 2698 <li>Simplified implementation of control
flow graphs, which |
2879 Friese) | 2699 should reduce memory use and pos
sibly improve performance</li> |
2880 </li> | 2700 <li>Improvements to command line interfa
ce (list bug |
2881 <li> | 2701 priorities, filter by priority,
specify aux classpath, specify |
2882 Fixed problem with build
ing Eclipse plugin on Windows (Thomas | 2702 project to analyze)</li> |
2883 Klaeger) | 2703 <li>Various bug fixes and enhancements</
li> |
2884 </li> | 2704 </ul> |
2885 <li> | 2705 |
2886 Open stream detector loo
ks for unclosed PreparedStatement objects | 2706 <p>Changes since version 0.5.4</p> |
2887 (Thomas Klaeger, Rohan L
loyd) | 2707 <ul> |
2888 </li> | 2708 <li>Added an <a href="http://ant.apache.
org/">Ant</a> task for |
2889 <li> | 2709 FindBugs, contributed by Mike Fa
gan. |
2890 Fix for open stream dete
ctor: it wasn't detecting close() methods | 2710 </li> |
2891 called through an invoke
interface instruction (Thomas Klaeger) | 2711 <li>Added a GUI dialog which allows indi
vidual bug pattern |
2892 </li> | 2712 detectors to be enabled or disab
led. Disabling certain slow |
2893 <li> | 2713 detectors can greatly speed up a
nalysis of large programs, at the |
2894 Refactoring of visitor c
lasses to enforce use of accessors for | 2714 expense of reducing the number o
f potential bugs found.</li> |
2895 visited class features (
Brian Goetz) | 2715 <li>Added a new detector for finding imp
roperly ignored return |
2896 </li> | 2716 values for methods such as <code
> String.trim() </code> . |
2897 </ul> | 2717 Suggested by Andreas Mandel. |
2898 | 2718 </li> |
2899 <p> | 2719 <li>Japanese translations of the bug sum
maries, contributed by |
2900 Changes since version 0.7.3: | 2720 Germano Leichsenring.</li> |
2901 | 2721 <li>Filtering of results is supported in
command line |
2902 </p> | 2722 interface. See the <a href="manu
al/index.html">FindBugs manual</a> |
2903 <ul> | 2723 for details. |
2904 <li> | 2724 </li> |
2905 Experimental modificatio
n of open stream detector to look for | 2725 <li>Added "byte code patterns", a genera
l pattern matching |
2906 non-escaping JDBC resour
ces (connections and statements) that | 2726 infrastructure for bytecode inst
ructions. This feature |
2907 aren't closed on all pat
hs out of method | 2727 significantly reduces the comple
xity of implementing new bug |
2908 </li> | 2728 pattern detectors.</li> |
2909 <li> | 2729 <li>Enabled a new general dataflow analy
sis to track values in |
2910 Eclipse plugin fixed so
it compiles and runs on Eclipse 2.1.x | 2730 methods.</li> |
2911 (Peter Friese) | 2731 <li>Switched to new control-flow graph b
uilder implementation. |
2912 </li> | 2732 </li> |
2913 <li> | 2733 </ul> |
2914 Option to Swing GUI and
command line to generate project file | 2734 |
2915 using relative paths for
archives, source directories, and aux | 2735 <p>Changes since version 0.5.3</p> |
2916 classpath entries (Dave
Brosius) | 2736 <ul> |
2917 </li> | 2737 <li>Fixed a bug in the script used to la
unch FindBugs on |
2918 <li> | 2738 Windows platforms.</li> |
2919 Improvements to findbugs
.bat script for launching FindBugs on | 2739 <li>Fixed crashes when analyzing class f
iles without source |
2920 Windows (Dave Brosius) | 2740 line information.</li> |
2921 </li> | 2741 <li>All major errors are reported using
an error dialog; file |
2922 <li> | 2742 not found errors are more inform
ative.</li> |
2923 Updated Japanese message
translations (Hiroshi Okugawa) | 2743 <li>Minor GUI improvements.</li> |
2924 </li> | 2744 </ul> |
2925 <li> | 2745 |
2926 Uncalled private methods
are now reported as low priority, unless | 2746 <p>Changes since version 0.5.2</p> |
2927 they have the same name
as another method in the class (which is | 2747 <ul> |
2928 more likely to indicate
an actual bug) | 2748 <li>All of the source code and related f
iles are in a single |
2929 </li> | 2749 directory tree.</li> |
2930 <li> | 2750 <li>Updated some of the detectors to pro
duce source line |
2931 Added some missing data
in the bug messages XML files | 2751 information.</li> |
2932 </li> | 2752 <li><a href="http://ant.apache.org/">Ant
</a> build script and |
2933 <li> | 2753 several GUI enhancements and fix
es contributed by Mike Fagan.</li> |
2934 Fixed some problems buil
ding from source on Windows systems | 2754 <li>Converted to use a <a href="AddingDe
tectors.txt">plugin |
2935 </li> | 2755 architecture</a> for loa
ding bug detectors. |
2936 <li> | 2756 </li> |
2937 Various minor bug fixes | 2757 <li>Eliminated generics-related compiler
warnings.</li> |
2938 </li> | 2758 <li>More complete documentation has been
added.</li> |
2939 </ul> | 2759 </ul> |
2940 | 2760 |
2941 <p> | 2761 <p>Changes since version 0.5.1:</p> |
2942 Changes since version 0.7.2: | 2762 <ul> |
2943 | 2763 <li>Fixed a large number of bugs in the
BCEL Repository and |
2944 </p> | 2764 FindBugs's use of the Repository
. With these changes, |
2945 <ul> | 2765 FindBugs should <em>never</em> c
rash or otherwise misbehave |
2946 <li> | 2766 because of Repository lookup fai
lures. Because of these |
2947 Enhanced Eclipse plugin,
which displays the detailed bug | 2767 changes, you must use a modified
version of <code> bcel.jar |
2948 description in a view (P
hil Crosby) | 2768 </code> with FindBugs. Thi
s jar file is included in the FindBugs |
2949 </li> | 2769 0.5.2 binary release. A co
mplete patch containing the <a |
2950 <li> | 2770 href="http://faculty.ycp.edu/~dh
ovemey/bcel-30-April-2003.patch">modifications |
2951 Various tweaks to existi
ng detectors to reduce false warnings | 2771 against the BCEL CVS mai
n branch as of April 30, 2003</a> is also |
2952 </li> | 2772 available. |
2953 <li> | 2773 </li> |
2954 New command line option | 2774 <li>Implemented the "auxiliary classpath
entry list". |
2955 <code> | 2775 Aux classpath entries can be add
ed to a project to provide classes |
2956 -workHard | 2776 that are referenced by the analy
zed application, but should not |
2957 </code> | 2777 themselves be analyzed. Ha
ving all referenced classes |
2958 enables pruning of infea
sible or unlikely exception edges, which | 2778 available allows FindBugs to pro
duce more accurate results.</li> |
2959 results in better accura
cy in the open stream detector, at the | 2779 </ul> |
2960 expense of a 30%-100% sl
owdown | 2780 |
2961 </li> | 2781 <p>Changes since version 0.5.0:</p> |
2962 <li> | 2782 <ul> |
2963 New website and HTML doc
umentation design | 2783 <li>Many user interface bugs have been f
ixed.</li> |
2964 </li> | 2784 <li>Upgraded to a recent CVS version of
BCEL, with some bug |
2965 <li> | 2785 fixes. This should prevent
FindBugs from crashing when there |
2966 Documentation includes a
n HTML document with descriptions of all | 2786 is a failure to find a class on
the classpath.</li> |
2967 bug patterns reported by
FindBugs | 2787 <li>Added support for Plastic look and f
eel from <a |
2968 </li> | 2788 href="http://www.jgoodies.com/">
jgoodies.com</a>. |
2969 <li> | 2789 </li> |
2970 Web page has a link to a | 2790 <li>Major overhaul of infrastructure for
doing dataflow |
2971 <a href="http://www.sime
ji.com/findbugs/doc/manual_ja/index.html">Japanese | 2791 analysis.</li> |
2972 translation</a>
of the FindBugs manual, contributed by Hiroshi | 2792 </ul> |
2973 Okugawa | |
2974 </li> | |
2975 <li> | |
2976 Changed the Inconsistent
Synchronization detector so that fields | |
2977 synchronized 50% of the
time (or more) are reported as medium | |
2978 priority bugs (previousl
y they were reported as low) | |
2979 </li> | |
2980 <li> | |
2981 New detector to find cod
e that catches | |
2982 IllegalMonitorStateExcep
tion | |
2983 </li> | |
2984 <li> | |
2985 New detector to find pri
vate methods that are never called | |
2986 </li> | |
2987 <li> | |
2988 New detector to find sus
picious uses of non-short-circuiting | |
2989 boolean operators ( | |
2990 <code> | |
2991 & | |
2992 </code> | |
2993 and | |
2994 <code> | |
2995 | | |
2996 </code> | |
2997 , rather than | |
2998 <code> | |
2999 && | |
3000 </code> | |
3001 and | |
3002 <code> | |
3003 || | |
3004 </code> | |
3005 ) | |
3006 </li> | |
3007 </ul> | |
3008 | |
3009 <p> | |
3010 Changes since version 0.7.1: | |
3011 | |
3012 </p> | |
3013 <ul> | |
3014 <li> | |
3015 Incorporated patched ver
sion of BCEL, which allows classes | |
3016 compiled with JDK 1.5.0
beta to be analyzed | |
3017 </li> | |
3018 <li> | |
3019 Fixed some bugs related
to lookups of array classes | |
3020 </li> | |
3021 <li> | |
3022 Fixed bug that prevented
GUI from loading XML result files when | |
3023 running under JDK 1.5.0
beta | |
3024 </li> | |
3025 <li> | |
3026 Added new experimental b
ug detector, LazyInit, which looks for | |
3027 potentially buggy lazy i
nitializations of static fields | |
3028 </li> | |
3029 <li> | |
3030 Because of long filename
s, switched to distributing the source | |
3031 archive as a zip file ra
ther than a tar file | |
3032 </li> | |
3033 <li> | |
3034 The 0.7.1 source tarfile
was botched - 0.7.2 has a valid source | |
3035 archive | |
3036 </li> | |
3037 <li> | |
3038 Fixed some problems in t
he Ant build script | |
3039 </li> | |
3040 <li> | |
3041 Fixed NullPointerExcepti
on when checking Class-Path attribute for | |
3042 Jar files without manife
sts | |
3043 </li> | |
3044 <li> | |
3045 Generate version numbers
for the core and UI Eclipse plugins | |
3046 using the Version class;
all version numbers are now in a common | |
3047 location | |
3048 </li> | |
3049 </ul> | |
3050 | |
3051 <p> | |
3052 Changes since version 0.7.0: | |
3053 | |
3054 </p> | |
3055 <ul> | |
3056 <li> | |
3057 Eclipse plugin (contribu
ted by Peter Friese) | |
3058 </li> | |
3059 <li> | |
3060 Source package structure
rearranged: all source (other than | |
3061 Eclipse plugin UI) is in
the edu.umd.cs.findbugs package, or a | |
3062 subpackage | |
3063 </li> | |
3064 <li> | |
3065 Class-Path attributes of
manifests of analyzed jar files are used | |
3066 to set the aux classpath
automatically (Peter D. Stout) | |
3067 </li> | |
3068 <li> | |
3069 GUI starts in directory
specified by user.home property (Peter D. | |
3070 Stout) | |
3071 </li> | |
3072 <li> | |
3073 Added -project option to
GUI (Mikko T.) | |
3074 </li> | |
3075 <li> | |
3076 Added -look:{plastic,gtk
,native} option to GUI, for setting look | |
3077 and feel (Mikko T.) | |
3078 </li> | |
3079 <li> | |
3080 Fixed DataflowAnalysisEx
ception in inconsistent synchronization | |
3081 detector | |
3082 </li> | |
3083 <li> | |
3084 Ant task supports failOn
Error parameter (Rohan Lloyd) | |
3085 </li> | |
3086 <li> | |
3087 Serializable class warni
ngs are downgraded to low priority for | |
3088 GUI classes | |
3089 </li> | |
3090 <li> | |
3091 MWN detector will only r
eport calls to wait(), notify(), and | |
3092 notifyAll() methods that
have the correct signature | |
3093 </li> | |
3094 <li> | |
3095 FindBugs works with late
st CVS version of BCEL | |
3096 </li> | |
3097 <li> | |
3098 Zip and Jar files may be
added to the source path | |
3099 </li> | |
3100 <li> | |
3101 The GUI will automatical
ly find source files residing in analyzed | |
3102 Zip or Jar files | |
3103 </li> | |
3104 </ul> | |
3105 | |
3106 <p> | |
3107 Note that the version number jum
ped from 0.6.6 to 0.6.9; there | |
3108 were no 0.6.7 or 0.6.8 releases. | |
3109 | |
3110 </p> | |
3111 <p> | |
3112 Changes since version 0.6.9: | |
3113 </p> | |
3114 <ul> | |
3115 <li> | |
3116 Added -conserveSpace opt
ion to reduce memory use at the expense | |
3117 of analysis precision | |
3118 </li> | |
3119 <li> | |
3120 Bug fixes in findbugs.ba
t script: JAVA_HOME handling, | |
3121 autodetection of FINDBUG
S_HOME, missing output with -textui | |
3122 </li> | |
3123 <li> | |
3124 Fixed NullPointerExcepti
on when a missing class is encountered | |
3125 </li> | |
3126 </ul> | |
3127 | |
3128 <p> | |
3129 Changes since version 0.6.6: | |
3130 | |
3131 </p> | |
3132 <ul> | |
3133 <li> | |
3134 The null pointer derefer
ence detector is more powerful | |
3135 </li> | |
3136 <li> | |
3137 Significantly improved h
euristics and bug fixes in inconsistent | |
3138 synchronization detector | |
3139 </li> | |
3140 <li> | |
3141 Improved heuristics in o
pen stream and dropped exception | |
3142 detectors; fewer false p
ositives should be reported | |
3143 </li> | |
3144 <li> | |
3145 Save HTML summary in XML
results files, rather than recomputing; | |
3146 this makes loading resul
ts in GUI much faster | |
3147 </li> | |
3148 <li> | |
3149 Report at most one Strin
g comparison using == or != per method | |
3150 </li> | |
3151 <li> | |
3152 The findbugs.bat script
on Windows autodetects FINDBUGS_HOME, and | |
3153 doesn't open a DOS windo
w when launching the GUI (contributed by | |
3154 TJSB) | |
3155 </li> | |
3156 <li> | |
3157 Emacs reporting format (
contributed by David Li) | |
3158 </li> | |
3159 <li> | |
3160 Various bug fixes | |
3161 </li> | |
3162 </ul> | |
3163 | |
3164 <p> | |
3165 Changes since 0.6.5: | |
3166 | |
3167 </p> | |
3168 <ul> | |
3169 <li> | |
3170 Rewritten inconsistent s
ynchronization detector; accuracy is | |
3171 significantly improved,
and bug reports are prioritized | |
3172 </li> | |
3173 <li> | |
3174 New detector to find sel
f assignment (x=x) of local variables | |
3175 (suggested by Jeff Marti
n) | |
3176 </li> | |
3177 <li> | |
3178 New detector to find cal
ls to wait(), notify(), and notifyAll() | |
3179 on an object which is no
t obviously locked | |
3180 </li> | |
3181 <li> | |
3182 Open stream detector now
reports Readers and Writers | |
3183 </li> | |
3184 <li> | |
3185 Fixed bug in finalizer i
dioms detector which caused spurious | |
3186 warnings about failure t
o call super.finalize() (reported by Jim | |
3187 Menard) | |
3188 </li> | |
3189 <li> | |
3190 Fixed bug where output s
tream was not closed using non-XML output | |
3191 (reported by Sigiswald M
adou) | |
3192 </li> | |
3193 <li> | |
3194 Fixed corrupted HTML bug
detail message (reported by Trevor | |
3195 Harmon) | |
3196 </li> | |
3197 </ul> | |
3198 | |
3199 <p> | |
3200 Changes since version 0.6.4: | |
3201 | |
3202 </p> | |
3203 <ul> | |
3204 <li> | |
3205 For redundant comparison
of reference values, fixed false | |
3206 positives resulting from
duplication of code in finally blocks | |
3207 </li> | |
3208 <li> | |
3209 Fixed false positives re
sulting from wrapped byte array streams | |
3210 left open | |
3211 </li> | |
3212 <li> | |
3213 Fixed bug in Ant task pr
eventing output file from working | |
3214 properly if a relative p
ath was used | |
3215 </li> | |
3216 </ul> | |
3217 | |
3218 <p> | |
3219 Changes since version 0.6.3: | |
3220 | |
3221 </p> | |
3222 <ul> | |
3223 <li> | |
3224 Fixed bug in Ant task wh
ere output would be corrupted, and added | |
3225 a | |
3226 <code> | |
3227 timeout | |
3228 </code> | |
3229 attribute | |
3230 </li> | |
3231 <li> | |
3232 Added -outputFile option
to text UI, for explicitly specifying an | |
3233 output file | |
3234 </li> | |
3235 <li> | |
3236 GUI has a summary window
, for statistics about overall bug | |
3237 densities (contributed b
y Mike Fagan) | |
3238 </li> | |
3239 <li> | |
3240 Find redundant compariso
ns of reference values | |
3241 </li> | |
3242 <li> | |
3243 More accurate detection
of Strings compared with == and != | |
3244 operators | |
3245 </li> | |
3246 <li> | |
3247 Detection of other refer
ence types which should generally not be | |
3248 compared with == and !=
operators; Boolean, Integer, etc. | |
3249 </li> | |
3250 <li> | |
3251 Find non-transient non-s
erializable instance fields in | |
3252 Serializable classes | |
3253 </li> | |
3254 <li> | |
3255 Source code may be compi
led with latest early access | |
3256 generics-enabled javac (
version 2.2) | |
3257 </li> | |
3258 </ul> | |
3259 | |
3260 <p> | |
3261 Changes since version 0.6.2: | |
3262 | |
3263 </p> | |
3264 <ul> | |
3265 <li> | |
3266 GUI supports filtering b
ugs by priority | |
3267 </li> | |
3268 <li> | |
3269 Ant task rewritten; supp
orts all functionality offered by Text UI | |
3270 (contributed by Mike Fag
an) | |
3271 </li> | |
3272 <li> | |
3273 Ant task is fully docume
nted in the manual | |
3274 </li> | |
3275 <li> | |
3276 Classes in nested archiv
es are analyzed; this allows full support | |
3277 for analyzing .ear and .
war files (contributed by Mike Fagan) | |
3278 </li> | |
3279 <li> | |
3280 DepthFirstSearch changed
to use non-recursive implementation; | |
3281 this should fix the Stac
kOverflowErrors that several users | |
3282 reported | |
3283 </li> | |
3284 <li> | |
3285 Various minor bugfixes a
nd improvements | |
3286 </li> | |
3287 </ul> | |
3288 | |
3289 <p> | |
3290 Changes since version 0.6.1: | |
3291 | |
3292 </p> | |
3293 <ul> | |
3294 <li> | |
3295 New detector to look for
useless control flow (suggested by | |
3296 Richard P. King and Mike
Fagan) | |
3297 </li> | |
3298 <li> | |
3299 Look for places where re
turn value of | |
3300 java.io.File.createNewFi
le() is ignored (suggested by Richard P. | |
3301 King) | |
3302 </li> | |
3303 <li> | |
3304 Fixed bug in resolution
of source files (only the first source | |
3305 directory was searched) | |
3306 </li> | |
3307 <li> | |
3308 Fixed a NullPointerExcep
tion in the bytecode pattern matching | |
3309 code | |
3310 </li> | |
3311 <li> | |
3312 Ant task supports projec
t files (contributed by Mike Fagan) | |
3313 </li> | |
3314 <li> | |
3315 Unix findbugs script hon
ors the | |
3316 <code> | |
3317 JAVA_HOME | |
3318 </code> | |
3319 environment variable (co
ntributed by Pedro Morais) | |
3320 </li> | |
3321 <li> | |
3322 Allow .war and .ear file
s to be analyzed | |
3323 </li> | |
3324 </ul> | |
3325 | |
3326 <p> | |
3327 Changes since version 0.6.0: | |
3328 | |
3329 </p> | |
3330 <ul> | |
3331 <li> | |
3332 New bug pattern detector
which looks for places where a null | |
3333 pointer might be derefer
enced | |
3334 </li> | |
3335 <li> | |
3336 New bug pattern detector
which looks for IO streams that are | |
3337 opened, do not escape th
e method, and are not closed on all paths | |
3338 out of the method | |
3339 </li> | |
3340 <li> | |
3341 New bug pattern detector
to find methods that can return null | |
3342 instead of a zero-length
array | |
3343 </li> | |
3344 <li> | |
3345 New bug pattern detector
to find places where the == or != | |
3346 operators are used to co
mpare String objects | |
3347 </li> | |
3348 <li> | |
3349 Command line interface c
an save bugs as XML | |
3350 </li> | |
3351 <li> | |
3352 GUI can save bugs to and
load bugs from XML | |
3353 </li> | |
3354 <li> | |
3355 An "Annotations" window
in the GUI allows the user to add textual | |
3356 annotations to bug repor
ts; these annotations are preserved when | |
3357 bugs are saved as XML | |
3358 </li> | |
3359 <li> | |
3360 In this release, the Jap
anese bug summary translations by Germano | |
3361 Leichsenring are really
included (they were inadvertently omitted | |
3362 in the previous release) | |
3363 </li> | |
3364 <li> | |
3365 Completely rewrote the c
ontrol flow graph builder, hopefully for | |
3366 the last time | |
3367 </li> | |
3368 <li> | |
3369 Simplified implementatio
n of control flow graphs, which should | |
3370 reduce memory use and po
ssibly improve performance | |
3371 </li> | |
3372 <li> | |
3373 Improvements to command
line interface (list bug priorities, | |
3374 filter by priority, spec
ify aux classpath, specify project to | |
3375 analyze) | |
3376 </li> | |
3377 <li> | |
3378 Various bug fixes and en
hancements | |
3379 </li> | |
3380 </ul> | |
3381 | |
3382 <p> | |
3383 Changes since version 0.5.4 | |
3384 | |
3385 </p> | |
3386 <ul> | |
3387 <li> | |
3388 Added an | |
3389 <a href="http://ant.apac
he.org/">Ant</a> task for FindBugs, | |
3390 contributed by Mike Faga
n. | |
3391 </li> | |
3392 <li> | |
3393 Added a GUI dialog which
allows individual bug pattern detectors | |
3394 to be enabled or disable
d. Disabling certain slow detectors | |
3395 can greatly speed up ana
lysis of large programs, at the expense | |
3396 of reducing the number o
f potential bugs found. | |
3397 </li> | |
3398 <li> | |
3399 Added a new detector for
finding improperly ignored return values | |
3400 for methods such as | |
3401 <code> | |
3402 String.trim() | |
3403 </code> | |
3404 . Suggested by And
reas Mandel. | |
3405 </li> | |
3406 <li> | |
3407 Japanese translations of
the bug summaries, contributed by | |
3408 Germano Leichsenring. | |
3409 </li> | |
3410 <li> | |
3411 Filtering of results is
supported in command line interface. See | |
3412 the | |
3413 <a href="manual/index.ht
ml">FindBugs manual</a> for details. | |
3414 </li> | |
3415 <li> | |
3416 Added "byte code pattern
s", a general pattern matching | |
3417 infrastructure for bytec
ode instructions. This feature | |
3418 significantly reduces th
e complexity of implementing new bug | |
3419 pattern detectors. | |
3420 </li> | |
3421 <li> | |
3422 Enabled a new general da
taflow analysis to track values in | |
3423 methods. | |
3424 </li> | |
3425 <li> | |
3426 Switched to new control-
flow graph builder implementation. | |
3427 </li> | |
3428 </ul> | |
3429 | |
3430 <p> | |
3431 Changes since version 0.5.3 | |
3432 | |
3433 </p> | |
3434 <ul> | |
3435 <li> | |
3436 Fixed a bug in the scrip
t used to launch FindBugs on Windows | |
3437 platforms. | |
3438 </li> | |
3439 <li> | |
3440 Fixed crashes when analy
zing class files without source line | |
3441 information. | |
3442 </li> | |
3443 <li> | |
3444 All major errors are rep
orted using an error dialog; file not | |
3445 found errors are more in
formative. | |
3446 </li> | |
3447 <li> | |
3448 Minor GUI improvements. | |
3449 </li> | |
3450 </ul> | |
3451 | |
3452 <p> | |
3453 Changes since version 0.5.2 | |
3454 | |
3455 </p> | |
3456 <ul> | |
3457 <li> | |
3458 All of the source code a
nd related files are in a single | |
3459 directory tree. | |
3460 </li> | |
3461 <li> | |
3462 Updated some of the dete
ctors to produce source line information. | |
3463 </li> | |
3464 <li> | |
3465 <a href="http://ant.apac
he.org/">Ant</a> build script and several | |
3466 GUI enhancements and fix
es contributed by Mike Fagan. | |
3467 </li> | |
3468 <li> | |
3469 Converted to use a | |
3470 <a href="AddingDetectors
.txt">plugin architecture</a> for loading | |
3471 bug detectors. | |
3472 </li> | |
3473 <li> | |
3474 Eliminated generics-rela
ted compiler warnings. | |
3475 </li> | |
3476 <li> | |
3477 More complete documentat
ion has been added. | |
3478 </li> | |
3479 </ul> | |
3480 | |
3481 <p> | |
3482 Changes since version 0.5.1: | |
3483 </p> | |
3484 <ul> | |
3485 <li> | |
3486 Fixed a large number of
bugs in the BCEL Repository and | |
3487 FindBugs's use of the Re
pository. With these changes, | |
3488 FindBugs should | |
3489 <em>never</em> crash or
otherwise misbehave because of Repository | |
3490 lookup failures. B
ecause of these changes, you must use a | |
3491 modified version of | |
3492 <code> | |
3493 bcel.jar | |
3494 </code> | |
3495 with FindBugs. Thi
s jar file is included in the FindBugs | |
3496 0.5.2 binary release.&nb
sp; A complete patch containing the | |
3497 <a | |
3498 href="http://fac
ulty.ycp.edu/~dhovemey/bcel-30-April-2003.patch">modifications | |
3499 against the BCEL
CVS main branch as of April 30, 2003</a> is also | |
3500 available. | |
3501 </li> | |
3502 <li> | |
3503 Implemented the "auxilia
ry classpath entry list". Aux | |
3504 classpath entries can be
added to a project to provide classes | |
3505 that are referenced by t
he analyzed application, but should not | |
3506 themselves be analyzed.&
nbsp; Having all referenced classes | |
3507 available allows FindBug
s to produce more accurate results. | |
3508 </li> | |
3509 </ul> | |
3510 | |
3511 <p> | |
3512 Changes since version 0.5.0: | |
3513 </p> | |
3514 <ul> | |
3515 <li> | |
3516 Many user interface bugs
have been fixed. | |
3517 </li> | |
3518 <li> | |
3519 Upgraded to a recent CVS
version of BCEL, with some bug | |
3520 fixes. This should
prevent FindBugs from crashing when | |
3521 there is a failure to fi
nd a class on the classpath. | |
3522 </li> | |
3523 <li> | |
3524 Added support for Plasti
c look and feel from | |
3525 <a href="http://www.jgoo
dies.com/">jgoodies.com</a>. | |
3526 </li> | |
3527 <li> | |
3528 Major overhaul of infras
tructure for doing dataflow analysis. | |
3529 </li> | |
3530 </ul> | |
3531 | |
3532 | |
3533 <hr> <p> | 2793 <hr> <p> |
3534 <script language="JavaScript" type="text/javascript"> | 2794 <script language="JavaScript" type="text/javascript"> |
3535 <!---//hide script from old browsers | 2795 <!---//hide script from old browsers |
3536 document.write( "Last updated "+ document.lastModified + "." ); | 2796 document.write( "Last updated "+ document.lastModified + "." ); |
3537 //end hiding contents ---> | 2797 //end hiding contents ---> |
3538 </script> | 2798 </script> |
3539 <p> Send comments to <a class="sidebar" href="mailto:findbugs@cs.umd.edu">findbu
gs@cs.umd.edu</a> | 2799 <p> Send comments to <a class="sidebar" href="mailto:findbugs@cs.umd.edu">findbu
gs@cs.umd.edu</a> |
3540 <p> | 2800 <p> |
3541 <A href="http://sourceforge.net"><IMG src="http://sourceforge.net/sflogo.php?gro
up_id=96405&type=5" width="210" height="62" border="0" alt="SourceForge.net
Logo" /></A> | 2801 <A href="http://sourceforge.net"><IMG src="http://sourceforge.net/sflogo.php?gro
up_id=96405&type=5" width="210" height="62" border="0" alt="SourceForge.net
Logo" /></A> |
3542 | 2802 |
3543 » » » » </td> | 2803 » » » </td> |
3544 | 2804 |
3545 » » » </tr> | 2805 » » </tr> |
3546 » » </table> | 2806 » </table> |
3547 | 2807 |
3548 » </body> | 2808 </body> |
3549 | 2809 |
3550 </html> | 2810 </html> |
OLD | NEW |