Index: doc/Changes.html |
diff --git a/doc/Changes.html b/doc/Changes.html |
index 21b4551e1eab6bbf26e31f876a2faf62c2672315..c18d78ae58bcfa531c60c48b33796def478c657a 100644 |
--- a/doc/Changes.html |
+++ b/doc/Changes.html |
@@ -8,10 +8,10 @@ |
<body> |
- <table width="100%"> |
- <tr> |
+ <table width="100%"> |
+ <tr> |
- |
+ |
<td bgcolor="#b9b9fe" valign="top" align="left" width="20%"> |
<table width="100%" cellspacing="0" border="0"> |
<tr><td><a class="sidebar" href="index.html"><img src="umdFindbugs.png" alt="FindBugs"></a></td></tr> |
@@ -19,18 +19,20 @@ |
<tr><td> </td></tr> |
<tr><td><b>Docs and Info</b></td></tr> |
-<tr><td><font size="-1"><a class="sidebar" href="findbugs2.html">FindBugs 2.0</a></font></td></tr> |
-<tr><td><font size="-1"><a class="sidebar" href="demo.html">Demo and data</a></font></td></tr> |
-<tr><td><font size="-1"><a class="sidebar" href="users.html">Users and supporters</a></font></td></tr> |
-<tr><td><font size="-1"><a class="sidebar" href="http://findbugs.blogspot.com/">FindBugs blog</a></font></td></tr> |
-<tr><td><font size="-1"><a class="sidebar" href="factSheet.html">Fact sheet</a></font></td></tr> |
-<tr><td><font size="-1"><a class="sidebar" href="manual/index.html">Manual</a></font></td></tr> |
-<tr><td><font size="-1"><a class="sidebar" href="ja/manual/index.html">Manual(ja/日本語)</a></font></td></tr> |
-<tr><td><font size="-1"><a class="sidebar" href="FAQ.html">FAQ</a></font></td></tr> |
-<tr><td><font size="-1"><a class="sidebar" href="bugDescriptions.html">Bug descriptions</a></font></td></tr> |
-<tr><td><font size="-1"><a class="sidebar" href="mailingLists.html">Mailing lists</a></font></td></tr> |
-<tr><td><font size="-1"><a class="sidebar" href="publications.html">Documents and Publications</a></font></td></tr> |
-<tr><td><font size="-1"><a class="sidebar" href="links.html">Links</a></font></td></tr> |
+<tr><td><font size="-1"> <a class="sidebar" href="findbugs2.html">FindBugs 2.0</a></font></td></tr> |
+<tr><td><font size="-1"> <a class="sidebar" href="demo.html">Demo and data</a></font></td></tr> |
+<tr><td><font size="-1"> <a class="sidebar" href="users.html">Users and supporters</a></font></td></tr> |
+<tr><td><font size="-1"> <a class="sidebar" href="http://findbugs.blogspot.com/">FindBugs blog</a></font></td></tr> |
+<tr><td><font size="-1"> <a class="sidebar" href="factSheet.html">Fact sheet</a></font></td></tr> |
+<tr><td><font size="-1"> <a class="sidebar" href="manual/index.html">Manual</a></font></td></tr> |
+<tr><td><font size="-1"> <a class="sidebar" href="ja/manual/index.html">Manual(ja/日本語)</a></font></td></tr> |
+<tr><td><font size="-1"> <a class="sidebar" href="FAQ.html">FAQ</a></font></td></tr> |
+<tr><td><font size="-1"> <a class="sidebar" href="bugDescriptions.html">Bug descriptions</a></font></td></tr> |
+<tr><td><font size="-1"> <a class="sidebar" href="bugDescriptions_ja.html">Bug descriptions(ja/日本語)</a></font></td></tr> |
+<tr><td><font size="-1"> <a class="sidebar" href="bugDescriptions_fr.html">Bug descriptions(fr)</a></font></td></tr> |
+<tr><td><font size="-1"> <a class="sidebar" href="mailingLists.html">Mailing lists</a></font></td></tr> |
+<tr><td><font size="-1"> <a class="sidebar" href="publications.html">Documents and Publications</a></font></td></tr> |
+<tr><td><font size="-1"> <a class="sidebar" href="links.html">Links</a></font></td></tr> |
<tr><td> </td></tr> |
@@ -43,1444 +45,1497 @@ |
<tr><td> </td></tr> |
<tr><td><b>Development</b></td></tr> |
-<tr><td><font size="-1"><a class="sidebar" href="http://sourceforge.net/tracker/?group_id=96405">Open bugs</a></font></td></tr> |
-<tr><td><font size="-1"><a class="sidebar" href="reportingBugs.html">Reporting bugs</a></font></td></tr> |
-<tr><td><font size="-1"><a class="sidebar" href="contributing.html">Contributing</a></font></td></tr> |
-<tr><td><font size="-1"><a class="sidebar" href="team.html">Dev team</a></font></td></tr> |
-<tr><td><font size="-1"><a class="sidebar" href="api/index.html">API</a> <a class="sidebar" href="api/overview-summary.html">[no frames]</a></font></td></tr> |
-<tr><td><font size="-1"><a class="sidebar" href="Changes.html">Change log</a></font></td></tr> |
-<tr><td><font size="-1"><a class="sidebar" href="http://sourceforge.net/projects/findbugs">SF project page</a></font></td></tr> |
-<tr><td><font size="-1"><a class="sidebar" href="http://code.google.com/p/findbugs/source/browse/">Browse source</a></font></td></tr> |
-<tr><td><font size="-1"><a class="sidebar" href="http://code.google.com/p/findbugs/source/list">Latest code changes</a></font></td></tr> |
+<tr><td><font size="-1"> <a class="sidebar" href="http://sourceforge.net/tracker/?group_id=96405">Open bugs</a></font></td></tr> |
+<tr><td><font size="-1"> <a class="sidebar" href="reportingBugs.html">Reporting bugs</a></font></td></tr> |
+<tr><td><font size="-1"> <a class="sidebar" href="contributing.html">Contributing</a></font></td></tr> |
+<tr><td><font size="-1"> <a class="sidebar" href="team.html">Dev team</a></font></td></tr> |
+<tr><td><font size="-1"> <a class="sidebar" href="api/index.html">API</a> <a class="sidebar" href="api/overview-summary.html">[no frames]</a></font></td></tr> |
+<tr><td><font size="-1"> <a class="sidebar" href="Changes.html">Change log</a></font></td></tr> |
+<tr><td><font size="-1"> <a class="sidebar" href="http://sourceforge.net/projects/findbugs">SF project page</a></font></td></tr> |
+<tr><td><font size="-1"> <a class="sidebar" href="http://code.google.com/p/findbugs/source/browse/">Browse source</a></font></td></tr> |
+<tr><td><font size="-1"> <a class="sidebar" href="http://code.google.com/p/findbugs/source/list">Latest code changes</a></font></td></tr> |
</table> |
</td> |
- <td align="left" valign="top"> |
- |
- |
- <h1>FindBugs Change Log, Version 2.0.3</h1> |
- <ul> |
- <li>New Bug patterns: <a |
- href="http://findbugs.sourceforge.net/bugDescriptions.html#DM_BOXED_PRIMITIVE_FOR_PARSING">DM_BOXED_PRIMITIVE_FOR_PARSING</a>, |
- <a |
- href="http://findbugs.sourceforge.net/bugDescriptions.html#NP_METHOD_RETURN_RELAXING_ANNOTATION">NP_METHOD_RETURN_RELAXING_ANNOTATION</a>, |
- and |
- <a |
- href="http://findbugs.sourceforge.net/bugDescriptions.html#NP_METHOD_PARAMETER_TIGHTENS_ANNOTATION">NP_METHOD_PARAMETER_TIGHTENS_ANNOTATION</a> |
- </li> |
- <li>Add the ability in the GUI to save the currently viewable/filtered bugs to HTML output. |
- <li>When dataflow does't terminate, make sure we continue with |
- analysis. |
- |
- <li>Fix some problems that resulting in dataflow analysis not |
- terminating |
- |
- <li>Get parameter annotations from default parameters |
- annotations applied to the method. |
- <li>Add subversion change number to eclipse plugin qualifier. |
- |
- <li>Disabled detector for <a |
- href="http://findbugs.sourceforge.net/bugDescriptions.html#AM_CREATES_EMPTY_JAR_FILE_ENTRY">AM_CREATES_EMPTY_JAR_FILE_ENTRY</a>; |
- it complaints inappropriately about code that creates directory |
- entries. |
- |
- <li>Add warnings about incompatible types passed to |
- org.testng.Assert.assertEquals</li> |
- <li>Add logic that understands more of the Google Guava APIs. |
- <li>Disable type qualifier validator execution within Eclipse plugin; |
- too many problems with class loading and security manager (see #1154 Random obscure Eclipse failures) |
- <li>Consistently check both access flags and attributes to see if something is synthetic. Compiler is |
- inconsistent about where synthetic elements are marked. |
- |
- <li>Fixed false positives for the following bug patterns (17 |
- occurrences in findbugsTestCases): |
- <ul> |
- <li><a |
- href="http://findbugs.sourceforge.net/bugDescriptions.html#BC">BC</a> |
- <li><a |
- href="http://findbugs.sourceforge.net/bugDescriptions.html#BC_IMPOSSIBLE_INSTANCEOF">BC_IMPOSSIBLE_INSTANCEOF</a> |
- <li><a |
- href="http://findbugs.sourceforge.net/bugDescriptions.html#BC_UNCONFIRMED_CAST">BC_UNCONFIRMED_CAST</a> |
- <li><a |
- href="http://findbugs.sourceforge.net/bugDescriptions.html#EC_UNRELATED_TYPES">EC_UNRELATED_TYPES</a> |
- <li><a |
- href="http://findbugs.sourceforge.net/bugDescriptions.html#INT_BAD_COMPARISON_WITH_NONNEGATIVE_VALUE">INT_BAD_COMPARISON_WITH_NONNEGATIVE_VALUE</a> |
- <li><a |
- href="http://findbugs.sourceforge.net/bugDescriptions.html#IS2_INCONSISTENT_SYNC">IS2_INCONSISTENT_SYNC</a> |
- <li><a |
- href="http://findbugs.sourceforge.net/bugDescriptions.html#NP_NULL_PARAM_DEREF_ALL_TARGETS_DANGEROUS">NP_NULL_PARAM_DEREF_ALL_TARGETS_DANGEROUS</a> |
- <li><a |
- href="http://findbugs.sourceforge.net/bugDescriptions.html#OBL_UNSATISFIED_OBLIGATION">OBL_UNSATISFIED_OBLIGATION</a> |
- <li><a |
- href="http://findbugs.sourceforge.net/bugDescriptions.html#RCN_REDUNDANT_NULLCHECK_OF_NULL_VALUE">RCN_REDUNDANT_NULLCHECK_OF_NULL_VALUE</a> |
- <li><a |
- href="http://findbugs.sourceforge.net/bugDescriptions.html#SA_FIELD_SELF_COMPARISON">SA_FIELD_SELF_COMPARISON</a> |
- <li><a |
- href="http://findbugs.sourceforge.net/bugDescriptions.html#TQ_UNKNOWN_VALUE_USED_WHERE_ALWAYS_STRICTLY_REQUIRED">TQ_UNKNOWN_VALUE_USED_WHERE_ALWAYS_STRICTLY_REQUIRED</a> |
- </li> |
- </ul> |
- <li>Fixed false negatives for the following bug patterns (45 |
- occurrences in findbugsTestCases): |
- <ul> |
- <li><a |
- href="http://findbugs.sourceforge.net/bugDescriptions.html#BC_UNCONFIRMED_CAST">BC_UNCONFIRMED_CAST</a> |
- <li><a |
- href="http://findbugs.sourceforge.net/bugDescriptions.html#DM_NUMBER_CTOR">DM_NUMBER_CTOR</a> |
- <li><a |
- href="http://findbugs.sourceforge.net/bugDescriptions.html#EC_ARRAY_AND_NONARRAY">EC_ARRAY_AND_NONARRAY</a> |
- <li><a |
- href="http://findbugs.sourceforge.net/bugDescriptions.html#EC_INCOMPATIBLE_ARRAY_COMPARE">EC_INCOMPATIBLE_ARRAY_COMPARE</a> |
- <li><a |
- href="http://findbugs.sourceforge.net/bugDescriptions.html#EC_UNRELATED_TYPES">EC_UNRELATED_TYPES</a> |
- <li><a |
- href="http://findbugs.sourceforge.net/bugDescriptions.html#GC_UNRELATED_TYPES">GC_UNRELATED_TYPES</a> |
- <li><a |
- href="http://findbugs.sourceforge.net/bugDescriptions.html#IS_FIELD_NOT_GUARDED">IS_FIELD_NOT_GUARDED</a> |
- <li><a |
- href="http://findbugs.sourceforge.net/bugDescriptions.html#IT_NO_SUCH_ELEMENT">IT_NO_SUCH_ELEMENT</a> |
- <li><a |
- href="http://findbugs.sourceforge.net/bugDescriptions.html#JCIP_FIELD_ISNT_FINAL_IN_IMMUTABLE_CLASS">JCIP_FIELD_ISNT_FINAL_IN_IMMUTABLE_CLASS</a> |
- <li><a |
- href="http://findbugs.sourceforge.net/bugDescriptions.html#NP_NULL_ON_SOME_PATH">NP_NULL_ON_SOME_PATH</a> |
- <li><a |
- href="http://findbugs.sourceforge.net/bugDescriptions.html#NP_NONNULL_PARAM_VIOLATION">NP_NONNULL_PARAM_VIOLATION</a> |
- <li><a |
- href="http://findbugs.sourceforge.net/bugDescriptions.html#NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE">NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE</a> |
- <li><a |
- href="http://findbugs.sourceforge.net/bugDescriptions.html#NP_PARAMETER_MUST_BE_NONNULL_BUT_MARKED_AS_NULLABLE">NP_PARAMETER_MUST_BE_NONNULL_BUT_MARKED_AS_NULLABLE</a> |
- <li><a |
- href="http://findbugs.sourceforge.net/bugDescriptions.html#NP_STORE_INTO_NONNULL_FIELD">NP_STORE_INTO_NONNULL_FIELD</a> |
- <li><a |
- href="http://findbugs.sourceforge.net/bugDescriptions.html#RE_POSSIBLE_UNINTENDED_PATTERN">RE_POSSIBLE_UNINTENDED_PATTERN</a> |
- <li><a |
- href="http://findbugs.sourceforge.net/bugDescriptions.html#SA_FIELD_SELF_COMPARISON">SA_FIELD_SELF_COMPARISON</a> |
- </ul> |
- </ul> |
- <h1>FindBugs Change Log, Version 2.0.2</h1> |
- |
- <ul> |
- <li>Fix false positions for <a |
- href="http://findbugs.sourceforge.net/bugDescriptions.html#NP_NONNULL_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR">NP_NONNULL_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR</a> |
- - fixing <a |
- href="https://sourceforge.net/tracker/?func=detail&aid=3547559&group_id=96405&atid=614693">Bug3547559</a>, |
- <a |
- href="https://sourceforge.net/tracker/?func=detail&aid=3555408&group_id=96405&atid=614693">Bug3555408</a>, |
- <a |
- href="https://sourceforge.net/tracker/?func=detail&aid=3580266&group_id=96405&atid=614693">Bug3580266</a> |
- and <a |
- href="https://sourceforge.net/tracker/?func=detail&aid=3587164&group_id=96405&atid=614693">Bug3587164</a>. |
- |
- |
- </li> |
- <li>Fix false positives for <a |
- href="http://findbugs.sourceforge.net/bugDescriptions.html#SF_SWITCH_NO_DEFAULT">SF_SWITCH_NO_DEFAULT</a> |
- <li>Inline access methods for private fields, |
+ <td align="left" valign="top"> |
+ |
+ |
+ <h1>FindBugs Change Log, Version 3.0.0</h1> |
+ <ul> |
+ <li>FindBugs supports Java 8 now (both as runtime and target platform). |
+ <li>FindBugs requires minimum Java 7 as runtime environment! |
+ <li>FindBugs uses ASM 5 now which means that some 3rd party detectors based on FindBugs 2.x/ASM 3 has to be upgraded. |
+ See details in <a href="http://download.forge.objectweb.org/asm/asm4-guide.pdf#chapter.5">ASM documentation</a>. |
+ <li>New Bug patterns: |
+ <a |
+ href="http://findbugs.sourceforge.net/bugDescriptions.html#NP_OPTIONAL_RETURN_NULL">NP_OPTIONAL_RETURN_NULL</a>, |
+ <a |
+ href="http://findbugs.sourceforge.net/bugDescriptions.html#IIO_INEFFICIENT_INDEX_OF">IIO_INEFFICIENT_INDEX_OF</a>, |
+ <a |
+ href="http://findbugs.sourceforge.net/bugDescriptions.html#IIO_INEFFICIENT_LAST_INDEX_OF">IIO_INEFFICIENT_LAST_INDEX_OF</a> |
+ <a |
+ href="http://findbugs.sourceforge.net/bugDescriptions.html#CNT_ROUGH_CONSTANT_VALUE">CNT_ROUGH_CONSTANT_VALUE</a> |
+ </li> |
+ <li>New "Source" filter which can be used to filter out classes generated from other languages: |
+ <pre> |
+ <?xml version="1.0" encoding="UTF-8"?> |
+ <FindBugsFilter> |
+ <Match> |
+ <Source name="~.*\.groovy" /> |
+ </Match> |
+ </FindBugsFilter> |
+ </pre> |
+ </li> |
+ <li>New "-auxclasspathFromFile" and "-analyzeFromFile" command line options. |
+ </li> |
+ <li>New "nested" ant task attribute. |
+ </li> |
+ |
+ |
+ <!-- |
+ <li>Fixed false positives for the following bug patterns (XXX occurrences in findbugsTestCases): |
+ <ul> |
+ <li><a |
+ href="http://findbugs.sourceforge.net/bugDescriptions.html#XXX">XXX</a> |
+ </ul> |
+ </li> |
+ |
+ <li>Fixed false negatives for the following bug patterns (XXX occurrences in findbugsTestCases): |
+ <ul> |
+ <li><a |
+ href="http://findbugs.sourceforge.net/bugDescriptions.html#XXX">XXX</a> |
+ </ul> |
+ </li> |
+ --> |
+ |
+ <li>Various bug fixes, also many patches from community. Thanks for your contributions! |
+ </li> |
+ </ul> |
+ |
+ |
+ <h1>FindBugs Change Log, Version 2.0.3</h1> |
+ <ul> |
+ <li>New Bug patterns: <a |
+ href="http://findbugs.sourceforge.net/bugDescriptions.html#DM_BOXED_PRIMITIVE_FOR_PARSING">DM_BOXED_PRIMITIVE_FOR_PARSING</a>, |
+ <a |
+ href="http://findbugs.sourceforge.net/bugDescriptions.html#NP_METHOD_RETURN_RELAXING_ANNOTATION">NP_METHOD_RETURN_RELAXING_ANNOTATION</a>, |
+ and |
+ <a |
+ href="http://findbugs.sourceforge.net/bugDescriptions.html#NP_METHOD_PARAMETER_TIGHTENS_ANNOTATION">NP_METHOD_PARAMETER_TIGHTENS_ANNOTATION</a> |
+ </li> |
+ <li>Add the ability in the GUI to save the currently viewable/filtered bugs to HTML output. |
+ <li>When dataflow does't terminate, make sure we continue with |
+ analysis. |
+ |
+ <li>Fix some problems that resulting in dataflow analysis not |
+ terminating |
+ |
+ <li>Get parameter annotations from default parameters |
+ annotations applied to the method. |
+ <li>Add subversion change number to eclipse plugin qualifier. |
+ |
+ <li>Disabled detector for <a |
+ href="http://findbugs.sourceforge.net/bugDescriptions.html#AM_CREATES_EMPTY_JAR_FILE_ENTRY">AM_CREATES_EMPTY_JAR_FILE_ENTRY</a>; |
+ it complaints inappropriately about code that creates directory |
+ entries. |
+ |
+ <li>Add warnings about incompatible types passed to |
+ org.testng.Assert.assertEquals</li> |
+ <li>Add logic that understands more of the Google Guava APIs. |
+ <li>Disable type qualifier validator execution within Eclipse plugin; |
+ too many problems with class loading and security manager (see #1154 Random obscure Eclipse failures) |
+ <li>Consistently check both access flags and attributes to see if something is synthetic. Compiler is |
+ inconsistent about where synthetic elements are marked. |
+ |
+ <li>Fixed false positives for the following bug patterns (17 |
+ occurrences in findbugsTestCases): |
+ <ul> |
+ <li><a |
+ href="http://findbugs.sourceforge.net/bugDescriptions.html#BC">BC</a> |
+ <li><a |
+ href="http://findbugs.sourceforge.net/bugDescriptions.html#BC_IMPOSSIBLE_INSTANCEOF">BC_IMPOSSIBLE_INSTANCEOF</a> |
+ <li><a |
+ href="http://findbugs.sourceforge.net/bugDescriptions.html#BC_UNCONFIRMED_CAST">BC_UNCONFIRMED_CAST</a> |
+ <li><a |
+ href="http://findbugs.sourceforge.net/bugDescriptions.html#EC_UNRELATED_TYPES">EC_UNRELATED_TYPES</a> |
+ <li><a |
+ href="http://findbugs.sourceforge.net/bugDescriptions.html#INT_BAD_COMPARISON_WITH_NONNEGATIVE_VALUE">INT_BAD_COMPARISON_WITH_NONNEGATIVE_VALUE</a> |
+ <li><a |
+ href="http://findbugs.sourceforge.net/bugDescriptions.html#IS2_INCONSISTENT_SYNC">IS2_INCONSISTENT_SYNC</a> |
+ <li><a |
+ href="http://findbugs.sourceforge.net/bugDescriptions.html#NP_NULL_PARAM_DEREF_ALL_TARGETS_DANGEROUS">NP_NULL_PARAM_DEREF_ALL_TARGETS_DANGEROUS</a> |
+ <li><a |
+ href="http://findbugs.sourceforge.net/bugDescriptions.html#OBL_UNSATISFIED_OBLIGATION">OBL_UNSATISFIED_OBLIGATION</a> |
+ <li><a |
+ href="http://findbugs.sourceforge.net/bugDescriptions.html#RCN_REDUNDANT_NULLCHECK_OF_NULL_VALUE">RCN_REDUNDANT_NULLCHECK_OF_NULL_VALUE</a> |
+ <li><a |
+ href="http://findbugs.sourceforge.net/bugDescriptions.html#SA_FIELD_SELF_COMPARISON">SA_FIELD_SELF_COMPARISON</a> |
+ <li><a |
+ href="http://findbugs.sourceforge.net/bugDescriptions.html#TQ_UNKNOWN_VALUE_USED_WHERE_ALWAYS_STRICTLY_REQUIRED">TQ_UNKNOWN_VALUE_USED_WHERE_ALWAYS_STRICTLY_REQUIRED</a> |
+ </li> |
+ </ul> |
+ <li>Fixed false negatives for the following bug patterns (45 |
+ occurrences in findbugsTestCases): |
+ <ul> |
+ <li><a |
+ href="http://findbugs.sourceforge.net/bugDescriptions.html#BC_UNCONFIRMED_CAST">BC_UNCONFIRMED_CAST</a> |
+ <li><a |
+ href="http://findbugs.sourceforge.net/bugDescriptions.html#DM_NUMBER_CTOR">DM_NUMBER_CTOR</a> |
+ <li><a |
+ href="http://findbugs.sourceforge.net/bugDescriptions.html#EC_ARRAY_AND_NONARRAY">EC_ARRAY_AND_NONARRAY</a> |
+ <li><a |
+ href="http://findbugs.sourceforge.net/bugDescriptions.html#EC_INCOMPATIBLE_ARRAY_COMPARE">EC_INCOMPATIBLE_ARRAY_COMPARE</a> |
+ <li><a |
+ href="http://findbugs.sourceforge.net/bugDescriptions.html#EC_UNRELATED_TYPES">EC_UNRELATED_TYPES</a> |
+ <li><a |
+ href="http://findbugs.sourceforge.net/bugDescriptions.html#GC_UNRELATED_TYPES">GC_UNRELATED_TYPES</a> |
+ <li><a |
+ href="http://findbugs.sourceforge.net/bugDescriptions.html#IS_FIELD_NOT_GUARDED">IS_FIELD_NOT_GUARDED</a> |
+ <li><a |
+ href="http://findbugs.sourceforge.net/bugDescriptions.html#IT_NO_SUCH_ELEMENT">IT_NO_SUCH_ELEMENT</a> |
+ <li><a |
+ href="http://findbugs.sourceforge.net/bugDescriptions.html#JCIP_FIELD_ISNT_FINAL_IN_IMMUTABLE_CLASS">JCIP_FIELD_ISNT_FINAL_IN_IMMUTABLE_CLASS</a> |
+ <li><a |
+ href="http://findbugs.sourceforge.net/bugDescriptions.html#NP_NULL_ON_SOME_PATH">NP_NULL_ON_SOME_PATH</a> |
+ <li><a |
+ href="http://findbugs.sourceforge.net/bugDescriptions.html#NP_NONNULL_PARAM_VIOLATION">NP_NONNULL_PARAM_VIOLATION</a> |
+ <li><a |
+ href="http://findbugs.sourceforge.net/bugDescriptions.html#NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE">NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE</a> |
+ <li><a |
+ href="http://findbugs.sourceforge.net/bugDescriptions.html#NP_PARAMETER_MUST_BE_NONNULL_BUT_MARKED_AS_NULLABLE">NP_PARAMETER_MUST_BE_NONNULL_BUT_MARKED_AS_NULLABLE</a> |
+ <li><a |
+ href="http://findbugs.sourceforge.net/bugDescriptions.html#NP_STORE_INTO_NONNULL_FIELD">NP_STORE_INTO_NONNULL_FIELD</a> |
+ <li><a |
+ href="http://findbugs.sourceforge.net/bugDescriptions.html#RE_POSSIBLE_UNINTENDED_PATTERN">RE_POSSIBLE_UNINTENDED_PATTERN</a> |
+ <li><a |
+ href="http://findbugs.sourceforge.net/bugDescriptions.html#SA_FIELD_SELF_COMPARISON">SA_FIELD_SELF_COMPARISON</a> |
+ </ul> |
+ </ul> |
+ <h1>FindBugs Change Log, Version 2.0.2</h1> |
+ |
+ <ul> |
+ <li>Fix false positions for <a |
+ href="http://findbugs.sourceforge.net/bugDescriptions.html#NP_NONNULL_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR">NP_NONNULL_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR</a> |
+ - fixing <a |
+ href="https://sourceforge.net/tracker/?func=detail&aid=3547559&group_id=96405&atid=614693">Bug3547559</a>, |
+ <a |
+ href="https://sourceforge.net/tracker/?func=detail&aid=3555408&group_id=96405&atid=614693">Bug3555408</a>, |
+ <a |
+ href="https://sourceforge.net/tracker/?func=detail&aid=3580266&group_id=96405&atid=614693">Bug3580266</a> |
+ and <a |
+ href="https://sourceforge.net/tracker/?func=detail&aid=3587164&group_id=96405&atid=614693">Bug3587164</a>. |
+ |
+ |
+ </li> |
+ <li>Fix false positives for <a |
+ href="http://findbugs.sourceforge.net/bugDescriptions.html#SF_SWITCH_NO_DEFAULT">SF_SWITCH_NO_DEFAULT</a> |
+ <li>Inline access methods for private fields, |
fixing false positive in <a |
href="https://sourceforge.net/tracker/?func=detail&aid=3484713&group_id=96405&atid=614693">Bug3484713</a>. |
- |
+ |
<li>Type qualifier annotations, including nullness |
- annotations, are now ignored on vararg parameters (including |
- default and inherited annotations), awaiting JSR308. |
- <li>Defined new bug pattern to give better explanations of |
- issues involving strict type qualifiers <a |
- href="http://findbugs.sourceforge.net/bugDescriptions.html#TQ_UNKNOWN_VALUE_USED_WHERE_ALWAYS_STRICTLY_REQUIRED">TQ_UNKNOWN_VALUE_USED_WHERE_ALWAYS_STRICTLY_REQUIRED</a> |
- <li>Adjusted analysis of type qualifiers, now giving warnings |
- where a computed value is used in a place where a value with a |
- strict type qualifier is required. |
- <li>Complain about missing classes only if they are |
- encountered while analyzing application classes; ignore missing |
- classes that are encounted while analyzing classes loaded from the |
- auxclasspath. Fix for <a |
- href="https://sourceforge.net/tracker/?func=detail&aid=3588379&group_id=96405&atid=614693">Bug3588379</a> |
- <li>Fixed false positive null pointer warning coming from |
- synthetic bridge methods, fixing <a |
- href="https://sourceforge.net/tracker/?func=detail&aid=3589328&group_id=96405&atid=614693">Bug3589328</a> |
- <li>In general, suppress warnings in synthetic methods. |
- <li>Fix some false positives involving <a |
- href="http://findbugs.sourceforge.net/bugDescriptions.html#GC_UNRELATED_TYPES">GC_UNRELATED_TYPES</a> |
- on classes that extend generic collection classes. |
- |
- </li> |
- <li>Combine multiple identical warnings about |
+ annotations, are now ignored on vararg parameters (including |
+ default and inherited annotations), awaiting JSR308. |
+ <li>Defined new bug pattern to give better explanations of |
+ issues involving strict type qualifiers <a |
+ href="http://findbugs.sourceforge.net/bugDescriptions.html#TQ_UNKNOWN_VALUE_USED_WHERE_ALWAYS_STRICTLY_REQUIRED">TQ_UNKNOWN_VALUE_USED_WHERE_ALWAYS_STRICTLY_REQUIRED</a> |
+ <li>Adjusted analysis of type qualifiers, now giving warnings |
+ where a computed value is used in a place where a value with a |
+ strict type qualifier is required. |
+ <li>Complain about missing classes only if they are |
+ encountered while analyzing application classes; ignore missing |
+ classes that are encounted while analyzing classes loaded from the |
+ auxclasspath. Fix for <a |
+ href="https://sourceforge.net/tracker/?func=detail&aid=3588379&group_id=96405&atid=614693">Bug3588379</a> |
+ <li>Fixed false positive null pointer warning coming from |
+ synthetic bridge methods, fixing <a |
+ href="https://sourceforge.net/tracker/?func=detail&aid=3589328&group_id=96405&atid=614693">Bug3589328</a> |
+ <li>In general, suppress warnings in synthetic methods. |
+ <li>Fix some false positives involving <a |
+ href="http://findbugs.sourceforge.net/bugDescriptions.html#GC_UNRELATED_TYPES">GC_UNRELATED_TYPES</a> |
+ on classes that extend generic collection classes. |
+ |
+ </li> |
+ <li>Combine multiple identical warnings about |
<a |
href="http://findbugs.sourceforge.net/bugDescriptions.html#DM_DEFAULT_ENCODING">DM_DEFAULT_ENCODING</a> |
that occur in the same method, |
simplifying issue triage. |
- |
- <li>Changes by Andrey Loskutov |
- <ul> |
- <li>fixed job scheduling errors in 3.8/4.2 Eclipse <a |
- href="https://bugs.eclipse.org/bugs/show_bug.cgi?id=393748">bug |
- report</a> |
- <li>more realistic progress bar updates for jobs |
- <li>added nullness annotations for some common Eclipse API |
- methods known to usually return null values |
- <li>Added support for org.eclipse.jdt.annotation.Nullable, |
- NonNull and NonNullByDefault annotations (introduced with |
- Eclipse 3.8/4.2)</li> |
- </ul> |
- <li>Documentation improvements |
- <li><a href="http://code.google.com/p/findbugs/source/list">lots |
- of other small changes</a> |
- </ul> |
- <h1>FindBugs Change Log, Version 2.0.1</h1> |
- |
- <ul> |
- <li>New bug patterns; in some cases, bugs previous reported as |
- other bug patterns are reported as instances of these new bug |
- patterns in order to make it easier for developers to understand |
- the bug reports |
- <ul> |
- <li><a |
- href="http://findbugs.sourceforge.net/bugDescriptions.html#PT_ABSOLUTE_PATH_TRAVERSAL">PT_ABSOLUTE_PATH_TRAVERSAL</a></li> |
- <li><a |
- href="http://findbugs.sourceforge.net/bugDescriptions.html#PT_RELATIVE_PATH_TRAVERSAL">PT_RELATIVE_PATH_TRAVERSAL</a></li> |
- <li><a |
- href="http://findbugs.sourceforge.net/bugDescriptions.html#NP_NONNULL_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR">NP_NONNULL_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR</a></li> |
- <li><a |
- href="http://findbugs.sourceforge.net/bugDescriptions.html#MS_SHOULD_BE_REFACTORED_TO_BE_FINAL">MS_SHOULD_BE_REFACTORED_TO_BE_FINAL</a></li> |
- <li><a |
- href="http://findbugs.sourceforge.net/bugDescriptions.html#BC_UNCONFIRMED_CAST_OF_RETURN_VALUE">BC_UNCONFIRMED_CAST_OF_RETURN_VALUE</a></li> |
- <li><a |
- href="http://findbugs.sourceforge.net/bugDescriptions.html#PT_ABSOLUTE_PATH_TRAVERSAL">PT_ABSOLUTE_PATH_TRAVERSAL</a></li> |
- <li><a |
- href="http://findbugs.sourceforge.net/bugDescriptions.html#TQ_COMPARING_VALUES_WITH_INCOMPATIBLE_TYPE_QUALIFIERS">TQ_COMPARING_VALUES_WITH_INCOMPATIBLE_TYPE_QUALIFIERS</a></li> |
- </ul> |
- </li> |
- |
- <li>Changes to fix false negatives for the following bug |
- patterns: <a |
- href="http://findbugs.sourceforge.net/bugDescriptions.html#BC_UNCONFIRMED_CAST">BC_UNCONFIRMED_CAST</a>, |
- <a |
- href="http://findbugs.sourceforge.net/bugDescriptions.html#EC_BAD_ARRAY_COMPARE">EC_BAD_ARRAY_COMPARE</a>, |
- <a |
- href="http://findbugs.sourceforge.net/bugDescriptions.html#EQ_UNUSUAL">EQ_UNUSUAL</a>, |
- <a |
- href="http://findbugs.sourceforge.net/bugDescriptions.html#GC_UNRELATED_TYPES">GC_UNRELATED_TYPES</a>, |
- and <a |
- href="http://findbugs.sourceforge.net/bugDescriptions.html#NP_PARAMETER_MUST_BE_NONNULL_BUT_MARKED_AS_NULLABLE">NP_PARAMETER_MUST_BE_NONNULL_BUT_MARKED_AS_NULLABLE</a>. |
- </li> |
- |
- <li>Changes to fix false positions for the following bug |
- patterns: <a |
- href="http://findbugs.sourceforge.net/bugDescriptions.html#DMI_DOH">DMI_DOH</a>, |
- <a |
- href="http://findbugs.sourceforge.net/bugDescriptions.html#EC_UNRELATED_TYPES">EC_UNRELATED_TYPES</a>, |
- and <a |
- href="http://findbugs.sourceforge.net/bugDescriptions.html#SE_BAD_FIELD">SE_BAD_FIELD</a>. |
- </li> |
- </ul> |
- |
- <h1>FindBugs Change Log, Version 2.0.0</h1> |
- |
- <h2>Changes since version 1.3.8</h2> |
- <ul> |
- <li>New bug patterns; in some cases, bugs previous reported as |
- other bug patterns are reported as instances of these new bug |
- patterns in order to make it easier for developers to understand |
- the bug reports |
- <ul> |
- <li><a |
- href="http://findbugs.sourceforge.net/bugDescriptions.html#BC_IMPOSSIBLE_DOWNCAST ">BC_IMPOSSIBLE_DOWNCAST |
- </a></li> |
- <li><a |
- href="http://findbugs.sourceforge.net/bugDescriptions.html#BC_IMPOSSIBLE_DOWNCAST_OF_TOARRAY ">BC_IMPOSSIBLE_DOWNCAST_OF_TOARRAY |
- </a></li> |
- <li><a |
- href="http://findbugs.sourceforge.net/bugDescriptions.html#EC_INCOMPATIBLE_ARRAY_COMPARE ">EC_INCOMPATIBLE_ARRAY_COMPARE |
- </a></li> |
- <li><a |
- href="http://findbugs.sourceforge.net/bugDescriptions.html#JLM_JSR166_UTILCONCURRENT_MONITORENTER ">JLM_JSR166_UTILCONCURRENT_MONITORENTER |
- </a></li> |
- <li><a |
- href="http://findbugs.sourceforge.net/bugDescriptions.html#LG_LOST_LOGGER_DUE_TO_WEAK_REFERENCE ">LG_LOST_LOGGER_DUE_TO_WEAK_REFERENCE |
- </a></li> |
- <li><a |
- href="http://findbugs.sourceforge.net/bugDescriptions.html#NP_CLOSING_NULL ">NP_CLOSING_NULL |
- </a></li> |
- <li><a |
- href="http://findbugs.sourceforge.net/bugDescriptions.html#RC_REF_COMPARISON_BAD_PRACTICE ">RC_REF_COMPARISON_BAD_PRACTICE |
- </a></li> |
- <li><a |
- href="http://findbugs.sourceforge.net/bugDescriptions.html#RC_REF_COMPARISON_BAD_PRACTICE_BOOLEAN ">RC_REF_COMPARISON_BAD_PRACTICE_BOOLEAN |
- </a></li> |
- <li><a |
- href="http://findbugs.sourceforge.net/bugDescriptions.html#RV_RETURN_VALUE_OF_PUTIFABSENT_IGNORED ">RV_RETURN_VALUE_OF_PUTIFABSENT_IGNORED |
- </a></li> |
- <li><a |
- href="http://findbugs.sourceforge.net/bugDescriptions.html#SIC_THREADLOCAL_DEADLY_EMBRACE ">SIC_THREADLOCAL_DEADLY_EMBRACE |
- </a></li> |
- <li><a |
- href="http://findbugs.sourceforge.net/bugDescriptions.html#UR_UNINIT_READ_CALLED_FROM_SUPER_CONSTRUCTOR ">UR_UNINIT_READ_CALLED_FROM_SUPER_CONSTRUCTOR |
- </a></li> |
- <li><a |
- href="http://findbugs.sourceforge.net/bugDescriptions.html#VA_FORMAT_STRING_EXPECTED_MESSAGE_FORMAT_SUPPLIED ">VA_FORMAT_STRING_EXPECTED_MESSAGE_FORMAT_SUPPLIED |
- </a></li> |
- </ul> |
- </li> |
- <li>Providing a bug rank (1-20), and the ability to filter by |
- bug rank. Eventually, it will be possible to specify your own |
- rules for ranking bugs, but the procedure for doing so hasn't been |
- specified yet.</li> |
- <li>Fixed about <a |
- href="https://sourceforge.net/search/index.php?group_id=96405&search_summary=1&search_details=1&type_of_search=artifact&group_artifact_id%5B%5D=614693&open_date_start=2009-03-16&open_date_end=2009-08-20&form_submit=Search">45 |
- bugs filed</a> through SourceForge |
- </li> |
- <li>Various reclassifications and priority tweaks</li> |
- <li>Added more bug annotations to a variety of bug reports. |
- This provides more context for understanding bug reports (e.g., if |
- the value in question was is the return value of a method, the |
- method is described as the source of the value in a bug |
- annotation). This also provide more accurate tracking of issues |
- across versions of the code being analyzed, but has the downside |
- that when comparing results from FindBugs 1.3.8 and FindBugs 1.3.9 |
- on the same version of code being analyzed, FindBugs may think |
- that mistakenly believe that the issue reported by 1.3.8 was fixed |
- and a new issue was introduced that was reported by FindBugs |
- 1.3.9. While annoying, it would be unusual for more than a dozen |
- issues per million lines of codes to be mistracked.</li> |
- <li>Lots of internal changes moving towards FindBugs 2.0, but |
- these features are undocumented, not yet officially supported, and |
- subject to radical changes before FindBugs 2.0 is released.</li> |
- </ul> |
- |
- <p>Changes since version 1.3.8</p> |
- <ul> |
- <li>New bug patterns; in some cases, bugs previous reported as |
- other bug patterns are reported as instances of these new bug |
- patterns in order to make it easier for developers to understand |
- the bug reports |
- <ul> |
- <li><a |
- href="http://findbugs.sourceforge.net/bugDescriptions.html#BC_IMPOSSIBLE_DOWNCAST ">BC_IMPOSSIBLE_DOWNCAST |
- </a> |
- <li><a |
- href="http://findbugs.sourceforge.net/bugDescriptions.html#BC_IMPOSSIBLE_DOWNCAST_OF_TOARRAY ">BC_IMPOSSIBLE_DOWNCAST_OF_TOARRAY |
- </a> |
- <li><a |
- href="http://findbugs.sourceforge.net/bugDescriptions.html#EC_INCOMPATIBLE_ARRAY_COMPARE ">EC_INCOMPATIBLE_ARRAY_COMPARE |
- </a> |
- <li><a |
- href="http://findbugs.sourceforge.net/bugDescriptions.html#JLM_JSR166_UTILCONCURRENT_MONITORENTER ">JLM_JSR166_UTILCONCURRENT_MONITORENTER |
- </a> |
- <li><a |
- href="http://findbugs.sourceforge.net/bugDescriptions.html#LG_LOST_LOGGER_DUE_TO_WEAK_REFERENCE ">LG_LOST_LOGGER_DUE_TO_WEAK_REFERENCE |
- </a> |
- <li><a |
- href="http://findbugs.sourceforge.net/bugDescriptions.html#NP_CLOSING_NULL ">NP_CLOSING_NULL |
- </a> |
- <li><a |
- href="http://findbugs.sourceforge.net/bugDescriptions.html#RC_REF_COMPARISON_BAD_PRACTICE ">RC_REF_COMPARISON_BAD_PRACTICE |
- </a> |
- <li><a |
- href="http://findbugs.sourceforge.net/bugDescriptions.html#RC_REF_COMPARISON_BAD_PRACTICE_BOOLEAN ">RC_REF_COMPARISON_BAD_PRACTICE_BOOLEAN |
- </a> |
- <li><a |
- href="http://findbugs.sourceforge.net/bugDescriptions.html#RV_RETURN_VALUE_OF_PUTIFABSENT_IGNORED ">RV_RETURN_VALUE_OF_PUTIFABSENT_IGNORED |
- </a> |
- <li><a |
- href="http://findbugs.sourceforge.net/bugDescriptions.html#SIC_THREADLOCAL_DEADLY_EMBRACE ">SIC_THREADLOCAL_DEADLY_EMBRACE |
- </a> |
- <li><a |
- href="http://findbugs.sourceforge.net/bugDescriptions.html#UR_UNINIT_READ_CALLED_FROM_SUPER_CONSTRUCTOR ">UR_UNINIT_READ_CALLED_FROM_SUPER_CONSTRUCTOR |
- </a> |
- <li><a |
- href="http://findbugs.sourceforge.net/bugDescriptions.html#VA_FORMAT_STRING_EXPECTED_MESSAGE_FORMAT_SUPPLIED ">VA_FORMAT_STRING_EXPECTED_MESSAGE_FORMAT_SUPPLIED |
- </a> |
- </ul> |
- </li> |
- <li>Providing a bug rank (1-20), and the ability to filter by |
- bug rank. Eventually, it will be possible to specify your own |
- rules for ranking bugs, but the procedure for doing so hasn't been |
- specified yet.</li> |
- <li>Fixed about <a |
- href="https://sourceforge.net/search/index.php?group_id=96405&search_summary=1&search_details=1&type_of_search=artifact&group_artifact_id%5B%5D=614693&open_date_start=2009-03-16&open_date_end=2009-08-20&form_submit=Search">45 |
- bugs filed</a> through SourceForge |
- </li> |
- <li>Various reclassifications and priority tweaks</li> |
- <li>Added more bug annotations to a variety of bug reports. |
- This provides more context for understanding bug reports (e.g., if |
- the value in question was is the return value of a method, the |
- method is described as the source of the value in a bug |
- annotation). This also provide more accurate tracking of issues |
- across versions of the code being analyzed, but has the downside |
- that when comparing results from FindBugs 1.3.8 and FindBugs 1.3.9 |
- on the same version of code being analyzed, FindBugs may think |
- that mistakenly believe that the issue reported by 1.3.8 was fixed |
- and a new issue was introduced that was reported by FindBugs |
- 1.3.9. While annoying, it would be unusual for more than a dozen |
- issues per million lines of codes to be mistracked.</li> |
- <li>Lots of internal changes moving towards FindBugs 2.0, but |
- these features are undocumented, not yet officially supported, and |
- subject to radical changes before FindBugs 2.0 is released.</li> |
- </ul> |
- |
- <p>Changes since version 1.3.7</p> |
- <ul> |
- <li>Primarily another small bugfix release.</li> |
- <li>FindBugs base: |
- <ul> |
- <li>New Reports: |
- <ul> |
- <li>SF_SWITCH_NO_DEFAULT: missing default case in switch |
- statement.</li> |
- <li>SF_DEAD_STORE_DUE_TO_SWITCH_FALLTHROUGH_TO_THROW: |
- value ignored when switch fallthrough leads to thrown |
- exception.</li> |
- <li>INT_VACUOUS_BIT_OPERATION: bit operations that don't |
- do any meaningful work.</li> |
- <li>FB_UNEXPECTED_WARNING: warning generated that |
- conflicts with @NoWarning FindBugs annotation.</li> |
- <li>FB_MISSING_EXPECTED_WARNING: warning not generated |
- despite presence of @ExpectedWarning FindBugs annotation.</li> |
- <li>NOISE category: intended for use in data mining |
- experiments. |
- <ul> |
- <li>NOISE_NULL_DEREFERENCE: fake null point dereference |
- warning.</li> |
- <li>NOISE_METHOD_CALL: fake method call warning.</li> |
- <li>NOISE_FIELD_REFERENCE: fake field dereference |
- warning.</li> |
- <li>NOISE_OPERATION: fake operation warning.</li> |
- </ul> |
- </li> |
- </ul> |
- </li> |
- <li>Other: |
- <ul> |
- <li>Garvin Leclaire has created a new Apache Maven |
- repository for FindBugs at <a |
- href="http://code.google.com/p/findbugs/">the Google Code |
- FindBugs SVN repository</a>. (Thanks Garvin!) |
- </li> |
- </ul> |
- </li> |
- <li>Fixes: |
- <ul> |
- <li>[ 2317842 ] Highlighting broken in Windows</li> |
- <li>[ 2515908 ] check for oddness should track sign of |
- argument</li> |
- <li>[ 2487936 ] "L B GC" false pos cast from |
- Map.Entry.getKey() to Map.get()</li> |
- <li>[ 2528264 ] Ant tasks not compatible with Ant 1.7.1</li> |
- <li>[ 2539590 ] SF_SWITCH_FALLTHROUGH wrong message |
- reported</li> |
- <li>[ 2020066 ] Bug history displayed in fancy-hist.xsl is |
- incorrect</li> |
- <li>[ 2545098 ] Invalid character in analysis results file</li> |
- <li>[ 2492673 ] Plugin sites should specify "requires |
- Eclipse 3.3 or newer"</li> |
- <li>[ 2588044 ] a tiny typing error</li> |
- <li>[ 2589048 ] Documentation for convertXmlToText |
- insufficient</li> |
- <li>[ 2638739 ] NullPointerException when building</li> |
- </ul> |
- </li> |
- <li>Patches: |
- <ul> |
- <li>[ 2538184 ] Make BugCollection implement |
- Iterable<BugInstance> (thanks to Tomas Pollak)</li> |
- <li>[ 2249771 ] Add Maven2 Findbugs plugin link to the |
- Links page (thanks to Garvin Leclaire)</li> |
- <li>[ 2609526 ] Japanese manual update (thanks to K. |
- Hashimoto)</li> |
- <li>[ 2119482 ] CheckBcel checks for nonexistent classes |
- (thanks to Jerry James)</li> |
- </ul> |
- </li> |
- </ul> |
- </li> |
- <li>FindBugs Eclipse plugin: |
- <ul> |
- <li>Major feature enhancements (thanks to Andrey Loskutov). |
- See <a href="http://andrei.gmxhome.de/findbugs/index.html">this |
- overview</a> for more information. |
- </li> |
- <li>Major test improvements (thanks to Tomas Pollak).</li> |
- <li>Fixes: |
- <ul> |
- <li>[ 2532365 ] Compiler warning</li> |
- <li>[ 2522989 ] Fix filter files selection</li> |
- <li>[ 2504068 ] NullPointerException</li> |
- <li>[ 2640849 ] NPE in Eclipse plugin 1.3.7 and Eclipse |
- 3.5 M5</li> |
- </ul> |
- </li> |
- <li>Patches: |
- <ul> |
- <li>[ 2143140 ] Unchecked conversion fixes for Eclipse |
- plugin (thanks to Jerry James) |
- </ul> |
- </li> |
- </ul> |
- </li> |
- </ul> |
- |
- <p>Changes since version 1.3.6</p> |
- <ul> |
- <li>Overall, a small bugfix release. |
- <li>New detection of accidental vacuous/useless calls to |
- EasyMock methods, and of generic signatures that proclaim the use |
- of unhashable classes in ways that require that they be hashed. |
- <li>Eliminate some false positives where we were warning about |
- a useless call (e.g., comparing two incompatible types for |
- equality), but the only thing the code was doing with the result |
- was passing it to assertFalse. |
- <li>Japanese localization and manual by K.Hashimoto. (Thanks!) |
- |
- <li>Added -exclude and -outputDir command line options to |
- rejarForAnalysis |
- <li>Extended -adjustPriorities option to FindBugs analysis |
- textui so that you can modify the priorities of individual bug |
- patterns as well as visitors, and also completely suppress |
- individual bug patterns or visitors. |
- <ul> |
- <li>e.g., -adjustPriority |
- MS_SHOULD_BE_FINAL=suppress,MS_PKGPROTECT=suppress,EI_EXPOSE_REP=suppress,EI_EXPOSE_REP2=suppress,PZLA_PREFER_ZERO_LENGTH_ARRAYS=raise |
- |
- </ul> |
- </ul> |
- |
- |
- <p>Changes since version 1.3.5</p> |
- <ul> |
- <li>Added fairly exhaustive static analysis of uses of format |
- strings, checking for missing or extra arguements, invalid format |
- specifiers, or mismatched format specifiers and arguments (e.g, |
- passing a String value for a %d format specifier). The logic for |
- doing so is derived from Sun's java.util.Formatter class, and |
- available separately from FindBugs as part of the <a |
- href="https://jformatstring.dev.java.net/">jFormatString</a> |
- project. |
- <li>More tuning of the unsatisfied obligation detector. Since |
- this detector is still rather noisy and an unfinished research |
- project, I've moved the generated issues to a new category: |
- EXPERIMENTAL. |
- <li>Added check for <a |
- href="http://findbugs.sourceforge.net/bugDescriptions.html#BIT_ADD_OF_SIGNED_BYTE">BIT_ADD_OF_SIGNED_BYTE</a>; |
- similar to <a |
- href="http://findbugs.sourceforge.net/bugDescriptions.html#BIT_IOR_OF_SIGNED_BYTE">BIT_IOR_OF_SIGNED_BYTE</a>, |
- except that addition is being used to combine shifted signed |
- bytes. |
- <li>Changed detection of EI_EXPOSE_REP2, so we only report it |
- if the value stored is guaranteed to be the same value that was |
- passed in as a parameter. |
- <li>Added <a |
- href="http://findbugs.sourceforge.net/bugDescriptions.html#EQ_CHECK_FOR_OPERAND_NOT_COMPATIBLE_WITH_THIS">EQ_CHECK_FOR_OPERAND_NOT_COMPATIBLE_WITH_THIS</a>, |
- a warning when an equals method checks to see if an operand is an |
- instance of a class not compatible with itself. For example, if |
- the Foo class checks to see if the argument is an instance of |
- String. This is either a questionable design decision or a coding |
- mistake. |
- <li>Added <a |
- href="http://findbugs.sourceforge.net/bugDescriptions.html#DMI_INVOKING_HASHCODE_ON_ARRAY">DMI_INVOKING_HASHCODE_ON_ARRAY</a>, |
- which checks for invoking <code>hashCode()</code> on an array, |
- which returns a hash code that ignores the contents of the array. |
- |
- <li>Added checks for using <code>x.removeAll(x)</code> to |
- rather than <code>x.clear()</code> to clear an array. |
- <li>Add checks for calls such as <code>x.contains(x)</code>, <code>x.remove(x)</code> |
- and <code>x.containsAll(x)</code>. |
- <li>Improvements to Eclipse plugin (thanks to Andrey |
- Loskutov): |
- <ul> |
- <li>Report separate markers for each occurrence of an issue |
- that appears multiple times in a method |
- <li>fine tuning for reported markers: add only one marker |
- for fields, add marker on right position |
- <li>link bugs selected in bug explorer view to the opened |
- editor and vice versa |
- <li>select bugs selected in editor ruler in the opened bug |
- explorer view |
- <li>consistent abbreviations used in both bug explorer and |
- bug details view |
- <li>added "Expand All" button to the bug explorer view |
- <li>added "Go Into/Go Up" buttons to the bug explorer view |
- <li>added "Copy to clipboard" menu/functionality to the |
- details view list widget |
- <li>fix for CNF exception if loading the backup solution for |
- broken browser widget |
- </ul> |
- </ul> |
- |
- |
- |
- <p>Changes since version 1.3.4</p> |
- <ul> |
- <li>Analysis about 15% faster |
- <li><a |
- href="http://sourceforge.net/tracker/?atid=614693&group_id=96405&func=browse&status=closed">38 |
- bugs closed</a></li> |
- <li>New defect warnings: |
- <ul> |
- <li>calls to methods that always throw |
- UnsupportedOperationException (DMI_UNSUPPORTED_METHOD) |
- <li>repeated conditional tests (e.g., <code>if (x |
- < 0 || x < 0) ...</code>) (RpC_REPEATED_CONDITIONAL_TEST) |
- <li>Complete rewrite of detector for format string problems. |
- More accurate, finds more problems, generates more descriptive |
- reports, several different bug pattern |
- (VA_FORMAT_STRING_EXTRA_ARGUMENTS_PASSED, |
- VA_FORMAT_STRING_ILLEGAL, VA_FORMAT_STRING_MISSING_ARGUMENT, |
- VA_FORMAT_STRING_BAD_ARGUMENT, |
- VA_FORMAT_STRING_NO_PREVIOUS_ARGUMENT) |
- <li>Fairly complete implementation of JSR-305 custom type |
- qualifier analysis (no support for custom validators yet). |
- (TQ_MAYBE_SOURCE_VALUE_REACHES_NEVER_SINK |
- TQ_EXPLICIT_UNKNOWN_SOURCE_VALUE_REACHES_ALWAYS_SINK |
- TQ_EXPLICIT_UNKNOWN_SOURCE_VALUE_REACHES_NEVER_SINK) |
- <li>New detector for unsatisfied obligations such forgetting |
- to close a file (OBL_UNSATISFIED_OBLIGATION). |
- <li>Warning when a parameter is marked as nullable, but is |
- always dereferenced. |
- (NP_PARAMETER_MUST_BE_NONNULL_BUT_MARKED_AS_NULLABLE) |
- <lI>Separate warning for dereference the result of readLine |
- (NP_DEREFERENCE_OF_READLINE_VALUE) |
- </ul> |
- <li>When XML is generated with messages, the project stats now |
- include <FileStat> elements. For each source file, this |
- gives the path for the file, the total number of warnings for that |
- file, and a bugHash for the file. While the instanceHash for a bug |
- is intended to be version invariant (ignoring line numbers, etc), |
- the bugHash for a file is intended to reflect all the information |
- about the warnings in that file. The intended use case is that if |
- the bugHash for a file is the same in two analysis runs, then <em>nothing</em> |
- has changed about any of the warnings reported for that file |
- between the two analysis runs. |
- <li>More merging of similar issues within a method. For |
- example, if the result of readLine() is dereferences multiple |
- times within a method, it will be reported as a single warning |
- with occurrences at multiple source lines. |
- </ul> |
- <p>Changes since version 1.3.3</p> |
- |
- <ul> |
- <li>FindBugs base |
- <ul> |
- <li>New Reports: |
- <ul> |
- <li>EQ_OVERRIDING_EQUALS_NOT_SYMMETRIC: equals method |
- overrides equals in superclass and may not be symmetric</li> |
- <li>EQ_ALWAYS_TRUE: equals method always returns true</li> |
- <li>EQ_ALWAYS_FALSE: equals method always returns false</li> |
- <li>EQ_COMPARING_CLASS_NAMES: equals method compares class |
- names rather than class objects</li> |
- <li>EQ_UNUSUAL: Unusual equals method</li> |
- <li>EQ_GETCLASS_AND_CLASS_CONSTANT: equals method fails |
- for subtypes</li> |
- <li>SE_READ_RESOLVE_IS_STATIC: The readResolve method must |
- not be declared as a static method.</li> |
- <li>SE_PRIVATE_READ_RESOLVE_NOT_INHERITED: private |
- readResolve method not inherited by subclasses</li> |
- <li>MSF_MUTABLE_SERVLET_FIELD: Mutable servlet field</li> |
- <li>XSS_REQUEST_PARAMETER_TO_SEND_ERROR: Servlet reflected |
- cross site scripting vulnerability</li> |
- <li>SKIPPED_CLASS_TOO_BIG: Class too big for analysis</li> |
- </ul> |
- </li> |
- <li>Other: |
- <ul> |
- <li>Value-number analysis now more space-efficient</li> |
- <li>Enhancements to reduce memory overhead when analyzing |
- very large classes</li> |
- <li>Now skips very large classes that would otherwise take |
- too much time and memory to analyze</li> |
- <li>Infrastructure for tracking effectively-constant/ |
- effectively-final fields</li> |
- <li>Added more cweids</li> |
- <li>Enhanced taint tracking for taint-based detectors</li> |
- <li>Ignore doomed calls to equals if result is used as an |
- argument to assertFalse</li> |
- <li>EQ_OVERRIDING_EQUALS_NOT_SYMMETRIC handles compareTo</li> |
- <li>Priority tweak for ICAST_INTEGER_MULTIPLY_CAST_TO_LONG |
- (only low priority if multiplying by 1000)</li> |
- <li>Improved tracking of fields across method calls</li> |
- </ul> |
- </li> |
- <li>Fixes: |
- <ul> |
- <li>[ 1941450 ] DLS_DEAD_LOCAL_STORE not reported</li> |
- <li>[ 1953323 ] Omitted break statement in |
- SynchronizeAndNullCheckField</li> |
- <li>[ 1942620 ] Source Directories selection dialog |
- interface confusion (partial)</li> |
- <li>[ 1948275 ] Unhelpful "Load of known null"</li> |
- <li>[ 1933922 ] MWM error in findbugs</li> |
- <li>[ 1934772 ] 1.3.3 appears to rely on JDK 1.6, JNLP |
- still specifies 1.5</li> |
- <li>[ 1933945 ] -loadbugs doesn't work</li> |
- <li>Fixed problems for class names starting with '$'</li> |
- <li>Fixed bugs and incomplete handling of annotations in |
- VersionInsensitiveBugComparator</li> |
- </ul> |
- </li> |
- <li>Patches: |
- <ul> |
- <li>[ 1955106 ] Javadoc fixes</li> |
- <li>[ 1951930 ] Superfluous import statements (thanks to |
- Jerry James)</li> |
- <li>[ 1951907 ] Missing @Deprecated annotations (thanks to |
- Jerry James)</li> |
- <li>[ 1951876 ] Infonode Docking Windows compile fix |
- (thanks to Jerry James)</li> |
- <li>[ 1936055 ] bugfix for findbugs.de.comment not working |
- (thanks to Peter Fokkinga) |
- </ul> |
- </li> |
- </ul> |
- <li>FindBugs BlueJ plugin |
- <ul> |
- <li>Updated to use FindBugs 1.3.4 (first new release since |
- 1.1.3)</li> |
- </ul> |
- </li> |
- </ul> |
- |
- <p>Changes since version 1.3.2</p> |
- |
- <ul> |
- <li>FindBugs base |
- <ul> |
- <li>New Detectors: |
- <ul> |
- <li>FieldItemSummary: Produces summary information for |
- what is stored into fields</li> |
- <li>SynchronizeOnClassLiteralNotGetClass: Look for code |
- that synchronizes on the results of getClass rather than on |
- class literals</li> |
- <li>SynchronizingOnContentsOfFieldToProtectField: This |
- detector looks for code that seems to be synchronizing on a |
- field in order to guard updates of that field</li> |
- </ul> |
- </li> |
- <li>New BugCode: |
- <ul> |
- <li>HRS: HTTP Response splitting vulnerability</li> |
- <li>WL: Possible locking on wrong object</li> |
- </ul> |
- </li> |
- <li>New Reports: |
- <ul> |
- <li>DMI_CONSTANT_DB_PASSWORD: This code creates a database |
- connect using a hard coded, constant password</li> |
- <li>HRS_REQUEST_PARAMETER_TO_COOKIE: HTTP cookie formed |
- from untrusted input</li> |
- <li>HRS_REQUEST_PARAMETER_TO_HTTP_HEADER: HTTP parameter |
- directly written to HTTP header output</li> |
- <li>CN_IMPLEMENTS_CLONE_BUT_NOT_CLONEABLE: Class defines |
- clone() but doesn't implement Cloneable</li> |
- <li>DL_SYNCHRONIZATION_ON_BOXED_PRIMITIVE: Synchronization |
- on boxed primitive could lead to deadlock</li> |
- <li>DL_SYNCHRONIZATION_ON_BOOLEAN: Synchronization on |
- Boolean could lead to deadlock</li> |
- <li>ML_SYNC_ON_FIELD_TO_GUARD_CHANGING_THAT_FIELD: |
- Synchronization on field in futile attempt to guard that field |
- </li> |
- <li>DLS_DEAD_LOCAL_STORE_IN_RETURN: Useless assignment in |
- return statement</li> |
- <li>WL_USING_GETCLASS_RATHER_THAN_CLASS_LITERAL: |
- Synchronization on getClass rather than class literal</li> |
- </ul> |
- </li> |
- <li>Other: |
- <ul> |
- <li>Many enhancements to cross-site scripting detector and |
- its documentation</li> |
- <li>Enhanced switch fall through handling</li> |
- <li>Enhanced unread field handling (look for IF_ACMPEQ and |
- IF_ACMPNE)</li> |
- <li>Clarified documentation for @Nullable in manual</li> |
- <li>Fewer DeadLocalStore false positives</li> |
- <li>Fewer UnreadField false positives</li> |
- <li>Fewer StaticCalendarDetector false positives</li> |
- <li>Performance fix for slow file system IO e.g. Clearcase |
- repositories (thanks, Andrei!)</li> |
- <li>Other, general performance enhancements (thanks, |
- Andrei!)</li> |
- <li>Enhancements for using FindBugs scripts with MKS on |
- Windows (thanks, Kelly O'Hair!)</li> |
- <li>Noted in the manual that jsr305.jar must be present |
- for annotations to compile</li> |
- <li>Added and fine-tuned default-nullness annotations</li> |
- <li>More CWE IDs added</li> |
- <li>Check and warning for unexpected BCEL version in |
- classpath</li> |
- </ul> |
- </li> |
- <li>Fixes: |
- <ul> |
- <li>Bug fix to handling of local variable tables in BCEL</li> |
- <li>Refined documentation for |
- MTIA_SUSPECT_STRUTS_INSTANCE_FIELD</li> |
- <li>[ 1927295 ] NPE when called on project root</li> |
- <li>[ 1926405 ] Incorrect dead store warning</li> |
- <li>[ 1926409 ] Incorrect redundant nullcheck warning</li> |
- <li>[ 1926389 ] Wrong line number printed/highlighted in |
- bug</li> |
- <li>[ 1927040 ] typo in bug description</li> |
- <li>[ 1926263 ] Minor glitch in HTML output</li> |
- <li>[ 1926240 ] Minor error in standard options in manual</li> |
- <li>[ 1926236 ] Minor bug in installation section of |
- manual</li> |
- <li>[ 1925539 ] ZIP is default file system code base</li> |
- <li>[ 1894701 ] Livelock / memory leak in |
- ObjectTypeFactory (thanks, Andrei!)</li> |
- <li>[ 1867491 ] Doesn't reload annotations after code |
- changes in IDE (thanks, Andrei!)</li> |
- <li>[ 1921399 ] -project option not supported</li> |
- <li>[ 1913834 ] "Dead" store to variable with method call</li> |
- <li>[ 1917352 ] H B se:...field in serializable class</li> |
- <li>[ 1911617 ] CloneIdiom relies on |
- getNameConstantOperand for INSTANCEOF</li> |
- <li>[ 1911620 ] False +: DLS predecrement before return</li> |
- <li>[ 1871376 ] False negative: non-serializable Map field</li> |
- <li>[ 1871051 ] non standard clone() method</li> |
- <li>[ 1908854 ] Error in TestASM</li> |
- <li>[ 1907539 ] 22 minor errors in bug checker |
- documentation</li> |
- <li>[ 1897323 ] EJB implementation class false positives</li> |
- <li>[ 1899648 ] Crash on startup on Vista with Java |
- 1.6.0_04</li> |
- </ul> |
- </li> |
- </ul> |
- </li> |
- <li>FindBugs Eclipse plugin (change log by Andrey Loskutov) |
- <ul> |
- <li>new feature: export basic FindBugs numbers for projects |
- via File->Export->Java->BugCounts (Andrey Loskutov)</li> |
- <li>new feature: jobs for different projects will be run in |
- parallel per default if running on a multi-core PC |
- ("fb.allowParallelBuild" system property not used anymore) |
- (Andrey Loskutov)</li> |
- <li>fixed performance slowdown in the multi-threaded build, |
- caused by workspace operation locks during assigning marker |
- attributes (Andrey Loskutov)</li> |
- </ul> |
- </li> |
- </ul> |
- |
- <p>Changes since version 1.3.1</p> |
- |
- <ul> |
- <li>FindBugs base |
- <ul> |
- <li>New Bug Category: |
- <ul> |
- <li>SECURITY (Abbrev: S), A use of untrusted input in a |
- way that could create a remotely exploitable security |
- vulnerability</li> |
- </ul> |
- </li> |
- <li>New Detectors: |
- <ul> |
- <li>CrossSiteScripting: This detector looks for |
- obvious/blatant cases of cross site scripting vulnerabilities</li> |
- </ul> |
- </li> |
- <li>New BugCode: |
- <ul> |
- <li>XSS: Cross site scripting</li> |
- </ul> |
- </li> |
- <li>New Reports: |
- <ul> |
- <li>XSS_REQUEST_PARAMETER_TO_SERVLET_WRITER: HTTP |
- parameter directly written to Servlet output, giving XSS |
- vulnerability</li> |
- <li>XSS_REQUEST_PARAMETER_TO_JSP_WRITER: HTTP parameter |
- directly written to JSP output, giving XSS vulnerability</li> |
- <li>EQ_OTHER_USE_OBJECT: equals() method defined that |
- doesn't override Object.equals(Object)</li> |
- <li>EQ_OTHER_NO_OBJECT: equals() method inherits rather |
- than overrides equals(Object)</li> |
- <li>NP_NULL_ON_SOME_PATH_MIGHT_BE_INFEASIBLE: Possible |
- null pointer dereference on path that might be infeasible</li> |
- </ul> |
- </li> |
- <li>Other: |
- <ul> |
- <li>Added -noClassOk command-line parameter to |
- command-line and ant interfaces; when -noClassOk is specified |
- and no classfiles are given, FindBugs will print a warning |
- message and output a well- formed file with no warnings</li> |
- <li>Fewer false positives for null pointer bugs</li> |
- <li>Suppress dead-local-store false positives in .jsp code</li> |
- <li>Type fixes in warning messages</li> |
- <li>Better warning message for NP_NULL_ON_SOME_PATH</li> |
- <li>"WMI" bug code description renamed from "Wrong Map |
- Iterator" to "Inefficient Map Iterator"</li> |
- </ul> |
- </li> |
- <li>Fixes: |
- <ul> |
- <li>[ 1893048 ] FindBugs confused by a findbugs.xml file</li> |
- <li>[ 1878528 ] XSL xforms don't support history features</li> |
- <li>[ 1876584 ] two default.xsl flaws</li> |
- <li>[ 1874856 ] Format string bug detector doesn't handle |
- special operators</li> |
- <li>[ 1872645 ] computeBugHistory - |
- java.lang.IllegalArgumentException</li> |
- <li>[ 1872237 ] Ant task fails when no .class files</li> |
- <li>[ 1868670 ] Filters: include AND exclude don't allowed</li> |
- <li>[ 1868666 ] check-for-oddness reported, but array |
- length can never be negative</li> |
- <li>[ 1866108 ] SetBugDatabaseInfoTask strips dir from |
- output filename</li> |
- <li>[ 1866021 ] MineBugHistoryTask strips dir of output |
- filename</li> |
- <li>[ 1865265 ] code doesn't handle |
- StringBuffer.append([CII) right</li> |
- <li>[ 1864793 ] Warning when casting a null reference |
- compared to a String</li> |
- <li>[ 1863376 ] Typo in manual chap 8: Filter Files</li> |
- <li>[ 1862705 ] Transient fields that default to null</li> |
- <li>[ 1842545 ] DLS on catch variable (with priority |
- tweaking)</li> |
- <li>[ 1816258 ] false positive BC_IMPOSSIBLE_CAST</li> |
- <li>[ 1551732 ] Get erroneous DLS with while loop</li> |
- </ul> |
- </li> |
- </ul> |
- </li> |
- <li>FindBugs Eclipse plugin (change log by Andrey Loskutov) |
- <ul> |
- <li>new feature: added Bug explorer view (replacing Bug tree |
- view), based on Common Navigator framework (Andrey Loskutov)</li> |
- <li>bug 1873860 fixed: empty projects are no longer shown in |
- Bug tree view (Andrey Loskutov)</li> |
- <li>new feature: bug counts decorators for projects, folders |
- and files (has to be activated via Preferences -> general |
- -> appearance -> label decorations)(Andrey Loskutov)</li> |
- <li>patch 1746499: better icons (Alessandro Nistico)</li> |
- <li>patch 1893685: Find bug actions on change sets bug |
- (Alessandro Nistico)</li> |
- <li>fixed bug 1855384: Bug configuration is broken in |
- Eclipse (Andrey Loskutov)</li> |
- <li>refactored FindBugs properties page (Andrey Loskutov)</li> |
- <li>refactored FindBugs worker/builder/run action (Andrey |
- Loskutov)</li> |
- <li>FB detects now only bugs from classes on project's |
- classpath (no double work on duplicated class files) (Andrey |
- Loskutov)</li> |
- <li>fixed bug introduced by the bad patch for 1867951: FB |
- cannot be executed incrementally on a folder of file (Andrey |
- Loskutov)</li> |
- <li>fixed job rule: now jobs for different projects may run |
- in parallel if running on a multi-core PC and |
- "fb.allowParallelBuild" system property is set to true (Andrey |
- Loskutov)</li> |
- <li>fixed FB auto-build not started if .fbprefs or |
- .classpath was changed (Andrey Loskutov)</li> |
- <li>fixed not reporting bugs on secondary types (classes |
- defined in java files with different name) (Andrey Loskutov)</li> |
- </ul> |
- </li> |
- </ul> |
- |
- <p>Changes since version 1.3.0</p> |
- <ul> |
- <li>New Reports |
- <ul> |
- <li>VA_FORMAT_STRING_ARG_MISMATCH: A format-string method |
- with a variable number of arguments is called, but the number of |
- arguments passed does not match with the number of % |
- placeholders in the format string. This is probably not what the |
- author intended. |
- <li>IO_APPENDING_TO_OBJECT_OUTPUT_STREAM: This code opens a |
- file in append mode and that wraps the result in an object |
- output stream. This won't allow you to append to an existing |
- object output stream stored in a file. If you want to be able to |
- append to an object output stream, you need to keep the object |
- output stream open. The only situation in which opening a file |
- in append mode and the writing an object output stream could |
- work is if on reading the file you plan to open it in random |
- access mode and seek to the byte offset where the append |
- started. |
- <li>NP_BOOLEAN_RETURN_NULL: A method that returns either |
- Boolean.TRUE, Boolean.FALSE or null is an accident waiting to |
- happen. This method can be invoked as though it returned a value |
- of type boolean, and the compiler will insert automatic unboxing |
- of the Boolean value. If a null value is returned, this will |
- result in a NullPointerException. |
- </ul> |
- </li> |
- <li>Changes to Existing Reports |
- <ul> |
- <li>RV_DONT_JUST_NULL_CHECK_READLINE: CORRECTNESS -> |
- STYLE</li> |
- <li>DMI_INVOKING_TOSTRING_ON_ARRAY: Long description |
- mentions array name whenever possible</li> |
- </ul> |
- </li> |
- <li>Fixes: |
- <ul> |
- <li>Updated manual to mention that Java 1.5 is now a |
- requirement for running FindBugs |
- <li>Applied patch 1840206 fixing issue "Ant task does not |
- work when presetdef is used" - thanks to phejl |
- <li>Applied patch 1778690 fixing issue "Ant task: tolerate |
- but complain about invalid auxClasspath" - thanks to David |
- Schmidt |
- <li>Applied patch 1852125 adding a Chinese-language GUI |
- bundle props file - thanks to fifi |
- <li>Applied patch 1845903 adding ability to load XML results |
- with the Eclipse plugin - thanks to Alex Mont |
- <li>Fixed issue 1844671 - "FP for "reversed" null check in |
- catch for stream close" |
- <li>Fixed issue 1836050 - "-onlyAnalyze broken" |
- <li>Fixed issue 1853011 - "Typo: Field names should start |
- with aN lower case letter" |
- <li>Fixed issue 1844181 - "JNLP file does not contain all |
- necessary JARs" |
- <li>Fixed issue 1840245 - "xxxException class does not |
- derive from Exception" |
- <li>Fixed issue 1840277 - "[M D EC] Typo in bug |
- documentation" |
- <li>Fixed issue 1782447 - "OutOfMemoryError if i activate |
- Findbugs on my project" |
- <li>Fixed issue 1830576 - "[regression] keySet/entrySet |
- false positive" |
- </ul> |
- </li> |
- <li>Other: |
- <ul> |
- <li>New bug code: "IO" (for |
- IO_APPENDING_TO_OBJECT_OUTPUT_STREAM)</li> |
- <li>Added "-onlyMostRecent" option for computeBugHistory |
- script/ant task |
- <li>More explicit language in |
- RV_RETURN_VALUE_IGNORED_BAD_PRACTICE messages |
- <li>Modified ResourceValueAnalysis to correctly identify |
- null == X or null != X as a null check (for issue 1844671) |
- <li>Modified DMI_HARDCODED_ABSOLUTE_FILENAME logic in |
- DumbMethodInvocations to ignore files from /etc or /dev and |
- increase priority of files from /home |
- <li>Better bug details for infinite loop warnings |
- <li>Modified unread-fields detector to reduce false |
- positives from reflective fields |
- <li>build.xml "classes" target now builds all sources in one |
- step |
- </ul> |
- </li> |
- </ul> |
- |
- <p>Changes since version 1.2.1</p> |
- <ul> |
- <li>New Detectors and Reports |
- <ul> |
- <li>SynchronizationOnSharedBuiltinConstant |
- <ul> |
- <li>DL_SYNCHRONIZATION_ON_SHARED_CONSTANT: The code |
- synchronizes on a shared primitive constant, such as an |
- interned String. Such constants are interned and shared across |
- all other classes loaded by the JVM. Thus, this could be |
- locking on something that other code might also be locking. |
- This could result in very strange and hard to diagnose |
- blocking and deadlock behavior. See <a |
- href="http://www.javalobby.org/java/forums/t96352.html">http://www.javalobby.org/java/forums/t96352.html</a> |
- and <a href="http://jira.codehaus.org/browse/JETTY-352">http://jira.codehaus.org/browse/JETTY-352</a>. |
- |
- </ul> |
- </li> |
- <li>OverridingEqualsNotSymmetrical |
- <ul> |
- <li>EQ_OVERRIDING_EQUALS_NOT_SYMMETRIC: Looks for equals |
- methods that override equals methods in a superclass where the |
- equivalence relationship might not be symmetrical. |
- </ul> |
- </li> |
- <li>CheckTypeQualifiers |
- <ul> |
- <li>TQ_ALWAYS_VALUE_USED_WHERE_NEVER_REQUIRED: A value |
- specified as carrying a type qualifier annotation is consumed |
- in a location or locations requiring that the value not carry |
- that annotation. More precisely, a value annotated with a type |
- qualifier specifying when=ALWAYS is guaranteed to reach a use |
- or uses where the same type qualifier specifies when=NEVER.</li> |
- <li>TQ_NEVER_VALUE_USED_WHERE_ALWAYS_REQUIRED: A value |
- specified as not carrying a type qualifier annotation is |
- guaranteed to be consumed in a location or locations requiring |
- that the value does carry that annotation. More precisely, a |
- value annotated with a type qualifier specifying when=NEVER is |
- guaranteed to reach a use or uses where the same type |
- qualifier specifies when=ALWAYS.</li> |
- <li>TQ_MAYBE_SOURCE_VALUE_REACHES_ALWAYS_SINK: A value |
- that might not carry a type qualifier annotation reaches a use |
- which requires that annotation.</li> |
- <li>TQ_MAYBE_SOURCE_VALUE_REACHES_NEVER_SINK: A value |
- which might carry a type qualifier annotation reaches a use |
- which forbids values carrying that annotation.</li> |
- </ul> |
- </li> |
- </ul> |
- </li> |
- <li>New Reports (existing detectors) |
- <ul> |
- <li>FindHEmismatch |
- <ul> |
- <li>EQ_DOESNT_OVERRIDE_EQUALS: This class extends a class |
- that defines an equals method and adds fields, but doesn't |
- define an equals method itself. Thus, equality on instances of |
- this class will ignore the identity of the subclass and the |
- added fields. Be sure this is what is intended, and that you |
- don't need to override the equals method. Even if you don't |
- need to override the equals method, consider overriding it |
- anyway to document the fact that the equals method for the |
- subclass just return the result of invoking super.equals(o).</li> |
- </ul> |
- </li> |
- <li>Naming |
- <ul> |
- <li>NM_WRONG_PACKAGE, NM_WRONG_PACKAGE_INTENTIONAL: The |
- method in the subclass doesn't override a similar method in a |
- superclass because the type of a parameter doesn't exactly |
- match the type of the corresponding parameter in the |
- superclass.</li> |
- <li>NM_SAME_SIMPLE_NAME_AS_SUPERCLASS: This class has a |
- simple name that is identical to that of its superclass, |
- except that its superclass is in a different package (e.g., <code>alpha.Foo</code> |
- extends <code>beta.Foo</code>). This can be exceptionally |
- confusing, create lots of situations in which you have to look |
- at import statements to resolve references and creates many |
- opportunities to accidently define methods that do not |
- override methods in their superclasses. |
- </li> |
- <li>NM_SAME_SIMPLE_NAME_AS_INTERFACE: This class/interface |
- has a simple name that is identical to that of an |
- implemented/extended interface, except that the interface is |
- in a different package (e.g., <code>alpha.Foo</code> extends <code>beta.Foo</code>). |
- This can be exceptionally confusing, create lots of situations |
- in which you have to look at import statements to resolve |
- references and creates many opportunities to accidently define |
- methods that do not override methods in their superclasses. |
- </li> |
- </ul> |
- <li>FindRefComparison |
- <ul> |
- <li>EC_UNRELATED_TYPES_USING_POINTER_EQUALITY: This method |
- uses using pointer equality to compare two references that |
- seem to be of different types. The result of this comparison |
- will always be false at runtime.</li> |
- </ul> |
- </li> |
- <li>IncompatMask |
- <ul> |
- <li>BIT_SIGNED_CHECK, BIT_SIGNED_CHECK_HIGH_BIT: This |
- method compares an expression such as <tt>((event.detail |
- & SWT.SELECTED) > 0)</tt>. Using bit arithmetic and then |
- comparing with the greater than operator can lead to |
- unexpected results (of course depending on the value of |
- SWT.SELECTED). If SWT.SELECTED is a negative number, this is a |
- candidate for a bug. Even when SWT.SELECTED is not negative, |
- it seems good practice to use '!= 0' instead of '> 0'. |
- </li> |
- </ul> |
- </li> |
- <li>LazyInit |
- <ul> |
- <li>LI_LAZY_INIT_UPDATE_STATIC: This method contains an |
- unsynchronized lazy initialization of a static field. After |
- the field is set, the object stored into that location is |
- further accessed. The setting of the field is visible to other |
- threads as soon as it is set. If the further accesses in the |
- method that set the field serve to initialize the object, then |
- you have a <em>very serious</em> multithreading bug, unless |
- something else prevents any other thread from accessing the |
- stored object until it is fully initialized. |
- </li> |
- </ul> |
- </li> |
- <li>FindDeadLocalStores |
- <ul> |
- <li>DLS_DEAD_STORE_OF_CLASS_LITERAL: This instruction |
- assigns a class literal to a variable and then never uses it. |
- <a href="//java.sun.com/j2se/1.5.0/compatibility.html#literal">The |
- behavior of this differs in Java 1.4 and in Java 5.</a> In Java |
- 1.4 and earlier, a reference to <code>Foo.class</code> would |
- force the static initializer for <code>Foo</code> to be |
- executed, if it has not been executed already. In Java 5 and |
- later, it does not. See Sun's <a |
- href="//java.sun.com/j2se/1.5.0/compatibility.html#literal">article |
- on Java SE compatibility</a> for more details and examples, and |
- suggestions on how to force class initialization in Java 5. |
- </li> |
- </ul> |
- </li> |
- <li>MethodReturnCheck |
- <ul> |
- <li>RV_RETURN_VALUE_IGNORED_BAD_PRACTICE: This method |
- returns a value that is not checked. The return value should |
- be checked since it can indication an unusual or unexpected |
- function execution. For example, the <code>File.delete()</code> |
- method returns false if the file could not be successfully |
- deleted (rather than throwing an Exception). If you don't |
- check the result, you won't notice if the method invocation |
- signals unexpected behavior by returning an atypical return |
- value. |
- </li> |
- <li>RV_EXCEPTION_NOT_THROWN: This code creates an |
- exception (or error) object, but doesn't do anything with it. |
- </li> |
- </ul> |
- </li> |
- </ul> |
- </li> |
- <li>Changes to Existing Reports |
- <ul> |
- <li>NS_NON_SHORT_CIRCUIT: BAD_PRACTICE -> STYLE</li> |
- <li>NS_DANGEROUS_NON_SHORT_CIRCUIT: CORRECTNESS -> STYLE</li> |
- <li>RC_REF_COMPARISON: CORRECTNESS -> BAD_PRACTICE</li> |
- </ul> |
- </li> |
- <li>GUI Changes |
- <ul> |
- <li>Added importing and exporting of bug filters</li> |
- <li>Better handling of failed analysis runs</li> |
- <li>Added "-look" parameter for selecting look-and-feel</li> |
- <li>Fixed incorrect package filtering</li> |
- <li>Fixed issue where "synchronized" was not |
- syntax-highlighted</li> |
- </ul> |
- </li> |
- <li>Ant-task Changes |
- <ul> |
- <li>Refactored common ant-task code to AbstractFindBugsTask</li> |
- <li>Added tasks for computeBugHistory, convertXmlToText, |
- filterBugs, mineBugHistory, setBugDatabaseInfo</li> |
- </ul> |
- </li> |
- <li>Manual |
- <ul> |
- <li>Updates to GUI section, including new screenshots</li> |
- <li>Added description of rejarForAnalysis</li> |
- <li>Revamp of data-mining section</li> |
- </ul> |
- </li> |
- <li>Other Major |
- <ul> |
- <li>Internal restructuring for lower memory overhead</li> |
- </ul> |
- </li> |
- <li>Other Minor |
- <ul> |
- <li>Fixed typo: was STCAL_STATIC_SIMPLE_DATA_FORMAT_INSTANCE |
- now STCAL_STATIC_SIMPLE_DATE_FORMAT_INSTANCE</li> |
- <li>-outputFile parameter became -output</li> |
- <li>More sensitivity and specificity inLazyInit detector</li> |
- <li>More sensitivity and specificity in Naming detector</li> |
- <li>More sensitivity and specificity in UnreadFields |
- detector</li> |
- <li>More sensitivity in FindNullDeref detector</li> |
- <li>More sensitivity in FindBadCast2 detector</li> |
- <li>More specificity in FindReturnRef detector</li> |
- <li>Many other tweaks and bug fixes</li> |
- </ul> |
- </li> |
- </ul> |
- |
- <p>Changes since version 1.2.0</p> |
- <ul> |
- <li>Bug fixes: |
- <ul> |
- <li><a |
- href="http://fisheye2.cenqua.com/changelog/findbugs/?cs=8219">Fix</a> |
- <a |
- href="http://sourceforge.net/tracker/index.php?func=detail&aid=1726946&group_id=96405&atid=614693">bug</a> |
- with detectors that were requested to be disabled but were |
- enabled due to requirements of other detectors.</li> |
- <li>Fix bugs in incremental analysis within Eclipse plugin</li> |
- <li>Fix some analysis errors</li> |
- <li>Fix some threading bugs in GUI2</li> |
- <li>Report version as version when it was compiled, not when |
- it was run</li> |
- <li>Copy analysis time stamp when filtering or transforming |
- analysis files.</li> |
- </ul> |
- <li>Enabled StaticCalendarDetector</li> |
- <li>Reworked GUI2 to use standard FindBugs filters |
- <ul> |
- <li>Allow a suppression filter to be stored in a project and |
- persisted to the XML representation of a project.</li> |
- </ul> |
- </li> |
- |
- <li>Move away from old GUI2 save format (a directory |
- containing an xml file and another file containing serialized |
- filters).</li> |
- <li>Support/recommend use of two new file extensions/formats: |
- <dl> |
- <dt>.fba - FindBugs Analysis File</dt> |
- <dd>Exactly the same as an existing bug collection file |
- stored in XML format, but using a distinct file extension to |
- make it easier to figure out which xml files contain FindBugs |
- results.</dd> |
- <dt>.fbp - FindBugs Project File</dt> |
- <dd>Contains just the information needed to run FindBugs and |
- display the results (e.g., the files to be analyzed, the |
- auxiliary class path and the location of source files) |
- </dl> |
- </li> |
- </ul> |
- <p>Changes since version 1.1.3</p> |
- <ul> |
- <li>Added -xml:withAbridgedMessages option to generate xml |
- containing shorter messages. The messages will be shorted by doing |
- things like eliding package names, and leaving off the source line |
- from the LongMessage. These messages are appropriate if being used |
- in a context where the non-message components of the bug |
- annotations will be used to provide more information (e.g., |
- clicking on the message for a MethodAnnotation will display the |
- source for the method). |
- <ul> |
- <li>FindBugsDisplayFeatures.setAbridgedMessages(true) can be |
- used to generate abridged messages when FindBugs is being |
- accessed directly (not via generated XML) from a GUI or IDE.</li> |
- </ul> |
- <li>In null pointer analysis, try to be better about always |
- showing two locations: where it is known null and where it is |
- dereferenced. |
- <li>Interprocedural analysis of which methods return nonnull |
- values |
- <li>Use method calls to select order in which classes are |
- analyzed, and order in which methods are analyzed, to improve |
- interprocedural analysis results. |
- <li>Significant improvements in memory footprint, memory |
- allocation and CPU utilization (20-30% reduction in all three) |
- <li>Added a project name, to provide better descriptions in |
- the HTML output. |
- <li>Added new bug pattern: Casting to char, or bit masking |
- with nonnegative value, and then checking to see if the result is |
- negative. |
- <li>Stopped reporting transient fields of classes not marked |
- as serializable. Transient is used by other persistence |
- frameworks. |
- <li>Improvements to detector for SQL injection (Thanks to <a |
- href="http://www.clock.org/~matt">Matt Hargett</a> for his |
- contributions |
- <li>Changed open/save options in GUI2 to not distinguish |
- between FindBugs projects and saved FindBugs analysis results. |
- <li>Improvements to detection of serious non-short-circuit |
- evaluation. |
- <li>Updated Japanese localization (thanks to Ruimo Uno) |
- <li>Eclipse plugin changes: |
- <ul> |
- <li>Created Bug User Annotations and Bug Tree Views |
- <li>Use different icons for different bug priorities |
- <li>Provide more information in Bug Details view |
- </ul> |
- </ul> |
- |
- <p>Changes since version 1.1.2:</p> |
- <ul> |
- <li>Fixed broken Ant task |
- <li>Added running ant task to smoke test |
- <li>Added validating xml and html output to smoke test |
- <li>Fixed some (but not all) issues with html output |
- validation |
- <li>Added check for x.equals(x) and x.compareTo(x) |
- <li>Various bug fixes |
- </ul> |
- <p>Changes since version 1.1.1:</p> |
- <ul> |
- <li>Added check for infinite iterative loops</li> |
- <li>Added check for use of incompatible types in a collection |
- (e.g., checking to see if a Set<String> contains a |
- StringBuffer).</li> |
- <li>Added check for invocations of equals or hashCode on a |
- URL, which, <a |
- href="http://michaelscharf.blogspot.com/2006/11/javaneturlequals-and-hashcode-make.html">surprising |
- many people</a>, requires DNS resolution. |
- </li> |
- <li>Added check for classes that define compareTo but not |
- equals; such classes can exhibit some anomalous behavior (e.g., |
- they are treated differently by PriorityQueues in Java 5 and Java |
- 6).</li> |
- <li>Added a check for useless self operations (e.g., x < x |
- or x ^ x).</li> |
- <li>Fixed a data race that could cause the GUI to fail on |
- startup</li> |
- <li>Partial internationalization of the new GUI</li> |
- <li>Fix bug in "Redo analysis" option of new GUI</li> |
- <li>Tuning to reduce false positives</li> |
- <li>Fixed a bug in null pointer analysis that was generating |
- false positive null pointer warnings on exception paths. Fixing |
- this bug eliminates about 1/4 of the warnings on null pointer |
- exceptions on exception paths.</li> |
- <li>Fixed a bug in the processing of phi nodes for fields in |
- the null pointer analysis</li> |
- <li>Applied contributed patch that provides more quick fixes |
- in Eclipse plugin.</li> |
- <li>Fixed a number of bugs in the Eclipse auto update sites, |
- and in the way date qualifiers were being used in the Eclipse |
- plugin. You may need to manually disable your existing version of |
- the plugin and download the 1.1.2 from the update site to get the |
- automatic update function working correctly. The Eclipse update |
- sites are described at <a |
- href="http://findbugs.cs.umd.edu/eclipse/">http://findbugs.cs.umd.edu/eclipse/</a>. |
- |
- </li> |
- <li>Fixed progress bar in Eclipse plugin</li> |
- <li>A number of other bug fixes.</li> |
- </ul> |
- |
- <p>Changes since version 1.1.0:</p> |
- <ul> |
- <li>less scanning of classes not on the analysis path (This |
- was causing some performance problems.)</li> |
- <li>no unread field warnings for fields annotated with |
- javax.persistent or javax.ejb3</li> |
- <li>Eclipse plugin |
- <ul> |
- <li>bug annotation info displayed in Bug Details tab</li> |
- <li>.fbwarnings data file now stored in .metadata (not in |
- the project itself)</li> |
- </ul> |
- </li> |
- <li>new SE_BAD_FIELD_INNER_CLASS pattern</li> |
- <li>updates to Japanese translation (ruimo)</li> |
- <li>fix some internal slashed/dotted path confusion</li> |
- <li>other minor improvements</li> |
- </ul> |
- |
- <p>Changes since version 1.0.0:</p> |
- |
- <ul> |
- <li>Overall, the change from FindBugs 1.0.0 to FindBugs 1.1.0 |
- has been a big change. We've done a lot of work in a lot of areas, |
- and aren't even going to try to enumerate all the changes.</li> |
- <li>We spent a lot of time reviewing the results generated by |
- FindBugs for open source and commercial code bases, and made a |
- number of changes, small and large, to minimize the number of |
- false positives. Our primary focus for this was warnings reported |
- as high and medium priority correctness warnings. Our internal |
- evaluation is that we produce very few high/medium priority |
- correctness warnings where the analysis is actually wrong, and |
- that more than 75% of the high/medium priority correctness |
- warnings correspond to real coding defects that need addressing in |
- the source code. The remaining 25% are largely cases such as a |
- branch or statement that if taken would lead to an error, but in |
- fact is a dead branch or statement that can never be taken. Such |
- coding is confusing and hard to maintain, so it should arguably be |
- fixed, but it is unlikely to actually result in an error during |
- execution. Thus, some might classify those warnings as false |
- positives.</li> |
- <li>We've substantially improved the analysis for errors that |
- could result in null pointer dereferences. Overall, our experience |
- has been that these changes have roughly doubled the number of |
- null pointer errors we detect, without increasing the number of |
- false positives (in fact, our false positive rate has gone down). |
- The improvements are due to four factors: |
- <ul> |
- <li>By default, we now do some interprocedural analysis to |
- determine methods that unconditionally dereference their |
- parameters.</li> |
- <li>FindBugs also comes with a model of which JDK methods |
- unconditionally dereference their parameters.</li> |
- <li>We do limited tracking of fields, so that we can detect |
- null values stored in fields that lead to exceptions.</li> |
- <li>We implemented a new analysis technique to find |
- guaranteed dereferences. Consider the following example: <pre>public int f(Object x, boolean b) { |
+ |
+ <li>Changes by Andrey Loskutov |
+ <ul> |
+ <li>fixed job scheduling errors in 3.8/4.2 Eclipse <a |
+ href="https://bugs.eclipse.org/bugs/show_bug.cgi?id=393748">bug |
+ report</a> |
+ <li>more realistic progress bar updates for jobs |
+ <li>added nullness annotations for some common Eclipse API |
+ methods known to usually return null values |
+ <li>Added support for org.eclipse.jdt.annotation.Nullable, |
+ NonNull and NonNullByDefault annotations (introduced with |
+ Eclipse 3.8/4.2)</li> |
+ </ul> |
+ <li>Documentation improvements |
+ <li><a href="http://code.google.com/p/findbugs/source/list">lots |
+ of other small changes</a> |
+ </ul> |
+ <h1>FindBugs Change Log, Version 2.0.1</h1> |
+ |
+ <ul> |
+ <li>New bug patterns; in some cases, bugs previous reported as |
+ other bug patterns are reported as instances of these new bug |
+ patterns in order to make it easier for developers to understand |
+ the bug reports |
+ <ul> |
+ <li><a |
+ href="http://findbugs.sourceforge.net/bugDescriptions.html#PT_ABSOLUTE_PATH_TRAVERSAL">PT_ABSOLUTE_PATH_TRAVERSAL</a></li> |
+ <li><a |
+ href="http://findbugs.sourceforge.net/bugDescriptions.html#PT_RELATIVE_PATH_TRAVERSAL">PT_RELATIVE_PATH_TRAVERSAL</a></li> |
+ <li><a |
+ href="http://findbugs.sourceforge.net/bugDescriptions.html#NP_NONNULL_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR">NP_NONNULL_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR</a></li> |
+ <li><a |
+ href="http://findbugs.sourceforge.net/bugDescriptions.html#MS_SHOULD_BE_REFACTORED_TO_BE_FINAL">MS_SHOULD_BE_REFACTORED_TO_BE_FINAL</a></li> |
+ <li><a |
+ href="http://findbugs.sourceforge.net/bugDescriptions.html#BC_UNCONFIRMED_CAST_OF_RETURN_VALUE">BC_UNCONFIRMED_CAST_OF_RETURN_VALUE</a></li> |
+ <li><a |
+ href="http://findbugs.sourceforge.net/bugDescriptions.html#PT_ABSOLUTE_PATH_TRAVERSAL">PT_ABSOLUTE_PATH_TRAVERSAL</a></li> |
+ <li><a |
+ href="http://findbugs.sourceforge.net/bugDescriptions.html#TQ_COMPARING_VALUES_WITH_INCOMPATIBLE_TYPE_QUALIFIERS">TQ_COMPARING_VALUES_WITH_INCOMPATIBLE_TYPE_QUALIFIERS</a></li> |
+ </ul> |
+ </li> |
+ |
+ <li>Changes to fix false negatives for the following bug |
+ patterns: <a |
+ href="http://findbugs.sourceforge.net/bugDescriptions.html#BC_UNCONFIRMED_CAST">BC_UNCONFIRMED_CAST</a>, |
+ <a |
+ href="http://findbugs.sourceforge.net/bugDescriptions.html#EC_BAD_ARRAY_COMPARE">EC_BAD_ARRAY_COMPARE</a>, |
+ <a |
+ href="http://findbugs.sourceforge.net/bugDescriptions.html#EQ_UNUSUAL">EQ_UNUSUAL</a>, |
+ <a |
+ href="http://findbugs.sourceforge.net/bugDescriptions.html#GC_UNRELATED_TYPES">GC_UNRELATED_TYPES</a>, |
+ and <a |
+ href="http://findbugs.sourceforge.net/bugDescriptions.html#NP_PARAMETER_MUST_BE_NONNULL_BUT_MARKED_AS_NULLABLE">NP_PARAMETER_MUST_BE_NONNULL_BUT_MARKED_AS_NULLABLE</a>. |
+ </li> |
+ |
+ <li>Changes to fix false positions for the following bug |
+ patterns: <a |
+ href="http://findbugs.sourceforge.net/bugDescriptions.html#DMI_DOH">DMI_DOH</a>, |
+ <a |
+ href="http://findbugs.sourceforge.net/bugDescriptions.html#EC_UNRELATED_TYPES">EC_UNRELATED_TYPES</a>, |
+ and <a |
+ href="http://findbugs.sourceforge.net/bugDescriptions.html#SE_BAD_FIELD">SE_BAD_FIELD</a>. |
+ </li> |
+ </ul> |
+ |
+ <h1>FindBugs Change Log, Version 2.0.0</h1> |
+ |
+ <h2>Changes since version 1.3.8</h2> |
+ <ul> |
+ <li>New bug patterns; in some cases, bugs previous reported as |
+ other bug patterns are reported as instances of these new bug |
+ patterns in order to make it easier for developers to understand |
+ the bug reports |
+ <ul> |
+ <li><a |
+ href="http://findbugs.sourceforge.net/bugDescriptions.html#BC_IMPOSSIBLE_DOWNCAST ">BC_IMPOSSIBLE_DOWNCAST |
+ </a></li> |
+ <li><a |
+ href="http://findbugs.sourceforge.net/bugDescriptions.html#BC_IMPOSSIBLE_DOWNCAST_OF_TOARRAY ">BC_IMPOSSIBLE_DOWNCAST_OF_TOARRAY |
+ </a></li> |
+ <li><a |
+ href="http://findbugs.sourceforge.net/bugDescriptions.html#EC_INCOMPATIBLE_ARRAY_COMPARE ">EC_INCOMPATIBLE_ARRAY_COMPARE |
+ </a></li> |
+ <li><a |
+ href="http://findbugs.sourceforge.net/bugDescriptions.html#JLM_JSR166_UTILCONCURRENT_MONITORENTER ">JLM_JSR166_UTILCONCURRENT_MONITORENTER |
+ </a></li> |
+ <li><a |
+ href="http://findbugs.sourceforge.net/bugDescriptions.html#LG_LOST_LOGGER_DUE_TO_WEAK_REFERENCE ">LG_LOST_LOGGER_DUE_TO_WEAK_REFERENCE |
+ </a></li> |
+ <li><a |
+ href="http://findbugs.sourceforge.net/bugDescriptions.html#NP_CLOSING_NULL ">NP_CLOSING_NULL |
+ </a></li> |
+ <li><a |
+ href="http://findbugs.sourceforge.net/bugDescriptions.html#RC_REF_COMPARISON_BAD_PRACTICE ">RC_REF_COMPARISON_BAD_PRACTICE |
+ </a></li> |
+ <li><a |
+ href="http://findbugs.sourceforge.net/bugDescriptions.html#RC_REF_COMPARISON_BAD_PRACTICE_BOOLEAN ">RC_REF_COMPARISON_BAD_PRACTICE_BOOLEAN |
+ </a></li> |
+ <li><a |
+ href="http://findbugs.sourceforge.net/bugDescriptions.html#RV_RETURN_VALUE_OF_PUTIFABSENT_IGNORED ">RV_RETURN_VALUE_OF_PUTIFABSENT_IGNORED |
+ </a></li> |
+ <li><a |
+ href="http://findbugs.sourceforge.net/bugDescriptions.html#SIC_THREADLOCAL_DEADLY_EMBRACE ">SIC_THREADLOCAL_DEADLY_EMBRACE |
+ </a></li> |
+ <li><a |
+ href="http://findbugs.sourceforge.net/bugDescriptions.html#UR_UNINIT_READ_CALLED_FROM_SUPER_CONSTRUCTOR ">UR_UNINIT_READ_CALLED_FROM_SUPER_CONSTRUCTOR |
+ </a></li> |
+ <li><a |
+ href="http://findbugs.sourceforge.net/bugDescriptions.html#VA_FORMAT_STRING_EXPECTED_MESSAGE_FORMAT_SUPPLIED ">VA_FORMAT_STRING_EXPECTED_MESSAGE_FORMAT_SUPPLIED |
+ </a></li> |
+ </ul> |
+ </li> |
+ <li>Providing a bug rank (1-20), and the ability to filter by |
+ bug rank. Eventually, it will be possible to specify your own |
+ rules for ranking bugs, but the procedure for doing so hasn't been |
+ specified yet.</li> |
+ <li>Fixed about <a |
+ href="https://sourceforge.net/search/index.php?group_id=96405&search_summary=1&search_details=1&type_of_search=artifact&group_artifact_id%5B%5D=614693&open_date_start=2009-03-16&open_date_end=2009-08-20&form_submit=Search">45 |
+ bugs filed</a> through SourceForge |
+ </li> |
+ <li>Various reclassifications and priority tweaks</li> |
+ <li>Added more bug annotations to a variety of bug reports. |
+ This provides more context for understanding bug reports (e.g., if |
+ the value in question was is the return value of a method, the |
+ method is described as the source of the value in a bug |
+ annotation). This also provide more accurate tracking of issues |
+ across versions of the code being analyzed, but has the downside |
+ that when comparing results from FindBugs 1.3.8 and FindBugs 1.3.9 |
+ on the same version of code being analyzed, FindBugs may think |
+ that mistakenly believe that the issue reported by 1.3.8 was fixed |
+ and a new issue was introduced that was reported by FindBugs |
+ 1.3.9. While annoying, it would be unusual for more than a dozen |
+ issues per million lines of codes to be mistracked.</li> |
+ <li>Lots of internal changes moving towards FindBugs 2.0, but |
+ these features are undocumented, not yet officially supported, and |
+ subject to radical changes before FindBugs 2.0 is released.</li> |
+ </ul> |
+ |
+ <p>Changes since version 1.3.8</p> |
+ <ul> |
+ <li>New bug patterns; in some cases, bugs previous reported as |
+ other bug patterns are reported as instances of these new bug |
+ patterns in order to make it easier for developers to understand |
+ the bug reports |
+ <ul> |
+ <li><a |
+ href="http://findbugs.sourceforge.net/bugDescriptions.html#BC_IMPOSSIBLE_DOWNCAST ">BC_IMPOSSIBLE_DOWNCAST |
+ </a> |
+ <li><a |
+ href="http://findbugs.sourceforge.net/bugDescriptions.html#BC_IMPOSSIBLE_DOWNCAST_OF_TOARRAY ">BC_IMPOSSIBLE_DOWNCAST_OF_TOARRAY |
+ </a> |
+ <li><a |
+ href="http://findbugs.sourceforge.net/bugDescriptions.html#EC_INCOMPATIBLE_ARRAY_COMPARE ">EC_INCOMPATIBLE_ARRAY_COMPARE |
+ </a> |
+ <li><a |
+ href="http://findbugs.sourceforge.net/bugDescriptions.html#JLM_JSR166_UTILCONCURRENT_MONITORENTER ">JLM_JSR166_UTILCONCURRENT_MONITORENTER |
+ </a> |
+ <li><a |
+ href="http://findbugs.sourceforge.net/bugDescriptions.html#LG_LOST_LOGGER_DUE_TO_WEAK_REFERENCE ">LG_LOST_LOGGER_DUE_TO_WEAK_REFERENCE |
+ </a> |
+ <li><a |
+ href="http://findbugs.sourceforge.net/bugDescriptions.html#NP_CLOSING_NULL ">NP_CLOSING_NULL |
+ </a> |
+ <li><a |
+ href="http://findbugs.sourceforge.net/bugDescriptions.html#RC_REF_COMPARISON_BAD_PRACTICE ">RC_REF_COMPARISON_BAD_PRACTICE |
+ </a> |
+ <li><a |
+ href="http://findbugs.sourceforge.net/bugDescriptions.html#RC_REF_COMPARISON_BAD_PRACTICE_BOOLEAN ">RC_REF_COMPARISON_BAD_PRACTICE_BOOLEAN |
+ </a> |
+ <li><a |
+ href="http://findbugs.sourceforge.net/bugDescriptions.html#RV_RETURN_VALUE_OF_PUTIFABSENT_IGNORED ">RV_RETURN_VALUE_OF_PUTIFABSENT_IGNORED |
+ </a> |
+ <li><a |
+ href="http://findbugs.sourceforge.net/bugDescriptions.html#SIC_THREADLOCAL_DEADLY_EMBRACE ">SIC_THREADLOCAL_DEADLY_EMBRACE |
+ </a> |
+ <li><a |
+ href="http://findbugs.sourceforge.net/bugDescriptions.html#UR_UNINIT_READ_CALLED_FROM_SUPER_CONSTRUCTOR ">UR_UNINIT_READ_CALLED_FROM_SUPER_CONSTRUCTOR |
+ </a> |
+ <li><a |
+ href="http://findbugs.sourceforge.net/bugDescriptions.html#VA_FORMAT_STRING_EXPECTED_MESSAGE_FORMAT_SUPPLIED ">VA_FORMAT_STRING_EXPECTED_MESSAGE_FORMAT_SUPPLIED |
+ </a> |
+ </ul> |
+ </li> |
+ <li>Providing a bug rank (1-20), and the ability to filter by |
+ bug rank. Eventually, it will be possible to specify your own |
+ rules for ranking bugs, but the procedure for doing so hasn't been |
+ specified yet.</li> |
+ <li>Fixed about <a |
+ href="https://sourceforge.net/search/index.php?group_id=96405&search_summary=1&search_details=1&type_of_search=artifact&group_artifact_id%5B%5D=614693&open_date_start=2009-03-16&open_date_end=2009-08-20&form_submit=Search">45 |
+ bugs filed</a> through SourceForge |
+ </li> |
+ <li>Various reclassifications and priority tweaks</li> |
+ <li>Added more bug annotations to a variety of bug reports. |
+ This provides more context for understanding bug reports (e.g., if |
+ the value in question was is the return value of a method, the |
+ method is described as the source of the value in a bug |
+ annotation). This also provide more accurate tracking of issues |
+ across versions of the code being analyzed, but has the downside |
+ that when comparing results from FindBugs 1.3.8 and FindBugs 1.3.9 |
+ on the same version of code being analyzed, FindBugs may think |
+ that mistakenly believe that the issue reported by 1.3.8 was fixed |
+ and a new issue was introduced that was reported by FindBugs |
+ 1.3.9. While annoying, it would be unusual for more than a dozen |
+ issues per million lines of codes to be mistracked.</li> |
+ <li>Lots of internal changes moving towards FindBugs 2.0, but |
+ these features are undocumented, not yet officially supported, and |
+ subject to radical changes before FindBugs 2.0 is released.</li> |
+ </ul> |
+ |
+ <p>Changes since version 1.3.7</p> |
+ <ul> |
+ <li>Primarily another small bugfix release.</li> |
+ <li>FindBugs base: |
+ <ul> |
+ <li>New Reports: |
+ <ul> |
+ <li>SF_SWITCH_NO_DEFAULT: missing default case in switch |
+ statement.</li> |
+ <li>SF_DEAD_STORE_DUE_TO_SWITCH_FALLTHROUGH_TO_THROW: |
+ value ignored when switch fallthrough leads to thrown |
+ exception.</li> |
+ <li>INT_VACUOUS_BIT_OPERATION: bit operations that don't |
+ do any meaningful work.</li> |
+ <li>FB_UNEXPECTED_WARNING: warning generated that |
+ conflicts with @NoWarning FindBugs annotation.</li> |
+ <li>FB_MISSING_EXPECTED_WARNING: warning not generated |
+ despite presence of @ExpectedWarning FindBugs annotation.</li> |
+ <li>NOISE category: intended for use in data mining |
+ experiments. |
+ <ul> |
+ <li>NOISE_NULL_DEREFERENCE: fake null point dereference |
+ warning.</li> |
+ <li>NOISE_METHOD_CALL: fake method call warning.</li> |
+ <li>NOISE_FIELD_REFERENCE: fake field dereference |
+ warning.</li> |
+ <li>NOISE_OPERATION: fake operation warning.</li> |
+ </ul> |
+ </li> |
+ </ul> |
+ </li> |
+ <li>Other: |
+ <ul> |
+ <li>Garvin Leclaire has created a new Apache Maven |
+ repository for FindBugs at <a |
+ href="http://code.google.com/p/findbugs/">the Google Code |
+ FindBugs SVN repository</a>. (Thanks Garvin!) |
+ </li> |
+ </ul> |
+ </li> |
+ <li>Fixes: |
+ <ul> |
+ <li>[ 2317842 ] Highlighting broken in Windows</li> |
+ <li>[ 2515908 ] check for oddness should track sign of |
+ argument</li> |
+ <li>[ 2487936 ] "L B GC" false pos cast from |
+ Map.Entry.getKey() to Map.get()</li> |
+ <li>[ 2528264 ] Ant tasks not compatible with Ant 1.7.1</li> |
+ <li>[ 2539590 ] SF_SWITCH_FALLTHROUGH wrong message |
+ reported</li> |
+ <li>[ 2020066 ] Bug history displayed in fancy-hist.xsl is |
+ incorrect</li> |
+ <li>[ 2545098 ] Invalid character in analysis results file</li> |
+ <li>[ 2492673 ] Plugin sites should specify "requires |
+ Eclipse 3.3 or newer"</li> |
+ <li>[ 2588044 ] a tiny typing error</li> |
+ <li>[ 2589048 ] Documentation for convertXmlToText |
+ insufficient</li> |
+ <li>[ 2638739 ] NullPointerException when building</li> |
+ </ul> |
+ </li> |
+ <li>Patches: |
+ <ul> |
+ <li>[ 2538184 ] Make BugCollection implement |
+ Iterable<BugInstance> (thanks to Tomas Pollak)</li> |
+ <li>[ 2249771 ] Add Maven2 Findbugs plugin link to the |
+ Links page (thanks to Garvin Leclaire)</li> |
+ <li>[ 2609526 ] Japanese manual update (thanks to K. |
+ Hashimoto)</li> |
+ <li>[ 2119482 ] CheckBcel checks for nonexistent classes |
+ (thanks to Jerry James)</li> |
+ </ul> |
+ </li> |
+ </ul> |
+ </li> |
+ <li>FindBugs Eclipse plugin: |
+ <ul> |
+ <li>Major feature enhancements (thanks to Andrey Loskutov). |
+ See <a href="http://andrei.gmxhome.de/findbugs/index.html">this |
+ overview</a> for more information. |
+ </li> |
+ <li>Major test improvements (thanks to Tomas Pollak).</li> |
+ <li>Fixes: |
+ <ul> |
+ <li>[ 2532365 ] Compiler warning</li> |
+ <li>[ 2522989 ] Fix filter files selection</li> |
+ <li>[ 2504068 ] NullPointerException</li> |
+ <li>[ 2640849 ] NPE in Eclipse plugin 1.3.7 and Eclipse |
+ 3.5 M5</li> |
+ </ul> |
+ </li> |
+ <li>Patches: |
+ <ul> |
+ <li>[ 2143140 ] Unchecked conversion fixes for Eclipse |
+ plugin (thanks to Jerry James) |
+ </ul> |
+ </li> |
+ </ul> |
+ </li> |
+ </ul> |
+ |
+ <p>Changes since version 1.3.6</p> |
+ <ul> |
+ <li>Overall, a small bugfix release. |
+ <li>New detection of accidental vacuous/useless calls to |
+ EasyMock methods, and of generic signatures that proclaim the use |
+ of unhashable classes in ways that require that they be hashed. |
+ <li>Eliminate some false positives where we were warning about |
+ a useless call (e.g., comparing two incompatible types for |
+ equality), but the only thing the code was doing with the result |
+ was passing it to assertFalse. |
+ <li>Japanese localization and manual by K.Hashimoto. (Thanks!) |
+ |
+ <li>Added -exclude and -outputDir command line options to |
+ rejarForAnalysis |
+ <li>Extended -adjustPriorities option to FindBugs analysis |
+ textui so that you can modify the priorities of individual bug |
+ patterns as well as visitors, and also completely suppress |
+ individual bug patterns or visitors. |
+ <ul> |
+ <li>e.g., -adjustPriority |
+ MS_SHOULD_BE_FINAL=suppress,MS_PKGPROTECT=suppress,EI_EXPOSE_REP=suppress,EI_EXPOSE_REP2=suppress,PZLA_PREFER_ZERO_LENGTH_ARRAYS=raise |
+ |
+ </ul> |
+ </ul> |
+ |
+ |
+ <p>Changes since version 1.3.5</p> |
+ <ul> |
+ <li>Added fairly exhaustive static analysis of uses of format |
+ strings, checking for missing or extra arguements, invalid format |
+ specifiers, or mismatched format specifiers and arguments (e.g, |
+ passing a String value for a %d format specifier). The logic for |
+ doing so is derived from Sun's java.util.Formatter class, and |
+ available separately from FindBugs as part of the <a |
+ href="https://jformatstring.dev.java.net/">jFormatString</a> |
+ project. |
+ <li>More tuning of the unsatisfied obligation detector. Since |
+ this detector is still rather noisy and an unfinished research |
+ project, I've moved the generated issues to a new category: |
+ EXPERIMENTAL. |
+ <li>Added check for <a |
+ href="http://findbugs.sourceforge.net/bugDescriptions.html#BIT_ADD_OF_SIGNED_BYTE">BIT_ADD_OF_SIGNED_BYTE</a>; |
+ similar to <a |
+ href="http://findbugs.sourceforge.net/bugDescriptions.html#BIT_IOR_OF_SIGNED_BYTE">BIT_IOR_OF_SIGNED_BYTE</a>, |
+ except that addition is being used to combine shifted signed |
+ bytes. |
+ <li>Changed detection of EI_EXPOSE_REP2, so we only report it |
+ if the value stored is guaranteed to be the same value that was |
+ passed in as a parameter. |
+ <li>Added <a |
+ href="http://findbugs.sourceforge.net/bugDescriptions.html#EQ_CHECK_FOR_OPERAND_NOT_COMPATIBLE_WITH_THIS">EQ_CHECK_FOR_OPERAND_NOT_COMPATIBLE_WITH_THIS</a>, |
+ a warning when an equals method checks to see if an operand is an |
+ instance of a class not compatible with itself. For example, if |
+ the Foo class checks to see if the argument is an instance of |
+ String. This is either a questionable design decision or a coding |
+ mistake. |
+ <li>Added <a |
+ href="http://findbugs.sourceforge.net/bugDescriptions.html#DMI_INVOKING_HASHCODE_ON_ARRAY">DMI_INVOKING_HASHCODE_ON_ARRAY</a>, |
+ which checks for invoking <code>hashCode()</code> on an array, |
+ which returns a hash code that ignores the contents of the array. |
+ |
+ <li>Added checks for using <code>x.removeAll(x)</code> to |
+ rather than <code>x.clear()</code> to clear an array. |
+ <li>Add checks for calls such as <code>x.contains(x)</code>, <code>x.remove(x)</code> |
+ and <code>x.containsAll(x)</code>. |
+ <li>Improvements to Eclipse plugin (thanks to Andrey |
+ Loskutov): |
+ <ul> |
+ <li>Report separate markers for each occurrence of an issue |
+ that appears multiple times in a method |
+ <li>fine tuning for reported markers: add only one marker |
+ for fields, add marker on right position |
+ <li>link bugs selected in bug explorer view to the opened |
+ editor and vice versa |
+ <li>select bugs selected in editor ruler in the opened bug |
+ explorer view |
+ <li>consistent abbreviations used in both bug explorer and |
+ bug details view |
+ <li>added "Expand All" button to the bug explorer view |
+ <li>added "Go Into/Go Up" buttons to the bug explorer view |
+ <li>added "Copy to clipboard" menu/functionality to the |
+ details view list widget |
+ <li>fix for CNF exception if loading the backup solution for |
+ broken browser widget |
+ </ul> |
+ </ul> |
+ |
+ |
+ |
+ <p>Changes since version 1.3.4</p> |
+ <ul> |
+ <li>Analysis about 15% faster |
+ <li><a |
+ href="http://sourceforge.net/tracker/?atid=614693&group_id=96405&func=browse&status=closed">38 |
+ bugs closed</a></li> |
+ <li>New defect warnings: |
+ <ul> |
+ <li>calls to methods that always throw |
+ UnsupportedOperationException (DMI_UNSUPPORTED_METHOD) |
+ <li>repeated conditional tests (e.g., <code>if (x |
+ < 0 || x < 0) ...</code>) (RpC_REPEATED_CONDITIONAL_TEST) |
+ <li>Complete rewrite of detector for format string problems. |
+ More accurate, finds more problems, generates more descriptive |
+ reports, several different bug pattern |
+ (VA_FORMAT_STRING_EXTRA_ARGUMENTS_PASSED, |
+ VA_FORMAT_STRING_ILLEGAL, VA_FORMAT_STRING_MISSING_ARGUMENT, |
+ VA_FORMAT_STRING_BAD_ARGUMENT, |
+ VA_FORMAT_STRING_NO_PREVIOUS_ARGUMENT) |
+ <li>Fairly complete implementation of JSR-305 custom type |
+ qualifier analysis (no support for custom validators yet). |
+ (TQ_MAYBE_SOURCE_VALUE_REACHES_NEVER_SINK |
+ TQ_EXPLICIT_UNKNOWN_SOURCE_VALUE_REACHES_ALWAYS_SINK |
+ TQ_EXPLICIT_UNKNOWN_SOURCE_VALUE_REACHES_NEVER_SINK) |
+ <li>New detector for unsatisfied obligations such forgetting |
+ to close a file (OBL_UNSATISFIED_OBLIGATION). |
+ <li>Warning when a parameter is marked as nullable, but is |
+ always dereferenced. |
+ (NP_PARAMETER_MUST_BE_NONNULL_BUT_MARKED_AS_NULLABLE) |
+ <lI>Separate warning for dereference the result of readLine |
+ (NP_DEREFERENCE_OF_READLINE_VALUE) |
+ </ul> |
+ <li>When XML is generated with messages, the project stats now |
+ include <FileStat> elements. For each source file, this |
+ gives the path for the file, the total number of warnings for that |
+ file, and a bugHash for the file. While the instanceHash for a bug |
+ is intended to be version invariant (ignoring line numbers, etc), |
+ the bugHash for a file is intended to reflect all the information |
+ about the warnings in that file. The intended use case is that if |
+ the bugHash for a file is the same in two analysis runs, then <em>nothing</em> |
+ has changed about any of the warnings reported for that file |
+ between the two analysis runs. |
+ <li>More merging of similar issues within a method. For |
+ example, if the result of readLine() is dereferences multiple |
+ times within a method, it will be reported as a single warning |
+ with occurrences at multiple source lines. |
+ </ul> |
+ <p>Changes since version 1.3.3</p> |
+ |
+ <ul> |
+ <li>FindBugs base |
+ <ul> |
+ <li>New Reports: |
+ <ul> |
+ <li>EQ_OVERRIDING_EQUALS_NOT_SYMMETRIC: equals method |
+ overrides equals in superclass and may not be symmetric</li> |
+ <li>EQ_ALWAYS_TRUE: equals method always returns true</li> |
+ <li>EQ_ALWAYS_FALSE: equals method always returns false</li> |
+ <li>EQ_COMPARING_CLASS_NAMES: equals method compares class |
+ names rather than class objects</li> |
+ <li>EQ_UNUSUAL: Unusual equals method</li> |
+ <li>EQ_GETCLASS_AND_CLASS_CONSTANT: equals method fails |
+ for subtypes</li> |
+ <li>SE_READ_RESOLVE_IS_STATIC: The readResolve method must |
+ not be declared as a static method.</li> |
+ <li>SE_PRIVATE_READ_RESOLVE_NOT_INHERITED: private |
+ readResolve method not inherited by subclasses</li> |
+ <li>MSF_MUTABLE_SERVLET_FIELD: Mutable servlet field</li> |
+ <li>XSS_REQUEST_PARAMETER_TO_SEND_ERROR: Servlet reflected |
+ cross site scripting vulnerability</li> |
+ <li>SKIPPED_CLASS_TOO_BIG: Class too big for analysis</li> |
+ </ul> |
+ </li> |
+ <li>Other: |
+ <ul> |
+ <li>Value-number analysis now more space-efficient</li> |
+ <li>Enhancements to reduce memory overhead when analyzing |
+ very large classes</li> |
+ <li>Now skips very large classes that would otherwise take |
+ too much time and memory to analyze</li> |
+ <li>Infrastructure for tracking effectively-constant/ |
+ effectively-final fields</li> |
+ <li>Added more cweids</li> |
+ <li>Enhanced taint tracking for taint-based detectors</li> |
+ <li>Ignore doomed calls to equals if result is used as an |
+ argument to assertFalse</li> |
+ <li>EQ_OVERRIDING_EQUALS_NOT_SYMMETRIC handles compareTo</li> |
+ <li>Priority tweak for ICAST_INTEGER_MULTIPLY_CAST_TO_LONG |
+ (only low priority if multiplying by 1000)</li> |
+ <li>Improved tracking of fields across method calls</li> |
+ </ul> |
+ </li> |
+ <li>Fixes: |
+ <ul> |
+ <li>[ 1941450 ] DLS_DEAD_LOCAL_STORE not reported</li> |
+ <li>[ 1953323 ] Omitted break statement in |
+ SynchronizeAndNullCheckField</li> |
+ <li>[ 1942620 ] Source Directories selection dialog |
+ interface confusion (partial)</li> |
+ <li>[ 1948275 ] Unhelpful "Load of known null"</li> |
+ <li>[ 1933922 ] MWM error in findbugs</li> |
+ <li>[ 1934772 ] 1.3.3 appears to rely on JDK 1.6, JNLP |
+ still specifies 1.5</li> |
+ <li>[ 1933945 ] -loadbugs doesn't work</li> |
+ <li>Fixed problems for class names starting with '$'</li> |
+ <li>Fixed bugs and incomplete handling of annotations in |
+ VersionInsensitiveBugComparator</li> |
+ </ul> |
+ </li> |
+ <li>Patches: |
+ <ul> |
+ <li>[ 1955106 ] Javadoc fixes</li> |
+ <li>[ 1951930 ] Superfluous import statements (thanks to |
+ Jerry James)</li> |
+ <li>[ 1951907 ] Missing @Deprecated annotations (thanks to |
+ Jerry James)</li> |
+ <li>[ 1951876 ] Infonode Docking Windows compile fix |
+ (thanks to Jerry James)</li> |
+ <li>[ 1936055 ] bugfix for findbugs.de.comment not working |
+ (thanks to Peter Fokkinga) |
+ </ul> |
+ </li> |
+ </ul> |
+ <li>FindBugs BlueJ plugin |
+ <ul> |
+ <li>Updated to use FindBugs 1.3.4 (first new release since |
+ 1.1.3)</li> |
+ </ul> |
+ </li> |
+ </ul> |
+ |
+ <p>Changes since version 1.3.2</p> |
+ |
+ <ul> |
+ <li>FindBugs base |
+ <ul> |
+ <li>New Detectors: |
+ <ul> |
+ <li>FieldItemSummary: Produces summary information for |
+ what is stored into fields</li> |
+ <li>SynchronizeOnClassLiteralNotGetClass: Look for code |
+ that synchronizes on the results of getClass rather than on |
+ class literals</li> |
+ <li>SynchronizingOnContentsOfFieldToProtectField: This |
+ detector looks for code that seems to be synchronizing on a |
+ field in order to guard updates of that field</li> |
+ </ul> |
+ </li> |
+ <li>New BugCode: |
+ <ul> |
+ <li>HRS: HTTP Response splitting vulnerability</li> |
+ <li>WL: Possible locking on wrong object</li> |
+ </ul> |
+ </li> |
+ <li>New Reports: |
+ <ul> |
+ <li>DMI_CONSTANT_DB_PASSWORD: This code creates a database |
+ connect using a hard coded, constant password</li> |
+ <li>HRS_REQUEST_PARAMETER_TO_COOKIE: HTTP cookie formed |
+ from untrusted input</li> |
+ <li>HRS_REQUEST_PARAMETER_TO_HTTP_HEADER: HTTP parameter |
+ directly written to HTTP header output</li> |
+ <li>CN_IMPLEMENTS_CLONE_BUT_NOT_CLONEABLE: Class defines |
+ clone() but doesn't implement Cloneable</li> |
+ <li>DL_SYNCHRONIZATION_ON_BOXED_PRIMITIVE: Synchronization |
+ on boxed primitive could lead to deadlock</li> |
+ <li>DL_SYNCHRONIZATION_ON_BOOLEAN: Synchronization on |
+ Boolean could lead to deadlock</li> |
+ <li>ML_SYNC_ON_FIELD_TO_GUARD_CHANGING_THAT_FIELD: |
+ Synchronization on field in futile attempt to guard that field |
+ </li> |
+ <li>DLS_DEAD_LOCAL_STORE_IN_RETURN: Useless assignment in |
+ return statement</li> |
+ <li>WL_USING_GETCLASS_RATHER_THAN_CLASS_LITERAL: |
+ Synchronization on getClass rather than class literal</li> |
+ </ul> |
+ </li> |
+ <li>Other: |
+ <ul> |
+ <li>Many enhancements to cross-site scripting detector and |
+ its documentation</li> |
+ <li>Enhanced switch fall through handling</li> |
+ <li>Enhanced unread field handling (look for IF_ACMPEQ and |
+ IF_ACMPNE)</li> |
+ <li>Clarified documentation for @Nullable in manual</li> |
+ <li>Fewer DeadLocalStore false positives</li> |
+ <li>Fewer UnreadField false positives</li> |
+ <li>Fewer StaticCalendarDetector false positives</li> |
+ <li>Performance fix for slow file system IO e.g. Clearcase |
+ repositories (thanks, Andrei!)</li> |
+ <li>Other, general performance enhancements (thanks, |
+ Andrei!)</li> |
+ <li>Enhancements for using FindBugs scripts with MKS on |
+ Windows (thanks, Kelly O'Hair!)</li> |
+ <li>Noted in the manual that jsr305.jar must be present |
+ for annotations to compile</li> |
+ <li>Added and fine-tuned default-nullness annotations</li> |
+ <li>More CWE IDs added</li> |
+ <li>Check and warning for unexpected BCEL version in |
+ classpath</li> |
+ </ul> |
+ </li> |
+ <li>Fixes: |
+ <ul> |
+ <li>Bug fix to handling of local variable tables in BCEL</li> |
+ <li>Refined documentation for |
+ MTIA_SUSPECT_STRUTS_INSTANCE_FIELD</li> |
+ <li>[ 1927295 ] NPE when called on project root</li> |
+ <li>[ 1926405 ] Incorrect dead store warning</li> |
+ <li>[ 1926409 ] Incorrect redundant nullcheck warning</li> |
+ <li>[ 1926389 ] Wrong line number printed/highlighted in |
+ bug</li> |
+ <li>[ 1927040 ] typo in bug description</li> |
+ <li>[ 1926263 ] Minor glitch in HTML output</li> |
+ <li>[ 1926240 ] Minor error in standard options in manual</li> |
+ <li>[ 1926236 ] Minor bug in installation section of |
+ manual</li> |
+ <li>[ 1925539 ] ZIP is default file system code base</li> |
+ <li>[ 1894701 ] Livelock / memory leak in |
+ ObjectTypeFactory (thanks, Andrei!)</li> |
+ <li>[ 1867491 ] Doesn't reload annotations after code |
+ changes in IDE (thanks, Andrei!)</li> |
+ <li>[ 1921399 ] -project option not supported</li> |
+ <li>[ 1913834 ] "Dead" store to variable with method call</li> |
+ <li>[ 1917352 ] H B se:...field in serializable class</li> |
+ <li>[ 1911617 ] CloneIdiom relies on |
+ getNameConstantOperand for INSTANCEOF</li> |
+ <li>[ 1911620 ] False +: DLS predecrement before return</li> |
+ <li>[ 1871376 ] False negative: non-serializable Map field</li> |
+ <li>[ 1871051 ] non standard clone() method</li> |
+ <li>[ 1908854 ] Error in TestASM</li> |
+ <li>[ 1907539 ] 22 minor errors in bug checker |
+ documentation</li> |
+ <li>[ 1897323 ] EJB implementation class false positives</li> |
+ <li>[ 1899648 ] Crash on startup on Vista with Java |
+ 1.6.0_04</li> |
+ </ul> |
+ </li> |
+ </ul> |
+ </li> |
+ <li>FindBugs Eclipse plugin (change log by Andrey Loskutov) |
+ <ul> |
+ <li>new feature: export basic FindBugs numbers for projects |
+ via File->Export->Java->BugCounts (Andrey Loskutov)</li> |
+ <li>new feature: jobs for different projects will be run in |
+ parallel per default if running on a multi-core PC |
+ ("fb.allowParallelBuild" system property not used anymore) |
+ (Andrey Loskutov)</li> |
+ <li>fixed performance slowdown in the multi-threaded build, |
+ caused by workspace operation locks during assigning marker |
+ attributes (Andrey Loskutov)</li> |
+ </ul> |
+ </li> |
+ </ul> |
+ |
+ <p>Changes since version 1.3.1</p> |
+ |
+ <ul> |
+ <li>FindBugs base |
+ <ul> |
+ <li>New Bug Category: |
+ <ul> |
+ <li>SECURITY (Abbrev: S), A use of untrusted input in a |
+ way that could create a remotely exploitable security |
+ vulnerability</li> |
+ </ul> |
+ </li> |
+ <li>New Detectors: |
+ <ul> |
+ <li>CrossSiteScripting: This detector looks for |
+ obvious/blatant cases of cross site scripting vulnerabilities</li> |
+ </ul> |
+ </li> |
+ <li>New BugCode: |
+ <ul> |
+ <li>XSS: Cross site scripting</li> |
+ </ul> |
+ </li> |
+ <li>New Reports: |
+ <ul> |
+ <li>XSS_REQUEST_PARAMETER_TO_SERVLET_WRITER: HTTP |
+ parameter directly written to Servlet output, giving XSS |
+ vulnerability</li> |
+ <li>XSS_REQUEST_PARAMETER_TO_JSP_WRITER: HTTP parameter |
+ directly written to JSP output, giving XSS vulnerability</li> |
+ <li>EQ_OTHER_USE_OBJECT: equals() method defined that |
+ doesn't override Object.equals(Object)</li> |
+ <li>EQ_OTHER_NO_OBJECT: equals() method inherits rather |
+ than overrides equals(Object)</li> |
+ <li>NP_NULL_ON_SOME_PATH_MIGHT_BE_INFEASIBLE: Possible |
+ null pointer dereference on path that might be infeasible</li> |
+ </ul> |
+ </li> |
+ <li>Other: |
+ <ul> |
+ <li>Added -noClassOk command-line parameter to |
+ command-line and ant interfaces; when -noClassOk is specified |
+ and no classfiles are given, FindBugs will print a warning |
+ message and output a well- formed file with no warnings</li> |
+ <li>Fewer false positives for null pointer bugs</li> |
+ <li>Suppress dead-local-store false positives in .jsp code</li> |
+ <li>Type fixes in warning messages</li> |
+ <li>Better warning message for NP_NULL_ON_SOME_PATH</li> |
+ <li>"WMI" bug code description renamed from "Wrong Map |
+ Iterator" to "Inefficient Map Iterator"</li> |
+ </ul> |
+ </li> |
+ <li>Fixes: |
+ <ul> |
+ <li>[ 1893048 ] FindBugs confused by a findbugs.xml file</li> |
+ <li>[ 1878528 ] XSL xforms don't support history features</li> |
+ <li>[ 1876584 ] two default.xsl flaws</li> |
+ <li>[ 1874856 ] Format string bug detector doesn't handle |
+ special operators</li> |
+ <li>[ 1872645 ] computeBugHistory - |
+ java.lang.IllegalArgumentException</li> |
+ <li>[ 1872237 ] Ant task fails when no .class files</li> |
+ <li>[ 1868670 ] Filters: include AND exclude don't allowed</li> |
+ <li>[ 1868666 ] check-for-oddness reported, but array |
+ length can never be negative</li> |
+ <li>[ 1866108 ] SetBugDatabaseInfoTask strips dir from |
+ output filename</li> |
+ <li>[ 1866021 ] MineBugHistoryTask strips dir of output |
+ filename</li> |
+ <li>[ 1865265 ] code doesn't handle |
+ StringBuffer.append([CII) right</li> |
+ <li>[ 1864793 ] Warning when casting a null reference |
+ compared to a String</li> |
+ <li>[ 1863376 ] Typo in manual chap 8: Filter Files</li> |
+ <li>[ 1862705 ] Transient fields that default to null</li> |
+ <li>[ 1842545 ] DLS on catch variable (with priority |
+ tweaking)</li> |
+ <li>[ 1816258 ] false positive BC_IMPOSSIBLE_CAST</li> |
+ <li>[ 1551732 ] Get erroneous DLS with while loop</li> |
+ </ul> |
+ </li> |
+ </ul> |
+ </li> |
+ <li>FindBugs Eclipse plugin (change log by Andrey Loskutov) |
+ <ul> |
+ <li>new feature: added Bug explorer view (replacing Bug tree |
+ view), based on Common Navigator framework (Andrey Loskutov)</li> |
+ <li>bug 1873860 fixed: empty projects are no longer shown in |
+ Bug tree view (Andrey Loskutov)</li> |
+ <li>new feature: bug counts decorators for projects, folders |
+ and files (has to be activated via Preferences -> general |
+ -> appearance -> label decorations)(Andrey Loskutov)</li> |
+ <li>patch 1746499: better icons (Alessandro Nistico)</li> |
+ <li>patch 1893685: Find bug actions on change sets bug |
+ (Alessandro Nistico)</li> |
+ <li>fixed bug 1855384: Bug configuration is broken in |
+ Eclipse (Andrey Loskutov)</li> |
+ <li>refactored FindBugs properties page (Andrey Loskutov)</li> |
+ <li>refactored FindBugs worker/builder/run action (Andrey |
+ Loskutov)</li> |
+ <li>FB detects now only bugs from classes on project's |
+ classpath (no double work on duplicated class files) (Andrey |
+ Loskutov)</li> |
+ <li>fixed bug introduced by the bad patch for 1867951: FB |
+ cannot be executed incrementally on a folder of file (Andrey |
+ Loskutov)</li> |
+ <li>fixed job rule: now jobs for different projects may run |
+ in parallel if running on a multi-core PC and |
+ "fb.allowParallelBuild" system property is set to true (Andrey |
+ Loskutov)</li> |
+ <li>fixed FB auto-build not started if .fbprefs or |
+ .classpath was changed (Andrey Loskutov)</li> |
+ <li>fixed not reporting bugs on secondary types (classes |
+ defined in java files with different name) (Andrey Loskutov)</li> |
+ </ul> |
+ </li> |
+ </ul> |
+ |
+ <p>Changes since version 1.3.0</p> |
+ <ul> |
+ <li>New Reports |
+ <ul> |
+ <li>VA_FORMAT_STRING_ARG_MISMATCH: A format-string method |
+ with a variable number of arguments is called, but the number of |
+ arguments passed does not match with the number of % |
+ placeholders in the format string. This is probably not what the |
+ author intended. |
+ <li>IO_APPENDING_TO_OBJECT_OUTPUT_STREAM: This code opens a |
+ file in append mode and that wraps the result in an object |
+ output stream. This won't allow you to append to an existing |
+ object output stream stored in a file. If you want to be able to |
+ append to an object output stream, you need to keep the object |
+ output stream open. The only situation in which opening a file |
+ in append mode and the writing an object output stream could |
+ work is if on reading the file you plan to open it in random |
+ access mode and seek to the byte offset where the append |
+ started. |
+ <li>NP_BOOLEAN_RETURN_NULL: A method that returns either |
+ Boolean.TRUE, Boolean.FALSE or null is an accident waiting to |
+ happen. This method can be invoked as though it returned a value |
+ of type boolean, and the compiler will insert automatic unboxing |
+ of the Boolean value. If a null value is returned, this will |
+ result in a NullPointerException. |
+ </ul> |
+ </li> |
+ <li>Changes to Existing Reports |
+ <ul> |
+ <li>RV_DONT_JUST_NULL_CHECK_READLINE: CORRECTNESS -> |
+ STYLE</li> |
+ <li>DMI_INVOKING_TOSTRING_ON_ARRAY: Long description |
+ mentions array name whenever possible</li> |
+ </ul> |
+ </li> |
+ <li>Fixes: |
+ <ul> |
+ <li>Updated manual to mention that Java 1.5 is now a |
+ requirement for running FindBugs |
+ <li>Applied patch 1840206 fixing issue "Ant task does not |
+ work when presetdef is used" - thanks to phejl |
+ <li>Applied patch 1778690 fixing issue "Ant task: tolerate |
+ but complain about invalid auxClasspath" - thanks to David |
+ Schmidt |
+ <li>Applied patch 1852125 adding a Chinese-language GUI |
+ bundle props file - thanks to fifi |
+ <li>Applied patch 1845903 adding ability to load XML results |
+ with the Eclipse plugin - thanks to Alex Mont |
+ <li>Fixed issue 1844671 - "FP for "reversed" null check in |
+ catch for stream close" |
+ <li>Fixed issue 1836050 - "-onlyAnalyze broken" |
+ <li>Fixed issue 1853011 - "Typo: Field names should start |
+ with aN lower case letter" |
+ <li>Fixed issue 1844181 - "JNLP file does not contain all |
+ necessary JARs" |
+ <li>Fixed issue 1840245 - "xxxException class does not |
+ derive from Exception" |
+ <li>Fixed issue 1840277 - "[M D EC] Typo in bug |
+ documentation" |
+ <li>Fixed issue 1782447 - "OutOfMemoryError if i activate |
+ Findbugs on my project" |
+ <li>Fixed issue 1830576 - "[regression] keySet/entrySet |
+ false positive" |
+ </ul> |
+ </li> |
+ <li>Other: |
+ <ul> |
+ <li>New bug code: "IO" (for |
+ IO_APPENDING_TO_OBJECT_OUTPUT_STREAM)</li> |
+ <li>Added "-onlyMostRecent" option for computeBugHistory |
+ script/ant task |
+ <li>More explicit language in |
+ RV_RETURN_VALUE_IGNORED_BAD_PRACTICE messages |
+ <li>Modified ResourceValueAnalysis to correctly identify |
+ null == X or null != X as a null check (for issue 1844671) |
+ <li>Modified DMI_HARDCODED_ABSOLUTE_FILENAME logic in |
+ DumbMethodInvocations to ignore files from /etc or /dev and |
+ increase priority of files from /home |
+ <li>Better bug details for infinite loop warnings |
+ <li>Modified unread-fields detector to reduce false |
+ positives from reflective fields |
+ <li>build.xml "classes" target now builds all sources in one |
+ step |
+ </ul> |
+ </li> |
+ </ul> |
+ |
+ <p>Changes since version 1.2.1</p> |
+ <ul> |
+ <li>New Detectors and Reports |
+ <ul> |
+ <li>SynchronizationOnSharedBuiltinConstant |
+ <ul> |
+ <li>DL_SYNCHRONIZATION_ON_SHARED_CONSTANT: The code |
+ synchronizes on a shared primitive constant, such as an |
+ interned String. Such constants are interned and shared across |
+ all other classes loaded by the JVM. Thus, this could be |
+ locking on something that other code might also be locking. |
+ This could result in very strange and hard to diagnose |
+ blocking and deadlock behavior. See <a |
+ href="http://www.javalobby.org/java/forums/t96352.html">http://www.javalobby.org/java/forums/t96352.html</a> |
+ and <a href="http://jira.codehaus.org/browse/JETTY-352">http://jira.codehaus.org/browse/JETTY-352</a>. |
+ |
+ </ul> |
+ </li> |
+ <li>OverridingEqualsNotSymmetrical |
+ <ul> |
+ <li>EQ_OVERRIDING_EQUALS_NOT_SYMMETRIC: Looks for equals |
+ methods that override equals methods in a superclass where the |
+ equivalence relationship might not be symmetrical. |
+ </ul> |
+ </li> |
+ <li>CheckTypeQualifiers |
+ <ul> |
+ <li>TQ_ALWAYS_VALUE_USED_WHERE_NEVER_REQUIRED: A value |
+ specified as carrying a type qualifier annotation is consumed |
+ in a location or locations requiring that the value not carry |
+ that annotation. More precisely, a value annotated with a type |
+ qualifier specifying when=ALWAYS is guaranteed to reach a use |
+ or uses where the same type qualifier specifies when=NEVER.</li> |
+ <li>TQ_NEVER_VALUE_USED_WHERE_ALWAYS_REQUIRED: A value |
+ specified as not carrying a type qualifier annotation is |
+ guaranteed to be consumed in a location or locations requiring |
+ that the value does carry that annotation. More precisely, a |
+ value annotated with a type qualifier specifying when=NEVER is |
+ guaranteed to reach a use or uses where the same type |
+ qualifier specifies when=ALWAYS.</li> |
+ <li>TQ_MAYBE_SOURCE_VALUE_REACHES_ALWAYS_SINK: A value |
+ that might not carry a type qualifier annotation reaches a use |
+ which requires that annotation.</li> |
+ <li>TQ_MAYBE_SOURCE_VALUE_REACHES_NEVER_SINK: A value |
+ which might carry a type qualifier annotation reaches a use |
+ which forbids values carrying that annotation.</li> |
+ </ul> |
+ </li> |
+ </ul> |
+ </li> |
+ <li>New Reports (existing detectors) |
+ <ul> |
+ <li>FindHEmismatch |
+ <ul> |
+ <li>EQ_DOESNT_OVERRIDE_EQUALS: This class extends a class |
+ that defines an equals method and adds fields, but doesn't |
+ define an equals method itself. Thus, equality on instances of |
+ this class will ignore the identity of the subclass and the |
+ added fields. Be sure this is what is intended, and that you |
+ don't need to override the equals method. Even if you don't |
+ need to override the equals method, consider overriding it |
+ anyway to document the fact that the equals method for the |
+ subclass just return the result of invoking super.equals(o).</li> |
+ </ul> |
+ </li> |
+ <li>Naming |
+ <ul> |
+ <li>NM_WRONG_PACKAGE, NM_WRONG_PACKAGE_INTENTIONAL: The |
+ method in the subclass doesn't override a similar method in a |
+ superclass because the type of a parameter doesn't exactly |
+ match the type of the corresponding parameter in the |
+ superclass.</li> |
+ <li>NM_SAME_SIMPLE_NAME_AS_SUPERCLASS: This class has a |
+ simple name that is identical to that of its superclass, |
+ except that its superclass is in a different package (e.g., <code>alpha.Foo</code> |
+ extends <code>beta.Foo</code>). This can be exceptionally |
+ confusing, create lots of situations in which you have to look |
+ at import statements to resolve references and creates many |
+ opportunities to accidently define methods that do not |
+ override methods in their superclasses. |
+ </li> |
+ <li>NM_SAME_SIMPLE_NAME_AS_INTERFACE: This class/interface |
+ has a simple name that is identical to that of an |
+ implemented/extended interface, except that the interface is |
+ in a different package (e.g., <code>alpha.Foo</code> extends <code>beta.Foo</code>). |
+ This can be exceptionally confusing, create lots of situations |
+ in which you have to look at import statements to resolve |
+ references and creates many opportunities to accidently define |
+ methods that do not override methods in their superclasses. |
+ </li> |
+ </ul> |
+ <li>FindRefComparison |
+ <ul> |
+ <li>EC_UNRELATED_TYPES_USING_POINTER_EQUALITY: This method |
+ uses using pointer equality to compare two references that |
+ seem to be of different types. The result of this comparison |
+ will always be false at runtime.</li> |
+ </ul> |
+ </li> |
+ <li>IncompatMask |
+ <ul> |
+ <li>BIT_SIGNED_CHECK, BIT_SIGNED_CHECK_HIGH_BIT: This |
+ method compares an expression such as <tt>((event.detail |
+ & SWT.SELECTED) > 0)</tt>. Using bit arithmetic and then |
+ comparing with the greater than operator can lead to |
+ unexpected results (of course depending on the value of |
+ SWT.SELECTED). If SWT.SELECTED is a negative number, this is a |
+ candidate for a bug. Even when SWT.SELECTED is not negative, |
+ it seems good practice to use '!= 0' instead of '> 0'. |
+ </li> |
+ </ul> |
+ </li> |
+ <li>LazyInit |
+ <ul> |
+ <li>LI_LAZY_INIT_UPDATE_STATIC: This method contains an |
+ unsynchronized lazy initialization of a static field. After |
+ the field is set, the object stored into that location is |
+ further accessed. The setting of the field is visible to other |
+ threads as soon as it is set. If the further accesses in the |
+ method that set the field serve to initialize the object, then |
+ you have a <em>very serious</em> multithreading bug, unless |
+ something else prevents any other thread from accessing the |
+ stored object until it is fully initialized. |
+ </li> |
+ </ul> |
+ </li> |
+ <li>FindDeadLocalStores |
+ <ul> |
+ <li>DLS_DEAD_STORE_OF_CLASS_LITERAL: This instruction |
+ assigns a class literal to a variable and then never uses it. |
+ <a href="//java.sun.com/j2se/1.5.0/compatibility.html#literal">The |
+ behavior of this differs in Java 1.4 and in Java 5.</a> In Java |
+ 1.4 and earlier, a reference to <code>Foo.class</code> would |
+ force the static initializer for <code>Foo</code> to be |
+ executed, if it has not been executed already. In Java 5 and |
+ later, it does not. See Sun's <a |
+ href="//java.sun.com/j2se/1.5.0/compatibility.html#literal">article |
+ on Java SE compatibility</a> for more details and examples, and |
+ suggestions on how to force class initialization in Java 5. |
+ </li> |
+ </ul> |
+ </li> |
+ <li>MethodReturnCheck |
+ <ul> |
+ <li>RV_RETURN_VALUE_IGNORED_BAD_PRACTICE: This method |
+ returns a value that is not checked. The return value should |
+ be checked since it can indication an unusual or unexpected |
+ function execution. For example, the <code>File.delete()</code> |
+ method returns false if the file could not be successfully |
+ deleted (rather than throwing an Exception). If you don't |
+ check the result, you won't notice if the method invocation |
+ signals unexpected behavior by returning an atypical return |
+ value. |
+ </li> |
+ <li>RV_EXCEPTION_NOT_THROWN: This code creates an |
+ exception (or error) object, but doesn't do anything with it. |
+ </li> |
+ </ul> |
+ </li> |
+ </ul> |
+ </li> |
+ <li>Changes to Existing Reports |
+ <ul> |
+ <li>NS_NON_SHORT_CIRCUIT: BAD_PRACTICE -> STYLE</li> |
+ <li>NS_DANGEROUS_NON_SHORT_CIRCUIT: CORRECTNESS -> STYLE</li> |
+ <li>RC_REF_COMPARISON: CORRECTNESS -> BAD_PRACTICE</li> |
+ </ul> |
+ </li> |
+ <li>GUI Changes |
+ <ul> |
+ <li>Added importing and exporting of bug filters</li> |
+ <li>Better handling of failed analysis runs</li> |
+ <li>Added "-look" parameter for selecting look-and-feel</li> |
+ <li>Fixed incorrect package filtering</li> |
+ <li>Fixed issue where "synchronized" was not |
+ syntax-highlighted</li> |
+ </ul> |
+ </li> |
+ <li>Ant-task Changes |
+ <ul> |
+ <li>Refactored common ant-task code to AbstractFindBugsTask</li> |
+ <li>Added tasks for computeBugHistory, convertXmlToText, |
+ filterBugs, mineBugHistory, setBugDatabaseInfo</li> |
+ </ul> |
+ </li> |
+ <li>Manual |
+ <ul> |
+ <li>Updates to GUI section, including new screenshots</li> |
+ <li>Added description of rejarForAnalysis</li> |
+ <li>Revamp of data-mining section</li> |
+ </ul> |
+ </li> |
+ <li>Other Major |
+ <ul> |
+ <li>Internal restructuring for lower memory overhead</li> |
+ </ul> |
+ </li> |
+ <li>Other Minor |
+ <ul> |
+ <li>Fixed typo: was STCAL_STATIC_SIMPLE_DATA_FORMAT_INSTANCE |
+ now STCAL_STATIC_SIMPLE_DATE_FORMAT_INSTANCE</li> |
+ <li>-outputFile parameter became -output</li> |
+ <li>More sensitivity and specificity inLazyInit detector</li> |
+ <li>More sensitivity and specificity in Naming detector</li> |
+ <li>More sensitivity and specificity in UnreadFields |
+ detector</li> |
+ <li>More sensitivity in FindNullDeref detector</li> |
+ <li>More sensitivity in FindBadCast2 detector</li> |
+ <li>More specificity in FindReturnRef detector</li> |
+ <li>Many other tweaks and bug fixes</li> |
+ </ul> |
+ </li> |
+ </ul> |
+ |
+ <p>Changes since version 1.2.0</p> |
+ <ul> |
+ <li>Bug fixes: |
+ <ul> |
+ <li><a |
+ href="http://fisheye2.cenqua.com/changelog/findbugs/?cs=8219">Fix</a> |
+ <a |
+ href="http://sourceforge.net/tracker/index.php?func=detail&aid=1726946&group_id=96405&atid=614693">bug</a> |
+ with detectors that were requested to be disabled but were |
+ enabled due to requirements of other detectors.</li> |
+ <li>Fix bugs in incremental analysis within Eclipse plugin</li> |
+ <li>Fix some analysis errors</li> |
+ <li>Fix some threading bugs in GUI2</li> |
+ <li>Report version as version when it was compiled, not when |
+ it was run</li> |
+ <li>Copy analysis time stamp when filtering or transforming |
+ analysis files.</li> |
+ </ul> |
+ <li>Enabled StaticCalendarDetector</li> |
+ <li>Reworked GUI2 to use standard FindBugs filters |
+ <ul> |
+ <li>Allow a suppression filter to be stored in a project and |
+ persisted to the XML representation of a project.</li> |
+ </ul> |
+ </li> |
+ |
+ <li>Move away from old GUI2 save format (a directory |
+ containing an xml file and another file containing serialized |
+ filters).</li> |
+ <li>Support/recommend use of two new file extensions/formats: |
+ <dl> |
+ <dt>.fba - FindBugs Analysis File</dt> |
+ <dd>Exactly the same as an existing bug collection file |
+ stored in XML format, but using a distinct file extension to |
+ make it easier to figure out which xml files contain FindBugs |
+ results.</dd> |
+ <dt>.fbp - FindBugs Project File</dt> |
+ <dd>Contains just the information needed to run FindBugs and |
+ display the results (e.g., the files to be analyzed, the |
+ auxiliary class path and the location of source files) |
+ </dl> |
+ </li> |
+ </ul> |
+ <p>Changes since version 1.1.3</p> |
+ <ul> |
+ <li>Added -xml:withAbridgedMessages option to generate xml |
+ containing shorter messages. The messages will be shorted by doing |
+ things like eliding package names, and leaving off the source line |
+ from the LongMessage. These messages are appropriate if being used |
+ in a context where the non-message components of the bug |
+ annotations will be used to provide more information (e.g., |
+ clicking on the message for a MethodAnnotation will display the |
+ source for the method). |
+ <ul> |
+ <li>FindBugsDisplayFeatures.setAbridgedMessages(true) can be |
+ used to generate abridged messages when FindBugs is being |
+ accessed directly (not via generated XML) from a GUI or IDE.</li> |
+ </ul> |
+ <li>In null pointer analysis, try to be better about always |
+ showing two locations: where it is known null and where it is |
+ dereferenced. |
+ <li>Interprocedural analysis of which methods return nonnull |
+ values |
+ <li>Use method calls to select order in which classes are |
+ analyzed, and order in which methods are analyzed, to improve |
+ interprocedural analysis results. |
+ <li>Significant improvements in memory footprint, memory |
+ allocation and CPU utilization (20-30% reduction in all three) |
+ <li>Added a project name, to provide better descriptions in |
+ the HTML output. |
+ <li>Added new bug pattern: Casting to char, or bit masking |
+ with nonnegative value, and then checking to see if the result is |
+ negative. |
+ <li>Stopped reporting transient fields of classes not marked |
+ as serializable. Transient is used by other persistence |
+ frameworks. |
+ <li>Improvements to detector for SQL injection (Thanks to <a |
+ href="http://www.clock.org/~matt">Matt Hargett</a> for his |
+ contributions |
+ <li>Changed open/save options in GUI2 to not distinguish |
+ between FindBugs projects and saved FindBugs analysis results. |
+ <li>Improvements to detection of serious non-short-circuit |
+ evaluation. |
+ <li>Updated Japanese localization (thanks to Ruimo Uno) |
+ <li>Eclipse plugin changes: |
+ <ul> |
+ <li>Created Bug User Annotations and Bug Tree Views |
+ <li>Use different icons for different bug priorities |
+ <li>Provide more information in Bug Details view |
+ </ul> |
+ </ul> |
+ |
+ <p>Changes since version 1.1.2:</p> |
+ <ul> |
+ <li>Fixed broken Ant task |
+ <li>Added running ant task to smoke test |
+ <li>Added validating xml and html output to smoke test |
+ <li>Fixed some (but not all) issues with html output |
+ validation |
+ <li>Added check for x.equals(x) and x.compareTo(x) |
+ <li>Various bug fixes |
+ </ul> |
+ <p>Changes since version 1.1.1:</p> |
+ <ul> |
+ <li>Added check for infinite iterative loops</li> |
+ <li>Added check for use of incompatible types in a collection |
+ (e.g., checking to see if a Set<String> contains a |
+ StringBuffer).</li> |
+ <li>Added check for invocations of equals or hashCode on a |
+ URL, which, <a |
+ href="http://michaelscharf.blogspot.com/2006/11/javaneturlequals-and-hashcode-make.html">surprising |
+ many people</a>, requires DNS resolution. |
+ </li> |
+ <li>Added check for classes that define compareTo but not |
+ equals; such classes can exhibit some anomalous behavior (e.g., |
+ they are treated differently by PriorityQueues in Java 5 and Java |
+ 6).</li> |
+ <li>Added a check for useless self operations (e.g., x < x |
+ or x ^ x).</li> |
+ <li>Fixed a data race that could cause the GUI to fail on |
+ startup</li> |
+ <li>Partial internationalization of the new GUI</li> |
+ <li>Fix bug in "Redo analysis" option of new GUI</li> |
+ <li>Tuning to reduce false positives</li> |
+ <li>Fixed a bug in null pointer analysis that was generating |
+ false positive null pointer warnings on exception paths. Fixing |
+ this bug eliminates about 1/4 of the warnings on null pointer |
+ exceptions on exception paths.</li> |
+ <li>Fixed a bug in the processing of phi nodes for fields in |
+ the null pointer analysis</li> |
+ <li>Applied contributed patch that provides more quick fixes |
+ in Eclipse plugin.</li> |
+ <li>Fixed a number of bugs in the Eclipse auto update sites, |
+ and in the way date qualifiers were being used in the Eclipse |
+ plugin. You may need to manually disable your existing version of |
+ the plugin and download the 1.1.2 from the update site to get the |
+ automatic update function working correctly. The Eclipse update |
+ sites are described at <a |
+ href="http://findbugs.cs.umd.edu/eclipse/">http://findbugs.cs.umd.edu/eclipse/</a>. |
+ |
+ </li> |
+ <li>Fixed progress bar in Eclipse plugin</li> |
+ <li>A number of other bug fixes.</li> |
+ </ul> |
+ |
+ <p>Changes since version 1.1.0:</p> |
+ <ul> |
+ <li>less scanning of classes not on the analysis path (This |
+ was causing some performance problems.)</li> |
+ <li>no unread field warnings for fields annotated with |
+ javax.persistent or javax.ejb3</li> |
+ <li>Eclipse plugin |
+ <ul> |
+ <li>bug annotation info displayed in Bug Details tab</li> |
+ <li>.fbwarnings data file now stored in .metadata (not in |
+ the project itself)</li> |
+ </ul> |
+ </li> |
+ <li>new SE_BAD_FIELD_INNER_CLASS pattern</li> |
+ <li>updates to Japanese translation (ruimo)</li> |
+ <li>fix some internal slashed/dotted path confusion</li> |
+ <li>other minor improvements</li> |
+ </ul> |
+ |
+ <p>Changes since version 1.0.0:</p> |
+ |
+ <ul> |
+ <li>Overall, the change from FindBugs 1.0.0 to FindBugs 1.1.0 |
+ has been a big change. We've done a lot of work in a lot of areas, |
+ and aren't even going to try to enumerate all the changes.</li> |
+ <li>We spent a lot of time reviewing the results generated by |
+ FindBugs for open source and commercial code bases, and made a |
+ number of changes, small and large, to minimize the number of |
+ false positives. Our primary focus for this was warnings reported |
+ as high and medium priority correctness warnings. Our internal |
+ evaluation is that we produce very few high/medium priority |
+ correctness warnings where the analysis is actually wrong, and |
+ that more than 75% of the high/medium priority correctness |
+ warnings correspond to real coding defects that need addressing in |
+ the source code. The remaining 25% are largely cases such as a |
+ branch or statement that if taken would lead to an error, but in |
+ fact is a dead branch or statement that can never be taken. Such |
+ coding is confusing and hard to maintain, so it should arguably be |
+ fixed, but it is unlikely to actually result in an error during |
+ execution. Thus, some might classify those warnings as false |
+ positives.</li> |
+ <li>We've substantially improved the analysis for errors that |
+ could result in null pointer dereferences. Overall, our experience |
+ has been that these changes have roughly doubled the number of |
+ null pointer errors we detect, without increasing the number of |
+ false positives (in fact, our false positive rate has gone down). |
+ The improvements are due to four factors: |
+ <ul> |
+ <li>By default, we now do some interprocedural analysis to |
+ determine methods that unconditionally dereference their |
+ parameters.</li> |
+ <li>FindBugs also comes with a model of which JDK methods |
+ unconditionally dereference their parameters.</li> |
+ <li>We do limited tracking of fields, so that we can detect |
+ null values stored in fields that lead to exceptions.</li> |
+ <li>We implemented a new analysis technique to find |
+ guaranteed dereferences. Consider the following example: <pre>public int f(Object x, boolean b) { |
int result = 0; |
if (x == null) result++; |
else result--; |
@@ -1497,1299 +1552,1299 @@ |
} |
</pre> |
- <p> |
- FindBugs 1.0 used forward dataflow analysis to determine |
- whether each value is definitely null, null on a simple path, |
- possible null on a complex path, or definitely nonnull. Thus, |
- at the statement where |
- <code> result </code> |
- is decremented, we know that |
- <code> x </code> |
- is definitely null, and at the point before |
- <code> if (b) </code> |
- , we know that |
- <code> x </code> |
- is null on a simple path. If |
- <code> x </code> |
- were to be dereferenced here, we would generate a warning, |
- because if the else branch of the |
- <code> if (x == null) </code> |
- were ever taken, a null pointer exception would result. |
- </p> |
- |
- <p> |
- However, in both the then and else branches of the |
- <code> if (b) </code> |
- statement, |
- <code> x </code> |
- is only null on a complex path that may be infeasible. It might |
- be that the program logic is such that if |
- <code> x </code> |
- is null, then |
- <code> b </code> |
- is never true, so generating a warning about the dereference in |
- the then clause might be a false positive. We could try to |
- analyze the program to determine whether it is possible for |
- <code> x </code> |
- to be null and |
- <code> b </code> |
- to be true, but that can be a hard analysis problem. |
- </p> |
- |
- <p> |
- However, |
- <code> x </code> |
- is dereferenced in both the then <em>and</em> else branches of |
- the |
- <code> if (b) </code> |
- statement. So at the point immediately before |
- <code> if (b) </code> |
- , we know that |
- <code> x </code> |
- is null on a simple path <em>and</em> that |
- <code> x </code> |
- is guaranteed to be dereferenced on all paths from this point |
- forward. FindBugs 1.1 performs a backwards data flow analysis |
- to determine the values that are guaranteed to be dereferenced, |
- and will generate a warning in this case. |
- </p> |
- </li> |
- </ul> |
- <p> |
- The following screen shot of our new GUI shows an example of this |
- analysis, as well as showing off our new GUI and points out a |
- limitation of our current plugins for Eclipse and NetBeans. The |
- screen shot shows a null pointer bug in HelpDisplay.java. The |
- test for |
- <code> href!=null </code> |
- on line 78 suggests that |
- <code> href </code> |
- could be null. If it is, then |
- <code> href </code> |
- will be dereferenced on either line 87 or on line 90, generating |
- a NPE. Note that our analysis here also understands that passing |
- <code> href </code> |
- to |
- <code> URLEncoder.encode </code> |
- will deference it, and thus treats line 87 as a dereference, even |
- though |
- <code> href </code> |
- is not actually dereferenced at that line. Within our new GUI, |
- all of these locations are highlighted and listed in the summary |
- panel. In the original GUI (and in HTML output) we list all of |
- the locations, but only the primary location is highlighted by |
- the original GUI. In the Eclipse and NetBeans plugins, only the |
- primary location is displayed; fixing this is on our todo list |
- (contributions welcome). |
- </p> |
- <p> |
- <img src="guaranteedDereference.png" alt=""> |
- |
- |
- </p> |
- |
- </li> |
- <li>Preliminary support for detectors using the frameworks |
- other than BCEL, such as the <a href="http://asm.objectweb.org/">ASM</a> |
- bytecode framework. You may experiment with writing ASM-based |
- detectors, but beware the API may still change (which could |
- possibly also affect BCEL-based detectors). In general, we've |
- started trying to move away from a deep dependence on BCEL, but |
- that change is only partially complete. Probably best to just |
- avoid this until we complete more work on this. This change is |
- only visible to FindBugs plugin developers, and shouldn't be |
- visible to FindBugs users. |
- </li> |
- <li> |
- <p>Bug categories (CORRECTNESS, MT_CORRECTNESS, etc.) are no |
- longer hard-coded, but rather defined in xml files associated |
- with plugins, including the core plugin which defines the |
- standard categories. Third-party plugins can define their own |
- categories.</p> |
- </li> |
- <li> |
- <p>Several bug patterns have been moved from CORRECTNESS and |
- STYLE into a new category, BAD_PRACTICE. The English localization |
- of STYLE has changed from "Style" to "Dodgy."</p> |
- <p>In general, we've worked very hard to limit CORRECTNESS |
- bugs to be real programming errors and sins of commission. We |
- have reclassified as BAD_PRACTICE a number of bad design |
- practices that result in overly fragile code, such as defining an |
- equals method that doesn't accept null or defining class with a |
- equals method that inherits hashCode from class Object.</p> |
- <p>In general, our guidelines for deciding whether a bug |
- should be classified as CORRECTNESS, BAD_PRACTICE or STYLE are:</p> |
- <dl> |
- <dt>CORRECTNESS</dt> |
- <dd>A problem that we can recognize with high confidence and |
- is an issue that we believe almost all developers would want to |
- examine and address. We recommend that software teams review all |
- high and medium priority warnings in their entire code base.</dd> |
- <dt>BAD_PRACTICE</dt> |
- <dd>A problem that we can recognize with high confidence and |
- represents a clear violation of recommended and standard coding |
- practice. We believe each software team should decide which bad |
- practices identified by FindBugs it wants to prohibit in the |
- team's coding standard, and take action to remedy violations of |
- those coding standards.</dd> |
- <dt>STYLE</dt> |
- <dd>These are places where something strange or dodgy is |
- going on, such as a dead store to a local variable. Typically, |
- less than half of these represent actionable programming |
- defects. Reviewing these warnings in any code under active |
- development is probably a good idea, but reviewing all such |
- warnings in your entire code base might be appropriate only in |
- some situations. Individual or team programming styles can |
- substantially influence the effectiveness of each of these |
- warnings (e.g., you might have a coding practice or style in |
- your group that confuses one of the detectors into generating a |
- lot of STYLE warnings); you will likely want to selectively |
- suppress or report the STYLE warnings that are effective for |
- your group.</dd> |
- </dl> |
- </li> |
- <li>Released a preliminary version of a new GUI (known |
- internally as GUI2 -- not very creative, huh?)</li> |
- <li>Provided standard ways to mark user designations of bug |
- warnings (e.g., as NOT_A_BUG or SHOULD_FIX). The internal logic |
- now records this, it is represented in the XML file, and GUI2 |
- allows the designations to be applied (along with free-form user |
- annotations about each warning). The user designations and |
- annotations are not yet supported by the Eclipse plugin, but we |
- clearly want to support it in Eclipse shortly.</li> |
- <li>Added a check for a bad comparison with a signed byte with |
- a value not in the range -128..127. For example: <pre>boolean find200(byte b[]) { |
+ <p> |
+ FindBugs 1.0 used forward dataflow analysis to determine |
+ whether each value is definitely null, null on a simple path, |
+ possible null on a complex path, or definitely nonnull. Thus, |
+ at the statement where |
+ <code> result </code> |
+ is decremented, we know that |
+ <code> x </code> |
+ is definitely null, and at the point before |
+ <code> if (b) </code> |
+ , we know that |
+ <code> x </code> |
+ is null on a simple path. If |
+ <code> x </code> |
+ were to be dereferenced here, we would generate a warning, |
+ because if the else branch of the |
+ <code> if (x == null) </code> |
+ were ever taken, a null pointer exception would result. |
+ </p> |
+ |
+ <p> |
+ However, in both the then and else branches of the |
+ <code> if (b) </code> |
+ statement, |
+ <code> x </code> |
+ is only null on a complex path that may be infeasible. It might |
+ be that the program logic is such that if |
+ <code> x </code> |
+ is null, then |
+ <code> b </code> |
+ is never true, so generating a warning about the dereference in |
+ the then clause might be a false positive. We could try to |
+ analyze the program to determine whether it is possible for |
+ <code> x </code> |
+ to be null and |
+ <code> b </code> |
+ to be true, but that can be a hard analysis problem. |
+ </p> |
+ |
+ <p> |
+ However, |
+ <code> x </code> |
+ is dereferenced in both the then <em>and</em> else branches of |
+ the |
+ <code> if (b) </code> |
+ statement. So at the point immediately before |
+ <code> if (b) </code> |
+ , we know that |
+ <code> x </code> |
+ is null on a simple path <em>and</em> that |
+ <code> x </code> |
+ is guaranteed to be dereferenced on all paths from this point |
+ forward. FindBugs 1.1 performs a backwards data flow analysis |
+ to determine the values that are guaranteed to be dereferenced, |
+ and will generate a warning in this case. |
+ </p> |
+ </li> |
+ </ul> |
+ <p> |
+ The following screen shot of our new GUI shows an example of this |
+ analysis, as well as showing off our new GUI and points out a |
+ limitation of our current plugins for Eclipse and NetBeans. The |
+ screen shot shows a null pointer bug in HelpDisplay.java. The |
+ test for |
+ <code> href!=null </code> |
+ on line 78 suggests that |
+ <code> href </code> |
+ could be null. If it is, then |
+ <code> href </code> |
+ will be dereferenced on either line 87 or on line 90, generating |
+ a NPE. Note that our analysis here also understands that passing |
+ <code> href </code> |
+ to |
+ <code> URLEncoder.encode </code> |
+ will deference it, and thus treats line 87 as a dereference, even |
+ though |
+ <code> href </code> |
+ is not actually dereferenced at that line. Within our new GUI, |
+ all of these locations are highlighted and listed in the summary |
+ panel. In the original GUI (and in HTML output) we list all of |
+ the locations, but only the primary location is highlighted by |
+ the original GUI. In the Eclipse and NetBeans plugins, only the |
+ primary location is displayed; fixing this is on our todo list |
+ (contributions welcome). |
+ </p> |
+ <p> |
+ <img src="guaranteedDereference.png" alt=""> |
+ |
+ |
+ </p> |
+ |
+ </li> |
+ <li>Preliminary support for detectors using the frameworks |
+ other than BCEL, such as the <a href="http://asm.objectweb.org/">ASM</a> |
+ bytecode framework. You may experiment with writing ASM-based |
+ detectors, but beware the API may still change (which could |
+ possibly also affect BCEL-based detectors). In general, we've |
+ started trying to move away from a deep dependence on BCEL, but |
+ that change is only partially complete. Probably best to just |
+ avoid this until we complete more work on this. This change is |
+ only visible to FindBugs plugin developers, and shouldn't be |
+ visible to FindBugs users. |
+ </li> |
+ <li> |
+ <p>Bug categories (CORRECTNESS, MT_CORRECTNESS, etc.) are no |
+ longer hard-coded, but rather defined in xml files associated |
+ with plugins, including the core plugin which defines the |
+ standard categories. Third-party plugins can define their own |
+ categories.</p> |
+ </li> |
+ <li> |
+ <p>Several bug patterns have been moved from CORRECTNESS and |
+ STYLE into a new category, BAD_PRACTICE. The English localization |
+ of STYLE has changed from "Style" to "Dodgy."</p> |
+ <p>In general, we've worked very hard to limit CORRECTNESS |
+ bugs to be real programming errors and sins of commission. We |
+ have reclassified as BAD_PRACTICE a number of bad design |
+ practices that result in overly fragile code, such as defining an |
+ equals method that doesn't accept null or defining class with a |
+ equals method that inherits hashCode from class Object.</p> |
+ <p>In general, our guidelines for deciding whether a bug |
+ should be classified as CORRECTNESS, BAD_PRACTICE or STYLE are:</p> |
+ <dl> |
+ <dt>CORRECTNESS</dt> |
+ <dd>A problem that we can recognize with high confidence and |
+ is an issue that we believe almost all developers would want to |
+ examine and address. We recommend that software teams review all |
+ high and medium priority warnings in their entire code base.</dd> |
+ <dt>BAD_PRACTICE</dt> |
+ <dd>A problem that we can recognize with high confidence and |
+ represents a clear violation of recommended and standard coding |
+ practice. We believe each software team should decide which bad |
+ practices identified by FindBugs it wants to prohibit in the |
+ team's coding standard, and take action to remedy violations of |
+ those coding standards.</dd> |
+ <dt>STYLE</dt> |
+ <dd>These are places where something strange or dodgy is |
+ going on, such as a dead store to a local variable. Typically, |
+ less than half of these represent actionable programming |
+ defects. Reviewing these warnings in any code under active |
+ development is probably a good idea, but reviewing all such |
+ warnings in your entire code base might be appropriate only in |
+ some situations. Individual or team programming styles can |
+ substantially influence the effectiveness of each of these |
+ warnings (e.g., you might have a coding practice or style in |
+ your group that confuses one of the detectors into generating a |
+ lot of STYLE warnings); you will likely want to selectively |
+ suppress or report the STYLE warnings that are effective for |
+ your group.</dd> |
+ </dl> |
+ </li> |
+ <li>Released a preliminary version of a new GUI (known |
+ internally as GUI2 -- not very creative, huh?)</li> |
+ <li>Provided standard ways to mark user designations of bug |
+ warnings (e.g., as NOT_A_BUG or SHOULD_FIX). The internal logic |
+ now records this, it is represented in the XML file, and GUI2 |
+ allows the designations to be applied (along with free-form user |
+ annotations about each warning). The user designations and |
+ annotations are not yet supported by the Eclipse plugin, but we |
+ clearly want to support it in Eclipse shortly.</li> |
+ <li>Added a check for a bad comparison with a signed byte with |
+ a value not in the range -128..127. For example: <pre>boolean find200(byte b[]) { |
for(int i = 0; i < b.length; i++) if (b[i] == 200) return i; |
return -1; |
} |
</pre> |
- </li> |
- <li>Added a checking for testing if a value is equal to |
- Double.NaN (no value is equal to NaN, not even NaN).</li> |
- <li>Added a check for using a class with an equals method but |
- no hashCode method in a hashed data structure.</li> |
- <li>Added check for uncallable method of an anonymous inner |
- class. For example, in the following code, it is impossible to |
- invoke the initalValue method (because the name is misspelled and |
- as a result is doesn't override a method in ThreadLocal). <pre>private static ThreadLocal serialNum = new ThreadLocal() { |
+ </li> |
+ <li>Added a checking for testing if a value is equal to |
+ Double.NaN (no value is equal to NaN, not even NaN).</li> |
+ <li>Added a check for using a class with an equals method but |
+ no hashCode method in a hashed data structure.</li> |
+ <li>Added check for uncallable method of an anonymous inner |
+ class. For example, in the following code, it is impossible to |
+ invoke the initalValue method (because the name is misspelled and |
+ as a result is doesn't override a method in ThreadLocal). <pre>private static ThreadLocal serialNum = new ThreadLocal() { |
protected synchronized Object initalValue() { |
return new Integer(nextSerialNum++); |
} |
}; |
</pre> |
- </li> |
- <li>Added check for a dead local store caused by a switch |
- statement fall through</li> |
- <li>Added check for computing the absolute value of a random |
- 32 bit integer or of a hashcode. This is broken because <code> |
- Math.abs(Integer.MIN_VALUE) == Integer.MIN_VALUE </code> , and thus |
- result of calling Math.abs, which is expected to be nonnegative, |
- will in fact be negative one time out of 2 <sup> 32 </sup> , which |
- will invariably be the time your boss is demoing the software to |
- your customers. |
- |
- </li> |
- <li>More careful resolution of inherited methods and fields. |
- Some of the shortcuts we were taking in FindBugs 1.0.0 were |
- leading to inaccurate results, and it was fairly easy to address |
- this by making the analysis more accurate.</li> |
- <li>Overall, analysis times are about 1.6 times longer in |
- FindBugs 1.1.0 than in FindBugs 1.0.0. This is because we have |
- enabled substantial additional analysis at the default effort |
- level (the actual analysis engine is significantly faster than in |
- FindBugs 1.0). On a recent AMD Athlon processor, analyzing |
- JDK1.6.0 (about 1 million lines of code) requires about 15 minutes |
- of wall clock time.</li> |
- <li>Provided class and script (printClass) to print classfile |
- in the human readable format produced by BCEL</li> |
- <li>Provided -findSource option to setBugDatabaseInfo</li> |
- </ul> |
- |
- |
- <p>Changes since version 0.9.7:</p> |
- |
- <ul> |
- <li>fix ObjectTypeFactory bug that was suppressing some bugs</li> |
- <li>opcode stack may determine definite zeros on some paths</li> |
- <li>opcode stack can track some constant string concatenations |
- (dbrosius)</li> |
- <li>default effort performs iterative opcode analysis (but min |
- effort does not)</li> |
- <li>default heap size upped to 384m</li> |
- <li>schema for XML output available: bugcollection.xsd</li> |
- <li>fixed some internal confusion between dotted and slashed |
- class names</li> |
- <li>New detectors |
- <ul> |
- <li>CheckImmutableAnnotation.java: checks JCIP annotations</li> |
- </ul> |
- </li> |
- <li>Updated detectors |
- <ul> |
- <li>BadRegEx.java: understands Pattern.LITERAL, warns about |
- "."</li> |
- <li>FindUnreleasedLock.java: fewer false positives</li> |
- <li>DumbMethods.java: check for vacuous comparisons to |
- MAX_INTEGER or MIN_INTEGER, fix bugs detecting |
- DM_NEXTINT_VIA_NEXTDOUBLE</li> |
- <li>FindPuzzlers.java: detect <tt>n%2==1</tt>, detect |
- toString() on array types |
- </li> |
- <li>FindInconsistentSync2.java: detects IS_FIELD_NOT_GUARDED |
- </li> |
- <li>MethodReturnCheck.java: add check for discarded newly |
- constructed values, increase priority of some ignored |
- constructed exceptions, better handling of bytecode compiled by |
- Eclipse</li> |
- <li>FindEmptySynchronizedBlock.java: better handling of |
- bytecode compiled by Eclipse</li> |
- <li>DoInsideDoPrivileged.java: warn if call to setAccessible |
- isn't in doPriviledged, don't report private methods</li> |
- <li>LoadOfKnownNullValue.java: fix bug that was reporting |
- false positives on <code> finally </code> blocks |
- </li> |
- <li>CheckReturnAnnotationDatabase.java: better checks for |
- unstarted threads</li> |
- <li>ConfusionBetweenInheritedAndOuterMethod.java: fewer |
- false positives, fixed a package-handling bug</li> |
- <li>BadResultSetAccess.java: separate bug pattern for |
- PreparedStatements, <code> BRZA </code> category folded into <code> |
- SQL </code> category |
- </li> |
- <li>FindDeadLocalStores.java, FindBadCast2.java, |
- DumbMethods.java, RuntimeExceptionCapture.java: coalesce similar |
- bugs within a method into a single bug instance with multiple |
- source lines</li> |
- </ul> |
- </li> |
- <li>Eclipse plugin |
- <ul> |
- <li>plugin ID changed from <tt>de.tobject.findbugs</tt> to <tt>edu.umd.cs.findbugs.plugin.eclipse</tt> |
- </li> |
- <li>support for findbugs eclipse auto-update site</li> |
- </ul> |
- </li> |
- <li>Updated test case files |
- <ul> |
- <li>BadRegEx.java</li> |
- <li>JSR166.java</li> |
- <li>ConcurrentModificationBug.java</li> |
- <li>DeadStore.java</li> |
- <li>InstanceOf.java</li> |
- <li>LoadKnownNull.java</li> |
- <li>NeedsToCheckReturnValue.java</li> |
- <li>BadResultSetAccessTest.java</li> |
- <li>DeadStore.java</li> |
- <li>TestNonNull2.java</li> |
- <li>TestImmutable.java</li> |
- <li>TestGuardedBy.java</li> |
- <li>BadRandomInt.java</li> |
- <li>six test cases added to new <code> TigerTraps </code> |
- directory |
- </li> |
- </ul> |
- </li> |
- <li>fix bug that was generating duplicate uids</li> |
- <li>fix bug with <code> -onlyAnalyze some.package.* </code> on |
- jdk1.4 |
- </li> |
- <li>fix regression bug in |
- DismantleByteCode.getRefConstantOperand()</li> |
- <li>fix some minor bugs with the Swing GUI</li> |
- <li>reordered some bugInstances so that source line |
- annotations come last</li> |
- <li>removed references to unused java system properties</li> |
- <li>French translation updates (David Cotton)</li> |
- <li>Japanese translation updates (Hanai Shisei)</li> |
- <li>content cleanup for findbugs.xml and messages.xml</li> |
- <li>references to cvs hostname updated to |
- findbugs.cvs.sourceforge.net</li> |
- <li>documented xdoc output options, new |
- mineBugHistory/computeBugHistory options</li> |
- </ul> |
- |
- <p>Changes since version 0.9.6:</p> |
- |
- <ul> |
- <li>performance improvements</li> |
- <li>ObjectType instances are cached to reduce memory footprint |
- </li> |
- <li>for performance and memory reasons stateless detectors are |
- no longer cloned, must clear their own state between .class files |
- </li> |
- <li>fixed bug in bytecode-set lookup for methods (was causing |
- bad results for IS2, perhaps others)</li> |
- <li>fix some OpcodeStack bugs with integer and long |
- operations, perform iterative analysis when effort is <tt>max</tt> |
- </li> |
- <li>HTML output includes LongMessage text again (regression in |
- 0.95 - 0.96)</li> |
- <li>New detectors |
- <ul> |
- <li>CalledMethods.java: builds a list of invoked methods for |
- other detectors to consult (non-reporting)</li> |
- <li>UncallableMethodOfAnonymousClass.java: detect anonymous |
- inner classes that define methods that are probably intended to |
- but do not override methods in a superclass.</li> |
- </ul> |
- </li> |
- <li>Updated detectors |
- <ul> |
- <li>FindFieldSelfAssignment.java: recognize separate fields |
- with the same name (one from superclass)</li> |
- <li>FindLocalSelfAssignment2.java: handles backward branches |
- better (Dave Brosius)</li> |
- <li>FindBadCast2.java: BC_NULL_INSTANCEOF changed to |
- NP_NULL_INSTANCEOF</li> |
- <li>FindPuzzlers.java: eliminate false positive on setDate() |
- (Dave Brosius)</li> |
- </ul> |
- </li> |
- <li>Eclipse plugin |
- <ul> |
- <li>fix serious threading bug</li> |
- <li>preferences for Filters and effort (Peter Hendriks)</li> |
- <li>French localization (David Cotton)</li> |
- <li>fix bug when reporting inner classes (Peter Friese)</li> |
- </ul> |
- </li> |
- <li>Updated test case files |
- <ul> |
- <li>Mwn.java (Carl Burke/Dave Brosius)</li> |
- <li>DumbMethodInvocations.java (Anto paul/Dave Brosius)</li> |
- <!--sic--> |
- </ul> |
- </li> |
- <li>XML output includes garbage collection duration</li> |
- <li>French messages updated (David Cotton)</li> |
- <li>Swing GUI shows file name after Load Bugs command</li> |
- <li>Ant task to launch the findbugs frame (Mark McKay)</li> |
- <li>miscellaneous code cleanup</li> |
- </ul> |
- |
- <p>Changes since version 0.9.5:</p> |
- |
- <ul> |
- <li>Updated detectors |
- <ul> |
- <li>FindNullDeref.java: respect NonNull and CheckForNull |
- field annotations</li> |
- <li>SerializableIdiom.java: detect non-private readObject |
- and writeObject methods</li> |
- <li>FindRefComparison.java: smarter array comparison |
- detection</li> |
- <li>IsNullValueAnalysis.java: detect <tt>null |
- instanceof</tt> |
- </li> |
- <li>FindLocalSelfAssignment2.java: suppress some false |
- positives (Dave Brosius)</li> |
- <li>FindUnreleasedLock.java: don't waste time processing |
- classes that don't refer to java.util.concurrent.locks</li> |
- <li>MutableStaticFields.java: report the source line (Dave |
- Brosius)</li> |
- <li>SwitchFallthrough.java: better handling of System.exit() |
- (Dave Brosius)</li> |
- <li>MultithreadedInstanceAccess.java: better handling of |
- Servlet.init() (Dave Brosius)</li> |
- <li>ConfusionBetweenInheritedAndOuterMethod.java: now |
- enabled</li> |
- </ul> |
- </li> |
- <li>Eclipse plugin |
- <ul> |
- <li>background processing (Peter Friese)</li> |
- <li>internationalization, Japanese localization (Takashi |
- Okamoto)</li> |
- </ul> |
- </li> |
- <li>findbugs <tt>-onlyAnalyze</tt> option now works on windows |
- platforms |
- </li> |
- <li>mineBugHistory <tt>-noTabs</tt> option for better |
- alignment of output columns |
- </li> |
- <li>filterBugs <tt>-fixed</tt> option (also: will now |
- recognize the most recent version string) |
- </li> |
- <li>XML output includes running time and memory usage data</li> |
- <li>miscellaneous minor corrections to the manual</li> |
- <li>better bytecode analysis of the <tt>iinc</tt> instruction |
- </li> |
- <li>fix bug in null pointer analysis</li> |
- <li>improved catch block heuristics</li> |
- <li>some type analysis tweaks</li> |
- <li>Bug priority changes |
- <ul> |
- <li>DumbMethodInvocations.java: decrease priority of |
- hard-coded <tt>/tmp</tt> filenames |
- </li> |
- <li>ComparatorIdiom.java: decrease priority of |
- non-serializable anonymous comparators</li> |
- <li>FindSqlInjection.java: decrease priority of appending a |
- constant or a static</li> |
- </ul> |
- </li> |
- <li>Updated bug explanations |
- <ul> |
- <li>NM_VERY_CONFUSING (Dave Brosius)</li> |
- </ul> |
- </li> |
- <li>Updated test case files |
- <ul> |
- <li>BadStoreOfNonSerializableObject.java</li> |
- <li>BadRandomInt.java</li> |
- <li>TestFieldAnnotations.java</li> |
- <li>UseInitCause.java</li> |
- <li>SqlInjection.java</li> |
- <li>ArrayEquality.java</li> |
- <li>BadIntegerOperations.java</li> |
- <li>Pilhuhn.java</li> |
- <li>InstanceOf.java</li> |
- <li>SwitchFallthrough.java (Dave Brosius)</li> |
- </ul> |
- </li> |
- <li>fix URL decoding bug when running under Java Web Start |
- (Dave Brosius)</li> |
- <li>distribution includes <tt>project.xml</tt> file for |
- NetBeans |
- </li> |
- </ul> |
- |
- <p>Changes since version 0.9.4:</p> |
- <ul> |
- <li>New detectors |
- <ul> |
- <li>VarArgsProblems.java</li> |
- <li>FindSqlInjection.java: now enabled</li> |
- <li>ComparatorIdiom.java: comparators usually implement |
- serializable</li> |
- <li>Naming.java: detect methods not overridden due to |
- eponymously typed args from different packages</li> |
- </ul> |
- </li> |
- <li>Updated detectors |
- <ul> |
- <li>SwitchFallthrough.java: surpress some false positives</li> |
- <li>DuplicateBranches.java: surpress some false positives</li> |
- <li>IteratorIdioms.java: surpress some false positives</li> |
- <li>FindHEmismatch.java: surpress some false positives</li> |
- <li>QuestionableBooleanAssignment.java: finds more cases of |
- <tt>if (b=true)</tt> ilk |
- </li> |
- <li>DumbMethods.java: detect int remainder by 1, delayed gc |
- errors</li> |
- <li>SerializableIdiom.java: detect store of nonserializable |
- object into field of serializable class</li> |
- <li>FindNullDeref.java: fix potential exception</li> |
- <li>IsNullValue.java: fix potential exception</li> |
- <li>MultithreadedInstanceAccess.java: fix potential |
- exception</li> |
- <li>PreferZeroLengthArrays.java: flag the method, not the |
- line</li> |
- </ul> |
- </li> |
- <li>Remove some inadvertent dependencies on JDK 1.5</li> |
- <li>Sort order should be more consistent</li> |
- <li>XML output changes |
- <ul> |
- <li>Option to sort XML bug output</li> |
- <li>Now contains instance IDs</li> |
- <li>uid no longer missing (was causing problems with fancy |
- HTML output)</li> |
- <li>Typo fixed</li> |
- </ul> |
- </li> |
- <li>Internal changes to track source files, <tt>-sourceInfo</tt> |
- option |
- </li> |
- <li>Bug matching: first try exact bug pattern matching, option |
- to compare priorities, option to disable package moves</li> |
- <li>Architecture documentation in <tt>design/architecture</tt> |
- </li> |
- <li>Test cases move into their own CVS project</li> |
- <li>Don't report warnings that occur outside the analyzed |
- classes</li> |
- <li>Fixes to the build.xml files</li> |
- <li>Better handling of @CheckReturnValue and @CheckForNull |
- annotations (also, some additional methods searched for check |
- return value and check for null)</li> |
- <li>Fixed some stream-closing bugs (one by <tt>z-fb-user</tt>/Dave |
- Brosius) |
- </li> |
- <li>Bug priority changes |
- <ul> |
- <li>increase priority of ignoring return value of |
- java.sql.Connection methods</li> |
- <li>increase priority of comparing classes like Integer |
- using <tt>==</tt> |
- </li> |
- <li>decrease priority of IT_NO_SUCH_ELEMENT if we see any |
- call to <tt>next()</tt> |
- </li> |
- <li>tweak priority of NM_METHOD_CONSTRUCTOR_CONFUSION</li> |
- <li>decrease priority of RV_RETURN_VALUE_IGNORED for an |
- inherited annotation that doesn't return same type as class</li> |
- </ul> |
- </li> |
- <li>Updated bug explanations |
- <ul> |
- <li>RCN_REDUNDANT_NULLCHECK_WOULD_HAVE_BEEN_A_NPE</li> |
- <li>DP_CREATE_CLASSLOADER_INSIDE_DO_PRIVILEGED</li> |
- <li>IMA_INEFFICIENT_MEMBER_ACCESS (Dave Brosius)</li> |
- <li>some Japanese improvements to messages_ja.xml ( <tt>ruimo</tt>) |
- </li> |
- <li>some German improvements to findbugs_de.properties (Dave |
- Brosius, <tt>dvholten</tt>) |
- </li> |
- </ul> |
- </li> |
- <li>Updated test case files |
- <ul> |
- <li>BadIntegerOperations.java</li> |
- <li>SecondKaboom.java</li> |
- <li>OpenDatabase.java (Dave Brosius)</li> |
- <li>FindOpenStream.java (Dave Brosius)</li> |
- <li>BadRandomInt.java</li> |
- </ul> |
- </li> |
- <li>Source-lines info maintained for methods (handy for |
- abstract and native methods)</li> |
- <li>Remove surrounding opcodes from source line annotations</li> |
- <li>Better error when can't read file</li> |
- <li>Swing GUI: removed console pane from FindBugsFrame, fix |
- missing classes bug</li> |
- <li>Fixes to OpcodeStack.java</li> |
- <li>Detectors may attach a custom value to an OpcodeStack.Item |
- (Dave Brosius)</li> |
- <li>Filter.java: ability to add text messages to XML output, |
- fix bug with <tt>-withMessages</tt> |
- </li> |
- <li>SourceInfoMap supports ranges of source lines</li> |
- <li>Ant task supports the <tt>timestampNow</tt> attribute |
- </li> |
- </ul> |
- |
- <p>Changes since version 0.9.3:</p> |
- <ul> |
- <li>Substantial rework of datamining code</li> |
- <li>Removed bogus warnings about await on things other than |
- Condition not being in a loop</li> |
- <li>Fixed bug in OpcodeStack handling of dup2 of long/double |
- values</li> |
- <li>Don't report array types as missing classes</li> |
- <li>Adjustment of some warnings on ignored return values</li> |
- <li>Added thread safety annotations from Java Concurrency in |
- Practice (no detectors written for these yet)</li> |
- <li>Added annotation for methods that, if overridden, should |
- be invoked by overriding methods via a call to super</li> |
- <li>Updated -html:fancy.xsl (Etienne Giraudy)</li> |
- </ul> |
- |
- <p>Note: there was no version 0.9.2</p> |
- |
- <p>Changes since version 0.9.1:</p> |
- <ul> |
- <!-- New detectors --> |
- <li>Embellish USM to find abstract methods that implement an |
- interface method (Dave Brosius)</li> |
- <li>New detector to find stores of literal booleans inside if |
- or while expressions (Dave Brosius)</li> |
- <li>New style detector to find final classes that declare |
- protected fields (Dave Brosius)</li> |
- <li>New detector to find subclass methods that simply forward, |
- verbatim, to the super class (Dave Brosius)</li> |
- <li>Detector to find instances where code is attempting to |
- write an object out via an implementation of DataOutput, but the |
- object is not guaranteed to be Serializable (Jon Christiansen, |
- Bill Pugh)</li> |
- |
- <!-- Feature enhancements --> |
- <li>Large (35%) analysis speedup (Bill Pugh)</li> |
- <li>Add line numbers to Swing GUI code panel (Dave Brosius)</li> |
- <li>Added effort options to Swing GUI (Dave Brosius)</li> |
- <li>Add ability to specify bugs file to open from command line |
- for GUI version, through -loadbugs (Phillip Martin)</li> |
- <li>New stylesheet for generating HTML: use option <tt>-html:plain.xsl</tt> |
- (Chris Nappin) |
- </li> |
- <li>New stylesheet for generating HTML: use option <tt>-html:fancy.xsl</tt> |
- (Etienne Giraudy) |
- </li> |
- <li>Updated Japanese bug message translations (Shisei Hanai)</li> |
- |
- <!-- Bug fixes --> |
- <li>XHTML compliance fixes for bug details (Etienne Giraudy)</li> |
- <li>Various detector fixes (Shisei Hanai)</li> |
- <li>Fixed bugs in the project preferences dialog int the |
- Eclipse plugin (Takashi Okamoto, Thomas Einwaller)</li> |
- <li>Lowered priority of analysis thread in Swing GUI (David |
- Hovemeyer, suggested by Shisei Hanai and Jeffrey W. Badorek)</li> |
- <li>Fixed EclipsePlugin to correctly pick up auxclasspath |
- entries (Jon Christiansen)</li> |
- </ul> |
- |
- <p>Changes since version 0.9.0:</p> |
- <ul> |
- <li>Fixed dependence on JRE 1.5: all features should work on |
- JRE 1.4 again</li> |
- <li>Fixed -effort command line option handling for Swing GUI</li> |
- <li>Fixed conserveSpace and workHard attributes int Ant task</li> |
- <li>Added support for effort attribute in Ant task</li> |
- </ul> |
- |
- <p>Changes since version 0.8.8:</p> |
- <ul> |
- <!-- New detectors and bug patterns --> |
- <li>XMLFactoryBypass detector to find direct allocation of xml |
- class implementations (Dave Brosius)</li> |
- <li>InefficientMemberAccess detector to find accesses to |
- owning class private members (Dave Brosius)</li> |
- <li>DuplicateBranches detector checks switch statements too |
- (Dave Brosius)</li> |
- |
- <!-- Feature enhancements --> |
- <li>FindBugs available from findbugs.sourceforge.net as Java |
- Web Start application (Dave Brosius)</li> |
- <li>Updated Japanese bug message translations (Shisei Hanai)</li> |
- <li>Improved bug detail message for covariant equals() (Shisei |
- Hanai)</li> |
- <li>Modeling of instanceof checks is now enabled by default, |
- making the bad cast detector much more useful (Bill Pugh, David |
- Hovemeyer)</li> |
- <li>Support for detector ordering constraints in plugin |
- descriptor (David Hovemeyer)</li> |
- <li>Simpler option to control analysis effort: -effort: <i>value</i>, |
- where <i>value</i> is one of <code> min </code> , <code> |
- default </code> , or <code> max </code> (David Hovemeyer) |
- </li> |
- <li>Using -effort:max, FindNullDeref checks for null arguments |
- passed to methods which dereference them unconditionally (David |
- Hovemeyer)</li> |
- <li>FindNullDeref checks @Null and @NonNull annotations for |
- parameters and return values (David Hovemeyer)</li> |
- |
- <!-- Bug fixes --> |
- </ul> |
- |
- <p>Changes since version 0.8.7:</p> |
- |
- <ul> |
- <!-- New detectors and bug patterns --> |
- <li>New detector to find duplicate code in if/else statements |
- (Dave Brosius)</li> |
- <li>Look for calls to wait() on Condition objects (David |
- Hovemeyer)</li> |
- <li>Look for java.util.concurrent.Lock objects not released on |
- every path out of method (David Hovemeyer)</li> |
- <li>Look for calls to Thread.sleep() with a lock held (David |
- Hovemeyer)</li> |
- <li>More accurate detection of impossible casts (Bill Pugh, |
- David Hovemeyer)</li> |
- |
- <!-- Feature enhancements --> |
- <li>Saved XML now contains project statistics (Jay Dunning)</li> |
- <li>Filter files can select by bug pattern type and warning |
- priority (David Hovemeyer)</li> |
- |
- <!-- Bug fixes --> |
- <li>Restored some files inadvertently omitted from previous |
- release (Rohan Lloyd, David Hovemeyer)</li> |
- <li>Make sure detectors requiring JDK 1.5 runtime classes are |
- only executed if those classes are available (David Hovemeyer)</li> |
- <li>Don't display analysis error dialog unless there is really |
- an error (David Hovemeyer)</li> |
- <li>Updated and expanded French translations of bug patterns |
- and Swing GUI (Olivier Parent)</li> |
- <li>Fixed invalid character encoding in German Swing GUI |
- translation (Olivier Parent)</li> |
- <li>Fix locale used for date format in project stats (K. |
- Hashimoto)</li> |
- <li>Fixed LongDescription elements in xml:withMessages output |
- format (K. Hashimoto)</li> |
- </ul> |
- |
- <p>Changes since version 0.8.6:</p> |
- |
- <ul> |
- <!-- new detectors --> |
- <li>Extend Naming detector to look for classes that are named |
- XXXException but that are not Exceptions (Dave Brosius)</li> |
- <li>New detector to find classes that expose semaphores in the |
- public implementation through the 'this' reference. (Dave Brosius) |
- </li> |
- <li>New Style detector to find Struts Action/Servlet derived |
- classes that reference instance member variable not in |
- synchronized blocks. (Dave Brosius)</li> |
- <li>New Style detector to find classes that declare |
- implementation of interfaces that are already implemented by super |
- classes (Dave Brosius)</li> |
- <li>New Style detector to find circular dependencies between |
- classes (Dave Brosius)</li> |
- <li>New Style detector to find unnecessary math on constants |
- (Dave Brosius)</li> |
- <li>New detector to find equality comparisons using floating |
- point math (Jay Dunning)</li> |
- <li>New faster detector to find local self assignments (Bill |
- Pugh)</li> |
- <li>New detector to find infinite recursive loops (Bill Pugh) |
- </li> |
- <li>New detector to find for loops with an incorrect increment |
- (Bill Pugh)</li> |
- <li>New detector to find suspicious uses of |
- BufferedReader.readLine() and String.indexOf() (Bill Pugh)</li> |
- <li>New detector to find suspicious integer to double casts |
- (David Hovemeyer, Bill Pugh)</li> |
- <li>New detector to find invalid regular expression patterns |
- (Bill Pugh)</li> |
- <li>New detector to find Bloch/Gafter Java puzzlers (Bill |
- Pugh)</li> |
- |
- <!-- feature enhancements --> |
- <li>New system property to suppress reporting of DLS based on |
- local variable name (Glenn Boysko)</li> |
- <li>Enhancements to configuration dialog in Eclipse plugin, |
- allow for saving enabled detectors in Eclipse projects (Phil |
- Crosby)</li> |
- <li>Sortable columns in detector dialog (Dave Brosius)</li> |
- <li>New tab in gui for showing bugs grouped by category (Dave |
- Brosius)</li> |
- <li>Improved German translation of Swing GUI (Thomas Kuehne)</li> |
- <li>Improved source file reporting in Emacs output format (Len |
- Trigg)</li> |
- <li>Improvements to redundant null comparison detector (Bill |
- Pugh)</li> |
- <li>Localization of run analysis and analysis error dialogs in |
- Swing GUI (K. Hashimoto)</li> |
- |
- <!-- Bug fixes --> |
- <li>Don't scan equals methods in FindHEMismatch if code is |
- native (Greg Bentz)</li> |
- <li>French translation fixes (David Cotton)</li> |
- <li>Internationalization report fixes (K. Hashimoto)</li> |
- <li>Japanese translations updates (SHISEI Hanai)</li> |
- </ul> |
- |
- <p>Changes since version 0.8.5:</p> |
- <ul> |
- <!-- new detectors --> |
- <li>New detector to find catch blocks that may inadvertently |
- catch runtime exceptions (Brian Goetz)</li> |
- <li>New detector to find objects that are instantiated based |
- on classes that only have static methods and fields, using the |
- synthesized constructor (Dave Brosius)</li> |
- <li>New detector to find calls to Thread.interrupted() in a |
- non static context, and especially with non currentThread() |
- threads (Dave Brosius)</li> |
- <li>New detector to find calls to equals() methods that use |
- Object's version. (Dave Brosius)</li> |
- <li>New detector to find Applets that call methods in the |
- constructor refering to the AppletStub (Dave Brosius)</li> |
- <li>New detector to find some cases of infinite recursion |
- (Bill Pugh)</li> |
- <li>New detector to find dead stores to local variables (David |
- Hovemeyer, Bill Pugh)</li> |
- <li>Extend Dumb Method detector for toUpperCase(), |
- toLowerCase() without a locale, new Integer(1).toString(), new |
- XXX().getClass(), and new Thread() without a run implementation |
- (Dave Brosius) <!-- feature enhancements --> |
- </li> |
- <li>Ant task supports "errorProperty" attribute, which sets an |
- Ant property to "true" if an error occurs running FindBugs |
- (Michael Tamm)</li> |
- <li>Eclipse plugin allows filtering of warnings by bug |
- category, priority (David Hovemeyer)</li> |
- <li>Swing GUI allows filtering of warnings by bug category |
- (David Hovemeyer)</li> |
- <li>Ability to annotate methods using Java 1.5 annotations |
- that suppress FindBugs warnings (Bill Pugh)</li> |
- <li>New -adjustExperimental for lowering priority of |
- BugPatterns that are experimental (Dave Brosius)</li> |
- <li>Allow for command line options 'files' using the @ symbol |
- (David Hovemeyer)</li> |
- <li>New -adjustPriority command line option to for adjusting |
- bug priorites (David Hovemeyer)</li> |
- <li>Added an Edit menu (cut/copy/paste) to Swing GUI (Dave |
- Brosius)</li> |
- <li>French translation supplied (David Cotton) <!-- Bug fixes --> |
- </li> |
- </ul> |
- |
- <p>Changes since version 0.8.4:</p> |
- <ul> |
- <!-- new detectors --> |
- <li>New detector for volatile references to arrays (Bill Pugh) |
- </li> |
- <li>New detector to find instanceof usage where inheritance |
- can be determined statically (Dave Brosius)</li> |
- <li>New detector to find ResultSet.getXXX updateXXX calls |
- using index 0 (Dave Brosius)</li> |
- <li>New detector to find empty zip or jar entries (Bill Pugh) |
- |
- <!-- feature enhancements --> |
- </li> |
- <li>HTML output generation using built-in XSLT stylesheet or |
- user-defined stylesheet (David Hovemeyer)</li> |
- <li>Allow URLs to be specified to analyze zip/jar files, local |
- directories, and single classfiles (David Hovemeyer)</li> |
- <li>New command line option -onlyAnalyze restricts analysis to |
- selected classes and packages without reducing accuracy (David |
- Hovemeyer)</li> |
- <li>Allow Swing GUI to show source code in jar files on |
- Windows systems (Dave Brosius) <!-- Bug fixes --> |
- </li> |
- <li>Fix the Switch Fall Thru detector (Dave Brosius, David |
- Hovemeyer, Bill Pugh)</li> |
- <li>MacOS GUI fixes (Rohan Lloyd)</li> |
- <li>Fix false positive in BOA in case where method is |
- correctly and 'incorrectly' overridden (Dave Brosius)</li> |
- <li>Fixed memory blowup when analyzing methods which access a |
- large number of fields (David Hovemeyer)</li> |
- </ul> |
- |
- <p>Changes since version 0.8.3:</p> |
- <ul> |
- <li>Initial and preliminary localization of the Swing |
- GUI. Translations by: |
- <ul> |
- <li>German - Peter D. Stout, Holger Stenzhorn</li> |
- <li>Finnish - Juha Knuutila</li> |
- <li>Estonian - Tanel Lebedev</li> |
- <li>Japanese - Hanai Shisei</li> |
- </ul> |
- </li> |
- <li>Eliminated debug print statements inadvertently left |
- enabled</li> |
- <li>Reverted some changes in the open stream detector: this |
- should fix some false positives that were introduced in the |
- previous release</li> |
- <li>Fixed a couple missing class reports</li> |
- </ul> |
- |
- <p>Changes since version 0.8.2:</p> |
- <ul> |
- |
- <!-- New detectors --> |
- <li>New detector to find improperly overridden GUI Adapter |
- classes (Dave Brosius)</li> |
- <li>New detector to find improperly setup JUnit TestCases |
- (Dave Brosius)</li> |
- <li>New detector to find variables that mask class level |
- fields (Dave Brosius)</li> |
- <li>New detector to find comparisons of values computed with |
- bitwise operators that always yield the same result (Tom Truscott) |
- </li> |
- <li>New detector to find unsafe getClass().getResource() calls |
- (Bill Pugh)</li> |
- <li>New detector to find GUI changes not in GUI thread but in |
- static main (Bill Pugh)</li> |
- <li>New detector to find calls to Collection.toArray() with |
- zero-length array argument; it is more efficient to pass an array |
- the size of the collection, which can be populated and returned as |
- the result (Dave Brosius) <!-- Analysis improvements --> |
- </li> |
- <li>Better suppression of false warnings in various detectors |
- (Bill Pugh, David Hovemeyer)</li> |
- <li>Enhancement to ReadReturnShouldBeChecked detector for |
- skip() (Dave Brosius)</li> |
- <li>Enhancement to DumbMethods detector (Dave Brosius)</li> |
- <li>Open stream detector does not report wrappers of streams |
- passed as method parameters (David Hovemeyer) <!-- Feature enhancements --> |
- </li> |
- <li>Cancel confirmation dialog in Swing GUI (Pete Angstadt)</li> |
- <li>Better relative path saving in Project file (Dave Brosius) |
- </li> |
- <li>Detector Priority in GUI is now saved in prefs file (Dave |
- Brosius)</li> |
- <li>Controls in GUI to reorder source and classpath entries, |
- and ability to flip between Project details and bugs pages (Dave |
- Brosius)</li> |
- <li>In Swing GUI, analysis error dialog supports "Select All" |
- and "Copy" operations for easy generation of error reports (Dave |
- Brosius)</li> |
- <li>Complete translation of bug descriptions and messages into |
- Japanese (Hanai Shisei) <!-- Bug fixes --> |
- </li> |
- <li>Fixed bug in DroppedException detector (Dave Brosius) <!-- Development stuff --> |
- </li> |
- <li>The source distribution defaults to using JDK 1.5 javac to |
- compile, but support for compiling with JSR-14 prototype is still |
- supported</li> |
- </ul> |
- |
- <p>Changes since version 0.8.1:</p> |
- <ul> |
- <li>Fixed a critical ClassCastException bug (triggered if the |
- -workHard option was used, and an exception type was merged with |
- an array type during type inference)</li> |
- </ul> |
- |
- <p>Changes since version 0.8.0:</p> |
- <ul> |
- <li>Disabled SwitchFallthrough detector to work around |
- NullPointerExceptions</li> |
- <li>Added some additional false positive suppression |
- heuristics</li> |
- </ul> |
- |
- <p>Also, two contributors to the 0.8.0 release were |
- inadvertently left out of the credits:</p> |
- <ul> |
- <li>Pete Angstadt fixed several problems in the Swing GUI</li> |
- <li>Francis Lalonde provided a task resource file for the |
- FindBugs Ant task</li> |
- </ul> |
- |
- <p>Changes since version 0.7.4:</p> |
- <ul> |
- <li>New detector to look for uses of "+" operator to |
- concatenate String objects in a loop (Dave Brosius)</li> |
- <li>Reference comparison detector looks for places where the |
- argument passed to the equals(Object) method isn't the same type |
- as the receiver object</li> |
- <li>Better suppression of false warnings in many detectors</li> |
- <li>Many improvements to Eclipse plugin (Andrey Loskutov, |
- Peter Friese)</li> |
- <li>Fixed problem with building Eclipse plugin on Windows |
- (Thomas Klaeger)</li> |
- <li>Open stream detector looks for unclosed PreparedStatement |
- objects (Thomas Klaeger, Rohan Lloyd)</li> |
- <li>Fix for open stream detector: it wasn't detecting close() |
- methods called through an invokeinterface instruction (Thomas |
- Klaeger)</li> |
- <li>Refactoring of visitor classes to enforce use of accessors |
- for visited class features (Brian Goetz)</li> |
- </ul> |
- |
- <p>Changes since version 0.7.3:</p> |
- <ul> |
- <li>Experimental modification of open stream detector to look |
- for non-escaping JDBC resources (connections and statements) that |
- aren't closed on all paths out of method</li> |
- <li>Eclipse plugin fixed so it compiles and runs on Eclipse |
- 2.1.x (Peter Friese)</li> |
- <li>Option to Swing GUI and command line to generate project |
- file using relative paths for archives, source directories, and |
- aux classpath entries (Dave Brosius)</li> |
- <li>Improvements to findbugs.bat script for launching FindBugs |
- on Windows (Dave Brosius)</li> |
- <li>Updated Japanese message translations (Hiroshi Okugawa)</li> |
- <li>Uncalled private methods are now reported as low priority, |
- unless they have the same name as another method in the class |
- (which is more likely to indicate an actual bug)</li> |
- <li>Added some missing data in the bug messages XML files</li> |
- <li>Fixed some problems building from source on Windows |
- systems</li> |
- <li>Various minor bug fixes</li> |
- </ul> |
- |
- <p>Changes since version 0.7.2:</p> |
- <ul> |
- <li>Enhanced Eclipse plugin, which displays the detailed bug |
- description in a view (Phil Crosby)</li> |
- <li>Various tweaks to existing detectors to reduce false |
- warnings</li> |
- <li>New command line option <code> -workHard </code> enables |
- pruning of infeasible or unlikely exception edges, which results |
- in better accuracy in the open stream detector, at the expense of |
- a 30%-100% slowdown |
- </li> |
- <li>New website and HTML documentation design</li> |
- <li>Documentation includes an HTML document with descriptions |
- of all bug patterns reported by FindBugs</li> |
- <li>Web page has a link to a <a |
- href="http://www.simeji.com/findbugs/doc/manual_ja/index.html">Japanese |
- translation</a> of the FindBugs manual, contributed by Hiroshi |
- Okugawa |
- </li> |
- <li>Changed the Inconsistent Synchronization detector so that |
- fields synchronized 50% of the time (or more) are reported as |
- medium priority bugs (previously they were reported as low)</li> |
- <li>New detector to find code that catches |
- IllegalMonitorStateException</li> |
- <li>New detector to find private methods that are never called |
- </li> |
- <li>New detector to find suspicious uses of |
- non-short-circuiting boolean operators ( <code> & </code> and |
- <code> | </code> , rather than <code> && </code> and <code> |
- || </code> ) |
- </li> |
- </ul> |
- |
- <p>Changes since version 0.7.1:</p> |
- <ul> |
- <li>Incorporated patched version of BCEL, which allows classes |
- compiled with JDK 1.5.0 beta to be analyzed</li> |
- <li>Fixed some bugs related to lookups of array classes</li> |
- <li>Fixed bug that prevented GUI from loading XML result files |
- when running under JDK 1.5.0 beta</li> |
- <li>Added new experimental bug detector, LazyInit, which looks |
- for potentially buggy lazy initializations of static fields</li> |
- <li>Because of long filenames, switched to distributing the |
- source archive as a zip file rather than a tar file</li> |
- <li>The 0.7.1 source tarfile was botched - 0.7.2 has a valid |
- source archive</li> |
- <li>Fixed some problems in the Ant build script</li> |
- <li>Fixed NullPointerException when checking Class-Path |
- attribute for Jar files without manifests</li> |
- <li>Generate version numbers for the core and UI Eclipse |
- plugins using the Version class; all version numbers are now in a |
- common location</li> |
- </ul> |
- |
- <p>Changes since version 0.7.0:</p> |
- <ul> |
- <li>Eclipse plugin (contributed by Peter Friese)</li> |
- <li>Source package structure rearranged: all source (other |
- than Eclipse plugin UI) is in the edu.umd.cs.findbugs package, or |
- a subpackage</li> |
- <li>Class-Path attributes of manifests of analyzed jar files |
- are used to set the aux classpath automatically (Peter D. Stout)</li> |
- <li>GUI starts in directory specified by user.home property |
- (Peter D. Stout)</li> |
- <li>Added -project option to GUI (Mikko T.)</li> |
- <li>Added -look:{plastic,gtk,native} option to GUI, for |
- setting look and feel (Mikko T.)</li> |
- <li>Fixed DataflowAnalysisException in inconsistent |
- synchronization detector</li> |
- <li>Ant task supports failOnError parameter (Rohan Lloyd)</li> |
- <li>Serializable class warnings are downgraded to low priority |
- for GUI classes</li> |
- <li>MWN detector will only report calls to wait(), notify(), |
- and notifyAll() methods that have the correct signature</li> |
- <li>FindBugs works with latest CVS version of BCEL</li> |
- <li>Zip and Jar files may be added to the source path</li> |
- <li>The GUI will automatically find source files residing in |
- analyzed Zip or Jar files</li> |
- </ul> |
- |
- <p>Note that the version number jumped from 0.6.6 to 0.6.9; |
- there were no 0.6.7 or 0.6.8 releases.</p> |
- <p>Changes since version 0.6.9:</p> |
- <ul> |
- <li>Added -conserveSpace option to reduce memory use at the |
- expense of analysis precision</li> |
- <li>Bug fixes in findbugs.bat script: JAVA_HOME handling, |
- autodetection of FINDBUGS_HOME, missing output with -textui</li> |
- <li>Fixed NullPointerException when a missing class is |
- encountered</li> |
- </ul> |
- |
- <p>Changes since version 0.6.6:</p> |
- <ul> |
- <li>The null pointer dereference detector is more powerful</li> |
- <li>Significantly improved heuristics and bug fixes in |
- inconsistent synchronization detector</li> |
- <li>Improved heuristics in open stream and dropped exception |
- detectors; fewer false positives should be reported</li> |
- <li>Save HTML summary in XML results files, rather than |
- recomputing; this makes loading results in GUI much faster</li> |
- <li>Report at most one String comparison using == or != per |
- method</li> |
- <li>The findbugs.bat script on Windows autodetects |
- FINDBUGS_HOME, and doesn't open a DOS window when launching the |
- GUI (contributed by TJSB)</li> |
- <li>Emacs reporting format (contributed by David Li)</li> |
- <li>Various bug fixes</li> |
- </ul> |
- |
- <p>Changes since 0.6.5:</p> |
- <ul> |
- <li>Rewritten inconsistent synchronization detector; accuracy |
- is significantly improved, and bug reports are prioritized</li> |
- <li>New detector to find self assignment (x=x) of local |
- variables (suggested by Jeff Martin)</li> |
- <li>New detector to find calls to wait(), notify(), and |
- notifyAll() on an object which is not obviously locked</li> |
- <li>Open stream detector now reports Readers and Writers</li> |
- <li>Fixed bug in finalizer idioms detector which caused |
- spurious warnings about failure to call super.finalize() (reported |
- by Jim Menard)</li> |
- <li>Fixed bug where output stream was not closed using non-XML |
- output (reported by Sigiswald Madou)</li> |
- <li>Fixed corrupted HTML bug detail message (reported by |
- Trevor Harmon)</li> |
- </ul> |
- |
- <p>Changes since version 0.6.4:</p> |
- <ul> |
- <li>For redundant comparison of reference values, fixed false |
- positives resulting from duplication of code in finally blocks</li> |
- <li>Fixed false positives resulting from wrapped byte array |
- streams left open</li> |
- <li>Fixed bug in Ant task preventing output file from working |
- properly if a relative path was used</li> |
- </ul> |
- |
- <p>Changes since version 0.6.3:</p> |
- <ul> |
- <li>Fixed bug in Ant task where output would be corrupted, and |
- added a <code> timeout </code> attribute |
- </li> |
- <li>Added -outputFile option to text UI, for explicitly |
- specifying an output file</li> |
- <li>GUI has a summary window, for statistics about overall bug |
- densities (contributed by Mike Fagan)</li> |
- <li>Find redundant comparisons of reference values</li> |
- <li>More accurate detection of Strings compared with == and != |
- operators</li> |
- <li>Detection of other reference types which should generally |
- not be compared with == and != operators; Boolean, Integer, etc.</li> |
- <li>Find non-transient non-serializable instance fields in |
- Serializable classes</li> |
- <li>Source code may be compiled with latest early access |
- generics-enabled javac (version 2.2)</li> |
- </ul> |
- |
- <p>Changes since version 0.6.2:</p> |
- <ul> |
- <li>GUI supports filtering bugs by priority</li> |
- <li>Ant task rewritten; supports all functionality offered by |
- Text UI (contributed by Mike Fagan)</li> |
- <li>Ant task is fully documented in the manual</li> |
- <li>Classes in nested archives are analyzed; this allows full |
- support for analyzing .ear and .war files (contributed by Mike |
- Fagan)</li> |
- <li>DepthFirstSearch changed to use non-recursive |
- implementation; this should fix the StackOverflowErrors that |
- several users reported</li> |
- <li>Various minor bugfixes and improvements</li> |
- </ul> |
- |
- <p>Changes since version 0.6.1:</p> |
- <ul> |
- <li>New detector to look for useless control flow (suggested |
- by Richard P. King and Mike Fagan)</li> |
- <li>Look for places where return value of |
- java.io.File.createNewFile() is ignored (suggested by Richard P. |
- King)</li> |
- <li>Fixed bug in resolution of source files (only the first |
- source directory was searched)</li> |
- <li>Fixed a NullPointerException in the bytecode pattern |
- matching code</li> |
- <li>Ant task supports project files (contributed by Mike |
- Fagan)</li> |
- <li>Unix findbugs script honors the <code> JAVA_HOME </code> |
- environment variable (contributed by Pedro Morais) |
- </li> |
- <li>Allow .war and .ear files to be analyzed</li> |
- </ul> |
- |
- <p>Changes since version 0.6.0:</p> |
- <ul> |
- <li>New bug pattern detector which looks for places where a |
- null pointer might be dereferenced</li> |
- <li>New bug pattern detector which looks for IO streams that |
- are opened, do not escape the method, and are not closed on all |
- paths out of the method</li> |
- <li>New bug pattern detector to find methods that can return |
- null instead of a zero-length array</li> |
- <li>New bug pattern detector to find places where the == or != |
- operators are used to compare String objects</li> |
- <li>Command line interface can save bugs as XML</li> |
- <li>GUI can save bugs to and load bugs from XML</li> |
- <li>An "Annotations" window in the GUI allows the user to add |
- textual annotations to bug reports; these annotations are |
- preserved when bugs are saved as XML</li> |
- <li>In this release, the Japanese bug summary translations by |
- Germano Leichsenring are really included (they were inadvertently |
- omitted in the previous release)</li> |
- <li>Completely rewrote the control flow graph builder, |
- hopefully for the last time</li> |
- <li>Simplified implementation of control flow graphs, which |
- should reduce memory use and possibly improve performance</li> |
- <li>Improvements to command line interface (list bug |
- priorities, filter by priority, specify aux classpath, specify |
- project to analyze)</li> |
- <li>Various bug fixes and enhancements</li> |
- </ul> |
- |
- <p>Changes since version 0.5.4</p> |
- <ul> |
- <li>Added an <a href="http://ant.apache.org/">Ant</a> task for |
- FindBugs, contributed by Mike Fagan. |
- </li> |
- <li>Added a GUI dialog which allows individual bug pattern |
- detectors to be enabled or disabled. Disabling certain slow |
- detectors can greatly speed up analysis of large programs, at the |
- expense of reducing the number of potential bugs found.</li> |
- <li>Added a new detector for finding improperly ignored return |
- values for methods such as <code> String.trim() </code> . |
- Suggested by Andreas Mandel. |
- </li> |
- <li>Japanese translations of the bug summaries, contributed by |
- Germano Leichsenring.</li> |
- <li>Filtering of results is supported in command line |
- interface. See the <a href="manual/index.html">FindBugs manual</a> |
- for details. |
- </li> |
- <li>Added "byte code patterns", a general pattern matching |
- infrastructure for bytecode instructions. This feature |
- significantly reduces the complexity of implementing new bug |
- pattern detectors.</li> |
- <li>Enabled a new general dataflow analysis to track values in |
- methods.</li> |
- <li>Switched to new control-flow graph builder implementation. |
- </li> |
- </ul> |
- |
- <p>Changes since version 0.5.3</p> |
- <ul> |
- <li>Fixed a bug in the script used to launch FindBugs on |
- Windows platforms.</li> |
- <li>Fixed crashes when analyzing class files without source |
- line information.</li> |
- <li>All major errors are reported using an error dialog; file |
- not found errors are more informative.</li> |
- <li>Minor GUI improvements.</li> |
- </ul> |
- |
- <p>Changes since version 0.5.2</p> |
- <ul> |
- <li>All of the source code and related files are in a single |
- directory tree.</li> |
- <li>Updated some of the detectors to produce source line |
- information.</li> |
- <li><a href="http://ant.apache.org/">Ant</a> build script and |
- several GUI enhancements and fixes contributed by Mike Fagan.</li> |
- <li>Converted to use a <a href="AddingDetectors.txt">plugin |
- architecture</a> for loading bug detectors. |
- </li> |
- <li>Eliminated generics-related compiler warnings.</li> |
- <li>More complete documentation has been added.</li> |
- </ul> |
- |
- <p>Changes since version 0.5.1:</p> |
- <ul> |
- <li>Fixed a large number of bugs in the BCEL Repository and |
- FindBugs's use of the Repository. With these changes, |
- FindBugs should <em>never</em> crash or otherwise misbehave |
- because of Repository lookup failures. Because of these |
- changes, you must use a modified version of <code> bcel.jar |
- </code> with FindBugs. This jar file is included in the FindBugs |
- 0.5.2 binary release. A complete patch containing the <a |
- href="http://faculty.ycp.edu/~dhovemey/bcel-30-April-2003.patch">modifications |
- against the BCEL CVS main branch as of April 30, 2003</a> is also |
- available. |
- </li> |
- <li>Implemented the "auxiliary classpath entry list". |
- Aux classpath entries can be added to a project to provide classes |
- that are referenced by the analyzed application, but should not |
- themselves be analyzed. Having all referenced classes |
- available allows FindBugs to produce more accurate results.</li> |
- </ul> |
- |
- <p>Changes since version 0.5.0:</p> |
- <ul> |
- <li>Many user interface bugs have been fixed.</li> |
- <li>Upgraded to a recent CVS version of BCEL, with some bug |
- fixes. This should prevent FindBugs from crashing when there |
- is a failure to find a class on the classpath.</li> |
- <li>Added support for Plastic look and feel from <a |
- href="http://www.jgoodies.com/">jgoodies.com</a>. |
- </li> |
- <li>Major overhaul of infrastructure for doing dataflow |
- analysis.</li> |
- </ul> |
+ </li> |
+ <li>Added check for a dead local store caused by a switch |
+ statement fall through</li> |
+ <li>Added check for computing the absolute value of a random |
+ 32 bit integer or of a hashcode. This is broken because <code> |
+ Math.abs(Integer.MIN_VALUE) == Integer.MIN_VALUE </code> , and thus |
+ result of calling Math.abs, which is expected to be nonnegative, |
+ will in fact be negative one time out of 2 <sup> 32 </sup> , which |
+ will invariably be the time your boss is demoing the software to |
+ your customers. |
+ |
+ </li> |
+ <li>More careful resolution of inherited methods and fields. |
+ Some of the shortcuts we were taking in FindBugs 1.0.0 were |
+ leading to inaccurate results, and it was fairly easy to address |
+ this by making the analysis more accurate.</li> |
+ <li>Overall, analysis times are about 1.6 times longer in |
+ FindBugs 1.1.0 than in FindBugs 1.0.0. This is because we have |
+ enabled substantial additional analysis at the default effort |
+ level (the actual analysis engine is significantly faster than in |
+ FindBugs 1.0). On a recent AMD Athlon processor, analyzing |
+ JDK1.6.0 (about 1 million lines of code) requires about 15 minutes |
+ of wall clock time.</li> |
+ <li>Provided class and script (printClass) to print classfile |
+ in the human readable format produced by BCEL</li> |
+ <li>Provided -findSource option to setBugDatabaseInfo</li> |
+ </ul> |
+ |
+ |
+ <p>Changes since version 0.9.7:</p> |
+ |
+ <ul> |
+ <li>fix ObjectTypeFactory bug that was suppressing some bugs</li> |
+ <li>opcode stack may determine definite zeros on some paths</li> |
+ <li>opcode stack can track some constant string concatenations |
+ (dbrosius)</li> |
+ <li>default effort performs iterative opcode analysis (but min |
+ effort does not)</li> |
+ <li>default heap size upped to 384m</li> |
+ <li>schema for XML output available: bugcollection.xsd</li> |
+ <li>fixed some internal confusion between dotted and slashed |
+ class names</li> |
+ <li>New detectors |
+ <ul> |
+ <li>CheckImmutableAnnotation.java: checks JCIP annotations</li> |
+ </ul> |
+ </li> |
+ <li>Updated detectors |
+ <ul> |
+ <li>BadRegEx.java: understands Pattern.LITERAL, warns about |
+ "."</li> |
+ <li>FindUnreleasedLock.java: fewer false positives</li> |
+ <li>DumbMethods.java: check for vacuous comparisons to |
+ MAX_INTEGER or MIN_INTEGER, fix bugs detecting |
+ DM_NEXTINT_VIA_NEXTDOUBLE</li> |
+ <li>FindPuzzlers.java: detect <tt>n%2==1</tt>, detect |
+ toString() on array types |
+ </li> |
+ <li>FindInconsistentSync2.java: detects IS_FIELD_NOT_GUARDED |
+ </li> |
+ <li>MethodReturnCheck.java: add check for discarded newly |
+ constructed values, increase priority of some ignored |
+ constructed exceptions, better handling of bytecode compiled by |
+ Eclipse</li> |
+ <li>FindEmptySynchronizedBlock.java: better handling of |
+ bytecode compiled by Eclipse</li> |
+ <li>DoInsideDoPrivileged.java: warn if call to setAccessible |
+ isn't in doPriviledged, don't report private methods</li> |
+ <li>LoadOfKnownNullValue.java: fix bug that was reporting |
+ false positives on <code> finally </code> blocks |
+ </li> |
+ <li>CheckReturnAnnotationDatabase.java: better checks for |
+ unstarted threads</li> |
+ <li>ConfusionBetweenInheritedAndOuterMethod.java: fewer |
+ false positives, fixed a package-handling bug</li> |
+ <li>BadResultSetAccess.java: separate bug pattern for |
+ PreparedStatements, <code> BRZA </code> category folded into <code> |
+ SQL </code> category |
+ </li> |
+ <li>FindDeadLocalStores.java, FindBadCast2.java, |
+ DumbMethods.java, RuntimeExceptionCapture.java: coalesce similar |
+ bugs within a method into a single bug instance with multiple |
+ source lines</li> |
+ </ul> |
+ </li> |
+ <li>Eclipse plugin |
+ <ul> |
+ <li>plugin ID changed from <tt>de.tobject.findbugs</tt> to <tt>edu.umd.cs.findbugs.plugin.eclipse</tt> |
+ </li> |
+ <li>support for findbugs eclipse auto-update site</li> |
+ </ul> |
+ </li> |
+ <li>Updated test case files |
+ <ul> |
+ <li>BadRegEx.java</li> |
+ <li>JSR166.java</li> |
+ <li>ConcurrentModificationBug.java</li> |
+ <li>DeadStore.java</li> |
+ <li>InstanceOf.java</li> |
+ <li>LoadKnownNull.java</li> |
+ <li>NeedsToCheckReturnValue.java</li> |
+ <li>BadResultSetAccessTest.java</li> |
+ <li>DeadStore.java</li> |
+ <li>TestNonNull2.java</li> |
+ <li>TestImmutable.java</li> |
+ <li>TestGuardedBy.java</li> |
+ <li>BadRandomInt.java</li> |
+ <li>six test cases added to new <code> TigerTraps </code> |
+ directory |
+ </li> |
+ </ul> |
+ </li> |
+ <li>fix bug that was generating duplicate uids</li> |
+ <li>fix bug with <code> -onlyAnalyze some.package.* </code> on |
+ jdk1.4 |
+ </li> |
+ <li>fix regression bug in |
+ DismantleByteCode.getRefConstantOperand()</li> |
+ <li>fix some minor bugs with the Swing GUI</li> |
+ <li>reordered some bugInstances so that source line |
+ annotations come last</li> |
+ <li>removed references to unused java system properties</li> |
+ <li>French translation updates (David Cotton)</li> |
+ <li>Japanese translation updates (Hanai Shisei)</li> |
+ <li>content cleanup for findbugs.xml and messages.xml</li> |
+ <li>references to cvs hostname updated to |
+ findbugs.cvs.sourceforge.net</li> |
+ <li>documented xdoc output options, new |
+ mineBugHistory/computeBugHistory options</li> |
+ </ul> |
+ |
+ <p>Changes since version 0.9.6:</p> |
+ |
+ <ul> |
+ <li>performance improvements</li> |
+ <li>ObjectType instances are cached to reduce memory footprint |
+ </li> |
+ <li>for performance and memory reasons stateless detectors are |
+ no longer cloned, must clear their own state between .class files |
+ </li> |
+ <li>fixed bug in bytecode-set lookup for methods (was causing |
+ bad results for IS2, perhaps others)</li> |
+ <li>fix some OpcodeStack bugs with integer and long |
+ operations, perform iterative analysis when effort is <tt>max</tt> |
+ </li> |
+ <li>HTML output includes LongMessage text again (regression in |
+ 0.95 - 0.96)</li> |
+ <li>New detectors |
+ <ul> |
+ <li>CalledMethods.java: builds a list of invoked methods for |
+ other detectors to consult (non-reporting)</li> |
+ <li>UncallableMethodOfAnonymousClass.java: detect anonymous |
+ inner classes that define methods that are probably intended to |
+ but do not override methods in a superclass.</li> |
+ </ul> |
+ </li> |
+ <li>Updated detectors |
+ <ul> |
+ <li>FindFieldSelfAssignment.java: recognize separate fields |
+ with the same name (one from superclass)</li> |
+ <li>FindLocalSelfAssignment2.java: handles backward branches |
+ better (Dave Brosius)</li> |
+ <li>FindBadCast2.java: BC_NULL_INSTANCEOF changed to |
+ NP_NULL_INSTANCEOF</li> |
+ <li>FindPuzzlers.java: eliminate false positive on setDate() |
+ (Dave Brosius)</li> |
+ </ul> |
+ </li> |
+ <li>Eclipse plugin |
+ <ul> |
+ <li>fix serious threading bug</li> |
+ <li>preferences for Filters and effort (Peter Hendriks)</li> |
+ <li>French localization (David Cotton)</li> |
+ <li>fix bug when reporting inner classes (Peter Friese)</li> |
+ </ul> |
+ </li> |
+ <li>Updated test case files |
+ <ul> |
+ <li>Mwn.java (Carl Burke/Dave Brosius)</li> |
+ <li>DumbMethodInvocations.java (Anto paul/Dave Brosius)</li> |
+ <!--sic--> |
+ </ul> |
+ </li> |
+ <li>XML output includes garbage collection duration</li> |
+ <li>French messages updated (David Cotton)</li> |
+ <li>Swing GUI shows file name after Load Bugs command</li> |
+ <li>Ant task to launch the findbugs frame (Mark McKay)</li> |
+ <li>miscellaneous code cleanup</li> |
+ </ul> |
+ |
+ <p>Changes since version 0.9.5:</p> |
+ |
+ <ul> |
+ <li>Updated detectors |
+ <ul> |
+ <li>FindNullDeref.java: respect NonNull and CheckForNull |
+ field annotations</li> |
+ <li>SerializableIdiom.java: detect non-private readObject |
+ and writeObject methods</li> |
+ <li>FindRefComparison.java: smarter array comparison |
+ detection</li> |
+ <li>IsNullValueAnalysis.java: detect <tt>null |
+ instanceof</tt> |
+ </li> |
+ <li>FindLocalSelfAssignment2.java: suppress some false |
+ positives (Dave Brosius)</li> |
+ <li>FindUnreleasedLock.java: don't waste time processing |
+ classes that don't refer to java.util.concurrent.locks</li> |
+ <li>MutableStaticFields.java: report the source line (Dave |
+ Brosius)</li> |
+ <li>SwitchFallthrough.java: better handling of System.exit() |
+ (Dave Brosius)</li> |
+ <li>MultithreadedInstanceAccess.java: better handling of |
+ Servlet.init() (Dave Brosius)</li> |
+ <li>ConfusionBetweenInheritedAndOuterMethod.java: now |
+ enabled</li> |
+ </ul> |
+ </li> |
+ <li>Eclipse plugin |
+ <ul> |
+ <li>background processing (Peter Friese)</li> |
+ <li>internationalization, Japanese localization (Takashi |
+ Okamoto)</li> |
+ </ul> |
+ </li> |
+ <li>findbugs <tt>-onlyAnalyze</tt> option now works on windows |
+ platforms |
+ </li> |
+ <li>mineBugHistory <tt>-noTabs</tt> option for better |
+ alignment of output columns |
+ </li> |
+ <li>filterBugs <tt>-fixed</tt> option (also: will now |
+ recognize the most recent version string) |
+ </li> |
+ <li>XML output includes running time and memory usage data</li> |
+ <li>miscellaneous minor corrections to the manual</li> |
+ <li>better bytecode analysis of the <tt>iinc</tt> instruction |
+ </li> |
+ <li>fix bug in null pointer analysis</li> |
+ <li>improved catch block heuristics</li> |
+ <li>some type analysis tweaks</li> |
+ <li>Bug priority changes |
+ <ul> |
+ <li>DumbMethodInvocations.java: decrease priority of |
+ hard-coded <tt>/tmp</tt> filenames |
+ </li> |
+ <li>ComparatorIdiom.java: decrease priority of |
+ non-serializable anonymous comparators</li> |
+ <li>FindSqlInjection.java: decrease priority of appending a |
+ constant or a static</li> |
+ </ul> |
+ </li> |
+ <li>Updated bug explanations |
+ <ul> |
+ <li>NM_VERY_CONFUSING (Dave Brosius)</li> |
+ </ul> |
+ </li> |
+ <li>Updated test case files |
+ <ul> |
+ <li>BadStoreOfNonSerializableObject.java</li> |
+ <li>BadRandomInt.java</li> |
+ <li>TestFieldAnnotations.java</li> |
+ <li>UseInitCause.java</li> |
+ <li>SqlInjection.java</li> |
+ <li>ArrayEquality.java</li> |
+ <li>BadIntegerOperations.java</li> |
+ <li>Pilhuhn.java</li> |
+ <li>InstanceOf.java</li> |
+ <li>SwitchFallthrough.java (Dave Brosius)</li> |
+ </ul> |
+ </li> |
+ <li>fix URL decoding bug when running under Java Web Start |
+ (Dave Brosius)</li> |
+ <li>distribution includes <tt>project.xml</tt> file for |
+ NetBeans |
+ </li> |
+ </ul> |
+ |
+ <p>Changes since version 0.9.4:</p> |
+ <ul> |
+ <li>New detectors |
+ <ul> |
+ <li>VarArgsProblems.java</li> |
+ <li>FindSqlInjection.java: now enabled</li> |
+ <li>ComparatorIdiom.java: comparators usually implement |
+ serializable</li> |
+ <li>Naming.java: detect methods not overridden due to |
+ eponymously typed args from different packages</li> |
+ </ul> |
+ </li> |
+ <li>Updated detectors |
+ <ul> |
+ <li>SwitchFallthrough.java: surpress some false positives</li> |
+ <li>DuplicateBranches.java: surpress some false positives</li> |
+ <li>IteratorIdioms.java: surpress some false positives</li> |
+ <li>FindHEmismatch.java: surpress some false positives</li> |
+ <li>QuestionableBooleanAssignment.java: finds more cases of |
+ <tt>if (b=true)</tt> ilk |
+ </li> |
+ <li>DumbMethods.java: detect int remainder by 1, delayed gc |
+ errors</li> |
+ <li>SerializableIdiom.java: detect store of nonserializable |
+ object into field of serializable class</li> |
+ <li>FindNullDeref.java: fix potential exception</li> |
+ <li>IsNullValue.java: fix potential exception</li> |
+ <li>MultithreadedInstanceAccess.java: fix potential |
+ exception</li> |
+ <li>PreferZeroLengthArrays.java: flag the method, not the |
+ line</li> |
+ </ul> |
+ </li> |
+ <li>Remove some inadvertent dependencies on JDK 1.5</li> |
+ <li>Sort order should be more consistent</li> |
+ <li>XML output changes |
+ <ul> |
+ <li>Option to sort XML bug output</li> |
+ <li>Now contains instance IDs</li> |
+ <li>uid no longer missing (was causing problems with fancy |
+ HTML output)</li> |
+ <li>Typo fixed</li> |
+ </ul> |
+ </li> |
+ <li>Internal changes to track source files, <tt>-sourceInfo</tt> |
+ option |
+ </li> |
+ <li>Bug matching: first try exact bug pattern matching, option |
+ to compare priorities, option to disable package moves</li> |
+ <li>Architecture documentation in <tt>design/architecture</tt> |
+ </li> |
+ <li>Test cases move into their own CVS project</li> |
+ <li>Don't report warnings that occur outside the analyzed |
+ classes</li> |
+ <li>Fixes to the build.xml files</li> |
+ <li>Better handling of @CheckReturnValue and @CheckForNull |
+ annotations (also, some additional methods searched for check |
+ return value and check for null)</li> |
+ <li>Fixed some stream-closing bugs (one by <tt>z-fb-user</tt>/Dave |
+ Brosius) |
+ </li> |
+ <li>Bug priority changes |
+ <ul> |
+ <li>increase priority of ignoring return value of |
+ java.sql.Connection methods</li> |
+ <li>increase priority of comparing classes like Integer |
+ using <tt>==</tt> |
+ </li> |
+ <li>decrease priority of IT_NO_SUCH_ELEMENT if we see any |
+ call to <tt>next()</tt> |
+ </li> |
+ <li>tweak priority of NM_METHOD_CONSTRUCTOR_CONFUSION</li> |
+ <li>decrease priority of RV_RETURN_VALUE_IGNORED for an |
+ inherited annotation that doesn't return same type as class</li> |
+ </ul> |
+ </li> |
+ <li>Updated bug explanations |
+ <ul> |
+ <li>RCN_REDUNDANT_NULLCHECK_WOULD_HAVE_BEEN_A_NPE</li> |
+ <li>DP_CREATE_CLASSLOADER_INSIDE_DO_PRIVILEGED</li> |
+ <li>IMA_INEFFICIENT_MEMBER_ACCESS (Dave Brosius)</li> |
+ <li>some Japanese improvements to messages_ja.xml ( <tt>ruimo</tt>) |
+ </li> |
+ <li>some German improvements to findbugs_de.properties (Dave |
+ Brosius, <tt>dvholten</tt>) |
+ </li> |
+ </ul> |
+ </li> |
+ <li>Updated test case files |
+ <ul> |
+ <li>BadIntegerOperations.java</li> |
+ <li>SecondKaboom.java</li> |
+ <li>OpenDatabase.java (Dave Brosius)</li> |
+ <li>FindOpenStream.java (Dave Brosius)</li> |
+ <li>BadRandomInt.java</li> |
+ </ul> |
+ </li> |
+ <li>Source-lines info maintained for methods (handy for |
+ abstract and native methods)</li> |
+ <li>Remove surrounding opcodes from source line annotations</li> |
+ <li>Better error when can't read file</li> |
+ <li>Swing GUI: removed console pane from FindBugsFrame, fix |
+ missing classes bug</li> |
+ <li>Fixes to OpcodeStack.java</li> |
+ <li>Detectors may attach a custom value to an OpcodeStack.Item |
+ (Dave Brosius)</li> |
+ <li>Filter.java: ability to add text messages to XML output, |
+ fix bug with <tt>-withMessages</tt> |
+ </li> |
+ <li>SourceInfoMap supports ranges of source lines</li> |
+ <li>Ant task supports the <tt>timestampNow</tt> attribute |
+ </li> |
+ </ul> |
+ |
+ <p>Changes since version 0.9.3:</p> |
+ <ul> |
+ <li>Substantial rework of datamining code</li> |
+ <li>Removed bogus warnings about await on things other than |
+ Condition not being in a loop</li> |
+ <li>Fixed bug in OpcodeStack handling of dup2 of long/double |
+ values</li> |
+ <li>Don't report array types as missing classes</li> |
+ <li>Adjustment of some warnings on ignored return values</li> |
+ <li>Added thread safety annotations from Java Concurrency in |
+ Practice (no detectors written for these yet)</li> |
+ <li>Added annotation for methods that, if overridden, should |
+ be invoked by overriding methods via a call to super</li> |
+ <li>Updated -html:fancy.xsl (Etienne Giraudy)</li> |
+ </ul> |
+ |
+ <p>Note: there was no version 0.9.2</p> |
+ |
+ <p>Changes since version 0.9.1:</p> |
+ <ul> |
+ <!-- New detectors --> |
+ <li>Embellish USM to find abstract methods that implement an |
+ interface method (Dave Brosius)</li> |
+ <li>New detector to find stores of literal booleans inside if |
+ or while expressions (Dave Brosius)</li> |
+ <li>New style detector to find final classes that declare |
+ protected fields (Dave Brosius)</li> |
+ <li>New detector to find subclass methods that simply forward, |
+ verbatim, to the super class (Dave Brosius)</li> |
+ <li>Detector to find instances where code is attempting to |
+ write an object out via an implementation of DataOutput, but the |
+ object is not guaranteed to be Serializable (Jon Christiansen, |
+ Bill Pugh)</li> |
+ |
+ <!-- Feature enhancements --> |
+ <li>Large (35%) analysis speedup (Bill Pugh)</li> |
+ <li>Add line numbers to Swing GUI code panel (Dave Brosius)</li> |
+ <li>Added effort options to Swing GUI (Dave Brosius)</li> |
+ <li>Add ability to specify bugs file to open from command line |
+ for GUI version, through -loadbugs (Phillip Martin)</li> |
+ <li>New stylesheet for generating HTML: use option <tt>-html:plain.xsl</tt> |
+ (Chris Nappin) |
+ </li> |
+ <li>New stylesheet for generating HTML: use option <tt>-html:fancy.xsl</tt> |
+ (Etienne Giraudy) |
+ </li> |
+ <li>Updated Japanese bug message translations (Shisei Hanai)</li> |
+ |
+ <!-- Bug fixes --> |
+ <li>XHTML compliance fixes for bug details (Etienne Giraudy)</li> |
+ <li>Various detector fixes (Shisei Hanai)</li> |
+ <li>Fixed bugs in the project preferences dialog int the |
+ Eclipse plugin (Takashi Okamoto, Thomas Einwaller)</li> |
+ <li>Lowered priority of analysis thread in Swing GUI (David |
+ Hovemeyer, suggested by Shisei Hanai and Jeffrey W. Badorek)</li> |
+ <li>Fixed EclipsePlugin to correctly pick up auxclasspath |
+ entries (Jon Christiansen)</li> |
+ </ul> |
+ |
+ <p>Changes since version 0.9.0:</p> |
+ <ul> |
+ <li>Fixed dependence on JRE 1.5: all features should work on |
+ JRE 1.4 again</li> |
+ <li>Fixed -effort command line option handling for Swing GUI</li> |
+ <li>Fixed conserveSpace and workHard attributes int Ant task</li> |
+ <li>Added support for effort attribute in Ant task</li> |
+ </ul> |
+ |
+ <p>Changes since version 0.8.8:</p> |
+ <ul> |
+ <!-- New detectors and bug patterns --> |
+ <li>XMLFactoryBypass detector to find direct allocation of xml |
+ class implementations (Dave Brosius)</li> |
+ <li>InefficientMemberAccess detector to find accesses to |
+ owning class private members (Dave Brosius)</li> |
+ <li>DuplicateBranches detector checks switch statements too |
+ (Dave Brosius)</li> |
+ |
+ <!-- Feature enhancements --> |
+ <li>FindBugs available from findbugs.sourceforge.net as Java |
+ Web Start application (Dave Brosius)</li> |
+ <li>Updated Japanese bug message translations (Shisei Hanai)</li> |
+ <li>Improved bug detail message for covariant equals() (Shisei |
+ Hanai)</li> |
+ <li>Modeling of instanceof checks is now enabled by default, |
+ making the bad cast detector much more useful (Bill Pugh, David |
+ Hovemeyer)</li> |
+ <li>Support for detector ordering constraints in plugin |
+ descriptor (David Hovemeyer)</li> |
+ <li>Simpler option to control analysis effort: -effort: <i>value</i>, |
+ where <i>value</i> is one of <code> min </code> , <code> |
+ default </code> , or <code> max </code> (David Hovemeyer) |
+ </li> |
+ <li>Using -effort:max, FindNullDeref checks for null arguments |
+ passed to methods which dereference them unconditionally (David |
+ Hovemeyer)</li> |
+ <li>FindNullDeref checks @Null and @NonNull annotations for |
+ parameters and return values (David Hovemeyer)</li> |
+ |
+ <!-- Bug fixes --> |
+ </ul> |
+ |
+ <p>Changes since version 0.8.7:</p> |
+ |
+ <ul> |
+ <!-- New detectors and bug patterns --> |
+ <li>New detector to find duplicate code in if/else statements |
+ (Dave Brosius)</li> |
+ <li>Look for calls to wait() on Condition objects (David |
+ Hovemeyer)</li> |
+ <li>Look for java.util.concurrent.Lock objects not released on |
+ every path out of method (David Hovemeyer)</li> |
+ <li>Look for calls to Thread.sleep() with a lock held (David |
+ Hovemeyer)</li> |
+ <li>More accurate detection of impossible casts (Bill Pugh, |
+ David Hovemeyer)</li> |
+ |
+ <!-- Feature enhancements --> |
+ <li>Saved XML now contains project statistics (Jay Dunning)</li> |
+ <li>Filter files can select by bug pattern type and warning |
+ priority (David Hovemeyer)</li> |
+ |
+ <!-- Bug fixes --> |
+ <li>Restored some files inadvertently omitted from previous |
+ release (Rohan Lloyd, David Hovemeyer)</li> |
+ <li>Make sure detectors requiring JDK 1.5 runtime classes are |
+ only executed if those classes are available (David Hovemeyer)</li> |
+ <li>Don't display analysis error dialog unless there is really |
+ an error (David Hovemeyer)</li> |
+ <li>Updated and expanded French translations of bug patterns |
+ and Swing GUI (Olivier Parent)</li> |
+ <li>Fixed invalid character encoding in German Swing GUI |
+ translation (Olivier Parent)</li> |
+ <li>Fix locale used for date format in project stats (K. |
+ Hashimoto)</li> |
+ <li>Fixed LongDescription elements in xml:withMessages output |
+ format (K. Hashimoto)</li> |
+ </ul> |
+ |
+ <p>Changes since version 0.8.6:</p> |
+ |
+ <ul> |
+ <!-- new detectors --> |
+ <li>Extend Naming detector to look for classes that are named |
+ XXXException but that are not Exceptions (Dave Brosius)</li> |
+ <li>New detector to find classes that expose semaphores in the |
+ public implementation through the 'this' reference. (Dave Brosius) |
+ </li> |
+ <li>New Style detector to find Struts Action/Servlet derived |
+ classes that reference instance member variable not in |
+ synchronized blocks. (Dave Brosius)</li> |
+ <li>New Style detector to find classes that declare |
+ implementation of interfaces that are already implemented by super |
+ classes (Dave Brosius)</li> |
+ <li>New Style detector to find circular dependencies between |
+ classes (Dave Brosius)</li> |
+ <li>New Style detector to find unnecessary math on constants |
+ (Dave Brosius)</li> |
+ <li>New detector to find equality comparisons using floating |
+ point math (Jay Dunning)</li> |
+ <li>New faster detector to find local self assignments (Bill |
+ Pugh)</li> |
+ <li>New detector to find infinite recursive loops (Bill Pugh) |
+ </li> |
+ <li>New detector to find for loops with an incorrect increment |
+ (Bill Pugh)</li> |
+ <li>New detector to find suspicious uses of |
+ BufferedReader.readLine() and String.indexOf() (Bill Pugh)</li> |
+ <li>New detector to find suspicious integer to double casts |
+ (David Hovemeyer, Bill Pugh)</li> |
+ <li>New detector to find invalid regular expression patterns |
+ (Bill Pugh)</li> |
+ <li>New detector to find Bloch/Gafter Java puzzlers (Bill |
+ Pugh)</li> |
+ |
+ <!-- feature enhancements --> |
+ <li>New system property to suppress reporting of DLS based on |
+ local variable name (Glenn Boysko)</li> |
+ <li>Enhancements to configuration dialog in Eclipse plugin, |
+ allow for saving enabled detectors in Eclipse projects (Phil |
+ Crosby)</li> |
+ <li>Sortable columns in detector dialog (Dave Brosius)</li> |
+ <li>New tab in gui for showing bugs grouped by category (Dave |
+ Brosius)</li> |
+ <li>Improved German translation of Swing GUI (Thomas Kuehne)</li> |
+ <li>Improved source file reporting in Emacs output format (Len |
+ Trigg)</li> |
+ <li>Improvements to redundant null comparison detector (Bill |
+ Pugh)</li> |
+ <li>Localization of run analysis and analysis error dialogs in |
+ Swing GUI (K. Hashimoto)</li> |
+ |
+ <!-- Bug fixes --> |
+ <li>Don't scan equals methods in FindHEMismatch if code is |
+ native (Greg Bentz)</li> |
+ <li>French translation fixes (David Cotton)</li> |
+ <li>Internationalization report fixes (K. Hashimoto)</li> |
+ <li>Japanese translations updates (SHISEI Hanai)</li> |
+ </ul> |
+ |
+ <p>Changes since version 0.8.5:</p> |
+ <ul> |
+ <!-- new detectors --> |
+ <li>New detector to find catch blocks that may inadvertently |
+ catch runtime exceptions (Brian Goetz)</li> |
+ <li>New detector to find objects that are instantiated based |
+ on classes that only have static methods and fields, using the |
+ synthesized constructor (Dave Brosius)</li> |
+ <li>New detector to find calls to Thread.interrupted() in a |
+ non static context, and especially with non currentThread() |
+ threads (Dave Brosius)</li> |
+ <li>New detector to find calls to equals() methods that use |
+ Object's version. (Dave Brosius)</li> |
+ <li>New detector to find Applets that call methods in the |
+ constructor refering to the AppletStub (Dave Brosius)</li> |
+ <li>New detector to find some cases of infinite recursion |
+ (Bill Pugh)</li> |
+ <li>New detector to find dead stores to local variables (David |
+ Hovemeyer, Bill Pugh)</li> |
+ <li>Extend Dumb Method detector for toUpperCase(), |
+ toLowerCase() without a locale, new Integer(1).toString(), new |
+ XXX().getClass(), and new Thread() without a run implementation |
+ (Dave Brosius) <!-- feature enhancements --> |
+ </li> |
+ <li>Ant task supports "errorProperty" attribute, which sets an |
+ Ant property to "true" if an error occurs running FindBugs |
+ (Michael Tamm)</li> |
+ <li>Eclipse plugin allows filtering of warnings by bug |
+ category, priority (David Hovemeyer)</li> |
+ <li>Swing GUI allows filtering of warnings by bug category |
+ (David Hovemeyer)</li> |
+ <li>Ability to annotate methods using Java 1.5 annotations |
+ that suppress FindBugs warnings (Bill Pugh)</li> |
+ <li>New -adjustExperimental for lowering priority of |
+ BugPatterns that are experimental (Dave Brosius)</li> |
+ <li>Allow for command line options 'files' using the @ symbol |
+ (David Hovemeyer)</li> |
+ <li>New -adjustPriority command line option to for adjusting |
+ bug priorites (David Hovemeyer)</li> |
+ <li>Added an Edit menu (cut/copy/paste) to Swing GUI (Dave |
+ Brosius)</li> |
+ <li>French translation supplied (David Cotton) <!-- Bug fixes --> |
+ </li> |
+ </ul> |
+ |
+ <p>Changes since version 0.8.4:</p> |
+ <ul> |
+ <!-- new detectors --> |
+ <li>New detector for volatile references to arrays (Bill Pugh) |
+ </li> |
+ <li>New detector to find instanceof usage where inheritance |
+ can be determined statically (Dave Brosius)</li> |
+ <li>New detector to find ResultSet.getXXX updateXXX calls |
+ using index 0 (Dave Brosius)</li> |
+ <li>New detector to find empty zip or jar entries (Bill Pugh) |
+ |
+ <!-- feature enhancements --> |
+ </li> |
+ <li>HTML output generation using built-in XSLT stylesheet or |
+ user-defined stylesheet (David Hovemeyer)</li> |
+ <li>Allow URLs to be specified to analyze zip/jar files, local |
+ directories, and single classfiles (David Hovemeyer)</li> |
+ <li>New command line option -onlyAnalyze restricts analysis to |
+ selected classes and packages without reducing accuracy (David |
+ Hovemeyer)</li> |
+ <li>Allow Swing GUI to show source code in jar files on |
+ Windows systems (Dave Brosius) <!-- Bug fixes --> |
+ </li> |
+ <li>Fix the Switch Fall Thru detector (Dave Brosius, David |
+ Hovemeyer, Bill Pugh)</li> |
+ <li>MacOS GUI fixes (Rohan Lloyd)</li> |
+ <li>Fix false positive in BOA in case where method is |
+ correctly and 'incorrectly' overridden (Dave Brosius)</li> |
+ <li>Fixed memory blowup when analyzing methods which access a |
+ large number of fields (David Hovemeyer)</li> |
+ </ul> |
+ |
+ <p>Changes since version 0.8.3:</p> |
+ <ul> |
+ <li>Initial and preliminary localization of the Swing |
+ GUI. Translations by: |
+ <ul> |
+ <li>German - Peter D. Stout, Holger Stenzhorn</li> |
+ <li>Finnish - Juha Knuutila</li> |
+ <li>Estonian - Tanel Lebedev</li> |
+ <li>Japanese - Hanai Shisei</li> |
+ </ul> |
+ </li> |
+ <li>Eliminated debug print statements inadvertently left |
+ enabled</li> |
+ <li>Reverted some changes in the open stream detector: this |
+ should fix some false positives that were introduced in the |
+ previous release</li> |
+ <li>Fixed a couple missing class reports</li> |
+ </ul> |
+ |
+ <p>Changes since version 0.8.2:</p> |
+ <ul> |
+ |
+ <!-- New detectors --> |
+ <li>New detector to find improperly overridden GUI Adapter |
+ classes (Dave Brosius)</li> |
+ <li>New detector to find improperly setup JUnit TestCases |
+ (Dave Brosius)</li> |
+ <li>New detector to find variables that mask class level |
+ fields (Dave Brosius)</li> |
+ <li>New detector to find comparisons of values computed with |
+ bitwise operators that always yield the same result (Tom Truscott) |
+ </li> |
+ <li>New detector to find unsafe getClass().getResource() calls |
+ (Bill Pugh)</li> |
+ <li>New detector to find GUI changes not in GUI thread but in |
+ static main (Bill Pugh)</li> |
+ <li>New detector to find calls to Collection.toArray() with |
+ zero-length array argument; it is more efficient to pass an array |
+ the size of the collection, which can be populated and returned as |
+ the result (Dave Brosius) <!-- Analysis improvements --> |
+ </li> |
+ <li>Better suppression of false warnings in various detectors |
+ (Bill Pugh, David Hovemeyer)</li> |
+ <li>Enhancement to ReadReturnShouldBeChecked detector for |
+ skip() (Dave Brosius)</li> |
+ <li>Enhancement to DumbMethods detector (Dave Brosius)</li> |
+ <li>Open stream detector does not report wrappers of streams |
+ passed as method parameters (David Hovemeyer) <!-- Feature enhancements --> |
+ </li> |
+ <li>Cancel confirmation dialog in Swing GUI (Pete Angstadt)</li> |
+ <li>Better relative path saving in Project file (Dave Brosius) |
+ </li> |
+ <li>Detector Priority in GUI is now saved in prefs file (Dave |
+ Brosius)</li> |
+ <li>Controls in GUI to reorder source and classpath entries, |
+ and ability to flip between Project details and bugs pages (Dave |
+ Brosius)</li> |
+ <li>In Swing GUI, analysis error dialog supports "Select All" |
+ and "Copy" operations for easy generation of error reports (Dave |
+ Brosius)</li> |
+ <li>Complete translation of bug descriptions and messages into |
+ Japanese (Hanai Shisei) <!-- Bug fixes --> |
+ </li> |
+ <li>Fixed bug in DroppedException detector (Dave Brosius) <!-- Development stuff --> |
+ </li> |
+ <li>The source distribution defaults to using JDK 1.5 javac to |
+ compile, but support for compiling with JSR-14 prototype is still |
+ supported</li> |
+ </ul> |
+ |
+ <p>Changes since version 0.8.1:</p> |
+ <ul> |
+ <li>Fixed a critical ClassCastException bug (triggered if the |
+ -workHard option was used, and an exception type was merged with |
+ an array type during type inference)</li> |
+ </ul> |
+ |
+ <p>Changes since version 0.8.0:</p> |
+ <ul> |
+ <li>Disabled SwitchFallthrough detector to work around |
+ NullPointerExceptions</li> |
+ <li>Added some additional false positive suppression |
+ heuristics</li> |
+ </ul> |
+ |
+ <p>Also, two contributors to the 0.8.0 release were |
+ inadvertently left out of the credits:</p> |
+ <ul> |
+ <li>Pete Angstadt fixed several problems in the Swing GUI</li> |
+ <li>Francis Lalonde provided a task resource file for the |
+ FindBugs Ant task</li> |
+ </ul> |
+ |
+ <p>Changes since version 0.7.4:</p> |
+ <ul> |
+ <li>New detector to look for uses of "+" operator to |
+ concatenate String objects in a loop (Dave Brosius)</li> |
+ <li>Reference comparison detector looks for places where the |
+ argument passed to the equals(Object) method isn't the same type |
+ as the receiver object</li> |
+ <li>Better suppression of false warnings in many detectors</li> |
+ <li>Many improvements to Eclipse plugin (Andrey Loskutov, |
+ Peter Friese)</li> |
+ <li>Fixed problem with building Eclipse plugin on Windows |
+ (Thomas Klaeger)</li> |
+ <li>Open stream detector looks for unclosed PreparedStatement |
+ objects (Thomas Klaeger, Rohan Lloyd)</li> |
+ <li>Fix for open stream detector: it wasn't detecting close() |
+ methods called through an invokeinterface instruction (Thomas |
+ Klaeger)</li> |
+ <li>Refactoring of visitor classes to enforce use of accessors |
+ for visited class features (Brian Goetz)</li> |
+ </ul> |
+ |
+ <p>Changes since version 0.7.3:</p> |
+ <ul> |
+ <li>Experimental modification of open stream detector to look |
+ for non-escaping JDBC resources (connections and statements) that |
+ aren't closed on all paths out of method</li> |
+ <li>Eclipse plugin fixed so it compiles and runs on Eclipse |
+ 2.1.x (Peter Friese)</li> |
+ <li>Option to Swing GUI and command line to generate project |
+ file using relative paths for archives, source directories, and |
+ aux classpath entries (Dave Brosius)</li> |
+ <li>Improvements to findbugs.bat script for launching FindBugs |
+ on Windows (Dave Brosius)</li> |
+ <li>Updated Japanese message translations (Hiroshi Okugawa)</li> |
+ <li>Uncalled private methods are now reported as low priority, |
+ unless they have the same name as another method in the class |
+ (which is more likely to indicate an actual bug)</li> |
+ <li>Added some missing data in the bug messages XML files</li> |
+ <li>Fixed some problems building from source on Windows |
+ systems</li> |
+ <li>Various minor bug fixes</li> |
+ </ul> |
+ |
+ <p>Changes since version 0.7.2:</p> |
+ <ul> |
+ <li>Enhanced Eclipse plugin, which displays the detailed bug |
+ description in a view (Phil Crosby)</li> |
+ <li>Various tweaks to existing detectors to reduce false |
+ warnings</li> |
+ <li>New command line option <code> -workHard </code> enables |
+ pruning of infeasible or unlikely exception edges, which results |
+ in better accuracy in the open stream detector, at the expense of |
+ a 30%-100% slowdown |
+ </li> |
+ <li>New website and HTML documentation design</li> |
+ <li>Documentation includes an HTML document with descriptions |
+ of all bug patterns reported by FindBugs</li> |
+ <li>Web page has a link to a <a |
+ href="http://www.simeji.com/findbugs/doc/manual_ja/index.html">Japanese |
+ translation</a> of the FindBugs manual, contributed by Hiroshi |
+ Okugawa |
+ </li> |
+ <li>Changed the Inconsistent Synchronization detector so that |
+ fields synchronized 50% of the time (or more) are reported as |
+ medium priority bugs (previously they were reported as low)</li> |
+ <li>New detector to find code that catches |
+ IllegalMonitorStateException</li> |
+ <li>New detector to find private methods that are never called |
+ </li> |
+ <li>New detector to find suspicious uses of |
+ non-short-circuiting boolean operators ( <code> & </code> and |
+ <code> | </code> , rather than <code> && </code> and <code> |
+ || </code> ) |
+ </li> |
+ </ul> |
+ |
+ <p>Changes since version 0.7.1:</p> |
+ <ul> |
+ <li>Incorporated patched version of BCEL, which allows classes |
+ compiled with JDK 1.5.0 beta to be analyzed</li> |
+ <li>Fixed some bugs related to lookups of array classes</li> |
+ <li>Fixed bug that prevented GUI from loading XML result files |
+ when running under JDK 1.5.0 beta</li> |
+ <li>Added new experimental bug detector, LazyInit, which looks |
+ for potentially buggy lazy initializations of static fields</li> |
+ <li>Because of long filenames, switched to distributing the |
+ source archive as a zip file rather than a tar file</li> |
+ <li>The 0.7.1 source tarfile was botched - 0.7.2 has a valid |
+ source archive</li> |
+ <li>Fixed some problems in the Ant build script</li> |
+ <li>Fixed NullPointerException when checking Class-Path |
+ attribute for Jar files without manifests</li> |
+ <li>Generate version numbers for the core and UI Eclipse |
+ plugins using the Version class; all version numbers are now in a |
+ common location</li> |
+ </ul> |
+ |
+ <p>Changes since version 0.7.0:</p> |
+ <ul> |
+ <li>Eclipse plugin (contributed by Peter Friese)</li> |
+ <li>Source package structure rearranged: all source (other |
+ than Eclipse plugin UI) is in the edu.umd.cs.findbugs package, or |
+ a subpackage</li> |
+ <li>Class-Path attributes of manifests of analyzed jar files |
+ are used to set the aux classpath automatically (Peter D. Stout)</li> |
+ <li>GUI starts in directory specified by user.home property |
+ (Peter D. Stout)</li> |
+ <li>Added -project option to GUI (Mikko T.)</li> |
+ <li>Added -look:{plastic,gtk,native} option to GUI, for |
+ setting look and feel (Mikko T.)</li> |
+ <li>Fixed DataflowAnalysisException in inconsistent |
+ synchronization detector</li> |
+ <li>Ant task supports failOnError parameter (Rohan Lloyd)</li> |
+ <li>Serializable class warnings are downgraded to low priority |
+ for GUI classes</li> |
+ <li>MWN detector will only report calls to wait(), notify(), |
+ and notifyAll() methods that have the correct signature</li> |
+ <li>FindBugs works with latest CVS version of BCEL</li> |
+ <li>Zip and Jar files may be added to the source path</li> |
+ <li>The GUI will automatically find source files residing in |
+ analyzed Zip or Jar files</li> |
+ </ul> |
+ |
+ <p>Note that the version number jumped from 0.6.6 to 0.6.9; |
+ there were no 0.6.7 or 0.6.8 releases.</p> |
+ <p>Changes since version 0.6.9:</p> |
+ <ul> |
+ <li>Added -conserveSpace option to reduce memory use at the |
+ expense of analysis precision</li> |
+ <li>Bug fixes in findbugs.bat script: JAVA_HOME handling, |
+ autodetection of FINDBUGS_HOME, missing output with -textui</li> |
+ <li>Fixed NullPointerException when a missing class is |
+ encountered</li> |
+ </ul> |
+ |
+ <p>Changes since version 0.6.6:</p> |
+ <ul> |
+ <li>The null pointer dereference detector is more powerful</li> |
+ <li>Significantly improved heuristics and bug fixes in |
+ inconsistent synchronization detector</li> |
+ <li>Improved heuristics in open stream and dropped exception |
+ detectors; fewer false positives should be reported</li> |
+ <li>Save HTML summary in XML results files, rather than |
+ recomputing; this makes loading results in GUI much faster</li> |
+ <li>Report at most one String comparison using == or != per |
+ method</li> |
+ <li>The findbugs.bat script on Windows autodetects |
+ FINDBUGS_HOME, and doesn't open a DOS window when launching the |
+ GUI (contributed by TJSB)</li> |
+ <li>Emacs reporting format (contributed by David Li)</li> |
+ <li>Various bug fixes</li> |
+ </ul> |
+ |
+ <p>Changes since 0.6.5:</p> |
+ <ul> |
+ <li>Rewritten inconsistent synchronization detector; accuracy |
+ is significantly improved, and bug reports are prioritized</li> |
+ <li>New detector to find self assignment (x=x) of local |
+ variables (suggested by Jeff Martin)</li> |
+ <li>New detector to find calls to wait(), notify(), and |
+ notifyAll() on an object which is not obviously locked</li> |
+ <li>Open stream detector now reports Readers and Writers</li> |
+ <li>Fixed bug in finalizer idioms detector which caused |
+ spurious warnings about failure to call super.finalize() (reported |
+ by Jim Menard)</li> |
+ <li>Fixed bug where output stream was not closed using non-XML |
+ output (reported by Sigiswald Madou)</li> |
+ <li>Fixed corrupted HTML bug detail message (reported by |
+ Trevor Harmon)</li> |
+ </ul> |
+ |
+ <p>Changes since version 0.6.4:</p> |
+ <ul> |
+ <li>For redundant comparison of reference values, fixed false |
+ positives resulting from duplication of code in finally blocks</li> |
+ <li>Fixed false positives resulting from wrapped byte array |
+ streams left open</li> |
+ <li>Fixed bug in Ant task preventing output file from working |
+ properly if a relative path was used</li> |
+ </ul> |
+ |
+ <p>Changes since version 0.6.3:</p> |
+ <ul> |
+ <li>Fixed bug in Ant task where output would be corrupted, and |
+ added a <code> timeout </code> attribute |
+ </li> |
+ <li>Added -outputFile option to text UI, for explicitly |
+ specifying an output file</li> |
+ <li>GUI has a summary window, for statistics about overall bug |
+ densities (contributed by Mike Fagan)</li> |
+ <li>Find redundant comparisons of reference values</li> |
+ <li>More accurate detection of Strings compared with == and != |
+ operators</li> |
+ <li>Detection of other reference types which should generally |
+ not be compared with == and != operators; Boolean, Integer, etc.</li> |
+ <li>Find non-transient non-serializable instance fields in |
+ Serializable classes</li> |
+ <li>Source code may be compiled with latest early access |
+ generics-enabled javac (version 2.2)</li> |
+ </ul> |
+ |
+ <p>Changes since version 0.6.2:</p> |
+ <ul> |
+ <li>GUI supports filtering bugs by priority</li> |
+ <li>Ant task rewritten; supports all functionality offered by |
+ Text UI (contributed by Mike Fagan)</li> |
+ <li>Ant task is fully documented in the manual</li> |
+ <li>Classes in nested archives are analyzed; this allows full |
+ support for analyzing .ear and .war files (contributed by Mike |
+ Fagan)</li> |
+ <li>DepthFirstSearch changed to use non-recursive |
+ implementation; this should fix the StackOverflowErrors that |
+ several users reported</li> |
+ <li>Various minor bugfixes and improvements</li> |
+ </ul> |
+ |
+ <p>Changes since version 0.6.1:</p> |
+ <ul> |
+ <li>New detector to look for useless control flow (suggested |
+ by Richard P. King and Mike Fagan)</li> |
+ <li>Look for places where return value of |
+ java.io.File.createNewFile() is ignored (suggested by Richard P. |
+ King)</li> |
+ <li>Fixed bug in resolution of source files (only the first |
+ source directory was searched)</li> |
+ <li>Fixed a NullPointerException in the bytecode pattern |
+ matching code</li> |
+ <li>Ant task supports project files (contributed by Mike |
+ Fagan)</li> |
+ <li>Unix findbugs script honors the <code> JAVA_HOME </code> |
+ environment variable (contributed by Pedro Morais) |
+ </li> |
+ <li>Allow .war and .ear files to be analyzed</li> |
+ </ul> |
+ |
+ <p>Changes since version 0.6.0:</p> |
+ <ul> |
+ <li>New bug pattern detector which looks for places where a |
+ null pointer might be dereferenced</li> |
+ <li>New bug pattern detector which looks for IO streams that |
+ are opened, do not escape the method, and are not closed on all |
+ paths out of the method</li> |
+ <li>New bug pattern detector to find methods that can return |
+ null instead of a zero-length array</li> |
+ <li>New bug pattern detector to find places where the == or != |
+ operators are used to compare String objects</li> |
+ <li>Command line interface can save bugs as XML</li> |
+ <li>GUI can save bugs to and load bugs from XML</li> |
+ <li>An "Annotations" window in the GUI allows the user to add |
+ textual annotations to bug reports; these annotations are |
+ preserved when bugs are saved as XML</li> |
+ <li>In this release, the Japanese bug summary translations by |
+ Germano Leichsenring are really included (they were inadvertently |
+ omitted in the previous release)</li> |
+ <li>Completely rewrote the control flow graph builder, |
+ hopefully for the last time</li> |
+ <li>Simplified implementation of control flow graphs, which |
+ should reduce memory use and possibly improve performance</li> |
+ <li>Improvements to command line interface (list bug |
+ priorities, filter by priority, specify aux classpath, specify |
+ project to analyze)</li> |
+ <li>Various bug fixes and enhancements</li> |
+ </ul> |
+ |
+ <p>Changes since version 0.5.4</p> |
+ <ul> |
+ <li>Added an <a href="http://ant.apache.org/">Ant</a> task for |
+ FindBugs, contributed by Mike Fagan. |
+ </li> |
+ <li>Added a GUI dialog which allows individual bug pattern |
+ detectors to be enabled or disabled. Disabling certain slow |
+ detectors can greatly speed up analysis of large programs, at the |
+ expense of reducing the number of potential bugs found.</li> |
+ <li>Added a new detector for finding improperly ignored return |
+ values for methods such as <code> String.trim() </code> . |
+ Suggested by Andreas Mandel. |
+ </li> |
+ <li>Japanese translations of the bug summaries, contributed by |
+ Germano Leichsenring.</li> |
+ <li>Filtering of results is supported in command line |
+ interface. See the <a href="manual/index.html">FindBugs manual</a> |
+ for details. |
+ </li> |
+ <li>Added "byte code patterns", a general pattern matching |
+ infrastructure for bytecode instructions. This feature |
+ significantly reduces the complexity of implementing new bug |
+ pattern detectors.</li> |
+ <li>Enabled a new general dataflow analysis to track values in |
+ methods.</li> |
+ <li>Switched to new control-flow graph builder implementation. |
+ </li> |
+ </ul> |
+ |
+ <p>Changes since version 0.5.3</p> |
+ <ul> |
+ <li>Fixed a bug in the script used to launch FindBugs on |
+ Windows platforms.</li> |
+ <li>Fixed crashes when analyzing class files without source |
+ line information.</li> |
+ <li>All major errors are reported using an error dialog; file |
+ not found errors are more informative.</li> |
+ <li>Minor GUI improvements.</li> |
+ </ul> |
+ |
+ <p>Changes since version 0.5.2</p> |
+ <ul> |
+ <li>All of the source code and related files are in a single |
+ directory tree.</li> |
+ <li>Updated some of the detectors to produce source line |
+ information.</li> |
+ <li><a href="http://ant.apache.org/">Ant</a> build script and |
+ several GUI enhancements and fixes contributed by Mike Fagan.</li> |
+ <li>Converted to use a <a href="AddingDetectors.txt">plugin |
+ architecture</a> for loading bug detectors. |
+ </li> |
+ <li>Eliminated generics-related compiler warnings.</li> |
+ <li>More complete documentation has been added.</li> |
+ </ul> |
+ |
+ <p>Changes since version 0.5.1:</p> |
+ <ul> |
+ <li>Fixed a large number of bugs in the BCEL Repository and |
+ FindBugs's use of the Repository. With these changes, |
+ FindBugs should <em>never</em> crash or otherwise misbehave |
+ because of Repository lookup failures. Because of these |
+ changes, you must use a modified version of <code> bcel.jar |
+ </code> with FindBugs. This jar file is included in the FindBugs |
+ 0.5.2 binary release. A complete patch containing the <a |
+ href="http://faculty.ycp.edu/~dhovemey/bcel-30-April-2003.patch">modifications |
+ against the BCEL CVS main branch as of April 30, 2003</a> is also |
+ available. |
+ </li> |
+ <li>Implemented the "auxiliary classpath entry list". |
+ Aux classpath entries can be added to a project to provide classes |
+ that are referenced by the analyzed application, but should not |
+ themselves be analyzed. Having all referenced classes |
+ available allows FindBugs to produce more accurate results.</li> |
+ </ul> |
+ |
+ <p>Changes since version 0.5.0:</p> |
+ <ul> |
+ <li>Many user interface bugs have been fixed.</li> |
+ <li>Upgraded to a recent CVS version of BCEL, with some bug |
+ fixes. This should prevent FindBugs from crashing when there |
+ is a failure to find a class on the classpath.</li> |
+ <li>Added support for Plastic look and feel from <a |
+ href="http://www.jgoodies.com/">jgoodies.com</a>. |
+ </li> |
+ <li>Major overhaul of infrastructure for doing dataflow |
+ analysis.</li> |
+ </ul> |
<hr> <p> |
<script language="JavaScript" type="text/javascript"> |
<!---//hide script from old browsers |
@@ -2800,10 +2855,10 @@ document.write( "Last updated "+ document.lastModified + "." ); |
<p> |
<A href="http://sourceforge.net"><IMG src="http://sourceforge.net/sflogo.php?group_id=96405&type=5" width="210" height="62" border="0" alt="SourceForge.net Logo" /></A> |
- </td> |
+ </td> |
- </tr> |
- </table> |
+ </tr> |
+ </table> |
</body> |