What is FindBugs?
• FindBugsis an open source static analysis tool that analyzes Java class files
• http://findbugs.sourceforge.net/
• Developed from Research at University of Maryland, led by Bill Pugh
• Looks for for programming defects based on ~ 300 different bug patterns from real bugs
• bug patterns are grouped into categories: correctness, bad practice, performance…
• each pattern assigned a priority: high, medium or low.
• High-Medium priority have low false positive rates: effort was put into trying to ensure that issues reported as high or medium priority correctness issues were issues that had a low false positive rate, and that developers would be interested inexamining all issues reported as high or medium priority correctness issues, even in large code bases.
FindBugslooks for Bugs based on real bug Patterns:
• broad and common patterns:
• a read or write on a null pointer
• typos
• Methods whose return value should not be ignored
• Also specific bug patterns:
• Every Programming Puzzler
• Eclipse documented bug fixes
• Every chapter inEffective Java
• lots from Worse than failure: http://thedailywtf.com/
Misconceptions about Bugs:
• Programmers are smart
• Smart people don’t make dumb mistakes
• WRONG!
• Smart people make dumb mistakes
• Common errors:
• wrong booleanoperator, forgetting parentheses, etc. Misunderstood class or method !
Who uses Findbugs?
• Developed from Research at University of Maryland
• Google, Ebay, Sun, Wells Fargo…
• Bill Pugh , Professor from University of Maryland, spent a year sabbatical at Google working Findbugs into their development process:
• Google runs FindBugs over all Java code
• 1800s issues identified, > 600 fixed.
• Ebay found 2 developers reviewing Findbugs was 10 times more effective than 2 testers
Some Bug Categories
• Correctness - the code is doing something wrong, you should look at it
• Bad practice - the code violates good practice
• Dodgy Code
• Concurrency
• Performance
• Security defect
Can you find the Bug below ?
publicStringsendMessage (User user, String body, Date time) {
return sendMessage(user, body, null);
}
publicStringsendMessage (User user, String body, Date time, List attachments) {
String xml = buildXML (body, attachments);
String response = sendMessage(user, xml);
return response;
}
This line causes an Infinite recursive loop. This bug is high priority, in the correctness category.
returnsendMessage(user, body, null);
Can you find the Bug below ?
publicStringfoundType() {
return this.foundType();
}
Should be
publicStringfoundType() {
return this.foundType;
}
This is another example of an infinite recursive loop. This bug is found often in a decorator pattern when you forget to delegate to another method
Findbugs found 5 infinite recursive loopsin JDK1.6.0-b13. Including this one written by Joshua Bloch
• Smart people make dumb mistakes
• 27 across all versions of JDK, 31 in Google’s Java code
• Embrace and fix your dumb mistakes!
Can you find the Bug?
if(name != null || name.length > 0)
Should be
if(name != null && name.length > 0)
this null pointer bug was found in com.sun.corba…
Can you find the Bug?
privatefinal String _lock = "LOCK";
...
synchronized(_lock)
{
...
}
Constant Strings are shared (even private ones) across all other classes loaded by the JVM. This could lead to unexpected deadlocks in conjunction with other code. This bug was found in Jetty.
This null pointer bug was in Eclipse since 3.2:
if(adapters == null && adapters.length == 0)
return;
•example of statement orbranch that if executed guarantee that a null pointer exception will occur
but in this case adapters is probably never null, that’s why it didn’t get noticed.
• somemistakes don’t matter much, because the impact of the mistake is minimal.
•null pointer exceptions usually get noticed. A harder error to find is that it won’t return if the length is 0.
Can you find the bug?
try{ ... }
catch(IOException e) {
newSAXException("Server side Exception:" + e);
}
The Exception is created and dropped rather than thrown, Should be :
thrownew SAXException("Server side Exception:" + e);
Can you find the Bug?
publicstatic String getNameById(String userId) {
String str = userId;
str.replace(' ', '_');
return str;
}
Ignores the return value of the replace() method, Should be:
str= str.replace(' ', '_');
A very common mistake is ignoring the return value on methods whose return value shouldn't be ignored.
• Strings are immutable, so functions like trim() and replace() return a new String.
What does this Print?
Integer one = 1;
Long addressTypeCode = 1L;
if(addressTypeCode.equals(one)) {
System.out.println("equals");
} else {
System.out.println("not equals");
}
It prints "not equals". According to the contract of equals(), objects of different classes should always compare as unequal
Incomparable equality:
• Using .equals to compare incompatible types
• Using .equals to compare arrays
• only checks if the same array
• Checking to see if a Set<Long> contains anInteger
• never found, even if the same integral value is contained in the map
• Calling get(String)on a Map<Integer,String>
• Returns false , not an error
These bugs may be hard to find on your own
• Types not always explicit
• May be introduced by refactoring
For example a Google refactoring changed a method to return byte[ ] rather than String
Bugs that Matter…
You can have mistakes which don't actually cause problems. Bugs that matter depend on the context. Not every bug found matters, but the effective use of Findbugs can remove bugs cheaper than with other methods
What is the best way to use Findbugs?
You want to find an effective way to use static analysis to improve software quality. 5-10% of mistakes can be found with Findbugs, for some types of bugs it can find all of them. Testing and running code in production will find the bugs that matter, the bugs that cause problems . If you run Findbugs on code in production , then a lot of bugs have been fixed, if you run on new code your are more likely to find bugs. The reason to use findbugs is not to fix all your quality problems, but rather for the issues it does find, finding and fixing with Findbugs is cheaper than finding with testing or causing a problem in production.
• Use Findbugs on new code to remove bugs cheaplybefore bugs are detected using more expensive techniques
• The best time to have a developer look at a warning is when it is introduced, while the code is fresh in a developer’s head.
Expensive Mistakes are …
• Mistakes that fail silently
• Bugs that silently cause the wrong answer to be computed are the scariest bugs, because they will not be noticed easily .
• Mistakes that cause loss of money when they occur
• Mistakes that are hard to fix
Mistakes that matter ($$) can be found by testing or eventually in production, but it is cost effective to find bugs before testing and production with findbugs.
Runtime exceptions can be your friend… runtime exceptions can point you right where the error is
If a mistake causes a runtime exception, then the mistake will be found and corrected .
Throwing a runtime exception is often a reasonable way to fail safely and report a failure.
Runtime exceptions represent conditions that reflect errors in your program's logic and cannot be reasonably recovered from
Can you find the Bug?
// calculate DR amount by aggregating CR amounts
BigDecimaldrAmount = new BigDecimal(0);
for(JournalEntry je: journalEntries)
drAmount.add(je.getCrAmount());
// persist to db
getTrxnService().saveJournalEntry(id,
drAmount, // aggregated amount
true, // Debit
"USD",
"Revenue");
Ignores return value of BigDecimal.add(), should be
drAmount=drAmount.add(je.getCrAmount());
This bug would have cost $ in production, but fixed at Google, within 30 minutes of being reported.
Can you find the Bug?
intvalue2;
Public boolean equals(Integer value1){
returnvalue1== intValue() ;
}
publicInteger intValue() {
returnvalue2;
}
Uses reference equality rather than .equals, should be:
Public boolean equals(Integer value1){
returnvalue1.equals(intValue() );
}
For boxed primitives, == and != are computed using pointer equality, but <, <=, >, >= are computed by comparing unboxed primitive values. This can bite you on other classes (e.g., String), but boxed primitives is where people get bit
Concurrency Bugs
• Inconsistent synchronization –
• a lock is held sometimes when field accessed
• Problems with wait/notify –
• e.g., call to wait() not in loop
• unsafe lazy initialization of static field
Can you find the bug?
synchronized(object) {
if (<condition does not hold>) {
object.wait();
}
//Proceed when condition holds
}
Should be:
synchronized(object) {
while (<condition does not hold>) {
object.wait();
}
//Proceed when condition holds
}
Use Java 5! simplified concurrency , less likely to make these mistakes.
Running FindBugs
• Eclipse plugin
http://findbugs.sourceforge.net/manual/eclipse.html
• Run with Hudson build
References:
• Findbugs home page
http://findbugs.sourceforge.net/
• Bill Pugh Findbugs Devoxxtalk
http://www.parleys.com/#id=2106&st=5
• Bill Pugh Oredev talk:
http://oredev.org/2010/sessions/defective-java-mistakes-that-matter