靜態(tài)分析工具Findbugs怎么用?？我們來(lái)看看Findbugs使用說(shuō)明

　　1 用途

　　FindBugs 是一個(gè)java bytecode靜態(tài)分析工具，它可以幫助java工程師提高代碼質(zhì)量以及排除隱含的缺陷。

　　FindBugs檢查類(lèi)或者 JAR 文件，將字節(jié)碼與一組缺陷模式進(jìn)行對(duì)比以發(fā)現(xiàn)可能的問(wèn)題。

　　有了靜態(tài)分析工具，就可以在不實(shí)際運(yùn)行程序的情況對(duì)軟件進(jìn)行分析。FindBugs不是通過(guò)分析類(lèi)文件的形式或結(jié)構(gòu)來(lái)確定程序的意圖，而是通常使用 Visitor 模式進(jìn)行分析(Visitor 模式的更多信息)。

　　2 安裝

　　目前findbugs新的版本是1.3.9，

　　2.1 Eclipse插件的安裝

　　環(huán)境要求，F(xiàn)indbugs要求Eclipse 3.4 以上的版本，JRE/JDK 1.5.0以上的版本。

　　步驟，將edu.umd.cs.findbugs.plugin.eclipse_1.3.9.20090821.zip解壓到Eclipse的 "plugins"子目錄下，這樣就可以在 /plugins/edu.umd.cs.findbugs.plugin.eclipse_1.3.9.20090821/下看到FindBugs logo圖片findbugs.png。

　　啟動(dòng)Eclipse 然后選擇 Help → About Eclipse Platform → Plug-in Details，你應(yīng)該找到 "FindBugs Plug-in"。

　　3 使用

　　啟動(dòng)

　　選中java工程，點(diǎn)擊鼠標(biāo)右鍵，選擇名為“Find Bugs”的菜單，F(xiàn)indBugs開(kāi)始運(yùn)行，問(wèn)題指示器將指向根據(jù)bug模式識(shí)別出來(lái)的潛在問(wèn)題代碼位置。

　　可選項(xiàng)定制

　　你還可以通過(guò)java工程的屬性對(duì)話框來(lái)定制findbugs的運(yùn)行方式，可選項(xiàng)包括：

　　控制"Run FindBugs Automatically" 開(kāi)關(guān)的checkbox。 選中時(shí), FindBugs 將在每次修改java類(lèi)后啟動(dòng)運(yùn)行。

　　選擇最小告警優(yōu)先級(jí)和Bug類(lèi)別。這些選項(xiàng)將選擇哪些警告被顯示。例如，如果你選擇"Medium"，只有Medium 和 High priority 警告將被顯示。近似地，如果你未選中 "Style" checkbox，Style類(lèi)的警告信息將不會(huì)被顯示。

　　選擇探測(cè)器。這個(gè)列表允許你選擇你想在工程中使用的探測(cè)器。

　　4 配套的Bug模式解釋

　　為了有針對(duì)性的使用這個(gè)工具，減少bug的誤報(bào)，提高使用效率，我們選擇了10個(gè)左右的bug模式，下面就是對(duì)這10個(gè)模式的解釋。

　　這些bug可能會(huì)引起程序的性能或邏輯問(wèn)題.

　　需要說(shuō)明的是,findbugs能檢測(cè)的bug pattern遠(yuǎn)不僅于此,甚至可以定制自己的探測(cè)器,因此,這個(gè)文檔會(huì)不斷擴(kuò)充,同時(shí),也歡迎大家不斷探索和分享使用實(shí)踐.

　　4.1 ES_COMPARING_PARAMETER_STRING_WITH_EQ

　　ES: Comparison of String parameter using == or != (ES_COMPARING_PARAMETER_STRING_WITH_EQ)

　　This code compares a java.lang.String parameter for reference equality using the == or != operators. Requiring callers to pass only String constants or interned strings to a method is unnecessarily fragile, and rarely leads to measurable performance gains. Consider using the equals(Object) method instead.

　　使用 == 或者 != 來(lái)比較字符串或interned字符串，不會(huì)獲得顯著的性能提升，同時(shí)并不可靠，請(qǐng)考慮使用equals()方法。

　　4.2 HE_EQUALS_NO_HASHCODE

　　HE: Class defines equals() but not hashCode() (HE_EQUALS_NO_HASHCODE)

　　This class overrides equals(Object), but does not override hashCode(). Therefore, the class may violate the invariant that equal objects must have equal hashcodes.

　　類(lèi)定義了equals()方法但沒(méi)有重寫(xiě)hashCode()方法，這樣違背了相同對(duì)象必須具有相同的hashcodes的原則

　　4.3 IT_NO_SUCH_ELEMENT

　　It: Iterator next() method can&＃39;t throw NoSuchElement exception (IT_NO_SUCH_ELEMENT)

　　This class implements the java.util.Iterator interface. However, its next() method is not capable of throwing java.util.NoSuchElementException. The next() method should be changed so it throws NoSuchElementException if is called when there are no more elements to return.

　　迭代器Iterator無(wú)法拋出NoSuchElement異常，類(lèi)實(shí)現(xiàn)了java.util.Iterator接口，但是next()方法無(wú)法拋出java.util.NoSuchElementException異常，因此，next()方法應(yīng)該做如此修改，當(dāng)被調(diào)用時(shí)，如果沒(méi)有element返回，則拋出NoSuchElementException異常

　　4.4 J2EE_STORE_OF_NON_SERIALIZABLE_OBJECT_INTO_SESSION

　　J2EE: Store of non serializable object into HttpSession (J2EE_STORE_OF_NON_SERIALIZABLE_OBJECT_INTO_SESSION)

　　This code seems to be storing a non-serializable object into an HttpSession. If this session is passivated or migrated, an error will result.

　　將沒(méi)有實(shí)現(xiàn)serializable的對(duì)象放到HttpSession中，當(dāng)這個(gè)session被鈍化和遷移時(shí)，將會(huì)產(chǎn)生錯(cuò)誤，建議放到HttpSession中的對(duì)象都實(shí)現(xiàn)serializable接口。

　　4.5 ODR_OPEN_DATABASE_RESOURCE

　　ODR: Method may fail to close database resource (ODR_OPEN_DATABASE_RESOURCE)

　　The method creates a database resource (such as a database connection or row set), does not assign it to any fields, pass it to other methods, or return it, and does not appear to close the object on all paths out of the method. Failure to close database resources on all paths out of a method may result in poor performance, and could cause the application to have problems communicating with the database.

　　方法可能未關(guān)閉數(shù)據(jù)庫(kù)資源，未關(guān)閉數(shù)據(jù)庫(kù)資源將會(huì)導(dǎo)致性能變差，還可能引起應(yīng)用與服務(wù)器間的通訊問(wèn)題。

　　4.6 OS_OPEN_STREAM

　　OS: Method may fail to close stream (OS_OPEN_STREAM)

　　The method creates an IO stream object, does not assign it to any fields, pass it to other methods that might close it, or return it, and does not appear to close the stream on all paths out of the method. This may result in a file descriptor leak. It is generally a good idea to use a finally block to ensure that streams are closed.

　　方法可能未關(guān)閉stream，方法產(chǎn)生了一個(gè)IO流，卻未關(guān)閉，將會(huì)導(dǎo)致文件描繪符的泄漏，建議使用finally block來(lái)確保io stream被關(guān)閉。

　　4.7 DMI_CALLING_NEXT_FROM_HASNEXT

　　DMI: hasNext method invokes next (DMI_CALLING_NEXT_FROM_HASNEXT)

　　The hasNext() method invokes the next() method. This is almost certainly wrong, since the hasNext() method is not supposed to change the state of the iterator, and the next method is supposed to change the state of the iterator.

　　4.8 IL_INFINITE_LOOP

　　IL: An apparent infinite loop (IL_INFINITE_LOOP)

　　This loop doesn&＃39;t seem to have a way to terminate (other than by perhaps throwing an exception).

　　明顯的無(wú)限循環(huán).

　　4.9 IL_INFINITE_RECURSIVE_LOOP

　　IL: An apparent infinite recursive loop (IL_INFINITE_RECURSIVE_LOOP)

　　This method unconditionally invokes itself. This would seem to indicate an infinite recursive loop that will result in a stack overflow.

　　明顯的無(wú)限迭代循環(huán),將導(dǎo)致堆棧溢出.

　　4.10 WMI_WRONG_MAP_ITERATOR

　　WMI: Inefficient use of keySet iterator instead of entrySet iterator (WMI_WRONG_MAP_ITERATOR)

　　This method accesses the value of a Map entry, using a key that was retrieved from a keySet iterator. It is more efficient to use an iterator on the entrySet of the map, to avoid the Map.get(key) lookup.

　　使用了keySet iterator和Map.get(key)來(lái)獲取Map值,這種方式效率低,建議使用entrySet的iterator效率更高.

　　4.11 IM_BAD_CHECK_FOR_ODD

　　IM: Check for oddness that won&＃39;t work for negative numbers (IM_BAD_CHECK_FOR_ODD)

　　The code uses x % 2 == 1 to check to see if a value is odd, but this won&＃39;t work for negative numbers (e.g., (-5) % 2 == -1). If this code is intending to check for oddness, consider using x & 1 == 1, or x % 2 != 0.

　　奇偶檢測(cè)邏輯,未考慮負(fù)數(shù)情況.