FindBugs - A Bug Pattern Detector for Java
started 4/30/2003; 12:21:19 AM - last post 5/2/2003; 4:34:59 PM
|
|
Dan Shappir - FindBugs - A Bug Pattern Detector for Java
4/30/2003; 12:21:19 AM (reads: 1759, responses: 6)
|
|
FindBugs - A Bug Pattern Detector for Java |
via Slashdot
My advisor and I are working on a tool to automatically find bugs in Java programs. One of the interesting results of our work is that we've found hundreds of real bugs in production code using extremely simple techniques. We believe that automated tools, if used more widely, could prevent a lot of bugs from making it in to production systems.
Looks very interesting. I think I'll give it a go.
Posted to Software-Eng by Dan Shappir on 4/30/03; 12:23:03 AM
|
|
|
|
Ehud Lamm - Re: FindBugs - A Bug Pattern Detector for Java
4/30/2003; 7:04:43 AM (reads: 844, responses: 0)
|
|
I see the tool is based on BCEL.
|
|
Kimberley Burchett - Re: FindBugs - A Bug Pattern Detector for Java
5/2/2003; 7:24:06 AM (reads: 716, responses: 1)
|
|
I tried this on the java code I have, and it turned up one interesting issue -- I was creating new Boolean objects instead of using Boolean.valueOf(). It also found some unused member variables. But it didn't find any actual bugs. I got the feeling it wasn't really meant to find bugs -- just questionable usage.
|
|
Ehud Lamm - Re: FindBugs - A Bug Pattern Detector for Java
5/2/2003; 7:42:47 AM (reads: 746, responses: 0)
|
|
Well, you can't automatically find bugs when you don't have formal specifications. Surely the name is for PR pruposes.
|
|
Kimberley Burchett - Re: FindBugs - A Bug Pattern Detector for Java
5/2/2003; 10:56:21 AM (reads: 694, responses: 1)
|
|
Au contraire. I was expecting something like analyzing the flow graph, to detect things like potential dereferences of null pointers, class cast exceptions, etc. These things can be done even without formal specs. For example: System.getenv("PATH").charAt(5) . This has two places it can break -- getenv can return null, or charAt can be out of range. In most code it would be annoying to be warned about things like this, but since this is coming from the environment, it would make a lot of sense to check before use.
|
|
Ehud Lamm - Re: FindBugs - A Bug Pattern Detector for Java
5/2/2003; 11:25:45 AM (reads: 728, responses: 0)
|
|
Maybe the programmer wants the program to crash in these cases.
I think one has to be careful and call this sort of thing "possible bugs". That's why compiler writers distinguish "warnings" from "errors."
|
|
Kimberley Burchett - Re: FindBugs - A Bug Pattern Detector for Java
5/2/2003; 4:34:59 PM (reads: 688, responses: 0)
|
|
By the way, I should mention that Perl's taint mode basically does what I described above.
Ehud, I doubt there are many places where programmers want their program to crash with such unintelligible messages as "NullPointerException" or "ArrayIndexOutOfBounds". The IOException errors are perhaps an exception -- "File not found: /does/not/exist.txt" is much more comprehensible to a user, for example.
Given that this is program is supposed to find bugs, it would make sense for it to look for and flag things like this. Did you think I was suggesting that the compiler writer should flag it as an error? I wasn't -- I agree that it's not the business of the Java compiler to detect things like this (other languages maybe, but not Java).
|
|
|
|