FindBugs是看了ss 论坛上YuLimin的提示,技术活干不了,体力活我来扛

FindBugs
http://findbugs.sourceforge.net/


这里有两篇介绍用法的文章:

http://dev2dev.bea.com.cn/bbsdoc/20060124186.html

http://www-128.ibm.com/developerworks/cn/java/j-findbug1/index.html

 

结果

找到 bug 总数 50,这里的bug,只是按照FindBugs默认定义的pattern找到的结果,
不一定是真正的bug,例如
DSL中有6个是因为HistoryEventListener尚未完成,

造成的误报,表格后面列出了详细的位置,请大家有时间核对一下。

代码

详细解释

数量

DSL

Dead store to local variable

This instruction assigns a value to a local variable, but the value is not read by any

 subsequent instruction. Often, this indicates an error, because the value computed is never

 used.

Note that Sun's javac compiler often generates dead stores for final local variables. Because

 FindBugs is a bytecode-based tool, there is no easy way to eliminate these false positives.

8

DM

Method invokes System.exit(...)

Invoking System.exit shuts down the entire Java virtual machine. This should only been done

 when it is appropriate. Such calls make it hard or impossible for your code to be invoked by

 other code. Consider throwing a RuntimeException instead.

1

EI

Method may expose internal representation by returning reference to mutable object

Returning a reference to a mutable object value stored in one of the object's fields exposes

 the internal representation of the object. If instances are accessed by untrusted code, and

 unchecked changes to the mutable object would compromise security or other important

 properties, you will need to do something different. Returning a new copy of the object is

 better approach in many situations.

5

EI2

Method may expose internal representation by incorporating reference to mutable object

This code stores a reference to an externally mutable object into the internal representation

 of the object. If instances are accessed by untrusted code, and unchecked changes to the

 mutable object would compromise security or other important properties, you will need to do

 something different. Storing a copy of the object is better approach in many situations.

8

IJU

TestCase implements tearDown but doesn't call super.tearDown()

Class is a JUnit TestCase and implements the tearDown method. The tearDown method should call

 super.tearDown(), but doesn't.

1

MF

Class defines field that obscures a superclass field

This class defines a field with the same name as a visible instance field in a superclass.

 This is confusing, and may indicate an error if methods update or access one of the fields

 when they wanted the other.

5

MS

Field isn't final but should be

A mutable static field could be changed by malicious code or by accident from another

 package. The field could be made final to avoid this vulnerability.

8

NP

Possible null pointer dereference in method

A reference value dereferenced here might be null at runtime. This may lead to a

 NullPointerException when the code is executed.

2

ODR

Method may fail to close database resource

The method creates a database resource (such as a database connection or row set), does not

 assign it to any fields, pass it to other methods, or return it, and does not appear to close

 the object on all paths out of the method. Failure to close database resources on all paths

 out of a method may result in poor performance, and could cause the application to have

 problems communicating with the database.

2

REC

java.lang.Exception is caught when Exception is not thrown

This method uses a try-catch block that catches Exception objects, but Exception is not

 thrown within the try block, and RuntimeException is not explicitly caught. It is a common

 bug pattern to say try { ... } catch (Exception e) { something } as a shorthand for catching

 a number of types of exception each of whose catch blocks is identical, but this construct

 also accidentally catches RuntimeException as well, masking potential bugs.

1

SIC

Should be a static inner class

This class is an inner class, but does not use its embedded reference to the object which

 created it. This reference makes the instances of the class larger, and may keep the

 reference to the creator object alive longer than necessary. If possible, the class should be

 be made static.

1

SS

Unread field: should this field be static?

This class contains an instance final field that is initialized to a compile-time static

 value. Consider making the field static.

3

UI

Usage of GetResource may be unsafe if class is extended

Calling this.getClass().getResource(...) could give results other than expected if this class

 is extended by a class in another package.

2

UrF

Unread field

This field is never read. Consider removing it from the class.

1

WMI

Inefficient use of keySet iterator instead of entrySet iterator

This method accesses the value of a Map entry, using a key that was retrieved from a keySet

 iterator. It is more efficient to use an iterator on the entrySet of the map, to avoid the

 Map.get(key) lookup.

2

合计

50



附详细列表:

DLS: Dead store to date in method org.springside.core.commons.support.audit.HistoryEventListener.onPostUpdate(org.hibernate.event.PostUpdateEvent)       HistoryEventListener.java      springside/springside-core/src/org/springside/core/commons/support/audit       line 25     2006811 11:28:46       29678

 

DLS: Dead store to id in method org.springside.core.commons.support.audit.HistoryEventListener.onPostUpdate(org.hibernate.event.PostUpdateEvent)       HistoryEventListener.java      springside/springside-core/src/org/springside/core/commons/support/audit       line 18     2006811 11:28:46       29675

 

DLS: Dead store to limit in method org.springside.plugins.webwork.action.SSActionSupport.prepareECTable(com.bba96.tiger.util.Page)     SSActionSupport.java       springside/springside-core/src/org/springside/plugins/webwork/action       line 64     2006811 11:28:50  29690

 

DLS: Dead store to loginid in method org.springside.core.commons.support.audit.HistoryEventListener.onPostUpdate(org.hibernate.event.PostUpdateEvent)       HistoryEventListener.java      springside/springside-core/src/org/springside/core/commons/support/audit       line 24     2006811 11:28:46       29674

 

DLS: Dead store to newValues in method org.springside.core.commons.support.audit.HistoryEventListener.onPostUpdate(org.hibernate.event.PostUpdateEvent)       HistoryEventListener.java      springside/springside-core/src/org/springside/core/commons/support/audit       line 29     2006811 11:28:46       29677

 

DLS: Dead store to session in method org.springside.plugins.security.intercept.support.AuthenticationDetailsSourceHelper.buildDetails(javax.servlet.http.HttpServletRequest)     AuthenticationDetailsSourceHelper.javaspringside/springside-core/src/org/springside/plugins/security/intercept/support       line 19    2006811 11:28:49  29688

 

DLS: Dead store to type in method org.springside.core.commons.support.audit.HistoryEventListener.onPostUpdate(org.hibernate.event.PostUpdateEvent)       HistoryEventListener.java      springside/springside-core/src/org/springside/core/commons/support/audit       line 19     2006811 11:28:46       29676

 

DLS: Dead store to v in method org.springside.bookstore.plugins.jms.service.StorageCheckImpl.asynGetResidual(OrderSerializable,ResultListener)       StorageCheckImpl.java  springside/springside-bookstore/src/org/springside/bookstore/plugins/jms/service     line 29     2006811 11:28:43       29668

 

Dm: org.springside.bookstore.plugins.jms.service.ActiveMQSecurityAdapter.<init>(boolean) invokes System.exit(...), which shuts down the entire virtual machine     ActiveMQSecurityAdapter.java       springside/springside-bookstore/src/org/springside/bookstore/plugins/jms/service     line 40     2006811 11:28:42       29667

 

EI: org.springside.bookstore.commons.domain.Order.getOrderDate() may expose internal representation by returning org.springside.bookstore.commons.domain.Order.orderDate      Order.java       springside/springside-bookstore/src/org/springside/bookstore/commons/domain       line 87     2006811 11:28:40       29655

 

EI: org.springside.bookstore.commons.domain.Order.getShipDate() may expose internal representation by returning org.springside.bookstore.commons.domain.Order.shipDateOrder.java       springside/springside-bookstore/src/org/springside/bookstore/commons/domain       line 132006 8 11 11:28:40       29657

 

EI: org.springside.bookstore.commons.domain.Product.getCreateTime() may expose internal representation by returning org.springside.bookstore.commons.domain.Product.createTimeProduct.java       springside/springside-bookstore/src/org/springside/bookstore/commons/domain       line 130   2006811 11:28:40       29659

 

EI: org.springside.bookstore.commons.domain.Product.getModifyTime() may expose internal representation by returning org.springside.bookstore.commons.domain.Product.modifyTime      Product.java       springside/springside-bookstore/src/org/springside/bookstore/commons/domain       line 138   2006811 11:28:40       29661

 

EI: org.springside.plugins.security.resourcedetails.Resource.getAuthorities() may expose internal representation by returning org.springside.plugins.security.resourcedetails.Resource.authorities   Resource.java       springside/springside-core/src/org/springside/plugins/security/resourcedetails   line 65     2006811 11:28:50  29689

 

EI2: org.springside.bookstore.commons.domain.Order.setOrderDate(java.util.Date) may expose internal representation by storing an externally mutable object into org.springside.bookstore.commons.domain.Order.orderDate      Order.java       springside/springside-bookstore/src/org/springside/bookstore/commons/domain       line 92006 8 11 11:28:40  29656

 

EI2: org.springside.bookstore.commons.domain.Order.setShipDate(java.util.Date) may expose internal representation by storing an externally mutable object into org.springside.bookstore.commons.domain.Order.shipDate       Order.java       springside/springside-bookstore/src/org/springside/bookstore/commons/domain       line 135   2006811 11:28:40       29658

 

EI2: org.springside.bookstore.commons.domain.Product.setCreateTime(java.util.Date) may expose internal representation by storing an externally mutable object into org.springside.bookstore.commons.domain.Product.createTime   Product.java       springside/springside-bookstore/src/org/springside/bookstore/commons/domain       line 134   2006811 11:28:40       29660

 

EI2: org.springside.bookstore.commons.domain.Product.setModifyTime(java.util.Date) may expose internal representation by storing an externally mutable object into org.springside.bookstore.commons.domain.Product.modifyTime  Product.java       springside/springside-bookstore/src/org/springside/bookstore/commons/domain       line 142   2006811 11:28:40       29662

 

EI2: org.springside.core.commons.BusinessException.<init>(String,String[],Throwable) may expose internal representation by storing an externally mutable object into org.springside.core.commons.BusinessException.errorArgs      BusinessException.java       springside/springside-core/src/org/springside/core/commons     line 62006 8 11 11:28:46  29672

 

EI2: org.springside.core.commons.BusinessException.<init>(String,String[]) may expose internal representation by storing an externally mutable object into org.springside.core.commons.BusinessException.errorArgs       BusinessException.java       springside/springside-core/src/org/springside/core/commons     line 50     2006811 11:28:46  29671

 

EI2: org.springside.plugins.aopcache.FlushingInterceptor.setCacheKeys(String[]) may expose internal representation by storing an externally mutable object into org.springside.plugins.aopcache.FlushingInterceptor.cacheKeysFlushingInterceptor.java       springside/springside-core/src/org/springside/plugins/aopcache  line 32     2006811 11:28:48  29680

 

EI2: org.springside.plugins.jbossrules.support.AbstractFileRuleBaseLoader.setRuleFiles(String[]) may expose internal representation by storing an externally mutable object into org.springside.plugins.jbossrules.support.AbstractFileRuleBaseLoader.ruleFiles       AbstractFileRuleBaseLoader.java   springside/springside-core/src/org/springside/plugins/jbossrules/support    line 39     2006811 11:28:48       29681

 

IJU: TestCase org.springside.core.test.BaseXFireTest implements tearDown but doesn't call super.tearDown()       BaseXFireTest.javaspringside/springside-core/src/org/springside/core/test       line 37     2006811 11:28:47  29679

 

MF: Class org.springside.core.commons.AbstractHibernateDao defines field that obscures superclass field org.springframework.dao.support.DaoSupport.loggerspring-2.0-rc2.jar   springside/lib/core         2006811 11:08:12       29618

 

MF: Class org.springside.core.commons.AbstractHibernateDao defines field that obscures superclass field org.springframework.dao.support.DaoSupport.loggerspring-2.0-rc2.jar   springside/lib/core         2006811 11:28:45       29670

 

MF: Class org.springside.plugins.security.acl.creator.SimpleAclCreator defines field that obscures superclass field org.springside.plugins.security.acl.creator.AbstractBasicAclCreator.defaultAclObjectIdentityClass   AbstractBasicAclCreator.java       springside/springside-core/src/org/springside/plugins/security/acl/creator         2006811 11:28:49  29687

 

MF: Class org.springside.plugins.security.acl.creator.SimpleAclCreator defines field that obscures superclass field org.springside.plugins.security.acl.creator.AbstractBasicAclCreator.processDomainObjectClass      AbstractBasicAclCreator.java       springside/springside-core/src/org/springside/plugins/security/acl/creator         2006811 11:28:49  29685

 

MF: Class org.springside.plugins.security.acl.creator.SimpleAclCreator defines field that obscures superclass field org.springside.plugins.security.acl.creator.AbstractBasicAclCreator.processReturnedObjectClass    AbstractBasicAclCreator.java       springside/springside-core/src/org/springside/plugins/security/acl/creator         2006811 11:28:49  29686

 

MS: org.springside.bookstore.admin.exception.OrderException.LACK_INVENTORY isn't final but should beOrderException.java       springside/springside-bookstore/src/org/springside/bookstore/admin/exception  line 16     2006811 11:28:50  29691

 

MS: org.springside.bookstore.commons.domain.Order.statusEnum isn't final but should be     Order.java       springside/springside-bookstore/src/org/springside/bookstore/commons/domain       line 22006 8 11 11:28:50  29692

 

MS: org.springside.bookstore.commons.web.support.HsqlListener.logger isn't final but should be   HsqlListener.java       springside/springside-bookstore/src/org/springside/bookstore/commons/web/support      line 27     2006811 11:28:50       29693

 

MS: org.springside.core.commons.BaseHibernateDao.COUNT_MODE isn't final but should be      BaseHibernateDao.java       springside/springside-core/src/org/springside/core/commons     line 30     2006811 11:28:50  29694

 

MS: org.springside.core.commons.BaseHibernateDao.LIST_MODE isn't final but should be    BaseHibernateDao.java       springside/springside-core/src/org/springside/core/commons     line 32     2006811 11:28:50  29696

 

MS: org.springside.core.commons.BaseHibernateDao.SCROLL_MODE isn't final but should be     BaseHibernateDao.java       springside/springside-core/src/org/springside/core/commons     line 32006 8 11 11:28:50  29695

 

MS: org.springside.core.commons.ConfigurableConstants.logger isn't final but should beConfigurableConstants.java       springside/springside-core/src/org/springside/core/commons     line 29     2006811 11:28:50  29697

 

MS: org.springside.core.commons.ConfigurableConstants.p isn't final but should beConfigurableConstants.java       springside/springside-core/src/org/springside/core/commons     line 30     2006811 11:28:50  29698

 

NP: Possible null pointer dereference in org.springside.plugins.security.acl.creator.SimpleAclCreator.supports(Object,Object)       SimpleAclCreator.java    springside/springside-core/src/org/springside/plugins/security/acl/creator  line 103   2006811 11:28:49  29683

 

NP: Possible null pointer dereference in org.springside.plugins.security.acl.creator.SimpleAclCreator.supports(Object,Object)       SimpleAclCreator.java    springside/springside-core/src/org/springside/plugins/security/acl/creator  line 105   2006811 11:28:49  29684

 

ODR: org.springside.bookstore.commons.web.support.HsqlListener.contextDestroyed(javax.servlet.ServletContextEvent) may fail to close database resource  HsqlListener.java    springside/springside-bookstore/src/org/springside/bookstore/commons/web/support       line 125   2006811 11:28:429664

 

ODR: org.springside.bookstore.commons.web.support.HsqlListener.contextDestroyed(javax.servlet.ServletContextEvent) may fail to close database resource  HsqlListener.java    springside/springside-bookstore/src/org/springside/bookstore/commons/web/support       line 127   2006811 11:28:429665

 

REC: Method org.springside.bookstore.commons.web.support.HsqlListener.contextDestroyed(javax.servlet.ServletContextEvent) catches Exception, but Exception is not thrown in the try block and RuntimeException is not explicitly caught      HsqlListener.java       springside/springside-bookstore/src/org/springside/bookstore/commons/web/support      line 129   2006811 11:28:429666

 

SIC: Should org.springside.core.utils.BeanUtilsTest$TestChildBean be a _static_ inner class?   BeanUtilsTest.java       springside/springside-core/test/unit/org/springside/core/utils       line 37     2006811 11:28:50  29700

 

SS: Unread field: org.springside.plugins.webwork.action.SSModelActionSupport.specialCreateSuccessResult; should this field be static?     SSModelActionSupport.java  springside/springside-core/src/org/springside/plugins/webwork/action              2006811 11:28:50       29701

 

SS: Unread field: org.springside.plugins.webwork.action.SSModelActionSupport.specialRemoveSuccessResult; should this field be static?     SSModelActionSupport.java  springside/springside-core/src/org/springside/plugins/webwork/action              2006811 11:28:50       29702

 

SS: Unread field: org.springside.plugins.webwork.action.SSModelActionSupport.specialUpdateSuccessResult; should this field be static?     SSModelActionSupport.java  springside/springside-core/src/org/springside/plugins/webwork/action              2006811 11:28:50       29703

 

UI: Usage of GetResource in org.springside.bookstore.commons.web.support.HsqlListener.contextInitialized(javax.servlet.ServletContextEvent) may be unsafe if class is extended    HsqlListener.java    springside/springside-bookstore/src/org/springside/bookstore/commons/web/support      line 72    2006811 11:28:429663

 

UI: Usage of GetResource in org.springside.plugins.jbossrules.support.DSLRuleBaseLoader.buildRuleBase() may be unsafe if class is extended  DSLRuleBaseLoader.java       springside/springside-core/src/org/springside/plugins/jbossrules/support    line 32     2006811 11:28:48       29682

 

UrF: Unread field: org.springside.TestBean.private_name     TestBean.java  springside/springside-core/test/unit/org/springside              2006811 11:28:50  29699

 

WMI: Method org.springside.core.commons.AbstractHibernateDao$1.setup(org.hibernate.Criteria,java.util.Map) makes inefficient use of keySet iterator instead of entrySet iteratorAbstractHibernateDao.java       springside/springside-core/src/org/springside/core/commons     line 148   2006811 11:28:45  29669

 

WMI: Method org.springside.core.commons.support.CriteriaSetup.setup(org.hibernate.Criteria,java.util.Map) makes inefficient use of keySet iterator instead of entrySet iterator       CriteriaSetup.java       springside/springside-core/src/org/springside/core/commons/supportline 18     2006811 11:28:46  29673

posted on 2006-08-11 13:21 leon du 阅读(6009) 评论(3)  编辑  收藏


FeedBack:
# re: 使用FindBugs对SpringSide1.0m3进行分析的结果
2006-08-11 13:50 | 江南白衣
谢谢兄弟阿,在jira里建个task先:)
虽然粗略看了一下,好像没有真正错误的地方,但还是可以用来做参考把代码改得pretty些:)
等改完了,再PMD一下?  回复  更多评论
  
# re: 使用FindBugs对SpringSide1.0m3进行分析的结果
2006-08-11 14:24 | leon du
不客气 :)
作为SS的受惠者,做点力所能及的工作是应该的。  回复  更多评论
  
# re: 使用FindBugs对SpringSide1.0m3进行分析的结果
2006-08-11 16:16 | Flyingis
不错,下载一个试试先。  回复  更多评论
  

只有注册用户登录后才能发表评论。


网站导航:
 
<2006年8月>
303112345
6789101112
13141516171819
20212223242526
272829303112
3456789

常用链接

留言簿(1)

随笔档案

搜索

  •  

积分与排名

  • 积分 - 6252
  • 排名 - 2842

最新评论