Inspection tools like FindBugs provide a second layer of defense against common coding errors.
Tutorial Details:
Most advice on programming style is aimed at creating high-quality, maintainable code, which makes sense because the easiest time to fix a bug is before the bug is created (an ounce of prevention . . .). Unfortunately, prevention is not always enough, and while some fine tools exist to help you create good code, fewer tools are available to help you analyze, maintain, or improve the quality of existing code. This month, columnist Brian Goetz builds on Chris Grindstaff\'s earlier Introduction to FindBugs and shows you how this static analysis tool can help you analyze your code for compliance with design principles that have been discussed in past issues of this column. Share your thoughts on this article with the author and other readers in the accompanying discussion forum. (You can also click Discuss at the top or bottom of the article to access the forum.)
Writing a thread-safe class is hard, but analyzing an existing class for thread-safety is even harder, as is enhancing it so that it remains thread-safe. Much of the knowledge of how a class works (or is supposed to work) evaporates shortly after it is written, in the form of implicit assumptions, invariants, and expected use cases that are clear in the developer\'s head but never get written down in the form of design notes, comments, or documentation. Existing code is always harder to work with than new code.
Needed: better code auditing tools
Of course, the best time to ensure high-quality code is at the moment the code is being written, as this is the time you best understand how it is put together. Plenty of advice can be had (just read this column!) on how to write quality code, but you don\'t always have the luxury of writing everything from scratch or taking as much time as you\'d like to write it. So what do you do in that case? Developers often lobby for rewriting (after all, writing new code is more fun than fixing someone else\'s, or even our own, buggy code), but that, too, is a luxury, and often simply trades today\'s known problems for tomorrow\'s unknown ones. What is needed are better tools for analyzing and auditing existing codebases to assist developers in code audits and bug hunting.
I\'m happy to say that the state of automated code-inspection and auditing tools has gotten significantly better recently with the introduction of FindBugs. Until now, most inspection tools either tried to take on the very difficult problem of proving that a program is correct, or focused on superficial issues such as code formatting and naming conventions, or at best, simple bug patterns such as self-assignment, unused fields, or potential errors such as unused method parameters or public methods that could be declared private or protected. But FindBugs is different -- it uses bytecode analysis and a host of plug-in bug pattern detectors to find common bugs in code. It can help you spot where your code strays, intentionally or unintentionally, from good design principles. (For an introduction to FindBugs, see Chris Grindstaff\'s articles, \"FindBugs, Part 1: Improve the quality of your code\" and \"FindBugs, Part 2: Writing custom detectors.\")
Design advice and bug patterns
For every bug pattern, there exists a corresponding proscriptive element of design advice exhorting us to avoid the specific bug pattern. So if FindBugs is a bug pattern detector, it stands to reason that it can also serve as an auditing tool to measure the degree of compliance with a set of design principles. Many installments of Java theory and practice are dedicated to specific elements of design advice (or its corresponding bug pattern). In this installment, I\'ll explain how FindBugs can help ensure that this design advice is followed in an existing codebase. Let\'s rehash some past advice and see how FindBugs can help detect when you fail to follow it.
The exceptions debate
In \"The exceptions debate,\" one of the arguments raised against checked exceptions was that it is too easy for exceptions to be \"fumbled\" -- to catch an exception and neither take corrective action nor throw another exception, as shown in Listing 1. This fumbling often happens when, in prototyping, an empty catch block is coded simply to make the program compile, with the intention of going back later and filling in some sort of error-handling strategy. While some offer the frequency of this scenario as an example of the unworkability of the approach to exception handling taken by the Java language design, I think it is merely a failure to use the right tools. FindBugs can detect and flag these empty catch blocks easily. If you intend to ignore the exception, it is easy to add a descriptive comment to that effect so readers know that you are deliberately ignoring it, and haven\'t just forgotten to handle it.
Read
Tutorial at: Click here to view the tutorial
Rate Tutorial: Java theory and practice: Kill bugs dead
View Tutorial: Java theory and practice: Kill bugs dead
Related
Tutorials:
 Java memory management
Java memory management
|
Warning! Threading in
a multiprocessor world - JavaWorld February 2001
Warning! Threading in
a multiprocessor world - JavaWorld February 2001
|
Pick up
performance with generational garbage
collection
Pick up
performance with generational garbage
collection
|
Java Tip 132: The
taming of the thread
Java Tip 132: The
taming of the thread
|
Bug patrol
Bug patrol
|
Good, but
obsolete
Good, but
obsolete
|
Fixing the Java Memory Model, Part 1
JSR 133, which has been active for nearly three years, has recently issued its public recommendation on what to do about the Java Memory Model (JMM).
|
Seven Low-Cost Ways to Improve Legacy Code
This article presents seven techniques I\'ve developed and used in my consulting work that are designed to improve legacy code.
|
FindBugs - A Bug Pattern Detector for Java
FindBugs - A Bug Pattern Detector for Java
This is the web page for FindBugs, a program which looks for bugs in Java code. It is free software, distributed under the terms of the Lesser GNU Public License.
|
Java Development on Eclipse, Part 1
Java Development on Eclipse, Part 1
Author\'s note: In part one of a two-part series of excerpts from Eclipse\'s Chapter 2, we\'ll get down to the business of developing Java using Eclipse. We\'re going to take a look at using Eclipse for Java developm
|
Software Download Central
compatible.
GNU getopt - Java port
A while back I found myself in need of a Java command line option parser. Unsatisfied with free versions I was able to find on the net, I volunteered to port the GNU getopt family of functions from C to Java. The current release
|
Java theory and practice: Kill bugs dead
Inspection tools like FindBugs provide a second layer of defense against common coding errors.
|
Ricebridge CSV Manager
Ricebridge CSV Manager
CSV Manager
Read and write CSV files from within your Java application. This component covers all sorts of boundary cases and parsing issues that you'd rather not think about.
|
Clean Up Your Mess: Managing Temp Files in Java Apps
Clean Up Your Mess: Managing Temp Files in Java Apps
Creating and managing temporary files in a Java application can be a little tricky due to some open JVM bugs. Develop a workaround with some custom code and a clever design.
|
HA-JavaMail: High-Availability JavaMail
HA-JavaMail: High-Availability JavaMail
Introduction
HA-JavaMail is a JavaMail transport proxy that adds efficiency and reliability to an underlying JavaMail provider.
HA-JavaMail is NOT an SMTP implementation - it's a wrapper around an existing imp
|
Write custom appenders for log4j
The Apache Software Foundation's log4j logging library is one of the better logging systems around. It's both easier to use and more flexible than Java's built-in logging system.
|
Java theory and practice: Generics gotchas
Generic types, added in JDK 5.0, are a significant enhancement to type safety in the Java language. However, some aspects of generics may seem confusing, or even downright bizarre, to first-time users. In this month's Java theory and practice, Brian Goetz
|
Sun Java System Access Manager Activities with Actuate Enterprise Reporting Platform:
An Integration Story This paper describes the procedure for integrating Actuate 7 with Sun Java System Access Manager to generate reports that reflect the activities on Access Manager. Also discussed are enhancements and workarounds for known bugs.
|
Running JavaServer Faces Technology-Based Portlets on Sun Java System Portal Server 6 2005Q1
You can extend the framework based on JavaServer Faces technology and then run a JSR 168-compliant portlet on Sun Java System Portal Server 6. This article describes the setup procedures, offers sample code, and summarizes the known issues.
|
ORA
ORA is a Framework written in Java (plattform independent).
|
|
|
|
