fb-contrib / News: Recent posts

fb-contrib is a bug detector plugin for the FindBugs application (https://github.com/findbugsproject/findbugs), or SpotBugs application (https://github.com/spotbugs)
This release adds four detectors that can easily be integrated into FindBugs by dropping the jar file into FindBugs' plugin directory. fb-contrib version 7.4.0 requires FindBugs version 3.0.1 or later. This version of fb-contrib uses java 1.7.
New Detectors added in this release:... read more

fb-contrib is a bug detector plugin for the FindBugs application (https://github.com/findbugsproject/findbugs), or SpotBugs application (https://github.com/spotbugs)
This release adds four detectors that can easily be integrated into FindBugs by dropping the jar file into FindBugs' plugin directory. fb-contrib version 7.2.0 requires FindBugs version 3.0.1 or later. This version of fb-contrib uses java 1.7.
New Detectors added in this release:... read more

Greetings, fb-contrib users.

Starting with version 7.0.3 and going forward, there will be two releases of fb-contrib. One for the original FindBugs program, which will be called fb-contrib-7.0.3.jar, and one for its successor SpotBugs, called fb-contrib-7.0.3.sb.jar

This is necessary as SpotBugs has updated its jar dependencies to latest releases which makes it incompatible in some ways with the old FindBugs product.... read more

Greetings, fb-contrib users.

I mistakenly pushed out version 7.0.0 compiled against java 8. This was not intentional, and I am cutting a 7.0.1 now that is compiled, as it should be, against java 7. Thanks to ksiczek for alerting me to this problem.

fb-contrib is a bug detector plugin for the FindBugs application (https://github.com/findbugsproject/findbugs).
This release adds four detectors that can easily be integrated into FindBugs by dropping the jar file into FindBugs' plugin directory. fb-contrib version 7.0.0 requires FindBugs version 3.0.1 or later. This version of fb-contrib uses java 1.7.

New Detectors added in this release:

Suspicious Shaded Class Use
Looks for use of classes that have been shaded into 3rdparty jars, rather than using the real class, from the real jar.... read more

fb-contrib is a bug detector plugin for the FindBugs application (https://github.com/findbugsproject/findbugs).
This release adds four detectors that can easily be integrated into FindBugs by dropping the jar file into FindBugs' plugin directory. fb-contrib version 6.8.0 requires FindBugs version 3.0.1 or later. This version of fb-contrib uses java 1.7.

New Detectors added in this release:

Dubious Map Collection
Looks for fields that are implementations of java.util.Map, but that are only ever iterated over. This probably means that this data structure should be a List of some class that holds two values, or at the least Pair. Map was probably choosen as it was the easiest thing to use, but obfuscates the reason for the data structure.... read more

fb-contrib is a bug detector plugin for the FindBugs application (https://github.com/findbugsproject/findbugs).
This release adds four detectors that can easily be integrated into FindBugs by dropping the jar file into FindBugs' plugin directory. fb-contrib version 6.6.0 requires FindBugs version 3.0.1 or later. This version of fb-contrib uses java 1.7.
New Detectors added in this release:

Stacked Try Blocks
Looks for two or more try catch blocks that are consecutive and catch the same kind of exception, and throw the same exception always. These blocks can be coalesced into one, or may predict that this method is too complex.... read more

fb-contrib is a bug detector plugin for the FindBugs application (findbugs.sourceforge.net).
This release adds four detectors that can easily be integrated into FindBugs by dropping the jar file into FindBugs' plugin directory. fb-contrib version 6.4.0 requires FindBugs version 3.0.1 or later. This version of fb-contrib uses java 1.7.
New Detectors added in this release:

Overly Permissive Method
Looks for methods that are declared more permissively than the code is using. For instance, declaring a method public, when it could just be declared private.... read more

fb-contrib is a bug detector plugin for the FindBugs application (findbugs.sourceforge.net).
This release adds four detectors that can easily be integrated into FindBugs by dropping the jar file into FindBugs' plugin directory. fb-contrib version 6.2.0 requires FindBugs version 3.0.1 or later. This version of fb-contrib uses java 1.7.
New Detectors added in this release:

Charset Issues
Looks for manual specification of String encoding using String constants where either a StandardCharset could be used (JDK7) or where the encoding is not recognized with the current JDK.... read more

fb-contrib is a bug detector plugin for the FindBugs application (findbugs.sourceforge.net).
This release adds six detectors that can easily be integrated into FindBugs by dropping the jar file into FindBugs' plugin directory. fb-contrib version 6.0.0 requires FindBugs version 3.0.0 or later. This version of fb-contrib uses java 1.6.
New Detectors added in this release:

Presize Collections
Looks for methods that create and populate collections, and while knowing the end size of those collections, does not pre allocate the collection to be big enough. This just causes unneeded reallocations putting strain on the garbage collector.... read more

fb-contrib is a bug detector plugin for the FindBugs application (findbugs.sourceforge.net).
This release adds five detectors that can easily be integrated into FindBugs by dropping the jar file into FindBugs' plugin directory. fb-contrib version 5.2.0 requires FindBugs version 2.0.0 or later. This version of fb-contrib uses java 1.6.
New Detectors added in this release:

Collection Naming Confusion
Looks for fields and local variables that have Map, Set, List in their names but the variable is a collection of a different basic type.... read more

fb-contrib is a bug detector plugin for the FindBugs application (findbugs.sourceforge.net).

This release adds five detectors that can easily be integrated into FindBugs by dropping the jar file into FindBugs' plugin directory. fb-contrib version 5.0.0 requires FindBugs version 2.0.0 or later. This version of fb-contrib uses java 1.6.
New Detectors added in this release:

ContraVariant Array Assignment
Looks for contravariant array assignments. Since arrays are mutable data structures, their use must be restricted to covariant or invariant usage.
--contributed by Bhaskar Maddala - THANKS!... read more

fb-contrib is a bug detector plugin for the FindBugs application (findbugs.sourceforge.net).

This release adds six detectors that can easily be integrated into FindBugs by dropping the jar file into FindBugs' plugin directory. fb-contrib version 4.6.0 requires FindBugs version 1.1.0 or later. This version of fb-contrib uses java 1.6.

New Detectors added in this release:

Lingering Graphics Object
Looks for creation of java.awt.Graphics object that do not have the .dispose() method called on them when finished. These objects will be cleaned up by the Garbage collector, bug given the likelyhood that large numbers of these objects can be created in a short period of time, it is better to dispose them as soon as possible.... read more

fb-contrib is a bug detector plugin for the FindBugs application (findbugs.sourceforge.net).

This release adds four detectors that can easily be integrated into FindBugs by dropping the jar file into FindBugs' plugin directory. fb-contrib version 4.6.0 requires FindBugs version 1.1.0 or later. This version of fb-contrib uses java 1.5.

New Detectors added in this release:

Suspicious Null Guard
Looks for code that checks to see if a field or local variable is not null before entering a code block either an if, or while statement, and reassigns that field or variable. It seems that perhaps the guard should check if the field or variable is null.... read more

fb-contrib is a bug detector plugin for the FindBugs application (findbugs.sourceforge.net).

This release adds five detectors that can easily be integrated into FindBugs by dropping the jar file into FindBugs' plugin directory. fb-contrib version 4.4.0 requires FindBugs version 1.1.0 or later. This version of fb-contrib uses java 1.5.

New Detectors added in this release:

Reflection on Object Methods
Looks for method calls through reflection on methods found in java.lang.Object. As these methods are always available, there's no reason to do this.... read more

A new detector, Bogus Exception Declaration, looks for constructors, private methods or static methods that declare that they throw specific checked exceptions, but that do not. This just causes callers of these methods to do extra work to handle an exception that will never be thrown.

fb-contrib is a bug detector plugin for the FindBugs application (findbugs.sourceforge.net).

This release adds six detectors that can easily be integrated into FindBugs by dropping the jar file into FindBugs' plugin directory. fb-contrib version 4.2.0 requires FindBugs version 1.1.0 or later. This version of fb-contrib uses java 1.5.

Special thanks to Chris Peterson and Grzegorz Slowikowski for contributing to this release. Chris provided the MoreDumbMethods detector and Grzegorz contributed the pom.xml to make it easier to push versions to the maven repository.... read more

A new detector, Suspicious Clustered Session Support, looks for methods that access objects in http sessions, that are complex objects, modifies those objects, but does not call setAttribute to signify a change so that cluster replication can happen correctly.

fb-contrib is a bug detector plugin for the FindBugs application (findbugs.sourceforge.net). This release adds five detectors that can easily be integrated into FindBugs by dropping the jar file into FindBugs' plugin directory. fb-contrib version 3.6.0 requires FindBugs version 1.1.0 or later.

New Detectors added in this release:

Confusing Function Semantics
Looks for methods that return a parameter after making what looks like modifications to that parameter. This leads to confusion for the user of this method as it isn't obvious that the 'original' object is modified. If the point of this method is to modify the parameter, it is probably better just to have the method be a void method, to avoid confusion.... read more

A new detector, Weak Exception Messaging, looks for exceptions that are thrown with static strings as messages. Using static strings doesn't differentiate one use of this method versus another, and so it may be difficult to determine how this exception occurred without showing context.

A new detector, JUnit Assertion Oddities, looks for junit test case methods that use assertions with odd parameters. Things such as: passing a constant as the second (actual) parameter, not using the three parameter version of asserts for doubles, or passing true or false as the first parameter instead of using assertTrue, or assertFalse.

A new detector, Suspicious Clone Algorithm, looks for implementations of clone where an assignment is made to a field of the source object. It is likely that that store should have occurred on the cloned object, as the clone operation is almost always considered read only.

A new detector, Confusing Function Semantics, looks for methods that return a parameter after making what looks like modifications to that parameter. This leads to confusion for the user of this method as it isn't obvious that the 'original' object is modified. If the point of this method is to modify the parameter, it is probably better just to have the method be a void method, to avoid confusion.

fb-contrib is a bug detector plugin for the FindBugs application (findbugs.sourceforge.net). This release adds five detectors that can easily be integrated into FindBugs by dropping the jar file into FindBugs' plugin directory. fb-contrib version 3.4.0 requires FindBugs version 1.1.0 or later.

New Detectors added in this release:

Suspicious JDK Version Use
Looks for calls to classes and methods that do not exist in the JDK for which this class is compiled. This can happen if you specify the -source and -target options of the javac compiler, and specify a target that is less than the jdk version of the javac compiler. ... read more

A new detector, Exception Softening, looks for methods that catch checked exceptions, and throw unchecked exceptions in their place. There are several levels of concern. Least important are methods constrained by interface or super class contracts not to throw checked exceptions but appear owned by the same author. Next are methods constrained by interface or super class contracts and throw other types of checked exceptions. Lastly are method not constrained by any interface or superclass contract.... read more