quality@glassfish.java.net

Changes in FindBugs from 1.0.0 to 1.1.1 and to 1.1.2

From: Bill Pugh <pugh_at_cs.umd.edu>
Date: Tue, 12 Dec 2006 17:30:57 -0500

The primary change from FindBugs 1.0.0 to 1.1.1 and from
1.1.1 to 1.1.2 is some additional heuristics to eliminate
false positives and recategorize some lesser issues as bad practice
or dodgy code rather than correctness.

Here are the total number of medium and high priority correctness
warnings found by various versions of FindBugs in Glassfish v2-b26:

1.0.0: 1163 warnings
1.1.0: 428 warnings
1.1.2: 379 warnings

There are actually only 3 bugs found by 1.1.2 in glassfish that are not
found by 1.1.1:

M C GC: com.sun.appserv.management.client.ConnectionSource is
incompatible with expected argument
javax.management.MBeanServerConnection in
com.sun.appserv.management.client.ProxyFactory.findInstance
(ConnectionSource) At ProxyFactory.java:[line 453]
H C GC: java.lang.Integer is incompatible with expected argument
java.lang.String in
com.sun.appserv.management.util.jmx.NotificationEmitterSupport.decrement
ListenerCountForType(String) At NotificationEmitterSupport.java:
[line 189]
H C GC: oracle.toplink.essentials.descriptors.DescriptorEvent is
incompatible with expected argument java.lang.Integer in
oracle.toplink.essentials.internal.ejb.cmp3.metadata.listeners.MetadataE
ntityListener.isSessionPostBuildEvent
(oracle.toplink.essentials.descriptors.DescriptorEvent) At
MetadataEntityListener.java:[line 370]

There are all cases where FindBugs checks for incompatible types in
the use of a generic collection (e.g., checking to see if a
Set<String> contains an Integer.

FindBugs 1.1.1 reports a total of 162 warnings not reported by
FindBugs 1.0.0.

Of the 1163 issues reported by FindBugs 1.0.0 as medium/high
correctness warnings:
        56 are no longer reported at all
        122 are reported as medium/high priority dodgy code warnings
        182 are reported as low priority warnings (and thus not
usually reported at all)
        210 are still reported as medium/high priority correctness
warnings
        593 are now reported as bad practice, rather than correctness
warnings

Of the bugs reclassified as Bad Practice:
        167 non serializable fields in serializable classes
         56 calls to System.exit
         74 places where an exception might be ignored
         38 explicit invocations of a finalize method
         69 classes that define equals but not hashcode

and similar issues.

Bill