Bug 71993 - Numerous bugs reported by FindBugs (http://findbugs.sourceforge.net/) in AspectJ jars
Summary: Numerous bugs reported by FindBugs (http://findbugs.sourceforge.net/) in Aspe...
Status: NEW
Alias: None
Product: AspectJ
Classification: Tools
Component: Compiler (show other bugs)
Version: 1.2   Edit
Hardware: PC Windows XP
: P3 normal (vote)
Target Milestone: ---   Edit
Assignee: Adrian Colyer CLA
QA Contact:
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2004-08-15 02:01 EDT by Hristo Stoyanov CLA
Modified: 2008-08-28 16:48 EDT (History)
2 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Hristo Stoyanov CLA 2004-08-15 02:01:57 EDT 
Hi all,
FindBugs is quickly becoming a very popular tool for detecting bugs (please 
see the web site at http://findbugs.sourceforge.net/). Though FindBugs could 
give sometimes 40% of "false alarms", it is usually very acurate and finds 
very real issues.

I ran FindBugs against a recent post-1.2 version of AspectJ and found a lot 
serious potential bugs, including:
  -String comparison with "==" and "!= "
  -null pointer dereference (which leads to NullPointerException)
  -unclosed file streams in  branches
  -dropped/ignored exceptions
  -"new Boolean()" instead of "Boolean.valueOf(...)"
  -use of "hashcode()" instead of "hashCode()"
  
 
and many, many more potential problems ...

While FindBugs is very easy to work with (it only needs the .jar files to do 
the bytecode analysis), the saved bug report is in XML format and quite 
useless. That is why I highly recommend that the AspectJ team downloads it and 
run it against AspectJ


Thanks,
Hristo
Comment 1 Andrew Clement CLA 2007-10-23 06:13:27 EDT 
give it a go for 1.6.0 final
Comment 2 Vincenz Braun CLA 2008-03-20 21:01:44 EDT 
Although I am not the reporter of this "bug" this my my favorite one.
Could you please be so kind and post some  results?
E.g. bugs reported by findbugs, really bugs etc.

Thank you very much.
Comment 3 Andrew Clement CLA 2008-03-20 21:06:12 EDT 
Hi Vincenz, The reason the target changed from 1.6.0 to --- is because I haven't had time to look at it at all and am afraid I won't get to it in the 1.6.0 timeframe...
Comment 4 Vincenz Braun CLA 2008-03-20 21:13:55 EDT 
Sorry, I read it the other way around. My fault. But it would really be nice to have
some information on this topic, regardless when it will be done.
Comment 5 Andrew Clement CLA 2008-08-28 16:48:28 EDT 
Finally I did some of this, running findBugs over components I was interested in (weaver/new bcel).  Interesting findings indeed... a few places where we intended to override equals() and hashCode() but had spelt hashCode() wrong (yikes!)

I also turned up the eclipse warnings for: unused code, unnecessary casts and unnecessary conditional checks.  There were a slew of these all over the place and I've gotten rid of a lot of them.

I also installed PMD, just so I could use the 'find duplicate code' option, and discovered a few places with duplication, including a case where someone had ignored the Abstract implementation of a pattern visitor interface and proceeded to write their own duplicate of what was in the abstract impl.

Codebase is improving - i think it may even be weaving faster than before.  Weaver is another 20k slimmer.