Announcing FindBugs 1.1.2

We have released FindBugs 1.1.2. It is available from 

http://findbugs.sourceforge.net/downloads.html

And the Eclipse plug is available from the auto update sites for our plugin:

http://findbugs.cs.umd.edu/eclipse/               Use this update site to receive only official releases

http://findbugs.cs.umd.edu/eclipse-candidate/      Use this update site to receive release candidates as well

http://findbugs.cs.umd.edu/eclipse-daily/            Use this update site to receive daily builds as well

                                     (although at the moment we don't actually update it daily)

This has turned out to be a more significant release than originally anticipated. Hopefully, 1.1.3 will be a quick

release primarily to address any issues that arise with 1.1.2 (although we got a lot of great help from our user community

testing release candidates for 1.1.2; thank you).

New Features since 1.1.1:

• Added check for infinite iterative loops
• Added check for use of incompatible types in a collection (e.g., checking to see if a Set<String> contains a StringBuffer).
• Added check for invocations of equals or hashCode on a URL, which, surprising many people, requires DNS resolution.
• Added check for classes that define compareTo but not equals; such classes can exhibit some anomalous behavior (e.g., they are treated differently by PriorityQueues in Java 5 and Java 6).
• Added a check for useless self operations (e.g., x < x or x ^ x).
• Fixed a datarace that could cause the GUI to fail on startup
• Partial internationalization of the new GUI
• Fix bug in "Redo analysis" option of new GUI
• Tuning to reduce false positives
• Fixed a bug in null pointer analysis that was generating false positive null pointer warnings on exception paths. Fixing this bug eliminates about 1/4 of the warnings on null pointer exceptions on exception paths.
• Fixed a bug in the processing of phi nodes for fields in the null pointer analysis
• Applied contributed patch that provides more quick fixes in Eclipse plugin.
• Fixed progress bar in Eclipse plugin
• A number of other bug fixes.

To give you a sense of the changes in FindBugs from 1.0 to 1.1.1 and 1.1.2, I include below the analysis I did of 

the results of running different versions of FindBugs against Glassfish v2-v26, as part of an effort to convince people

to move from older versions of FindBugs to FindBugs 1.1.2. We are very please and happy with our results, and believe

you will find that a significant majority of the high/medium priority correctness warnings generated by FindBugs 1.1.2 

generate a WTF or an OMG reaction.

Bill Pugh

------ Changes in FindBugs from 1.0.0 to 1.1.1 and to 1.1.2 ----

The primary change from FindBugs 1.0.0 to 1.1.1 and from

1.1.1 to 1.1.2 is some additional heuristics to eliminate

false positives and recategorize some lesser issues as bad practice

or dodgy code rather than correctness.

Here are the total number of medium and high priority correctness

warnings found by various versions of FindBugs in Glassfish v2-b26:

1.0.0:  1163 warnings

1.1.0:  428 warnings

1.1.2:  379 warnings

There are actually only 3 bugs found by 1.1.2 in glassfish that are not

found by 1.1.1:

M C GC: com.sun.appserv.management.client.ConnectionSource is incompatible with expected argument javax.management.MBeanServerConnection in com.sun.appserv.management.client.ProxyFactory.findInstance(ConnectionSource)  At ProxyFactory.java:[line 453]

H C GC: java.lang.Integer is incompatible with expected argument java.lang.String in com.sun.appserv.management.util.jmx.NotificationEmitterSupport.decrementListenerCountForType(String)  At NotificationEmitterSupport.java:[line 189]

H C GC: oracle.toplink.essentials.descriptors.DescriptorEvent is incompatible with expected argument java.lang.Integer in oracle.toplink.essentials.internal.ejb.cmp3.metadata.listeners.MetadataEntityListener.isSessionPostBuildEvent(oracle.toplink.essentials.descriptors.DescriptorEvent)  At MetadataEntityListener.java:[line 370]

There are all cases where FindBugs checks for incompatible types in the use of a generic collection (e.g., checking to see if a Set<String> contains an Integer.

FindBugs 1.1.1 reports a total of 162 warnings not reported by FindBugs 1.0.0.

Of the 1163 issues reported by FindBugs 1.0.0 as medium/high correctness warnings:

56 are no longer reported at all

       122 are reported as medium/high priority dodgy code warnings

       182 are reported as low priority warnings (and thus not usually reported at all)

       210 are still reported as medium/high priority correctness warnings

       593 are now reported as bad practice, rather than correctness warnings

Of the bugs reclassified as Bad Practice:

167 non serializable fields in serializable classes

56 calls to System.exit

74 places where an exception might be ignored

38 explicit invocations of a finalize method

69 classes that define equals but not hashcode

and similar issues.

Bill