The general idea of a detector is to find certain patterns in the bytecode of a class. Looking closer at the implementation of SimpleDateFormat reveals that it uses a Calendar internally. To make sure everything works a you expect, you use some assertions: Check out BetterVisitor and its subclasses for more detail. When a call to the log method is found, we check to see if the program counter is outside the if block determined earlier.

This description is used by the UI, as shown in Figure Notice the type listed here matches the name used on line 39 of Listing 8. In case you are completely knew to FindBugs or the idea of static code analysis in general, go have a look at a Google Tech Talk by Bill Pugh, one of the minds behind FindBugs. So maybe we can verify if we have a multi-threading problem by double-checking the values the formatter returns:. Comments Sign in or register to add and subscribe to comments.

And it is very likely to make the same mistake again, perhaps not now, but in a few weeks or months.

Writing your own FindBugs plugin – Obligation Detector

We are starting to use Sonar where I work, and I’ve been tasked with finding out how to write custom FindBugs rules. The Field object that is passed into the visit method knows about this. In case you are completely dstectors to FindBugs or the idea of static ffindbugs analysis in general, go have a look at a Google Tech Talk by Bill Pugh, one of the minds behind FindBugs. The first article in this series, ” Improve the quality of your code ,” introduces FindBugs, a static analysis tool that examines your class or JAR files looking for potential problems, and shows you how to use it effectively.


I understand that visitClassContext or visit JavaClass class is invoked first, but I don’t understand what determines the invokation of the other visit methods and in what order?

Something to think about Imagine you want to write a simple utility class that allows you to format java. Because I had some problems finding a good howto on writing bug detectors, I decided to write one myself.

The output looks like this: It’s also convenient to add the class, method, and source line to the bug so the user knows where to go to fix the problem.

findbugs writing custom detectors

Email required Address never made public. Comments Sign in or register to add and subscribe to comments. Newer Post Home Older Post. Leave a Reply Cancel reply Enter your comment here The error is because of the package hierarchy.

findbugs writing custom detectors

My detector class was inside findbugs. The team needed a better way to identify the places that had been missed.

This detector was used to find all the places in the code where the message to log was being created outside of the guard clause — also a fairly common problem and one that can be quite expensive if you have fancy toString s.

Writing your own FindBugs plugin – Obligation Detector – vasileirimia

DateFormat and subclasses because Calendars are inherently unsafe for multithreaded use. Searching code is not very practical, especially if you do it manually. Then use javap -c to look at the disassembled bytecodes and learn how to structure your sawOpcode int method.


findbugs writing custom detectors

You should then go and download the latest version and run it against you code. If it is, we report a bug by creating a new bug instance, specifying the type of bug which we’ll discuss in more detail later and its priority.

StaticAccess FindBugs detector

Because this article is about FindBugs, we’ll use FindBugs to solve the problem. The first thing to notice is the call to super.

PMD already has a detector that does this. The program counter is needed to determine whether the if clause comes after the call to Logger. When reading through the code for the out-of-the-box detectors, one writibg the things that will jump out is the focus on whether the detector needs to build up state during the analysis.

The BugPattern element specifies three attributes. I recommend launching FindBugs from a command line window using java.

SimpleDateFormat is ideal for the job. Likewise, FindBugs invokes the sawOpcode int method as it analyzes each opcode within the method body. The framework behind this is the Apache Bytecode Engineering Library. At runtime, when a bug is discovered, whatever annotations you attach to the bug instance will be substituted into the description.

You can pass information from your bug detector’s Java code into the full description by using annotations. My aim was not to write a detector for detecting System.