FindBug检查问题指南

1、findbugs常见问题指南1 comparison of string objects using 二二 or !=例，override equals方法时容易犯错java代码1. if (this. topic != key. gcttopic()2. return false;2 dead store to newstatusrecord定义局部变量后没有引用3 invocation of lostring on values直接调用数组的tostring方法java代码1. public query createquery (string hql, object values, ses

2、 sion session) 2. logger, debug (values);3. logger, debug(new stringbuildcr(). append(hql=) append(hql)append (“)append (object)4.4. 正确的例子，调用 arrays. tostringo和 arrays. deeptostringo方法。java代码1. import java. util. arrays;2.2. class a4.3. 4. class b7.©override8.public string tostringo 9.return ，b

3、bbbb，/;10.11.12.publicclass test 13.public static void ni8in( str in g args)14.15.16. object a = new integer(0),new boolean (true), true, new a (), new b();17.17. object b= new a (), new b (), new a(), new b(), new a(), new b();18. system, out. printin (arrays. deeptostring(b);20.19. 20. 4 ignores e

4、xceptional return value of java. io. file, mkdirs()忽略了返回值，应当含有返回值java代码1. public void initfolder()2. (!ex it dir i sdirec to ry ()3. exit dir. mkdirs ();4. logger, info(二二二finishing create exit trade image folder!=，);5. this method returns a value that is not checked. the return value should be chec

5、ked since it can indicate an unusual or unexpected function execution. for example, the file. deleteo method returns false if the file could not be successfully deleted (rathcr than throwing an exception). if you don，t check the resuit, you won' t notice if the method invocation signals unexpect

6、ed behavior by r、etur、ning an atypical feturn value.5不使用new string()定义空的字符串java代码1. str ing alarmcodccond = new str in g();应当java代码1. string alarmcodecond6 invokes inefficient new short (short) constructor; use short. valueof(short) insteadjvm缓存数字常量java代码1. short ashort = new short (12);应当java代码1. s

7、hort ashort 二 short. valueof(12);7方法命名习惯，首字母小写the method name lan el la ndshakeservice (short) doesn，t start with a lower case lettermethods should be verbs, in mixed case with the first letter lowercase, with the first letter of each internal word capilalized.8 一个primtive的类型的值经过box后马上unboxprimitive

8、 value is boxed then unboxed to perform primitive coercionjava代码1. exitrecord, setenoperatorid (new long(transactrecord.getenoperat ortd(). intvalue();应当直接强制类型转换java代码1. exitrecord, setenoperatorid(int)transactrecord. getenoperatorld( )；9 call to equals() comparing different types 使用equal s()方法比较不同的

9、类，反例java代码1. stringbuilder buildernew stringbuilder(，znihao，z);2. string string = /znihao/z;3. bui ider, equal s (string);10 check for oddness that won' t work for negative numbers 检查奇数的方法：反例java代码1. if (i % 2 = 1)2. /.3. the code uses x % 2 =二 1 to check to sec if a value is odd, but this won，t

10、 work for negative numbers (e. g.，(-5) % 2 = t) if this code is intending to check for oddness, consider using x & 1 二二 1, or x % 2 != 0.11 load of known null value, null 值的不当使用反例：java代码1. if (devlds = null && devlds. size() =0)/ java代码1. if (nul 1 !二 templist | | templist. size() !二 0)2

11、. /.3. java代码1. if (batchno二二 null) 2.throw new exception (z，the no. "+batchno3.+" is not exists!）；4.12 method call passes null for normull parameter对参数为null的情况没做处理java代码1. public void2.3.4.staddress ();5.6.7.&会传入空引用9./.10. 11.12. long13.14.13. methodl ()string ip = null;try ip = ineta

12、ddress. getlocalhost(). getho catch (unknownhostexcepti on e) c. printstacktracco ;long ipcount = countlpaddress (ip) ;/ 可能countlpaddress(string ip) 1ong i pnum 二 0;str in g iparray = ip. split (，z")；修改后:java代码1. public void2.3.4.staddress ();5.6.7.&会传入空引用9./.10. 11.12. long13.methodl ()str

13、ing ip = null;try ip = inetaddress. getlocalhost(). getho catch (unknownhostexcepti on e) c. printstacktracco ;long ipcount = countlpaddress (ip) ;/ 可能countlpaddress(string ip)1ong i pnum 二 0;14.15.出异常16.17.18./.19. /或者抛if (ip = null) return 0;str in g iparray = ip. split (，z")；注意：函数入口需要交验入参的合法

14、性。13 method concatcnates strings using + in a loop在循环里使用字符串连接，效率低，应该使用stringbuilder/stringbuffer例：java代码1. string writedata 二 "“；2. for (int i =0; i <10;i+)3. writedata = writedata +"a"4. 14 method may fai1 to close database resource没有释放数据库资源java代码.5.6.7.&public resuitse

15、t callprocedure (string procedure) session ses = getsessionforupdate();resultset rs 二 null; try conncction conn 二 sesconnection ();conn. setautocommit(false);callablestatement statement = conn. prepareca11 (procedure); /may fail to close callablestatement9. rs = statement. cxccutcqucry ();10. conn,

16、commit ();11.12. catch (exception e) 13. e. pri ntstacktrace ();14. finally 15. try 2. ses. close (); catch (sqlexception e) throw e;return rs;应当修改为:java代码1. public.6.7.&4.25. resultset caliprocedure(string procedure) session

17、 ses = getsessionforupdate();resuitset rs 二 null;callablestatemenl statement = null; try connection conn = sesconnection (); conn, setautocommit(false);statement 二 conn.preparecall(procedure);rs = statement. executequery(); conn commit ();catch (exception e) e. pr i nislacktrace (); finally try stat

18、ement. close (); ses. close (); catch (sqlexception e) e. printstacktrace ();return15 method mayfail to close stream没有关闭流，可能会导致文件描述符泄露，应该在finally中关闭例:java代码1. try 2. filelnputstream in 二 new fi1einputstream(file);3. inputstreamreader inputstreamreader = new inputstre amrcadcr(in);4. bufferedreader r

19、eader = new bufferedreader (inputstr eamreader);5. /.6.6. in. closeo ;7. inputstreamreader.close();8. reader, close ();9. catch (toexception e) 11.10. 修改为：java代码1. filetnputstream in 二 nul 1 ;2. inputstreamreader inputstreamreader 二 null;3. bufferedreader reader = null;4. try 5.in 二 new filelnputstr

20、eam(f订e);6.i nputstreamreader = new inputstreamreader(in);7.reader 二 new bufferedreader(inputstreamreader)&/9.10. catch (ioexception e) 11.12.finally 13.try 14.in. close ();15. catch (ioexception e) 16.e. printstacktrace();17.18.try 19.inputstreamreader. close();20. catch (ioexception e) 21.e. p

21、rintstacktrace();22.23.try 24.reader, close ();25. 26.27.2& catch (ioexception e)e. printstacktrace ();16 method might ignore exceptionthis method might ignore an exception. in general, exceptions should be handled or reported in some way, or they should be thrown out of the method.应该将界常处理、打印或者抛

22、出 反例:1. try.6.7.java代码/. catch (exception e) 17 class defines non-transient non-scrializable instance field readertypelnfo一个实现t serializable接口的类，含有非 transient 和非serializable 的 实例对象域。this serializable class defines a non-primitivc instance field which is neither transient, serializable, or jav

23、a. lang. object, and does not appear to implement the externalizable interface or the readobject () and writeobject() methods. objects of this class will not be deserialized correctly if a non-serializable object is stored in this field.18 nullcheck of value previously derefercnced前面获取的对象，现在引用的时候没有交

24、验是否为null反例：1. reader reader 二 null;2. try 3. reader 二 this, getreaderbyname(readerbasicinfo. getbyna me();4. catch (exception cl) 5. el. printstacktrace ();6. return readerstateconst .fail;7. 8.8. dcpendenccrclation dependenccrclation 二 new dcpendenccrclat ion ();9. dependencerelation. setdescriptio

25、n(reader. getlpaddress ();/使用前没有做null校验19 possible null pointer dereferenee可能存在的空引用java代码1. capinfo = wrapper. wrappertoclient(readercapabilities) objec t)；2.2. try 3. if (capinfo != null) 4. transactionds5. .savereadercapabilitycom(reade rcapabi1ities) object);78. catch (runtimeexception e) 9. capi

26、nfo.setdetailmsg(readerstateconst.db opt fail);10. returncaptnfo;11j12.11. capinfo.setdetailmsg(readerstateconst. successful);/capinfo可能为nul 120引用前需要做空校验java代码1. public synchronized void remove(string batno, int count)2.list<task> tasklist 二 commandmap. get (batmo);3. synchronized (tasklist) /

27、使用前需要作null check4. /.56. 21 possible null pointer dereference in method on exception path例java 代码 01. listdistrict> distriets 二 null;2. try 3. districts = this.getdistriets(readerconst. desc);4. catch (exception e) 5. e. printstacktrace ();6. 7. if (start >二 districts. sizeo) /districts 可能是 nu

28、ll8. tabledata. settotalcount(0);9. return tabledata;10. 22内部类没有引用外部类的屈性/方法的时候，应该作为静态内部类。this class is an inner class, but does not use its embedded reference to the object which created it. this reference makes the instances of the class larger, and may keep the referenee to the creator object al ive longer than necessary. if possible, the class