Interesting tool for Java developers:Static analysis tools promise to find existing bugs in your code without requiring much effort on the part of the developer. Of course, if you’ve been programming for long, you know those promises don’t always pan out. Even so, good static analysis tools are a valuable addition to your toolbox. In this first of a two-part series, Senior Software Engineer Chris Grindstaff looks at how FindBugs can help improve the quality of your code and eliminate bugs lying in wait.
Although I may be biased, this tool is really something java devs need to have a look at. It’s quite alive and kicking, including many useful “bug-detectors” that can test common design flaws and coding errors that compilers and style-enforcers just don’t pick up. It’s been run against, notably, the Sun JDK and Eclipse, finding some interesting bugs in each.
*Plug* there’s also an Eclipse plugin in development, so you can scan your project from within Eclipse, and see bug output in the UI, and quickly navigate to the source files and lines in which they occur. Expect quite a bit to come from this plugin in the future.
Are there good equivs for other languages eg C++? I’m guessing there are bucket loads. What do people recommend?
And as for FindBugs, was the example run against jEdit? The ant task snippet looked that way..
Sun Microsystems tools are better because they are Java creators!
I think that Sun Microsystems tools are the best.
And what you think about checkstyle ( http://checkstyle.sourceforge.net/ ) ?
it’s a helpfull tool too…
The kind of analysis this tool does would be extremely difficult for compiled languages like C++. It works by examining the compiled bytecode, not the source. Java’s bytecode is packed with lots of information that you just don’t get in compiled C++ (even with debug info on); it’s simply higher-level than assembly. Plus, compiled C++ obviously is going to look much different depending on the target platform.
I think there are probably source-level static analysis tools for C++, but due to the complexity and the flexibility of C++, they are probably complicated, expensive, and prone to false positives.
Of course there are C/C++ tools – PC-Lint by Gimpel – their ads have been in Dr.Dobbs for like ummm ages
When Sun makes Java a standard then Java has a future otherwise .NET rules!
“When Sun makes Java a standard then Java has a future otherwise .NET rules!”
Anyone can buy the Java Language Specification or Java Virtual Machine Specification from Amazon and get a complete, precise, and consistent specification of the semantics of the source and target languages. And anyone can join the JCP to influence future versions of Java. Any implementation that is certified will meet this specification.
What more do you want?
Java bytecode is not the only intermediate representation. So is GCCs RTL. And there is, for example rtlcheck (http://rtlcheck.sourceforge.net) which does static analysis on RTL.
Another example of static analysis for C++ would be the safecode project (http://safecode.cs.uiuc.edu/).
“What more do you want?”
I want to build my own Java compiler and virtual machine and not have to pay royalties to Sun. According to Sun you must pay up!
Sell your betas and then turn around and sell support for your betas. After a few iterations of this and you have a solid system; Develop a new system that requires the same process. If this new system renders the old one obsolete, great. If it it doesn’t even better – a regenerated cash channel from compatibility issues with the old and new! Rinse, lather, repeat.
(For you zealots out there)
Software in general seems to have been following this practice since it became a lucritive industry – read not limited to Microsoft
I want to build my own Java compiler and virtual machine and not have to pay royalties to Sun.
Then I suggest you start contributing to the GCJ project ( http://gcc.gnu.org/java/ ). There are several other Free java implementations and VMs out there too.