Survey
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
基于FindBugs的 在线JAVA检测系统 丁一、朱伟俊、胡畔 简介 • 提供一个在线java静态分析网站 • 以FindBugs与PMD为分析工具 • 对于用户提交的单个java文件或java项目进行分析,并反馈 检测出的bug报告 • 对检测得的bug信息进行记录(Simple) • 站内外搜索引擎(undone) Service single file detect user statics read report project detect download report Process Single File FindBugs source Detect Engine Project PMD Report Generator Bug Report FindBugs ™ • FindBugs is an open source program created by William Pugh which looks for bugs in Java code. • It uses static analysis to identify hundreds of different potential types of errors in Java programs. • FindBugs operates on Java bytecode, rather than source code. • The software is distributed as a stand-alone GUI application. There are also plug-ins available for Eclipse, Netbeans,[4] IntelliJ IDEA,[5][6][7] and Hudson[8]. fb-contrib™ • A FindBugs™ auxiliary detector plugin • be used from the Findbugs™ Gui, Ant, or the eclipse plugin. • // http://fb-contrib.sourceforge.net/ PMD Tool • PMD is a static ruleset based Java source code analyzer that identifies potential problems like: • Possible bugs - Empty try/catch/finally/switch blocks. • Dead code - Unused local variables, parameters and private methods Empty if/while statements • Overcomplicated expressions - Unnecessary if statements, for loops that could be while loops • Suboptimal code - wasteful String/StringBuffer usage • Classes with high Cyclomatic Complexity measurements. • Duplicate code - Copied/pasted code can mean copied/pasted bugs, and decreases maintainability. • //While PMD doesn't officially stand for anything, it has several unofficial names, the most appropriate probably being Programming Mistake Detector. • //Typically, PMD errors are not true errors, but rather inefficient code, i.e. the application could still function properly even if they were not corrected. Other tools • Open-source or Non-commercial products • Checkstyle — besides some static code analysis, it can be used to show violations of a configured coding standard • FindBugs — an open-source static bytecode analyzer for Java (based on Jakarta BCEL) from the University of Maryland. • Hammurapi — (Free for non-commercial use only) versatile code review solution. • PMD — a static ruleset based Java source code analyzer that identifies potential problems. • Sonar — a continuous inspection engine to manage the technical debt (unit tests, complexity, duplication, design, comments, coding standards and potential problems). • Soot — a language manipulation and optimization framework consisting of intermediate languages for Java. • Squale — a platform to manage software quality (also available for other languages, using commercial analysis tools though). • Commercial products • IntelliJ IDEA — IDE for Java that also provides static code analysis. • LDRA Testbed — A software analysis and testing tool suite for Java. • SonarJ — monitors the conformance of code to intended architecture, also computes a wide range of software metrics. • http://en.wikipedia.org/wiki/List_of_tools_for_static_code_analysis 移除 • 用户注册/登录模块 • 牵连功能: • 分析工具个性化配置 • 用户独立存储区域 • 简单项目管理 • 优点: • 对于所有用户,都能享受到快捷方便的分析服务 • 网站无须维护用户注册信息,个性化定制等内容 • 不再提供用户存储区域,可节约大量服务磁盘 • 缺点: • 用户无法配置分析规则,只能使用通用配置 • 对于bug信息的汇总,用户无法看到自己的bug记录 新增 • 报告下载功能 • 优点:对于用户的大型项目,可能存在大量bug信息,为 方便用户查看,提供下载PDF格式报告功能。 新增 • 《项目配置指南》 • 提供对初次配置使用本项目用户的指南 修正 • JSP/servlet转发逻辑修正 • 原:uploadProject ->….-> createReport ; • 现 uploadProject -> createReport • 其中有用部分为createProject中创建pom.xml文件部分,现并入 uploadProject • 报告文件中的路径由绝对路径 更改为相对路径 • BUG修正 • 1. 正确上传可执行单文件,无法得到编译 • 报错信息:command line parameter error • 经过检查后发现,如class a {…},(有空格),程序错误的将项目 命名为a ,导致传入parameter 报错。 • 解决:调用trim方法,去首尾空格。 修正 • Bug修正2: • 报错信息:source1.3中不支持泛型请使用 -source 5 或更高版本 以启用泛型 (From Apache Maven2) • 此信息源自大项目检查。 • 解决方法 ,在maven2管理工具的POM.xml中引入source 5 Demo Thanks All