1 / 15

基于 FindBugs 的 在线 JAVA 检测系统

基于 FindBugs 的 在线 JAVA 检测系统. 丁 一、朱伟俊、胡畔. 简介. 提供一个在线 java 静态分析网站 以 F indBugs 与 PMD 为分析工具 对于用户提交的单个 java 文件或 java 项目进行分析,并反馈检测出的 bug 报告 对检测得的 bug 信息进行记录( Simple ) 站 内外搜索引擎( undone). Service. Process. Single File. FindBugs. FindBugs. Detect Engine. Report Generator. Bug Report.

zahina
Download Presentation

基于 FindBugs 的 在线 JAVA 检测系统

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. 基于FindBugs的在线JAVA检测系统 丁一、朱伟俊、胡畔

  2. 简介 • 提供一个在线java静态分析网站 • 以FindBugs与PMD为分析工具 • 对于用户提交的单个java文件或java项目进行分析,并反馈检测出的bug报告 • 对检测得的bug信息进行记录(Simple) • 站内外搜索引擎(undone)

  3. Service

  4. Process Single File FindBugs FindBugs Detect Engine Report Generator Bug Report source PMD Project

  5. FindBugs ™ • FindBugs is an open source program created by William Pugh which looks for bugs in Java code. • It uses static analysis to identify hundreds of different potential types of errors in Javaprograms. • FindBugsoperates on Java bytecode, rather than source code. • The software is distributed as a stand-aloneGUI application. There are also plug-ins available for Eclipse, Netbeans,[4]IntelliJ IDEA,[5][6][7] and Hudson[8].

  6. fb-contrib™ • A FindBugs™ auxiliary detector plugin • be used from the Findbugs™ Gui, Ant, or the eclipse plugin. • // http://fb-contrib.sourceforge.net/

  7. PMD Tool • PMD is a static ruleset based Javasource codeanalyzer that identifies potential problems like: • Possible bugs - Empty try/catch/finally/switch blocks. • Dead code - Unused local variables, parameters and private methods Empty if/while statements • Overcomplicated expressions - Unnecessary if statements, for loops that could be while loops • Suboptimal code - wasteful String/StringBufferusage • Classes with high Cyclomatic Complexity measurements. • Duplicate code- Copied/pasted code can mean copied/pasted bugs, and decreases maintainability. • //While PMD doesn't officially stand for anything, it has several unofficial names, the most appropriate probably being Programming Mistake Detector. • //Typically, PMD errors are not true errors, but rather inefficient code, i.e. the application could still function properly even if they were not corrected.

  8. Other tools • Open-source or Non-commercial products • Checkstyle — besides some static code analysis, it can be used to show violations of a configured coding standard • FindBugs — an open-source static bytecode analyzer for Java (based on JakartaBCEL) from the University of Maryland. • Hammurapi — (Free for non-commercial use only) versatile code review solution. • PMD — a static ruleset based Java source code analyzer that identifies potential problems. • Sonar — a continuous inspection engine to manage the technical debt (unit tests, complexity, duplication, design, comments, coding standards and potential problems). • Soot — a language manipulation and optimization framework consisting of intermediate languages for Java. • Squale — a platform to manage software quality (also available for other languages, using commercial analysis tools though). • Commercial products • IntelliJ IDEA — IDE for Java that also provides static code analysis. • LDRA Testbed — A software analysis and testing tool suite for Java. • SonarJ — monitors the conformance of code to intended architecture, also computes a wide range of software metrics. • http://en.wikipedia.org/wiki/List_of_tools_for_static_code_analysis

  9. 移除 • 用户注册/登录模块 • 牵连功能: • 分析工具个性化配置 • 用户独立存储区域 • 简单项目管理 • 优点: • 对于所有用户,都能享受到快捷方便的分析服务 • 网站无须维护用户注册信息,个性化定制等内容 • 不再提供用户存储区域,可节约大量服务磁盘 • 缺点: • 用户无法配置分析规则,只能使用通用配置 • 对于bug信息的汇总,用户无法看到自己的bug记录

  10. 新增 • 报告下载功能 • 优点:对于用户的大型项目,可能存在大量bug信息,为方便用户查看,提供下载PDF格式报告功能。

  11. 新增 • 《项目配置指南》 • 提供对初次配置使用本项目用户的指南

  12. 修正 • JSP/servlet转发逻辑修正 • 原:uploadProject ->….-> createReport; • 现uploadProject -> createReport • 其中有用部分为createProject中创建pom.xml文件部分,现并入uploadProject • 报告文件中的路径由绝对路径 更改为相对路径 • BUG修正 • 1. 正确上传可执行单文件,无法得到编译 • 报错信息:command line parameter error • 经过检查后发现,如class a {…},(有空格),程序错误的将项目命名为a ,导致传入parameter 报错。 • 解决:调用trim方法,去首尾空格。

  13. 修正 • Bug修正2: • 报错信息:source1.3中不支持泛型请使用 -source 5 或更高版本以启用泛型(From Apache Maven2) • 此信息源自大项目检查。 • 解决方法 ,在maven2管理工具的POM.xml中引入source 5

  14. Demo

  15. Thanks All

More Related