Checking Java Programs

One Minute Bottom Line

Review

• Provides step by step instructions to download and install the tools.

• In most cases shows how to use these tools with Eclipse.

• "Advice and Summary" boxes at the end of the PMD, FindBugs and Java PathFinder sections.

1. What It's Not About

This section is a very brief introduction to what this book is not about. The author mentions about the various open source tools. One paragraph did mention that the code examples were available online, but they weren't. As soon as I brought this up with the author, he did upload the files. Thanks Ian.

2. It Usually Begins with javac

In the first 2 paragraphs you will find details about how to use javac and add additional command line options. I had never used one of these, give it a try. The author gives us one such example using javac -Xlint:deprecation, unchecked will run the standard compiler with extra details on use of deprecated code and unchecked type conversions.
In the next 2 paragraphs of this section, the author mentions about JUnit tests and also on how to use Java's assert keyword. If you are already using JUnit tests you can as well skip this paragraph. Same goes with the paragraph which explains about the assert keyword.

3. Making Your IDE Work Harder

This section covers some useful tips for using Eclipse IDE. The author explains with screen shots how to enable useful warning, disable useless ones and also promote warnings to errors.If you are familiar with Eclipse, you won't find anything new in this section.

4. Source Code Checking with PMD

As per the web site, PMD scans Java source code and looks for potential problems like:

• Possible bugs - empty try/catch/finally/switch statements
• Dead code - unused local variables, parameters and private methods
• Suboptimal code - wasteful String/StringBuffer usage
• Overcomplicated expressions - unnecessary if statements, for loops that could be while loops
• Duplicate code - copied/pasted code means copied/pasted bugs

The next 15 pages of this short cut are dedicated to PMD. This short cut covers most things you would actually need to know about PMD. The author first explains installing the plug-in for Eclipse, using PMD from the command line and also with Ant.

In the next few pages you will get to know how to write project specific rules using either XPath as well as Java code. For example if you don't want any new Threads being created in your project, you would write a rule to catch the problem as soon as it enters your code. You'll also be able to modify PMD's prepackaged ruleset by overriding various rules properties.

5. Static (Class File) Checking with FindBugs™

FindBugs is a static analysis tool that examines your class or JAR files looking for potential problems by matching your bytecodes against a list of bug patterns. It was written at the University of Maryland. FindBugs was a completely new tool for me. I used the eclipse plug-in and found it very useful.This section has 16 pages and covers command line usage of FindBugs, the GUI which provides a reasonably nice user interface, using FindBugs with Ant and finally with the authors favorite IDE which is mine as well, FindBugs with Eclipse.

6. Dynamic Checking with NASA's Java PathFinder

According to the web site, Java PathFinder (JPF) is a system to verify executable Java bytecode programs. In its basic form, it is a Java Virtual Machine (JVM) that is used as an explicit state software model checker, systematically exploring all potential execution paths of a program to find violations of properties like deadlocks or unhandled exceptions. Unlike traditional debuggers, JPF reports the entire execution path that leads to a defect. JPF is especially well-suited to finding hard-to-test concurrency defects in multithreaded programs. The author shows how to build and run Java PathFinder from the Subversion repository. Next you will learn how to configure and extend PathFinder.

7. What's Next?

This is the last paragraph in the Short cut in which the author concluded the book saying that "there is no single solution that will make you the world's best programmer. Believe me, if there were, I would have already told you about it. ..."

I completely agree with the author, there isn't a single or simple solution either.