You are here

Add new comment

Do you trust FindBugs results?

Static analysis tools may find code smell. But sometimes some trivial smells are not detected. For instance when you compile with Java 6.0 or Eclipse 3.4, FindBugs v1.3.8 will not find anything suspicious in this method:

public String testStringBuilder( final String what, final int times ) {
  String result = "";
  for ( int i = 0; i < times; i++ )
    result += what;
  return result;

But the SBSC_USE_STRINGBUFFER_CONCATENATION (Method concatenates strings using + in a loop) should be detected. Why it doesn't work? FindBugs works on bytecode, take a look at decompiled bytecode generated by Java 6 or Eclipse:

String result = "";
for(int i = 0; i < times; i++)
    result = (new StringBuilder(String.valueOf(result))).append(what).toString();

return result;

Bytecode generated from Java 5 is different (peculiar, why they did not used StringBuilder(String s) when it was present in Java 5?), FindBugs recognizes the pattern:

String s1 = "";
for(int j = 0; j < i; j++)
    s1 = (new StringBuilder()).append(s1).append(s).toString();

return s1;

A bug was reported.

Plain text

  • No HTML tags allowed.
  • Lines and paragraphs break automatically.
Refresh Type the characters you see in this picture. Type the characters you see in the picture; if you can't read them, submit the form and a new image will be generated. Not case sensitive.  Switch to audio verification.