Any large Java source base can have insidious and subtle bugs. Every experienced Java programmer knows that finding and fixing these bugs can be difficult and costly. Fortunately, there are a large number of free open source Java tools available that can be used to find and fix defects early in the development life cycle. In this article, we’ll look at a few examples of specific uncommon[1] or unusual defects that can happen in code and see how different Java static analysis tools detect them.

Testing
As software gets more complex and ubiquitous, it becomes more difficult to ensure high-quality code. One common method of finding bugs is testing. But testing can’t cover all paths and possibilities or enforce good programming practices. Expert knowledge in the form of manual code review by peers is one of the best ways to ensure good code quality. Code review is often used as a mandatory process step for improving the code and for finding problems early in the software life cycle.

Since testing and manual code review processes are resource-intensive, it would be helpful to use automated tools to review code. Static analysis tools help considerably in detecting the problems early in the software life cycle and help enhance the quality of the code significantly.

There are many high-quality Java tools available in the open source domain. While it’s true that Java programs don’t suffer from traditional C/C++ problems like memory issues and major portability issues, Java software does suffer quality problems like reliability, efficiency, maintainability, and security. A brief discussion on the benefits of using FOSS Java tools is given in the sidebar.

Before getting into the meat of the matter, let’s discuss why bugs happen. First, it’s important to recognize that everyone makes mistakes, even experts[2]. Second, compilers only check for syntax and semantic violations. Errors in language or API use, which manifest themselves as bugs, aren’t detected by compilers; this is left to static analysis tools and it’s important to use them to detect coding problems. Third, programmers and engineers are under constant pressure to “get-the-work-done” under tight schedules; working under “almost-impossible-to-meet” work schedules results in code that is often substandard and filled with bugs. Because of practical problems, most code developed in the real world has bugs and it’s worthwhile using static analysis tools to find them and fix them.