“We even found a bug in Josh Bloch’s code” - Dave Hovermeyer
“In fact, that very bug is one of the ones that Josh explicitly warns against in
his book” - Bill Pugh


Genuinly impressed by Dave Hovermeyer’s/Bill Pugh’s JavaOne session
describing U. of Maryland’s FindBugs static code analysis tool, I have
begun to look into ways of inserting it into our build setup at work.

Ultimately, I would love for all the builds to fail anytime FindBugs uncovers a
possible coding error. For now, I’m happy hooking it up through
a “failonerror=false” Ant task. (I’m not exactly sure how to filter out false
positives just yet).

A quick run of FindBugs against a sample repository did not uncover any
serious problems, it did however surface a number of possible problems down
the road. It looks to be a great help in teaching Defensive Programming
techniques. If you love Immutable Classes and you want to enforce their
ubiquity in your codebase, you’ll want this running as part of daily build (at
least).

A gratuitous quote from Josh Bloch seems on-topic.
It’s from his 2002 JavaOne session on Defensive Programming.
That very session is written up (quite capably) here.

“Program defensively with the assumption that clients will do their best to
destroy its invariants. This may actually be true if someone tries to break the
security of your system, but more likely that your class will have to cope with
unexpected behavior resulting from honest mistakes on the part of the
programmer using your API. Either way, it is worth taking the time to write
classes that are robust in the face of ill-behaved clients.” - Josh