I am getting into a project which needs some automated review tools. Last week we found some System.exit() in the code which brought down the app servers.
It appears that FindBugs does not catch System.exit(). Are there any other tools which can catch System.exit() as well which I can run from eclipse?
On
Have you considered using pmd in addition to findbugs? PMD 'compiles' the java code to xml and runs xpath queries against it.
For example:
//VariableDeclarator [parent::FieldDeclaration] [../Type/ReferenceType /ClassOrInterfaceType[@Image='SimpleDateFormat'] and ..[@Static = 'true'] ]
is a rule to identify a statically defined SimpleDateFormat object (something that could be used in a thread unsafe way).
What about setting up a security manager that prevents anything not white-listed from calling
System.exit()? I imagine your application server has a security manager; look into the security policy. If you are rolling out your own, look atcheckExit(...)