Avoid printStackTrace(); use a logger call instead
Asked Answered
C

7

114

In my application, I am running my code through PMD.It shows me this message:

  • Avoid printStackTrace(); use a logger call instead.

What does that mean?

Cartelize answered 7/5, 2012 at 6:23 Comment(2)
See also When to log a stacktrace for a caught exceptionPraise
If you want to only avoid this message, not to use try/catch but throws.Artificial
H
182

It means you should use logging framework like or and instead of printing exceptions directly:

e.printStackTrace();

you should log them using this frameworks' API:

log.error("Ops!", e);

Logging frameworks give you a lot of flexibility, e.g. you can choose whether you want to log to console or file - or maybe skip some messages if you find them no longer relevant in some environment.

Handbarrow answered 7/5, 2012 at 6:28 Comment(1)
Are there any security concerns printing stack trace to the logs?Hematite
R
48

If you call printStackTrace() on an exception the trace is written to System.err and it's hard to route it elsewhere (or filter it). Instead of doing this you are advised using a logging framework (or a wrapper around multiple logging frameworks, like Apache Commons Logging) and log the exception using that framework (e.g. logger.error("some exception message", e)).

Doing that allows you to:

  • write the log statement to different locations at once, e.g. the console and a file
  • filter the log statements by severity (error, warning, info, debug etc.) and origin (normally package or class based)
  • have some influence on the log format without having to change the code
  • etc.
Repartee answered 7/5, 2012 at 6:31 Comment(0)
W
20

A production quality program should use one of the many logging alternatives (e.g. log4j, logback, java.util.logging) to report errors and other diagnostics. This has a number of advantages:

  • Log messages go to a configurable location.
  • The end user doesn't see the messages unless you configure the logging so that he/she does.
  • You can use different loggers and logging levels, etc to control how much little or much logging is recorded.
  • You can use different appender formats to control what the logging looks like.
  • You can easily plug the logging output into a larger monitoring / logging framework.
  • All of the above can be done without changing your code; i.e. by editing the deployed application's logging config file.

By contrast, if you just use printStackTrace, the deployer / end user has little if any control, and logging messages are liable to either be lost or shown to the end user in inappropriate circumstances. (And nothing terrifies a timid user more than a random stack trace.)

Wilson answered 7/5, 2012 at 6:32 Comment(0)
M
7

In Simple,e.printStackTrace() is not good practice,because it just prints out the stack trace to standard error. Because of this you can't really control where this output goes.

Matron answered 12/9, 2017 at 9:11 Comment(0)
C
1

Almost every logging framework provides a method in which we can pass the throwable object along with a message. Like:

public trace(Marker marker, String msg, Throwable t);

They print the stacktrace of the throwable object.

Cothurnus answered 5/6, 2014 at 12:51 Comment(1)
This does not answer the question.Wilson
E
-1

Let's talk in from company concept. Log gives you flexible levels (see Difference between logger.info and logger.debug). Different people want to see different levels, like QAs, developers, business people. But e.printStackTrace() will print out everything. Also, like if this method will be restful called, this same error may print several times. Then the Devops or Tech-Ops people in your company may be crazy because they will receive the same error reminders. I think a better replacement could be log.error("errors happend in XXX", e) This will also print out whole information which is easy reading than e.printStackTrace()

Ecology answered 17/7, 2019 at 22:4 Comment(0)
S
-3

The main reason is that Proguard would remove Log calls from production. Because by logging or printing StackTrace, it is possible to see them (information inside stack trace or Log) inside the Android phone by for example Logcat Reader application. So that it is a bad practice for security. Also, we do not access them during production, it would better to get removed from production. As ProGuard remove all Log calls not stackTrace, so it is better to use Log in catch blocks and let them removed from Production by Proguard.

Student answered 4/7, 2018 at 0:1 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.