Java Touch (Technocracy with Humanity)

FindBugs™ - Find Bugs in Java Programs

FindBugs looks for bugs in Java programs. It is based on the concept of bug patterns. A bug pattern is a code idiom that is often an error. Bug patterns arise for a variety of reasons:

# Difficult language features
# Misunderstood API methods
# Misunderstood invariants when code is modified during maintenance
# Garden variety mistakes: typos, use of the wrong boolean operator

FindBugs uses static analysis to inspect Java bytecode for occurrences of bug patterns. Static analysis means that FindBugs can find bugs by simply inspecting a program's code: executing the program is not necessary. This makes FindBugs very easy to use: in general, you should be able to use it to look for bugs in your code within a few minutes of downloading it. FindBugs works by analyzing Java bytecode (compiled class files), so you don't even need the program's source code to use it. Because its analysis is sometimes imprecise, FindBugs can report false warnings, which are warnings that do not indicate real errors. In practice, the rate of false warnings reported by FindBugs is less than 50%.

FindBugs is free software, available under the terms of the Lesser GNU Public License. It is written in Java, and can be run with any virtual machine compatible with Sun's JDK 1.4. It can analyze programs written for any version of Java.
* You may confugure FindBug tool to run as a part of your builds.
* You may use FindBug in Eclipse IDE.

- FindBugs™ Home
- FindBugs 1.1 demo and results (Overview)
- FindBugs™ Manual
- FindBugs FAQ
- FindBugs Official Blog
- FindBugs Mailing Lists

- A list of bug patterns reported by FindBugs
- Using the FindBugs™ Eclipse plugin

Presentations:
- Presentation slides from a talk given by David Hovemeyer at OOPSLA 2004.
- Presentation slides from a talk given by Bill Pugh at the Fraunhofer Center for Experimental Software Engineering, July 2004
- Finding Bugs is Easy, a presentation given by David Hovemeyer and Bill Pugh at JavaOne 2004, June 2004
- Presentation slides from J. Keller's presentation at the FindBugs JavaOne BOF, June 2004

JavaTouch 10 minutes guide to use FindBugs.

1. Download latest FindBug software from here and unzip it to your file system. (No additional configuration required. To use FindBugs, you need a runtime environment compatible with Java 2 Standard Edition, version 1.4.0 or later. FindBugs is platform independent, and is known to run on GNU/Linux, Windows, and MacOS X platforms.)

2. Run the findbugs bat file in the bin directory of the Findbug home.
\findbugs-1.x.x\bin >findbugs.bat

3. Wait for a minute and it will open Findbug GUI window.
File => New Projects

4. Now provide following directory/file locations;
Archive directory: Use the "Browse" button next to the "Add archive or directory" text field to select a Java archive file (zip, jar, ear, or war file) or directory containing java classes to analyze for bugs. You may add multiple archives/directories.
Sourc Directory: You can also add the source directories which contain the source code for the Java archives you are analyzing. This will enable FindBugs to highlight the source code which contains a possible error. The source directories you add should be the roots of the Java package hierarchy. For example, if your application is contained in the org.foobar.myapp package, you should add the parent directory of the org directory to the source directory list for the project.
Class Path Entry: Another optional step is to add additional Jar files or directories as classpath entries. You should do this if the archives and directories you are analyzing have references to other classes which are not included in the analyzed archives/directories and are not in the standard runtime classpath. Some of the bug pattern detectors in FindBugs make use of class hierarchy information, so you will get more accurate results if the entire class hierarchy is available which FindBugs performs its analysis.

5. Click on the "Find Bugs" button. And its that simple and the FinBug tool will analyse all your code base and present you with report of issues/bugs/warnigs/suggestions etc.

6. Browsing Results:
When the analysis completes, you will see a screen like the following:

The top pane of the window shows the bug tree; this is a hierarchical representation of all of the potential bugs detected in the analyzed Jar files. The tabs allow you to browse by class, package, or bug type.
When you select a particular bug instance in the top pane, you will see a description of the bug in the "Details" tab of the bottom pane. In addition, the "Source code" tab of the bottom pane will, for some kinds of bugs, show the program source code where the potential bug occurs. In the above example, the bug is an access to an uninitialized field in a constructor. The source code window highlights the line containing the problematic access.
You may add a textual annotations to bug instances. To do so, choose the "Annotations" tab in the bottom pane. Simply type in any information which you would like to record. When you load and save bug results files, the annotations are preserved.
You may use the File → Save project menu option to save the current lists of Jar files and source directories. A saved project may be loaded with the File → Open project menu option. Note that when you save a project, the analysis results are not saved.

If you need to run FindBug in the Eclipse IDE itself, here is the details;
- Using the FindBugs™ Eclipse plugin