Pragmatic Programmer Issues

Findbugs

CMMI level 3 is huge challenge for us. Some time ago I was using findbugs just for fun, now it’s time to use it on all projects I’m involved in.

Findbugs is a project started in TheUniversity of Maryland as a result of research on static code analysis. There are three bug categories:

  • Correctness bug : this is probably an error.
  • Bad Practice: this is violation of good practice.
  • Dodgy: this is simple dodgy code.

There are over two hundred bugs with description, which I suggest you to read. You can also write your own bug detector and there is for example a project called fb-contrib which has some bug detectors.

The usage of this tool is very simple. We can use it from eclipse, as eclipse plugin, standalone or as a maven plugin.

You can also simple install eclipse plugin by adding findbugs eclipse update site. After eclipse restart you should see in menu findbugs submenu. You can run findbug analyzis.

running findbug process

You can also add automatically checking for project, and of course choosing detector suitable for you by entering in project properties and next to findbugs options.

Findbugs setup

After that in code view you have additional pointers which shows you the line with problem. You can view description of the violation, which can help you to choose if this is a problem or false warning.

bugs details

There are also bugs tree view, which groups similar bugs and leafs are source code position. My suggestion is to use findbug with your build tool. In my situation it is maven. There are two possibilities to use findbug with maven. First is simple and you can run it without any setup. You can simply write mvn findbugs:findbugs and after few seconds you have report in target directory.

>mvn findbugs:findbugs
[INFO] Scanning for projects…
[INFO] Searching repository for plugin with prefix: ‘findbugs’.
[INFO] org.apache.maven.plugins: checking for updates from artifactory
[INFO] org.codehaus.mojo: checking for updates from artifactory
[INFO] artifact org.codehaus.mojo:findbugs-maven-plugin: checking for updates from artifactory
[INFO] ————————————————————————
[INFO] Building Synergy Portal Platform
[INFO] task-segment: [findbugs:findbugs]
[INFO] ————————————————————————
[INFO] Preparing findbugs:findbugs
….
[INFO] [findbugs:findbugs]
[INFO] No effort provided, using default effort.
[INFO] Using FindBugs Version: 1.2.0
[INFO] No threshold provided, using default threshold.
[INFO] Debugging is Off
[INFO] No bug include filter.

The best option is to use findbugs as report, which is added to site projection. To do this you should simple add findbugs report to maven reports.

<project>
  [...]
  <reporting>
    [...]
    <plugin>
      <groupId>org.codehaus.mojo</groupId>
      <artifactId>findbugs-maven-plugin</artifactId>
      <configuration>
      [...]
      </configuration>
    </plugin>
    [...]
  </reporting>
  [...]
</project>

After that always you run mvn site and your findbugs report will be attached to project site.

Good Luck with Findbugs

Pedro

BTW: See here to see some sample with all known projects status

Categories