Findbugs

Posted in java by pedro | Saturday, March 29th, 2008 at 4:14 pm

CMMI level 3 is huge challenge for us. Some time ago I was using findbugs just for fun, now it’s time to use it on all projects I’m involved in.

Findbugs is a project started in TheUniversity of Maryland as a result of research on static code analysis. There are three bug categories:

  • Correctness bug : this is probably an error.
  • Bad Practice: this is violation of good practice.
  • Dodgy: this is simple dodgy code.

There are over two hundred bugs with description, which I suggest you to read. You can also write your own bug detector and there is for example a project called fb-contrib which has some bug detectors.

The usage of this tool is very simple. We can use it from eclipse, as eclipse plugin, standalone or as a maven plugin.

You can also simple install eclipse plugin by adding findbugs eclipse update site. After eclipse restart you should see in menu findbugs submenu. You can run findbug analyzis.

running findbug process

You can also add automatically checking for project, and of course choosing detector suitable for you by entering in project properties and next to findbugs options.

Findbugs setup

After that in code view you have additional pointers which shows you the line with problem. You can view description of the violation, which can help you to choose if this is a problem or false warning.

bugs details

There are also bugs tree view, which groups similar bugs and leafs are source code position. My suggestion is to use findbug with your build tool. In my situation it is maven. There are two possibilities to use findbug with maven. First is simple and you can run it without any setup. You can simply write mvn findbugs:findbugs and after few seconds you have report in target directory.

>mvn findbugs:findbugs
[INFO] Scanning for projects…
[INFO] Searching repository for plugin with prefix: ‘findbugs’.
[INFO] org.apache.maven.plugins: checking for updates from artifactory
[INFO] org.codehaus.mojo: checking for updates from artifactory
[INFO] artifact org.codehaus.mojo:findbugs-maven-plugin: checking for updates from artifactory
[INFO] ————————————————————————
[INFO] Building Synergy Portal Platform
[INFO] task-segment: [findbugs:findbugs]
[INFO] ————————————————————————
[INFO] Preparing findbugs:findbugs
….
[INFO] [findbugs:findbugs]
[INFO] No effort provided, using default effort.
[INFO] Using FindBugs Version: 1.2.0
[INFO] No threshold provided, using default threshold.
[INFO] Debugging is Off
[INFO] No bug include filter.

The best option is to use findbugs as report, which is added to site projection. To do this you should simple add findbugs report to maven reports.

<project>
  [...]
  <reporting>
    [...]
    <plugin>
      <groupId>org.codehaus.mojo</groupId>
      <artifactId>findbugs-maven-plugin</artifactId>
      <configuration>
      [...]
      </configuration>
    </plugin>
    [...]
  </reporting>
  [...]
</project>

After that always you run mvn site and your findbugs report will be attached to project site.

Good Luck with Findbugs

Pedro

BTW: See here to see some sample with all known projects status

Leave a Reply

about me

My name is Sebastian Pietrowski. I've finished Warsaw University as Master degree. I started my journey with Java 1.1 with Thread and JDBC programing in 1998 as I worked for merlin.pl. In 1999 I've passed Java Programer Certificate for Java 1.2, and was solution architect of merlin.pl infrastructure when we was moving from pl/sql to J2EE. It was great performance optimization with 10 times more req/sec than in requirements and 85 times faster as original solution.

Currently I work as Expert Software Development Java at F.Hoffmann-La Roche. The company was founded in 1896 and today, Roche employs over 80.000 people. After work I'm involved in activities related to Scala/Lift, Ruby/Rails/Merb, Python/Django. This is because I try to be pragmatic also I'm focused on application performance and tuning with success in my daily work.

My Yoda's motto: Do, or do not. There is no try.