FindBugs
Information
FindBugs looks for bugs in Java programs. It is based
on the concept of bug patterns. A bug pattern is a code
idiom that is often an error. Bug patterns arise for a variety
of reasons:
- Difficult language features
- Misunderstood API methods
- Misunderstood invariants when code is modified during maintenance
- Garden variety mistakes: typos, use of the wrong boolean operator
FindBugs uses static analysis to inspect Java bytecode
for occurrences of bug patterns. We have found that FindBugs finds
real errors in most Java software. Because its analysis is
sometimes imprecise, FindBugs can report false warnings,
which are warnings that do not indicate real errors.
In practice, the rate of false warnings reported by FindBugs
is generally less than 50%.
Homepage: http://findbugs.sourceforge.net
Example
To use the FindBugs or FindBugsJ2EE target (both use a slightly different way to figure out the classpath needed - choose FindBugsJ2EE for standard projects), you need to set the properties described in the Common Build Targets document.
<![CDATA[
<target name="findbugs">
<ant antfile="$" target="FindBugsJ2EE">
<property name="project.name" value="MyProject"/>
<property name="report.dir" value="C:\temp\myproject\findbugs"/>
<property name="source.dir" value="$\src"/>
<property name="classes.dir" value="$\bin"/>
</ant>
</target>
]]>
This will gather the classpath information from the project to be inspected. The common target will not add anything extra to the report directory. The report name will be findbugs.html.
Some detectors
It is possible to write custom detector plugins for FindBugs. Some have been made and are included by default when calling one of the FindBugs targets. These extra checks look for known issues within our own code, be it a known bug or a best practice to be followed:
- MY_UNGUARDED_LOGGING - finds log statements that aren't contained in an if-logging block
- MY_VAR_ACTION - finds class variables used in Action classes that are not declared private static final
- MY_NO_ENCODING_USED - finds calls to constructors and methods that should be having the encoding set
- MY_IO_IN_EJB - finds File IO calls within EJBs
- MY_PVM_IN_RS - finds places where constructing a Pvm with String data from a ResultSet can lead to problems
- MY_SRC_TRANS - finds places where StreamSource is constructed in a possibly system dependent way
DeadEd.com
http://www.deaded.com/staticpages/index.php/findbugs