 |  |   |
FindBugs - Find Bugs in Java Programs
FindBugs IS a program which uses static analysis to look for bugs in Java code. It is free software, distributed under the terms of the Lesser GNU Public License.FindBugs requires JRE (or JDK) 1.5.0 or later to run.However, it can analyze programs compiled for any version of To review was used version of FindBugs 1.3.5-dev-20080618, released on 13:39:38 EDT, 18 June, 2008.
Installation and running an UI tool was trivial, you just unpack zip archive and run findbugs.bat, were found 288 bugs in our code - pretty impressive !!!
You may use the →
menu option to save your work. To save your work, including the jar file lists you specified and all bug results, choose "FindBugs analysis results (.xml)" from the drop-down list in the "Save as..." dialog. There are also options for saving just the jar file lists ("FindBugs project file (.fbp)") or just the results
("FindBugs analysis file (.fba)"), but these are rarely needed.A saved file may be loaded with the → menu option.
Annotions support:FindBugs supports several annotations to express the developer's intent so that FindBugs can issue warnings more appropriately. You need to use Java 5 to use annotations, and must place the annotations.jar and jsr305.jar
files in the classpath while compiling your program.
You can refer the JCIP annotation
API documentation at Java Concurrency in Practice.
FindBugs Eclipse plugin
To install an Eclipse plugin just use this URL:http://findbugs.cs.umd.edu/eclipse/
Using the FindBugs™ Ant task
Of cause to make such tool is useful you need to make it part of build process, in order to provide an another perspective for R&D team to predict a possible problems that could cause happened in production environment, or just to find out a weak design spots in code.Using FindBugs ant task was also simple, you just need to copy find-bugs.jar to ANT directory and change configuration parameters( such source and classes location, etc.). To view final results is possible by using XML report style in ant task and opening a produced XML report in FindBugs GUI, or changing report type to HTML type, which produce single page HTML report with default XSL stylesheet(could be customized) looking like(only headers):
Metrics
10483 lines of code analyzed, in 175 classes,
in 18 packages.
| Metric | Total | Density* |
|---|---|---|
| High Priority Warnings | 4 | 0.38 |
| Medium Priority Warnings | 284 | 27.09 |
Total Warnings | 288 | 27.47 |
(* Defects per Thousand lines of non-commenting source statements)
Contents
Bad practice Warnings
Correctness Warnings
Malicious code vulnerability Warnings
Performance Warnings
Dodgy Warnings
Details
Summary
| Warning Type | Number |
|---|---|
Bad practice Warnings | 57 |
Correctness Warnings | 6 |
Malicious code vulnerability Warnings | 209 |
Performance Warnings | 8 |
Dodgy Warnings | 8 |
Total | 288 |
Then is coming a detailed description of each warning or error are found with location and cause details, looks like:
| MS | com.api.ConstantsEx.publisher isn't final but should be |
|
Pros: Easy to use and adopt, support annotations, ant task and html reporting.
Cons: HTML report is looks very 'poor', single page, hard to look through all problems are found, after you get to one warning description and want to look for another one, you should go back to beginning of report.
Posts
2 comments:
pretty impressive !!!
Very nice blog... This blog provide complete information on static code review and testing for JAVA. I really found this information very useful. Thanks for sharing
Post a Comment