Finding Bugs Made Easy
I was introduced to FindBugsâ„¢ tool in April 2005. I attended professor Bill Pugh's presentation, and walked out impressed. Some of you may have met him at JavaOne in 2004 after his presentation. While he was visiting Sun Microsystems, Inc. campus in Santa Clara, CA, I had the opportunity to meet him, and discuss with him techniques to integrate FindBugsâ„¢ into our processes.
Since then, I've tried to put FindBugsâ„¢ to good use by running it against Glassfish. And the results have been surprising.
FindBugsâ„¢ is a static analysis tool, that uses bug patterns to search for common problems by analyzing Java byte-code. Its strength is its ability to discover problems like possible infinite recursive loops, impossible casts, possible typos in method names and many more. It catches errors that compilers let pass. It has powerful reporting that points out the defective class, the method and the line of code. The warnings produced can be categorized in many different ways, like:
* High, Medium or Low
* Correctness, Malicious Code, Performance or Style
* Sorted by package or class
Filter patterns may be written to exclude or include matching Classes and/or Warnings.
I found the tools that were bundled with FindBugsâ„¢ really easy to use, and powerful. What's more - it helps brush up the core concepts of Java programming, and in using Java more effectively.
Along with its many strengths, FindBugsâ„¢ also has some shortcomings. One of them is the inability to process nested jars (which the FindBugsâ„¢ team is aware of, and a fix may be available soon). Another is generation of 'False Positives' that may not be real product bugs.
In my experience, the high priority warnings produced by FindBugsâ„¢ are best addressed first. The medium priority warnings need a bit of analysis, and the low priority may be ignored.
The strengths of FindBugsâ„¢ far outweigh its weaknesses. FindBugsâ„¢ provides a low cost way of catching issues and defects. Since FindBugsâ„¢ is so easy to install, and requires minimal effort to use, I'd highly recommend using it to improve the quality of your code.