Skip to main content

JavaOne 2008 - FindBugs is a great little tool, and it just keeps getting better!

Posted by johnsmart on May 8, 2008 at 5:23 PM PDT

There are a lot of static analysis tools out there, but Findbugs is unique. Where Checkstyle will raise 500 issues, and PMD 100, FindBugs will only raise 10 - but you damn well better look at them carefully!

That is a slight over-simplification, but it does reflect the philosophy of FindBugs. FingBugs uses more sophisticated analysis techniques than tools like PMD and Checkstyle, working at the bytecode level rather than with the source code, and is more focused on finding the most high priority and potentially dangerous issues.

At JavaOne this year, I've listened to both of William Pugh's excellent presentations on FindBugs. He ran through some interesting bugs that FindBugs found in some real-world code, and shared some useful tips on using FindBugs for very large real-world projects. For example, he suggested ignoring the low-priority issues (but not the medium-prioruty ones, which contain some very useful rules), and concentrating only on the issues that have appeared since the last stable release. Indeed, FindBugs has the ability to compare two sets of bugs and figure out which ones are new.

One interest area that he mentioned was that of annotating issues. When you review an issue in the FindBugs GUI tool, you can add an annotation such as "Mostly harmless" or "Should fix", along with a comment. This feature will soon also be available in the Eclipse plugin. This is cool. However, at the moment, it's hard to share this information, as it is stored in a local XML file. One interesting evolution that is apparently in the pipelines is to allow you to store these annotations in an external location, such as in a database. This would mean that developers could safely share annotations and comments on the same bug, which would make bug reviewing and correcting that much easier.

Another interesting evolution is in the area of reviewing and closing FindBugs issues. In PMD, for example, you can tell the analyser to ignore a particular issue using annotations or comments. This is a useful feature, more convenient than the current FindBugs approach which involves configuring XML configuration files. FindBugs works on bytecode, not on source code, so comments are obviously not an option. However, William indicated that using annotations to suppress Findbugs issues is definitely on the cards for a future release.

Note that FindBugs is not really a competitor with tools like PMD and Checkstyle - the tools are really at opposite ends of the static analysis tools spectrum. In many places where I've worked, there is a strong drive for imposing coding standards, and this is where a tool like Checkstyle excels. With a correctly configured Eclipse environment, 90% of formatting errors will often dissapear with an automatic reformat. FindBugs, on the other hand, is strongly focused on potential programming errors. The tools are really quite complementary.

And now for the shameless plug - Java Power Tools has a full chapter on FindBugs, as it is a very cool tool.

Related Topics >>


i have an article on findbugs as well