Core JavaEnterprise Java

Findbugs Eclipse Example

In this tutorial, we will learn to install the FindBugs Eclipse Plugin and use it for code analysis within Eclipse.

As most of us know, FindBugs is a static code analyser which operates on Java bytecodes, and helps identify a range of potential errors / bad code practice in Java programs. FindBugs does not require the program code to be executed in order to be analyzed for bugs.

FindBugs can be run through various options including command prompt, Maven build, Hudson continuous integration as well through plugins for other IDEs.

 
Before using the plugin, it is important to understand the main attributes of the FindBugs – namely rank and confidence.

Bug Ranks

From FindBugs version 2.0, Bugs are given a rank 1-20, and grouped into the categories

  1. Scariest (rank 1-4)
  2. Scary (rank 5-9)
  3. Troubling (rank 10-14)
  4. Of concern (rank 15-20)

Bug Confidence

The priority attribute of FindBugs 1.x has been renamed to Confidence. Confidence only depicts the confidence level of the occurence of the bug as evaluated by the analyzer.

Note: Issues of different bug patterns should be compared by their rank and not their confidence.

FindBugs Plugin in Eclipse

This tutorial is divided into three parts:

  1. Installing the FindBugs Plugin in Eclipse.
  2. Configuring the FindBugs properties in Eclipse
  3. Analyzing code with FindBugs within Eclipse

This tutorial uses Eclipse Kepler as an installation and all programs mentioned in the tutorial are compatible with JDK 1.7 compiler.

Installing the FindBugs Plugin

The FindBugs installation in Eclipse is a very simple step. We will use the safest way of plugin installation – through Eclipse MarketPlace.

Go to Help –> Eclipse MarketPlace.

In the Find option type FindBugs and hit search. The MarketPlace would return some options including the latest FindBugs eclipse plugin version (3.0.0 RC2).

FindBugs Plugin Installation - Eclipse MarketPlace
FindBugs Plugin Installation – Eclipse MarketPlace

Click Install & Confirm. You may need to Accept the Terms of License agreement during the Installation process.

While Installing you might recieve a Security Warning prompting to accept the Unsigned Content being installed in Eclipse. Check Details and accept as appropriate.

Eclipse Security Warning
Eclipse Security Warning

Re-start eclipse if not adviced after the installation.

Configuring the FindBugs

Once the plugin is installed and eclipse re-started, we will configure the FindBugs properties for static code analysis.

Go To Windows –> Preferences. Under Java, navigate to FindBugs.

FindBugs Plugin Configuration - Tab 1 (Main)
FindBugs Plugin Configuration – Tab 1 (Main)

Configurations

  1. Bug Categories
  2. We have selected all possible bug categories to be reported in the FindBugs report after the code analysis.

  3. Minimum Rank to report
  4. We have set the Minimum rank to report as 20 (Of Concern). This will enable us to view all the Bugs as evaluated by FindBugs to be reported.

  5. Minimum Confidence to report
  6. As you might have noticed, we have been conservative in all the FindBugs reporting, hence here as well we set it to the Low so as to report all potential bug occurences, even though their confidence may be low.

  7. Mark Bugs with rank as:
  8. Here we set the bugs to be reported as Error / Info / Warning based on their ranks.
    For our example, we will set Scariest rank and Scary rank bugs to be reported as Error (in the code). You will notice the same in the example code below.

    The other tabs –> Filter Files helps you match patterns, source files, exclude bug patterns and source files. Detailed documentation is available to use these custom properties of the Plugin.

    FindBugs Plugin Configuration - Custom Settings
    FindBugs Plugin Configuration – Custom Settings

    Finally you can review the FindBugs bug patterns and their details. You can select or remove any of the bug patterns based on your preference.

    FindBugs Plugin Configuration - Bug Patterns
    FindBugs Plugin Configuration – Bug Patterns

    Analyzing Code with the FindBugs Plugin

    For the sake of this tutorial, we will create three different classes in our project, purposely having Scary, Troubling and Of Concern Rank bugs.

    ScaryRankBugs.java

    package com.javacodegeeks.example.findBugsPluginExample;
    
    /**
     * Scary Rank Bugs Sample
     */
    public class ScaryRankBugs {
    	
    	/** The check str value. */
    	private String checkStrValue = null;
    
    	/**
    	 * The Constructor.
    	 */
    	public ScaryRankBugs() {
    		this.checkStrValue = "SomeValue";
    	}
    
    	/**
    	 * Execute some conditions.
    	 */
    	private void executeSomeConditions() {
    		if ("SomeValue".equals(this.checkStrValue)) {
    			// Condition 1
    		} else if ("SomeValue".equals(this.checkStrValue)) {
    			// Condition 2
    		}
    	}
    
    	/**
    	 * Incorrect assignment in if condition.
    	 */
    	private static void incorrectAssignmentInIfCondition() {
    		boolean value = false;
    		if (value = true) {
    			//do Something
    		} else {
    			//else Do Something
    		}
    	}
    

    TroublingRankBugs.java

    package com.javacodegeeks.example.findBugsPluginExample;
    
    /**
     * Troubling Rank Bugs Sample.
     */
    public class TroublingRankBugs {
    
    	/**
    	 * Empty synchronized.
    	 */
    	private void emptySynchronized() {
    		synchronized (this) {
    			// Forgot implementation
    		}
    	}
    
    	/**
    	 * Sleep in synchronized.
    	 * 
    	 * @throws InterruptedException
    	 *             the interrupted exception
    	 */
    	private void sleepInSynchronized() throws InterruptedException {
    		synchronized (this) {
    			Thread.sleep(5000);
    		}
    	}
    

    OfConcernRankBugs.java

    package com.javacodegeeks.example.findBugsPluginExample;
    
    /**
     * Of Concern Rank Bugs Sample
     */
    public class OfConcernRankBugs {
    	
    	/** The place holder. */
    	private String placeHolder = null;
    
    	/**
    	 * The Constructor.
    	 */
    	public OfConcernRankBugs() {
    		this.placeHolder = "Test String";
    	}
    	
    	/**
    	 * Gets the place holder.
    	 *
    	 * @return the place holder
    	 */
    	private String getPlaceHolder(){
    		return this.placeHolder;
    	}
    	
    	/* (non-Javadoc)
    	 * @see java.lang.Object#equals(java.lang.Object)
    	 */
    	@Override
    	public boolean equals(Object obj) {
    		OfConcernRankBugs object = (OfConcernRankBugs) obj;
    		return this.getPlaceHolder().equals(object.getPlaceHolder());
    	}
    }
    

    Run FindBugs, Right Click Project –> FindBugs –> FindBugs.

    Run FindBugs through Eclipse
    Run FindBugs through Eclipse

    Once FindBugs runs and completes the analysis, all the Source files in the project are appended with the number of violations.

    Also, the cause of each of the bugs with the description is visible in the FindBugs viewer.

    FindBugs Analysis - Sample
    FindBugs Analysis – Sample

    As can be seen, for the java file with Scary Rank bugs, the plugin is highlighting ERROR in the source, which is because of the configuration setting in step 2.

    The FindBugs plugin is a very useful developer tool and can be used to analyze your code before the violations are pointed by Maven OR during Hudson builds integrating with sonar.

    The source code used in the example is available for download here.

Vishal Rajpal

Vishal enjoys designing and developing small and mid-sized Enterprise solutions in Java and it's ecosystem. He has graduated from RGTU, India in Electronics and Telecommunication Engineering. Currently, Vishal is working with an Analytics organization, enabling the in-house analytics as well as client teams to use technology as a differentiator for projects / problems related to Big Data.
Subscribe
Notify of
guest

This site uses Akismet to reduce spam. Learn how your comment data is processed.

1 Comment
Oldest
Newest Most Voted
Inline Feedbacks
View all comments
Andrew
Andrew
6 years ago

FindBugs is dead; it is now spotbugs

Back to top button